}
return begin;
}
-#endif
+#endif /* ifndef HAVE_STRSEP */
#endif
#ifndef HAVE_STRSEP
-char* strsep(char **stringp, const char *delim);
+char *strsep(char **stringp, const char *delim);
+
#endif
#endif /* COMPAT_H */
+max_int(OPENVPN_MAX_HMAC_SIZE, OPENVPN_AEAD_TAG_LENGTH);
}
-static void warn_insecure_key_type(const char* ciphername, const cipher_kt_t *cipher)
+static void
+warn_insecure_key_type(const char *ciphername, const cipher_kt_t *cipher)
{
if (cipher_kt_insecure(cipher))
{
msg(M_WARN, "WARNING: INSECURE cipher (%s) with block size less than 128"
- " bit (%d bit). This allows attacks like SWEET32. Mitigate by "
- "using a --cipher with a larger block size (e.g. AES-256-CBC).",
+ " bit (%d bit). This allows attacks like SWEET32. Mitigate by "
+ "using a --cipher with a larger block size (e.g. AES-256-CBC).",
ciphername, cipher_kt_block_size(cipher)*8);
}
}
cipher_ctx_init(ctx->cipher, key->cipher, kt->cipher_length,
kt->cipher, enc);
- const char* ciphername = translate_cipher_name_to_openvpn(cipher_kt_name(kt->cipher));
+ const char *ciphername = translate_cipher_name_to_openvpn(cipher_kt_name(kt->cipher));
msg(D_HANDSHAKE, "%s: Cipher '%s' initialized with %d bit key",
prefix,
ciphername,
}
blob.cbData = i;
}
- else {
+ else
+ {
msg(M_WARN, "WARNING: cryptoapicert: unsupported certificate specification <%s>", cert_prop);
goto out;
}
- while(true)
+ while (true)
{
int validity = 1;
/* this frees previous rv, if not NULL */
ASSERT(buf_init(&c->c2.buf, FRAME_HEADROOM(&c->c2.frame)));
ASSERT(buf_safe(&c->c2.buf, MAX_RW_SIZE_TUN(&c->c2.frame)));
c->c2.buf.len = read_tun(c->c1.tuntap, BPTR(&c->c2.buf), MAX_RW_SIZE_TUN(&c->c2.frame));
-#endif
+#endif /* ifdef _WIN32 */
#ifdef PACKET_TRUNCATION_CHECK
ipv4_packet_size_verify(BPTR(&c->c2.buf),
c->c2.event_set_status = ret;
}
else
-#endif
+#endif /* ifdef _WIN32 */
{
/* slow path */
io_wait_dowork(c, flags);
buf_write(&buf_data, ",", (int) strlen(","));
buf_write(&buf_data, algorithm, (int) strlen(algorithm));
}
- char* ret = management_query_multiline_flatten(man,
- (char *)buf_bptr(&buf_data), prompt, desc,
- &man->connection.ext_key_state, &man->connection.ext_key_input);
+ char *ret = management_query_multiline_flatten(man,
+ (char *)buf_bptr(&buf_data), prompt, desc,
+ &man->connection.ext_key_state, &man->connection.ext_key_input);
free_buf(&buf_data);
return ret;
}
}
return true;
}
-#endif
+#endif /* ifdef ENABLE_MANAGEMENT */
/*
* Get and store a username/password
break;
}
}
-#endif
+#endif /* ifdef ENABLE_PF */
}
return ret;
}
#include "networking_iproute2.h"
#else
/* define mock types to ensure code builds on any platform */
-typedef void * openvpn_net_ctx_t;
-typedef void * openvpn_net_iface_t;
+typedef void *openvpn_net_ctx_t;
+typedef void *openvpn_net_iface_t;
static inline int
net_ctx_init(struct context *c, openvpn_net_ctx_t *ctx)
{
(void)ctx;
}
-#endif
+#endif /* ifdef ENABLE_SITNL */
#if defined(ENABLE_SITNL) || defined(ENABLE_IPROUTE)
{
ctx->es = NULL;
if (c)
+ {
ctx->es = c->es;
+ }
ctx->gc = gc_new();
return 0;
argv_printf(&argv, "%s route add %s/%d", iproute_path, dst_str, prefixlen);
