summaryrefslogtreecommitdiff
path: root/src/openvpn
diff options
context:
space:
mode:
Diffstat (limited to 'src/openvpn')
-rw-r--r--src/openvpn/Makefile.am5
-rw-r--r--src/openvpn/Makefile.in99
-rw-r--r--src/openvpn/argv.c17
-rw-r--r--src/openvpn/argv.h7
-rw-r--r--src/openvpn/base64.c11
-rw-r--r--src/openvpn/basic.h7
-rw-r--r--src/openvpn/block_dns.c85
-rw-r--r--src/openvpn/block_dns.h37
-rw-r--r--src/openvpn/buffer.c16
-rw-r--r--src/openvpn/buffer.h9
-rw-r--r--src/openvpn/circ_list.h7
-rw-r--r--src/openvpn/clinat.c7
-rw-r--r--src/openvpn/clinat.h7
-rw-r--r--src/openvpn/common.h7
-rw-r--r--src/openvpn/comp-lz4.c10
-rw-r--r--src/openvpn/comp-lz4.h7
-rw-r--r--src/openvpn/comp.c7
-rw-r--r--src/openvpn/comp.h7
-rw-r--r--src/openvpn/compstub.c10
-rw-r--r--src/openvpn/console.c13
-rw-r--r--src/openvpn/console.h9
-rw-r--r--src/openvpn/console_builtin.c7
-rw-r--r--src/openvpn/console_systemd.c7
-rw-r--r--src/openvpn/crypto.c44
-rw-r--r--src/openvpn/crypto.h16
-rw-r--r--src/openvpn/crypto_backend.h55
-rw-r--r--src/openvpn/crypto_mbedtls.c47
-rw-r--r--src/openvpn/crypto_mbedtls.h11
-rw-r--r--src/openvpn/crypto_openssl.c78
-rw-r--r--src/openvpn/crypto_openssl.h8
-rw-r--r--src/openvpn/cryptoapi.c9
-rw-r--r--src/openvpn/dhcp.c18
-rw-r--r--src/openvpn/dhcp.h7
-rw-r--r--src/openvpn/errlevel.h7
-rw-r--r--src/openvpn/error.c10
-rw-r--r--src/openvpn/error.h10
-rw-r--r--src/openvpn/event.c11
-rw-r--r--src/openvpn/event.h7
-rw-r--r--src/openvpn/fdmisc.c7
-rw-r--r--src/openvpn/fdmisc.h7
-rw-r--r--src/openvpn/forward-inline.h7
-rw-r--r--src/openvpn/forward.c7
-rw-r--r--src/openvpn/forward.h7
-rw-r--r--src/openvpn/fragment.c16
-rw-r--r--src/openvpn/fragment.h7
-rw-r--r--src/openvpn/gremlin.c22
-rw-r--r--src/openvpn/gremlin.h7
-rw-r--r--src/openvpn/helper.c7
-rw-r--r--src/openvpn/helper.h7
-rw-r--r--src/openvpn/httpdigest.c88
-rw-r--r--src/openvpn/httpdigest.h7
-rw-r--r--src/openvpn/init.c125
-rw-r--r--src/openvpn/init.h7
-rw-r--r--src/openvpn/integer.h7
-rw-r--r--src/openvpn/interval.c7
-rw-r--r--src/openvpn/interval.h10
-rw-r--r--src/openvpn/list.c13
-rw-r--r--src/openvpn/list.h7
-rw-r--r--src/openvpn/lladdr.c2
-rw-r--r--src/openvpn/lzo.c10
-rw-r--r--src/openvpn/lzo.h7
-rw-r--r--src/openvpn/manage.c22
-rw-r--r--src/openvpn/manage.h7
-rw-r--r--src/openvpn/mbuf.c10
-rw-r--r--src/openvpn/mbuf.h7
-rw-r--r--src/openvpn/memdbg.h7
-rw-r--r--src/openvpn/misc.c88
-rw-r--r--src/openvpn/misc.h13
-rw-r--r--src/openvpn/mroute.c10
-rw-r--r--src/openvpn/mroute.h7
-rw-r--r--src/openvpn/mss.c23
-rw-r--r--src/openvpn/mss.h7
-rw-r--r--src/openvpn/mstats.c7
-rw-r--r--src/openvpn/mstats.h7
-rw-r--r--src/openvpn/mtcp.c10
-rw-r--r--src/openvpn/mtcp.h7
-rw-r--r--src/openvpn/mtu.c7
-rw-r--r--src/openvpn/mtu.h7
-rw-r--r--src/openvpn/mudp.c7
-rw-r--r--src/openvpn/mudp.h7
-rw-r--r--src/openvpn/multi.c21
-rw-r--r--src/openvpn/multi.h7
-rw-r--r--src/openvpn/ntlm.c45
-rw-r--r--src/openvpn/occ-inline.h7
-rw-r--r--src/openvpn/occ.c10
-rw-r--r--src/openvpn/occ.h7
-rw-r--r--src/openvpn/openssl_compat.h657
-rw-r--r--src/openvpn/openvpn.c13
-rw-r--r--src/openvpn/openvpn.h15
-rw-r--r--src/openvpn/openvpn.vcxproj7
-rw-r--r--src/openvpn/openvpn.vcxproj.filters26
-rw-r--r--src/openvpn/options.c143
-rw-r--r--src/openvpn/options.h12
-rw-r--r--src/openvpn/otime.c7
-rw-r--r--src/openvpn/otime.h10
-rw-r--r--src/openvpn/packet_id.c10
-rw-r--r--src/openvpn/packet_id.h7
-rw-r--r--src/openvpn/perf.c12
-rw-r--r--src/openvpn/perf.h16
-rw-r--r--src/openvpn/pf-inline.h7
-rw-r--r--src/openvpn/pf.c7
-rw-r--r--src/openvpn/pf.h7
-rw-r--r--src/openvpn/ping-inline.h7
-rw-r--r--src/openvpn/ping.c7
-rw-r--r--src/openvpn/ping.h7
-rw-r--r--src/openvpn/pkcs11.c73
-rw-r--r--src/openvpn/pkcs11.h7
-rw-r--r--src/openvpn/pkcs11_backend.h7
-rw-r--r--src/openvpn/pkcs11_mbedtls.c14
-rw-r--r--src/openvpn/pkcs11_openssl.c7
-rw-r--r--src/openvpn/platform.c7
-rw-r--r--src/openvpn/platform.h7
-rw-r--r--src/openvpn/plugin.c49
-rw-r--r--src/openvpn/plugin.h7
-rw-r--r--src/openvpn/pool.c9
-rw-r--r--src/openvpn/pool.h7
-rw-r--r--src/openvpn/proto.c7
-rw-r--r--src/openvpn/proto.h7
-rw-r--r--src/openvpn/proxy.c26
-rw-r--r--src/openvpn/proxy.h7
-rw-r--r--src/openvpn/ps.c7
-rw-r--r--src/openvpn/ps.h7
-rw-r--r--src/openvpn/push.c36
-rw-r--r--src/openvpn/push.h7
-rw-r--r--src/openvpn/pushlist.h7
-rw-r--r--src/openvpn/reliable.c14
-rw-r--r--src/openvpn/reliable.h7
-rw-r--r--src/openvpn/route.c103
-rw-r--r--src/openvpn/route.h10
-rw-r--r--src/openvpn/schedule.c11
-rw-r--r--src/openvpn/schedule.h7
-rw-r--r--src/openvpn/session_id.c10
-rw-r--r--src/openvpn/session_id.h7
-rw-r--r--src/openvpn/shaper.c10
-rw-r--r--src/openvpn/shaper.h7
-rw-r--r--src/openvpn/sig.c7
-rw-r--r--src/openvpn/sig.h7
-rw-r--r--src/openvpn/socket.c55
-rw-r--r--src/openvpn/socket.h31
-rw-r--r--src/openvpn/socks.c7
-rw-r--r--src/openvpn/socks.h7
-rw-r--r--src/openvpn/ssl.c125
-rw-r--r--src/openvpn/ssl.h9
-rw-r--r--src/openvpn/ssl_backend.h7
-rw-r--r--src/openvpn/ssl_common.h8
-rw-r--r--src/openvpn/ssl_mbedtls.c15
-rw-r--r--src/openvpn/ssl_mbedtls.h9
-rw-r--r--src/openvpn/ssl_openssl.c107
-rw-r--r--src/openvpn/ssl_openssl.h9
-rw-r--r--src/openvpn/ssl_verify.c53
-rw-r--r--src/openvpn/ssl_verify.h13
-rw-r--r--src/openvpn/ssl_verify_backend.h17
-rw-r--r--src/openvpn/ssl_verify_mbedtls.c65
-rw-r--r--src/openvpn/ssl_verify_mbedtls.h7
-rw-r--r--src/openvpn/ssl_verify_openssl.c231
-rw-r--r--src/openvpn/ssl_verify_openssl.h7
-rw-r--r--src/openvpn/status.c7
-rw-r--r--src/openvpn/status.h7
-rw-r--r--src/openvpn/syshead.h15
-rw-r--r--src/openvpn/tls_crypt.c18
-rw-r--r--src/openvpn/tls_crypt.h7
-rw-r--r--src/openvpn/tun.c54
-rw-r--r--src/openvpn/tun.h8
-rw-r--r--src/openvpn/win32.c58
-rw-r--r--src/openvpn/win32.h9
165 files changed, 1278 insertions, 2653 deletions
diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am
index fcc22d6..bea294b 100644
--- a/src/openvpn/Makefile.am
+++ b/src/openvpn/Makefile.am
@@ -27,9 +27,7 @@ AM_CFLAGS = \
$(OPTIONAL_CRYPTO_CFLAGS) \
$(OPTIONAL_LZO_CFLAGS) \
$(OPTIONAL_LZ4_CFLAGS) \
- $(OPTIONAL_PKCS11_HELPER_CFLAGS) \
- -DPLUGIN_LIBDIR=\"${plugindir}\"
-
+ $(OPTIONAL_PKCS11_HELPER_CFLAGS)
if WIN32
# we want unicode entry point but not the macro
AM_CFLAGS += -municode -UUNICODE
@@ -81,7 +79,6 @@ openvpn_SOURCES = \
multi.c multi.h \
ntlm.c ntlm.h \
occ.c occ.h occ-inline.h \
- openssl_compat.h \
pkcs11.c pkcs11.h pkcs11_backend.h \
pkcs11_openssl.c \
pkcs11_mbedtls.c \
diff --git a/src/openvpn/Makefile.in b/src/openvpn/Makefile.in
index ca4635b..95d4f59 100644
--- a/src/openvpn/Makefile.in
+++ b/src/openvpn/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15 from Makefile.am.
+# Makefile.in generated by automake 1.13.4 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2014 Free Software Foundation, Inc.
+# Copyright (C) 1994-2013 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -37,17 +37,7 @@
# Required to build Windows resource file
VPATH = @srcdir@
-am__is_gnu_make = { \
- if test -z '$(MAKELEVEL)'; then \
- false; \
- elif test -n '$(MAKE_HOST)'; then \
- true; \
- elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
- true; \
- else \
- false; \
- fi; \
-}
+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -110,7 +100,8 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-
+DIST_COMMON = $(top_srcdir)/build/ltrc.inc $(srcdir)/Makefile.in \
+ $(srcdir)/Makefile.am $(top_srcdir)/depcomp
# we want unicode entry point but not the macro
@WIN32_TRUE@am__append_1 = -municode -UUNICODE
sbin_PROGRAMS = openvpn$(EXEEXT)
@@ -127,7 +118,6 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/ax_emptyarray.m4 \
$(top_srcdir)/compat.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
-DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h \
$(top_builddir)/include/openvpn-plugin.h
@@ -149,21 +139,21 @@ am__openvpn_SOURCES_DIST = argv.c argv.h base64.c base64.h basic.h \
console_builtin.c console_systemd.c mroute.c mroute.h mss.c \
mss.h mstats.c mstats.h mtcp.c mtcp.h mtu.c mtu.h mudp.c \
mudp.h multi.c multi.h ntlm.c ntlm.h occ.c occ.h occ-inline.h \
- openssl_compat.h pkcs11.c pkcs11.h pkcs11_backend.h \
- pkcs11_openssl.c pkcs11_mbedtls.c openvpn.c openvpn.h \
- options.c options.h otime.c otime.h packet_id.c packet_id.h \
- perf.c perf.h pf.c pf.h pf-inline.h ping.c ping.h \
- ping-inline.h plugin.c plugin.h pool.c pool.h proto.c proto.h \
- proxy.c proxy.h ps.c ps.h push.c push.h pushlist.h reliable.c \
- reliable.h route.c route.h schedule.c schedule.h session_id.c \
- session_id.h shaper.c shaper.h sig.c sig.h socket.c socket.h \
- socks.c socks.h ssl.c ssl.h ssl_backend.h ssl_openssl.c \
- ssl_openssl.h ssl_mbedtls.c ssl_mbedtls.h ssl_common.h \
- ssl_verify.c ssl_verify.h ssl_verify_backend.h \
- ssl_verify_openssl.c ssl_verify_openssl.h ssl_verify_mbedtls.c \
- ssl_verify_mbedtls.h status.c status.h syshead.h tls_crypt.c \
- tls_crypt.h tun.c tun.h win32.h win32.c cryptoapi.h \
- cryptoapi.c openvpn_win32_resources.rc block_dns.c block_dns.h
+ pkcs11.c pkcs11.h pkcs11_backend.h pkcs11_openssl.c \
+ pkcs11_mbedtls.c openvpn.c openvpn.h options.c options.h \
+ otime.c otime.h packet_id.c packet_id.h perf.c perf.h pf.c \
+ pf.h pf-inline.h ping.c ping.h ping-inline.h plugin.c plugin.h \
+ pool.c pool.h proto.c proto.h proxy.c proxy.h ps.c ps.h push.c \
+ push.h pushlist.h reliable.c reliable.h route.c route.h \
+ schedule.c schedule.h session_id.c session_id.h shaper.c \
+ shaper.h sig.c sig.h socket.c socket.h socks.c socks.h ssl.c \
+ ssl.h ssl_backend.h ssl_openssl.c ssl_openssl.h ssl_mbedtls.c \
+ ssl_mbedtls.h ssl_common.h ssl_verify.c ssl_verify.h \
+ ssl_verify_backend.h ssl_verify_openssl.c ssl_verify_openssl.h \
+ ssl_verify_mbedtls.c ssl_verify_mbedtls.h status.c status.h \
+ syshead.h tls_crypt.c tls_crypt.h tun.c tun.h win32.h win32.c \
+ cryptoapi.h cryptoapi.c openvpn_win32_resources.rc block_dns.c \
+ block_dns.h
@WIN32_TRUE@am__objects_1 = openvpn_win32_resources.$(OBJEXT) \
@WIN32_TRUE@ block_dns.$(OBJEXT)
am_openvpn_OBJECTS = argv.$(OBJEXT) base64.$(OBJEXT) buffer.$(OBJEXT) \
@@ -263,8 +253,6 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
-am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/build/ltrc.inc \
- $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
@@ -313,7 +301,6 @@ LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
-LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
LZ4_CFLAGS = @LZ4_CFLAGS@
LZ4_LIBS = @LZ4_LIBS@
LZO_CFLAGS = @LZO_CFLAGS@
@@ -362,7 +349,6 @@ PKCS11_HELPER_LIBS = @PKCS11_HELPER_LIBS@
PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-PLUGINDIR = @PLUGINDIR@
PLUGIN_AUTH_PAM_CFLAGS = @PLUGIN_AUTH_PAM_CFLAGS@
PLUGIN_AUTH_PAM_LIBS = @PLUGIN_AUTH_PAM_LIBS@
RANLIB = @RANLIB@
@@ -375,14 +361,12 @@ SHELL = @SHELL@
SOCKETS_LIBS = @SOCKETS_LIBS@
STRIP = @STRIP@
SYSTEMD_ASK_PASSWORD = @SYSTEMD_ASK_PASSWORD@
-SYSTEMD_UNIT_DIR = @SYSTEMD_UNIT_DIR@
TAP_CFLAGS = @TAP_CFLAGS@
TAP_WIN_COMPONENT_ID = @TAP_WIN_COMPONENT_ID@
TAP_WIN_MIN_MAJOR = @TAP_WIN_MIN_MAJOR@
TAP_WIN_MIN_MINOR = @TAP_WIN_MIN_MINOR@
TEST_CFLAGS = @TEST_CFLAGS@
TEST_LDFLAGS = @TEST_LDFLAGS@
-TMPFILES_DIR = @TMPFILES_DIR@
VENDOR_BUILD_ROOT = @VENDOR_BUILD_ROOT@
VENDOR_DIST_ROOT = @VENDOR_DIST_ROOT@
VENDOR_SRC_ROOT = @VENDOR_SRC_ROOT@
@@ -439,9 +423,7 @@ sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
-systemdunitdir = @systemdunitdir@
target_alias = @target_alias@
-tmpfilesdir = @tmpfilesdir@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
@@ -462,8 +444,7 @@ AM_CPPFLAGS = \
AM_CFLAGS = $(TAP_CFLAGS) $(OPTIONAL_CRYPTO_CFLAGS) \
$(OPTIONAL_LZO_CFLAGS) $(OPTIONAL_LZ4_CFLAGS) \
- $(OPTIONAL_PKCS11_HELPER_CFLAGS) \
- -DPLUGIN_LIBDIR=\"${plugindir}\" $(am__append_1)
+ $(OPTIONAL_PKCS11_HELPER_CFLAGS) $(am__append_1)
openvpn_SOURCES = argv.c argv.h base64.c base64.h basic.h buffer.c \
buffer.h circ_list.h clinat.c clinat.h common.h comp.c comp.h \
compstub.c comp-lz4.c comp-lz4.h crypto.c crypto.h \
@@ -478,21 +459,20 @@ openvpn_SOURCES = argv.c argv.h base64.c base64.h basic.h buffer.c \
console_builtin.c console_systemd.c mroute.c mroute.h mss.c \
mss.h mstats.c mstats.h mtcp.c mtcp.h mtu.c mtu.h mudp.c \
mudp.h multi.c multi.h ntlm.c ntlm.h occ.c occ.h occ-inline.h \
- openssl_compat.h pkcs11.c pkcs11.h pkcs11_backend.h \
- pkcs11_openssl.c pkcs11_mbedtls.c openvpn.c openvpn.h \
- options.c options.h otime.c otime.h packet_id.c packet_id.h \
- perf.c perf.h pf.c pf.h pf-inline.h ping.c ping.h \
- ping-inline.h plugin.c plugin.h pool.c pool.h proto.c proto.h \
- proxy.c proxy.h ps.c ps.h push.c push.h pushlist.h reliable.c \
- reliable.h route.c route.h schedule.c schedule.h session_id.c \
- session_id.h shaper.c shaper.h sig.c sig.h socket.c socket.h \
- socks.c socks.h ssl.c ssl.h ssl_backend.h ssl_openssl.c \
- ssl_openssl.h ssl_mbedtls.c ssl_mbedtls.h ssl_common.h \
- ssl_verify.c ssl_verify.h ssl_verify_backend.h \
- ssl_verify_openssl.c ssl_verify_openssl.h ssl_verify_mbedtls.c \
- ssl_verify_mbedtls.h status.c status.h syshead.h tls_crypt.c \
- tls_crypt.h tun.c tun.h win32.h win32.c cryptoapi.h \
- cryptoapi.c $(am__append_2)
+ pkcs11.c pkcs11.h pkcs11_backend.h pkcs11_openssl.c \
+ pkcs11_mbedtls.c openvpn.c openvpn.h options.c options.h \
+ otime.c otime.h packet_id.c packet_id.h perf.c perf.h pf.c \
+ pf.h pf-inline.h ping.c ping.h ping-inline.h plugin.c plugin.h \
+ pool.c pool.h proto.c proto.h proxy.c proxy.h ps.c ps.h push.c \
+ push.h pushlist.h reliable.c reliable.h route.c route.h \
+ schedule.c schedule.h session_id.c session_id.h shaper.c \
+ shaper.h sig.c sig.h socket.c socket.h socks.c socks.h ssl.c \
+ ssl.h ssl_backend.h ssl_openssl.c ssl_openssl.h ssl_mbedtls.c \
+ ssl_mbedtls.h ssl_common.h ssl_verify.c ssl_verify.h \
+ ssl_verify_backend.h ssl_verify_openssl.c ssl_verify_openssl.h \
+ ssl_verify_mbedtls.c ssl_verify_mbedtls.h status.c status.h \
+ syshead.h tls_crypt.c tls_crypt.h tun.c tun.h win32.h win32.c \
+ cryptoapi.h cryptoapi.c $(am__append_2)
openvpn_LDADD = $(top_builddir)/src/compat/libcompat.la \
$(SOCKETS_LIBS) $(OPTIONAL_LZO_LIBS) $(OPTIONAL_LZ4_LIBS) \
$(OPTIONAL_PKCS11_HELPER_LIBS) $(OPTIONAL_CRYPTO_LIBS) \
@@ -514,6 +494,7 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(top_srcdir)/build/ltrc.inc $(am_
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/openvpn/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --foreign src/openvpn/Makefile
+.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -522,7 +503,7 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
esac;
-$(top_srcdir)/build/ltrc.inc $(am__empty):
+$(top_srcdir)/build/ltrc.inc:
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
@@ -674,14 +655,14 @@ distclean-compile:
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
.c.obj:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
.c.lo:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -903,8 +884,6 @@ uninstall-am: uninstall-sbinPROGRAMS
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags tags-am uninstall uninstall-am uninstall-sbinPROGRAMS
-.PRECIOUS: Makefile
-
.rc.lo:
$(LTRCCOMPILE) -i "$<" -o "$@"
diff --git a/src/openvpn/argv.c b/src/openvpn/argv.c
index a71d261..cc813ed 100644
--- a/src/openvpn/argv.c
+++ b/src/openvpn/argv.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
*
* A printf-like function (that only recognizes a subset of standard printf
@@ -59,9 +60,7 @@ argv_reset(struct argv *a)
{
size_t i;
for (i = 0; i < a->argc; ++i)
- {
free(a->argv[i]);
- }
free(a->argv);
argv_init(a);
}
@@ -75,9 +74,7 @@ argv_extend(struct argv *a, const size_t newcap)
size_t i;
ALLOC_ARRAY_CLEAR(newargv, char *, newcap);
for (i = 0; i < a->argc; ++i)
- {
newargv[i] = a->argv[i];
- }
free(a->argv);
a->argv = newargv;
a->capacity = newcap;
@@ -107,15 +104,11 @@ argv_clone(const struct argv *a, const size_t headroom)
argv_init(&r);
for (i = 0; i < headroom; ++i)
- {
argv_append(&r, NULL);
- }
if (a)
{
for (i = 0; i < a->argc; ++i)
- {
argv_append(&r, string_alloc(a->argv[i], NULL));
- }
}
return r;
}
@@ -339,9 +332,7 @@ argv_parse_cmd(struct argv *a, const char *s)
{
int i;
for (i = 0; i < nparms; ++i)
- {
argv_append(a, string_alloc(parms[i], NULL));
- }
}
else
{
diff --git a/src/openvpn/argv.h b/src/openvpn/argv.h
index 7d0754c..1dd6dd7 100644
--- a/src/openvpn/argv.h
+++ b/src/openvpn/argv.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
*
* A printf-like function (that only recognizes a subset of standard printf
diff --git a/src/openvpn/base64.c b/src/openvpn/base64.c
index 0ac65e9..c799ede 100644
--- a/src/openvpn/base64.c
+++ b/src/openvpn/base64.c
@@ -69,8 +69,7 @@ openvpn_base64_encode(const void *data, int size, char **str)
}
q = (const unsigned char *) data;
i = 0;
- for (i = 0; i < size; )
- {
+ for (i = 0; i < size; ) {
c = q[i++];
c *= 256;
if (i < size)
@@ -108,12 +107,10 @@ pos(char c)
{
char *p;
for (p = base64_chars; *p; p++)
- {
if (*p == c)
{
return p - base64_chars;
}
- }
return -1;
}
@@ -129,8 +126,7 @@ token_decode(const char *token)
{
return DECODE_ERROR;
}
- for (i = 0; i < 4; i++)
- {
+ for (i = 0; i < 4; i++) {
val *= 64;
if (token[i] == '=')
{
@@ -168,8 +164,7 @@ openvpn_base64_decode(const char *str, void *data, int size)
{
e = q + size;
}
- for (p = str; *p && (*p == '=' || strchr(base64_chars, *p)); p += 4)
- {
+ for (p = str; *p && (*p == '=' || strchr(base64_chars, *p)); p += 4) {
unsigned int val = token_decode(p);
unsigned int marker = (val >> 24) & 0xff;
if (val == DECODE_ERROR)
diff --git a/src/openvpn/basic.h b/src/openvpn/basic.h
index 3aa69ca..dac6f01 100644
--- a/src/openvpn/basic.h
+++ b/src/openvpn/basic.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef BASIC_H
diff --git a/src/openvpn/block_dns.c b/src/openvpn/block_dns.c
index d43cbcf..e31765e 100644
--- a/src/openvpn/block_dns.c
+++ b/src/openvpn/block_dns.c
@@ -18,9 +18,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
@@ -109,9 +110,6 @@ DEFINE_GUID(
static WCHAR *FIREWALL_NAME = L"OpenVPN";
-VOID NETIOAPI_API_
-InitializeIpInterfaceEntry(PMIB_IPINTERFACE_ROW Row);
-
/*
* Default msg handler does nothing
*/
@@ -343,79 +341,4 @@ delete_block_dns_filters(HANDLE engine_handle)
return err;
}
-/*
- * Returns interface metric value for specified interface index.
- *
- * Arguments:
- * index : The index of TAP adapter.
- * family : Address family (AF_INET for IPv4 and AF_INET6 for IPv6).
- * Returns positive metric value or zero for automatic metric on success,
- * a less then zero error code on failure.
- */
-
-int
-get_interface_metric(const NET_IFINDEX index, const ADDRESS_FAMILY family)
-{
- DWORD err = 0;
- MIB_IPINTERFACE_ROW ipiface;
- InitializeIpInterfaceEntry(&ipiface);
- ipiface.Family = family;
- ipiface.InterfaceIndex = index;
- err = GetIpInterfaceEntry(&ipiface);
- if (err == NO_ERROR)
- {
- if (ipiface.UseAutomaticMetric)
- {
- return 0;
- }
- return ipiface.Metric;
- }
- return -err;
-}
-
-/*
- * Sets interface metric value for specified interface index.
- *
- * Arguments:
- * index : The index of TAP adapter.
- * family : Address family (AF_INET for IPv4 and AF_INET6 for IPv6).
- * metric : Metric value. 0 for automatic metric.
- * Returns 0 on success, a non-zero status code of the last failed action on failure.
- */
-
-DWORD
-set_interface_metric(const NET_IFINDEX index, const ADDRESS_FAMILY family,
- const ULONG metric)
-{
- DWORD err = 0;
- MIB_IPINTERFACE_ROW ipiface;
- InitializeIpInterfaceEntry(&ipiface);
- ipiface.Family = family;
- ipiface.InterfaceIndex = index;
- err = GetIpInterfaceEntry(&ipiface);
- if (err == NO_ERROR)
- {
- if (family == AF_INET)
- {
- /* required for IPv4 as per MSDN */
- ipiface.SitePrefixLength = 0;
- }
- ipiface.Metric = metric;
- if (metric == 0)
- {
- ipiface.UseAutomaticMetric = TRUE;
- }
- else
- {
- ipiface.UseAutomaticMetric = FALSE;
- }
- err = SetIpInterfaceEntry(&ipiface);
- if (err == NO_ERROR)
- {
- return 0;
- }
- }
- return err;
-}
-
#endif /* ifdef _WIN32 */
diff --git a/src/openvpn/block_dns.h b/src/openvpn/block_dns.h
index c4b6693..a7dadc4 100644
--- a/src/openvpn/block_dns.h
+++ b/src/openvpn/block_dns.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef _WIN32
@@ -26,9 +27,6 @@
#ifndef OPENVPN_BLOCK_DNS_H
#define OPENVPN_BLOCK_DNS_H
-/* Any value less than 5 should work fine. 3 is choosen without any real reason. */
-#define BLOCK_DNS_IFACE_METRIC 3
-
typedef void (*block_dns_msg_handler_t) (DWORD err, const char *msg);
DWORD
@@ -38,32 +36,5 @@ DWORD
add_block_dns_filters(HANDLE *engine, int iface_index, const WCHAR *exe_path,
block_dns_msg_handler_t msg_handler_callback);
-/**
- * Returns interface metric value for specified interface index.
- *
- * @param index The index of TAP adapter
- * @param family Address family (AF_INET for IPv4 and AF_INET6 for IPv6)
- *
- * @return positive metric value or zero for automatic metric on success,
- * a less then zero error code on failure.
- */
-
-int
-get_interface_metric(const NET_IFINDEX index, const ADDRESS_FAMILY family);
-
-/**
- * Sets interface metric value for specified interface index.
- *
- * @param index The index of TAP adapter
- * @param family Address family (AF_INET for IPv4 and AF_INET6 for IPv6)
- * @param metric Metric value. 0 for automatic metric
- *
- * @return 0 on success, a non-zero status code of the last failed action on failure.
