From patchwork Sat Dec 28 14:13:47 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "flichtenheld (Code Review)" X-Patchwork-Id: 4029 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:998b:b0:5e7:b9eb:58e8 with SMTP id d11csp6790215mav; Sat, 28 Dec 2024 06:14:13 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCUuTnWsqq3du80JVtXhvck0FGjdkpC+BOWd0Yk7jQmcOfQOQWl2SVO89WBIsyEcJHaxxMTf57953Go=@openvpn.net X-Google-Smtp-Source: AGHT+IGO4i1Aaz6m8+Q/Qz1WSEOAI9ziye26TC/hnJBsxCznmUuoiguiMSSTCSm91k+kaGu8cfXY X-Received: by 2002:a05:6820:2916:b0:5f6:9bae:a657 with SMTP id 006d021491bc7-5f69baeaa13mr2148372eaf.0.1735395253352; Sat, 28 Dec 2024 06:14:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1735395253; cv=none; d=google.com; s=arc-20240605; b=i/8Hf47mx8rTQRyb6wFf4jMPpmqvuQz0BI14GR6T78mTxVvyAC4dCuzUea4pOkoDUM 9bpfw+audv4R5lIC1zub9YDtksqWR7uUIym/JLhMKqcj/AubauC5ZVu9JBtgV41IrREB EZ3FJxYA7PE7ybAQpGTuJijhunB1ij6QtZYu+Ipb6QBKTJoGAv7Bi9v7OO5ryKu12brS 7eTmqwdZslFYWsKp1qWSl/rGFO26B5sRw6E2R5I+Rcin38IRt2+VnH8vlNnRgkVKz4KU VV9kvVkeGNoloyaE5VBgnUsgYz9HzFEDx15AKoJWiQFSOw9grJwaP+ObF0ezdwCQpOha ++hg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=M6gfmiEotuk7jNU4fh0u1Dfr73YqUFIsPRqxyF1f8sc=; fh=GFP4qDxgyJ2WEPo/oeLZg3Mj4NqvY1j2nTvTt7psNwg=; b=TCOiQuoxCqgicRNAB4bLQ9RhirZPuvsZ+OwdfBdnqVB/KJ557Mrekxr4I5cmE2B8/e ndbIAPf7oLO2hFlrOqObG4uvq+r02h+YjUqcXEp0GfS66yQRpZWnFm3v3mkhKQckvWit b4OTZu6sg1Z4Y7EFdHcukoFe4QZVPjSUT/ZOixQY1m6Zs7p1YuPPJJlPP4hjxq5cvHbZ nKYmKVuDfA2J/nbOwaXFv54TVvduGHHBTqEHU5XBbEHxc5BvSHoPXPL3uhgqxeNOPxHd mDgrXRZu37eTMGsNlBW9wQ9eJDIEqPnAmCFLGNgwDXYtSNrAw5PoEw/Y26ROVfUJOgLL aFVQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=SaZB4Th1; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=S9yRo5Cr; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=ffnkWUw8; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 006d021491bc7-5f4db5d0fb2si11548979eaf.30.2024.12.28.06.14.12 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 28 Dec 2024 06:14:13 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=SaZB4Th1; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=S9yRo5Cr; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=ffnkWUw8; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1tRXZr-00037l-Pb; Sat, 28 Dec 2024 14:14:03 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tRXZq-00037Y-Ht for openvpn-devel@lists.sourceforge.net; Sat, 28 Dec 2024 14:14:02 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=iFhxN49kYDdx2+C4nQCJLkuiHjafZr53f1gTX9ShJ08=; b=SaZB4Th1SW9HdnMxYtPOSTBR7v jrqrBEYx1HG1oSL3h04tkfTuUJH+AO8eEkexbEAUOhWFfjEiAoC95mU6S23VFoNtZLT7wm48R4f5Q 3D/3jfykOAvZ1zxU2v04qUlq1jFmKi1NDbb+SRNA8XYBAxhHs1McSns2+55piT/FYJfM=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=iFhxN49kYDdx2+C4nQCJLkuiHjafZr53f1gTX9ShJ08=; b=S 9yRo5Cr0a+DTgDTNinxODpphpRI+CmfMBGN46eXxhbDrvF/Rlv+3dQs1Tud10XblEaVsM7RYxU3y2 RWfpST0awiyNNXL8xc+8Tn6VtvOGdfxa6gBLPIFQ1Wsv63WNNRWlCY3KBnQhSHUFkvQTaXEiTuqiK G/EuV8PCPB32ieqM=; Received: from mail-wr1-f54.google.com ([209.85.221.54]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1tRXZo-0004YU-Ay for openvpn-devel@lists.sourceforge.net; Sat, 28 Dec 2024 14:14:02 +0000 Received: by mail-wr1-f54.google.com with SMTP id ffacd0b85a97d-386329da1d9so3579306f8f.1 for ; Sat, 28 Dec 2024 06:14:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1735395229; x=1736000029; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=iFhxN49kYDdx2+C4nQCJLkuiHjafZr53f1gTX9ShJ08=; b=ffnkWUw8ejn5mAhn5r6oowG2UdC/3u5rT9AgrUH2eW3P8odSVUQUCkYZZVrsXiX8CC