{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":351079735,"defaultBranch":"master","name":"ovpn-dco-win","ownerLogin":"OpenVPN","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2021-03-24T12:56:10.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/1569141?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1723202262.0","currentOid":""},"activityList":{"items":[{"before":"6c1664bc9c98b9dc23ec987cfda8719cf67556dd","after":"395f63b4abf3de18cf8abbc9534cf5d40b03a8d1","ref":"refs/heads/master","pushedAt":"2024-08-27T07:05:28.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"lstipakov","name":"Lev Stipakov","path":"/lstipakov","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/643110?s=80&v=4"},"commit":{"message":"crypto.c: ensure we don't pass too large key size to CryptoNG\n\nWe use BCryptGenerateSymmetricKey() to generate a symmetric key object,\npassing a buffer containing a key and a key length. While buffer length\nis guaranteed not to exceed 32 bytes, the key length value is passed\nfrom userspace and could be at max 256 bytes.\n\nThe documentation says that:\n\n If the data passed in exceeds the target key size, the data will be truncated and the excess will be ignored.\n\nwhich means that passing large length should not be a problem. I confirmed\nit with test with driver verifier enabled - I passed \"256\" as key length and\nhaven't got any errors (and got key objected created and VPN session set\nup).\n\nNevertheless, let's be good citizens and error out if passed key length\nexceeds 32 bytes - maximum key length for AES-GCM and ChaCha20 ciphers.\n\nBump version to 2.0.1.\n\nCherry-picked from https://github.com/OpenVPN/ovpn-dco-win/commit/9d4083cd62cfb8268176cc6b75e0726743afa5fd\n\nReported-by: Vladimir Tokarev \nSigned-off-by: Lev Stipakov ","shortMessageHtmlLink":"crypto.c: ensure we don't pass too large key size to CryptoNG"}},{"before":"f4adb27b0de5a736dfd3b5c6999f9f996a745ee2","after":"5acb8f0b6f7939fa695c284f1a98b29b3c5cfc38","ref":"refs/heads/release/1","pushedAt":"2024-08-22T09:11:22.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"lstipakov","name":"Lev Stipakov","path":"/lstipakov","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/643110?s=80&v=4"},"commit":{"message":"Implement DATA_V3 protocol features\n\nAdd support for features:\n\n - AEAD auth tag at the end\n\n - 64bit pktid\n\nFor that, introduce a new OVPN_IOCTL_NEW_KEY_V2 ioctl,\nwhich accepts a new data structure, which includes a\nfield to store bit flags for crypto options for\nabovementioned features.\n\nRefactor encrypt/decrypt routine to accomodate possible\nwire format changes.\n\nRefactor pktid code to support 64bit pktid. While on it,\nremove unused variable.\n\nBump version to 1.4.0.\n\nhttps://github.com/OpenVPN/ovpn-dco-win/issues/74\n\nSigned-off-by: Lev Stipakov ","shortMessageHtmlLink":"Implement DATA_V3 protocol features"}},{"before":"ed455c4995eceb009c15613f17093740c46ea7a6","after":"f4adb27b0de5a736dfd3b5c6999f9f996a745ee2","ref":"refs/heads/release/1","pushedAt":"2024-08-12T05:39:55.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"lstipakov","name":"Lev Stipakov","path":"/lstipakov","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/643110?s=80&v=4"},"commit":{"message":"More robust way to get a version info\n\nThe current way to get a version information is to open DCO device and\nmake IOCTL call. This has a few issues:\n\n - If DCO device is already in use, an another app won't be to get the\nversion, since the device is exclusive\n\n - With the multiple DCO devices there is a high chance that \\\\.\\ovpn-dco\ndevice, which we use to get version information, is already in use. To\nopen another device, we use via device interface enumeration, which\nrequires a lot of boilerplate code to work.\n\nTo make it easier for userspace to get the device version, create\na non-exclusive control device \\\\.\\ovpn-dco-ver which supports single IOCTL\nto get the version number. This device is created when the first\nnetwork device is created and removed with the last network device.