- */
-
-DWORD
-set_interface_metric(const NET_IFINDEX index, const ADDRESS_FAMILY family,
- const ULONG metric);
-
#endif
#endif
diff --git a/src/openvpn/buffer.c b/src/openvpn/buffer.c
index 87e27ec..2defd18 100644
--- a/src/openvpn/buffer.c
+++ b/src/openvpn/buffer.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
@@ -442,9 +443,7 @@ gc_transfer(struct gc_arena *dest, struct gc_arena *src)
if (e)
{
while (e->next != NULL)
- {
e = e->next;
- }
e->next = dest->list;
dest->list = src->list;
src->list = NULL;
@@ -600,8 +599,7 @@ void
rm_trailing_chars(char *str, const char *what_to_delete)
{
bool modified;
- do
- {
+ do {
const int len = strlen(str);
modified = false;
if (len > 0)
@@ -684,9 +682,7 @@ string_array_len(const char **array)
if (array)
{
while (array[i])
- {
++i;
- }
}
return i;
}
@@ -1324,9 +1320,7 @@ buffer_list_file(const char *fn, int max_line_len)
{
bl = buffer_list_new(0);
while (fgets(line, max_line_len, fp) != NULL)
- {
buffer_list_push(bl, (unsigned char *)line);
- }
free(line);
}
fclose(fp);
diff --git a/src/openvpn/buffer.h b/src/openvpn/buffer.h
index 8bc4428..28b224e 100644
--- a/src/openvpn/buffer.h
+++ b/src/openvpn/buffer.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef BUFFER_H
@@ -403,9 +404,7 @@ secure_memzero(void *data, size_t len)
#else
volatile char *p = (volatile char *) data;
while (len--)
- {
*p++ = 0;
- }
#endif
}
diff --git a/src/openvpn/circ_list.h b/src/openvpn/circ_list.h
index 386e18d..ecf2a7f 100644
--- a/src/openvpn/circ_list.h
+++ b/src/openvpn/circ_list.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef CIRC_LIST_H
diff --git a/src/openvpn/clinat.c b/src/openvpn/clinat.c
index 633cec6..9158437 100644
--- a/src/openvpn/clinat.c
+++ b/src/openvpn/clinat.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
diff --git a/src/openvpn/clinat.h b/src/openvpn/clinat.h
index e0cfad5..cdaf2a8 100644
--- a/src/openvpn/clinat.h
+++ b/src/openvpn/clinat.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#if !defined(CLINAT_H)
diff --git a/src/openvpn/common.h b/src/openvpn/common.h
index bb08c01..cd988d4 100644
--- a/src/openvpn/common.h
+++ b/src/openvpn/common.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef COMMON_H
diff --git a/src/openvpn/comp-lz4.c b/src/openvpn/comp-lz4.c
index 6e40c32..fa65f87 100644
--- a/src/openvpn/comp-lz4.c
+++ b/src/openvpn/comp-lz4.c
@@ -17,9 +17,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
@@ -315,7 +316,6 @@ const struct compress_alg lz4v2_alg = {
#else /* if defined(ENABLE_LZ4) */
static void
-dummy(void)
-{
+dummy(void) {
}
#endif /* ENABLE_LZ4 */
diff --git a/src/openvpn/comp-lz4.h b/src/openvpn/comp-lz4.h
index c256ba5..8621e93 100644
--- a/src/openvpn/comp-lz4.h
+++ b/src/openvpn/comp-lz4.h
@@ -17,9 +17,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef OPENVPN_COMP_LZ4_H
diff --git a/src/openvpn/comp.c b/src/openvpn/comp.c
index 4cda7e5..0182a7c 100644
--- a/src/openvpn/comp.c
+++ b/src/openvpn/comp.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
diff --git a/src/openvpn/comp.h b/src/openvpn/comp.h
index e56fd2b..3c0b18e 100644
--- a/src/openvpn/comp.h
+++ b/src/openvpn/comp.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
diff --git a/src/openvpn/compstub.c b/src/openvpn/compstub.c
index ca90924..5070c82 100644
--- a/src/openvpn/compstub.c
+++ b/src/openvpn/compstub.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
@@ -178,7 +179,6 @@ const struct compress_alg comp_stub_alg = {
#else /* if defined(USE_COMP) */
static void
-dummy(void)
-{
+dummy(void) {
}
#endif /* USE_STUB */
diff --git a/src/openvpn/console.c b/src/openvpn/console.c
index eb6944d..90c8a94 100644
--- a/src/openvpn/console.c
+++ b/src/openvpn/console.c
@@ -18,9 +18,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
@@ -48,8 +49,7 @@ query_user_clear()
{
int i;
- for (i = 0; i < QUERY_USER_NUMSLOTS; i++)
- {
+ for (i = 0; i < QUERY_USER_NUMSLOTS; i++) {
CLEAR(query_user[i]);
}
}
@@ -68,8 +68,7 @@ query_user_add(char *prompt, size_t prompt_len,
ASSERT( prompt_len > 0 && prompt != NULL && resp_len > 0 && resp != NULL );
/* Seek to the last unused slot */
- for (i = 0; i < QUERY_USER_NUMSLOTS; i++)
- {
+ for (i = 0; i < QUERY_USER_NUMSLOTS; i++) {
if (query_user[i].prompt == NULL)
{
break;
diff --git a/src/openvpn/console.h b/src/openvpn/console.h
index aa51e6f..2c7f3e9 100644
--- a/src/openvpn/console.h
+++ b/src/openvpn/console.h
@@ -18,10 +18,11 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
#ifndef CONSOLE_H
#define CONSOLE_H
diff --git a/src/openvpn/console_builtin.c b/src/openvpn/console_builtin.c
index 7b95da9..13b9d7e 100644
--- a/src/openvpn/console_builtin.c
+++ b/src/openvpn/console_builtin.c
@@ -18,9 +18,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
diff --git a/src/openvpn/console_systemd.c b/src/openvpn/console_systemd.c
index 8cee8c8..1c0aa4c 100644
--- a/src/openvpn/console_systemd.c
+++ b/src/openvpn/console_systemd.c
@@ -17,9 +17,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index 5f482d0..0dba7ca 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -17,9 +17,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
@@ -64,8 +65,7 @@
static void
openvpn_encrypt_aead(struct buffer *buf, struct buffer work,
- struct crypto_options *opt)
-{
+ struct crypto_options *opt) {
#ifdef HAVE_AEAD_CIPHER_MODES
struct gc_arena gc;
int outlen = 0;
@@ -332,8 +332,7 @@ openvpn_encrypt(struct buffer *buf, struct buffer work,
bool
crypto_check_replay(struct crypto_options *opt,
const struct packet_id_net *pin, const char *error_prefix,
- struct gc_arena *gc)
-{
+ struct gc_arena *gc) {
bool ret = false;
packet_id_reap_test(&opt->packet_id.rec);
if (packet_id_test(&opt->packet_id.rec, pin))
@@ -808,10 +807,7 @@ init_key_type(struct key_type *kt, const char *ciphername,
{
if (warn)
{
- msg(M_WARN, "******* WARNING *******: '--cipher none' was specified. "
- "This means NO encryption will be performed and tunnelled "
- "data WILL be transmitted in clear text over the network! "
- "PLEASE DO RECONSIDER THIS SETTING!");
+ msg(M_WARN, "******* WARNING *******: null cipher specified, no encryption will be used");
}
}
if (strcmp(authname, "none") != 0)
@@ -831,11 +827,7 @@ init_key_type(struct key_type *kt, const char *ciphername,
{
if (warn)
{
- msg(M_WARN, "******* WARNING *******: '--auth none' was specified. "
- "This means no authentication will be performed on received "
- "packets, meaning you CANNOT trust that the data received by "
- "the remote side have NOT been manipulated. "
- "PLEASE DO RECONSIDER THIS SETTING!");
+ msg(M_WARN, "******* WARNING *******: null MAC specified, no authentication will be used");
}
}
}
@@ -851,7 +843,7 @@ init_key_ctx(struct key_ctx *ctx, struct key *key,
if (kt->cipher && kt->cipher_length > 0)
{
- ctx->cipher = cipher_ctx_new();
+ ALLOC_OBJ(ctx->cipher, cipher_ctx_t);
cipher_ctx_init(ctx->cipher, key->cipher, kt->cipher_length,
kt->cipher, enc);
@@ -875,7 +867,7 @@ init_key_ctx(struct key_ctx *ctx, struct key *key,
}
if (kt->digest && kt->hmac_length > 0)
{
- ctx->hmac = hmac_ctx_new();
+ ALLOC_OBJ(ctx->hmac, hmac_ctx_t);
hmac_ctx_init(ctx->hmac, key->hmac, kt->hmac_length, kt->digest);
msg(D_HANDSHAKE,
@@ -900,13 +892,13 @@ free_key_ctx(struct key_ctx *ctx)
if (ctx->cipher)
{
cipher_ctx_cleanup(ctx->cipher);
- cipher_ctx_free(ctx->cipher);
+ free(ctx->cipher);
ctx->cipher = NULL;
}
if (ctx->hmac)
{
hmac_ctx_cleanup(ctx->hmac);
- hmac_ctx_free(ctx->hmac);
+ free(ctx->hmac);
ctx->hmac = NULL;
}
ctx->implicit_iv_len = 0;
@@ -1030,8 +1022,7 @@ generate_key_random(struct key *key, const struct key_type *kt)
struct gc_arena gc = gc_new();
- do
- {
+ do {
CLEAR(*key);
if (kt)
{
@@ -1807,8 +1798,7 @@ get_random()
}
static const cipher_name_pair *
-get_cipher_name_pair(const char *cipher_name)
-{
+get_cipher_name_pair(const char *cipher_name) {
const cipher_name_pair *pair;
size_t i = 0;
@@ -1828,8 +1818,7 @@ get_cipher_name_pair(const char *cipher_name)
}
const char *
-translate_cipher_name_from_openvpn(const char *cipher_name)
-{
+translate_cipher_name_from_openvpn(const char *cipher_name) {
const cipher_name_pair *pair = get_cipher_name_pair(cipher_name);
if (NULL == pair)
@@ -1841,8 +1830,7 @@ translate_cipher_name_from_openvpn(const char *cipher_name)
}
const char *
-translate_cipher_name_to_openvpn(const char *cipher_name)
-{
+translate_cipher_name_to_openvpn(const char *cipher_name) {
const cipher_name_pair *pair = get_cipher_name_pair(cipher_name);
if (NULL == pair)
diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h
index 8818c01..61e9b59 100644
--- a/src/openvpn/crypto.h
+++ b/src/openvpn/crypto.h
@@ -17,9 +17,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
@@ -131,9 +132,9 @@
#include "packet_id.h"
#include "mtu.h"
-/** Wrapper struct to pass around SHA256 digests */
-struct sha256_digest {
- uint8_t digest[SHA256_DIGEST_LENGTH];
+/** Wrapper struct to pass around MD5 digests */
+struct md5_digest {
+ uint8_t digest[MD5_DIGEST_LENGTH];
};
/*
@@ -495,8 +496,7 @@ void crypto_read_openvpn_key(const struct key_type *key_type,
* Returns 0 when data is equal, non-zero otherwise.
*/
static inline int
-memcmp_constant_time(const void *a, const void *b, size_t size)
-{
+memcmp_constant_time(const void *a, const void *b, size_t size) {
const uint8_t *a1 = a;
const uint8_t *b1 = b;
int ret = 0;
diff --git a/src/openvpn/crypto_backend.h b/src/openvpn/crypto_backend.h
index b7f519b..2c79baa 100644
--- a/src/openvpn/crypto_backend.h
+++ b/src/openvpn/crypto_backend.h
@@ -17,9 +17,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
@@ -46,12 +47,6 @@
/* Maximum HMAC digest size (bytes) */
#define OPENVPN_MAX_HMAC_SIZE 64
-/** Types referencing specific message digest hashing algorithms */
-typedef enum {
- MD_SHA1,
- MD_SHA256
-} hash_algo_type ;
-
/** Struct used in cipher name translation table */
typedef struct {
const char *openvpn_name; /**< Cipher name used by OpenVPN */
@@ -300,20 +295,6 @@ bool cipher_kt_mode_aead(const cipher_kt_t *cipher);
*/
/**
- * Allocate a new cipher context
- *
- * @return a new cipher context
- */
-cipher_ctx_t *cipher_ctx_new(void);
-
-/**
- * Free a cipher context
- *
- * @param ctx Cipher context.
- */
-void cipher_ctx_free(cipher_ctx_t *ctx);
-
-/**
* Initialise a cipher context, based on the given key and key type.
*
* @param ctx Cipher context. May not be NULL
@@ -521,20 +502,6 @@ int md_kt_size(const md_kt_t *kt);
int md_full(const md_kt_t *kt, const uint8_t *src, int src_len, uint8_t *dst);
/*
- * Allocate a new message digest context
- *
- * @return a new zeroed MD context
- */
-md_ctx_t *md_ctx_new(void);
-
-/*
- * Free an existing, non-null message digest context
- *
- * @param ctx Message digest context
- */
-void md_ctx_free(md_ctx_t *ctx);
-
-/*
* Initialises the given message digest context.
*
* @param ctx Message digest context
@@ -583,20 +550,6 @@ void md_ctx_final(md_ctx_t *ctx, uint8_t *dst);
*/
/*
- * Create a new HMAC context
- *
- * @return A new HMAC context
- */
-hmac_ctx_t *hmac_ctx_new(void);
-
-/*
- * Free an existing HMAC context
- *
- * @param ctx HMAC context to free
- */
-void hmac_ctx_free(hmac_ctx_t *ctx);
-
-/*
* Initialises the given HMAC context, using the given digest
* and key.
*
diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c
index 24bc315..942684c 100644
--- a/src/openvpn/crypto_mbedtls.c
+++ b/src/openvpn/crypto_mbedtls.c
@@ -17,9 +17,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
@@ -508,19 +509,6 @@ cipher_kt_mode_aead(const cipher_kt_t *cipher)
*
*/
-mbedtls_cipher_context_t *
-cipher_ctx_new(void)
-{
- mbedtls_cipher_context_t *ctx;
- ALLOC_OBJ(ctx, mbedtls_cipher_context_t);
- return ctx;
-}
-
-void
-cipher_ctx_free(mbedtls_cipher_context_t *ctx)
-{
- free(ctx);
-}
void
cipher_ctx_init(mbedtls_cipher_context_t *ctx, uint8_t *key, int key_len,
@@ -778,18 +766,6 @@ md_full(const md_kt_t *kt, const uint8_t *src, int src_len, uint8_t *dst)
return 0 == mbedtls_md(kt, src, src_len, dst);
}
-mbedtls_md_context_t *
-md_ctx_new(void)
-{
- mbedtls_md_context_t *ctx;
- ALLOC_OBJ_CLEAR(ctx, mbedtls_md_context_t);
- return ctx;
-}
-
-void md_ctx_free(mbedtls_md_context_t *ctx)
-{
- free(ctx);
-}
void
md_ctx_init(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *kt)
@@ -840,21 +816,6 @@ md_ctx_final(mbedtls_md_context_t *ctx, uint8_t *dst)
/*
* TODO: re-enable dmsg for crypto debug
*/
-
-mbedtls_md_context_t *
-hmac_ctx_new(void)
-{
- mbedtls_md_context_t *ctx;
- ALLOC_OBJ(ctx, mbedtls_md_context_t);
- return ctx;
-}
-
-void
-hmac_ctx_free(mbedtls_md_context_t *ctx)
-{
- free(ctx);
-}
-
void
hmac_ctx_init(mbedtls_md_context_t *ctx, const uint8_t *key, int key_len,
const mbedtls_md_info_t *kt)
diff --git a/src/openvpn/crypto_mbedtls.h b/src/openvpn/crypto_mbedtls.h
index a434ce3..d9b1446 100644
--- a/src/openvpn/crypto_mbedtls.h
+++ b/src/openvpn/crypto_mbedtls.h
@@ -17,9 +17,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
@@ -72,7 +73,6 @@ typedef mbedtls_md_context_t hmac_ctx_t;
#define MD4_DIGEST_LENGTH 16
#define MD5_DIGEST_LENGTH 16
#define SHA_DIGEST_LENGTH 20
-#define SHA256_DIGEST_LENGTH 32
#define DES_KEY_LENGTH 8
/**
@@ -122,8 +122,7 @@ bool mbed_log_func_line(unsigned int flags, int errval, const char *func,
/** Wraps mbed_log_func_line() to prevent function calls for non-errors */
static inline bool
mbed_log_func_line_lite(unsigned int flags, int errval,
- const char *func, int line)
-{
+ const char *func, int line) {
if (errval)
{
return mbed_log_func_line(flags, errval, func, line);
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index a55e65c..b016d98 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -17,9 +17,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
@@ -41,7 +42,6 @@
#include "integer.h"
#include "crypto.h"
#include "crypto_backend.h"
-#include "openssl_compat.h"
#include <openssl/des.h>
#include <openssl/err.h>
@@ -186,14 +186,14 @@ crypto_clear_error(void)
}
void
-crypto_print_openssl_errors(const unsigned int flags)
-{
+crypto_print_openssl_errors(const unsigned int flags) {
size_t err = 0;
while ((err = ERR_get_error()))
{
/* Be more clear about frequently occurring "no shared cipher" error */
- if (ERR_GET_REASON(err) == SSL_R_NO_SHARED_CIPHER)
+ if (err == ERR_PACK(ERR_LIB_SSL,SSL_F_SSL3_GET_CLIENT_HELLO,
+ SSL_R_NO_SHARED_CIPHER))
{
msg(D_CRYPT_ERRORS, "TLS error: The server has no TLS ciphersuites "
"in common with the client. Your --tls-cipher setting might be "
@@ -286,7 +286,8 @@ show_available_ciphers()
size_t i;
/* If we ever exceed this, we must be more selective */
- const EVP_CIPHER *cipher_list[1000];
+ const size_t cipher_list_len = 1000;
+ const EVP_CIPHER *cipher_list[cipher_list_len];
size_t num_ciphers = 0;
#ifndef ENABLE_SMALL
printf("The following ciphers and cipher modes are available for use\n"
@@ -311,7 +312,7 @@ show_available_ciphers()
{
cipher_list[num_ciphers++] = cipher;
}
- if (num_ciphers == (sizeof(cipher_list)/sizeof(*cipher_list)))
+ if (num_ciphers == cipher_list_len)
{
msg(M_WARN, "WARNING: Too many ciphers, not showing all");
break;
@@ -550,10 +551,8 @@ cipher_kt_iv_size(const EVP_CIPHER *cipher_kt)
}
int
-cipher_kt_block_size(const EVP_CIPHER *cipher)
-{
- /*
- * OpenSSL reports OFB/CFB/GCM cipher block sizes as '1 byte'. To work
+cipher_kt_block_size(const EVP_CIPHER *cipher) {
+ /* OpenSSL reports OFB/CFB/GCM cipher block sizes as '1 byte'. To work
* around that, try to replace the mode with 'CBC' and return the block size
* reported for that cipher, if possible. If that doesn't work, just return
* the value reported by OpenSSL.
@@ -650,19 +649,6 @@ cipher_kt_mode_aead(const cipher_kt_t *cipher)
*
*/
-cipher_ctx_t *
-cipher_ctx_new(void)
-{
- EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
- check_malloc_return(ctx);
- return ctx;
-}
-
-void
-cipher_ctx_free(EVP_CIPHER_CTX *ctx)
-{
- EVP_CIPHER_CTX_free(ctx);
-}
void
cipher_ctx_init(EVP_CIPHER_CTX *ctx, uint8_t *key, int key_len,
@@ -670,6 +656,8 @@ cipher_ctx_init(EVP_CIPHER_CTX *ctx, uint8_t *key, int key_len,
{
ASSERT(NULL != kt && NULL != ctx);
+ CLEAR(*ctx);
+
EVP_CIPHER_CTX_init(ctx);
if (!EVP_CipherInit(ctx, kt, NULL, NULL, enc))
{
@@ -681,7 +669,7 @@ cipher_ctx_init(EVP_CIPHER_CTX *ctx, uint8_t *key, int key_len,
crypto_msg(M_FATAL, "EVP set key size");
}
#endif
- if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, enc))
+ if (!EVP_CipherInit(ctx, NULL, key, NULL, enc))
{
crypto_msg(M_FATAL, "EVP cipher init #2");
}
@@ -734,7 +722,7 @@ cipher_ctx_get_cipher_kt(const cipher_ctx_t *ctx)
int
cipher_ctx_reset(EVP_CIPHER_CTX *ctx, uint8_t *iv_buf)
{
- return EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv_buf, -1);
+ return EVP_CipherInit(ctx, NULL, NULL, iv_buf, -1);
}
int
@@ -855,24 +843,13 @@ md_full(const EVP_MD *kt, const uint8_t *src, int src_len, uint8_t *dst)
return EVP_Digest(src, src_len, dst, &in_md_len, kt, NULL);
}
-EVP_MD_CTX *
-md_ctx_new(void)
-{
- EVP_MD_CTX *ctx = EVP_MD_CTX_new();
- check_malloc_return(ctx);
- return ctx;
-}
-
-void md_ctx_free(EVP_MD_CTX *ctx)
-{
- EVP_MD_CTX_free(ctx);
-}
-
void
md_ctx_init(EVP_MD_CTX *ctx, const EVP_MD *kt)
{
ASSERT(NULL != ctx && NULL != kt);
+ CLEAR(*ctx);
+
EVP_MD_CTX_init(ctx);
EVP_DigestInit(ctx, kt);
}
@@ -880,7 +857,7 @@ md_ctx_init(EVP_MD_CTX *ctx, const EVP_MD *kt)
void
md_ctx_cleanup(EVP_MD_CTX *ctx)
{
- EVP_MD_CTX_reset(ctx);
+ EVP_MD_CTX_cleanup(ctx);
}
int
@@ -910,19 +887,6 @@ md_ctx_final(EVP_MD_CTX *ctx, uint8_t *dst)
*
*/
-HMAC_CTX *
-hmac_ctx_new(void)
-{
- HMAC_CTX *ctx = HMAC_CTX_new();
- check_malloc_return(ctx);
- return ctx;
-}
-
-void
-hmac_ctx_free(HMAC_CTX *ctx)
-{
- HMAC_CTX_free(ctx);
-}
void
hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, int key_len,
@@ -930,6 +894,8 @@ hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, int key_len,
{
ASSERT(NULL != kt && NULL != ctx);
+ CLEAR(*ctx);
+
HMAC_CTX_init(ctx);
HMAC_Init_ex(ctx, key, key_len, kt, NULL);
@@ -940,7 +906,7 @@ hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, int key_len,
void
hmac_ctx_cleanup(HMAC_CTX *ctx)
{
- HMAC_CTX_reset(ctx);
+ HMAC_CTX_cleanup(ctx);
}
int
diff --git a/src/openvpn/crypto_openssl.h b/src/openvpn/crypto_openssl.h
index 60a2812..56ec6e1 100644
--- a/src/openvpn/crypto_openssl.h
+++ b/src/openvpn/crypto_openssl.h
@@ -17,9 +17,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
@@ -32,7 +33,6 @@
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/md5.h>
-#include <openssl/sha.h>
/** Generic cipher key type %context. */
typedef EVP_CIPHER cipher_kt_t;
diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c
index d90cc5d..69a5a32 100644
--- a/src/openvpn/cryptoapi.c
+++ b/src/openvpn/cryptoapi.c
@@ -281,9 +281,7 @@ rsa_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, i
}
/* and now, we have to reverse the byte-order in the result from CryptSignHash()... */
for (i = 0; i < len; i++)
- {
to[i] = buf[len - i - 1];
- }
free(buf);
CryptDestroyHash(hash);
@@ -391,9 +389,7 @@ find_certificate_in_store(const char *cert_prop, HCERTSTORE cert_store)
}
hash[i] = x;
/* skip any space(s) between hex numbers */
- for (p++; *p && *p == ' '; p++)
- {
- }
+ for (p++; *p && *p == ' '; p++) ;
}
blob.cbData = i;
blob.pbData = (unsigned char *) &hash;
@@ -551,8 +547,7 @@ err:
#else /* ifdef ENABLE_CRYPTOAPI */
#ifdef _MSC_VER /* Dummy function needed to avoid empty file compiler warning in Microsoft VC */
static void
-dummy(void)
-{
+dummy(void) {
}
#endif
#endif /* _WIN32 */
diff --git a/src/openvpn/dhcp.c b/src/openvpn/dhcp.c
index a2a5454..c17a22e 100644
--- a/src/openvpn/dhcp.c
+++ b/src/openvpn/dhcp.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
@@ -159,20 +160,17 @@ udp_checksum(const uint8_t *buf,
/* make 16 bit words out of every two adjacent 8 bit words and */
/* calculate the sum of all 16 bit words */
- for (i = 0; i < len_udp; i += 2)
- {
+ for (i = 0; i < len_udp; i += 2) {
word16 = ((buf[i] << 8) & 0xFF00) + ((i + 1 < len_udp) ? (buf[i+1] & 0xFF) : 0);
sum += word16;
}
/* add the UDP pseudo header which contains the IP source and destination addresses */
- for (i = 0; i < 4; i += 2)
- {
+ for (i = 0; i < 4; i += 2) {
word16 = ((src_addr[i] << 8) & 0xFF00) + (src_addr[i+1] & 0xFF);
sum += word16;
}
- for (i = 0; i < 4; i += 2)
- {
+ for (i = 0; i < 4; i += 2) {
word16 = ((dest_addr[i] << 8) & 0xFF00) + (dest_addr[i+1] & 0xFF);
sum += word16;
}
@@ -182,9 +180,7 @@ udp_checksum(const uint8_t *buf,
/* keep only the last 16 bits of the 32 bit calculated sum and add the carries */
while (sum >> 16)
- {
sum = (sum & 0xFFFF) + (sum >> 16);
- }
/* Take the one's complement of sum */
return ((uint16_t) ~sum);
diff --git a/src/openvpn/dhcp.h b/src/openvpn/dhcp.h
index dc41658..d406870 100644
--- a/src/openvpn/dhcp.h
+++ b/src/openvpn/dhcp.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef DHCP_H
diff --git a/src/openvpn/errlevel.h b/src/openvpn/errlevel.h
index 5bb043b..c4dd518 100644
--- a/src/openvpn/errlevel.h
+++ b/src/openvpn/errlevel.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef ERRLEVEL_H
diff --git a/src/openvpn/error.c b/src/openvpn/error.c
index ce50ff9..e78f272 100644
--- a/src/openvpn/error.c
+++ b/src/openvpn/error.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
@@ -835,8 +836,7 @@ strerror_win32(DWORD errnum, struct gc_arena *gc)
* Posix equivalents.
*/
#if 1
- switch (errnum)
- {
+ switch (errnum) {
/*
* When the TAP-Windows driver returns STATUS_UNSUCCESSFUL, this code
* gets returned to user space.
diff --git a/src/openvpn/error.h b/src/openvpn/error.h
index 14ef7e6..df4eee7 100644
--- a/src/openvpn/error.h
+++ b/src/openvpn/error.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef ERROR_H
@@ -393,8 +394,7 @@ ignore_sys_error(const int err)
/** Convert fatal errors to nonfatal, don't touch other errors */
static inline unsigned int
-nonfatal(const unsigned int err)
-{
+nonfatal(const unsigned int err) {
return err & M_FATAL ? (err ^ M_FATAL) | M_NONFATAL : err;
}
diff --git a/src/openvpn/event.c b/src/openvpn/event.c
index d123070..f4922e0 100644
--- a/src/openvpn/event.c
+++ b/src/openvpn/event.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
@@ -393,13 +394,11 @@ we_wait(struct event_set *es, const struct timeval *tv, struct event_set_return
{
int i;
for (i = 0; i < wes->n_events; ++i)
- {
dmsg(D_EVENT_WAIT, "[%d] ev=%p rwflags=0x%04x arg=" ptr_format,
i,
wes->events[i],
wes->esr[i].rwflags,
(ptr_type)wes->esr[i].arg);
- }
}
#endif
@@ -923,9 +922,7 @@ se_reset(struct event_set *es)
FD_ZERO(&ses->readfds);
FD_ZERO(&ses->writefds);
for (i = 0; i <= ses->maxfd; ++i)
- {
ses->args[i] = NULL;
- }
ses->maxfd = -1;
}
diff --git a/src/openvpn/event.h b/src/openvpn/event.h
index ff795f4..6a6e029 100644
--- a/src/openvpn/event.h
+++ b/src/openvpn/event.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef EVENT_H
diff --git a/src/openvpn/fdmisc.c b/src/openvpn/fdmisc.c
index 56e2250..401069d 100644
--- a/src/openvpn/fdmisc.c
+++ b/src/openvpn/fdmisc.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
diff --git a/src/openvpn/fdmisc.h b/src/openvpn/fdmisc.h
index b6d7101..1e84a08 100644
--- a/src/openvpn/fdmisc.h
+++ b/src/openvpn/fdmisc.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef FD_MISC_H
diff --git a/src/openvpn/forward-inline.h b/src/openvpn/forward-inline.h
index ab83ea4..97e1cd6 100644
--- a/src/openvpn/forward-inline.h
+++ b/src/openvpn/forward-inline.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef FORWARD_INLINE_H
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 371ddca..2f3f3c5 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
diff --git a/src/openvpn/forward.h b/src/openvpn/forward.h
index 9fde5a3..ae86e7a 100644
--- a/src/openvpn/forward.h
+++ b/src/openvpn/forward.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
diff --git a/src/openvpn/fragment.c b/src/openvpn/fragment.c
index 38de62f..6fbfe08 100644
--- a/src/openvpn/fragment.c
+++ b/src/openvpn/fragment.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
@@ -43,9 +44,7 @@ fragment_list_buf_init(struct fragment_list *list, const struct frame *frame)
{
int i;
for (i = 0; i < N_FRAG_BUF; ++i)
- {
list->fragments[i].buf = alloc_buf(BUF_SIZE(frame));
- }
}
static void
@@ -53,9 +52,7 @@ fragment_list_buf_free(struct fragment_list *list)
{
int i;
for (i = 0; i < N_FRAG_BUF; ++i)
- {
free_buf(&list->fragments[i].buf);
- }
}
/*
@@ -70,9 +67,7 @@ fragment_list_get_buf(struct fragment_list *list, int seq_id)
{
int i;
for (i = 0; i < N_FRAG_BUF; ++i)
- {
list->fragments[i].defined = false;
- }
list->index = 0;
list->seq_id = seq_id;
diff = 0;
@@ -438,7 +433,6 @@ fragment_wakeup(struct fragment_master *f, struct frame *frame)
#else /* ifdef ENABLE_FRAGMENT */
static void
-dummy(void)
-{
+dummy(void) {
}
#endif /* ifdef ENABLE_FRAGMENT */
diff --git a/src/openvpn/fragment.h b/src/openvpn/fragment.h
index 90ba8f7..a24b524 100644
--- a/src/openvpn/fragment.h
+++ b/src/openvpn/fragment.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef FRAGMENT_H
diff --git a/src/openvpn/gremlin.c b/src/openvpn/gremlin.c
index e85ce9c..5bff5e8 100644
--- a/src/openvpn/gremlin.c
+++ b/src/openvpn/gremlin.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
@@ -94,8 +95,7 @@ get_packet_flood_parms(int level)
* Return true with probability 1/n
*/
static bool
-flip(int n)
-{
+flip(int n) {
return (get_random() % n) == 0;
}
@@ -104,8 +104,7 @@ flip(int n)
* low and high.
*/
static int
-roll(int low, int high)
-{
+roll(int low, int high) {
int ret;
ASSERT(low <= high);
ret = low + (get_random() % (high - low + 1));
@@ -182,8 +181,7 @@ ask_gremlin(int flags)
* Possibly corrupt a packet.