h2BH6iAmQeTzZfFGBXyNAbFotCxv2yPKoWHJhYsZQxY1I6dNQiJIH8vopqcZI+ocrTZj +gLos/nFcdPYZ8rkfengqT4t00qSPz6J+MXcJg6HnnC2AkglWhDtQfDqETGtUMO889N7 c17RFJuhLyn6IJ/10IxtxRJzckY60fpvEZqkcJLV+xFsYR5nENNWgF+5f5AdLvq4gKfM Snh5HnvDZAaU//iSznO8cVI3LGv2MDW+zsgKafMm+gK3DLq4eMeRdFufHBzC626HjwUK wwsw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735395229; x=1736000029; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=iFhxN49kYDdx2+C4nQCJLkuiHjafZr53f1gTX9ShJ08=; b=aBO0vo1AtTh5NGV0k20XYal9eYp6M3sNsN+V+UCFgZIdUa+SlfPENMAET7BlCNU+P7 PqdtXdjCmpL/GCTfevIjDFMcRERsUXme7ztShnj/LiFUnEiYep5q7voczlBICz0tvA2b KzjgZ26rPjkDCDPv91EdTN9TsSGrrYxFy7+LRMFiyh9bWpwtw4Dtlr/HTvmSvxAS58R7 MgJa5UZTjRlpaIDyVJ0dV/RiYAJGd1xBiUoM6oaV+9mMdOlDMkBb4Dvu9TvDyfaf97h2 oOSeH85IX036zfXYeTa2lXGbJOmirP03STS+6KqDWKPU1XEEvA3F+9Yrmt2cI4vjs640 Di4g== X-Gm-Message-State: AOJu0YznMdb9IV0uWL+0S7trpemfWzy8dvZJyd8dM5GRFjuOd989+qRs JMSNapoFtK6gliAFftMQInnWxMD+2jB5PS/tTn90mgGA+ag55GHeTqEaqP6usSPKRqbgo7/iDnh u X-Gm-Gg: ASbGncv9Bm5hwp4eCbKANvVlSwCpEpd08NWls8kynOALNMvGJyJQwv+ptzX9nl1iYy+ pVjBwi9UrlG/BV8dd+xQICyB9J7vlTQFrm3XDTFQTw9LGKVunq4sjE6n3KjHgfRLWnHvPrgiy50 /zTtOO+bEd3tcssva3K9D9PtEySE0PLytodDL7L3fUJ+wI0HZxTH7A0dZmE+K13EKuqv2sEAg0c v7j6hSZQqISiIKwxcEUBPJotpYqtmXuT4iVrbNCcq42SrJtMyvuJ5aeZ1T2yUA5zIie1k7WfiQy KxXak0vdH3LLEBMVvC46LwWMuHrLC2SExeMDfrjEEKUDvWD8 X-Received: by 2002:a5d:47a7:0:b0:385:f398:3e2 with SMTP id ffacd0b85a97d-38a223ff39cmr23059718f8f.37.1735395228398; Sat, 28 Dec 2024 06:13:48 -0800 (PST) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-38a1c89e528sm25270284f8f.83.2024.12.28.06.13.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 28 Dec 2024 06:13:48 -0800 (PST) From: "flichtenheld (Code Review)" X-Google-Original-From: "flichtenheld (Code Review)" X-Gerrit-PatchSet: 1 Date: Sat, 28 Dec 2024 14:13:47 +0000 To: plaisthos Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: I3bf775bbdea742575210606e174ccafe840677c9 X-Gerrit-Change-Number: 848 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: 4f1d4b93095b7a6a733c4b34e8569f437733257c References: Message-ID: <79e9198c7136f9b0b91a34263c80624c71712432-HTML@gerrit.openvpn.net> MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: plaisthos. Hello plaisthos, I'd like you to do a code review. Please visit Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.221.54 listed in bl.score.senderscore.com] 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.221.54 listed in sa-trusted.bondedsender.org] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.221.54 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.221.54 listed in wl.mailspike.net] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Headers-End: 1tRXZo-0004YU-Ay Subject: [Openvpn-devel] [M] Change in openvpn[master]: Doxygen: Fix missing parameter warnings X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: frank@lichtenheld.com, arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1819693813263246134?= X-GMAIL-MSGID: =?utf-8?q?1819693813263246134?