@@ -257,11 +257,11 @@
}
else if (buf_string_match_head_str(buf, "INFO_PRE"))
{
- server_pushed_info(c, buf, 8);
+ server_pushed_info(buf, 8);
}
else if (buf_string_match_head_str(buf, "INFO"))
{
- server_pushed_info(c, buf, 4);
+ server_pushed_info(buf, 4);
}
else if (buf_string_match_head_str(buf, "CR_RESPONSE"))
{
@@ -1763,8 +1763,7 @@
}
static void
-multi_client_connect_setenv(struct multi_context *m,
- struct multi_instance *mi)
+multi_client_connect_setenv(struct multi_instance *mi)
{
struct gc_arena gc = gc_new();
@@ -2559,7 +2558,7 @@
/* do --client-connect setenvs */
multi_select_virtual_addr(m, mi);
- multi_client_connect_setenv(m, mi);
+ multi_client_connect_setenv(mi);
}
/**
@@ -2652,7 +2651,7 @@
*/
multi_select_virtual_addr(m, mi);
- multi_client_connect_setenv(m, mi);
+ multi_client_connect_setenv(mi);
ret = CC_RET_SUCCEEDED;
}
@@ -2924,7 +2923,6 @@
multi_bcast(struct multi_context *m,
const struct buffer *buf,
const struct multi_instance *sender_instance,
- const struct mroute_addr *sender_addr,
uint16_t vid)
{
struct hash_iterator hi;
@@ -3452,7 +3450,7 @@
if (mroute_flags & MROUTE_EXTRACT_MCAST)
{
/* for now, treat multicast as broadcast */
- multi_bcast(m, &c->c2.to_tun, m->pending, NULL, 0);
+ multi_bcast(m, &c->c2.to_tun, m->pending, 0);
}
else /* possible client to client routing */
{
@@ -3504,8 +3502,7 @@
{
if (mroute_flags & (MROUTE_EXTRACT_BCAST|MROUTE_EXTRACT_MCAST))
{
- multi_bcast(m, &c->c2.to_tun, m->pending, NULL,
- vid);
+ multi_bcast(m, &c->c2.to_tun, m->pending, vid);
}
else /* try client-to-client routing */
{
@@ -3598,7 +3595,7 @@
if (mroute_flags & (MROUTE_EXTRACT_BCAST|MROUTE_EXTRACT_MCAST))
{
/* for now, treat multicast as broadcast */
- multi_bcast(m, &m->top.c2.buf, NULL, NULL, vid);
+ multi_bcast(m, &m->top.c2.buf, NULL, vid);
}
else
{
@@ -3770,7 +3767,7 @@
for (i = 0; i < parm.n_packets; ++i)
{
- multi_bcast(m, &buf, NULL, NULL, 0);
+ multi_bcast(m, &buf, NULL, 0);
}
gc_free(&gc);
@@ -2118,7 +2118,6 @@
parse_http_proxy_override(const char *server,
const char *port,
const char *flags,
- const int msglevel,
struct gc_arena *gc)
{
if (server && port)
@@ -2287,7 +2286,7 @@
}
static struct pull_filter *
-alloc_pull_filter(struct options *o, const int msglevel)
+alloc_pull_filter(struct options *o)
{
struct pull_filter_list *l = alloc_pull_filter_list(o);
struct pull_filter *f;
@@ -6299,7 +6298,7 @@
else if (streq(p[0], "http-proxy-override") && p[1] && p[2] && !p[4])
{
VERIFY_PERMISSION(OPT_P_GENERAL);
- options->http_proxy_override = parse_http_proxy_override(p[1], p[2], p[3], msglevel, &options->gc);
+ options->http_proxy_override = parse_http_proxy_override(p[1], p[2], p[3], &options->gc);
if (!options->http_proxy_override)
{
goto err;
@@ -7213,7 +7212,7 @@
{
struct pull_filter *f;
VERIFY_PERMISSION(OPT_P_GENERAL)
- f = alloc_pull_filter(options, msglevel);
+ f = alloc_pull_filter(options);
if (strcmp("accept", p[1]) == 0)
{
@@ -573,8 +573,7 @@
static bool
add_proxy_headers(struct http_proxy_info *p,
socket_descriptor_t sd, /* already open to proxy */
- const char *host, /* openvpn server remote */
- const char *port /* openvpn server port */
+ const char *host /* openvpn server remote */
)
{
char buf[512];
@@ -694,7 +693,7 @@