*/
void
-corrupt_gremlin(struct buffer *buf, int flags)
-{
+corrupt_gremlin(struct buffer *buf, int flags) {
const int corrupt_level = GREMLIN_CORRUPT_LEVEL(flags);
if (corrupt_level)
{
@@ -196,8 +194,7 @@ corrupt_gremlin(struct buffer *buf, int flags)
uint8_t r = roll(0, 255);
int method = roll(0, 5);
- switch (method)
- {
+ switch (method) {
case 0: /* corrupt the first byte */
*BPTR(buf) = r;
break;
@@ -235,7 +232,6 @@ corrupt_gremlin(struct buffer *buf, int flags)
#else /* ifdef ENABLE_DEBUG */
static void
-dummy(void)
-{
+dummy(void) {
}
#endif /* ifdef ENABLE_DEBUG */
diff --git a/src/openvpn/gremlin.h b/src/openvpn/gremlin.h
index 8b23b34..8f41864 100644
--- a/src/openvpn/gremlin.h
+++ b/src/openvpn/gremlin.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef GREMLIN_H
diff --git a/src/openvpn/helper.c b/src/openvpn/helper.c
index 17d1528..adcc4f8 100644
--- a/src/openvpn/helper.c
+++ b/src/openvpn/helper.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
diff --git a/src/openvpn/helper.h b/src/openvpn/helper.h
index c5b438b..593d1ed 100644
--- a/src/openvpn/helper.h
+++ b/src/openvpn/helper.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
diff --git a/src/openvpn/httpdigest.c b/src/openvpn/httpdigest.c
index c553f93..01301c0 100644
--- a/src/openvpn/httpdigest.c
+++ b/src/openvpn/httpdigest.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
@@ -43,8 +44,7 @@ CvtHex(
unsigned short i;
unsigned char j;
- for (i = 0; i < HASHLEN; i++)
- {
+ for (i = 0; i < HASHLEN; i++) {
j = (Bin[i] >> 4) & 0xf;
if (j <= 9)
{
@@ -80,28 +80,27 @@ DigestCalcHA1(
)
{
HASH HA1;
- md_ctx_t *md5_ctx = md_ctx_new();
+ md_ctx_t md5_ctx;
const md_kt_t *md5_kt = md_kt_get("MD5");
- md_ctx_init(md5_ctx, md5_kt);
- md_ctx_update(md5_ctx, (const uint8_t *) pszUserName, strlen(pszUserName));
- md_ctx_update(md5_ctx, (const uint8_t *) ":", 1);
- md_ctx_update(md5_ctx, (const uint8_t *) pszRealm, strlen(pszRealm));
- md_ctx_update(md5_ctx, (const uint8_t *) ":", 1);
- md_ctx_update(md5_ctx, (const uint8_t *) pszPassword, strlen(pszPassword));
- md_ctx_final(md5_ctx, HA1);
+ md_ctx_init(&md5_ctx, md5_kt);
+ md_ctx_update(&md5_ctx, (const uint8_t *) pszUserName, strlen(pszUserName));
+ md_ctx_update(&md5_ctx, (const uint8_t *) ":", 1);
+ md_ctx_update(&md5_ctx, (const uint8_t *) pszRealm, strlen(pszRealm));
+ md_ctx_update(&md5_ctx, (const uint8_t *) ":", 1);
+ md_ctx_update(&md5_ctx, (const uint8_t *) pszPassword, strlen(pszPassword));
+ md_ctx_final(&md5_ctx, HA1);
if (pszAlg && strcasecmp(pszAlg, "md5-sess") == 0)
{
- md_ctx_init(md5_ctx, md5_kt);
- md_ctx_update(md5_ctx, HA1, HASHLEN);
- md_ctx_update(md5_ctx, (const uint8_t *) ":", 1);
- md_ctx_update(md5_ctx, (const uint8_t *) pszNonce, strlen(pszNonce));
- md_ctx_update(md5_ctx, (const uint8_t *) ":", 1);
- md_ctx_update(md5_ctx, (const uint8_t *) pszCNonce, strlen(pszCNonce));
- md_ctx_final(md5_ctx, HA1);
+ md_ctx_init(&md5_ctx, md5_kt);
+ md_ctx_update(&md5_ctx, HA1, HASHLEN);
+ md_ctx_update(&md5_ctx, (const uint8_t *) ":", 1);
+ md_ctx_update(&md5_ctx, (const uint8_t *) pszNonce, strlen(pszNonce));
+ md_ctx_update(&md5_ctx, (const uint8_t *) ":", 1);
+ md_ctx_update(&md5_ctx, (const uint8_t *) pszCNonce, strlen(pszCNonce));
+ md_ctx_final(&md5_ctx, HA1);
}
- md_ctx_cleanup(md5_ctx);
- md_ctx_free(md5_ctx);
+ md_ctx_cleanup(&md5_ctx);
CvtHex(HA1, SessionKey);
}
@@ -123,41 +122,40 @@ DigestCalcResponse(
HASH RespHash;
HASHHEX HA2Hex;
- md_ctx_t *md5_ctx = md_ctx_new();
+ md_ctx_t md5_ctx;
const md_kt_t *md5_kt = md_kt_get("MD5");
/* calculate H(A2) */
- md_ctx_init(md5_ctx, md5_kt);
- md_ctx_update(md5_ctx, (const uint8_t *) pszMethod, strlen(pszMethod));
- md_ctx_update(md5_ctx, (const uint8_t *) ":", 1);
- md_ctx_update(md5_ctx, (const uint8_t *) pszDigestUri, strlen(pszDigestUri));
+ md_ctx_init(&md5_ctx, md5_kt);
+ md_ctx_update(&md5_ctx, (const uint8_t *) pszMethod, strlen(pszMethod));
+ md_ctx_update(&md5_ctx, (const uint8_t *) ":", 1);
+ md_ctx_update(&md5_ctx, (const uint8_t *) pszDigestUri, strlen(pszDigestUri));
if (strcasecmp(pszQop, "auth-int") == 0)
{
- md_ctx_update(md5_ctx, (const uint8_t *) ":", 1);
- md_ctx_update(md5_ctx, HEntity, HASHHEXLEN);
+ md_ctx_update(&md5_ctx, (const uint8_t *) ":", 1);
+ md_ctx_update(&md5_ctx, HEntity, HASHHEXLEN);
}
- md_ctx_final(md5_ctx, HA2);
+ md_ctx_final(&md5_ctx, HA2);
CvtHex(HA2, HA2Hex);
/* calculate response */
- md_ctx_init(md5_ctx, md5_kt);
- md_ctx_update(md5_ctx, HA1, HASHHEXLEN);
- md_ctx_update(md5_ctx, (const uint8_t *) ":", 1);
- md_ctx_update(md5_ctx, (const uint8_t *) pszNonce, strlen(pszNonce));
- md_ctx_update(md5_ctx, (const uint8_t *) ":", 1);
+ md_ctx_init(&md5_ctx, md5_kt);
+ md_ctx_update(&md5_ctx, HA1, HASHHEXLEN);
+ md_ctx_update(&md5_ctx, (const uint8_t *) ":", 1);
+ md_ctx_update(&md5_ctx, (const uint8_t *) pszNonce, strlen(pszNonce));
+ md_ctx_update(&md5_ctx, (const uint8_t *) ":", 1);
if (*pszQop)
{
- md_ctx_update(md5_ctx, (const uint8_t *) pszNonceCount, strlen(pszNonceCount));
- md_ctx_update(md5_ctx, (const uint8_t *) ":", 1);
- md_ctx_update(md5_ctx, (const uint8_t *) pszCNonce, strlen(pszCNonce));
- md_ctx_update(md5_ctx, (const uint8_t *) ":", 1);
- md_ctx_update(md5_ctx, (const uint8_t *) pszQop, strlen(pszQop));
- md_ctx_update(md5_ctx, (const uint8_t *) ":", 1);
+ md_ctx_update(&md5_ctx, (const uint8_t *) pszNonceCount, strlen(pszNonceCount));
+ md_ctx_update(&md5_ctx, (const uint8_t *) ":", 1);
+ md_ctx_update(&md5_ctx, (const uint8_t *) pszCNonce, strlen(pszCNonce));
+ md_ctx_update(&md5_ctx, (const uint8_t *) ":", 1);
+ md_ctx_update(&md5_ctx, (const uint8_t *) pszQop, strlen(pszQop));
+ md_ctx_update(&md5_ctx, (const uint8_t *) ":", 1);
}
- md_ctx_update(md5_ctx, HA2Hex, HASHHEXLEN);
- md_ctx_final(md5_ctx, RespHash);
- md_ctx_cleanup(md5_ctx);
- md_ctx_free(md5_ctx);
+ md_ctx_update(&md5_ctx, HA2Hex, HASHHEXLEN);
+ md_ctx_final(&md5_ctx, RespHash);
+ md_ctx_cleanup(&md5_ctx);
CvtHex(RespHash, Response);
}
diff --git a/src/openvpn/httpdigest.h b/src/openvpn/httpdigest.h
index aae7b8c..b074fb2 100644
--- a/src/openvpn/httpdigest.h
+++ b/src/openvpn/httpdigest.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#if PROXY_DIGEST_AUTH
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 0652ef4..cf4a64c 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
@@ -251,42 +252,31 @@ ce_management_query_remote(struct context *c)
{
struct gc_arena gc = gc_new();
volatile struct connection_entry *ce = &c->options.ce;
- int ce_changed = true; /* presume the connection entry will be changed */
-
+ int ret = true;
update_time();
if (management)
{
struct buffer out = alloc_buf_gc(256, &gc);
-
- buf_printf(&out, ">REMOTE:%s,%s,%s", np(ce->remote), ce->remote_port,
- proto2ascii(ce->proto, ce->af, false));
+ buf_printf(&out, ">REMOTE:%s,%s,%s", np(ce->remote), ce->remote_port, proto2ascii(ce->proto, ce->af, false));
management_notify_generic(management, BSTR(&out));
-
- ce->flags &= ~(CE_MAN_QUERY_REMOTE_MASK << CE_MAN_QUERY_REMOTE_SHIFT);
- ce->flags |= (CE_MAN_QUERY_REMOTE_QUERY << CE_MAN_QUERY_REMOTE_SHIFT);
- while (((ce->flags >> CE_MAN_QUERY_REMOTE_SHIFT)
- & CE_MAN_QUERY_REMOTE_MASK) == CE_MAN_QUERY_REMOTE_QUERY)
+ ce->flags &= ~(CE_MAN_QUERY_REMOTE_MASK<<CE_MAN_QUERY_REMOTE_SHIFT);
+ ce->flags |= (CE_MAN_QUERY_REMOTE_QUERY<<CE_MAN_QUERY_REMOTE_SHIFT);
+ while (((ce->flags>>CE_MAN_QUERY_REMOTE_SHIFT) & CE_MAN_QUERY_REMOTE_MASK) == CE_MAN_QUERY_REMOTE_QUERY)
{
management_event_loop_n_seconds(management, 1);
if (IS_SIG(c))
{
- ce_changed = false; /* connection entry have not been set */
+ ret = false;
break;
}
}
}
- gc_free(&gc);
-
- if (ce_changed)
{
- /* If it is likely a connection entry was modified,
- * check what changed in the flags and that it was not skipped
- */
- const int flags = ((ce->flags >> CE_MAN_QUERY_REMOTE_SHIFT)
- & CE_MAN_QUERY_REMOTE_MASK);
- ce_changed = (flags != CE_MAN_QUERY_REMOTE_SKIP);
+ const int flags = ((ce->flags>>CE_MAN_QUERY_REMOTE_SHIFT) & CE_MAN_QUERY_REMOTE_MASK);
+ ret = (flags != CE_MAN_QUERY_REMOTE_SKIP);
}
- return ce_changed;
+ gc_free(&gc);
+ return ret;
}
#endif /* ENABLE_MANAGEMENT */
@@ -341,8 +331,7 @@ next_connection_entry(struct context *c)
struct connection_entry *ce;
int n_cycles = 0;
- do
- {
+ do {
ce_defined = true;
if (c->options.no_advance && l->current >= 0)
{
@@ -414,7 +403,11 @@ next_connection_entry(struct context *c)
break;
}
}
- else if (ce_defined && management && management_query_proxy_enabled(management))
+ else
+#endif
+
+#ifdef ENABLE_MANAGEMENT
+ if (ce_defined && management && management_query_proxy_enabled(management))
{
ce_defined = ce_management_query_proxy(c);
if (IS_SIG(c))
@@ -540,10 +533,8 @@ context_init_1(struct context *c)
int i;
pkcs11_initialize(true, c->options.pkcs11_pin_cache_period);
for (i = 0; i<MAX_PARMS && c->options.pkcs11_providers[i] != NULL; i++)
- {
pkcs11_addProvider(c->options.pkcs11_providers[i], c->options.pkcs11_protected_authentication[i],
c->options.pkcs11_private_mode[i], c->options.pkcs11_cert_private[i]);
- }
}
#endif
@@ -561,15 +552,6 @@ context_init_1(struct context *c)
}
#endif
-#ifdef ENABLE_SYSTEMD
- /* We can report the PID via getpid() to systemd here as OpenVPN will not
- * do any fork due to daemon() a future call.
- * See possibly_become_daemon() [init.c] for more details.
- */
- sd_notifyf(0, "READY=1\nSTATUS=Pre-connection initialization successful\nMAINPID=%lu",
- (unsigned long) getpid());
-#endif
-
}
void
@@ -632,9 +614,7 @@ init_static(void)
{
int i;
for (i = 0; i < argc; ++i)
- {
msg(M_INFO, "argv[%d] = '%s'", i, argv[i]);
- }
}
#endif
@@ -780,9 +760,7 @@ init_static(void)
{
int i;
for (i = 0; i < SIZE(text); ++i)
- {
buffer_list_push(bl, (unsigned char *)text[i]);
- }
}
printf("[cap=%d i=%d] *************************\n", listcap, iter);
if (!(iter & 8))
@@ -805,9 +783,7 @@ init_static(void)
int c;
printf("'");
while ((c = buf_read_u8(buf)) >= 0)
- {
putchar(c);
- }
printf("'\n");
buffer_list_advance(bl, 0);
}
@@ -1050,6 +1026,24 @@ do_uid_gid_chroot(struct context *c, bool no_delay)
{
if (no_delay)
{
+#ifdef ENABLE_SYSTEMD
+ /* If OpenVPN is started by systemd, the OpenVPN process needs
+ * to provide a preliminary status report to systemd. This is
+ * needed as $NOTIFY_SOCKET will not be available inside the
+ * chroot, which sd_notify()/sd_notifyf() depends on.
+ *
+ * This approach is the simplest and the most non-intrusive
+ * solution right before the 2.4_rc2 release.
+ *
+ * TODO: Consider altnernative solutions - bind mount?
+ * systemd does not grok OpenVPN configuration files, thus cannot
+ * have a sane way to know if OpenVPN will chroot or not and to
+ * which subdirectory it will chroot into.
+ */
+ sd_notifyf(0, "READY=1\n"
+ "STATUS=Entering chroot, most of the init completed successfully\n"
+ "MAINPID=%lu", (unsigned long) getpid());
+#endif
platform_chroot(c->options.chroot_dir);
}
else if (c->first_time)
@@ -1382,21 +1376,6 @@ initialization_sequence_completed(struct context *c, const unsigned int flags)
/* If we delayed UID/GID downgrade or chroot, do it now */
do_uid_gid_chroot(c, true);
-
-#ifdef ENABLE_CRYPTO
- /*
- * In some cases (i.e. when receiving auth-token via
- * push-reply) the auth-nocache option configured on the
- * client is overridden; for this reason we have to wait
- * for the push-reply message before attempting to wipe
- * the user/pass entered by the user
- */
- if (c->options.mode == MODE_POINT_TO_POINT)
- {
- delayed_auth_pass_purge();
- }
-#endif /* ENABLE_CRYPTO */
-
/* Test if errors */
if (flags & ISC_ERRORS)
{
@@ -1414,7 +1393,7 @@ initialization_sequence_completed(struct context *c, const unsigned int flags)
else
{
#ifdef ENABLE_SYSTEMD
- sd_notifyf(0, "STATUS=%s", message);
+ sd_notifyf(0, "READY=1\nSTATUS=%s\nMAINPID=%lu", message, (unsigned long) getpid());
#endif
msg(M_INFO, "%s", message);
}
@@ -1851,7 +1830,7 @@ do_close_tun(struct context *c, bool force)
#if defined(_WIN32)
if (c->options.block_outside_dns)
{
- if (!win_wfp_uninit(adapter_index, c->options.msg_channel))
+ if (!win_wfp_uninit(c->options.msg_channel))
{
msg(M_FATAL, "Uninitialising WFP failed!");
}
@@ -1891,7 +1870,7 @@ do_close_tun(struct context *c, bool force)
#if defined(_WIN32)
if (c->options.block_outside_dns)
{
- if (!win_wfp_uninit(adapter_index, c->options.msg_channel))
+ if (!win_wfp_uninit(c->options.msg_channel))
{
msg(M_FATAL, "Uninitialising WFP failed!");
}
@@ -1924,12 +1903,12 @@ tun_abort()
* equal, or either one is all-zeroes.
*/
static bool
-options_hash_changed_or_zero(const struct sha256_digest *a,
- const struct sha256_digest *b)
+options_hash_changed_or_zero(const struct md5_digest *a,
+ const struct md5_digest *b)
{
- const struct sha256_digest zero = {{0}};
- return memcmp(a, b, sizeof(struct sha256_digest))
- || !memcmp(a, &zero, sizeof(struct sha256_digest));
+ const struct md5_digest zero = {{0}};
+ return memcmp(a, b, sizeof(struct md5_digest))
+ || !memcmp(a, &zero, sizeof(struct md5_digest));
}
#endif /* P2MP */
@@ -1940,7 +1919,7 @@ do_up(struct context *c, bool pulled_options, unsigned int option_types_found)
{
reset_coarse_timers(c);
- if (pulled_options)
+ if (pulled_options && option_types_found)
{
if (!do_deferred_options(c, option_types_found))
{
@@ -2646,7 +2625,6 @@ do_init_crypto_tls(struct context *c, const unsigned int flags)
memmove(to.remote_cert_ku, options->remote_cert_ku, sizeof(to.remote_cert_ku));
to.remote_cert_eku = options->remote_cert_eku;
to.verify_hash = options->verify_hash;
- to.verify_hash_algo = options->verify_hash_algo;
#ifdef ENABLE_X509ALTUSERNAME
to.x509_username_field = (char *) options->x509_username_field;
#else
@@ -2774,10 +2752,7 @@ do_init_crypto_none(const struct context *c)
{
ASSERT(!c->options.test_crypto);
msg(M_WARN,
- "******* WARNING *******: All encryption and authentication features "
- "disabled -- All data will be tunnelled as clear text and will not be "
- "protected against man-in-the-middle changes. "
- "PLEASE DO RECONSIDER THIS CONFIGURATION!");
+ "******* WARNING *******: all encryption and authentication features disabled -- all data will be tunnelled as cleartext");
}
#endif /* ifdef ENABLE_CRYPTO */
@@ -3022,10 +2997,6 @@ do_option_warnings(struct context *c)
{
msg(M_WARN, "WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.");
}
- if (o->ns_cert_type)
- {
- msg(M_WARN, "WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.");
- }
#endif /* ifdef ENABLE_CRYPTO */
/* If a script is used, print appropiate warnings */
diff --git a/src/openvpn/init.h b/src/openvpn/init.h
index 15feb67..3b97d84 100644
--- a/src/openvpn/init.h
+++ b/src/openvpn/init.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef INIT_H
diff --git a/src/openvpn/integer.h b/src/openvpn/integer.h
index 240781b..bae8f16 100644
--- a/src/openvpn/integer.h
+++ b/src/openvpn/integer.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef INTEGER_H
diff --git a/src/openvpn/interval.c b/src/openvpn/interval.c
index 1634386..99e72a0 100644
--- a/src/openvpn/interval.c
+++ b/src/openvpn/interval.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
diff --git a/src/openvpn/interval.h b/src/openvpn/interval.h
index 8095c0b..5ed64a9 100644
--- a/src/openvpn/interval.h
+++ b/src/openvpn/interval.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
@@ -105,8 +106,7 @@ interval_schedule_wakeup(struct interval *top, interval_t *wakeup)
* In wakeup seconds, interval_test will return true once.
*/
static inline void
-interval_future_trigger(struct interval *top, interval_t wakeup)
-{
+interval_future_trigger(struct interval *top, interval_t wakeup) {
if (wakeup)
{
#if INTERVAL_DEBUG
diff --git a/src/openvpn/list.c b/src/openvpn/list.c
index edca6f7..fb9f664 100644
--- a/src/openvpn/list.c
+++ b/src/openvpn/list.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
@@ -475,8 +476,7 @@ list_test(void)
int inc = 0;
int count = 0;
- for (base = 0; base < hash_n_buckets(hash); base += inc)
- {
+ for (base = 0; base < hash_n_buckets(hash); base += inc) {
struct hash_iterator hi;
struct hash_element *he;
inc = (get_random() % 3) + 1;
@@ -670,7 +670,6 @@ hash_func(const uint8_t *k, uint32_t length, uint32_t initval)
#else /* if P2MP_SERVER */
static void
-dummy(void)
-{
+dummy(void) {
}
#endif /* P2MP_SERVER */
diff --git a/src/openvpn/list.h b/src/openvpn/list.h
index c808efa..6270f88 100644
--- a/src/openvpn/list.h
+++ b/src/openvpn/list.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef LIST_H
diff --git a/src/openvpn/lladdr.c b/src/openvpn/lladdr.c
index ff71e48..dce05ad 100644
--- a/src/openvpn/lladdr.c
+++ b/src/openvpn/lladdr.c
@@ -50,7 +50,7 @@ set_lladdr(const char *ifname, const char *lladdr,
"%s %s lladdr %s",
IFCONFIG_PATH,
ifname, lladdr);
-#elif defined(TARGET_FREEBSD)
+#elif defined(TARGET_FREEBSD) || defined(__FreeBSD_kernel__)
argv_printf(&argv,
"%s %s ether %s",
IFCONFIG_PATH,
diff --git a/src/openvpn/lzo.c b/src/openvpn/lzo.c
index f754865..3d6891e 100644
--- a/src/openvpn/lzo.c
+++ b/src/openvpn/lzo.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
@@ -266,7 +267,6 @@ const struct compress_alg lzo_alg = {
#else /* if defined(ENABLE_LZO) */
static void
-dummy(void)
-{
+dummy(void) {
}
#endif /* ENABLE_LZO */
diff --git a/src/openvpn/lzo.h b/src/openvpn/lzo.h
index deaeb8d..85937b2 100644
--- a/src/openvpn/lzo.h
+++ b/src/openvpn/lzo.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef OPENVPN_LZO_H
diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
index c2e8dc7..763f6c6 100644
--- a/src/openvpn/manage.c
+++ b/src/openvpn/manage.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
@@ -1983,9 +1984,7 @@ man_process_command(struct management *man, const char *line)
{
int i;
for (i = 0; i < nparms; ++i)
- {
msg(M_INFO, "[%d] '%s'", i, parms[i]);
- }
}
#endif
@@ -3089,8 +3088,7 @@ management_io(struct management *man)
if (net_events & FD_READ)
{
while (man_read(man) > 0)
- {
- }
+ ;
net_event_win32_clear_selected_events(&man->connection.ne32, FD_READ);
}
@@ -3313,8 +3311,7 @@ man_wait_for_client_connection(struct management *man,
{
msg(D_MANAGEMENT, "Need information from management interface, waiting...");
}
- do
- {
+ do {
man_standalone_event_loop(man, signal_received, expire);
if (signal_received && *signal_received)
{
@@ -3932,9 +3929,7 @@ log_history_free_contents(struct log_history *h)
{
int i;
for (i = 0; i < h->size; ++i)
- {
log_entry_free_contents(&h->array[log_index(h, i)]);
- }
free(h->array);
}
@@ -3978,9 +3973,7 @@ log_history_resize(struct log_history *h, const int capacity)
log_history_obj_init(&newlog, capacity);
for (i = 0; i < h->size; ++i)
- {
log_history_add(&newlog, &h->array[log_index(h, i)]);
- }
log_history_free_contents(h);
*h = newlog;
@@ -4002,7 +3995,6 @@ log_history_ref(const struct log_history *h, const int index)
#else /* ifdef ENABLE_MANAGEMENT */
static void
-dummy(void)
-{
+dummy(void) {
}
#endif /* ENABLE_MANAGEMENT */
diff --git a/src/openvpn/manage.h b/src/openvpn/manage.h
index 542cc07..6e5cb9b 100644
--- a/src/openvpn/manage.h
+++ b/src/openvpn/manage.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef MANAGE_H
diff --git a/src/openvpn/mbuf.c b/src/openvpn/mbuf.c
index fafbce0..7a23e59 100644
--- a/src/openvpn/mbuf.c
+++ b/src/openvpn/mbuf.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
@@ -173,7 +174,6 @@ mbuf_dereference_instance(struct mbuf_set *ms, struct multi_instance *mi)
#else /* if P2MP */
static void
-dummy(void)
-{
+dummy(void) {
}
#endif /* P2MP */
diff --git a/src/openvpn/mbuf.h b/src/openvpn/mbuf.h
index e0643de..cfaef58 100644
--- a/src/openvpn/mbuf.h
+++ b/src/openvpn/mbuf.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef MBUF_H
diff --git a/src/openvpn/memdbg.h b/src/openvpn/memdbg.h
index 0ba695f..ee30b15 100644
--- a/src/openvpn/memdbg.h
+++ b/src/openvpn/memdbg.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef MEMDBG_H
diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
index fbd9938..87f03be 100644
--- a/src/openvpn/misc.c
+++ b/src/openvpn/misc.c
@@ -18,9 +18,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
@@ -649,8 +650,7 @@ const char *
env_set_get(const struct env_set *es, const char *name)
{
const struct env_item *item = es->list;
- while (item && !env_string_equal(item->string, name))
- {
+ while (item && !env_string_equal(item->string, name)) {
item = item->next;
}
return item ? item->string : NULL;
@@ -700,6 +700,57 @@ env_set_inherit(struct env_set *es, const struct env_set *src)
}
}
+void
+env_set_add_to_environment(const struct env_set *es)
+{
+ if (es)
+ {
+ struct gc_arena gc = gc_new();
+ const struct env_item *e;
+
+ e = es->list;
+
+ while (e)
+ {
+ const char *name;
+ const char *value;
+
+ if (deconstruct_name_value(e->string, &name, &value, &gc))
+ {
+ setenv_str(NULL, name, value);
+ }
+
+ e = e->next;
+ }
+ gc_free(&gc);
+ }
+}
+
+void
+env_set_remove_from_environment(const struct env_set *es)
+{
+ if (es)
+ {
+ struct gc_arena gc = gc_new();
+ const struct env_item *e;
+
+ e = es->list;
+
+ while (e)
+ {
+ const char *name;
+ const char *value;
+
+ if (deconstruct_name_value(e->string, &name, &value, &gc))
+ {
+ setenv_del(NULL, name);
+ }
+
+ e = e->next;
+ }
+ gc_free(&gc);
+ }
+}
/* add/modify/delete environmental strings */
@@ -1387,7 +1438,7 @@ get_user_pass_auto_userid(struct user_pass *up, const char *tag)
static const uint8_t hashprefix[] = "AUTO_USERID_DIGEST";
const md_kt_t *md5_kt = md_kt_get("MD5");
- md_ctx_t *ctx;
+ md_ctx_t ctx;
CLEAR(*up);
buf_set_write(&buf, (uint8_t *)up->username, USER_PASS_LEN);
@@ -1395,13 +1446,11 @@ get_user_pass_auto_userid(struct user_pass *up, const char *tag)
if (get_default_gateway_mac_addr(macaddr))
{
dmsg(D_AUTO_USERID, "GUPAU: macaddr=%s", format_hex_ex(macaddr, sizeof(macaddr), 0, 1, ":", &gc));
- ctx = md_ctx_new();
- md_ctx_init(ctx, md5_kt);
- md_ctx_update(ctx, hashprefix, sizeof(hashprefix) - 1);
- md_ctx_update(ctx, macaddr, sizeof(macaddr));
- md_ctx_final(ctx, digest);
- md_ctx_cleanup(ctx);
- md_ctx_free(ctx);
+ md_ctx_init(&ctx, md5_kt);
+ md_ctx_update(&ctx, hashprefix, sizeof(hashprefix) - 1);
+ md_ctx_update(&ctx, macaddr, sizeof(macaddr));
+ md_ctx_final(&ctx, digest);
+ md_ctx_cleanup(&ctx)
buf_printf(&buf, "%s", format_hex_ex(digest, sizeof(digest), 0, 256, " ", &gc));
}
else
@@ -1430,11 +1479,7 @@ purge_user_pass(struct user_pass *up, const bool force)
secure_memzero(up, sizeof(*up));
up->nocache = nocache;
}
- /*
- * don't show warning if the pass has been replaced by a token: this is an
- * artificial "auth-nocache"
- */
- else if (!warn_shown && (!up->tokenized))
+ else if (!warn_shown)
{
msg(M_WARN, "WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this");
warn_shown = true;
@@ -1448,7 +1493,6 @@ set_auth_token(struct user_pass *up, const char *token)
{
CLEAR(up->password);
strncpynt(up->password, token, USER_PASS_LEN);
- up->tokenized = true;
}
}
@@ -1503,9 +1547,7 @@ make_env_array(const struct env_set *es,
if (es)
{
for (e = es->list; e != NULL; e = e->next)
- {
++n;
- }
}
/* alloc return array */
@@ -1567,9 +1609,7 @@ make_inline_array(const char *str, struct gc_arena *gc)
buf_set_read(&buf, (const uint8_t *) str, strlen(str));
while (buf_parse(&buf, '\n', line, sizeof(line)))
- {
++len;
- }
/* alloc return array */
ALLOC_ARRAY_CLEAR_GC(ret, char *, len + 1, gc);
@@ -1599,9 +1639,7 @@ make_arg_copy(char **p, struct gc_arena *gc)
ALLOC_ARRAY_CLEAR_GC(ret, char *, max_parms, gc);
for (i = 0; i < len; ++i)
- {
ret[i] = p[i];
- }
return (const char **)ret;
}
diff --git a/src/openvpn/misc.h b/src/openvpn/misc.h
index ce96549..16be621 100644
--- a/src/openvpn/misc.h
+++ b/src/openvpn/misc.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef MISC_H
@@ -160,6 +161,10 @@ void env_set_print(int msglevel, const struct env_set *es);
void env_set_inherit(struct env_set *es, const struct env_set *src);
+void env_set_add_to_environment(const struct env_set *es);
+
+void env_set_remove_from_environment(const struct env_set *es);
+
/* Make arrays of strings */
const char **make_env_array(const struct env_set *es,
@@ -201,8 +206,6 @@ struct user_pass
{
bool defined;
bool nocache;
- bool tokenized; /* true if password has been substituted by a token */
- bool wait_for_push; /* true if this object is waiting for a push-reply */
/* max length of username/password */
#ifdef ENABLE_PKCS11
diff --git a/src/openvpn/mroute.c b/src/openvpn/mroute.c
index 7b46a6a..8b466b6 100644
--- a/src/openvpn/mroute.c
+++ b/src/openvpn/mroute.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
@@ -561,7 +562,6 @@ mroute_helper_free(struct mroute_helper *mh)
#else /* if P2MP_SERVER */
static void
-dummy(void)
-{
+dummy(void) {
}
#endif /* P2MP_SERVER */
diff --git a/src/openvpn/mroute.h b/src/openvpn/mroute.h
index e57a950..0698348 100644
--- a/src/openvpn/mroute.h
+++ b/src/openvpn/mroute.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef MROUTE_H
diff --git a/src/openvpn/mss.c b/src/openvpn/mss.c
index c36e004..5b110d2 100644
--- a/src/openvpn/mss.c
+++ b/src/openvpn/mss.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
@@ -119,12 +120,8 @@ mss_fixup_ipv6(struct buffer *buf, int maxmss)
return;
}
- /* skip IPv6 header (40 bytes),
- * verify remainder is large enough to contain a full TCP header
- */
newbuf = *buf;
- if (buf_advance( &newbuf, 40 )
- && BLEN(&newbuf) >= (int) sizeof(struct openvpn_tcphdr))
+ if (buf_advance( &newbuf, 40 ) )
{
struct openvpn_tcphdr *tc = (struct openvpn_tcphdr *) BPTR(&newbuf);
if (tc->flags & OPENVPN_TCPH_SYN_MASK)
@@ -148,10 +145,7 @@ mss_fixup_dowork(struct buffer *buf, uint16_t maxmss)
int accumulate;
struct openvpn_tcphdr *tc;
- if (BLEN(buf) < (int) sizeof(struct openvpn_tcphdr))
- {
- return;
- }
+ ASSERT(BLEN(buf) >= (int) sizeof(struct openvpn_tcphdr));
verify_align_4(buf);
tc = (struct openvpn_tcphdr *) BPTR(buf);
@@ -166,9 +160,8 @@ mss_fixup_dowork(struct buffer *buf, uint16_t maxmss)
for (olen = hlen - sizeof(struct openvpn_tcphdr),
opt = (uint8_t *)(tc + 1);
- olen > 1;
- olen -= optlen, opt += optlen)
- {
+ olen > 0;
+ olen -= optlen, opt += optlen) {
if (*opt == OPENVPN_TCPOPT_EOL)
{
break;
diff --git a/src/openvpn/mss.h b/src/openvpn/mss.h
index 0de2042..afe7a32 100644
--- a/src/openvpn/mss.h
+++ b/src/openvpn/mss.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef MSS_H
diff --git a/src/openvpn/mstats.c b/src/openvpn/mstats.c
index 9b09188..8ab1d02 100644
--- a/src/openvpn/mstats.c
+++ b/src/openvpn/mstats.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
diff --git a/src/openvpn/mstats.h b/src/openvpn/mstats.h
index 486035f..f87a858 100644
--- a/src/openvpn/mstats.h
+++ b/src/openvpn/mstats.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
diff --git a/src/openvpn/mtcp.c b/src/openvpn/mtcp.c
index cb940d8..b5471b1 100644
--- a/src/openvpn/mtcp.c
+++ b/src/openvpn/mtcp.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
@@ -586,8 +587,7 @@ multi_tcp_action(struct multi_context *m, struct multi_instance *mi, int action,
{
bool tun_input_pending = false;
- do
- {
+ do {
dmsg(D_MULTI_DEBUG, "MULTI TCP: multi_tcp_action a=%s p=%d",
pract(action),
poll);
diff --git a/src/openvpn/mtcp.h b/src/openvpn/mtcp.h
index 79dcb13..835b8fd 100644
--- a/src/openvpn/mtcp.h
+++ b/src/openvpn/mtcp.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
diff --git a/src/openvpn/mtu.c b/src/openvpn/mtu.c
index 44bef68..73eab21 100644
--- a/src/openvpn/mtu.c
+++ b/src/openvpn/mtu.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
diff --git a/src/openvpn/mtu.h b/src/openvpn/mtu.h
index d1e8c18..471e51e 100644
--- a/src/openvpn/mtu.h
+++ b/src/openvpn/mtu.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef MTU_H
diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c
index 793678d..64ce4d7 100644
--- a/src/openvpn/mudp.c
+++ b/src/openvpn/mudp.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
diff --git a/src/openvpn/mudp.h b/src/openvpn/mudp.h
index b9ceaf7..a98d64d 100644
--- a/src/openvpn/mudp.h
+++ b/src/openvpn/mudp.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index 8d3d67f..f6f3f5d 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
@@ -536,14 +537,10 @@ multi_del_iroutes(struct multi_context *m,
if (TUNNEL_TYPE(mi->context.c1.tuntap) == DEV_TYPE_TUN)
{
for (ir = mi->context.options.iroutes; ir != NULL; ir = ir->next)
- {
mroute_helper_del_iroute46(m->route_helper, ir->netbits);
- }
for (ir6 = mi->context.options.iroutes_ipv6; ir6 != NULL; ir6 = ir6->next)
- {
mroute_helper_del_iroute46(m->route_helper, ir6->netbits);
- }
}
}
@@ -822,8 +819,7 @@ multi_create_instance(struct multi_context *m, const struct mroute_addr *real)
mi->did_iter = true;
#ifdef MANAGEMENT_DEF_AUTH
- do
- {
+ do {
mi->context.c2.mda_context.cid = m->cid_counter++;
} while (!hash_add(m->cid_hash, &mi->context.c2.mda_context.cid, mi, false));
mi->did_cid_hash = true;
@@ -2953,14 +2949,10 @@ gremlin_flood_clients(struct multi_context *m)
parm.packet_size);
for (i = 0; i < parm.packet_size; ++i)
- {
ASSERT(buf_write_u8(&buf, get_random() & 0xFF));
- }
for (i = 0; i < parm.n_packets; ++i)
- {
multi_bcast(m, &buf, NULL, NULL);
- }
gc_free(&gc);
}
@@ -3383,7 +3375,6 @@ tunnel_server(struct context *top)
#else /* if P2MP_SERVER */
static void
-dummy(void)
-{
+dummy(void) {
}
#endif /* P2MP_SERVER */
diff --git a/src/openvpn/multi.h b/src/openvpn/multi.h
index 63afbaf..b4ffd69 100644
--- a/src/openvpn/multi.h
+++ b/src/openvpn/multi.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
diff --git a/src/openvpn/ntlm.c b/src/openvpn/ntlm.c
index 0b1163e..e78af9e 100644
--- a/src/openvpn/ntlm.c
+++ b/src/openvpn/ntlm.c
@@ -15,9 +15,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
@@ -85,13 +86,13 @@ static void
gen_hmac_md5(const char *data, int data_len, const char *key, int key_len,char *result)
{
const md_kt_t *md5_kt = md_kt_get("MD5");
- hmac_ctx_t *hmac_ctx = hmac_ctx_new();
+ hmac_ctx_t hmac_ctx;
+ CLEAR(hmac_ctx);
- hmac_ctx_init(hmac_ctx, key, key_len, md5_kt);
- hmac_ctx_update(hmac_ctx, (const unsigned char *)data, data_len);
- hmac_ctx_final(hmac_ctx, (unsigned char *)result);
- hmac_ctx_cleanup(hmac_ctx);
- hmac_ctx_free(hmac_ctx);
+ hmac_ctx_init(&hmac_ctx, key, key_len, md5_kt);
+ hmac_ctx_update(&hmac_ctx, (const unsigned char *)data, data_len);
+ hmac_ctx_final(&hmac_ctx, (unsigned char *)result);
+ hmac_ctx_cleanup(&hmac_ctx);
}
static void
@@ -123,22 +124,19 @@ gen_nonce(unsigned char *nonce)
/* Generates 8 random bytes to be used as client nonce */
int i;
- for (i = 0; i<8; i++)
- {
+ for (i = 0; i<8; i++) {
nonce[i] = (unsigned char)get_random();
}
}
-void
+unsigned char *
my_strupr(unsigned char *str)
{
/* converts string to uppercase in place */
+ unsigned char *tmp = str;
- while (*str)
- {
- *str = toupper(*str);
- str++;
- }
+ do *str = toupper(*str); while (*(++str));
+ return tmp;
}
static int
@@ -195,7 +193,7 @@ ntlm_phase_3(const struct http_proxy_info *p, const char *phase_2, struct gc_are
*/
char pwbuf[sizeof(p->up.password) * 2]; /* for unicode password */
- unsigned char buf2[128]; /* decoded reply from proxy */
+ char buf2[128]; /* decoded reply from proxy */
unsigned char phase3[464];
char md4_hash[MD4_DIGEST_LENGTH+5];
@@ -301,13 +299,7 @@ ntlm_phase_3(const struct http_proxy_info *p, const char *phase_2, struct gc_are
tib_len = 96;
}
{
- char *tib_ptr;
- int tib_pos = buf2[0x2c];
- if (tib_pos + tib_len > sizeof(buf2))
- {
- return NULL;
- }
- tib_ptr = buf2 + tib_pos; /* Get Target Information block pointer */
+ char *tib_ptr = buf2 + buf2[0x2c]; /* Get Target Information block pointer */
memcpy(&ntlmv2_blob[0x1c], tib_ptr, tib_len); /* Copy Target Information block into the blob */
}
}
@@ -381,7 +373,6 @@ ntlm_phase_3(const struct http_proxy_info *p, const char *phase_2, struct gc_are
#else /* if NTLM */
static void
-dummy(void)
-{
+dummy(void) {
}
#endif /* if NTLM */
diff --git a/src/openvpn/occ-inline.h b/src/openvpn/occ-inline.h
index 68e9098..84fe1ac 100644
--- a/src/openvpn/occ-inline.h
+++ b/src/openvpn/occ-inline.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef OCC_INLINE_H
diff --git a/src/openvpn/occ.c b/src/openvpn/occ.c
index 40f7e76..b4ccc4d 100644
--- a/src/openvpn/occ.c
+++ b/src/openvpn/occ.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
@@ -429,7 +430,6 @@ process_received_occ_msg(struct context *c)
#else /* ifdef ENABLE_OCC */
static void
-dummy(void)
-{
+dummy(void) {
}
#endif /* ifdef ENABLE_OCC */
diff --git a/src/openvpn/occ.h b/src/openvpn/occ.h
index 12d7bc5..843ceb2 100644
--- a/src/openvpn/occ.h
+++ b/src/openvpn/occ.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef OCC_H
diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h
deleted file mode 100644
index c765f0b..0000000
--- a/src/openvpn/openssl_compat.h
+++ /dev/null
@@ -1,657 +0,0 @@
-/*
- * OpenVPN -- An application to securely tunnel IP networks
- * over a single TCP/UDP port, with support for SSL/TLS-based
- * session authentication and key exchange,
- * packet encryption, packet authentication, and
- * packet compression.