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: plaisthos. Hello plaisthos, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/848?usp=email to review the following change. Change subject: Doxygen: Fix missing parameter warnings ...................................................................... Doxygen: Fix missing parameter warnings This fixes almost all of the remaining warnings in our doxygen. Mostly about missing parameters in otherwise documented functions (completely undocumented functions do not cause warnings). Other changes: - Exclude out/ directory (used by CMakePresets.json) - Output doxygen warnings into a separate file, which can be used by CI systems to check for new warnings - Increase DOT_GRAPH_MAX_NODES to avoid warnings about some of the central header files (syshead.h and buffer.h) Change-Id: I3bf775bbdea742575210606e174ccafe840677c9 Signed-off-by: Frank Lichtenheld --- M doc/doxygen/openvpn.doxyfile.in M src/openvpn/forward.c M src/openvpn/fragment.h M src/openvpn/manage.c M src/openvpn/mudp.h M src/openvpn/options.c M src/openvpn/ssl.h M src/openvpn/ssl_backend.h M src/openvpn/ssl_ncp.h M src/openvpn/ssl_pkt.c M src/openvpn/ssl_pkt.h M src/openvpn/ssl_util.h M src/openvpn/tls_crypt.h 13 files changed, 41 insertions(+), 29 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/48/848/1 diff --git a/doc/doxygen/openvpn.doxyfile.in b/doc/doxygen/openvpn.doxyfile.in index 573b7c2..b4697bd 100644 --- a/doc/doxygen/openvpn.doxyfile.in +++ b/doc/doxygen/openvpn.doxyfile.in @@ -852,7 +852,7 @@ # messages should be written. If left blank the output is written to standard # error (stderr). -WARN_LOGFILE = +WARN_LOGFILE = @abs_top_builddir@/doc/doxygen.warnings.log #--------------------------------------------------------------------------- # Configuration options related to the input files @@ -938,7 +938,7 @@ # Note that relative paths are relative to the directory from which doxygen is # run. -EXCLUDE = +EXCLUDE = @abs_top_srcdir@/out/ # The EXCLUDE_SYMLINKS tag can be used to select whether or not files or # directories that are symbolic links (a Unix file system feature) are excluded @@ -2600,7 +2600,7 @@ # Minimum value: 0, maximum value: 10000, default value: 50. # This tag requires that the tag HAVE_DOT is set to YES. -DOT_GRAPH_MAX_NODES = 50 +DOT_GRAPH_MAX_NODES = 120 # The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the graphs # generated by dot. A depth value of 3 means that only nodes reachable from the diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 2c72001..8cc1e7aa 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -1513,10 +1513,10 @@ * IPv6 packet in buf and sends it directly back to the client via the tun * device when used on a client and via the link if used on the server. * - * @param buf - The buf containing the packet for which the icmp6 - * unreachable should be constructed. - * - * @param client - determines whether to the send packet back via tun or link + * @param c Tunnel context + * @param buf The buf containing the packet for which the icmp6 + * unreachable should be constructed. + * @param client Determines whether to the send packet back via tun or link */ void ipv6_send_icmp_unreachable(struct context *c, struct buffer *buf, bool client) diff --git a/src/openvpn/fragment.h b/src/openvpn/fragment.h index 3cd0ee7..66994bb 100644 --- a/src/openvpn/fragment.h +++ b/src/openvpn/fragment.h @@ -454,10 +454,11 @@ * packets which have not yet been reassembled completely but are already * older than their time-to-live. * - * @param f - The \c fragment_master structure for this VPN - * tunnel. - * @param frame - The packet geometry parameters for this VPN - * tunnel. + * @param[in] f The \c fragment_master structure for this VPN + * tunnel. + * @param[in] frame The packet geometry parameters for this VPN + * tunnel. + * @param[out] tv Will be set to time for