ssl_openssl.c ssl_openssl.h \
ssl_mbedtls.c ssl_mbedtls.h \
ssl_ncp.c ssl_ncp.h \
+ ssl_util.c ssl_util.h \
ssl_common.h \
ssl_verify.c ssl_verify.h ssl_verify_backend.h \
ssl_verify_openssl.c ssl_verify_openssl.h \
<ClCompile Include="ssl.c" />
<ClCompile Include="ssl_openssl.c" />
<ClCompile Include="ssl_ncp.c" />
+ <ClCompile Include="ssl_util.c" />
<ClCompile Include="ssl_verify.c" />
<ClCompile Include="ssl_verify_openssl.c" />
<ClCompile Include="status.c" />
<ClInclude Include="ssl_common.h" />
<ClInclude Include="ssl_ncp.h" />
<ClInclude Include="ssl_openssl.h" />
+ <ClInclude Include="ssl_util.h" />
<ClInclude Include="ssl_verify.h" />
<ClInclude Include="ssl_verify_backend.h" />
<ClInclude Include="ssl_verify_openssl.h" />
<ClCompile Include="ssl_ncp.c">
<Filter>Source Files</Filter>
</ClCompile>
+ <ClCompile Include="ssl_util.c">
+ <Filter>Source Files</Filter>
+ </ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="base64.h">
<ClInclude Include="ssl_ncp.h">
<Filter>Header Files</Filter>
</ClInclude>
+ <ClInclude Include="ssl_util.h">
+ <Filter>Header Files</Filter>
+ </ClInclude>
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="openvpn_win32_resources.rc">
#include "common.h"
#include "ssl_ncp.h"
+#include "ssl_util.h"
#include "openvpn.h"
/**
tls_peer_ncp_list(const char *peer_info, struct gc_arena *gc)
{
/* Check if the peer sends the IV_CIPHERS list */
- const char *ncp_ciphers_start;
- if (peer_info && (ncp_ciphers_start = strstr(peer_info, "IV_CIPHERS=")))
+ const char *iv_ciphers = extract_var_peer_info(peer_info,"IV_CIPHERS=", gc);
+ if (iv_ciphers)
{
- ncp_ciphers_start += strlen("IV_CIPHERS=");
- const char *ncp_ciphers_end = strstr(ncp_ciphers_start, "\n");
- if (!ncp_ciphers_end)
- {
- /* IV_CIPHERS is at end of the peer_info list and no '\n'
- * follows */
- ncp_ciphers_end = ncp_ciphers_start + strlen(ncp_ciphers_start);
- }
-
- char *ncp_ciphers_peer = string_alloc(ncp_ciphers_start, gc);
- /* NULL terminate the copy at the right position */
- ncp_ciphers_peer[ncp_ciphers_end - ncp_ciphers_start] = '\0';
- return ncp_ciphers_peer;
-
+ return iv_ciphers;
}
else if (tls_peer_info_ncp_ver(peer_info)>=2)
{
--- /dev/null
+/*
+ * OpenVPN -- An application to securely tunnel IP networks
+ * over a single TCP/UDP port, with support for SSL/TLS-based
+ * session authentication and key exchange,
+ * packet encryption, packet authentication, and
+ * packet compression.
+ *
+ * Copyright (C) 2002-2020 OpenVPN Inc <sales@openvpn.net>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#elif defined(_MSC_VER)
+#include "config-msvc.h"
+#endif
+
+#include "syshead.h"
+
+#include "ssl_util.h"
+
+char *
+extract_var_peer_info(const char *peer_info, const char *var,
+ struct gc_arena *gc)
+{
+ if (!peer_info)
+ {
+ return NULL;
+ }
+
+ const char *var_start = strstr(peer_info, var);
+ if (!var_start)
+ {
+ /* variable not found in peer info */
+ return NULL;
+ }
+
+ var_start += strlen(var);
+ const char *var_end = strstr(var_start, "\n");
+ if (!var_end)
+ {
+ /* var is at end of the peer_info list and no '\n' follows */
+ var_end = var_start + strlen(var_start);
+ }
+
+ char *var_value = string_alloc(var_start, gc);
+ /* NULL terminate the copy at the right position */
+ var_value[var_end - var_start] = '\0';
+ return var_value;
+}
--- /dev/null
+/*
+ * OpenVPN -- An application to securely tunnel IP networks
+ * over a single TCP/UDP port, with support for SSL/TLS-based
+ * session authentication and key exchange,
+ * packet encryption, packet authentication, and
+ * packet compression.
+ *
+ * Copyright (C) 2002-2020 OpenVPN Inc <sales@openvpn.net>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+/**
+ * @file SSL utility function. This file (and its .c file) is designed to
+ * to be included in units/etc without pulling in a lot of dependencies
+ */
+
+#ifndef SSL_UTIL_H_
+#define SSL_UTIL_H_
+
+#include "buffer.h"
+
+/**
+ * Extracts a variable from peer info, the returned string will be allocated
+ * using the supplied gc_arena
+ *
+ * @param peer_info The peer's peer_info
+ * @param var The variable *including* =, e.g. IV_CIPHERS=
+ *
+ * @return The content of the variable as NULL terminated string or NULL if the
+ * variable cannot be found.
+ */
+char *
+extract_var_peer_info(const char *peer_info,
+ const char *var,
+ struct gc_arena *gc);
+
+#endif
#endif
#include "auth_token.h"
#include "push.h"
+#include "ssl_util.h"
/** Maximum length of common name */
#define TLS_USERNAME_LEN 64
$(openvpn_srcdir)/crypto_openssl.c \
$(openvpn_srcdir)/otime.c \
$(openvpn_srcdir)/packet_id.c \
- $(openvpn_srcdir)/platform.c
+ $(openvpn_srcdir)/platform.c \
+ $(openvpn_srcdir)/ssl_util.c
projects / thirdparty / openvpn.git / commitdiff