- *
- * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
- * Copyright (C) 2010-2017 Fox Crypto B.V. <openvpn@fox-it.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-
-/**
- * @file OpenSSL compatibility stub
- *
- * This file provide compatibility stubs for the OpenSSL libraries
- * prior to version 1.1. This version introduces many changes in the
- * library interface, including the fact that various objects and
- * structures are not fully opaque.
- */
-
-#ifndef OPENSSL_COMPAT_H_
-#define OPENSSL_COMPAT_H_
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#elif defined(_MSC_VER)
-#include "config-msvc.h"
-#endif
-
-#include "buffer.h"
-
-#include <openssl/ssl.h>
-#include <openssl/x509.h>
-
-#if !defined(HAVE_EVP_MD_CTX_RESET)
-/**
- * Reset a message digest context
- *
- * @param ctx The message digest context
- * @return 1 on success, 0 on error
- */
-static inline int
-EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
-{
- EVP_MD_CTX_cleanup(ctx);
- return 1;
-}
-#endif
-
-#if !defined(HAVE_EVP_MD_CTX_FREE)
-/**
- * Free an existing message digest context
- *
- * @param ctx The message digest context
- */
-static inline void
-EVP_MD_CTX_free(EVP_MD_CTX *ctx)
-{
- free(ctx);
-}
-#endif
-
-#if !defined(HAVE_EVP_MD_CTX_NEW)
-/**
- * Allocate a new message digest object
- *
- * @return A zero'ed message digest object
- */
-static inline EVP_MD_CTX *
-EVP_MD_CTX_new(void)
-{
- EVP_MD_CTX *ctx = NULL;
- ALLOC_OBJ_CLEAR(ctx, EVP_MD_CTX);
- return ctx;
-}
-#endif
-
-#if !defined(HAVE_EVP_CIPHER_CTX_FREE)
-/**
- * Free an existing cipher context
- *
- * @param ctx The cipher context
- */
-static inline void
-EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *c)
-{
- free(c);
-}
-#endif
-
-#if !defined(HAVE_EVP_CIPHER_CTX_NEW)
-/**
- * Allocate a new cipher context object
- *
- * @return A zero'ed cipher context object
- */
-static inline EVP_CIPHER_CTX *
-EVP_CIPHER_CTX_new(void)
-{
- EVP_CIPHER_CTX *ctx = NULL;
- ALLOC_OBJ_CLEAR(ctx, EVP_CIPHER_CTX);
- return ctx;
-}
-#endif
-
-#if !defined(HAVE_HMAC_CTX_RESET)
-/**
- * Reset a HMAC context
- *
- * @param ctx The HMAC context
- * @return 1 on success, 0 on error
- */
-static inline int
-HMAC_CTX_reset(HMAC_CTX *ctx)
-{
- HMAC_CTX_cleanup(ctx);
- return 1;
-}
-#endif
-
-#if !defined(HAVE_HMAC_CTX_INIT)
-/**
- * Init a HMAC context
- *
- * @param ctx The HMAC context
- *
- * Contrary to many functions in this file, HMAC_CTX_init() is not
- * an OpenSSL 1.1 function: it comes from previous versions and was
- * removed in v1.1. As a consequence, there is no distincting in
- * v1.1 between a cleanup, and init and a reset. Yet, previous OpenSSL
- * version need this distinction.
- *
- * In order to respect previous OpenSSL versions, we implement init
- * as reset for OpenSSL 1.1+.
- */
-static inline void
-HMAC_CTX_init(HMAC_CTX *ctx)
-{
- HMAC_CTX_reset(ctx);
-}
-#endif
-
-#if !defined(HAVE_HMAC_CTX_FREE)
-/**
- * Free an existing HMAC context
- *
- * @param ctx The HMAC context
- */
-static inline void
-HMAC_CTX_free(HMAC_CTX *c)
-{
- free(c);
-}
-#endif
-
-#if !defined(HAVE_HMAC_CTX_NEW)
-/**
- * Allocate a new HMAC context object
- *
- * @return A zero'ed HMAC context object
- */
-static inline HMAC_CTX *
-HMAC_CTX_new(void)
-{
- HMAC_CTX *ctx = NULL;
- ALLOC_OBJ_CLEAR(ctx, HMAC_CTX);
- return ctx;
-}
-#endif
-
-#if !defined(HAVE_SSL_CTX_GET_DEFAULT_PASSWD_CB_USERDATA)
-/**
- * Fetch the default password callback user data from the SSL context
- *
- * @param ctx SSL context
- * @return The password callback user data
- */
-static inline void *
-SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
-{
- return ctx ? ctx->default_passwd_callback_userdata : NULL;
-}
-#endif
-
-#if !defined(HAVE_SSL_CTX_GET_DEFAULT_PASSWD_CB)
-/**
- * Fetch the default password callback from the SSL context
- *
- * @param ctx SSL context
- * @return The password callback
- */
-static inline pem_password_cb *
-SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
-{
- return ctx ? ctx->default_passwd_callback : NULL;
-}
-#endif
-
-#if !defined(HAVE_X509_GET0_PUBKEY)
-/**
- * Get the public key from a X509 certificate
- *
- * @param x X509 certificate
- * @return The certificate public key
- */
-static inline EVP_PKEY *
-X509_get0_pubkey(const X509 *x)
-{
- return (x && x->cert_info && x->cert_info->key) ?
- x->cert_info->key->pkey : NULL;
-}
-#endif
-
-#if !defined(HAVE_X509_STORE_GET0_OBJECTS)
-/**
- * Fetch the X509 object stack from the X509 store
- *
- * @param store X509 object store
- * @return the X509 object stack
- */
-static inline STACK_OF(X509_OBJECT) *
-X509_STORE_get0_objects(X509_STORE *store)
-{
- return store ? store->objs : NULL;
-}
-#endif
-
-#if !defined(HAVE_X509_OBJECT_FREE)
-/**
- * Destroy a X509 object
- *
- * @param obj X509 object
- */
-static inline void
-X509_OBJECT_free(X509_OBJECT *obj)
-{
- if (obj)
- {
- X509_OBJECT_free_contents(obj);
- OPENSSL_free(obj);
- }
-}
-#endif
-
-#if !defined(HAVE_X509_OBJECT_GET_TYPE)
-/**
- * Get the type of an X509 object
- *
- * @param obj X509 object
- * @return The underlying object type
- */
-static inline int
-X509_OBJECT_get_type(const X509_OBJECT *obj)
-{
- return obj ? obj->type : X509_LU_FAIL;
-}
-#endif
-
-#if !defined(HAVE_EVP_PKEY_GET0_RSA)
-/**
- * Get the RSA object of a public key
- *
- * @param pkey Public key object
- * @return The underlying RSA object
- */
-static inline RSA *
-EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
-{
- return pkey ? pkey->pkey.rsa : NULL;
-}
-#endif
-
-#if !defined(HAVE_EVP_PKEY_ID)
-/**
- * Get the PKEY type
- *
- * @param pkey Public key object
- * @return The key type
- */
-static inline int
-EVP_PKEY_id(const EVP_PKEY *pkey)
-{
- return pkey ? pkey->type : EVP_PKEY_NONE;
-}
-#endif
-
-#if !defined(HAVE_EVP_PKEY_GET0_DSA)
-/**
- * Get the DSA object of a public key
- *
- * @param pkey Public key object
- * @return The underlying DSA object
- */
-static inline DSA *
-EVP_PKEY_get0_DSA(EVP_PKEY *pkey)
-{
- return pkey ? pkey->pkey.dsa : NULL;
-}
-#endif
-
-#if !defined(HAVE_RSA_SET_FLAGS)
-/**
- * Set the RSA flags
- *
- * @param rsa The RSA object
- * @param flags New flags value
- */
-static inline void
-RSA_set_flags(RSA *rsa, int flags)
-{
- if (rsa)
- {
- rsa->flags = flags;
- }
-}
-#endif
-
-#if !defined(HAVE_RSA_GET0_KEY)
-/**
- * Get the RSA parameters
- *
- * @param rsa The RSA object
- * @param n The @c n parameter
- * @param e The @c e parameter
- * @param d The @c d parameter
- */
-static inline void
-RSA_get0_key(const RSA *rsa, const BIGNUM **n,
- const BIGNUM **e, const BIGNUM **d)
-{
- if (n != NULL)
- {
- *n = rsa ? rsa->n : NULL;
- }
- if (e != NULL)
- {
- *e = rsa ? rsa->e : NULL;
- }
- if (d != NULL)
- {
- *d = rsa ? rsa->d : NULL;
- }
-}
-#endif
-
-#if !defined(HAVE_RSA_SET0_KEY)
-/**
- * Set the RSA parameters
- *
- * @param rsa The RSA object
- * @param n The @c n parameter
- * @param e The @c e parameter
- * @param d The @c d parameter
- * @return 1 on success, 0 on error
- */
-static inline int
-RSA_set0_key(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d)
-{
- if ((rsa->n == NULL && n == NULL)
- || (rsa->e == NULL && e == NULL))
- {
- return 0;
- }
-
- if (n != NULL)
- {
- BN_free(rsa->n);
- rsa->n = n;
- }
- if (e != NULL)
- {
- BN_free(rsa->e);
- rsa->e = e;
- }
- if (d != NULL)
- {
- BN_free(rsa->d);
- rsa->d = d;
- }
-
- return 1;
-}
-#endif
-
-#if !defined(HAVE_RSA_BITS)
-/**
- * Number of significant RSA bits
- *
- * @param rsa The RSA object ; shall not be NULL
- * @return The number of RSA bits or 0 on error
- */
-static inline int
-RSA_bits(const RSA *rsa)
-{
- const BIGNUM *n = NULL;
- RSA_get0_key(rsa, &n, NULL, NULL);
- return n ? BN_num_bits(n) : 0;
-}
-#endif
-
-#if !defined(HAVE_DSA_GET0_PQG)
-/**
- * Get the DSA parameters
- *
- * @param dsa The DSA object
- * @param p The @c p parameter
- * @param q The @c q parameter
- * @param g The @c g parameter
- */
-static inline void
-DSA_get0_pqg(const DSA *dsa, const BIGNUM **p,
- const BIGNUM **q, const BIGNUM **g)
-{
- if (p != NULL)
- {
- *p = dsa ? dsa->p : NULL;
- }
- if (q != NULL)
- {
- *q = dsa ? dsa->q : NULL;
- }
- if (g != NULL)
- {
- *g = dsa ? dsa->g : NULL;
- }
-}
-#endif
-
-#if !defined(HAVE_DSA_BITS)
-/**
- * Number of significant DSA bits
- *
- * @param rsa The DSA object ; shall not be NULL
- * @return The number of DSA bits or 0 on error
- */
-static inline int
-DSA_bits(const DSA *dsa)
-{
- const BIGNUM *p = NULL;
- DSA_get0_pqg(dsa, &p, NULL, NULL);
- return p ? BN_num_bits(p) : 0;
-}
-#endif
-
-#if !defined(HAVE_RSA_METH_NEW)
-/**
- * Allocate a new RSA method object
- *
- * @param name The object name
- * @param flags Configuration flags
- * @return A new RSA method object
- */
-static inline RSA_METHOD *
-RSA_meth_new(const char *name, int flags)
-{
- RSA_METHOD *rsa_meth = NULL;
- ALLOC_OBJ_CLEAR(rsa_meth, RSA_METHOD);
- rsa_meth->name = string_alloc(name, NULL);
- rsa_meth->flags = flags;
- return rsa_meth;
-}
-#endif
-
-#if !defined(HAVE_RSA_METH_FREE)
-/**
- * Free an existing RSA_METHOD object
- *
- * @param meth The RSA_METHOD object
- */
-static inline void
-RSA_meth_free(RSA_METHOD *meth)
-{
- if (meth)
- {
- /* OpenSSL defines meth->name to be a const pointer, yet we
- * feed it with an allocated string (from RSA_meth_new()).
- * Thus we are allowed to free it here. In order to avoid a
- * "passing 'const char *' to parameter of type 'void *' discards
- * qualifiers" warning, we force the pointer to be a non-const value.
- */
- free((char *)meth->name);
- free(meth);
- }
-}
-#endif
-
-#if !defined(HAVE_RSA_METH_SET_PUB_ENC)
-/**
- * Set the public encoding function of an RSA_METHOD object
- *
- * @param meth The RSA_METHOD object
- * @param pub_enc the public encoding function
- * @return 1 on success, 0 on error
- */
-static inline int
-RSA_meth_set_pub_enc(RSA_METHOD *meth,
- int (*pub_enc) (int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,
- int padding))
-{
- if (meth)
- {
- meth->rsa_pub_enc = pub_enc;
- return 1;
- }
- return 0;
-}
-#endif
-
-#if !defined(HAVE_RSA_METH_SET_PUB_DEC)
-/**
- * Set the public decoding function of an RSA_METHOD object
- *
- * @param meth The RSA_METHOD object
- * @param pub_dec the public decoding function
- * @return 1 on success, 0 on error
- */
-static inline int
-RSA_meth_set_pub_dec(RSA_METHOD *meth,
- int (*pub_dec) (int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,
- int padding))
-{
- if (meth)
- {
- meth->rsa_pub_dec = pub_dec;
- return 1;
- }
- return 0;
-}
-#endif
-
-#if !defined(HAVE_RSA_METH_SET_PRIV_ENC)
-/**
- * Set the private encoding function of an RSA_METHOD object
- *
- * @param meth The RSA_METHOD object
- * @param priv_enc the private encoding function
- * @return 1 on success, 0 on error
- */
-static inline int
-RSA_meth_set_priv_enc(RSA_METHOD *meth,
- int (*priv_enc) (int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,
- int padding))
-{
- if (meth)
- {
- meth->rsa_priv_enc = priv_enc;
- return 1;
- }
- return 0;
-}
-#endif
-
-#if !defined(HAVE_RSA_METH_SET_PRIV_DEC)
-/**
- * Set the private decoding function of an RSA_METHOD object
- *
- * @param meth The RSA_METHOD object
- * @param priv_dec the private decoding function
- * @return 1 on success, 0 on error
- */
-static inline int
-RSA_meth_set_priv_dec(RSA_METHOD *meth,
- int (*priv_dec) (int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,
- int padding))
-{
- if (meth)
- {
- meth->rsa_priv_dec = priv_dec;
- return 1;
- }
- return 0;
-}
-#endif
-
-#if !defined(HAVE_RSA_METH_SET_INIT)
-/**
- * Set the init function of an RSA_METHOD object
- *
- * @param meth The RSA_METHOD object
- * @param init the init function
- * @return 1 on success, 0 on error
- */
-static inline int
-RSA_meth_set_init(RSA_METHOD *meth, int (*init) (RSA *rsa))
-{
- if (meth)
- {
- meth->init = init;
- return 1;
- }
- return 0;
-}
-#endif
-
-#if !defined(HAVE_RSA_METH_SET_FINISH)
-/**
- * Set the finish function of an RSA_METHOD object
- *
- * @param meth The RSA_METHOD object
- * @param finish the finish function
- * @return 1 on success, 0 on error
- */
-static inline int
-RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa))
-{
- if (meth)
- {
- meth->finish = finish;
- return 1;
- }
- return 0;
-}
-#endif
-
-#if !defined(HAVE_RSA_METH_SET0_APP_DATA)
-/**
- * Set the application data of an RSA_METHOD object
- *
- * @param meth The RSA_METHOD object
- * @param app_data Application data
- * @return 1 on success, 0 on error
- */
-static inline int
-RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data)
-{
- if (meth)
- {
- meth->app_data = app_data;
- return 1;
- }
- return 0;
-}
-#endif
-
-/* SSLeay symbols have been renamed in OpenSSL 1.1 */
-#if !defined(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT)
-#define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT RSA_F_RSA_EAY_PRIVATE_ENCRYPT
-#endif
-
-#endif /* OPENSSL_COMPAT_H_ */
diff --git a/src/openvpn/openvpn.c b/src/openvpn/openvpn.c
index 08c09e6..888acda 100644
--- a/src/openvpn/openvpn.c
+++ b/src/openvpn/openvpn.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
@@ -331,8 +332,7 @@ openvpn_main(int argc, char *argv[])
#ifdef _WIN32
int
-wmain(int argc, wchar_t *wargv[])
-{
+wmain(int argc, wchar_t *wargv[]) {
char **argv;
int ret;
int i;
@@ -361,8 +361,7 @@ wmain(int argc, wchar_t *wargv[])
}
#else /* ifdef _WIN32 */
int
-main(int argc, char *argv[])
-{
+main(int argc, char *argv[]) {
return openvpn_main(argc, argv);
}
#endif /* ifdef _WIN32 */
diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h
index 9262e68..7ea0d17 100644
--- a/src/openvpn/openvpn.h
+++ b/src/openvpn/openvpn.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef OPENVPN_H
@@ -201,7 +202,7 @@ struct context_1
#endif
/* if client mode, hash of option strings we pulled from server */
- struct sha256_digest pulled_options_digest_save;
+ struct md5_digest pulled_options_digest_save;
/**< Hash of option strings received from the
* remote OpenVPN server. Only used in
* client-mode. */
@@ -471,9 +472,9 @@ struct context_2
bool did_pre_pull_restore;
/* hash of pulled options, so we can compare when options change */
- bool pulled_options_digest_init_done;
- md_ctx_t *pulled_options_state;
- struct sha256_digest pulled_options_digest;
+ bool pulled_options_md5_init_done;
+ md_ctx_t pulled_options_state;
+ struct md5_digest pulled_options_digest;
struct event_timeout scheduled_exit;
int scheduled_exit_signal;
diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj
index d1c0fde..8dfbea5 100644
--- a/src/openvpn/openvpn.vcxproj
+++ b/src/openvpn/openvpn.vcxproj
@@ -99,16 +99,13 @@
</Link>
</ItemDefinitionGroup>
<ItemGroup>
- <ClCompile Include="argv.c" />
<ClCompile Include="base64.c" />
- <ClCompile Include="block_dns.c" />
<ClCompile Include="buffer.c" />
<ClCompile Include="clinat.c" />
<ClCompile Include="comp-lz4.c" />
<ClCompile Include="comp.c" />
<ClCompile Include="compstub.c" />
<ClCompile Include="console.c" />
- <ClCompile Include="console_builtin.c" />
<ClCompile Include="crypto.c" />
<ClCompile Include="crypto_openssl.c" />
<ClCompile Include="cryptoapi.c" />
@@ -167,15 +164,12 @@
<ClCompile Include="ssl_verify.c" />
<ClCompile Include="ssl_verify_openssl.c" />
<ClCompile Include="status.c" />
- <ClCompile Include="tls_crypt.c" />
<ClCompile Include="tun.c" />
<ClCompile Include="win32.c" />
</ItemGroup>
<ItemGroup>
- <ClInclude Include="argv.h" />
<ClInclude Include="base64.h" />
<ClInclude Include="basic.h" />
- <ClInclude Include="block_dns.h" />
<ClInclude Include="buffer.h" />
<ClInclude Include="circ_list.h" />
<ClInclude Include="clinat.h" />
@@ -255,7 +249,6 @@
<ClInclude Include="ssl_verify_openssl.h" />
<ClInclude Include="status.h" />
<ClInclude Include="syshead.h" />
- <ClInclude Include="tls_crypt.h" />
<ClInclude Include="tun.h" />
<ClInclude Include="win32.h" />
</ItemGroup>
diff --git a/src/openvpn/openvpn.vcxproj.filters b/src/openvpn/openvpn.vcxproj.filters
index 30df5ec..8b6a269 100644
--- a/src/openvpn/openvpn.vcxproj.filters
+++ b/src/openvpn/openvpn.vcxproj.filters
@@ -216,18 +216,6 @@
<ClCompile Include="comp-lz4.c">
<Filter>Source Files</Filter>
</ClCompile>
- <ClCompile Include="argv.c">
- <Filter>Source Files</Filter>
- </ClCompile>
- <ClCompile Include="block_dns.c">
- <Filter>Source Files</Filter>
- </ClCompile>
- <ClCompile Include="console_builtin.c">
- <Filter>Source Files</Filter>
- </ClCompile>
- <ClCompile Include="tls_crypt.c">
- <Filter>Source Files</Filter>
- </ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="base64.h">
@@ -476,22 +464,10 @@
<ClInclude Include="win32.h">
<Filter>Header Files</Filter>
</ClInclude>
- <ClInclude Include="compstub.h">
- <Filter>Header Files</Filter>
- </ClInclude>
- <ClInclude Include="argv.h">
- <Filter>Header Files</Filter>
- </ClInclude>
- <ClInclude Include="block_dns.h">
- <Filter>Header Files</Filter>
- </ClInclude>
- <ClInclude Include="tls_crypt.h">
- <Filter>Header Files</Filter>
- </ClInclude>
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="openvpn_win32_resources.rc">
<Filter>Resource Files</Filter>
</ResourceCompile>
</ItemGroup>
-</Project> \ No newline at end of file
+</Project>
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index fef5e90..2f1b298 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -17,9 +17,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
@@ -197,7 +198,7 @@ static const char usage_message[] =
" is established. Multiple routes can be specified.\n"
" netmask default: 255.255.255.255\n"
" gateway default: taken from --route-gateway or --ifconfig\n"
- " Specify default by leaving blank or setting to \"nil\".\n"
+ " Specify default by leaving blank or setting to \"default\".\n"
"--route-ipv6 network/bits [gateway] [metric] :\n"
" Add IPv6 route to routing table after connection\n"
" is established. Multiple routes can be specified.\n"
@@ -591,8 +592,7 @@ static const char usage_message[] =
"--x509-username-field : Field in x509 certificate containing the username.\n"
" Default is CN in the Subject field.\n"
#endif
- "--verify-hash hash [algo] : Specify fingerprint for level-1 certificate.\n"
- " Valid algo flags are SHA1 and SHA256. \n"
+ "--verify-hash : Specify SHA1 fingerprint for level-1 cert.\n"
#ifdef _WIN32
"--cryptoapicert select-string : Load the certificate and private key from the\n"
" Windows Certificate System Store.\n"
@@ -636,8 +636,8 @@ static const char usage_message[] =
"--verify-x509-name name: Accept connections only from a host with X509 subject\n"
" DN name. The remote host must also pass all other tests\n"
" of verification.\n"
- "--ns-cert-type t: (DEPRECATED) Require that peer certificate was signed with \n"
- " an explicit nsCertType designation t = 'client' | 'server'.\n"
+ "--ns-cert-type t: Require that peer certificate was signed with an explicit\n"
+ " nsCertType designation t = 'client' | 'server'.\n"
"--x509-track x : Save peer X509 attribute x in environment for use by\n"
" plugins and management interface.\n"
#if defined(ENABLE_CRYPTO_OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x10001000
@@ -716,6 +716,7 @@ static const char usage_message[] =
"--dhcp-renew : Ask Windows to renew the TAP adapter lease on startup.\n"
"--dhcp-pre-release : Ask Windows to release the previous TAP adapter lease on\n"
" startup.\n"
+ "--dhcp-release : Ask Windows to release the TAP adapter lease on shutdown.\n"
"--register-dns : Run ipconfig /flushdns and ipconfig /registerdns\n"
" on connection initiation.\n"
"--tap-sleep n : Sleep for n seconds after TAP adapter open before\n"
@@ -998,9 +999,7 @@ setenv_settings(struct env_set *es, const struct options *o)
{
int i;
for (i = 0; i < o->connection_list->len; ++i)
- {
setenv_connection_entry(es, o->connection_list->array[i], i+1);
- }
}
else
{
@@ -1215,6 +1214,7 @@ show_tuntap_options(const struct tuntap_options *o)
SHOW_BOOL(dhcp_options);
SHOW_BOOL(dhcp_renew);
SHOW_BOOL(dhcp_pre_release);
+ SHOW_BOOL(dhcp_release);
SHOW_STR(domain);
SHOW_STR(netbios_scope);
SHOW_INT(netbios_node_type);
@@ -1761,9 +1761,7 @@ show_settings(const struct options *o)
{
int i;
for (i = 0; i<MAX_PARMS; i++)
- {
SHOW_INT(remote_cert_ku[i]);
- }
}
SHOW_STR(remote_cert_eku);
SHOW_INT(ssl_flags);
@@ -1791,30 +1789,22 @@ show_settings(const struct options *o)
{
int i;
for (i = 0; i<MAX_PARMS && o->pkcs11_providers[i] != NULL; i++)
- {
SHOW_PARM(pkcs11_providers, o->pkcs11_providers[i], "%s");
- }
}
{
int i;
for (i = 0; i<MAX_PARMS; i++)
- {
SHOW_PARM(pkcs11_protected_authentication, o->pkcs11_protected_authentication[i] ? "ENABLED" : "DISABLED", "%s");
- }
}
{
int i;
for (i = 0; i<MAX_PARMS; i++)
- {
SHOW_PARM(pkcs11_private_mode, o->pkcs11_private_mode[i], "%08x");
- }
}
{
int i;
for (i = 0; i<MAX_PARMS; i++)
- {
SHOW_PARM(pkcs11_cert_private, o->pkcs11_cert_private[i] ? "ENABLED" : "DISABLED", "%s");
- }
}
SHOW_INT(pkcs11_pin_cache_period);
SHOW_STR(pkcs11_id);
@@ -2949,9 +2939,7 @@ options_postprocess_verify(const struct options *o)
{
int i;
for (i = 0; i < o->connection_list->len; ++i)
- {