next housekeeping. */ static inline void fragment_housekeeping(struct fragment_master *f, struct frame *frame, struct timeval *tv) diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c index 0c77f85..02d2d8a 100644 --- a/src/openvpn/manage.c +++ b/src/openvpn/manage.c @@ -1052,8 +1052,9 @@ * @param man The management interface struct * @param cid_str The CID in string form * @param kid_str The key ID in string form - * @param extra The string to be send to the client containing + * @param extra The string to be sent to the client containing * the information of the additional steps + * @param timeout_str The timeout value in string form */ static void man_client_pending_auth(struct management *man, const char *cid_str, diff --git a/src/openvpn/mudp.h b/src/openvpn/mudp.h index 14e90d0..acb67f6 100644 --- a/src/openvpn/mudp.h +++ b/src/openvpn/mudp.h @@ -55,7 +55,8 @@ * it. If no entry exists, this function handles its creation, and if * successful, returns the newly created instance. * - * @param m - The single multi_context structure. + * @param m The single multi_context structure. + * @param[out] floated Returns whether the client has floated. * * @return A pointer to a multi_instance if one already existed for the * packet's source address or if one was a newly created successfully. diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 20e8d55..ed8273f 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -3572,6 +3572,7 @@ * altered to guarantee compatibility with the version specified by the * user via --compat-mode. * + * @param o Options state * @param version need compatibility with openvpn versions before the * one specified (20401 = before 2.4.1) * @return whether compatibility should be enabled diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h index 3561c41..9f8e368 100644 --- a/src/openvpn/ssl.h +++ b/src/openvpn/ssl.h @@ -278,13 +278,14 @@ * packet is inserted into the Reliability Layer and will be handled * later. * - * @param multi - The TLS multi structure associated with the VPN tunnel + * @param[in] multi The TLS multi structure associated with the VPN tunnel * of this packet. - * @param from - The source address of the packet. - * @param buf - A buffer structure containing the incoming packet. - * @param opt - Returns a crypto options structure with the appropriate security - * parameters to handle the packet if it is a data channel packet. - * @param ad_start - Returns a pointer to the start of the authenticated data of + * @param[in] from The source address of the packet. + * @param[in] buf buffer structure containing the incoming packet. + * @param[out] opt Returns a crypto options structure with the appropriate + security parameters to handle the packet if it is a data channel packet. + * @param[in] floated Set whether the peer is allowed to have floated. + * @param[out] ad_start Returns a pointer to the start of the authenticated data * of this packet * * @return diff --git a/src/openvpn/ssl_backend.h b/src/openvpn/ssl_backend.h index a6a9695..581e6ca 100644 --- a/src/openvpn/ssl_backend.h +++ b/src/openvpn/ssl_backend.h @@ -241,6 +241,8 @@ * a string containing the information in the case * of inline files. * @param pkcs12_file_inline True if pkcs12_file is an inline file. + * @param load_ca_file True if CAs from the file should be added to + * the cert store and be trusted. * * @return 1 if an error occurred, 0 if parsing was * successful. @@ -313,6 +315,9 @@ * inline