src/openvpn/ssl_util.h

   1 /*
   2  *  OpenVPN -- An application to securely tunnel IP networks
   3  *             over a single TCP/UDP port, with support for SSL/TLS-based
   4  *             session authentication and key exchange,
   5  *             packet encryption, packet authentication, and
   6  *             packet compression.
   7  *
   8  *  Copyright (C) 2002-2023 OpenVPN Inc <sales@openvpn.net>
   9  *
  10  *  This program is free software; you can redistribute it and/or modify
  11  *  it under the terms of the GNU General Public License version 2
  12  *  as published by the Free Software Foundation.
  13  *
  14  *  This program is distributed in the hope that it will be useful,
  15  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  16  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17  *  GNU General Public License for more details.
  18  *
  19  *  You should have received a copy of the GNU General Public License along
  20  *  with this program; if not, write to the Free Software Foundation, Inc.,
  21  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  22  */
  23
  24 /**
  25  * @file SSL utility function. This file (and its .c file) is designed to
  26  *       to be included in units/etc without pulling in a lot of dependencies
  27  */
  28
  29 #ifndef SSL_UTIL_H_
  30 #define SSL_UTIL_H_
  31
  32 #include "buffer.h"
  33
  34 /**
  35  * Extracts a variable from peer info, the returned string will be allocated
  36  * using the supplied gc_arena
  37  *
  38  * @param peer_info     The peer's peer_info
  39  * @param var           The variable *including* =, e.g. IV_CIPHERS=
  40  *
  41  * @return  The content of the variable as NULL terminated string or NULL if the
  42  *          variable cannot be found.
  43  */
  44 char *extract_var_peer_info(const char *peer_info, const char *var,
  45                             struct gc_arena *gc);
  46
  47 /**
  48  * Extracts the IV_PROTO variable and returns its value or 0
  49  * if it cannot be extracted.
  50  *
  51  * @param peer_info     peer info string to search for IV_PROTO
  52  */
  53 unsigned int extract_iv_proto(const char *peer_info);
  54
  55 /**
  56  * Takes a locally produced OCC string for TLS server mode and modifies as
  57  * if the option comp-lzo was enabled. This is to send a client in
  58  * comp-lzo migrate mode the expected OCC string.
  59  *
  60  * Note: This function expects the string to be in the locally generated
  61  * format and does not accept arbitrary strings.
  62  *
  63  * @param options   the locally generated OCC string
  64  * @param gc        gc_arena to allocate the returned string in
  65  * @return          the modified string or options on error
  66  */
  67 const char *options_string_compat_lzo(const char *options, struct gc_arena *gc);
  68
  69 /**
  70  * Get a tls_cipher_name_pair containing OpenSSL and IANA names for supplied TLS cipher name
  71  *
  72  * @param cipher_name   Can be either OpenSSL or IANA cipher name
  73  * @return              tls_cipher_name_pair* if found, NULL otherwise
  74  */
  75 typedef struct { const char *openssl_name; const char *iana_name; } tls_cipher_name_pair;
  76 const tls_cipher_name_pair *tls_get_cipher_name_pair(const char *cipher_name, size_t len);
  77
  78 /**
  79  * Returns the occurrences of 'delimiter' in a string +1
  80  * This is typically used to find out the number elements in a
  81  * cipher string or similar that is separated by : like
  82  *
  83  *   X25519:secp256r1:X448:secp512r1:secp384r1:brainpoolP384r1
  84  *
  85  * @param string        the string to work on
  86  * @param delimiter     the delimiter to count, typically ':'
  87  * @return              occrrences of delimiter + 1
  88  */
  89 int
  90 get_num_elements(const char *string, char delimiter);
  91
  92 #endif /* ifndef SSL_UTIL_H_ */