\n\nBump version to 1.3.0.\n\nhttps://github.com/OpenVPN/ovpn-dco-win/issues/75\n\nSigned-off-by: Lev Stipakov ","shortMessageHtmlLink":"More robust way to get a version info"}},{"before":"2f249030b181c2e908432462a16d09b442f2ec1f","after":null,"ref":"refs/heads/get-version","pushedAt":"2024-08-09T11:17:42.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"lstipakov","name":"Lev Stipakov","path":"/lstipakov","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/643110?s=80&v=4"}},{"before":null,"after":"2f249030b181c2e908432462a16d09b442f2ec1f","ref":"refs/heads/get-version","pushedAt":"2024-08-09T11:16:45.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"lstipakov","name":"Lev Stipakov","path":"/lstipakov","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/643110?s=80&v=4"},"commit":{"message":"More robust way to get a version info\n\nThe current way to get a version information is to open DCO device and\nmake IOCTL call. This has a few issues:\n\n - If DCO device is already in use, an another app won't be to get the\nversion, since the device is exclusive\n\n - With the multiple DCO devices there is a high chance that \\\\.\\ovpn-dco\ndevice, which we use to get version information, is already in use. To\nopen another device, we use via device interface enumeration, which\nrequires a lot of boilerplate code to work.\n\nTo make it easier for userspace to get the device version, create\na non-exclusive control device \\\\.\\ovpn-dco-ver which supports single IOCTL\nto get the version number. This device is created when the first\nnetwork device is created and removed with the last network device.\n\nBump version to 1.3.0.\n\nhttps://github.com/OpenVPN/ovpn-dco-win/issues/75\n\nSigned-off-by: Lev Stipakov ","shortMessageHtmlLink":"More robust way to get a version info"}},{"before":"b750b2c7530d1276338869cd7d9b55e4d022df56","after":"ed455c4995eceb009c15613f17093740c46ea7a6","ref":"refs/heads/release/1","pushedAt":"2024-05-23T11:07:45.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"lstipakov","name":"Lev Stipakov","path":"/lstipakov","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/643110?s=80&v=4"},"commit":{"message":"Fix bug check in timer management routines\n\nCommit b750b2c (\"timer: refactor timers implementation\")\nhas changed timer initialization logic and introduced a bug,\nwhere calling SET_PEER ioctl after failed NEW_PEER ioctl\ncauses WDF_VIOLATION bug check, because we try to get a context\nof a WDF object which is NULL.\n\nFix by adding NULL checks.\n\nNote that this is not expected to happen with openvpn as a\ndriver client.\n\nCVE: 2024-5198\n\nReported-By: Lukas Jokubauskas \nSigned-off-by: Lev Stipakov ","shortMessageHtmlLink":"Fix bug check in timer management routines"}},{"before":"941530398ba6d242607a04f31154fabc1c7bb315","after":null,"ref":"refs/heads/qayd","pushedAt":"2024-04-25T13:26:33.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"uddr","name":"Yuriy Darnobyt","path":"/uddr","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1651045?s=80&v=4"}},{"before":"5cf7a678c53399dafc535573005397c1eba3a374","after":"941530398ba6d242607a04f31154fabc1c7bb315","ref":"refs/heads/qayd","pushedAt":"2024-04-25T13:23:41.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"uddr","name":"Yuriy Darnobyt","path":"/uddr","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1651045?s=80&v=4"},"commit":{"message":"Update README.md","shortMessageHtmlLink":"Update README.md"}},{"before":"6c1664bc9c98b9dc23ec987cfda8719cf67556dd","after":"5cf7a678c53399dafc535573005397c1eba3a374","ref":"refs/heads/qayd","pushedAt":"2024-04-25T12:50:52.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"uddr","name":"Yuriy Darnobyt","path":"/uddr","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1651045?s=80&v=4"},"commit":{"message":"Update README.md","shortMessageHtmlLink":"Update README.md"}},{"before":null,"after":"6c1664bc9c98b9dc23ec987cfda8719cf67556dd","ref":"refs/heads/qayd","pushedAt":"2024-04-25T12:45:13.