From patchwork Thu Apr 16 01:39:30 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 1083 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director10.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id WMVfIztEmF69JgAAIUCqbw for ; Thu, 16 Apr 2020 07:40:43 -0400 Received: from proxy19.mail.ord1d.rsapps.net ([172.30.191.6]) by director10.mail.ord1d.rsapps.net with LMTP id 6EQyIztEmF4kPgAApN4f7A ; Thu, 16 Apr 2020 07:40:43 -0400 Received: from smtp38.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy19.mail.ord1d.rsapps.net with LMTP id OFL9IjtEmF6qcwAAyH2SIw ; Thu, 16 Apr 2020 07:40:43 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp38.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 19d6ccf0-7fd7-11ea-bd33-525400f6a58b-1-1 Received: from [216.105.38.7] ([216.105.38.7:38500] helo=lists.sourceforge.net) by smtp38.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 9C/74-19227-A34489E5; Thu, 16 Apr 2020 07:40:42 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1jP2s7-0005QT-Na; Thu, 16 Apr 2020 11:39:55 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jP2s4-0005Pn-Hb for openvpn-devel@lists.sourceforge.net; Thu, 16 Apr 2020 11:39:52 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:To: From:Sender:Reply-To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=lpMmsT+OdbvCToS68MgFb+i87U8wgRzk9Gfkpyuwpi0=; b=nU66GYU8aNWdvt1LvzPguGCa00 aGIlZjCMNqF6CwGte71QK1BFPoPFInBFUXbHUyEUPLnWmIwO79mi2JgTI14odFXYZ3KDBX8u0z8jG SelNQx0uvDMckSMByWfTgiRpu+7CmmWUmej6mya76d/pk6moFOQ7rZJ5fX6BpmOQjh7Q=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=lpMmsT+OdbvCToS68MgFb+i87U8wgRzk9Gfkpyuwpi0=; b=SNZwD4THLy6C2A2iq63go65dKw b0HlUFUH2ABq9Y81V5zGs/IBZ0c8f19kocBAkjYUBmVh4dw67mGDbKJrrJ5OtEbfaRCw2NdJ0QClN 0PD99VVsPD/sAU56/T+EcMfxoW2bC/FtKDXm4P8n0YVXbB3ZDfNs73iOktmr/CI8iPDY=; Received: from [192.26.174.232] (helo=mail.blinkt.de) by sfi-mx-3.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1jP2ry-0009hx-Tt for openvpn-devel@lists.sourceforge.net; Thu, 16 Apr 2020 11:39:52 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1jP2ri-000D1I-DV for openvpn-devel@lists.sourceforge.net; Thu, 16 Apr 2020 13:39:30 +0200 Received: (nullmailer pid 15243 invoked by uid 10006); Thu, 16 Apr 2020 11:39:30 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Thu, 16 Apr 2020 13:39:30 +0200 Message-Id: <20200416113930.15192-3-arne@rfc2549.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200416113930.15192-1-arne@rfc2549.org> References: <20200416113930.15192-1-arne@rfc2549.org> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: rfc2549.org] 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 1.0 RDNS_NONE Delivered to internal network by a host with no rDNS -0.3 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1jP2ry-0009hx-Tt Subject: [Openvpn-devel] [PATCH v2 3/3] After the last big formatting patch a number of changes have been commited that do not conform with our style/uncrustify config. This has lead to the problem that running uncrustify on before sending PR some of the changes made by uncrustify need to be backed out again. X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox To bring everything back to the agreed upon style, run uncrustify once more. Uncrustify version used: Uncrustify-0.70.1_f I double checked the result by running uncrustify (Uncrustify-0.69.0_f) from Ubuntu focal/20.04 which does not do any further changes and uncrustify 0.66.1_f from Ubuntu bionic/18.04 Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- src/compat/compat-strsep.c | 2 +- src/compat/compat.h | 3 ++- src/openvpn/crypto.c | 9 +++++---- src/openvpn/cryptoapi.c | 5 +++-- src/openvpn/forward.c | 2 +- src/openvpn/forward.h | 2 +- src/openvpn/manage.c | 6 +++--- src/openvpn/misc.c | 2 +- src/openvpn/mroute.c | 2 +- src/openvpn/networking.h | 6 +++--- src/openvpn/networking_iproute2.c | 14 ++++++++++++++ src/openvpn/networking_sitnl.h | 2 +- src/openvpn/openvpn.h | 2 +- src/openvpn/options.c | 10 ++++++---- src/openvpn/options.h | 4 ++-- src/openvpn/proto.h | 2 +- src/openvpn/push.c | 20 ++++++++++---------- src/openvpn/route.c | 2 +- src/openvpn/ssl.c | 6 ++++-- src/openvpn/ssl.h | 1 + src/openvpn/ssl_mbedtls.c | 15 ++++++++------- src/openvpn/ssl_openssl.c | 28 ++++++++++++++-------------- src/openvpn/ssl_verify.c | 18 +++++++++--------- src/openvpn/ssl_verify.h | 3 ++- src/openvpn/vlan.c | 4 ++-- src/openvpn/win32.h | 2 +- 26 files changed, 98 insertions(+), 74 deletions(-) diff --git a/src/compat/compat-strsep.c b/src/compat/compat-strsep.c index 42ff6414..e6518db6 100644 --- a/src/compat/compat-strsep.c +++ b/src/compat/compat-strsep.c @@ -58,4 +58,4 @@ strsep(char **stringp, const char *delim) } return begin; } -#endif +#endif /* ifndef HAVE_STRSEP */ diff --git a/src/compat/compat.h b/src/compat/compat.h index 592881df..a66a4235 100644 --- a/src/compat/compat.h +++ b/src/compat/compat.h @@ -71,7 +71,8 @@ int inet_pton(int af, const char *src, void *dst); #endif #ifndef HAVE_STRSEP -char* strsep(char **stringp, const char *delim); +char *strsep(char **stringp, const char *delim); + #endif #endif /* COMPAT_H */ diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index 453cb20a..1678cba8 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -736,13 +736,14 @@ crypto_max_overhead(void) +max_int(OPENVPN_MAX_HMAC_SIZE, OPENVPN_AEAD_TAG_LENGTH); } -static void warn_insecure_key_type(const char* ciphername, const cipher_kt_t *cipher) +static void +warn_insecure_key_type(const char *ciphername, const cipher_kt_t *cipher) { if (cipher_kt_insecure(cipher)) { msg(M_WARN, "WARNING: INSECURE cipher (%s) with block size less than 128" - " bit (%d bit). This allows attacks like SWEET32. Mitigate by " - "using a --cipher with a larger block size (e.g. AES-256-CBC).", + " bit (%d bit). This allows attacks like SWEET32. Mitigate by " + "using a --cipher with a larger block size (e.g. AES-256-CBC).", ciphername, cipher_kt_block_size(cipher)*8); } } @@ -846,7 +847,7 @@ init_key_ctx(struct key_ctx *ctx, const struct key *key, cipher_ctx_init(ctx->cipher, key->cipher, kt->cipher_length, kt->cipher, enc); - const char* ciphername = translate_cipher_name_to_openvpn(cipher_kt_name(kt->cipher)); + const char *ciphername = translate_cipher_name_to_openvpn(cipher_kt_name(kt->cipher)); msg(D_HANDSHAKE, "%s: Cipher '%s' initialized with %d bit key", prefix, ciphername, diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c index 30eba7b2..6c4df9e3 100644 --- a/src/openvpn/cryptoapi.c +++ b/src/openvpn/cryptoapi.c @@ -803,12 +803,13 @@ find_certificate_in_store(const char *cert_prop, HCERTSTORE cert_store) } blob.cbData = i; } - else { + else + { msg(M_WARN, "WARNING: cryptoapicert: unsupported certificate specification <%s>", cert_prop); goto out; } - while(true) + while (true) { int validity = 1; /* this frees previous rv, if not NULL */ diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index ea10f0bf..2082b9ea 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -1278,7 +1278,7 @@ read_incoming_tun(struct context *c) ASSERT(buf_init(&c->c2.buf, FRAME_HEADROOM(&c->c2.frame))); ASSERT(buf_safe(&c->c2.buf, MAX_RW_SIZE_TUN(&c->c2.frame))); c->c2.buf.len = read_tun(c->c1.tuntap, BPTR(&c->c2.buf), MAX_RW_SIZE_TUN(&c->c2.frame)); -#endif +#endif /* ifdef _WIN32 */ #ifdef PACKET_TRUNCATION_CHECK ipv4_packet_size_verify(BPTR(&c->c2.buf), diff --git a/src/openvpn/forward.h b/src/openvpn/forward.h index b711ff00..ff898133 100644 --- a/src/openvpn/forward.h +++ b/src/openvpn/forward.h @@ -434,7 +434,7 @@ io_wait(struct context *c, const unsigned int flags) c->c2.event_set_status = ret; } else -#endif +#endif /* ifdef _WIN32 */ { /* slow path */ io_wait_dowork(c, flags); diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c index 49864c0a..195941ca 100644 --- a/src/openvpn/manage.c +++ b/src/openvpn/manage.c @@ -3660,9 +3660,9 @@ management_query_pk_sig(struct management *man, const char *b64_data, buf_write(&buf_data, ",", (int) strlen(",")); buf_write(&buf_data, algorithm, (int) strlen(algorithm)); } - char* ret = management_query_multiline_flatten(man, - (char *)buf_bptr(&buf_data), prompt, desc, - &man->connection.ext_key_state, &man->connection.ext_key_input); + char *ret = management_query_multiline_flatten(man, + (char *)buf_bptr(&buf_data), prompt, desc, + &man->connection.ext_key_state, &man->connection.ext_key_input); free_buf(&buf_data); return ret; } diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c index 1c17948c..a10888ed 100644 --- a/src/openvpn/misc.c +++ b/src/openvpn/misc.c @@ -146,7 +146,7 @@ auth_user_pass_mgmt(struct user_pass *up, const char *prefix, const unsigned int } return true; } -#endif +#endif /* ifdef ENABLE_MANAGEMENT */ /* * Get and store a username/password diff --git a/src/openvpn/mroute.c b/src/openvpn/mroute.c index bdb1b0c0..a7e78213 100644 --- a/src/openvpn/mroute.c +++ b/src/openvpn/mroute.c @@ -324,7 +324,7 @@ mroute_extract_addr_ether(struct mroute_addr *src, break; } } -#endif +#endif /* ifdef ENABLE_PF */ } return ret; } diff --git a/src/openvpn/networking.h b/src/openvpn/networking.h index 5e6d898f..9c1d1696 100644 --- a/src/openvpn/networking.h +++ b/src/openvpn/networking.h @@ -31,8 +31,8 @@ struct context; #include "networking_iproute2.h" #else /* define mock types to ensure code builds on any platform */ -typedef void * openvpn_net_ctx_t; -typedef void * openvpn_net_iface_t; +typedef void *openvpn_net_ctx_t; +typedef void *openvpn_net_iface_t; static inline int net_ctx_init(struct context *c, openvpn_net_ctx_t *ctx) @@ -51,7 +51,7 @@ net_ctx_free(openvpn_net_ctx_t *ctx) { (void)ctx; } -#endif +#endif /* ifdef ENABLE_SITNL */ #if defined(ENABLE_SITNL) || defined(ENABLE_IPROUTE) diff --git a/src/openvpn/networking_iproute2.c b/src/openvpn/networking_iproute2.c index 0f9e899a..f3b9c614 100644 --- a/src/openvpn/networking_iproute2.c +++ b/src/openvpn/networking_iproute2.c @@ -43,7 +43,9 @@ net_ctx_init(struct context *c, openvpn_net_ctx_t *ctx) { ctx->es = NULL; if (c) + { ctx->es = c->es; + } ctx->gc = gc_new(); return 0; @@ -207,10 +209,14 @@ net_route_v4_add(openvpn_net_ctx_t *ctx, const in_addr_t *dst, int prefixlen, argv_printf(&argv, "%s route add %s/%d", iproute_path, dst_str, prefixlen); if (metric > 0) + { argv_printf_cat(&argv, "metric %d", metric); + } if (iface) + { argv_printf_cat(&argv, "dev %s", iface); + } if (gw) { @@ -246,7 +252,9 @@ net_route_v6_add(openvpn_net_ctx_t *ctx, const struct in6_addr *dst, } if (metric > 