if (metric > 0)
+ {
argv_printf_cat(&argv, "metric %d", metric);
+ }
if (iface)
+ {
argv_printf_cat(&argv, "dev %s", iface);
+ }
if (gw)
{
}
if (metric > 0)
+ {
argv_printf_cat(&argv, "metric %d", metric);
+ }
argv_msg(D_ROUTE, &argv);
openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route -6 add command failed");
argv_printf(&argv, "%s route del %s/%d", iproute_path, dst_str, prefixlen);
if (metric > 0)
+ {
argv_printf_cat(&argv, "metric %d", metric);
+ }
argv_msg(D_ROUTE, &argv);
openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route delete command failed");
}
if (metric > 0)
+ {
argv_printf_cat(&argv, "metric %d", metric);
+ }
argv_msg(D_ROUTE, &argv);
openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route -6 del command failed");
FILE *fp = fopen("/proc/net/route", "r");
if (!fp)
+ {
return -1;
+ }
char line[256];
int count = 0;
#define NETWORKING_SITNL_H_
typedef char openvpn_net_iface_t;
-typedef void * openvpn_net_ctx_t;
+typedef void *openvpn_net_ctx_t;
#endif /* NETWORKING_SITNL_H_ */
struct env_set *es; /**< Set of environment variables. */
- openvpn_net_ctx_t net_ctx; /**< Networking API opaque context */
+ openvpn_net_ctx_t net_ctx; /**< Networking API opaque context */
struct signal_info *sig; /**< Internal error signaling object. */
{
case VLAN_ONLY_TAGGED:
return "tagged";
+
case VLAN_ONLY_UNTAGGED_OR_PRIORITY:
return "untagged";
+
case VLAN_ALL:
return "all";
}
SHOW_STR(port_share_port);
#endif
SHOW_BOOL(vlan_tagging);
- msg(D_SHOW_PARMS, " vlan_accept = %s", print_vlan_accept (o->vlan_accept));
+ msg(D_SHOW_PARMS, " vlan_accept = %s", print_vlan_accept(o->vlan_accept));
SHOW_INT(vlan_pvid);
#endif /* P2MP_SERVER */
options->management_flags |= MF_EXTERNAL_CERT;
options->management_certificate = p[1];
}
-#endif
+#endif /* ifdef ENABLE_MANAGEMENT */
#ifdef MANAGEMENT_DEF_AUTH
else if (streq(p[0], "management-client-auth") && !p[1])
{
}
else
{
- if (streq(p[1], "secret") || streq(p[1], "tls-auth") ||
- streq(p[1], "tls-crypt"))
+ if (streq(p[1], "secret") || streq(p[1], "tls-auth")
+ || streq(p[1], "tls-crypt"))
{
options->genkey_type = GENKEY_SECRET;
}
bool show_curves;
bool genkey;
enum genkey_type genkey_type;
- const char* genkey_filename;
- const char* genkey_extra_data;
+ const char *genkey_filename;
+ const char *genkey_extra_data;
/* Networking parms */
int connect_retry_max;
struct openvpn_8021qhdr
{
uint8_t dest[OPENVPN_ETH_ALEN]; /* destination ethernet addr */
- uint8_t source[OPENVPN_ETH_ALEN]; /* source ethernet addr */
+ uint8_t source[OPENVPN_ETH_ALEN]; /* source ethernet addr */
uint16_t tpid; /* 802.1Q Tag Protocol Identifier */
#define OPENVPN_8021Q_MASK_PCP htons(0xE000) /* mask PCP out of pcp_cfi_vid */
{
switch (auth_retry_get())
{
- case AR_NONE:
- c->sig->signal_received = SIGTERM; /* SOFT-SIGTERM -- Auth failure error */
- break;
+ case AR_NONE:
+ c->sig->signal_received = SIGTERM; /* SOFT-SIGTERM -- Auth failure error */
+ break;
- case AR_INTERACT:
- ssl_purge_auth(false);
+ case AR_INTERACT:
+ ssl_purge_auth(false);
- case AR_NOINTERACT:
- c->sig->signal_received = SIGUSR1; /* SOFT-SIGUSR1 -- Auth failure error */
- break;
+ case AR_NOINTERACT:
+ c->sig->signal_received = SIGUSR1; /* SOFT-SIGUSR1 -- Auth failure error */
+ break;
- default:
- ASSERT(0);
+ default:
+ ASSERT(0);
}
c->sig->signal_text = "auth-failure";
}
#if !defined(TARGET_ANDROID)
const char *gateway;
#endif
-#else
+#else /* if !defined(TARGET_LINUX) */
int metric;
#endif
int is_local_route;
* Cleans an auth token and checks if it was active
*/
bool
-ssl_clean_auth_token (void)
+ssl_clean_auth_token(void)
{
bool wasdefined = auth_token.defined;
purge_user_pass(&auth_token, true);
{
frame_remove_from_extra_frame(frame_fragment, crypto_max_overhead());
crypto_adjust_frame_parameters(frame_fragment, &session->opt->key_type,
- options->replay, packet_id_long_form);
+ options->replay, packet_id_long_form);
frame_set_mtu_dynamic(frame_fragment, options->ce.fragment, SET_MTU_UPPER_BOUND);
frame_print(frame_fragment, D_MTU_INFO, "Fragmentation MTU parms");
}
* username/password
*/
if (auth_token.defined)
+ {
up = &auth_token;
+ }
if (!write_string(buf, up->username, -1))
{
show_available_tls_ciphers(const char *cipher_list,
const char *cipher_list_tls13,
const char *tls_cert_profile);
+
#endif /* ifndef OPENVPN_SSL_H */
}
#ifdef HAVE_EXPORT_KEYING_MATERIAL
-int mbedtls_ssl_export_keys_cb(void *p_expkey, const unsigned char *ms,
- const unsigned char *kb, size_t maclen,
- size_t keylen, size_t ivlen,
- const unsigned char client_random[32],
- const unsigned char server_random[32],
- mbedtls_tls_prf_types tls_prf_type)
+int
+mbedtls_ssl_export_keys_cb(void *p_expkey, const unsigned char *ms,
+ const unsigned char *kb, size_t maclen,
+ size_t keylen, size_t ivlen,
+ const unsigned char client_random[32],
+ const unsigned char server_random[32],
+ mbedtls_tls_prf_types tls_prf_type)
{
struct tls_session *session = p_expkey;
struct key_state_ssl *ks_ssl = &session->key[KS_PRIMARY].ks_ssl;
if (session->opt->ekm_size)
{
mbedtls_ssl_conf_export_keys_ext_cb(ks_ssl->ssl_config,
- mbedtls_ssl_export_keys_cb, session);
+ mbedtls_ssl_export_keys_cb, session);
}
#endif
* so do nothing */
#endif
return;
-#else
+#else /* if OPENSSL_VERSION_NUMBER >= 0x10002000L */
/* For older OpenSSL we have to extract the curve from key on our own */
EC_KEY *eckey = NULL;
const EC_GROUP *ecgrp = NULL;
* interface query
*/
const char *
-get_rsa_padding_name (const int padding)
+get_rsa_padding_name(const int padding)
{
switch (padding)
{
/**
* Pass the input hash in 'dgst' to management and get the signature back.
- *
- * @param dgst hash to be signed
- * @param dgstlen len of data in dgst
- * @param sig On successful return signature is in sig.
- * @param siglen length of buffer sig
- * @param algorithm padding/hashing algorithm for the signature
*
- * @return signature length or -1 on error.
+ * @param dgst hash to be signed
+ * @param dgstlen len of data in dgst
+ * @param sig On successful return signature is in sig.
+ * @param siglen length of buffer sig
+ * @param algorithm padding/hashing algorithm for the signature
+ *
+ * @return signature length or -1 on error.