options_postprocess_verify_ce(o, o->connection_list->array[i]);
- }
}
else
{
@@ -3002,9 +2990,7 @@ options_postprocess_mutate(struct options *o)
ASSERT(o->connection_list);
for (i = 0; i < o->connection_list->len; ++i)
- {
options_postprocess_mutate_ce(o, o->connection_list->array[i]);
- }
#ifdef ENABLE_CRYPTO
if (o->tls_server)
@@ -3817,9 +3803,7 @@ options_warning_safe_scan1(const int msglevel,
char *p = gc_malloc(OPTION_PARM_SIZE, true, &gc);
while (buf_parse(&b, delim, p, OPTION_PARM_SIZE))
- {
options_warning_safe_scan2(msglevel, delim, report_inconsistent, p, b2_src, b1_name, b2_name);
- }
gc_free(&gc);
}
@@ -4096,7 +4080,6 @@ usage(void)
fprintf(fp, usage_message,
title_string,
o.ce.connect_retry_seconds,
- o.ce.connect_retry_seconds_max,
o.ce.local_port, o.ce.remote_port,
TUN_MTU_DEFAULT, TAP_MTU_EXTRA_DEFAULT,
o.verbosity);
@@ -4447,10 +4430,7 @@ read_inline_file(struct in_src *is, const char *close_tag, struct gc_arena *gc)
{
char *line_ptr = line;
/* Remove leading spaces */
- while (isspace(*line_ptr))
- {
- line_ptr++;
- }
+ while (isspace(*line_ptr)) line_ptr++;
if (!strncmp(line_ptr, close_tag, strlen(close_tag)))
{
endtagfound = true;
@@ -4546,7 +4526,7 @@ read_config_file(struct options *options,
FILE *fp;
int line_num;
char line[OPTION_LINE_SIZE+1];
- char *p[MAX_PARMS+1];
+ char *p[MAX_PARMS];
++level;
if (level <= max_recursive_levels)
@@ -4578,7 +4558,7 @@ read_config_file(struct options *options,
{
offset = 3;
}
- if (parse_line(line + offset, p, SIZE(p)-1, file, line_num, msglevel, &options->gc))
+ if (parse_line(line + offset, p, SIZE(p), file, line_num, msglevel, &options->gc))
{
bypass_doubledash(&p[0]);
check_inline_file_via_fp(fp, p, &options->gc);
@@ -4620,10 +4600,10 @@ read_config_string(const char *prefix,
while (buf_parse(&multiline, '\n', line, sizeof(line)))
{
- char *p[MAX_PARMS+1];
+ char *p[MAX_PARMS];
CLEAR(p);
++line_num;
- if (parse_line(line, p, SIZE(p)-1, prefix, line_num, msglevel, &options->gc))
+ if (parse_line(line, p, SIZE(p), prefix, line_num, msglevel, &options->gc))
{
bypass_doubledash(&p[0]);
check_inline_file_via_buf(&multiline, p, &options->gc);
@@ -4754,14 +4734,14 @@ apply_push_options(struct options *options,
while (buf_parse(buf, ',', line, sizeof(line)))
{
- char *p[MAX_PARMS+1];
+ char *p[MAX_PARMS];
CLEAR(p);
++line_num;
if (!apply_pull_filter(options, line))
{
return false; /* Cause push/pull error and stop push processing */
}
- if (parse_line(line, p, SIZE(p)-1, file, line_num, msglevel, &options->gc))
+ if (parse_line(line, p, SIZE(p), file, line_num, msglevel, &options->gc))
{
add_option(options, p, file, line_num, 0, msglevel, permission_mask, option_types_found, es);
}
@@ -5167,7 +5147,7 @@ add_option(struct options *options,
}
#endif /* ifdef ENABLE_MANAGEMENT */
#ifdef ENABLE_PLUGIN
- else if (streq(p[0], "plugin") && p[1])
+ else if (streq(p[0], "plugin") && p[1] && !p[3])
{
VERIFY_PERMISSION(OPT_P_PLUGIN);
if (!options->plugin_list)
@@ -5317,14 +5297,12 @@ add_option(struct options *options,
if (!sub.ce.remote)
{
msg(msglevel, "Each 'connection' block must contain exactly one 'remote' directive");
- uninit_options(&sub);
goto err;
}
e = alloc_connection_entry(options, msglevel);
if (!e)
{
- uninit_options(&sub);
goto err;
}
*e = sub.ce;
@@ -5342,24 +5320,18 @@ add_option(struct options *options,
VERIFY_PERMISSION(OPT_P_GENERAL);
/* Find out how many options to be ignored */
for (i = 1; p[i]; i++)
- {
numignored++;
- }
/* add number of options already ignored */
for (i = 0; options->ignore_unknown_option
&& options->ignore_unknown_option[i]; i++)
- {
numignored++;
- }
/* Allocate array */
ALLOC_ARRAY_GC(ignore, const char *, numignored+1, &options->gc);
for (i = 0; options->ignore_unknown_option
&& options->ignore_unknown_option[i]; i++)
- {
ignore[i] = options->ignore_unknown_option[i];
- }
options->ignore_unknown_option = ignore;
@@ -6043,8 +6015,7 @@ add_option(struct options *options,
struct http_custom_header *custom_header = NULL;
int i;
/* Find the first free header */
- for (i = 0; i < MAX_CUSTOM_HTTP_HEADER; i++)
- {
+ for (i = 0; i < MAX_CUSTOM_HTTP_HEADER; i++) {
if (!ho->custom_headers[i].name)
{
custom_header = &ho->custom_headers[i];
@@ -6818,6 +6789,20 @@ add_option(struct options *options,
options->port_share_port = p[2];
options->port_share_journal_dir = p[3];
}
+ else if (streq (p[0], "pkcs11-id-type") ||
+ streq (p[0], "pkcs11-sign-mode") ||
+ streq (p[0], "pkcs11-slot") ||
+ streq (p[0], "pkcs11-slot-type") ||
+ streq (p[0], "show-pkcs11-objects") ||
+ streq (p[0], "show-pkcs11-slots"))
+ {
+ if (file)
+ msg (msglevel, "You are using an obsolete parameter in %s:%d: %s (%s).\nPlease see /usr/share/doc/openvpn/NEWS.Debian.gz for details.",
+ file, line, p[0], PACKAGE_VERSION);
+ else
+ msg (msglevel, "You are using an obsolete parameter: --%s (%s).\nPlease see /usr/share/doc/openvpn/NEWS.Debian.gz for details.",
+ p[0], PACKAGE_VERSION);
+ }
#endif
else if (streq(p[0], "client-to-client") && !p[1])
{
@@ -7229,11 +7214,11 @@ add_option(struct options *options,
{
VERIFY_PERMISSION(OPT_P_IPWIN32);
options->tuntap_options.dhcp_pre_release = true;
- options->tuntap_options.dhcp_renew = true;
}
else if (streq(p[0], "dhcp-release") && !p[1])
{
- msg(M_WARN, "Obsolete option --dhcp-release detected. This is now on by default");
+ VERIFY_PERMISSION(OPT_P_IPWIN32);
+ options->tuntap_options.dhcp_release = true;
}
else if (streq(p[0], "dhcp-internal") && p[1] && !p[2]) /* standalone method for internal use */
{
@@ -7705,25 +7690,10 @@ add_option(struct options *options,
options->extra_certs_file_inline = p[2];
}
}
- else if (streq(p[0], "verify-hash") && p[1] && !p[3])
+ else if (streq(p[0], "verify-hash") && p[1] && !p[2])
{
VERIFY_PERMISSION(OPT_P_GENERAL);
-
- if (!p[2] || (p[2] && streq(p[2], "SHA1")))
- {
- options->verify_hash = parse_hash_fingerprint(p[1], SHA_DIGEST_LENGTH, msglevel, &options->gc);
- options->verify_hash_algo = MD_SHA1;
- }
- else if (p[2] && streq(p[2], "SHA256"))
- {
- options->verify_hash = parse_hash_fingerprint(p[1], SHA256_DIGEST_LENGTH, msglevel, &options->gc);
- options->verify_hash_algo = MD_SHA256;
- }
- else
- {
- msg(msglevel, "invalid or unsupported hashing algorithm: %s (only SHA1 and SHA256 are valid)", p[2]);
- goto err;
- }
+ options->verify_hash = parse_hash_fingerprint(p[1], SHA_DIGEST_LENGTH, msglevel, &options->gc);
}
#ifdef ENABLE_CRYPTOAPI
else if (streq(p[0], "cryptoapicert") && p[1] && !p[2])
@@ -7947,18 +7917,12 @@ add_option(struct options *options,
}
else if (streq(p[0], "remote-cert-ku"))
{
+ int j;
+
VERIFY_PERMISSION(OPT_P_GENERAL);
- size_t j;
for (j = 1; j < MAX_PARMS && p[j] != NULL; ++j)
- {
sscanf(p[j], "%x", &(options->remote_cert_ku[j-1]));
- }
- if (j == 1)
- {
- /* No specific KU required, but require KU to be present */
- options->remote_cert_ku[0] = OPENVPN_KU_REQUIRED;
- }
}
else if (streq(p[0], "remote-cert-eku") && p[1] && !p[2])
{
@@ -7971,12 +7935,15 @@ add_option(struct options *options,
if (streq(p[1], "server"))
{
- options->remote_cert_ku[0] = OPENVPN_KU_REQUIRED;
+ options->remote_cert_ku[0] = 0xa0;
+ options->remote_cert_ku[1] = 0x88;
options->remote_cert_eku = "TLS Web Server Authentication";
}
else if (streq(p[1], "client"))
{
- options->remote_cert_ku[0] = OPENVPN_KU_REQUIRED;
+ options->remote_cert_ku[0] = 0x80;
+ options->remote_cert_ku[1] = 0x08;
+ options->remote_cert_ku[2] = 0x88;
options->remote_cert_eku = "TLS Web Client Authentication";
}
else
@@ -8084,25 +8051,15 @@ add_option(struct options *options,
if (strncmp("ext:", s, 4) != 0)
{
size_t i = 0;
- while (s[i] && !isupper(s[i]))
- {
- i++;
- }
+ while (s[i] && !isupper(s[i])) i++;
if (strlen(s) == i)
{
- while ((*s = toupper(*s)) != '\0')
- {
- s++;
- }
+ while ((*s = toupper(*s)) != '\0') s++;
msg(M_WARN, "DEPRECATED FEATURE: automatically upcased the "
"--x509-username-field parameter to '%s'; please update your"
"configuration", p[1]);
}
}
- else if (!x509_username_field_ext_supported(s+4))
- {
- msg(msglevel, "Unsupported x509-username-field extension: %s", s);
- }
options->x509_username_field = p[1];
}
#endif /* ENABLE_X509ALTUSERNAME */
@@ -8151,9 +8108,7 @@ add_option(struct options *options,
VERIFY_PERMISSION(OPT_P_GENERAL);
for (j = 1; j < MAX_PARMS && p[j] != NULL; ++j)
- {
options->pkcs11_providers[j-1] = p[j];
- }
}
else if (streq(p[0], "pkcs11-protected-authentication"))
{
@@ -8162,9 +8117,7 @@ add_option(struct options *options,
VERIFY_PERMISSION(OPT_P_GENERAL);
for (j = 1; j < MAX_PARMS && p[j] != NULL; ++j)
- {
options->pkcs11_protected_authentication[j-1] = atoi(p[j]) != 0 ? 1 : 0;
- }
}
else if (streq(p[0], "pkcs11-private-mode") && p[1])
{
@@ -8173,9 +8126,7 @@ add_option(struct options *options,
VERIFY_PERMISSION(OPT_P_GENERAL);
for (j = 1; j < MAX_PARMS && p[j] != NULL; ++j)
- {
sscanf(p[j], "%x", &(options->pkcs11_private_mode[j-1]));
- }
}
else if (streq(p[0], "pkcs11-cert-private"))
{
@@ -8184,9 +8135,7 @@ add_option(struct options *options,
VERIFY_PERMISSION(OPT_P_GENERAL);
for (j = 1; j < MAX_PARMS && p[j] != NULL; ++j)
- {
options->pkcs11_cert_private[j-1] = atoi(p[j]) != 0 ? 1 : 0;
- }
}
else if (streq(p[0], "pkcs11-pin-cache") && p[1] && !p[2])
{
diff --git a/src/openvpn/options.h b/src/openvpn/options.h
index 67b9b94..b3ab029 100644
--- a/src/openvpn/options.h
+++ b/src/openvpn/options.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
@@ -41,10 +42,6 @@
#include "comp.h"
#include "pushlist.h"
#include "clinat.h"
-#ifdef ENABLE_CRYPTO
-#include "crypto_backend.h"
-#endif
-
/*
* Maximum number of parameters associated with an option,
@@ -522,7 +519,6 @@ struct options
unsigned remote_cert_ku[MAX_PARMS];
const char *remote_cert_eku;
uint8_t *verify_hash;
- hash_algo_type verify_hash_algo;
unsigned int ssl_flags; /* set to SSLF_x flags from ssl.h */
#ifdef ENABLE_PKCS11
diff --git a/src/openvpn/otime.c b/src/openvpn/otime.c
index 3e576cc..22abda0 100644
--- a/src/openvpn/otime.c
+++ b/src/openvpn/otime.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
diff --git a/src/openvpn/otime.h b/src/openvpn/otime.h
index 8731472..eede63d 100644
--- a/src/openvpn/otime.h
+++ b/src/openvpn/otime.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef OTIME_H
@@ -288,8 +289,7 @@ tv_within_sigma(const struct timeval *t1, const struct timeval *t2, unsigned int
* called again.
*/
static inline void
-interval_earliest_wakeup(interval_t *wakeup, time_t at, time_t current)
-{
+interval_earliest_wakeup(interval_t *wakeup, time_t at, time_t current) {
if (at > current)
{
const interval_t delta = (interval_t) (at - current);
diff --git a/src/openvpn/packet_id.c b/src/openvpn/packet_id.c
index 30ae8fb..6f70c5d 100644
--- a/src/openvpn/packet_id.c
+++ b/src/openvpn/packet_id.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
@@ -656,8 +657,7 @@ packet_id_interactive_test()
packet_id_init(&pid, seq_backtrack, time_backtrack);
- while (true)
- {
+ while (true) {
char buf[80];
if (!fgets(buf, sizeof(buf), stdin))
{
diff --git a/src/openvpn/packet_id.h b/src/openvpn/packet_id.h
index a370936..aceacf8 100644
--- a/src/openvpn/packet_id.h
+++ b/src/openvpn/packet_id.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
diff --git a/src/openvpn/perf.c b/src/openvpn/perf.c
index 16cf749..51e051a 100644
--- a/src/openvpn/perf.c
+++ b/src/openvpn/perf.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
@@ -146,14 +147,12 @@ push_perf_index(int pindex)
{
int i;
for (i = 0; i < sindex; ++i)
- {
if (perf_set.stack[i] == pindex)
{
perf_print_state(M_INFO);
msg(M_FATAL, "PERF: push_perf_index %s failed",
metric_names [pindex]);
}
- }
perf_set.stack[sindex] = pindex;
perf_set.stack_len = newlen;
@@ -322,8 +321,7 @@ perf_print_state(int lev)
#else /* ifdef ENABLE_PERFORMANCE_METRICS */
#ifdef _MSC_VER /* Dummy function needed to avoid empty file compiler warning in Microsoft VC */
static void
-dummy(void)
-{
+dummy(void) {
}
#endif
#endif /* ifdef ENABLE_PERFORMANCE_METRICS */
diff --git a/src/openvpn/perf.h b/src/openvpn/perf.h
index ae5ae08..f0430a1 100644
--- a/src/openvpn/perf.h
+++ b/src/openvpn/perf.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
@@ -75,16 +76,13 @@ void perf_output_results(void);
#else /* ifdef ENABLE_PERFORMANCE_METRICS */
static inline void
-perf_push(int type)
-{
+perf_push(int type) {
}
static inline void
-perf_pop(void)
-{
+perf_pop(void) {
}
static inline void
-perf_output_results(void)
-{
+perf_output_results(void) {
}
#endif /* ifdef ENABLE_PERFORMANCE_METRICS */
diff --git a/src/openvpn/pf-inline.h b/src/openvpn/pf-inline.h
index ac19ac4..a0f5cc7 100644
--- a/src/openvpn/pf-inline.h
+++ b/src/openvpn/pf-inline.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#if defined(ENABLE_PF) && !defined(PF_INLINE_H)
diff --git a/src/openvpn/pf.c b/src/openvpn/pf.c
index 5cb002b..56b6858 100644
--- a/src/openvpn/pf.c
+++ b/src/openvpn/pf.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/* packet filter functions */
diff --git a/src/openvpn/pf.h b/src/openvpn/pf.h
index 414c85b..3832683 100644
--- a/src/openvpn/pf.h
+++ b/src/openvpn/pf.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/* packet filter functions */
diff --git a/src/openvpn/ping-inline.h b/src/openvpn/ping-inline.h
index 0642b85..2fa1d5c 100644
--- a/src/openvpn/ping-inline.h
+++ b/src/openvpn/ping-inline.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef PING_INLINE_H
diff --git a/src/openvpn/ping.c b/src/openvpn/ping.c
index 728d6c2..0496b72 100644
--- a/src/openvpn/ping.c
+++ b/src/openvpn/ping.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
diff --git a/src/openvpn/ping.h b/src/openvpn/ping.h
index 5bd5c08..e839ce7 100644
--- a/src/openvpn/ping.h
+++ b/src/openvpn/ping.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef PING_H
diff --git a/src/openvpn/pkcs11.c b/src/openvpn/pkcs11.c
index 6041828..6858846 100644
--- a/src/openvpn/pkcs11.c
+++ b/src/openvpn/pkcs11.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
@@ -44,24 +45,21 @@
static
time_t
-__mytime(void)
-{
+__mytime(void) {
return openvpn_time(NULL);
}
#if !defined(_WIN32)
static
int
-__mygettimeofday(struct timeval *tv)
-{
+__mygettimeofday(struct timeval *tv) {
return gettimeofday(tv, NULL);
}
#endif
static
void
-__mysleep(const unsigned long usec)
-{
+__mysleep(const unsigned long usec) {
#if defined(_WIN32)
Sleep(usec/1000);
#else
@@ -86,12 +84,10 @@ static
unsigned
_pkcs11_msg_pkcs112openvpn(
const unsigned flags
- )
-{
+ ) {
unsigned openvpn_flags;
- switch (flags)
- {
+ switch (flags) {
case PKCS11H_LOG_DEBUG2:
openvpn_flags = D_PKCS11_DEBUG;
break;
@@ -128,8 +124,7 @@ static
unsigned
_pkcs11_msg_openvpn2pkcs11(
const unsigned flags
- )
-{
+ ) {
unsigned pkcs11_flags;
if ((flags & D_PKCS11_DEBUG) != 0)
@@ -171,8 +166,7 @@ _pkcs11_openvpn_log(
unsigned flags,
const char *const szFormat,
va_list args
- )
-{
+ ) {
char Buffer[10*1024];
(void)global_data;
@@ -190,8 +184,7 @@ _pkcs11_openvpn_token_prompt(
void *const user_data,
const pkcs11h_token_id_t token,
const unsigned retry
- )
-{
+ ) {
struct user_pass token_resp;
(void)global_data;
@@ -236,8 +229,7 @@ _pkcs11_openvpn_pin_prompt(
const unsigned retry,
char *const pin,
const size_t pin_max
- )
-{
+ ) {
struct user_pass token_pass;
char prompt[1024];
@@ -283,8 +275,7 @@ bool
pkcs11_initialize(
const bool protected_auth,
const int nPINCachePeriod
- )
-{
+ ) {
CK_RV rv = CKR_FUNCTION_FAILED;
dmsg(
@@ -356,8 +347,7 @@ cleanup:
}
void
-pkcs11_terminate()
-{
+pkcs11_terminate() {
dmsg(
D_PKCS11_DEBUG,
"PKCS#11: pkcs11_terminate - entered"
@@ -377,8 +367,7 @@ pkcs11_addProvider(
const bool protected_auth,
const unsigned private_mode,
const bool cert_private
- )
-{
+ ) {
CK_RV rv = CKR_OK;
ASSERT(provider!=NULL);
@@ -422,14 +411,12 @@ pkcs11_addProvider(
}
int
-pkcs11_logout()
-{
+pkcs11_logout() {
return pkcs11h_logout() == CKR_OK;
}
int
-pkcs11_management_id_count()
-{
+pkcs11_management_id_count() {
pkcs11h_certificate_id_list_t id_list = NULL;
pkcs11h_certificate_id_list_t t = NULL;
CK_RV rv = CKR_OK;
@@ -454,8 +441,7 @@ pkcs11_management_id_count()
goto cleanup;
}
- for (count = 0, t = id_list; t != NULL; t = t->next)
- {
+ for (count = 0, t = id_list; t != NULL; t = t->next) {
count++;
}
@@ -481,8 +467,7 @@ pkcs11_management_id_get(
const int index,
char **id,
char **base64
- )
-{
+ ) {
pkcs11h_certificate_id_list_t id_list = NULL;
pkcs11h_certificate_id_list_t entry = NULL;
#if 0 /* certificate_id seems to be unused -- JY */
@@ -526,8 +511,7 @@ pkcs11_management_id_get(
entry = id_list;
count = 0;
- while (entry != NULL && count != index)
- {
+ while (entry != NULL && count != index) {
count++;
entry = entry->next;
}
@@ -669,8 +653,7 @@ tls_ctx_use_pkcs11(
struct tls_root_ctx *const ssl_ctx,
bool pkcs11_id_management,
const char *const pkcs11_id
- )
-{
+ ) {
pkcs11h_certificate_id_t certificate_id = NULL;
pkcs11h_certificate_t certificate = NULL;
CK_RV rv = CKR_OK;
@@ -801,8 +784,7 @@ _pkcs11_openvpn_show_pkcs11_ids_pin_prompt(
const unsigned retry,
char *const pin,
const size_t pin_max
- )
-{
+ ) {
struct gc_arena gc = gc_new();
struct buffer pass_prompt = alloc_buf_gc(128, &gc);
@@ -835,8 +817,7 @@ void
show_pkcs11_ids(
const char *const provider,
bool cert_private
- )
-{
+ ) {
struct gc_arena gc = gc_new();
pkcs11h_certificate_id_list_t user_certificates = NULL;
pkcs11h_certificate_id_list_t current = NULL;
@@ -907,8 +888,7 @@ show_pkcs11_ids(
"--pkcs11-id option please remember to use single quote mark.\n"
)
);
- for (current = user_certificates; current != NULL; current = current->next)
- {
+ for (current = user_certificates; current != NULL; current = current->next) {
pkcs11h_certificate_t certificate = NULL;
char *dn = NULL;
char serial[1024] = {0};
@@ -1026,8 +1006,7 @@ cleanup:
#else /* if defined(ENABLE_PKCS11) */
#ifdef _MSC_VER /* Dummy function needed to avoid empty file compiler warning in Microsoft VC */
static void
-dummy(void)
-{
+dummy(void) {
}
#endif
#endif /* ENABLE_PKCS11 */
diff --git a/src/openvpn/pkcs11.h b/src/openvpn/pkcs11.h
index f1722c0..3747d3a 100644
--- a/src/openvpn/pkcs11.h
+++ b/src/openvpn/pkcs11.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef OPENVPN_PKCS11_H
diff --git a/src/openvpn/pkcs11_backend.h b/src/openvpn/pkcs11_backend.h
index b47b757..9606899 100644
--- a/src/openvpn/pkcs11_backend.h
+++ b/src/openvpn/pkcs11_backend.h
@@ -17,9 +17,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
diff --git a/src/openvpn/pkcs11_mbedtls.c b/src/openvpn/pkcs11_mbedtls.c
index 45372e4..bdca893 100644
--- a/src/openvpn/pkcs11_mbedtls.c
+++ b/src/openvpn/pkcs11_mbedtls.c
@@ -17,9 +17,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
@@ -38,7 +39,6 @@
#include "errlevel.h"
#include "pkcs11_backend.h"
-#include "ssl_verify_backend.h"
#include <mbedtls/pkcs11.h>
#include <mbedtls/x509.h>
@@ -82,6 +82,8 @@ char *
pkcs11_certificate_dn(pkcs11h_certificate_t cert, struct gc_arena *gc)
{
char *ret = NULL;
+ char dn[1024] = {0};
+
mbedtls_x509_crt mbed_crt = {0};
if (mbedtls_pkcs11_x509_cert_bind(&mbed_crt, cert))
@@ -90,12 +92,14 @@ pkcs11_certificate_dn(pkcs11h_certificate_t cert, struct gc_arena *gc)
goto cleanup;
}
- if (!(ret = x509_get_subject(&mbed_crt, gc)))
+ if (-1 == mbedtls_x509_dn_gets(dn, sizeof(dn), &mbed_crt.subject))
{
msg(M_FATAL, "PKCS#11: mbed TLS cannot parse subject");
goto cleanup;
}
+ ret = string_alloc(dn, gc);
+
cleanup:
mbedtls_x509_crt_free(&mbed_crt);
diff --git a/src/openvpn/pkcs11_openssl.c b/src/openvpn/pkcs11_openssl.c
index c37425b..6244cc7 100644
--- a/src/openvpn/pkcs11_openssl.c
+++ b/src/openvpn/pkcs11_openssl.c
@@ -17,9 +17,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
diff --git a/src/openvpn/platform.c b/src/openvpn/platform.c
index 2495523..952d633 100644
--- a/src/openvpn/platform.c
+++ b/src/openvpn/platform.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
diff --git a/src/openvpn/platform.h b/src/openvpn/platform.h
index cd2bbc9..62396a9 100644
--- a/src/openvpn/platform.h
+++ b/src/openvpn/platform.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef PLATFORM_H
diff --git a/src/openvpn/plugin.c b/src/openvpn/plugin.c
index 557b6bc..17eb2d8 100644
--- a/src/openvpn/plugin.c
+++ b/src/openvpn/plugin.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
@@ -233,31 +234,23 @@ plugin_init_item(struct plugin *p, const struct plugin_option *o)
#ifndef _WIN32
p->handle = NULL;
-
- /* If the plug-in filename is not an absolute path,
- * or beginning with '.', it should use the PLUGIN_LIBDIR
- * as the base directory for loading the plug-in.
- *
- * This means the following scenarios are loaded from these places:
- * --plugin fancyplug.so -> $PLUGIN_LIBDIR/fancyplug.so
- * --plugin my/fancyplug.so -> $PLUGIN_LIBDIR/my/fancyplug.so
- * --plugin ./fancyplug.so -> $CWD/fancyplug.so
- * --plugin /usr/lib/my/fancyplug.so -> /usr/lib/my/fancyplug.so
- *
- * Please note that $CWD means the directory OpenVPN is either started from
- * or the directory OpenVPN have changed into using --cd before --plugin
- * was parsed.
- *
- */
- if (!absolute_pathname(p->so_pathname)
- && p->so_pathname[0] != '.')