0) + { argv_printf_cat(&argv, "metric %d", metric); + } argv_msg(D_ROUTE, &argv); openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route -6 add command failed"); @@ -267,7 +275,9 @@ net_route_v4_del(openvpn_net_ctx_t *ctx, const in_addr_t *dst, int prefixlen, argv_printf(&argv, "%s route del %s/%d", iproute_path, dst_str, prefixlen); if (metric > 0) + { argv_printf_cat(&argv, "metric %d", metric); + } argv_msg(D_ROUTE, &argv); openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route delete command failed"); @@ -296,7 +306,9 @@ net_route_v6_del(openvpn_net_ctx_t *ctx, const struct in6_addr *dst, } if (metric > 0) + { argv_printf_cat(&argv, "metric %d", metric); + } argv_msg(D_ROUTE, &argv); openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route -6 del command failed"); @@ -314,7 +326,9 @@ net_route_v4_best_gw(openvpn_net_ctx_t *ctx, const in_addr_t *dst, FILE *fp = fopen("/proc/net/route", "r"); if (!fp) + { return -1; + } char line[256]; int count = 0; diff --git a/src/openvpn/networking_sitnl.h b/src/openvpn/networking_sitnl.h index f39d426d..6396b06e 100644 --- a/src/openvpn/networking_sitnl.h +++ b/src/openvpn/networking_sitnl.h @@ -23,6 +23,6 @@ #define NETWORKING_SITNL_H_ typedef char openvpn_net_iface_t; -typedef void * openvpn_net_ctx_t; +typedef void *openvpn_net_ctx_t; #endif /* NETWORKING_SITNL_H_ */ diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h index 900db7e1..595a9b1d 100644 --- a/src/openvpn/openvpn.h +++ b/src/openvpn/openvpn.h @@ -524,7 +524,7 @@ struct context struct env_set *es; /**< Set of environment variables. */ - openvpn_net_ctx_t net_ctx; /**< Networking API opaque context */ + openvpn_net_ctx_t net_ctx; /**< Networking API opaque context */ struct signal_info *sig; /**< Internal error signaling object. */ diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 49df8df1..63dc53c3 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -1241,8 +1241,10 @@ print_vlan_accept(enum vlan_acceptable_frames mode) { case VLAN_ONLY_TAGGED: return "tagged"; + case VLAN_ONLY_UNTAGGED_OR_PRIORITY: return "untagged"; + case VLAN_ALL: return "all"; } @@ -1320,7 +1322,7 @@ show_p2mp_parms(const struct options *o) SHOW_STR(port_share_port); #endif SHOW_BOOL(vlan_tagging); - msg(D_SHOW_PARMS, " vlan_accept = %s", print_vlan_accept (o->vlan_accept)); + msg(D_SHOW_PARMS, " vlan_accept = %s", print_vlan_accept(o->vlan_accept)); SHOW_INT(vlan_pvid); #endif /* P2MP_SERVER */ @@ -5301,7 +5303,7 @@ add_option(struct options *options, options->management_flags |= MF_EXTERNAL_CERT; options->management_certificate = p[1]; } -#endif +#endif /* ifdef ENABLE_MANAGEMENT */ #ifdef MANAGEMENT_DEF_AUTH else if (streq(p[0], "management-client-auth") && !p[1]) { @@ -7711,8 +7713,8 @@ add_option(struct options *options, } else { - if (streq(p[1], "secret") || streq(p[1], "tls-auth") || - streq(p[1], "tls-crypt")) + if (streq(p[1], "secret") || streq(p[1], "tls-auth") + || streq(p[1], "tls-crypt")) { options->genkey_type = GENKEY_SECRET; } diff --git a/src/openvpn/options.h b/src/openvpn/options.h index 2f1f6faf..4c1737e1 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -222,8 +222,8 @@ struct options bool show_curves; bool genkey; enum genkey_type genkey_type; - const char* genkey_filename; - const char* genkey_extra_data; + const char *genkey_filename; + const char *genkey_extra_data; /* Networking parms */ int connect_retry_max; diff --git a/src/openvpn/proto.h b/src/openvpn/proto.h index c1ff3e14..c2517674 100644 --- a/src/openvpn/proto.h +++ b/src/openvpn/proto.h @@ -67,7 +67,7 @@ struct openvpn_ethhdr struct openvpn_8021qhdr { uint8_t dest[OPENVPN_ETH_ALEN]; /* destination ethernet addr */ - uint8_t source[OPENVPN_ETH_ALEN]; /* source ethernet addr */ + uint8_t source[OPENVPN_ETH_ALEN]; /* source ethernet addr */ uint16_t tpid; /* 802.1Q Tag Protocol Identifier */ #define OPENVPN_8021Q_MASK_PCP htons(0xE000) /* mask PCP out of pcp_cfi_vid */ diff --git a/src/openvpn/push.c b/src/openvpn/push.c index aef00d34..39a906d4 100644 --- a/src/openvpn/push.c +++ b/src/openvpn/push.c @@ -72,19 +72,19 @@ receive_auth_failed(struct context *c, const struct buffer *buffer) { switch (auth_retry_get()) { - case AR_NONE: - c->sig->signal_received = SIGTERM; /* SOFT-SIGTERM -- Auth failure error */ - break; + case AR_NONE: + c->sig->signal_received = SIGTERM; /* SOFT-SIGTERM -- Auth failure error */ + break; - case AR_INTERACT: - ssl_purge_auth(false); + case AR_INTERACT: + ssl_purge_auth(false); - case AR_NOINTERACT: - c->sig->signal_received = SIGUSR1; /* SOFT-SIGUSR1 -- Auth failure error */ - break; + case AR_NOINTERACT: + c->sig->signal_received = SIGUSR1; /* SOFT-SIGUSR1 -- Auth failure error */ + break; - default: - ASSERT(0); + default: + ASSERT(0); } c->sig->signal_text = "auth-failure"; } diff --git a/src/openvpn/route.c b/src/openvpn/route.c index e0f8d201..51f76318 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -2152,7 +2152,7 @@ delete_route(struct route_ipv4 *r, #if !defined(TARGET_ANDROID) const char *gateway; #endif -#else +#else /* if !defined(TARGET_LINUX) */ int metric; #endif int is_local_route; diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 56d0576a..80e0d5ac 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -466,7 +466,7 @@ ssl_set_auth_token(const char *token) * Cleans an auth token and checks if it was active */ bool -ssl_clean_auth_token (void) +ssl_clean_auth_token(void) { bool wasdefined = auth_token.defined; purge_user_pass(&auth_token, true); @@ -2015,7 +2015,7 @@ tls_session_update_crypto_params(struct tls_session *session, { frame_remove_from_extra_frame(frame_fragment, crypto_max_overhead()); crypto_adjust_frame_parameters(frame_fragment, &session->opt->key_type, - options->replay, packet_id_long_form); + options->replay, packet_id_long_form); frame_set_mtu_dynamic(frame_fragment, options->ce.fragment, SET_MTU_UPPER_BOUND); frame_print(frame_fragment, D_MTU_INFO, "Fragmentation MTU parms"); } @@ -2411,7 +2411,9 @@ key_method_2_write(struct buffer *buf, struct tls_session *session) * username/password */ if (auth_token.defined) + { up = &auth_token; + } if (!write_string(buf, up->username, -1)) { diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h index f0a8ef54..2f6f7657 100644 --- a/src/openvpn/ssl.h +++ b/src/openvpn/ssl.h @@ -607,4 +607,5 @@ void show_available_tls_ciphers(const char *cipher_list, const char *cipher_list_tls13, const char *tls_cert_profile); + #endif /* ifndef OPENVPN_SSL_H */ diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c index d585111b..1f91b785 100644 --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c @@ -191,12 +191,13 @@ tls_ctx_initialised(struct tls_root_ctx *ctx) } #ifdef HAVE_EXPORT_KEYING_MATERIAL -int mbedtls_ssl_export_keys_cb(void *p_expkey, const unsigned char *ms, - const unsigned char *kb, size_t maclen, - size_t keylen, size_t ivlen, - const unsigned char client_random[32], - const unsigned char server_random[32], - mbedtls_tls_prf_types