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"uddr","name":"Yuriy Darnobyt","path":"/uddr","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1651045?s=80&v=4"},"commit":{"message":"Bump version to 2.0.0\n\nSigned-off-by: Lev Stipakov ","shortMessageHtmlLink":"Bump version to 2.0.0"}},{"before":"9d4083cd62cfb8268176cc6b75e0726743afa5fd","after":"b750b2c7530d1276338869cd7d9b55e4d022df56","ref":"refs/heads/release/1","pushedAt":"2024-04-15T07:17:46.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"lstipakov","name":"Lev Stipakov","path":"/lstipakov","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/643110?s=80&v=4"},"commit":{"message":"timer: refactor timers implementation\n\nThe current implementation uses \"relative\" WDF timers\nwhich are \"not ticked\" at low power states and on resume\nthey continue to where they were left of. This makes keepalive\ntimeout detection sub-optimal, since in worst case a client\nhas to wait for \"ping-restart\" seconds to reconnect, which could\nbe several minutes.\n\nRefactor timers in a way that we only have single timer ticking\nevery second. At that tick we compare \"last\" and \"now\" timestamps\nand do actions, similar to what openvpn2 is doing.\n\nFixes https://github.com/OpenVPN/ovpn-dco-win/issues/64\n\nSigned-off-by: Lev Stipakov ","shortMessageHtmlLink":"timer: refactor timers implementation"}},{"before":"1b8b41789a6f5ddb424c8cb93986a8908edc55bb","after":"9d4083cd62cfb8268176cc6b75e0726743afa5fd","ref":"refs/heads/release/1","pushedAt":"2024-04-12T12:01:10.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"lstipakov","name":"Lev Stipakov","path":"/lstipakov","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/643110?s=80&v=4"},"commit":{"message":"crypto.c: ensure we don't pass too large key size to CryptoNG\n\nWe use BCryptGenerateSymmetricKey() to generate a symmetric key object,\npassing a buffer containing a key and a key length. While buffer length\nis guaranteed not to exceed 32 bytes, the key length value is passed\nfrom userspace and could be at max 256 bytes.\n\nThe documentation says that:\n\n If the data passed in exceeds the target key size, the data will be truncated and the excess will be ignored.\n\nwhich means that passing large length should not be a problem. I confirmed\nit with test with driver verifier enabled - I passed \"256\" as key length and\nhaven't got any errors (and got key objected created and VPN session set\nup).\n\nNevertheless, let's be good citizens and error out if passed key length\nexceeds 32 bytes - maximum key length for AES-GCM and ChaCha20 ciphers.\n\nBump version to 1.0.1.\n\nReported-by: Vladimir Tokarev \nSigned-off-by: Lev Stipakov ","shortMessageHtmlLink":"crypto.c: ensure we don't pass too large key size to CryptoNG"}},{"before":"b2220252d8bd0891b068afd7fdca6e820dd99cd2","after":"1b8b41789a6f5ddb424c8cb93986a8908edc55bb","ref":"refs/heads/release/1","pushedAt":"2024-04-12T11:59:57.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"lstipakov","name":"Lev Stipakov","path":"/lstipakov","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/643110?s=80&v=4"},"commit":{"message":"Implement OVPN_IOCTL_GET_VERSION\n\nThis allows client to get the driver version.\n\nBump version to 1.0.0\n\nSigned-off-by: Lev Stipakov ","shortMessageHtmlLink":"Implement OVPN_IOCTL_GET_VERSION"}},{"before":"9d4083cd62cfb8268176cc6b75e0726743afa5fd","after":"b2220252d8bd0891b068afd7fdca6e820dd99cd2","ref":"refs/heads/release/1","pushedAt":"2024-04-12T07:41:29.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"lstipakov","name":"Lev Stipakov","path":"/lstipakov","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/643110?s=80&v=4"},"commit":{"message":"timer: refactor timers implementation\n\nThe current implementation uses \"relative\" WDF timers\nwhich are \"not ticked\" at low power states and on resume\nthey continue to where they were left of. This makes keepalive\ntimeout detection sub-optimal, since in worst case a client\nhas to wait for \"ping-restart\" seconds to reconnect, which could\nbe several minutes.