Skip to content

Commit

Permalink
Update openvpn to 2.4.6 and update patches from Tunnelblick used to b…
Browse files Browse the repository at this point in the history 
…uild.
  • Loading branch information
@jpwhiting
jpwhiting committed Jun 19, 2018
1 parent 60de2b9 commit a353630
Show file tree
Hide file tree
Showing 7 changed files with 78 additions and 70 deletions.
Binary file modified buildlinux/openvpn32
View file
Binary file not shown.
Binary file modified buildlinux/openvpn64
View file
Binary file not shown.
18 changes: 9 additions & 9 deletions openvpnpatches/02-tunnelblick-openvpn_xorpatch-a.diff
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
--- openvpn-2.3_git_1f004b2/src/openvpn/forward.c 2016-12-15 07:49:06.000000000 -0500
+++ openvpn-2.3_git_1f004b2_patched/src/openvpn/forward.c 2016-12-15 17:07:51.000000000 -0500
--- openvpn-2.4.1/src/openvpn/forward.c 2017-03-22 11:34:21.000000000 -0400
+++ openvpn-2.4.1_/src/openvpn/forward.c 2017-03-23 10:48:01.000000000 -0400
@@ -730,7 +730,10 @@

status = link_socket_read(c->c2.link_socket,
&c->c2.buf,
- &c->c2.from);
+ &c->c2.from,
+ c->options.ce.xormethod,
+ c->options.ce.xormask,
+ c->options.ce.xormasklen);
+ &c->c2.from,
+ c->options.ce.xormethod,
+ c->options.ce.xormask,
+ c->options.ce.xormasklen);

if (socket_connection_reset(c->c2.link_socket, status))
{
Expand All @@ -18,9 +18,9 @@
&c->c2.to_link,
- to_addr);
+ to_addr,
+ c->options.ce.xormethod,
+ c->options.ce.xormask,
+ c->options.ce.xormasklen);
+ c->options.ce.xormethod,
+ c->options.ce.xormask,
+ c->options.ce.xormasklen);

/* Undo effect of prepend */
link_socket_write_post_size_adjust(&size, size_delta, &c->c2.to_link);
32 changes: 16 additions & 16 deletions openvpnpatches/03-tunnelblick-openvpn_xorpatch-b.diff
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
--- openvpn-2.3_git_1f004b2/src/openvpn/options.c 2016-12-15 07:49:06.000000000 -0500
+++ openvpn-2.3_git_1f004b2_/src/openvpn/options.c 2016-12-15 17:30:08.000000000 -0500
@@ -811,6 +811,9 @@
--- openvpn-2.4.1/src/openvpn/options.c 2017-03-22 11:34:24.000000000 -0400
+++ openvpn-2.4.1_/src/openvpn/options.c 2017-03-24 07:11:14.000000000 -0400
@@ -810,6 +810,9 @@
o->resolve_retry_seconds = RESOLV_RETRY_INFINITE;
o->resolve_in_advance = false;
o->proto_force = -1;
Expand All @@ -10,7 +10,7 @@
#ifdef ENABLE_OCC
o->occ = true;
#endif
@@ -972,6 +975,9 @@
@@ -971,6 +974,9 @@
setenv_str_i(es, "local_port", e->local_port, i);
setenv_str_i(es, "remote", e->remote, i);
setenv_str_i(es, "remote_port", e->remote_port, i);
Expand All @@ -24,53 +24,53 @@
SHOW_BOOL(bind_ipv6_only);
SHOW_INT(connect_retry_seconds);
SHOW_INT(connect_timeout);
+ SHOW_INT (xormethod);
+ SHOW_STR (xormask);
+ SHOW_INT (xormasklen);
+ SHOW_INT(xormethod);
+ SHOW_STR(xormask);
+ SHOW_INT(xormasklen);