+#if defined(PLUGIN_LIBDIR)
+ if (!absolute_pathname(p->so_pathname))
{
char full[PATH_MAX];
openvpn_snprintf(full, sizeof(full), "%s/%s", PLUGIN_LIBDIR, p->so_pathname);
p->handle = dlopen(full, RTLD_NOW);
+#if defined(ENABLE_PLUGIN_SEARCH)
+ if (!p->handle)
+ {
+ rel = true;
+ p->handle = dlopen(p->so_pathname, RTLD_NOW);
+ }
+#endif
}
else
+#endif
{
rel = !absolute_pathname(p->so_pathname);
p->handle = dlopen(p->so_pathname, RTLD_NOW);
@@ -409,8 +402,7 @@ plugin_log(openvpn_plugin_log_flags_t flags, const char *name, const char *forma
static struct openvpn_plugin_callbacks callbacks = {
plugin_log,
- plugin_vlog,
- secure_memzero /* plugin_secure_memzero */
+ plugin_vlog
};
@@ -753,9 +745,7 @@ plugin_common_close(struct plugin_common *pc)
int i;
for (i = 0; i < pc->n; ++i)
- {
plugin_close_item(&pc->plugins[i]);
- }
free(pc);
}
}
@@ -893,9 +883,7 @@ plugin_abort(void)
int i;
for (i = 0; i < pc->n; ++i)
- {
plugin_abort_item(&pc->plugins[i]);
- }
}
}
@@ -976,9 +964,7 @@ plugin_return_get_column(const struct plugin_return *src,
dest->n = 0;
for (i = 0; i < src->n; ++i)
- {
dest->list[i] = openvpn_plugin_string_list_find(src->list[i], colname);
- }
dest->n = i;
}
@@ -987,9 +973,7 @@ plugin_return_free(struct plugin_return *pr)
{
int i;
for (i = 0; i < pr->n; ++i)
- {
openvpn_plugin_string_list_free(pr->list[i]);
- }
pr->n = 0;
}
@@ -1019,7 +1003,6 @@ plugin_return_print(const int msglevel, const char *prefix, const struct plugin_
#else /* ifdef ENABLE_PLUGIN */
static void
-dummy(void)
-{
+dummy(void) {
}
#endif /* ENABLE_PLUGIN */
diff --git a/src/openvpn/plugin.h b/src/openvpn/plugin.h
index 0cffee0..4ded529 100644
--- a/src/openvpn/plugin.h
+++ b/src/openvpn/plugin.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
diff --git a/src/openvpn/pool.c b/src/openvpn/pool.c
index a8f15b9..aa0bc2b 100644
--- a/src/openvpn/pool.c
+++ b/src/openvpn/pool.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
@@ -214,9 +215,7 @@ ifconfig_pool_free(struct ifconfig_pool *pool)
{
int i;
for (i = 0; i < pool->size; ++i)
- {
ifconfig_pool_entry_free(&pool->list[i], true);
- }
free(pool->list);
free(pool);
}
diff --git a/src/openvpn/pool.h b/src/openvpn/pool.h
index ee91d82..c3e1190 100644
--- a/src/openvpn/pool.h
+++ b/src/openvpn/pool.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef POOL_H
diff --git a/src/openvpn/proto.c b/src/openvpn/proto.c
index 2cbea3a..40e0714 100644
--- a/src/openvpn/proto.c
+++ b/src/openvpn/proto.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
diff --git a/src/openvpn/proto.h b/src/openvpn/proto.h
index 57f25c9..bfcb36d 100644
--- a/src/openvpn/proto.h
+++ b/src/openvpn/proto.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef PROTO_H
diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c
index 7a737ea..dd327a2 100644
--- a/src/openvpn/proxy.c
+++ b/src/openvpn/proxy.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
@@ -317,7 +318,6 @@ get_proxy_authenticate(socket_descriptor_t sd,
{
if (!recv_line(sd, buf, sizeof(buf), timeout, true, NULL, signal_received))
{
- free(*data);
*data = NULL;
return HTTP_AUTH_NONE;
}
@@ -381,9 +381,7 @@ get_key_value(const char *str, /* source string */
bool escape = false;
for (c = max_key_len-1; (*str && (*str != '=') && c--); )
- {
*key++ = *str++;
- }
*key = '\0';
if ('=' != *str++)
@@ -477,9 +475,7 @@ get_pa_var(const char *key, const char *pa, struct gc_arena *gc)
++content;
}
while (*content && isspace(*content))
- {
++content;
- }
}
}
@@ -778,8 +774,7 @@ establish_http_proxy_passthru(struct http_proxy_info *p,
/* receive and discard everything else */
while (recv_line(sd, NULL, 0, 2, true, NULL, signal_received))
- {
- }
+ ;
/* now send the phase 3 reply */
@@ -875,13 +870,6 @@ establish_http_proxy_passthru(struct http_proxy_info *p,
const char *algor = get_pa_var("algorithm", pa, &gc);
const char *opaque = get_pa_var("opaque", pa, &gc);
- if ( !realm || !nonce )
- {
- msg(D_LINK_ERRORS, "HTTP proxy: digest auth failed, malformed response "
- "from server: realm= or nonce= missing" );
- goto error;
- }
-
/* generate a client nonce */
ASSERT(rand_bytes(cnonce_raw, sizeof(cnonce_raw)));
cnonce = make_base64_string2(cnonce_raw, sizeof(cnonce_raw), &gc);
@@ -998,7 +986,6 @@ establish_http_proxy_passthru(struct http_proxy_info *p,
if (p->options.auth_retry == PAR_NCT && method == HTTP_AUTH_BASIC)
{
msg(D_PROXY, "HTTP proxy: support for basic auth and other cleartext proxy auth methods is disabled");
- free(pa);
goto error;
}
p->auth_method = method;
@@ -1054,8 +1041,7 @@ establish_http_proxy_passthru(struct http_proxy_info *p,
* start of the OpenVPN data stream (put it in lookahead).
*/
while (recv_line(sd, NULL, 0, 2, false, lookahead, signal_received))
- {
- }
+ ;
/* reset queried_creds so that we don't think that the next creds request is due to an auth error */
p->queried_creds = false;
diff --git a/src/openvpn/proxy.h b/src/openvpn/proxy.h
index 3ce79de..c20a676 100644
--- a/src/openvpn/proxy.h
+++ b/src/openvpn/proxy.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef PROXY_H
diff --git a/src/openvpn/ps.c b/src/openvpn/ps.c
index c2b05cd..21b12ca 100644
--- a/src/openvpn/ps.c
+++ b/src/openvpn/ps.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
diff --git a/src/openvpn/ps.h b/src/openvpn/ps.h
index b8c6853..0fc1ee4 100644
--- a/src/openvpn/ps.h
+++ b/src/openvpn/ps.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef PS_H
diff --git a/src/openvpn/push.c b/src/openvpn/push.c
index 5947a31..f515475 100644
--- a/src/openvpn/push.c
+++ b/src/openvpn/push.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
@@ -371,17 +372,15 @@ prepare_push_reply(struct context *c, struct gc_arena *gc,
/* Push cipher if client supports Negotiable Crypto Parameters */
if (tls_peer_info_ncp_ver(peer_info) >= 2 && o->ncp_enabled)
{
- /* if we have already created our key, we cannot *change* our own
- * cipher -> so log the fact and push the "what we have now" cipher
- * (so the client is always told what we expect it to use)
+ /* if we have already created our key, we cannot change our own
+ * cipher, so disable NCP and warn = explain why
*/
const struct tls_session *session = &tls_multi->session[TM_ACTIVE];
if (session->key[KS_PRIMARY].crypto_options.key_ctx_bi.initialized)
{
msg( M_INFO, "PUSH: client wants to negotiate cipher (NCP), but "
"server has already generated data channel keys, "
- "re-sending previously negotiated cipher '%s'",
- o->ciphername );
+ "ignoring client request" );
}
else
{
@@ -389,8 +388,8 @@ prepare_push_reply(struct context *c, struct gc_arena *gc,
* TODO: actual negotiation, instead of server dictatorship. */
char *push_cipher = string_alloc(o->ncp_ciphers, &o->gc);
o->ciphername = strtok(push_cipher, ":");
+ push_option_fmt(gc, push_list, M_USAGE, "cipher %s", o->ciphername);
}
- push_option_fmt(gc, push_list, M_USAGE, "cipher %s", o->ciphername);
}
else if (o->ncp_enabled)
{
@@ -693,8 +692,8 @@ push_update_digest(md_ctx_t *ctx, struct buffer *buf, const struct options *opt)
{
continue;
}
- md_ctx_update(ctx, (const uint8_t *) line, strlen(line)+1);
}
+ md_ctx_update(ctx, (const uint8_t *) line, strlen(line)+1);
}
int
@@ -721,11 +720,10 @@ process_incoming_push_msg(struct context *c,
if (ch == ',')
{
struct buffer buf_orig = buf;
- if (!c->c2.pulled_options_digest_init_done)
+ if (!c->c2.pulled_options_md5_init_done)
{
- c->c2.pulled_options_state = md_ctx_new();
- md_ctx_init(c->c2.pulled_options_state, md_kt_get("SHA256"));
- c->c2.pulled_options_digest_init_done = true;
+ md_ctx_init(&c->c2.pulled_options_state, md_kt_get("MD5"));
+ c->c2.pulled_options_md5_init_done = true;
}
if (!c->c2.did_pre_pull_restore)
{
@@ -738,17 +736,15 @@ process_incoming_push_msg(struct context *c,
option_types_found,
c->c2.es))
{
- push_update_digest(c->c2.pulled_options_state, &buf_orig,
+ push_update_digest(&c->c2.pulled_options_state, &buf_orig,
&c->options);
switch (c->options.push_continuation)
{
case 0:
case 1:
- md_ctx_final(c->c2.pulled_options_state, c->c2.pulled_options_digest.digest);
- md_ctx_cleanup(c->c2.pulled_options_state);
- md_ctx_free(c->c2.pulled_options_state);
- c->c2.pulled_options_state = NULL;
- c->c2.pulled_options_digest_init_done = false;
+ md_ctx_final(&c->c2.pulled_options_state, c->c2.pulled_options_digest.digest);
+ md_ctx_cleanup(&c->c2.pulled_options_state);
+ c->c2.pulled_options_md5_init_done = false;
ret = PUSH_MSG_REPLY;
break;
diff --git a/src/openvpn/push.h b/src/openvpn/push.h
index 4d42e81..86900c8 100644
--- a/src/openvpn/push.h
+++ b/src/openvpn/push.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef PUSH_H
diff --git a/src/openvpn/pushlist.h b/src/openvpn/pushlist.h
index 57216b2..58fc870 100644
--- a/src/openvpn/pushlist.h
+++ b/src/openvpn/pushlist.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#if !defined(PUSHLIST_H) && P2MP && P2MP_SERVER
diff --git a/src/openvpn/reliable.c b/src/openvpn/reliable.c
index 93541a9..57cdd78 100644
--- a/src/openvpn/reliable.c
+++ b/src/openvpn/reliable.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
@@ -111,12 +112,10 @@ reliable_ack_packet_id_present(struct reliable_ack *ack, packet_id_type pid)
{
int i;
for (i = 0; i < ack->len; ++i)
- {
if (ack->packet_id[i] == pid)
{
return true;
}
- }
return false;
}
@@ -243,9 +242,7 @@ reliable_ack_write(struct reliable_ack *ack,
ASSERT(session_id_defined(sid));
ASSERT(session_id_write(sid, &sub));
for (i = 0, j = n; j < ack->len; )
- {
ack->packet_id[i++] = ack->packet_id[j++];
- }
ack->len = i;
}
@@ -805,7 +802,6 @@ reliable_debug_print(const struct reliable *rel, char *desc)
#else /* ifdef ENABLE_CRYPTO */
static void
-dummy(void)
-{
+dummy(void) {
}
#endif /* ENABLE_CRYPTO */
diff --git a/src/openvpn/reliable.h b/src/openvpn/reliable.h
index aa34b02..455168a 100644
--- a/src/openvpn/reliable.h
+++ b/src/openvpn/reliable.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index a1811f4..ea09d71 100644
--- a/src/openvpn/route.c
+++ b/src/openvpn/route.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
@@ -985,19 +986,11 @@ redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, un
if (rl && rl->flags & RG_ENABLE)
{
- bool local = rl->flags & RG_LOCAL;
-
if (!(rl->spec.flags & RTSA_REMOTE_ENDPOINT) && (rl->flags & RG_REROUTE_GW))
{
msg(M_WARN, "%s VPN gateway parameter (--route-gateway or --ifconfig) is missing", err);
}
- /*
- * check if a default route is defined, unless:
- * - we are connecting to a remote host in our network
- * - we are connecting to a non-IPv4 remote host (i.e. we use IPv6)
- */
- else if (!(rl->rgi.flags & RGI_ADDR_DEFINED) && !local
- && (rl->spec.remote_host != IPV4_INVALID_ADDR))
+ else if (!(rl->rgi.flags & RGI_ADDR_DEFINED))
{
msg(M_WARN, "%s Cannot read current default gateway from system", err);
}
@@ -1008,6 +1001,7 @@ redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, un
else
{
#ifndef TARGET_ANDROID
+ bool local = BOOL_CAST(rl->flags & RG_LOCAL);
if (rl->flags & RG_AUTO_LOCAL)
{
const int tla = rl->spec.remote_host_local;
@@ -1072,13 +1066,14 @@ redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *tt, un
}
else
{
- /* don't try to remove the def route if it does not exist */
- if (rl->rgi.flags & RGI_ADDR_DEFINED)
- {
- /* delete default route */
- del_route3(0, 0, rl->rgi.gateway.addr, tt,
- flags | ROUTE_REF_GW, &rl->rgi, es);
- }
+ /* delete default route */
+ del_route3(0,
+ 0,
+ rl->rgi.gateway.addr,
+ tt,
+ flags | ROUTE_REF_GW,
+ &rl->rgi,
+ es);
/* add new default route */
add_route3(0,
@@ -1150,12 +1145,15 @@ undo_redirect_default_route_to_vpn(struct route_list *rl, const struct tuntap *t
flags,
&rl->rgi,
es);
- /* restore original default route if there was any */
- if (rl->rgi.flags & RGI_ADDR_DEFINED)
- {
- add_route3(0, 0, rl->rgi.gateway.addr, tt,
- flags | ROUTE_REF_GW, &rl->rgi, es);
- }
+
+ /* restore original default route */
+ add_route3(0,
+ 0,
+ rl->rgi.gateway.addr,
+ tt,
+ flags | ROUTE_REF_GW,
+ &rl->rgi,
+ es);
}
}
@@ -1198,15 +1196,6 @@ add_routes(struct route_list *rl, struct route_ipv6_list *rl6, const struct tunt
if (rl6 && !(rl6->iflags & RL_ROUTES_ADDED) )
{
struct route_ipv6 *r;
-
- if (!tt->did_ifconfig_ipv6_setup)
- {
- msg(M_INFO, "WARNING: OpenVPN was configured to add an IPv6 "
- "route over %s. However, no IPv6 has been configured for "
- "this interface, therefore the route installation may "
- "fail or may not work as expected.", tt->actual_name);
- }
-
for (r = rl6->routes_ipv6; r; r = r->next)
{
if (flags & ROUTE_DELETE_FIRST)
@@ -1292,9 +1281,7 @@ print_route_options(const struct route_option_list *rol,
(rol->flags & RG_LOCAL) != 0);
}
for (ro = rol->routes; ro; ro = ro->next)
- {
print_route_option(ro, level);
- }
}
void
@@ -1388,9 +1375,7 @@ print_routes(const struct route_list *rl, int level)
{
struct route_ipv4 *r;
for (r = rl->routes; r; r = r->next)
- {
print_route(r, level);
- }
}
static void
@@ -1419,9 +1404,7 @@ setenv_routes(struct env_set *es, const struct route_list *rl)
int i = 1;
struct route_ipv4 *r;
for (r = rl->routes; r; r = r->next)
- {
setenv_route(es, r, i++);
- }
}
static void
@@ -1450,9 +1433,7 @@ setenv_routes_ipv6(struct env_set *es, const struct route_ipv6_list *rl6)
int i = 1;
struct route_ipv6 *r6;
for (r6 = rl6->routes_ipv6; r6; r6 = r6->next)
- {
setenv_route_ipv6(es, r6, i++);
- }
}
/*
@@ -1689,7 +1670,7 @@ add_route(struct route_ipv4 *r,
argv_msg(D_ROUTE, &argv);
status = openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route add command failed");
-#elif defined(TARGET_FREEBSD)
+#elif defined(TARGET_FREEBSD) || defined(__FreeBSD_kernel__)
argv_printf(&argv, "%s add",
ROUTE_PATH);
@@ -1875,7 +1856,7 @@ add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt, unsigned int flag
network = print_in6_addr( r6->network, 0, &gc);
gateway = print_in6_addr( r6->gateway, 0, &gc);
-#if defined(TARGET_DARWIN) \
+#if defined(TARGET_DARWIN) || defined(__FreeBSD_kernel__) \
|| defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \
|| defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
@@ -1893,6 +1874,14 @@ add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt, unsigned int flag
}
#endif
+ if (!tt->did_ifconfig_ipv6_setup)
+ {
+ msg( M_INFO, "add_route_ipv6(): not adding %s/%d: "
+ "no IPv6 address been configured on interface %s",
+ network, r6->netbits, device);
+ return;
+ }
+
msg( M_INFO, "add_route_ipv6(%s/%d -> %s metric %d) dev %s",
network, r6->netbits, gateway, r6->metric, device );
@@ -2043,7 +2032,7 @@ add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt, unsigned int flag
argv_msg(D_ROUTE, &argv);
status = openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route add -inet6 command failed");
-#elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY)
+#elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) || defined(__FreeBSD_kernel__)
argv_printf(&argv, "%s add -inet6 %s/%d",
ROUTE_PATH,
@@ -2227,7 +2216,7 @@ delete_route(struct route_ipv4 *r,
argv_msg(D_ROUTE, &argv);
openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route delete command failed");
-#elif defined(TARGET_FREEBSD)
+#elif defined(TARGET_FREEBSD) || defined(__FreeBSD_kernel__)
argv_printf(&argv, "%s delete -net %s %s %s",
ROUTE_PATH,
@@ -2334,7 +2323,7 @@ delete_route_ipv6(const struct route_ipv6 *r6, const struct tuntap *tt, unsigned
network = print_in6_addr( r6->network, 0, &gc);
gateway = print_in6_addr( r6->gateway, 0, &gc);
-#if defined(TARGET_DARWIN) \
+#if defined(TARGET_DARWIN) || defined(__FreeBSD_kernel__) \
|| defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \
|| defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
@@ -2469,7 +2458,7 @@ delete_route_ipv6(const struct route_ipv6 *r6, const struct tuntap *tt, unsigned
argv_msg(D_ROUTE, &argv);
openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route delete -inet6 command failed");
-#elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY)
+#elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) || defined(__FreeBSD_kernel__)
argv_printf(&argv, "%s delete -inet6 %s/%d",
ROUTE_PATH,
@@ -2634,9 +2623,7 @@ test_routes(const struct route_list *rl, const struct tuntap *tt)
{
struct route_ipv4 *r;
for (r = rl->routes, len = 0; r; r = r->next, ++len)
- {
test_route_helper(&ret, &count, &good, &ambig, adapters, r->gateway);
- }
if ((rl->flags & RG_ENABLE) && (rl->spec.flags & RTSA_REMOTE_ENDPOINT))
{
@@ -3060,10 +3047,8 @@ do_route_ipv6_service(const bool add, const struct route_ipv6 *r, const struct t
/* In TUN mode we use a special link-local address as the next hop.
* The tapdrvr knows about it and will answer neighbor discovery packets.
- * (only do this for routes actually using the tun/tap device)
*/
- if (tt->type == DEV_TYPE_TUN
- && msg.iface.index == tt->adapter_index )
+ if (tt->type == DEV_TYPE_TUN)
{
inet_pton(AF_INET6, "fe80::8", &msg.gateway.ipv6);
}
@@ -3514,7 +3499,8 @@ done:
#elif defined(TARGET_DARWIN) || defined(TARGET_SOLARIS) \
|| defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \
- || defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
+ || defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) \
+ || defined(__FreeBSD_kernel__)
#include <sys/types.h>
#include <sys/socket.h>
@@ -3596,9 +3582,6 @@ get_default_gateway(struct route_gateway_info *rgi)
rtm.rtm_flags = RTF_UP | RTF_GATEWAY;
rtm.rtm_version = RTM_VERSION;
rtm.rtm_seq = ++seq;
-#ifdef TARGET_OPENBSD
- rtm.rtm_tableid = getrtable();
-#endif
rtm.rtm_addrs = rtm_addrs;
so_dst.sa_family = AF_INET;
@@ -3626,8 +3609,7 @@ get_default_gateway(struct route_gateway_info *rgi)
msg(M_WARN, "GDG: problem writing to routing socket");
goto done;
}
- do
- {
+ do {
l = read(sockfd, (char *)&m_rtmsg, sizeof(m_rtmsg));
} while (l > 0 && (rtm.rtm_seq != seq || rtm.rtm_pid != pid));
close(sockfd);
@@ -3814,9 +3796,6 @@ get_default_gateway_ipv6(struct route_ipv6_gateway_info *rgi6,
rtm.rtm_flags = RTF_UP;
rtm.rtm_version = RTM_VERSION;
rtm.rtm_seq = ++seq;
-#ifdef TARGET_OPENBSD
- rtm.rtm_tableid = getrtable();
-#endif
so_dst.sin6_family = AF_INET6;
so_mask.sin6_family = AF_INET6;
diff --git a/src/openvpn/route.h b/src/openvpn/route.h
index 6414d6c..03ee8cd 100644
--- a/src/openvpn/route.h
+++ b/src/openvpn/route.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
@@ -353,8 +354,7 @@ bool del_route_ipapi(const struct route_ipv4 *r, const struct tuntap *tt);
#else /* ifdef _WIN32 */
static inline bool
-test_routes(const struct route_list *rl, const struct tuntap *tt)
-{
+test_routes(const struct route_list *rl, const struct tuntap *tt) {
return true;
}
#endif
diff --git a/src/openvpn/schedule.c b/src/openvpn/schedule.c
index b1ba5d4..610bfa4 100644
--- a/src/openvpn/schedule.c
+++ b/src/openvpn/schedule.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
@@ -376,9 +377,7 @@ schedule_add_modify(struct schedule *s, struct schedule_entry *e)
* keeps the tree balanced. Move the node up the tree until
* its own priority is greater than that of its parent */
while (e->parent && e->parent->pri > e->pri)
- {
schedule_rotate_up(s, e);
- }
}
/*
@@ -624,9 +623,7 @@ schedule_print_work(struct schedule_entry *e, int indent)
struct gc_arena gc = gc_new();
int i;
for (i = 0; i < indent; ++i)
- {
printf(" ");
- }
if (e)
{
printf("%s [%u] e=" ptr_format ", p=" ptr_format " lt=" ptr_format " gt=" ptr_format "\n",
diff --git a/src/openvpn/schedule.h b/src/openvpn/schedule.h
index e6c1b7e..f2a6813 100644
--- a/src/openvpn/schedule.h
+++ b/src/openvpn/schedule.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef SCHEDULE_H
diff --git a/src/openvpn/session_id.c b/src/openvpn/session_id.c
index dce42e7..b23f0f4 100644
--- a/src/openvpn/session_id.c
+++ b/src/openvpn/session_id.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
@@ -63,7 +64,6 @@ session_id_print(const struct session_id *sid, struct gc_arena *gc)
#else /* ifdef ENABLE_CRYPTO */
static void
-dummy(void)
-{
+dummy(void) {
}
#endif /* ENABLE_CRYPTO */
diff --git a/src/openvpn/session_id.h b/src/openvpn/session_id.h
index 6611a3c..2b0ceb8 100644
--- a/src/openvpn/session_id.h
+++ b/src/openvpn/session_id.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
diff --git a/src/openvpn/shaper.c b/src/openvpn/shaper.c
index 19dd54d..eb459ef 100644
--- a/src/openvpn/shaper.c
+++ b/src/openvpn/shaper.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
@@ -97,7 +98,6 @@ shaper_msg(struct shaper *s)
#else /* ifdef ENABLE_FEATURE_SHAPER */
static void
-dummy(void)
-{
+dummy(void) {
}
#endif /* ENABLE_FEATURE_SHAPER */
diff --git a/src/openvpn/shaper.h b/src/openvpn/shaper.h
index 6fac16d..d97221a 100644
--- a/src/openvpn/shaper.h
+++ b/src/openvpn/shaper.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef SHAPER_H
diff --git a/src/openvpn/sig.c b/src/openvpn/sig.c
index 87cef71..9f4841a 100644
--- a/src/openvpn/sig.c
+++ b/src/openvpn/sig.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
diff --git a/src/openvpn/sig.h b/src/openvpn/sig.h
index 7c41070..5783731 100644
--- a/src/openvpn/sig.h
+++ b/src/openvpn/sig.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef SIG_H
diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c
index 4e7e3f9..ae12832 100644
--- a/src/openvpn/socket.c
+++ b/src/openvpn/socket.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
@@ -204,9 +205,7 @@ do_preresolve_host(struct context *c,
{
struct cached_dns_entry *prev = c->c1.dns_cache;
while (prev->next)
- {
prev = prev->next;
- }
prev->next = ph;
}
@@ -337,6 +336,20 @@ openvpn_getaddrinfo(unsigned int flags,
ASSERT(hostname || servname);
ASSERT(!(flags & GETADDR_HOST_ORDER));
+ if (hostname && (flags & GETADDR_RANDOMIZE))
+ {
+ hostname = hostname_randomize(hostname, &gc);
+ }
+
+ if (hostname)
+ {
+ print_hostname = hostname;
+ }
+ else
+ {
+ print_hostname = "undefined";
+ }
+
if (servname)
{
print_servname = servname;
@@ -387,20 +400,6 @@ openvpn_getaddrinfo(unsigned int flags,
const char *fmt;
int level = 0;
- if (hostname && (flags & GETADDR_RANDOMIZE))
- {
- hostname = hostname_randomize(hostname, &gc);
- }
-
- if (hostname)
- {
- print_hostname = hostname;
- }
- else
- {
- print_hostname = "undefined";
- }
-
fmt = "RESOLVE: Cannot resolve host address: %s:%s (%s)";
if ((flags & GETADDR_MENTION_RESOLVE_RETRY)
&& !resolve_retry_seconds)
@@ -511,10 +510,6 @@ openvpn_getaddrinfo(unsigned int flags,
else
{
/* IP address parse succeeded */
- if (flags & GETADDR_RANDOMIZE)
- {
- msg(M_WARN, "WARNING: ignoring --remote-random-hostname because the hostname is an IP address");
- }
}
done:
@@ -1149,7 +1144,7 @@ tcp_connection_established(const struct link_socket_actual *act)
gc_free(&gc);
}
-static socket_descriptor_t
+static int
socket_listen_accept(socket_descriptor_t sd,
struct link_socket_actual *act,
const char *remote_dynamic,
@@ -1161,7 +1156,7 @@ socket_listen_accept(socket_descriptor_t sd,
struct gc_arena gc = gc_new();
/* struct openvpn_sockaddr *remote = &act->dest; */
struct openvpn_sockaddr remote_verify = act->dest;
- socket_descriptor_t new_sd = SOCKET_UNDEFINED;
+ int new_sd = SOCKET_UNDEFINED;
CLEAR(*act);
socket_do_listen(sd, local, do_listen, true);
@@ -2013,8 +2008,7 @@ static void
phase2_tcp_client(struct link_socket *sock, struct signal_info *sig_info)
{
bool proxy_retry = false;
- do
- {
+ do {
socket_connect(&sock->sd,
sock->info.lsa->current_remote->ai_addr,
get_server_poll_remaining_time(sock->server_poll_timeout),
@@ -2370,8 +2364,7 @@ link_socket_bad_incoming_addr(struct buffer *buf,
(int)from_addr->dest.addr.sa.sa_family,
print_sockaddr_ex(info->lsa->remote_list->ai_addr,":",PS_SHOW_PORT, &gc));
/* print additional remote addresses */
- for (ai = info->lsa->remote_list->ai_next; ai; ai = ai->ai_next)
- {
+ for (ai = info->lsa->remote_list->ai_next; ai; ai = ai->ai_next) {
msg(D_LINK_ERRORS,"or from peer address: %s",
print_sockaddr_ex(ai->ai_addr,":",PS_SHOW_PORT, &gc));
}
@@ -3060,12 +3053,10 @@ ascii2proto(const char *proto_name)
{
int i;
for (i = 0; i < SIZE(proto_names); ++i)
- {
if (!strcmp(proto_name, proto_names[i].short_form))
{
return proto_names[i].proto;
}
- }
return -1;
}
@@ -3074,12 +3065,10 @@ ascii2af(const char *proto_name)
{
int i;
for (i = 0; i < SIZE(proto_names); ++i)
- {
if (!strcmp(proto_name, proto_names[i].short_form))
{
return proto_names[i].proto_af;
}
- }
return 0;
}
diff --git a/src/openvpn/socket.h b/src/openvpn/socket.h
index 2d7f218..63e601e 100644
--- a/src/openvpn/socket.h
+++ b/src/openvpn/socket.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef SOCKET_H
@@ -622,8 +623,7 @@ addr_defined(const struct openvpn_sockaddr *addr)
{
return 0;
}
- switch (addr->addr.sa.sa_family)
- {
+ switch (addr->addr.sa.sa_family) {
case AF_INET: return addr->addr.in4.sin_addr.s_addr != 0;
case AF_INET6: return !IN6_IS_ADDR_UNSPECIFIED(&addr->addr.in6.sin6_addr);
@@ -639,8 +639,7 @@ addr_local(const struct sockaddr *addr)
{
return false;
}
- switch (addr->sa_family)
- {
+ switch (addr->sa_family) {
case AF_INET:
return ((const struct sockaddr_in *)addr)->sin_addr.s_addr == htonl(INADDR_LOOPBACK);
@@ -661,8 +660,7 @@ addr_defined_ipi(const struct link_socket_actual *lsa)
{
return 0;
}
- switch (lsa->dest.addr.sa.sa_family)
- {
+ switch (lsa->dest.addr.sa.sa_family) {
#if defined(HAVE_IN_PKTINFO) && defined(HAVE_IPI_SPEC_DST)
case AF_INET: return lsa->pi.in4.ipi_spec_dst.s_addr != 0;
@@ -689,8 +687,7 @@ link_socket_actual_defined(const struct link_socket_actual *act)
static inline bool
addr_match(const struct openvpn_sockaddr *a1, const struct openvpn_sockaddr *a2)
{
- switch (a1->addr.sa.sa_family)
- {
+ switch (a1->addr.sa.sa_family) {
case AF_INET:
return a1->addr.in4.sin_addr.s_addr == a2->addr.in4.sin_addr.s_addr;
@@ -784,8 +781,7 @@ addrlist_port_match(const struct openvpn_sockaddr *a1, const struct addrinfo *a2
static inline bool
addr_port_match(const struct openvpn_sockaddr *a1, const struct openvpn_sockaddr *a2)
{
- switch (a1->addr.sa.sa_family)
- {
+ switch (a1->addr.sa.sa_family) {
case AF_INET:
return a1->addr.in4.sin_addr.s_addr == a2->addr.in4.sin_addr.s_addr
&& a1->addr.in4.sin_port == a2->addr.in4.sin_port;
@@ -822,8 +818,7 @@ addrlist_match_proto(const struct openvpn_sockaddr *a1,
static inline void
addr_zero_host(struct openvpn_sockaddr *addr)
{
- switch (addr->addr.sa.sa_family)
- {
+ switch (addr->addr.sa.sa_family) {
case AF_INET:
addr->addr.in4.sin_addr.s_addr = 0;
break;
@@ -851,8 +846,7 @@ int addr_guess_family(sa_family_t af,const char *name);
static inline int
af_addr_size(sa_family_t af)
{
- switch (af)
- {
+ switch (af) {
case AF_INET: return sizeof(struct sockaddr_in);
case AF_INET6: return sizeof(struct sockaddr_in6);
@@ -925,8 +919,7 @@ link_socket_verify_incoming_addr(struct buffer *buf,
{
if (buf->len > 0)
{
- switch (from_addr->dest.addr.sa.sa_family)
- {
+ switch (from_addr->dest.addr.sa.sa_family) {
case AF_INET6:
case AF_INET:
if (!link_socket_actual_defined(from_addr))
diff --git a/src/openvpn/socks.c b/src/openvpn/socks.c
index 92747ec..b50cac3 100644
--- a/src/openvpn/socks.c
+++ b/src/openvpn/socks.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
diff --git a/src/openvpn/socks.h b/src/openvpn/socks.h
index 39b96c5..17e75e1 100644
--- a/src/openvpn/socks.h
+++ b/src/openvpn/socks.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index 15cd94a..d94a421 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -18,9 +18,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
@@ -268,12 +269,10 @@ static void
key_ctx_update_implicit_iv(struct key_ctx *ctx, uint8_t *key, size_t key_len);
const tls_cipher_name_pair *
-tls_get_cipher_name_pair(const char *cipher_name, size_t len)
-{
+tls_get_cipher_name_pair(const char *cipher_name, size_t len) {
const tls_cipher_name_pair *pair = tls_cipher_name_translation_table;
- while (pair->openssl_name != NULL)
- {
+ while (pair->openssl_name != NULL) {
if ((strlen(pair->openssl_name) == len && 0 == memcmp(cipher_name, pair->openssl_name, len))
|| (strlen(pair->iana_name) == len && 0 == memcmp(cipher_name, pair->iana_name, len)))
{
@@ -451,8 +450,6 @@ ssl_set_auth_nocache(void)
{
passbuf.nocache = true;
auth_user_pass.nocache = true;
- /* wait for push-reply, because auth-token may invert nocache */
- auth_user_pass.wait_for_push = true;
}
/*
@@ -461,14 +458,6 @@ ssl_set_auth_nocache(void)
void
ssl_set_auth_token(const char *token)
{
- if (auth_user_pass.nocache)
- {
- msg(M_INFO,
- "auth-token received, disabling auth-nocache for the "
- "authentication token");
- auth_user_pass.nocache = false;
- }
-
set_auth_token(&auth_user_pass, token);
}
@@ -580,12 +569,12 @@ tls_ctx_reload_crl(struct tls_root_ctx *ssl_ctx, const char *crl_file,
* Note: Windows does not support tv_nsec.