\n\nRefactor timers in a way that we only have single timer ticking\nevery second. At that tick we compare \"last\" and \"now\" timestamps\nand do actions, similar to what openvpn2 is doing.\n\nFixes https://github.com/OpenVPN/ovpn-dco-win/issues/64\n\nSigned-off-by: Lev Stipakov ","shortMessageHtmlLink":"timer: refactor timers implementation"}},{"before":"1b8b41789a6f5ddb424c8cb93986a8908edc55bb","after":"9d4083cd62cfb8268176cc6b75e0726743afa5fd","ref":"refs/heads/release/1","pushedAt":"2024-03-19T08:21:37.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"lstipakov","name":"Lev Stipakov","path":"/lstipakov","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/643110?s=80&v=4"},"commit":{"message":"crypto.c: ensure we don't pass too large key size to CryptoNG\n\nWe use BCryptGenerateSymmetricKey() to generate a symmetric key object,\npassing a buffer containing a key and a key length. While buffer length\nis guaranteed not to exceed 32 bytes, the key length value is passed\nfrom userspace and could be at max 256 bytes.\n\nThe documentation says that:\n\n If the data passed in exceeds the target key size, the data will be truncated and the excess will be ignored.\n\nwhich means that passing large length should not be a problem. I confirmed\nit with test with driver verifier enabled - I passed \"256\" as key length and\nhaven't got any errors (and got key objected created and VPN session set\nup).\n\nNevertheless, let's be good citizens and error out if passed key length\nexceeds 32 bytes - maximum key length for AES-GCM and ChaCha20 ciphers.\n\nBump version to 1.0.1.\n\nReported-by: Vladimir Tokarev \nSigned-off-by: Lev Stipakov ","shortMessageHtmlLink":"crypto.c: ensure we don't pass too large key size to CryptoNG"}},{"before":null,"after":"1b8b41789a6f5ddb424c8cb93986a8908edc55bb","ref":"refs/heads/release/1","pushedAt":"2024-01-17T14:48:21.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"lstipakov","name":"Lev Stipakov","path":"/lstipakov","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/643110?s=80&v=4"},"commit":{"message":"Implement OVPN_IOCTL_GET_VERSION\n\nThis allows client to get the driver version.\n\nBump version to 1.0.0\n\nSigned-off-by: Lev Stipakov ","shortMessageHtmlLink":"Implement OVPN_IOCTL_GET_VERSION"}},{"before":"06099dc4a9c464349d4de1d34fb7a8ee72a88703","after":"6c1664bc9c98b9dc23ec987cfda8719cf67556dd","ref":"refs/heads/master","pushedAt":"2024-01-17T14:46:57.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"lstipakov","name":"Lev Stipakov","path":"/lstipakov","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/643110?s=80&v=4"},"commit":{"message":"Bump version to 2.0.0\n\nSigned-off-by: Lev Stipakov ","shortMessageHtmlLink":"Bump version to 2.0.0"}},{"before":"06099dc4a9c464349d4de1d34fb7a8ee72a88703","after":null,"ref":"refs/heads/multipeer","pushedAt":"2024-01-17T14:44:33.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"lstipakov","name":"Lev Stipakov","path":"/lstipakov","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/643110?s=80&v=4"}},{"before":null,"after":"06099dc4a9c464349d4de1d34fb7a8ee72a88703","ref":"refs/heads/multipeer","pushedAt":"2024-01-17T14:43:12.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"lstipakov","name":"Lev Stipakov","path":"/lstipakov","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/643110?s=80&v=4"},"commit":{"message":"Move peer-specific data to separate struct\n\nIn preparation to multipeer support, move peer-specific\ndata from OVPN_DEVICE to OvpnPeerContext.\n\nPeers (so far single one) are stored in splay tree,\nimplemented with RTL_GENERIC_TABLE.\n\nFixes https://github.com/OpenVPN/ovpn-dco-win/issues/56.\n\nSigned-off-by: Lev Stipakov \nSigned-off-by: Leon Dang \n\nCo-authored-by: Leon Dang ","shortMessageHtmlLink":"Move peer-specific data to separate struct"}},{"before":"794f7314ddcb1d4a4f4ea7bfc63d7c354454e030","after":"06099dc4a9c464349d4de1d34fb7a8ee72a88703","ref":"refs/heads/master","pushedAt":"2023-12-28T10:23:38.