tls_prf_type) +int +mbedtls_ssl_export_keys_cb(void *p_expkey, const unsigned char *ms, + const unsigned char *kb, size_t maclen, + size_t keylen, size_t ivlen, + const unsigned char client_random[32], + const unsigned char server_random[32], + mbedtls_tls_prf_types tls_prf_type) { struct tls_session *session = p_expkey; struct key_state_ssl *ks_ssl = &session->key[KS_PRIMARY].ks_ssl; @@ -1126,7 +1127,7 @@ key_state_ssl_init(struct key_state_ssl *ks_ssl, if (session->opt->ekm_size) { mbedtls_ssl_conf_export_keys_ext_cb(ks_ssl->ssl_config, - mbedtls_ssl_export_keys_cb, session); + mbedtls_ssl_export_keys_cb, session); } #endif diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index d7bd6aa2..5955c6bd 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -683,7 +683,7 @@ tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name * so do nothing */ #endif return; -#else +#else /* if OPENSSL_VERSION_NUMBER >= 0x10002000L */ /* For older OpenSSL we have to extract the curve from key on our own */ EC_KEY *eckey = NULL; const EC_GROUP *ecgrp = NULL; @@ -1173,7 +1173,7 @@ openvpn_extkey_rsa_finish(RSA *rsa) * interface query */ const char * -get_rsa_padding_name (const int padding) +get_rsa_padding_name(const int padding) { switch (padding) { @@ -1190,14 +1190,14 @@ get_rsa_padding_name (const int padding) /** * Pass the input hash in 'dgst' to management and get the signature back. - * - * @param dgst hash to be signed - * @param dgstlen len of data in dgst - * @param sig On successful return signature is in sig. - * @param siglen length of buffer sig - * @param algorithm padding/hashing algorithm for the signature * - * @return signature length or -1 on error. + * @param dgst hash to be signed + * @param dgstlen len of data in dgst + * @param sig On successful return signature is in sig. + * @param siglen length of buffer sig + * @param algorithm padding/hashing algorithm for the signature + * + * @return signature length or -1 on error. */ static int get_sig_from_man(const unsigned char *dgst, unsigned int dgstlen, @@ -1239,7 +1239,7 @@ rsa_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, return -1; } - ret = get_sig_from_man(from, flen, to, len, get_rsa_padding_name (padding)); + ret = get_sig_from_man(from, flen, to, len, get_rsa_padding_name(padding)); return (ret == len) ? ret : -1; } @@ -1314,7 +1314,7 @@ err: } #if ((OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \ - || LIBRESSL_VERSION_NUMBER > 0x2090000fL) \ + || LIBRESSL_VERSION_NUMBER > 0x2090000fL) \ && !defined(OPENSSL_NO_EC) /* called when EC_KEY is destroyed */ @@ -1475,7 +1475,7 @@ tls_ctx_use_management_external_key(struct tls_root_ctx *ctx) } } #if ((OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \ - || LIBRESSL_VERSION_NUMBER > 0x2090000fL) \ + || LIBRESSL_VERSION_NUMBER > 0x2090000fL) \ && !defined(OPENSSL_NO_EC) else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) { @@ -2135,8 +2135,8 @@ show_available_tls_ciphers_list(const char *cipher_list, crypto_msg(M_FATAL, "Cannot create SSL object"); } -#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || \ - (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <= 0x2090000fL) +#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) \ + || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <= 0x2090000fL) STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl); #else STACK_OF(SSL_CIPHER) *sk = SSL_get1_supported_ciphers(ssl); diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c index