*/
if ((ssl_ctx->crl_last_size == crl_stat.st_size)
- && (ssl_ctx->crl_last_mtime == crl_stat.st_mtime))
+ && (ssl_ctx->crl_last_mtime.tv_sec == crl_stat.st_mtime))
{
return;
}
- ssl_ctx->crl_last_mtime = crl_stat.st_mtime;
+ ssl_ctx->crl_last_mtime.tv_sec = crl_stat.st_mtime;
ssl_ctx->crl_last_size = crl_stat.st_size;
backend_tls_ctx_reload_crl(ssl_ctx, crl_file, crl_file_inline);
}
@@ -1072,9 +1061,7 @@ tls_session_init(struct tls_multi *multi, struct tls_session *session)
/* Randomize session # if it is 0 */
while (!session_id_defined(&session->session_id))
- {
session_id_random(&session->session_id);
- }
/* Are we a TLS server or client? */
ASSERT(session->opt->key_method >= 1);
@@ -1136,9 +1123,7 @@ tls_session_free(struct tls_session *session, bool clear)
free_buf(&session->tls_wrap.work);
for (i = 0; i < KS_SIZE; ++i)
- {
key_state_free(&session->key[i], false);
- }
if (session->common_name)
{
@@ -1195,8 +1180,7 @@ reset_session(struct tls_multi *multi, struct tls_session *session)
* called again.
*/
static inline void
-compute_earliest_wakeup(interval_t *earliest, interval_t seconds_from_now)
-{
+compute_earliest_wakeup(interval_t *earliest, interval_t seconds_from_now) {
if (seconds_from_now < *earliest)
{
*earliest = seconds_from_now;
@@ -1366,9 +1350,7 @@ tls_multi_free(struct tls_multi *multi, bool clear)
free(multi->remote_ciphername);
for (i = 0; i < TM_SIZE; ++i)
- {
tls_session_free(&multi->session[i], false);
- }
if (clear)
{
@@ -1616,8 +1598,8 @@ tls1_P_hash(const md_kt_t *md_kt,
{
struct gc_arena gc = gc_new();
int chunk;
- hmac_ctx_t *ctx;
- hmac_ctx_t *ctx_tmp;
+ hmac_ctx_t ctx;
+ hmac_ctx_t ctx_tmp;
uint8_t A1[MAX_HMAC_KEY_LENGTH];
unsigned int A1_len;
@@ -1626,8 +1608,8 @@ tls1_P_hash(const md_kt_t *md_kt,
const uint8_t *out_orig = out;
#endif
- ctx = hmac_ctx_new();
- ctx_tmp = hmac_ctx_new();
+ CLEAR(ctx);
+ CLEAR(ctx_tmp);
dmsg(D_SHOW_KEY_SOURCE, "tls1_P_hash sec: %s", format_hex(sec, sec_len, 0, &gc));
dmsg(D_SHOW_KEY_SOURCE, "tls1_P_hash seed: %s", format_hex(seed, seed_len, 0, &gc));
@@ -1635,38 +1617,36 @@ tls1_P_hash(const md_kt_t *md_kt,
chunk = md_kt_size(md_kt);
A1_len = md_kt_size(md_kt);
- hmac_ctx_init(ctx, sec, sec_len, md_kt);
- hmac_ctx_init(ctx_tmp, sec, sec_len, md_kt);
+ hmac_ctx_init(&ctx, sec, sec_len, md_kt);
+ hmac_ctx_init(&ctx_tmp, sec, sec_len, md_kt);
- hmac_ctx_update(ctx,seed,seed_len);
- hmac_ctx_final(ctx, A1);
+ hmac_ctx_update(&ctx,seed,seed_len);
+ hmac_ctx_final(&ctx, A1);
for (;; )
{
- hmac_ctx_reset(ctx);
- hmac_ctx_reset(ctx_tmp);
- hmac_ctx_update(ctx,A1,A1_len);
- hmac_ctx_update(ctx_tmp,A1,A1_len);
- hmac_ctx_update(ctx,seed,seed_len);
+ hmac_ctx_reset(&ctx);
+ hmac_ctx_reset(&ctx_tmp);
+ hmac_ctx_update(&ctx,A1,A1_len);
+ hmac_ctx_update(&ctx_tmp,A1,A1_len);
+ hmac_ctx_update(&ctx,seed,seed_len);
if (olen > chunk)
{
- hmac_ctx_final(ctx, out);
+ hmac_ctx_final(&ctx, out);
out += chunk;
olen -= chunk;
- hmac_ctx_final(ctx_tmp, A1); /* calc the next A1 value */
+ hmac_ctx_final(&ctx_tmp, A1); /* calc the next A1 value */
}
else /* last one */
{
- hmac_ctx_final(ctx, A1);
+ hmac_ctx_final(&ctx, A1);
memcpy(out,A1,olen);
break;
}
}
- hmac_ctx_cleanup(ctx);
- hmac_ctx_free(ctx);
- hmac_ctx_cleanup(ctx_tmp);
- hmac_ctx_free(ctx_tmp);
+ hmac_ctx_cleanup(&ctx);
+ hmac_ctx_cleanup(&ctx_tmp);
secure_memzero(A1, sizeof(A1));
dmsg(D_SHOW_KEY_SOURCE, "tls1_P_hash out: %s", format_hex(out_orig, olen_orig, 0, &gc));
@@ -1718,9 +1698,7 @@ tls1_PRF(const uint8_t *label,
tls1_P_hash(sha1,S2,len,label,label_len,out2,olen);
for (i = 0; i<olen; i++)
- {
out1[i] ^= out2[i];
- }
secure_memzero(out2, olen);
@@ -1870,8 +1848,7 @@ exit:
}
static void
-key_ctx_update_implicit_iv(struct key_ctx *ctx, uint8_t *key, size_t key_len)
-{
+key_ctx_update_implicit_iv(struct key_ctx *ctx, uint8_t *key, size_t key_len) {
const cipher_kt_t *cipher_kt = cipher_ctx_get_cipher_kt(ctx->cipher);
/* Only use implicit IV in AEAD cipher mode, where HMAC key is not used */
@@ -1970,12 +1947,6 @@ tls_session_update_crypto_params(struct tls_session *session,
return false;
}
- if (strcmp(options->ciphername, session->opt->config_ciphername))
- {
- msg(D_HANDSHAKE, "Data Channel: using negotiated cipher '%s'",
- options->ciphername);
- }
-
init_key_type(&session->opt->key_type, options->ciphername,
options->authname, options->keysize, true, true);
@@ -2269,7 +2240,7 @@ push_peer_info(struct buffer *buf, struct tls_session *session)
buf_printf(&out, "IV_PLAT=mac\n");
#elif defined(TARGET_NETBSD)
buf_printf(&out, "IV_PLAT=netbsd\n");
-#elif defined(TARGET_FREEBSD)
+#elif defined(TARGET_FREEBSD) || defined(__FreeBSD_kernel__)
buf_printf(&out, "IV_PLAT=freebsd\n");
#elif defined(TARGET_ANDROID)
buf_printf(&out, "IV_PLAT=android\n");
@@ -2393,21 +2364,7 @@ key_method_2_write(struct buffer *buf, struct tls_session *session)
{
goto error;
}
- /* if auth-nocache was specified, the auth_user_pass object reaches
- * a "complete" state only after having received the push-reply
- * message.
- * This is the case because auth-token statement in a push-reply would
- * invert its nocache.
- *
- * For this reason, skip the purge operation here if no push-reply
- * message has been received yet.
- *
- * This normally happens upon first negotiation only.
- */
- if (!auth_user_pass.wait_for_push)
- {
- purge_user_pass(&auth_user_pass, false);
- }
+ purge_user_pass(&auth_user_pass, false);
}
else
{
@@ -2523,7 +2480,7 @@ key_method_2_read(struct buffer *buf, struct tls_multi *multi, struct tls_sessio
struct gc_arena gc = gc_new();
char *options;
- struct user_pass *up = NULL;
+ struct user_pass *up;
/* allocate temporary objects */
ALLOC_ARRAY_CLEAR_GC(options, char, TLS_OPTIONS_LEN, &gc);
@@ -2685,10 +2642,6 @@ key_method_2_read(struct buffer *buf, struct tls_multi *multi, struct tls_sessio
error:
secure_memzero(ks->key_src, sizeof(*ks->key_src));
- if (up)
- {
- secure_memzero(up, sizeof(*up));
- }
buf_clear(buf);
gc_free(&gc);
return false;
@@ -2850,9 +2803,6 @@ tls_process(struct tls_multi *multi,
session->opt->crl_file, session->opt->crl_file_inline);
}
- /* New connection, remove any old X509 env variables */
- tls_x509_clear_env(session->opt->es);
-
dmsg(D_TLS_DEBUG_MED, "STATE S_START");
}
@@ -4106,8 +4056,7 @@ tls_peer_info_ncp_ver(const char *peer_info)
}
bool
-tls_check_ncp_cipher_list(const char *list)
-{
+tls_check_ncp_cipher_list(const char *list) {
bool unsupported_cipher_found = false;
ASSERT(list);
@@ -4250,16 +4199,8 @@ done:
return BSTR(&out);
}
-void
-delayed_auth_pass_purge(void)
-{
- auth_user_pass.wait_for_push = false;
- purge_user_pass(&auth_user_pass, false);
-}
-
#else /* if defined(ENABLE_CRYPTO) */
static void
-dummy(void)
-{
+dummy(void) {
}
#endif /* ENABLE_CRYPTO */
diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h
index 56ea601..03688ca 100644
--- a/src/openvpn/ssl.h
+++ b/src/openvpn/ssl.h
@@ -17,9 +17,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
@@ -598,8 +599,6 @@ void extract_x509_field_test(void);
*/
bool is_hard_reset(int op, int key_method);
-void delayed_auth_pass_purge(void);
-
#endif /* ENABLE_CRYPTO */
#endif /* ifndef OPENVPN_SSL_H */
diff --git a/src/openvpn/ssl_backend.h b/src/openvpn/ssl_backend.h
index a738f0f..206400f 100644
--- a/src/openvpn/ssl_backend.h
+++ b/src/openvpn/ssl_backend.h
@@ -17,9 +17,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
diff --git a/src/openvpn/ssl_common.h b/src/openvpn/ssl_common.h
index 25bffd5..9a16d77 100644
--- a/src/openvpn/ssl_common.h
+++ b/src/openvpn/ssl_common.h
@@ -17,9 +17,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
@@ -270,7 +271,6 @@ struct tls_options
unsigned remote_cert_ku[MAX_PARMS];
const char *remote_cert_eku;
uint8_t *verify_hash;
- hash_algo_type verify_hash_algo;
char *x509_username_field;
/* allow openvpn config info to be
diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c
index ef583e6..5c84e30 100644
--- a/src/openvpn/ssl_mbedtls.c
+++ b/src/openvpn/ssl_mbedtls.c
@@ -18,9 +18,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
@@ -184,8 +185,7 @@ tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags)
}
static const char *
-tls_translate_cipher_name(const char *cipher_name)
-{
+tls_translate_cipher_name(const char *cipher_name) {
const tls_cipher_name_pair *pair = tls_get_cipher_name_pair(cipher_name, strlen(cipher_name));
if (NULL == pair)
@@ -222,12 +222,10 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
/* Get number of ciphers */
for (i = 0, cipher_count = 1; i < ciphers_len; i++)
- {
if (ciphers[i] == ':')
{
cipher_count++;
}
- }
/* Allocate an array for them */
ALLOC_ARRAY_CLEAR(ctx->allowed_ciphers, int, cipher_count+1)
@@ -835,8 +833,7 @@ tls_version_max(void)
* Must be a valid pointer.
*/
static void
-tls_version_to_major_minor(int tls_ver, int *major, int *minor)
-{
+tls_version_to_major_minor(int tls_ver, int *major, int *minor) {
ASSERT(major);
ASSERT(minor);
diff --git a/src/openvpn/ssl_mbedtls.h b/src/openvpn/ssl_mbedtls.h
index f69b610..1bc53ce 100644
--- a/src/openvpn/ssl_mbedtls.h
+++ b/src/openvpn/ssl_mbedtls.h
@@ -17,9 +17,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
@@ -73,7 +74,7 @@ struct tls_root_ctx {
mbedtls_x509_crt *ca_chain; /**< CA chain for remote verification */
mbedtls_pk_context *priv_key; /**< Local private key */
mbedtls_x509_crl *crl; /**< Certificate Revocation List */
- time_t crl_last_mtime; /**< CRL last modification time */
+ struct timespec crl_last_mtime; /**< CRL last modification time */
off_t crl_last_size; /**< size of last loaded CRL */
#if defined(ENABLE_PKCS11)
mbedtls_pkcs11_context *priv_key_pkcs11; /**< PKCS11 private key */
diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index e589dcd..eae1e22 100644
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -17,9 +17,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
@@ -44,7 +45,6 @@
#include "ssl_backend.h"
#include "ssl_common.h"
#include "base64.h"
-#include "openssl_compat.h"
#ifdef ENABLE_CRYPTOAPI
#include "cryptoapi.h"
@@ -321,8 +321,7 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
/* Translate IANA cipher suite names to OpenSSL names */
begin_of_cipher = end_of_cipher = 0;
- for (; begin_of_cipher < strlen(ciphers); begin_of_cipher = end_of_cipher)
- {
+ for (; begin_of_cipher < strlen(ciphers); begin_of_cipher = end_of_cipher) {
end_of_cipher += strcspn(&ciphers[begin_of_cipher], ":");
cipher_pair = tls_get_cipher_name_pair(&ciphers[begin_of_cipher], end_of_cipher - begin_of_cipher);
@@ -354,8 +353,7 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
}
/* Make sure new cipher name fits in cipher string */
- if ((SIZE_MAX - openssl_ciphers_len) < current_cipher_len
- || ((sizeof(openssl_ciphers)-1) < openssl_ciphers_len + current_cipher_len))
+ if (((sizeof(openssl_ciphers)-1) - openssl_ciphers_len) < current_cipher_len)
{
msg(M_FATAL,
"Failed to set restricted TLS cipher list, too long (>%d).",
@@ -509,18 +507,10 @@ tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name
const EC_GROUP *ecgrp = NULL;
EVP_PKEY *pkey = NULL;
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
- pkey = SSL_CTX_get0_privatekey(ctx->ctx);
-#else
/* Little hack to get private key ref from SSL_CTX, yay OpenSSL... */
- SSL *ssl = SSL_new(ctx->ctx);
- if (!ssl)
- {
- crypto_msg(M_FATAL, "SSL_new failed");
- }
- pkey = SSL_get_privatekey(ssl);
- SSL_free(ssl);
-#endif
+ SSL ssl;
+ ssl.cert = ctx->ctx->cert;
+ pkey = SSL_get_privatekey(&ssl);
msg(D_TLS_DEBUG, "Extracting ECDH curve from private key");
@@ -659,8 +649,7 @@ tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file,
{
for (i = 0; i < sk_X509_num(ca); i++)
{
- X509_STORE *cert_store = SSL_CTX_get_cert_store(ctx->ctx);
- if (!X509_STORE_add_cert(cert_store,sk_X509_value(ca, i)))
+ if (!X509_STORE_add_cert(ctx->ctx->cert_store,sk_X509_value(ca, i)))
{
crypto_msg(M_FATAL,"Cannot add certificate to certificate chain (X509_STORE_add_cert)");
}
@@ -762,9 +751,8 @@ tls_ctx_load_cert_file_and_copy(struct tls_root_ctx *ctx,
goto end;
}
- x = PEM_read_bio_X509(in, NULL,
- SSL_CTX_get_default_passwd_cb(ctx->ctx),
- SSL_CTX_get_default_passwd_cb_userdata(ctx->ctx));
+ x = PEM_read_bio_X509(in, NULL, ctx->ctx->default_passwd_callback,
+ ctx->ctx->default_passwd_callback_userdata);
if (x == NULL)
{
SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_PEM_LIB);
@@ -846,8 +834,8 @@ tls_ctx_load_priv_file(struct tls_root_ctx *ctx, const char *priv_key_file,
}
pkey = PEM_read_bio_PrivateKey(in, NULL,
- SSL_CTX_get_default_passwd_cb(ctx->ctx),
- SSL_CTX_get_default_passwd_cb_userdata(ctx->ctx));
+ ssl_ctx->default_passwd_callback,
+ ssl_ctx->default_passwd_callback_userdata);
if (!pkey)
{
goto end;
@@ -900,15 +888,15 @@ backend_tls_ctx_reload_crl(struct tls_root_ctx *ssl_ctx, const char *crl_file,
/* Always start with a cleared CRL list, for that we
* we need to manually find the CRL object from the stack
* and remove it */
- STACK_OF(X509_OBJECT) *objs = X509_STORE_get0_objects(store);
- for (int i = 0; i < sk_X509_OBJECT_num(objs); i++)
+ for (int i = 0; i < sk_X509_OBJECT_num(store->objs); i++)
{
- X509_OBJECT *obj = sk_X509_OBJECT_value(objs, i);
+ X509_OBJECT *obj = sk_X509_OBJECT_value(store->objs, i);
ASSERT(obj);
- if (X509_OBJECT_get_type(obj) == X509_LU_CRL)
+ if (obj->type == X509_LU_CRL)
{
- sk_X509_OBJECT_delete(objs, i);
- X509_OBJECT_free(obj);
+ sk_X509_OBJECT_delete(store->objs, i);
+ X509_OBJECT_free_contents(obj);
+ OPENSSL_free(obj);
}
}
@@ -976,13 +964,10 @@ rsa_priv_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, i
/* called at RSA_free */
static int
-openvpn_extkey_rsa_finish(RSA *rsa)
+rsa_finish(RSA *rsa)
{
- /* meth was allocated in tls_ctx_use_external_private_key() ; since
- * this function is called when the parent RSA object is destroyed,
- * it is no longer used after this point so kill it. */
- const RSA_METHOD *meth = RSA_get_method(rsa);
- RSA_meth_free((RSA_METHOD *)meth);
+ free((void *)rsa->meth);
+ rsa->meth = NULL;
return 1;
}
@@ -998,7 +983,7 @@ rsa_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, i
if (padding != RSA_PKCS1_PADDING)
{
- RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
goto done;
}
@@ -1056,16 +1041,16 @@ tls_ctx_use_external_private_key(struct tls_root_ctx *ctx,
ASSERT(NULL != cert);
/* allocate custom RSA method object */
- rsa_meth = RSA_meth_new("OpenVPN external private key RSA Method",
- RSA_METHOD_FLAG_NO_CHECK);
- check_malloc_return(rsa_meth);
- RSA_meth_set_pub_enc(rsa_meth, rsa_pub_enc);
- RSA_meth_set_pub_dec(rsa_meth, rsa_pub_dec);
- RSA_meth_set_priv_enc(rsa_meth, rsa_priv_enc);
- RSA_meth_set_priv_dec(rsa_meth, rsa_priv_dec);
- RSA_meth_set_init(rsa_meth, NULL);
- RSA_meth_set_finish(rsa_meth, openvpn_extkey_rsa_finish);
- RSA_meth_set0_app_data(rsa_meth, NULL);
+ ALLOC_OBJ_CLEAR(rsa_meth, RSA_METHOD);
+ rsa_meth->name = "OpenVPN external private key RSA Method";
+ rsa_meth->rsa_pub_enc = rsa_pub_enc;
+ rsa_meth->rsa_pub_dec = rsa_pub_dec;
+ rsa_meth->rsa_priv_enc = rsa_priv_enc;
+ rsa_meth->rsa_priv_dec = rsa_priv_dec;
+ rsa_meth->init = NULL;
+ rsa_meth->finish = rsa_finish;
+ rsa_meth->flags = RSA_METHOD_FLAG_NO_CHECK;
+ rsa_meth->app_data = NULL;
/* allocate RSA object */
rsa = RSA_new();
@@ -1076,16 +1061,12 @@ tls_ctx_use_external_private_key(struct tls_root_ctx *ctx,
}
/* get the public key */
- EVP_PKEY *pkey = X509_get0_pubkey(cert);
- ASSERT(pkey); /* NULL before SSL_CTX_use_certificate() is called */
- pub_rsa = EVP_PKEY_get0_RSA(pkey);
+ ASSERT(cert->cert_info->key->pkey); /* NULL before SSL_CTX_use_certificate() is called */
+ pub_rsa = cert->cert_info->key->pkey->pkey.rsa;
/* initialize RSA object */
- const BIGNUM *n = NULL;
- const BIGNUM *e = NULL;
- RSA_get0_key(pub_rsa, &n, &e, NULL);
- RSA_set0_key(rsa, BN_dup(n), BN_dup(e), NULL);
- RSA_set_flags(rsa, RSA_flags(rsa) | RSA_FLAG_EXT_PKEY);
+ rsa->n = BN_dup(pub_rsa->n);
+ rsa->flags |= RSA_FLAG_EXT_PKEY;
if (!RSA_set_method(rsa, rsa_meth))
{
goto err;
@@ -1686,17 +1667,17 @@ print_details(struct key_state_ssl *ks_ssl, const char *prefix)
EVP_PKEY *pkey = X509_get_pubkey(cert);
if (pkey != NULL)
{
- if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA && EVP_PKEY_get0_RSA(pkey) != NULL)
+ if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL
+ && pkey->pkey.rsa->n != NULL)
{
- RSA *rsa = EVP_PKEY_get0_RSA(pkey);
openvpn_snprintf(s2, sizeof(s2), ", %d bit RSA",
- RSA_bits(rsa));
+ BN_num_bits(pkey->pkey.rsa->n));
}
- else if (EVP_PKEY_id(pkey) == EVP_PKEY_DSA && EVP_PKEY_get0_DSA(pkey) != NULL)
+ else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL
+ && pkey->pkey.dsa->p != NULL)
{
- DSA *dsa = EVP_PKEY_get0_DSA(pkey);
openvpn_snprintf(s2, sizeof(s2), ", %d bit DSA",
- DSA_bits(dsa));
+ BN_num_bits(pkey->pkey.dsa->p));
}
EVP_PKEY_free(pkey);
}
diff --git a/src/openvpn/ssl_openssl.h b/src/openvpn/ssl_openssl.h
index db4e1da..c64c65f 100644
--- a/src/openvpn/ssl_openssl.h
+++ b/src/openvpn/ssl_openssl.h
@@ -17,9 +17,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
@@ -48,7 +49,7 @@
*/
struct tls_root_ctx {
SSL_CTX *ctx;
- time_t crl_last_mtime;
+ struct timespec crl_last_mtime;
off_t crl_last_size;
};
diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c
index 9cd36d7..c553484 100644
--- a/src/openvpn/ssl_verify.c
+++ b/src/openvpn/ssl_verify.c
@@ -17,9 +17,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
@@ -273,9 +274,7 @@ cert_hash_free(struct cert_hash_set *chs)
{
int i;
for (i = 0; i < MAX_CERT_DEPTH; ++i)
- {
free(chs->ch[i]);
- }
free(chs);
}
}
@@ -717,31 +716,8 @@ verify_cert(struct tls_session *session, openvpn_x509_cert_t *cert, int cert_dep
/* verify level 1 cert, i.e. the CA that signed our leaf cert */
if (cert_depth == 1 && opt->verify_hash)
{
- struct buffer ca_hash = {0};
-
- switch (opt->verify_hash_algo)
- {
- case MD_SHA1:
- ca_hash = x509_get_sha1_fingerprint(cert, &gc);
- break;
-
- case MD_SHA256:
- ca_hash = x509_get_sha256_fingerprint(cert, &gc);
- break;
-
- default:
- /* This should normally not happen at all; the algorithm used
- * is parsed by add_option() [options.c] and set to a predefined
- * value in an enumerated type. So if this unlikely scenario
- * happens, consider this a failure
- */
- msg(M_WARN, "Unexpected invalid algorithm used with "
- "--verify-hash (%i)", opt->verify_hash_algo);
- ret = FAILURE;
- goto cleanup;
- }
-
- if (memcmp(BPTR(&ca_hash), opt->verify_hash, BLEN(&ca_hash)))
+ struct buffer sha1_hash = x509_get_sha1_fingerprint(cert, &gc);
+ if (memcmp(BPTR(&sha1_hash), opt->verify_hash, BLEN(&sha1_hash)))
{
msg(D_TLS_ERRORS, "TLS Error: level-1 certificate hash verification failed");
goto cleanup;
@@ -1515,21 +1491,4 @@ verify_final_auth_checks(struct tls_multi *multi, struct tls_session *session)
gc_free(&gc);
}
}
-
-void
-tls_x509_clear_env(struct env_set *es)
-{
- struct env_item *item = es->list;
- while (item)
- {
- struct env_item *next = item->next;
- if (item->string
- && 0 == strncmp("X509_", item->string, strlen("X509_")))
- {
- env_set_del(es, item->string);
- }
- item = next;
- }
-}
-
#endif /* ENABLE_CRYPTO */
diff --git a/src/openvpn/ssl_verify.h b/src/openvpn/ssl_verify.h
index f2d0d6c..ffab218 100644
--- a/src/openvpn/ssl_verify.h
+++ b/src/openvpn/ssl_verify.h
@@ -17,9 +17,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
@@ -217,9 +218,6 @@ struct x509_track
/** Do not perform Netscape certificate type verification */
#define NS_CERT_CHECK_CLIENT (1<<1)
-/** Require keyUsage to be present in cert (0xFFFF is an invalid KU value) */
-#define OPENVPN_KU_REQUIRED (0xFFFF)
-
/*
* TODO: document
*/
@@ -240,9 +238,6 @@ tls_client_reason(struct tls_multi *multi)
#endif
}
-/** Remove any X509_ env variables from env_set es */
-void tls_x509_clear_env(struct env_set *es);
-
#endif /* ENABLE_CRYPTO */
#endif /* SSL_VERIFY_H_ */
diff --git a/src/openvpn/ssl_verify_backend.h b/src/openvpn/ssl_verify_backend.h
index e8eaabe..c4330ba 100644
--- a/src/openvpn/ssl_verify_backend.h
+++ b/src/openvpn/ssl_verify_backend.h
@@ -17,9 +17,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
@@ -124,14 +125,6 @@ struct buffer x509_get_sha256_fingerprint(openvpn_x509_cert_t *cert,
result_t backend_x509_get_username(char *common_name, int cn_len,
char *x509_username_field, openvpn_x509_cert_t *peer_cert);
-#ifdef ENABLE_X509ALTUSERNAME
-/**
- * Return true iff the supplied extension field is supported by the
- * --x509-username-field option.
- */
-bool x509_username_field_ext_supported(const char *extname);
-#endif
-
/*
* Return the certificate's serial number in decimal string representation.
*
@@ -218,7 +211,7 @@ void x509_setenv_track(const struct x509_track *xt, struct env_set *es,
* the expected bit set. \c FAILURE if the certificate does
* not have NS cert type verification or the wrong bit set.