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"lstipakov","name":"Lev Stipakov","path":"/lstipakov","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/643110?s=80&v=4"},"commit":{"message":"Move peer-specific data to separate struct\n\nIn preparation to multipeer support, move peer-specific\ndata from OVPN_DEVICE to OvpnPeerContext.\n\nPeers (so far single one) are stored in splay tree,\nimplemented with RTL_GENERIC_TABLE.\n\nFixes https://github.com/OpenVPN/ovpn-dco-win/issues/56.\n\nSigned-off-by: Lev Stipakov \nSigned-off-by: Leon Dang \n\nCo-authored-by: Leon Dang ","shortMessageHtmlLink":"Move peer-specific data to separate struct"}},{"before":"1b8b41789a6f5ddb424c8cb93986a8908edc55bb","after":"794f7314ddcb1d4a4f4ea7bfc63d7c354454e030","ref":"refs/heads/master","pushedAt":"2023-12-01T08:10:05.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"lstipakov","name":"Lev Stipakov","path":"/lstipakov","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/643110?s=80&v=4"},"commit":{"message":"Move crypto alg handles to Device object\n\nThis is done in preparation for multí-peer support.\n\nFixes https://github.com/OpenVPN/ovpn-dco-win/issues/55\n\nSigned-off-by: Lev Stipakov \nSigned-off-by: Leon Dang \n\nCo-authored-by: Leon Dang ","shortMessageHtmlLink":"Move crypto alg handles to Device object"}},{"before":"4cca1af1b5f1d44667d9630ecbb1da37e5409aef","after":"1b8b41789a6f5ddb424c8cb93986a8908edc55bb","ref":"refs/heads/master","pushedAt":"2023-10-08T10:05:23.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"lstipakov","name":"Lev Stipakov","path":"/lstipakov","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/643110?s=80&v=4"},"commit":{"message":"Implement OVPN_IOCTL_GET_VERSION\n\nThis allows client to get the driver version.\n\nBump version to 1.0.0\n\nSigned-off-by: Lev Stipakov ","shortMessageHtmlLink":"Implement OVPN_IOCTL_GET_VERSION"}},{"before":"72584c31900cbe843c1d3610e300bd656e444758","after":null,"ref":"refs/tags/0.9.4","pushedAt":"2023-09-26T11:46:16.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"lstipakov","name":"Lev Stipakov","path":"/lstipakov","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/643110?s=80&v=4"}},{"before":"72584c31900cbe843c1d3610e300bd656e444758","after":"4cca1af1b5f1d44667d9630ecbb1da37e5409aef","ref":"refs/heads/master","pushedAt":"2023-09-26T11:45:30.000Z","pushType":"pr_merge","commitsCount":2,"pusher":{"login":"lstipakov","name":"Lev Stipakov","path":"/lstipakov","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/643110?s=80&v=4"},"commit":{"message":"Use 20348 SDK for ovpn-dco-cli and MSM installer\n\nThis is the SDK which is the part of EWDK for Windows Server 2022.\n\nThe latest EWDK for Windows 11 doesn't support x86 so we cannot\nmove to it yet.\n\nSigned-off-by: Lev Stipakov ","shortMessageHtmlLink":"Use 20348 SDK for ovpn-dco-cli and MSM installer"}},{"before":"020177e2af72bf0e95e9f57d8543c4b355f60012","after":"72584c31900cbe843c1d3610e300bd656e444758","ref":"refs/heads/master","pushedAt":"2023-04-05T06:37:23.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"lstipakov","name":"Lev Stipakov","path":"/lstipakov","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/643110?s=80&v=4"},"commit":{"message":"Fix driver load on x86 systems\n\nAs documentation says, we should link to cng.lib,\nnot to bcrypt.lib (like we did on x86 and x64) or\nkdecdd.lib (like we did on arm64).\n\nLooks like on x64/arm64 it worked by accident, and\non x86 driver doesn't load.\n\n https://learn.microsoft.com/en-us/windows/win32/api/bcrypt/nf-bcrypt-bcryptdestroykey#remarks\n https://community.osr.com/discussion/comment/255923/#Comment_255923\n\nFixes https://github.com/OpenVPN/ovpn-dco-win/issues/43\n\nBump version to 0.9.3\n\nSigned-off-by: Lev Stipakov ","shortMessageHtmlLink":"Fix driver load on x86 systems"}}],"hasNextPage":false,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"Y3Vyc29yOnYyOpK7MjAyNC0wOC0yN1QwNzowNToyOC4wMDAwMDBazwAAAASlB6u2","startCursor":"Y3Vyc29yOnYyOpK7MjAyNC0wOC0yN1QwNzowNToyOC4wMDAwMDBazwAAAASlB6u2","endCursor":"Y3Vyc29yOnYyOpK7MjAyMy0wNC0wNVQwNjozNzoyMy4wMDAwMDBazwAAAAMSb_bm"}},"title":"Activity · OpenVPN/ovpn-dco-win"}