goto error;
}
- if (!add_proxy_headers(p, sd, host, port))
+ if (!add_proxy_headers(p, sd, host))
{
goto error;
}
@@ -833,7 +832,7 @@
}
/* send HOST etc, */
- if (!add_proxy_headers(p, sd, host, port))
+ if (!add_proxy_headers(p, sd, host))
{
goto error;
}
@@ -959,7 +958,7 @@
}
/* send HOST etc, */
- if (!add_proxy_headers(p, sd, host, port))
+ if (!add_proxy_headers(p, sd, host))
{
goto error;
}
@@ -226,8 +226,7 @@
void
-server_pushed_info(struct context *c, const struct buffer *buffer,
- const int adv)
+server_pushed_info(const struct buffer *buffer, const int adv)
{
const char *m = "";
struct buffer buf = *buffer;
@@ -259,7 +258,7 @@
gc_free(&gc);
}
- #endif
+#endif
msg(D_PUSH, "Info command was pushed by server ('%s')", m);
}
@@ -50,8 +50,7 @@
void receive_exit_message(struct context *c);
-void server_pushed_info(struct context *c, const struct buffer *buffer,
- const int adv);
+void server_pushed_info(const struct buffer *buffer, const int adv);
void receive_cr_response(struct context *c, const struct buffer *buffer);
@@ -1243,7 +1243,7 @@
{
if (flags & ROUTE_DELETE_FIRST)
{
- delete_route_ipv6(r, tt, flags, es, ctx);
+ delete_route_ipv6(r, tt, es, ctx);
}
ret = add_route_ipv6(r, tt, flags, es, ctx) && ret;
}
@@ -1280,7 +1280,7 @@
struct route_ipv6 *r6;
for (r6 = rl6->routes_ipv6; r6; r6 = r6->next)
{
- delete_route_ipv6(r6, tt, flags, es, ctx);
+ delete_route_ipv6(r6, tt, es, ctx);
}
rl6->iflags &= ~RL_ROUTES_ADDED;
}
@@ -2383,7 +2383,7 @@
void
delete_route_ipv6(const struct route_ipv6 *r6, const struct tuntap *tt,
- unsigned int flags, const struct env_set *es,
+ const struct env_set *es,
openvpn_net_ctx_t *ctx)
{
const char *network;
@@ -280,7 +280,7 @@
bool add_route_ipv6(struct route_ipv6 *r, const struct tuntap *tt, unsigned int flags, const struct env_set *es, openvpn_net_ctx_t *ctx);
-void delete_route_ipv6(const struct route_ipv6 *r, const struct tuntap *tt, unsigned int flags, const struct env_set *es, openvpn_net_ctx_t *ctx);
+void delete_route_ipv6(const struct route_ipv6 *r, const struct tuntap *tt, const struct env_set *es, openvpn_net_ctx_t *ctx);
bool add_route(struct route_ipv4 *r, const struct tuntap *tt, unsigned int flags,
const struct route_gateway_info *rgi, const struct env_set *es,
@@ -2148,7 +2148,6 @@
establish_socks_proxy_udpassoc(sock->socks_proxy,
sock->ctrl_sd,
- sock->sd,
&sock->socks_relay.dest,
sock->server_poll_timeout,
sig_info);
@@ -3461,7 +3460,7 @@
#ifdef _WIN32
return link_socket_write_win32(sock, buf, to);
#else
- return link_socket_write_tcp_posix(sock, buf, to);
+ return link_socket_write_tcp_posix(sock, buf);
#endif
}
@@ -1172,8 +1172,7 @@
static inline ssize_t
link_socket_write_tcp_posix(struct link_socket *sock,
- struct buffer *buf,
- struct link_socket_actual *to)
+ struct buffer *buf)
{
return send(sock->sd, BPTR(buf), BLEN(buf), MSG_NOSIGNAL);
}
@@ -516,7 +516,6 @@
void
establish_socks_proxy_udpassoc(struct socks_proxy_info *p,
socket_descriptor_t ctrl_sd, /* already open to proxy */
- socket_descriptor_t udp_sd,
struct openvpn_sockaddr *relay_addr,
struct event_timeout *server_poll_timeout,
struct signal_info *sig_info)
@@ -57,7 +57,6 @@
void establish_socks_proxy_udpassoc(struct socks_proxy_info *p,