files. * @param ca_file_inline True if ca_file is an inline file * @param ca_path The path to load the CAs from + * @param tls_server True if we are the server side of the TLS + * connection and should use the CA for verifying + * client certificates */ void tls_ctx_load_ca(struct tls_root_ctx *ctx, const char *ca_file, bool ca_file_inline, const char *ca_path, bool tls_server); diff --git a/src/openvpn/ssl_ncp.h b/src/openvpn/ssl_ncp.h index 0bdb6a0..5d13327 100644 --- a/src/openvpn/ssl_ncp.h +++ b/src/openvpn/ssl_ncp.h @@ -66,7 +66,10 @@ * Make sure to call tls_session_update_crypto_params() after calling this * function. * - * @param gc gc arena that is ONLY used to allocate the returned string + * @param server_list Our own cipher list + * @param peer_info Peer information + * @param remote_cipher Fallback cipher, ignored if peer sent \c IV_CIPHERS + * @param gc gc arena that is used to allocate the returned string * * @returns NULL if no common cipher is available, otherwise the best common * cipher diff --git a/src/openvpn/ssl_pkt.c b/src/openvpn/ssl_pkt.c index 689cd7f..e573859 100644 --- a/src/openvpn/ssl_pkt.c +++ b/src/openvpn/ssl_pkt.c @@ -295,8 +295,8 @@ /* * This function is similar to tls_pre_decrypt, except it is called * when we are in server mode and receive an initial incoming - * packet. Note that we don't modify - * any state in our parameter objects. The purpose is solely to + * packet. Note that we don't modify any state in our parameter + * objects except state. The purpose is solely to * determine whether we should generate a client instance * object, in which case true is returned. * diff --git a/src/openvpn/ssl_pkt.h b/src/openvpn/ssl_pkt.h index b2c4b37..d5a5a2c 100644 --- a/src/openvpn/ssl_pkt.h +++ b/src/openvpn/ssl_pkt.h @@ -109,10 +109,6 @@ struct session_id server_session_id; }; -/** - * - * @param state - */ void free_tls_pre_decrypt_state(struct tls_pre_decrypt_state *state); /** @@ -137,10 +133,11 @@ * * This function is only used in the UDP p2mp server code path * - * @param tas - The standalone TLS authentication setting structure for + * @param[in] tas The standalone TLS authentication setting structure for * this process. - * @param from - The source address of the packet. - * @param buf - A buffer structure containing the incoming packet. + * @param[out] state The state struct to store information in. + * @param[in] from The source address of the packet. + * @param[in] buf buffer structure containing the incoming packet. * * @return * @li True if the packet is valid and a new VPN tunnel should be created diff --git a/src/openvpn/ssl_util.h b/src/openvpn/ssl_util.h index 71a37d4..25f169c 100644 --- a/src/openvpn/ssl_util.h +++ b/src/openvpn/ssl_util.h @@ -39,6 +39,7 @@ * * @param peer_info The peer's peer_info * @param var The variable *including* =, e.g. IV_CIPHERS= + * @param gc GC arena to allocate return value in * * @return The content of the variable as NULL terminated string or NULL if the * variable cannot be found. diff --git a/src/openvpn/tls_crypt.h b/src/openvpn/tls_crypt.h index ffb1f2a..367ae39 100644 --- a/src/openvpn/tls_crypt.h +++ b/src/openvpn/tls_crypt.h @@ -206,6 +206,7 @@ * @param buf Buffer containing a received P_CONTROL_HARD_RESET_CLIENT_V3 * message. * @param ctx tls-wrap context to be initialized with the client key. + * @param opt TLS options, used for \c tls-crypt-v2-verify script. * * @returns true if a key was successfully extracted. */