if (o->http_proxy_options)
{
@@ -5915,6 +5924,46 @@
@@ -5941,6 +5950,46 @@
}
options->proto_force = proto_force;
}
+ else if (streq (p[0], "scramble") && p[1])
+ else if (streq(p[0], "scramble") && p[1])
+ {
+ VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_CONNECTION);
+ if (streq (p[1], "xormask") && p[2] && (!p[3]))
+ VERIFY_PERMISSION(OPT_P_GENERAL|OPT_P_CONNECTION);
+ if (streq(p[1], "xormask") && p[2] && (!p[3]))
+ {
+ options->ce.xormethod = 1;
+ options->ce.xormask = p[2];
+ options->ce.xormasklen = strlen(options->ce.xormask);
+ }
+ else if (streq (p[1], "xorptrpos") && (!p[2]))
+ else if (streq(p[1], "xorptrpos") && (!p[2]))
+ {
+ options->ce.xormethod = 2;
+ options->ce.xormask = NULL;
+ options->ce.xormasklen = 0;
+ }
+ else if (streq (p[1], "reverse") && (!p[2]))
+ else if (streq(p[1], "reverse") && (!p[2]))
+ {
+ options->ce.xormethod = 3;
+ options->ce.xormask = NULL;
+ options->ce.xormasklen = 0;
+ }
+ else if (streq (p[1], "obfuscate") && p[2] && (!p[3]))
+ else if (streq(p[1], "obfuscate") && p[2] && (!p[3]))
+ {
+ options->ce.xormethod = 4;
+ options->ce.xormask = p[2];
+ options->ce.xormasklen = strlen(options->ce.xormask);
+ }
+ else if (!p[2])
+ {
+ msg (M_WARN, "WARNING: No recognized 'scramble' method specified; using 'scramble xormask \"%s\"'", p[1]);
+ msg(M_WARN, "WARNING: No recognized 'scramble' method specified; using 'scramble xormask \"%s\"'", p[1]);
+ options->ce.xormethod = 1;
+ options->ce.xormask = p[1];
+ options->ce.xormasklen = strlen(options->ce.xormask);
+ }
+ else
+ {
+ msg (msglevel, "No recognized 'scramble' method specified or extra parameters for 'scramble'");
+ msg(msglevel, "No recognized 'scramble' method specified or extra parameters for 'scramble'");
+ goto err;
+ }
+ }
Expand Down
4 changes: 2 additions & 2 deletions openvpnpatches/04-tunnelblick-openvpn_xorpatch-c.diff
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
--- openvpn-2.3_git_1f004b2/src/openvpn/options.h 2016-12-15 07:49:06.000000000 -0500
+++ openvpn-2.3_git_1f004b2_/src/openvpn/options.h 2016-12-15 17:33:28.000000000 -0500
--- openvpn-2.4.1/src/openvpn/options.h 2017-03-22 11:34:24.000000000 -0400
+++ openvpn-2.4.1_/src/openvpn/options.h 2017-03-23 11:00:46.000000000 -0400
@@ -98,6 +98,9 @@
int connect_retry_seconds;
int connect_retry_seconds_max;
Expand Down
68 changes: 33 additions & 35 deletions openvpnpatches/05-tunnelblick-openvpn_xorpatch-d.diff
View file
Original file line number Diff line number Diff line change
@@ -1,33 +1,31 @@
--- openvpn-2.3_git_1f004b2/src/openvpn/socket.c 2016-12-15 07:49:06.000000000 -0500
+++ openvpn-2.3_git_1f004b2_/src/openvpn/socket.c 2016-12-15 17:41:06.000000000 -0500
@@ -55,6 +55,56 @@
diff -u -r -x .DS_Store openvpn-2.3_git_ec0c1dc/src/openvpn/socket.c openvpn-2.3_git_ec0c1dc_/src/openvpn/socket.c
--- openvpn-2.3_git_ec0c1dc/src/openvpn/socket.c 2016-06-20 11:25:26.000000000 -0400
+++ openvpn-2.3_git_ec0c1dc_/src/openvpn/socket.c 2016-06-21 10:59:35.000000000 -0400
@@ -55,6 +55,53 @@
IPv6_TCP_HEADER_SIZE,
};