*/
-result_t x509_verify_ns_cert_type(openvpn_x509_cert_t *cert, const int usage);
+result_t x509_verify_ns_cert_type(const openvpn_x509_cert_t *cert, const int usage);
/*
* Verify X.509 key usage extension field.
diff --git a/src/openvpn/ssl_verify_mbedtls.c b/src/openvpn/ssl_verify_mbedtls.c
index 838c217..f01569f 100644
--- a/src/openvpn/ssl_verify_mbedtls.c
+++ b/src/openvpn/ssl_verify_mbedtls.c
@@ -17,9 +17,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
@@ -208,7 +209,7 @@ x509_get_fingerprint(const mbedtls_md_info_t *md_info, mbedtls_x509_crt *cert,
{
const size_t md_size = mbedtls_md_get_size(md_info);
struct buffer fingerprint = alloc_buf_gc(md_size, gc);
- mbedtls_md(md_info, cert->raw.p, cert->raw.len, BPTR(&fingerprint));
+ mbedtls_md(md_info, cert->raw.p, cert->tbs.len, BPTR(&fingerprint));
ASSERT(buf_inc_len(&fingerprint, md_size));
return fingerprint;
}
@@ -267,21 +268,11 @@ asn1_buf_to_c_string(const mbedtls_asn1_buf *orig, struct gc_arena *gc)
size_t i;
char *val;
- if (!(orig->tag == MBEDTLS_ASN1_UTF8_STRING
- || orig->tag == MBEDTLS_ASN1_PRINTABLE_STRING
- || orig->tag == MBEDTLS_ASN1_IA5_STRING))
- {
- /* Only support C-string compatible types */
- return string_alloc("ERROR: unsupported ASN.1 string type", gc);
- }
-
for (i = 0; i < orig->len; ++i)
- {
if (orig->p[i] == '\0')
{
- return string_alloc("ERROR: embedded null value", gc);
+ return "ERROR: embedded null value";
}
- }
val = gc_malloc(orig->len+1, false, gc);
memcpy(val, orig->p, orig->len);
val[orig->len] = '\0';
@@ -418,7 +409,7 @@ x509_setenv(struct env_set *es, int cert_depth, mbedtls_x509_crt *cert)
}
result_t
-x509_verify_ns_cert_type(mbedtls_x509_crt *cert, const int usage)
+x509_verify_ns_cert_type(const mbedtls_x509_crt *cert, const int usage)
{
if (usage == NS_CERT_CHECK_NONE)
{
@@ -444,42 +435,32 @@ result_t
x509_verify_cert_ku(mbedtls_x509_crt *cert, const unsigned *const expected_ku,
int expected_len)
{
- msg(D_HANDSHAKE, "Validating certificate key usage");
+ result_t fFound = FAILURE;
if (!(cert->ext_types & MBEDTLS_X509_EXT_KEY_USAGE))
{
- msg(D_TLS_ERRORS,
- "ERROR: Certificate does not have key usage extension");
- return FAILURE;
+ msg(D_HANDSHAKE, "Certificate does not have key usage extension");
}
-
- if (expected_ku[0] == OPENVPN_KU_REQUIRED)
+ else
{
- /* Extension required, value checked by TLS library */
- return SUCCESS;
- }
+ int i;
+ unsigned nku = cert->key_usage;
- result_t fFound = FAILURE;
- for (size_t i = 0; SUCCESS != fFound && i<expected_len; i++)
- {
- if (expected_ku[i] != 0
- && 0 == mbedtls_x509_crt_check_key_usage(cert, expected_ku[i]))
+ msg(D_HANDSHAKE, "Validating certificate key usage");
+ for (i = 0; SUCCESS != fFound && i<expected_len; i++)
{
- fFound = SUCCESS;
- }
- }
+ if (expected_ku[i] != 0)
+ {
+ msg(D_HANDSHAKE, "++ Certificate has key usage %04x, expects "
+ "%04x", nku, expected_ku[i]);
- if (fFound != SUCCESS)
- {
- msg(D_TLS_ERRORS,
- "ERROR: Certificate has key usage %04x, expected one of:",
- cert->key_usage);
- for (size_t i = 0; i < expected_len && expected_ku[i]; i++)
- {
- msg(D_TLS_ERRORS, " * %04x", expected_ku[i]);
+ if (nku == expected_ku[i])
+ {
+ fFound = SUCCESS;
+ }
+ }
}
}
-
return fFound;
}
diff --git a/src/openvpn/ssl_verify_mbedtls.h b/src/openvpn/ssl_verify_mbedtls.h
index 8b0a5ae..3c71073 100644
--- a/src/openvpn/ssl_verify_mbedtls.h
+++ b/src/openvpn/ssl_verify_mbedtls.h
@@ -17,9 +17,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c
index 468b495..e9692a0 100644
--- a/src/openvpn/ssl_verify_openssl.c
+++ b/src/openvpn/ssl_verify_openssl.c
@@ -17,9 +17,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
@@ -42,7 +43,6 @@
#include "ssl_openssl.h"
#include "ssl_verify.h"
#include "ssl_verify_backend.h"
-#include "openssl_compat.h"
#include <openssl/x509v3.h>
#include <openssl/err.h>
@@ -61,15 +61,14 @@ verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
session = (struct tls_session *) SSL_get_ex_data(ssl, mydata_index);
ASSERT(session);
- X509 *current_cert = X509_STORE_CTX_get_current_cert(ctx);
- struct buffer cert_hash = x509_get_sha256_fingerprint(current_cert, &gc);
- cert_hash_remember(session, X509_STORE_CTX_get_error_depth(ctx), &cert_hash);
+ struct buffer cert_hash = x509_get_sha256_fingerprint(ctx->current_cert, &gc);
+ cert_hash_remember(session, ctx->error_depth, &cert_hash);
/* did peer present cert which was signed by our root cert? */
if (!preverify_ok)
{
/* get the X509 name */
- char *subject = x509_get_subject(current_cert, &gc);
+ char *subject = x509_get_subject(ctx->current_cert, &gc);
if (!subject)
{
@@ -77,11 +76,11 @@ verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
}
/* Log and ignore missing CRL errors */
- if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_UNABLE_TO_GET_CRL)
+ if (ctx->error == X509_V_ERR_UNABLE_TO_GET_CRL)
{
msg(D_TLS_DEBUG_LOW, "VERIFY WARNING: depth=%d, %s: %s",
- X509_STORE_CTX_get_error_depth(ctx),
- X509_verify_cert_error_string(X509_STORE_CTX_get_error(ctx)),
+ ctx->error_depth,
+ X509_verify_cert_error_string(ctx->error),
subject);
ret = 1;
goto cleanup;
@@ -89,8 +88,8 @@ verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
/* Remote site specified a certificate, but it's not correct */
msg(D_TLS_ERRORS, "VERIFY ERROR: depth=%d, error=%s: %s",
- X509_STORE_CTX_get_error_depth(ctx),
- X509_verify_cert_error_string(X509_STORE_CTX_get_error(ctx)),
+ ctx->error_depth,
+ X509_verify_cert_error_string(ctx->error),
subject);
ERR_clear_error();
@@ -99,7 +98,7 @@ verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
goto cleanup;
}
- if (SUCCESS != verify_cert(session, current_cert, X509_STORE_CTX_get_error_depth(ctx)))
+ if (SUCCESS != verify_cert(session, ctx->current_cert, ctx->error_depth))
{
goto cleanup;
}
@@ -113,29 +112,16 @@ cleanup:
}
#ifdef ENABLE_X509ALTUSERNAME
-bool x509_username_field_ext_supported(const char *fieldname)
-{
- int nid = OBJ_txt2nid(fieldname);
- return nid == NID_subject_alt_name || nid == NID_issuer_alt_name;
-}
-
static
bool
extract_x509_extension(X509 *cert, char *fieldname, char *out, int size)
{
bool retval = false;
char *buf = 0;
-
- if (!x509_username_field_ext_supported(fieldname))
- {
- msg(D_TLS_ERRORS,
- "ERROR: --x509-alt-username field 'ext:%s' not supported",
- fieldname);
- return false;
- }
-
+ GENERAL_NAMES *extensions;
int nid = OBJ_txt2nid(fieldname);
- GENERAL_NAMES *extensions = X509_get_ext_d2i(cert, nid, NULL, NULL);
+
+ extensions = (GENERAL_NAMES *)X509_get_ext_d2i(cert, nid, NULL, NULL);
if (extensions)
{
int numalts;
@@ -156,10 +142,7 @@ extract_x509_extension(X509 *cert, char *fieldname, char *out, int size)
switch (name->type)
{
case GEN_EMAIL:
- if (ASN1_STRING_to_UTF8((unsigned char **)&buf, name->d.ia5) < 0)
- {
- continue;
- }
+ ASN1_STRING_to_UTF8((unsigned char **)&buf, name->d.ia5);
if (strlen(buf) != name->d.ia5->length)
{
msg(D_TLS_ERRORS, "ASN1 ERROR: string contained terminating zero");
@@ -179,7 +162,7 @@ extract_x509_extension(X509 *cert, char *fieldname, char *out, int size)
break;
}
}
- GENERAL_NAMES_free(extensions);
+ sk_GENERAL_NAME_free(extensions);
}
return retval;
}
@@ -206,24 +189,15 @@ extract_x509_field_ssl(X509_NAME *x509, const char *field_name, char *out,
X509_NAME_ENTRY *x509ne = 0;
ASN1_STRING *asn1 = 0;
unsigned char *buf = NULL;
- ASN1_OBJECT *field_name_obj = OBJ_txt2obj(field_name, 0);
-
- if (field_name_obj == NULL)
- {
- msg(D_TLS_ERRORS, "Invalid X509 attribute name '%s'", field_name);
- return FAILURE;
- }
+ int nid = OBJ_txt2nid(field_name);
ASSERT(size > 0);
*out = '\0';
- do
- {
+ do {
lastpos = tmp;
- tmp = X509_NAME_get_index_by_OBJ(x509, field_name_obj, lastpos);
+ tmp = X509_NAME_get_index_by_NID(x509, nid, lastpos);
} while (tmp > -1);
- ASN1_OBJECT_free(field_name_obj);
-
/* Nothing found */
if (lastpos == -1)
{
@@ -241,7 +215,8 @@ extract_x509_field_ssl(X509_NAME *x509, const char *field_name, char *out,
{
return FAILURE;
}
- if (ASN1_STRING_to_UTF8(&buf, asn1) < 0)
+ tmp = ASN1_STRING_to_UTF8(&buf, asn1);
+ if (tmp <= 0)
{
return FAILURE;
}
@@ -308,20 +283,18 @@ backend_x509_get_serial_hex(openvpn_x509_cert_t *cert, struct gc_arena *gc)
struct buffer
x509_get_sha1_fingerprint(X509 *cert, struct gc_arena *gc)
{
- const EVP_MD *sha1 = EVP_sha1();
- struct buffer hash = alloc_buf_gc(EVP_MD_size(sha1), gc);
- X509_digest(cert, EVP_sha1(), BPTR(&hash), NULL);
- ASSERT(buf_inc_len(&hash, EVP_MD_size(sha1)));
+ struct buffer hash = alloc_buf_gc(sizeof(cert->sha1_hash), gc);
+ memcpy(BPTR(&hash), cert->sha1_hash, sizeof(cert->sha1_hash));
+ ASSERT(buf_inc_len(&hash, sizeof(cert->sha1_hash)));
return hash;
}
struct buffer
x509_get_sha256_fingerprint(X509 *cert, struct gc_arena *gc)
{
- const EVP_MD *sha256 = EVP_sha256();
- struct buffer hash = alloc_buf_gc(EVP_MD_size(sha256), gc);
+ struct buffer hash = alloc_buf_gc((EVP_sha256())->md_size, gc);
X509_digest(cert, EVP_sha256(), BPTR(&hash), NULL);
- ASSERT(buf_inc_len(&hash, EVP_MD_size(sha256)));
+ ASSERT(buf_inc_len(&hash, (EVP_sha256())->md_size));
return hash;
}
@@ -331,6 +304,7 @@ x509_get_subject(X509 *cert, struct gc_arena *gc)
BIO *subject_bio = NULL;
BUF_MEM *subject_mem;
char *subject = NULL;
+ int maxlen = 0;
/*
* Generate the subject string in OpenSSL proprietary format,
@@ -361,10 +335,11 @@ x509_get_subject(X509 *cert, struct gc_arena *gc)
BIO_get_mem_ptr(subject_bio, &subject_mem);
- subject = gc_malloc(subject_mem->length + 1, false, gc);
+ maxlen = subject_mem->length + 1;
+ subject = gc_malloc(maxlen, false, gc);
- memcpy(subject, subject_mem->data, subject_mem->length);
- subject[subject_mem->length] = '\0';
+ memcpy(subject, subject_mem->data, maxlen);
+ subject[maxlen - 1] = '\0';
err:
if (subject_bio)
@@ -482,7 +457,7 @@ x509_setenv_track(const struct x509_track *xt, struct env_set *es, const int dep
ASN1_STRING *val = X509_NAME_ENTRY_get_data(ent);
unsigned char *buf;
buf = (unsigned char *)1; /* bug in OpenSSL 0.9.6b ASN1_STRING_to_UTF8 requires this workaround */
- if (ASN1_STRING_to_UTF8(&buf, val) >= 0)
+ if (ASN1_STRING_to_UTF8(&buf, val) > 0)
{
do_setenv_x509(es, xt->name, (char *)buf, depth);
OPENSSL_free(buf);
@@ -570,7 +545,7 @@ x509_setenv(struct env_set *es, int cert_depth, openvpn_x509_cert_t *peer_cert)
continue;
}
buf = (unsigned char *)1; /* bug in OpenSSL 0.9.6b ASN1_STRING_to_UTF8 requires this workaround */
- if (ASN1_STRING_to_UTF8(&buf, val) < 0)
+ if (ASN1_STRING_to_UTF8(&buf, val) <= 0)
{
continue;
}
@@ -588,7 +563,7 @@ x509_setenv(struct env_set *es, int cert_depth, openvpn_x509_cert_t *peer_cert)
}
result_t
-x509_verify_ns_cert_type(openvpn_x509_cert_t *peer_cert, const int usage)
+x509_verify_ns_cert_type(const openvpn_x509_cert_t *peer_cert, const int usage)
{
if (usage == NS_CERT_CHECK_NONE)
{
@@ -596,59 +571,13 @@ x509_verify_ns_cert_type(openvpn_x509_cert_t *peer_cert, const int usage)
}
if (usage == NS_CERT_CHECK_CLIENT)
{
- /*
- * Unfortunately, X509_check_purpose() does some weird thing that
- * prevent it to take a const argument
- */
- result_t result = X509_check_purpose(peer_cert, X509_PURPOSE_SSL_CLIENT, 0) ?
- SUCCESS : FAILURE;
-
- /*
- * old versions of OpenSSL allow us to make the less strict check we used to
- * do. If this less strict check pass, warn user that this might not be the
- * case when its distribution will update to OpenSSL 1.1
- */
- if (result == FAILURE)
- {
- ASN1_BIT_STRING *ns;
- ns = X509_get_ext_d2i(peer_cert, NID_netscape_cert_type, NULL, NULL);
- result = (ns && ns->length > 0 && (ns->data[0] & NS_SSL_CLIENT)) ? SUCCESS : FAILURE;
- if (result == SUCCESS)
- {
- msg(M_WARN, "X509: Certificate is a client certificate yet it's purpose "
- "cannot be verified (check may fail in the future)");
- }
- ASN1_BIT_STRING_free(ns);
- }
- return result;
+ return ((peer_cert->ex_flags & EXFLAG_NSCERT)
+ && (peer_cert->ex_nscert & NS_SSL_CLIENT)) ? SUCCESS : FAILURE;
}
if (usage == NS_CERT_CHECK_SERVER)
{
- /*
- * Unfortunately, X509_check_purpose() does some weird thing that
- * prevent it to take a const argument
- */
- result_t result = X509_check_purpose(peer_cert, X509_PURPOSE_SSL_SERVER, 0) ?
- SUCCESS : FAILURE;
-
- /*
- * old versions of OpenSSL allow us to make the less strict check we used to
- * do. If this less strict check pass, warn user that this might not be the
- * case when its distribution will update to OpenSSL 1.1
- */
- if (result == FAILURE)
- {
- ASN1_BIT_STRING *ns;
- ns = X509_get_ext_d2i(peer_cert, NID_netscape_cert_type, NULL, NULL);
- result = (ns && ns->length > 0 && (ns->data[0] & NS_SSL_SERVER)) ? SUCCESS : FAILURE;
- if (result == SUCCESS)
- {
- msg(M_WARN, "X509: Certificate is a server certificate yet it's purpose "
- "cannot be verified (check may fail in the future)");
- }
- ASN1_BIT_STRING_free(ns);
- }
- return result;
+ return ((peer_cert->ex_flags & EXFLAG_NSCERT)
+ && (peer_cert->ex_nscert & NS_SSL_SERVER)) ? SUCCESS : FAILURE;
}
return FAILURE;
@@ -658,59 +587,54 @@ result_t
x509_verify_cert_ku(X509 *x509, const unsigned *const expected_ku,
int expected_len)
{
- ASN1_BIT_STRING *ku = X509_get_ext_d2i(x509, NID_key_usage, NULL, NULL);
-
- if (ku == NULL)
- {
- msg(D_TLS_ERRORS, "Certificate does not have key usage extension");
- return FAILURE;
- }
+ ASN1_BIT_STRING *ku = NULL;
+ result_t fFound = FAILURE;
- if (expected_ku[0] == OPENVPN_KU_REQUIRED)
+ if ((ku = (ASN1_BIT_STRING *) X509_get_ext_d2i(x509, NID_key_usage, NULL,
+ NULL)) == NULL)
{
- /* Extension required, value checked by TLS library */
- ASN1_BIT_STRING_free(ku);
- return SUCCESS;
+ msg(D_HANDSHAKE, "Certificate does not have key usage extension");
}
-
- unsigned nku = 0;
- for (size_t i = 0; i < 8; i++)
+ else
{
- if (ASN1_BIT_STRING_get_bit(ku, i))
+ unsigned nku = 0;
+ int i;
+ for (i = 0; i < 8; i++)
{
- nku |= 1 << (7 - i);
+ if (ASN1_BIT_STRING_get_bit(ku, i))
+ {
+ nku |= 1 << (7 - i);
+ }
}
- }
-
- /*
- * Fixup if no LSB bits
- */
- if ((nku & 0xff) == 0)
- {
- nku >>= 8;
- }
- msg(D_HANDSHAKE, "Validating certificate key usage");
- result_t fFound = FAILURE;
- for (size_t i = 0; fFound != SUCCESS && i < expected_len; i++)
- {
- if (expected_ku[i] != 0 && (nku & expected_ku[i]) == expected_ku[i])
+ /*
+ * Fixup if no LSB bits
+ */
+ if ((nku & 0xff) == 0)
{
- fFound = SUCCESS;
+ nku >>= 8;
}
- }
- if (fFound != SUCCESS)
- {
- msg(D_TLS_ERRORS,
- "ERROR: Certificate has key usage %04x, expected one of:", nku);
- for (size_t i = 0; i < expected_len && expected_ku[i]; i++)
+ msg(D_HANDSHAKE, "Validating certificate key usage");
+ for (i = 0; fFound != SUCCESS && i < expected_len; i++)
{
- msg(D_TLS_ERRORS, " * %04x", expected_ku[i]);
+ if (expected_ku[i] != 0)
+ {
+ msg(D_HANDSHAKE, "++ Certificate has key usage %04x, expects "
+ "%04x", nku, expected_ku[i]);
+
+ if (nku == expected_ku[i])
+ {
+ fFound = SUCCESS;
+ }
+ }
}
}
- ASN1_BIT_STRING_free(ku);
+ if (ku != NULL)
+ {
+ ASN1_BIT_STRING_free(ku);
+ }
return fFound;
}
@@ -790,12 +714,11 @@ tls_verify_crl_missing(const struct tls_options *opt)
crypto_msg(M_FATAL, "Cannot get certificate store");
}
- STACK_OF(X509_OBJECT) *objs = X509_STORE_get0_objects(store);
- for (int i = 0; i < sk_X509_OBJECT_num(objs); i++)
+ for (int i = 0; i < sk_X509_OBJECT_num(store->objs); i++)
{
- X509_OBJECT *obj = sk_X509_OBJECT_value(objs, i);
+ X509_OBJECT *obj = sk_X509_OBJECT_value(store->objs, i);
ASSERT(obj);
- if (X509_OBJECT_get_type(obj) == X509_LU_CRL)
+ if (obj->type == X509_LU_CRL)
{
return false;
}
diff --git a/src/openvpn/ssl_verify_openssl.h b/src/openvpn/ssl_verify_openssl.h
index 4c8dbeb..1db6fe6 100644
--- a/src/openvpn/ssl_verify_openssl.h
+++ b/src/openvpn/ssl_verify_openssl.h
@@ -17,9 +17,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
diff --git a/src/openvpn/status.c b/src/openvpn/status.c
index a163408..e47f35c 100644
--- a/src/openvpn/status.c
+++ b/src/openvpn/status.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
diff --git a/src/openvpn/status.h b/src/openvpn/status.h
index 8199935..590ae41 100644
--- a/src/openvpn/status.h
+++ b/src/openvpn/status.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef STATUS_H
diff --git a/src/openvpn/syshead.h b/src/openvpn/syshead.h
index 2973b5a..078ed3a 100644
--- a/src/openvpn/syshead.h
+++ b/src/openvpn/syshead.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef SYSHEAD_H
@@ -287,17 +288,13 @@
#include <netinet/ip.h>
#endif
-#ifdef HAVE_NETINET_TCP_H
-#include <netinet/tcp.h>
-#endif
-
#ifdef HAVE_NET_IF_TUN_H
#include <net/if_tun.h>
#endif
#endif /* TARGET_OPENBSD */
-#ifdef TARGET_FREEBSD
+#if defined(TARGET_FREEBSD) || defined(__FreeBSD_kernel__)
#ifdef HAVE_SYS_UIO_H
#include <sys/uio.h>
@@ -592,7 +589,9 @@ socket_defined(const socket_descriptor_t sd)
/*
* Should we include OCC (options consistency check) code?
*/
+#ifndef ENABLE_SMALL
#define ENABLE_OCC
+#endif
/*
* Should we include NTLM proxy functionality
diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c
index e13bb4e..4c7170f 100644
--- a/src/openvpn/tls_crypt.c
+++ b/src/openvpn/tls_crypt.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
@@ -43,14 +44,15 @@ tls_crypt_buf_overhead(void)
void
tls_crypt_init_key(struct key_ctx_bi *key, const char *key_file,
- const char *key_inline, bool tls_server)
-{
+ const char *key_inline, bool tls_server) {
const int key_direction = tls_server ?
KEY_DIRECTION_NORMAL : KEY_DIRECTION_INVERSE;
struct key_type kt;
kt.cipher = cipher_kt_get("AES-256-CTR");
+ kt.cipher_length = cipher_kt_key_size(kt.cipher);
kt.digest = md_kt_get("SHA256");
+ kt.hmac_length = md_kt_size(kt.digest);
if (!kt.cipher)
{
@@ -61,9 +63,6 @@ tls_crypt_init_key(struct key_ctx_bi *key, const char *key_file,
msg(M_FATAL, "ERROR: --tls-crypt requires HMAC-SHA-256 support.");
}
- kt.cipher_length = cipher_kt_key_size(kt.cipher);
- kt.hmac_length = md_kt_size(kt.digest);
-
crypto_read_openvpn_key(&kt, key, key_file, key_inline, key_direction,
"Control Channel Encryption", "tls-crypt");
}
@@ -80,8 +79,7 @@ tls_crypt_adjust_frame_parameters(struct frame *frame)
bool
tls_crypt_wrap(const struct buffer *src, struct buffer *dst,
- struct crypto_options *opt)
-{
+ struct crypto_options *opt) {
const struct key_ctx *ctx = &opt->key_ctx_bi.encrypt;
struct gc_arena gc;
diff --git a/src/openvpn/tls_crypt.h b/src/openvpn/tls_crypt.h
index e8080df..47f75d0 100644
--- a/src/openvpn/tls_crypt.h
+++ b/src/openvpn/tls_crypt.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 75a156c..a4f7779 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
@@ -559,9 +560,7 @@ is_tun_p2p(const struct tuntap *tt)
{
bool tun = false;
- if (tt->type == DEV_TYPE_TAP
- || (tt->type == DEV_TYPE_TUN && tt->topology == TOP_SUBNET)
- || tt->type == DEV_TYPE_NULL )
+ if (tt->type == DEV_TYPE_TAP || (tt->type == DEV_TYPE_TUN && tt->topology == TOP_SUBNET))
{
tun = false;
}
@@ -695,8 +694,7 @@ init_tun(const char *dev, /* --dev option */
* make sure they do not clash with our virtual subnet.
*/
- for (curele = local_public; curele; curele = curele->ai_next)
- {
+ for (curele = local_public; curele; curele = curele->ai_next) {
if (curele->ai_family == AF_INET)
{
check_addr_clash("local",
@@ -707,8 +705,7 @@ init_tun(const char *dev, /* --dev option */
}
}
- for (curele = remote_public; curele; curele = curele->ai_next)
- {
+ for (curele = remote_public; curele; curele = curele->ai_next) {
if (curele->ai_family == AF_INET)
{
check_addr_clash("remote",
@@ -843,7 +840,7 @@ delete_route_connected_v6_net(struct tuntap *tt,
#endif /* if defined(_WIN32) || defined(TARGET_DARWIN) || defined(TARGET_NETBSD) || defined(TARGET_OPENBSD) */
#if defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \
- || defined(TARGET_OPENBSD)
+ || defined(TARGET_OPENBSD) || defined(__FreeBSD_kernel__)
/* we can't use true subnet mode on tun on all platforms, as that
* conflicts with IPv6 (wants to use ND then, which we don't do),
* but the OSes want "a remote address that is different from ours"
@@ -1039,8 +1036,7 @@ do_ifconfig(struct tuntap *tt,
struct buffer out = alloc_buf_gc(64, &gc);
char *top;
- switch (tt->topology)
- {
+ switch (tt->topology) {
case TOP_NET30:
top = "net30";
break;
@@ -1412,7 +1408,7 @@ do_ifconfig(struct tuntap *tt,
add_route_connected_v6_net(tt, es);
}
-#elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY)
+#elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) || defined(__FreeBSD_kernel__)
in_addr_t remote_end; /* for "virtual" subnet topology */
@@ -1653,11 +1649,11 @@ write_tun_header(struct tuntap *tt, uint8_t *buf, int len)
{
u_int32_t type;
struct iovec iv[2];
- struct openvpn_iphdr *iph;
+ struct ip *iph;
- iph = (struct openvpn_iphdr *) buf;
+ iph = (struct ip *) buf;
- if (OPENVPN_IPH_GET_VER(iph->version_len) == 6)
+ if (iph->ip_v == 6)
{
type = htonl(AF_INET6);
}
@@ -1839,14 +1835,12 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun
/* Prefer IPv6 DNS servers,
* Android will use the DNS server in the order we specify*/
- for (int i = 0; i < tt->options.dns6_len; i++)
- {
+ for (int i = 0; i < tt->options.dns6_len; i++) {
management_android_control(management, "DNS6SERVER",
print_in6_addr(tt->options.dns6[i], 0, &gc));
}
- for (int i = 0; i < tt->options.dns_len; i++)
- {
+ for (int i = 0; i < tt->options.dns_len; i++) {
management_android_control(management, "DNSSERVER",
print_in_addr_t(tt->options.dns[i], 0, &gc));
}
@@ -2260,9 +2254,7 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun
{
ptr = dev;
while (*ptr && !isdigit((int) *ptr))
- {
ptr++;
- }
ppa = atoi(ptr);
}
@@ -2770,7 +2762,7 @@ read_tun(struct tuntap *tt, uint8_t *buf, int len)
}
}
-#elif defined(TARGET_FREEBSD)
+#elif defined(TARGET_FREEBSD)||defined(__FreeBSD_kernel__)
static inline int
freebsd_modify_read_write_return(int len)
@@ -3285,10 +3277,7 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun
{
/* ensure that dev name is "tap+<digits>" *only* */
p = &dev[3];
- while (isdigit(*p) )
- {
- p++;
- }
+ while (isdigit(*p) ) p++;
if (*p != '\0')
{
msg( M_FATAL, "TAP device name must be '--dev tapNNNN'" );
@@ -5466,9 +5455,7 @@ write_dhcp_u32_array(struct buffer *buf, const int type, const uint32_t *data, c
buf_write_u8(buf, type);
buf_write_u8(buf, size);
for (i = 0; i < len; ++i)
- {
buf_write_u32(buf, data[i]);
- }
}
}
@@ -6237,7 +6224,10 @@ close_tun(struct tuntap *tt)
}
#endif
- dhcp_release(tt);
+ if (tt->options.dhcp_release)
+ {
+ dhcp_release(tt);
+ }
if (tt->hand != NULL)
{
@@ -6297,12 +6287,10 @@ ascii2ipset(const char *name)
int i;
ASSERT(IPW32_SET_N == SIZE(ipset_names));
for (i = 0; i < IPW32_SET_N; ++i)
- {
if (!strcmp(name, ipset_names[i].short_form))
{
return i;
}
- }
return -1;
}
diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h
index 8782d69..f4b600c 100644
--- a/src/openvpn/tun.h
+++ b/src/openvpn/tun.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef TUN_H
@@ -103,6 +104,7 @@ struct tuntap_options {
bool dhcp_renew;
bool dhcp_pre_release;
+ bool dhcp_release;
bool register_dns;
diff --git a/src/openvpn/win32.c b/src/openvpn/win32.c
index d0b10ba..e26f54d 100644
--- a/src/openvpn/win32.c
+++ b/src/openvpn/win32.c
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*
@@ -60,12 +61,6 @@
static HANDLE m_hEngineHandle = NULL; /* GLOBAL */
/*
- * TAP adapter original metric value
- */
-static int tap_metric_v4 = -1; /* GLOBAL */
-static int tap_metric_v6 = -1; /* GLOBAL */
-
-/*
* Windows internal socket API state (opaque).
*/
static struct WSAData wsa_state; /* GLOBAL */
@@ -574,8 +569,7 @@ win32_keyboard_get(struct win32_signal *ws)
if (HANDLE_DEFINED(ws->in.read))
{
INPUT_RECORD ir;
- do
- {
+ do {
DWORD n;
if (!keyboard_input_available(ws))
{
@@ -687,8 +681,7 @@ win32_pause(struct win32_signal *ws)
{
int status;
msg(M_INFO|M_NOPREFIX, "Press any key to continue...");
- do
- {
+ do {
status = WaitForSingleObject(ws->in.read, INFINITE);
} while (!win32_keyboard_get(ws));
}
@@ -991,9 +984,7 @@ env_block(const struct env_set *es)
bool path_seen = false;
for (e = es->list; e != NULL; e = e->next)
- {
nchars += strlen(e->string) + 1;
- }
nchars += strlen(force_path)+1;
@@ -1333,8 +1324,8 @@ win_wfp_block_dns(const NET_IFINDEX index, const HANDLE msg_channel)
goto out;
}
- status = GetModuleFileNameW(NULL, openvpnpath, _countof(openvpnpath));
- if (status == 0 || status == _countof(openvpnpath))
+ status = GetModuleFileNameW(NULL, openvpnpath, sizeof(openvpnpath));
+ if (status == 0 || status == sizeof(openvpnpath))
{
msg(M_WARN|M_ERRNO, "block_dns: cannot get executable path");
goto out;
@@ -1342,27 +1333,6 @@ win_wfp_block_dns(const NET_IFINDEX index, const HANDLE msg_channel)
status = add_block_dns_filters(&m_hEngineHandle, index, openvpnpath,
block_dns_msg_handler);
- if (status == 0)
- {
- tap_metric_v4 = get_interface_metric(index, AF_INET);
- tap_metric_v6 = get_interface_metric(index, AF_INET6);
- if (tap_metric_v4 < 0)
- {
- /* error, should not restore metric */
- tap_metric_v4 = -1;
- }
- if (tap_metric_v6 < 0)
- {
- /* error, should not restore metric */
- tap_metric_v6 = -1;
- }
- status = set_interface_metric(index, AF_INET, BLOCK_DNS_IFACE_METRIC);
- if (!status)
- {
- set_interface_metric(index, AF_INET6, BLOCK_DNS_IFACE_METRIC);
- }
- }
-
ret = (status == 0);
out:
@@ -1371,27 +1341,19 @@ out:
}
bool
-win_wfp_uninit(const NET_IFINDEX index, const HANDLE msg_channel)
+win_wfp_uninit(const HANDLE msg_channel)
{
dmsg(D_LOW, "Uninitializing WFP");
if (msg_channel)
{
msg(D_LOW, "Using service to delete block dns filters");
- win_block_dns_service(false, index, msg_channel);
+ win_block_dns_service(false, -1, msg_channel);
}
else
{
delete_block_dns_filters(m_hEngineHandle);
m_hEngineHandle = NULL;
- if (tap_metric_v4 >= 0)
- {
- set_interface_metric(index, AF_INET, tap_metric_v4);
- }
- if (tap_metric_v6 >= 0)
- {
- set_interface_metric(index, AF_INET6, tap_metric_v6);
- }
}
return true;
diff --git a/src/openvpn/win32.h b/src/openvpn/win32.h
index 21a1021..4ee44fd 100644
--- a/src/openvpn/win32.h
+++ b/src/openvpn/win32.h
@@ -16,9 +16,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef _WIN32
@@ -292,7 +293,7 @@ WCHAR *wide_string(const char *utf8, struct gc_arena *gc);
bool win_wfp_block_dns(const NET_IFINDEX index, const HANDLE msg_channel);
-bool win_wfp_uninit(const NET_IFINDEX index, const HANDLE msg_channel);
+bool win_wfp_uninit(const HANDLE msg_channel);
#define WIN_XP 0
#define WIN_VISTA 1