*/
static int
get_sig_from_man(const unsigned char *dgst, unsigned int dgstlen,
return -1;
}
- ret = get_sig_from_man(from, flen, to, len, get_rsa_padding_name (padding));
+ ret = get_sig_from_man(from, flen, to, len, get_rsa_padding_name(padding));
return (ret == len) ? ret : -1;
}
}
#if ((OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \
- || LIBRESSL_VERSION_NUMBER > 0x2090000fL) \
+ || LIBRESSL_VERSION_NUMBER > 0x2090000fL) \
&& !defined(OPENSSL_NO_EC)
/* called when EC_KEY is destroyed */
}
}
#if ((OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \
- || LIBRESSL_VERSION_NUMBER > 0x2090000fL) \
+ || LIBRESSL_VERSION_NUMBER > 0x2090000fL) \
&& !defined(OPENSSL_NO_EC)
else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC)
{
crypto_msg(M_FATAL, "Cannot create SSL object");
}
-#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || \
- (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <= 0x2090000fL)
+#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) \
+ || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <= 0x2090000fL)
STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl);
#else
STACK_OF(SSL_CIPHER) *sk = SSL_get1_supported_ciphers(ssl);
#endif
void
-auth_set_client_reason(struct tls_multi* multi, const char* client_reason)
+auth_set_client_reason(struct tls_multi *multi, const char *client_reason)
{
if (multi->client_reason)
{
static int
verify_user_pass_management(struct tls_session *session,
- struct tls_multi* multi,
+ struct tls_multi *multi,
const struct user_pass *up)
{
int retval = KMDA_ERROR;
* for equality with AUTH_TOKEN_HMAC_OK
*/
msg(M_WARN, "TLS: Username/auth-token authentication "
- "succeeded for username '%s'",
+ "succeeded for username '%s'",
up->username);
- skip_auth = true;
+ skip_auth = true;
}
else
{
wipe_auth_token(multi);
ks->authenticated = false;
msg(M_WARN, "TLS: Username/auth-token authentication "
- "failed for username '%s'", up->username);
+ "failed for username '%s'", up->username);
return;
}
}
}
/* check sizing of username if it will become our common name */
- if ((session->opt->ssl_flags & SSLF_USERNAME_AS_COMMON_NAME) &&
- strlen(up->username)>TLS_USERNAME_LEN)
+ if ((session->opt->ssl_flags & SSLF_USERNAME_AS_COMMON_NAME)
+ && strlen(up->username)>TLS_USERNAME_LEN)
{
msg(D_TLS_ERRORS,
- "TLS Auth Error: --username-as-common name specified and username is longer than the maximum permitted Common Name length of %d characters",
- TLS_USERNAME_LEN);
+ "TLS Auth Error: --username-as-common name specified and username is longer than the maximum permitted Common Name length of %d characters",
+ TLS_USERNAME_LEN);
s1 = OPENVPN_PLUGIN_FUNC_ERROR;
}
/* auth succeeded? */
* @param multi The multi tls struct
* @param client_reason The string to send to the client as part of AUTH_FAILED
*/
-void auth_set_client_reason(struct tls_multi* multi, const char* client_reason);
+void auth_set_client_reason(struct tls_multi *multi, const char *client_reason);
+
#endif
static inline const char *
vlanhdr_set_vid(struct openvpn_8021qhdr *hdr, const uint16_t vid)
{
hdr->pcp_cfi_vid = (hdr->pcp_cfi_vid & ~OPENVPN_8021Q_MASK_VID)
- | (htons(vid) & OPENVPN_8021Q_MASK_VID);
+ | (htons(vid) & OPENVPN_8021Q_MASK_VID);
}
/*
goto drop;
}
- /* vid == 0 means prio-tagged packet: don't drop and fall-through */
+ /* vid == 0 means prio-tagged packet: don't drop and fall-through */
case VLAN_ONLY_TAGGED:
case VLAN_ALL:
/* tagged frame can be accepted: extract vid and strip encapsulation */
struct window_title
{
bool saved;
- char old_window_title [256];
+ char old_window_title[256];
};
struct rw_handle {