+int buffer_mask(struct buffer *buf, const char *mask, int xormasklen)
+{
+ int i;
+ uint8_t *b;
+ if ( xormasklen > 0 ) {
+ for (i = 0, b = BPTR (buf); i < BLEN(buf); i++, b++) {
+ *b = *b ^ mask[i % xormasklen];
+ }
+ }
+ return BLEN (buf);
+int buffer_mask (struct buffer *buf, const char *mask, int xormasklen) {
+ int i;
+ uint8_t *b;
+ if ( xormasklen > 0 ) {
+ for (i = 0, b = BPTR (buf); i < BLEN(buf); i++, b++) {
+ *b = *b ^ mask[i % xormasklen];
+ }
+ }
+ return BLEN (buf);
+}
+
+int buffer_xorptrpos(struct buffer *buf)
+{
+ int i;
+ uint8_t *b;
+ for (i = 0, b = BPTR (buf); i < BLEN(buf); i++, b++) {
+ *b = *b ^ i+1;
+ }
+ return BLEN (buf);
+int buffer_xorptrpos (struct buffer *buf) {
+ int i;
+ uint8_t *b;
+ for (i = 0, b = BPTR (buf); i < BLEN(buf); i++, b++) {
+ *b = *b ^ i+1;
+ }
+ return BLEN (buf);
+}
+
+int buffer_reverse(struct buffer *buf)
+{
+int buffer_reverse (struct buffer *buf) {
+/* This function has been rewritten for Tunnelblick. The buffer_reverse function at
+ * https://github.com/clayface/openvpn_xorpatch
+ * makes a copy of the buffer and it writes to the byte **after** the
Expand All @@ -39,19 +37,19 @@
+ * actually reverse the contents of the buffer. Instead, it changes 'abcde' to 'aedcb'.
+ * (Of course, the actual buffer contents are bytes, and not necessarily characters.)
+ */
+ int len = BLEN(buf);
+ if ( len > 2 ) { /* Leave '', 'a', and 'ab' alone */
+ int i;
+ uint8_t *b_start = BPTR (buf) + 1; /* point to first byte to swap */
+ uint8_t *b_end = BPTR (buf) + (len - 1); /* point to last byte to swap */
+ uint8_t tmp;
+ for (i = 0; i < (len-1)/2; i++, b_start++, b_end--) {
+ tmp = *b_start;
+ *b_start = *b_end;
+ *b_end = tmp;
+ }
+ int len = BLEN(buf);
+ if ( len > 2 ) { /* Leave '', 'a', and 'ab' alone */
+ int i;
+ uint8_t *b_start = BPTR (buf) + 1; /* point to first byte to swap */
+ uint8_t *b_end = BPTR (buf) + (len - 1); /* point to last byte to swap */
+ uint8_t tmp;
+ for (i = 0; i < (len-1)/2; i++, b_start++, b_end--) {
+ tmp = *b_start;
+ *b_start = *b_end;
+ *b_end = tmp;
+ }
+ return len;
+ }
+ return len;
+}
+
/*
Expand Down
26 changes: 18 additions & 8 deletions openvpnpatches/06-tunnelblick-openvpn_xorpatch-e.diff
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
--- openvpn-2.3_git_1f004b2/src/openvpn/socket.h 2016-12-15 07:49:06.000000000 -0500
+++ openvpn-2.3_git_1f004b2_/src/openvpn/socket.h 2016-12-15 17:55:51.000000000 -0500
--- openvpn-2.4.1/src/openvpn/socket.h 2017-03-22 11:34:21.000000000 -0400
+++ openvpn-2.4.1_/src/openvpn/socket.h 2017-03-23 11:23:22.000000000 -0400
@@ -249,6 +249,10 @@
#endif
};
Expand All @@ -11,7 +11,7 @@
/*
* Some Posix/Win32 differences.
*/
@@ -1046,30 +1050,56 @@
@@ -1054,30 +1058,61 @@
static inline int
link_socket_read(struct link_socket *sock,
struct buffer *buf,
Expand Down Expand Up @@ -45,34 +45,39 @@
ASSERT(0);
return -1; /* NOTREACHED */
}
+ switch(xormethod)
+ switch (xormethod)
+ {
+ case 0:
+ break;
+
+ case 1:
+ buffer_mask(buf,xormask,xormasklen);
+ break;
+
+ case 2:
+ buffer_xorptrpos(buf);
+ break;
+
+ case 3:
+ buffer_reverse(buf);
+ break;
+
+ case 4:
+ buffer_mask(buf,xormask,xormasklen);
+ buffer_xorptrpos(buf);
+ buffer_reverse(buf);
+ buffer_xorptrpos(buf);
+ break;
+
+ default:
+ ASSERT (0);
+ ASSERT(0);
+ return -1; /* NOTREACHED */
+ }
+ return res;
}

/*
@@ -1159,8 +1189,34 @@
@@ -1167,8 +1202,39 @@
static inline int
link_socket_write(struct link_socket *sock,
struct buffer *buf,
Expand All @@ -82,27 +87,32 @@
+ const char *xormask,
+ int xormasklen)
{
+ switch(xormethod)
+ switch (xormethod)
+ {
+ case 0:
+ break;
+
+ case 1:
+ buffer_mask(buf,xormask,xormasklen);
+ break;
+
+ case 2:
+ buffer_xorptrpos(buf);
+ break;
+
+ case 3:
+ buffer_reverse(buf);
+ break;
+
+ case 4:
+ buffer_xorptrpos(buf);
+ buffer_reverse(buf);
+ buffer_xorptrpos(buf);
+ buffer_mask(buf,xormask,xormasklen);
+ break;
+
+ default:
+ ASSERT (0);
+ ASSERT(0);
+ return -1; /* NOTREACHED */
+ }
if (proto_is_udp(sock->info.proto)) /* unified UDPv4 and UDPv6 */
Expand Down

0 comments on commit a353630

Please sign in to comment.