da0966c5..9362b8e9 100644 --- a/src/openvpn/ssl_verify.c +++ b/src/openvpn/ssl_verify.c @@ -804,7 +804,7 @@ cleanup: #endif void -auth_set_client_reason(struct tls_multi* multi, const char* client_reason) +auth_set_client_reason(struct tls_multi *multi, const char *client_reason) { if (multi->client_reason) { @@ -1204,7 +1204,7 @@ verify_user_pass_plugin(struct tls_session *session, struct tls_multi *multi, static int verify_user_pass_management(struct tls_session *session, - struct tls_multi* multi, + struct tls_multi *multi, const struct user_pass *up) { int retval = KMDA_ERROR; @@ -1301,16 +1301,16 @@ verify_user_pass(struct user_pass *up, struct tls_multi *multi, * for equality with AUTH_TOKEN_HMAC_OK */ msg(M_WARN, "TLS: Username/auth-token authentication " - "succeeded for username '%s'", + "succeeded for username '%s'", up->username); - skip_auth = true; + skip_auth = true; } else { wipe_auth_token(multi); ks->authenticated = false; msg(M_WARN, "TLS: Username/auth-token authentication " - "failed for username '%s'", up->username); + "failed for username '%s'", up->username); return; } } @@ -1335,12 +1335,12 @@ verify_user_pass(struct user_pass *up, struct tls_multi *multi, } /* check sizing of username if it will become our common name */ - if ((session->opt->ssl_flags & SSLF_USERNAME_AS_COMMON_NAME) && - strlen(up->username)>TLS_USERNAME_LEN) + if ((session->opt->ssl_flags & SSLF_USERNAME_AS_COMMON_NAME) + && strlen(up->username)>TLS_USERNAME_LEN) { msg(D_TLS_ERRORS, - "TLS Auth Error: --username-as-common name specified and username is longer than the maximum permitted Common Name length of %d characters", - TLS_USERNAME_LEN); + "TLS Auth Error: --username-as-common name specified and username is longer than the maximum permitted Common Name length of %d characters", + TLS_USERNAME_LEN); s1 = OPENVPN_PLUGIN_FUNC_ERROR; } /* auth succeeded? */ diff --git a/src/openvpn/ssl_verify.h b/src/openvpn/ssl_verify.h index c54b89a6..21b37a0f 100644 --- a/src/openvpn/ssl_verify.h +++ b/src/openvpn/ssl_verify.h @@ -234,7 +234,8 @@ bool tls_authenticate_key(struct tls_multi *multi, const unsigned int mda_key_id * @param multi The multi tls struct * @param client_reason The string to send to the client as part of AUTH_FAILED */ -void auth_set_client_reason(struct tls_multi* multi, const char* client_reason); +void auth_set_client_reason(struct tls_multi *multi, const char *client_reason); + #endif static inline const char * diff --git a/src/openvpn/vlan.c b/src/openvpn/vlan.c index a5885de2..9290179d 100644 --- a/src/openvpn/vlan.c +++ b/src/openvpn/vlan.c @@ -58,7 +58,7 @@ static void vlanhdr_set_vid(struct openvpn_8021qhdr *hdr, const uint16_t vid) { hdr->pcp_cfi_vid = (hdr->pcp_cfi_vid & ~OPENVPN_8021Q_MASK_VID) - | (htons(vid) & OPENVPN_8021Q_MASK_VID); + | (htons(vid) & OPENVPN_8021Q_MASK_VID); } /* @@ -135,7 +135,7 @@ vlan_decapsulate(const struct context *c, struct buffer *buf) goto drop; } - /* vid == 0 means prio-tagged packet: don't drop and fall-through */ + /* vid == 0 means prio-tagged packet: don't drop and fall-through */ case VLAN_ONLY_TAGGED: case VLAN_ALL: /* tagged frame can be accepted: extract vid and strip encapsulation */ diff --git a/src/openvpn/win32.h b/src/openvpn/win32.h index 4b508c56..79504776 100644 --- a/src/openvpn/win32.h +++ b/src/openvpn/win32.h @@ -69,7 +69,7 @@ struct security_attributes struct window_title { bool saved; - char old_window_title [256]; + char old_window_title[256]; }; struct rw_handle {