* packet compression.
*
* Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
+ * Copyright (C) 2010 Fox Crypto B.V. <openvpn@fox-it.com>
*
* Additions for eurephia plugin done by:
* David Sommerseth <dazo@users.sourceforge.net> Copyright (C) 2008-2009
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
+/**
+ * @file Control Channel SSL/Data channel negotiation Module
+ */
+
/*
* The routines in this file deal with dynamically negotiating
* the data channel HMAC and cipher keys through a TLS session.
#if defined(USE_CRYPTO) && defined(USE_SSL)
-#include "ssl.h"
#include "error.h"
#include "common.h"
#include "integer.h"
#include "base64.h"
#include "route.h"
+#include "ssl.h"
+#include "ssl_verify.h"
+#include "ssl_backend.h"
+
#ifdef WIN32
#include "cryptoapi.h"
#endif
frame_set_mtu_dynamic (frame, 0, SET_MTU_TUN);
}
-/*
- * Allocate space in SSL objects
- * in which to store a struct tls_session
- * pointer back to parent.
- */
-
-static int mydata_index; /* GLOBAL */
-
-static void
-ssl_set_mydata_index ()
-{
- mydata_index = SSL_get_ex_new_index (0, "struct session *", NULL, NULL, NULL);
- ASSERT (mydata_index >= 0);
-}
-
void
init_ssl_lib ()
{
- SSL_library_init ();
- SSL_load_error_strings ();
- OpenSSL_add_all_algorithms ();
+ tls_init_lib ();
- crypto_init_lib();
-
- /*
- * If you build the OpenSSL library and OpenVPN with
- * CRYPTO_MDEBUG, you will get a listing of OpenSSL
- * memory leaks on program termination.
- */
-#ifdef CRYPTO_MDEBUG
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-#endif
-
- ssl_set_mydata_index ();
+ crypto_init_lib ();
}
void
free_ssl_lib ()
{
-#ifdef CRYPTO_MDEBUG
- FILE* fp = fopen ("sdlog", "w");
- ASSERT (fp);
- CRYPTO_mem_leaks_fp (fp);
- fclose (fp);
-#endif
-
crypto_uninit_lib ();
- EVP_cleanup ();
- ERR_free_strings ();
+
+ tls_free_lib();
}
/*
}
error:
- ERR_clear_error ();
+ tls_clear_error();
ks->state = S_ERROR;
msg (D_TLS_ERRORS, "TLS Error: TLS handshake failed");
INCR_ERROR;
perf_push (PERF_TLS_MULTI_PROCESS);
- ERR_clear_error ();
+ tls_clear_error ();
/*
* Process each session object having state of S_INITIAL or greater,
error:
++multi->n_soft_errors;
error_lite:
- ERR_clear_error ();
+ tls_clear_error();
goto done;
}
return ret;
error:
- ERR_clear_error ();
+ tls_clear_error();
gc_free (&gc);
return ret;
}
struct key_state *ks;
bool ret = false;
- ERR_clear_error ();
+ tls_clear_error();
ASSERT (multi);
ret = true;
}
- ERR_clear_error ();
+
+ tls_clear_error();
return ret;
}
struct key_state *ks;
bool ret = false;
- ERR_clear_error ();
+ tls_clear_error();
ASSERT (multi);
ks->plaintext_read_buf.len = 0;
}
- ERR_clear_error ();
+ tls_clear_error();
return ret;
}
* packet compression.
*
* Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
+ * Copyright (C) 2010 Fox Crypto B.V. <openvpn@fox-it.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
-
/**
- * @file header file
+ * @file Control Channel SSL/Data channel negotiation module
*/
-
#ifndef OPENVPN_SSL_H
#define OPENVPN_SSL_H
#include "options.h"
#include "plugin.h"
+#include "ssl_common.h"
+#include "ssl_verify.h"
+#include "ssl_backend.h"
/* Used in the TLS PRF function */
#define KEY_EXPANSION_ID "OpenVPN"
struct cert_hash_set {
struct cert_hash *ch[MAX_CERT_DEPTH];
};
+/*
+ * Prepare the SSL library for use
+ */
+void init_ssl_lib (void);
+
+/*
+ * Free any internal state that the SSL library might have
+ */
+void free_ssl_lib (void);
/**
* Container for one half of random material to be used in %key method 2
* Functions implemented in ssl.c for use by the backend SSL library
*
*/
+/*
+ *
+ * Functions used in ssl.c which must be implemented by the backend SSL library
+ *
+ */
+
+/**
+ * Perform any static initialisation necessary by the library.
+ * Called on OpenVPN initialisation
+ */
+void tls_init_lib();
+
+/**
+ * Free any global SSL library-specific data structures.
+ */
+void tls_free_lib();
+/**
+ * Clear the underlying SSL library's error state.
+ */
+void tls_clear_error();
+
#endif /* SSL_BACKEND_H_ */
#include <openssl/pkcs12.h>
#include <openssl/x509.h>
#include <openssl/crypto.h>
+
+/*
+ * Allocate space in SSL objects in which to store a struct tls_session
+ * pointer back to parent.
+ *
+ */
+
+int mydata_index; /* GLOBAL */
+
+void
+tls_init_lib()
+{
+ SSL_library_init();
+ SSL_load_error_strings();
+ OpenSSL_add_all_algorithms ();
+
+ mydata_index = SSL_get_ex_new_index(0, "struct session *", NULL, NULL, NULL);
+ ASSERT (mydata_index >= 0);
+}
+
+void
+tls_free_lib()
+{
+ EVP_cleanup();
+ ERR_free_strings();
+}
+
+void
+tls_clear_error()
+{
+ ERR_clear_error ();
+}
#include <openssl/ssl.h>
+/**
+ * Allocate space in SSL objects in which to store a struct tls_session
+ * pointer back to parent.
+ */
+extern int mydata_index; /* GLOBAL */
+
+void openssl_set_mydata_index (void);
+
#endif /* SSL_OPENSSL_H_ */
projects / thirdparty / openvpn.git / commitdiff