socket_descriptor_t ctrl_sd, /* already open to proxy */
- socket_descriptor_t udp_sd,
struct openvpn_sockaddr *relay_addr,
struct event_timeout *server_poll_timeout,
struct signal_info *sig_info);
@@ -1676,7 +1676,7 @@
/* If dynamic tls-crypt has been negotiated, and we are on the
* first session (key_id = 0), generate a tls-crypt key for the
* following renegotiations */
- if (!tls_session_generate_dynamic_tls_crypt_key(multi, session))
+ if (!tls_session_generate_dynamic_tls_crypt_key(session))
{
return false;
}
@@ -2241,8 +2241,7 @@
}
static void
-export_user_keying_material(struct key_state_ssl *ssl,
- struct tls_session *session)
+export_user_keying_material(struct tls_session *session)
{
if (session->opt->ekm_size > 0)
{
@@ -2430,7 +2429,7 @@
if ((ks->authenticated > KS_AUTH_FALSE)
&& plugin_defined(session->opt->plugins, OPENVPN_PLUGIN_TLS_FINAL))
{
- export_user_keying_material(&ks->ks_ssl, session);
+ export_user_keying_material(session);
if (plugin_call(session->opt->plugins, OPENVPN_PLUGIN_TLS_FINAL, NULL, NULL, session->opt->es) != OPENVPN_PLUGIN_FUNC_SUCCESS)
{
@@ -401,7 +401,7 @@
*/
static void
verify_cert_set_env(struct env_set *es, openvpn_x509_cert_t *peer_cert, int cert_depth,
- const char *subject, const char *common_name,
+ const char *subject,
const struct x509_track *x509_track)
{
char envname[64];
@@ -422,12 +422,6 @@
snprintf(envname, sizeof(envname), "tls_id_%d", cert_depth);
setenv_str(es, envname, subject);
-#if 0
- /* export common name string as environmental variable */
- snprintf(envname, sizeof(envname), "tls_common_name_%d", cert_depth);
- setenv_str(es, envname, common_name);
-#endif
-
/* export X509 cert fingerprints */
{
struct buffer sha1 = x509_get_sha1_fingerprint(peer_cert, &gc);
@@ -518,7 +512,7 @@
*/
static result_t
verify_cert_call_command(const char *verify_command, struct env_set *es,
- int cert_depth, openvpn_x509_cert_t *cert, char *subject)
+ int cert_depth, char *subject)
{
int ret;
struct gc_arena gc = gc_new();
@@ -744,8 +738,7 @@
}
}
/* export certificate values to the environment */
- verify_cert_set_env(opt->es, cert, cert_depth, subject, common_name,
- opt->x509_track);
+ verify_cert_set_env(opt->es, cert, cert_depth, subject, opt->x509_track);
/* export current untrusted IP */
setenv_untrusted(session);
@@ -764,7 +757,7 @@
/* run --tls-verify script */
if (opt->verify_command && SUCCESS != verify_cert_call_command(opt->verify_command,
- opt->es, cert_depth, cert, subject))
+ opt->es, cert_depth, subject))
{
goto cleanup;
}
@@ -1017,7 +1010,6 @@
*/
static char *
key_state_check_auth_failed_message_file(const struct auth_deferred_status *ads,
- struct tls_multi *multi,
struct gc_arena *gc)
{
char *ret = NULL;
@@ -1201,8 +1193,8 @@
{
struct gc_arena gc = gc_new();
const struct key_state *ks = get_primary_key(multi);
- const char *plugin_message = key_state_check_auth_failed_message_file(&ks->plugin_auth, multi, &gc);
- const char *script_message = key_state_check_auth_failed_message_file(&ks->script_auth, multi, &gc);
+ const char *plugin_message = key_state_check_auth_failed_message_file(&ks->plugin_auth, &gc);
+ const char *script_message = key_state_check_auth_failed_message_file(&ks->script_auth, &gc);
if (plugin_message)
{
@@ -1286,7 +1278,7 @@
struct auth_deferred_status *status)
{
struct gc_arena gc = gc_new();
- const char *msg = key_state_check_auth_failed_message_file(status, multi, &gc);
+ const char *msg = key_state_check_auth_failed_message_file(status, &gc);
if (msg)
{
auth_set_client_reason(multi, msg);
@@ -1529,7 +1521,6 @@
static int
verify_user_pass_management(struct tls_session *session,
- struct tls_multi *multi,
const struct user_pass *up)
{
int retval = KMDA_ERROR;
@@ -1675,7 +1666,7 @@
#ifdef ENABLE_MANAGEMENT
if (man_def_auth == KMDA_DEF)
{
- man_def_auth = verify_user_pass_management(session, multi, up);
+ man_def_auth = verify_user_pass_management(session, up);
}
#endif
if (plugin_defined(session->opt->plugins, OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY))
@@ -95,8 +95,7 @@
}
bool
-tls_session_generate_dynamic_tls_crypt_key(struct tls_multi *multi,
- struct tls_session *session)
+tls_session_generate_dynamic_tls_crypt_key(struct tls_session *session)
{
session->tls_wrap_reneg.opt = session->tls_wrap.opt;
session->tls_wrap_reneg.mode = TLS_WRAP_CRYPT;
@@ -122,13 +122,11 @@
*
* All renegotiations of a session use the same generated dynamic key.
*
- * @param multi multi session struct
* @param session session that will be used for the TLS EKM exporter
* @return true iff generating the key was successful
*/
bool
-tls_session_generate_dynamic_tls_crypt_key(struct tls_multi *multi,
- struct tls_session *session);
+tls_session_generate_dynamic_tls_crypt_key(struct tls_session *session);
/**
* Returns the maximum overhead (in bytes) added to the destination buffer by
@@ -1068,7 +1068,7 @@
r6.metric = 0; /* connected route */
r6.flags = RT_DEFINED | RT_ADDED | RT_METRIC_DEFINED;
route_ipv6_clear_host_bits(&r6);
- delete_route_ipv6(&r6, tt, 0, NULL, NULL);
+ delete_route_ipv6(&r6, tt, NULL, NULL);
}
#endif /* if defined(_WIN32) || defined(TARGET_DARWIN) || defined(TARGET_NETBSD) || defined(TARGET_OPENBSD) */
@@ -241,7 +241,6 @@
struct gc_arena gc = gc_new();
- struct tls_multi multi = { 0 };
struct tls_session session = { 0 };
struct tls_options tls_opt = { 0 };
@@ -250,7 +249,7 @@
tls_opt.frame.buf.payload_size = 512;
session.opt = &tls_opt;
- tls_session_generate_dynamic_tls_crypt_key(&multi, &session);
+ tls_session_generate_dynamic_tls_crypt_key(&session);
struct tls_wrap_ctx *rctx = &session.tls_wrap_reneg;
@@ -272,7 +271,7 @@
memset(&session.tls_wrap.original_wrap_keydata.keys, 0x00, sizeof(session.tls_wrap.original_wrap_keydata.keys));
session.tls_wrap.original_wrap_keydata.n = 2;
- tls_session_generate_dynamic_tls_crypt_key(&multi, &session);
+ tls_session_generate_dynamic_tls_crypt_key(&session);
tls_crypt_wrap(&ctx->source, &rctx->work, &rctx->opt);
assert_int_equal(buf_len(&ctx->source) + 40, buf_len(&rctx->work));
@@ -281,7 +280,7 @@
/* XOR should not force a different key */
memset(&session.tls_wrap.original_wrap_keydata.keys, 0x42, sizeof(session.tls_wrap.original_wrap_keydata.keys));
- tls_session_generate_dynamic_tls_crypt_key(&multi, &session);
+ tls_session_generate_dynamic_tls_crypt_key(&session);
tls_crypt_wrap(&ctx->source, &rctx->work, &rctx->opt);
assert_int_equal(buf_len(&ctx->source) + 40, buf_len(&rctx->work));