From patchwork Tue Jan 14 12:34:22 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "stipa (Code Review)" X-Patchwork-Id: 4051 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:b7cb:b0:5e7:b9eb:58e8 with SMTP id en11csp2209478mab; Tue, 14 Jan 2025 04:34:47 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCX6e9eDbuPgmubO0bu82y2BzUHxTLYo6JxxksUReenXn3Vdg7BaQIZL4dEffh5H3nJcCVMJFliM4c4=@openvpn.net X-Google-Smtp-Source: AGHT+IGQe4o8y3g24/NjJH0iXJuZF/G903dd/78yFMZIIH2oFoi2OEIDR6rSJoH1odiIgV44ZhFl X-Received: by 2002:a05:6808:4493:b0:3ea:4e71:1cfa with SMTP id 5614622812f47-3ef2ee37319mr16663556b6e.36.1736858086883; Tue, 14 Jan 2025 04:34:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1736858086; cv=none; d=google.com; s=arc-20240605; b=QCn+wvzutKMbeBPlbpQRgxa4B8h0PxospN/V7YxZ9f8OD+NYJoHXKG996BRYx809Ed nIHVBIRWD0HrR9Q3CX3bEAeaQdMr3Qy/ePGlX2RMMA1THMaoy+D7/s9piHlFZA182Hoh DoADKUcHSBSMUvqYbGdTVKs6zdDYuMhVx3Ktx+t3PwQbVt2cIrJRvoWdQe0b7JOKUbFJ af/IHYXPps7ub6WNWs+5+WoN9dU/D/DSlPUkoTwowZvPg6Z6ujkdg7kfgvRgGZQ7Sj8u y6YqoOgytwgr2miUTOO+1FMd5pTp62jwOjz8Hs6782PTMgAVXYTdRJAa1CFBzsm7f7SC toCw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=J+koU82tEjxlm+3vVOUm0AFcg0EmsFQuziYEhJ5HRhY=; fh=GFP4qDxgyJ2WEPo/oeLZg3Mj4NqvY1j2nTvTt7psNwg=; b=XATmOIZ/O9Sj4fk5TCvvOrdFlug3FkuQm9CSoIP9v+pmhTRnY4pbIyyXBeNw041QnI f6v9cgn807NqhPBayZI2g6aE7N8dtbzF8s/YUBgNJ3AgT21qoH869ou6BYpFvyliVw/D MFf2kK4cuWWw+9chvApU1rV33abxcCALuFtf8Ch7Z7iTXguMP780Y9fVpHv4RuGTr6u+ V6GvzQRI3fqyW51lg9QPGwFQI7Cn9Eh+SiKR70BhR+STxKsMePRBhGsaGuIwdMBqb+yC qdsIHcVyNF5XIWAJXFtO33uUTJNFWGA8+HpR+zbqiq9toA0tRy7k+piXnzy8Y/U3/ooW ZcJw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="LqpOi/R9"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=DzqeQrf5; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=O+l9Nh1d; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 5614622812f47-3f037a8332fsi8346190b6e.243.2025.01.14.04.34.46 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 14 Jan 2025 04:34:46 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="LqpOi/R9"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=DzqeQrf5; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=O+l9Nh1d; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1tXg7y-0003U6-2r; Tue, 14 Jan 2025 12:34:37 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tXg7w-0003U0-JC for openvpn-devel@lists.sourceforge.net; Tue, 14 Jan 2025 12:34:36 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=oeSSmW69Qj1HiZzKRnDvrKFc29x2RWU45FL0CvEd2II=; b=LqpOi/R9nMhgZjndyRULF2W3PP q1mNT7nGh0J+qyDRtIBETIVA7IMbPlsS+4BAgJ5aKkFLBBPUKlKp3svHLNZgpaJOd6JASk8VzRqdO ijGIvYVk2bXS0Igdi7hhJvvMfa/ZzWhi6bUEgMMqD5S91IDFrUsu4ZN0d+kHXj/UaRyI=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=oeSSmW69Qj1HiZzKRnDvrKFc29x2RWU45FL0CvEd2II=; b=D zqeQrf5mp1vNU6v9LMe2J7E2Z1Y/z1MoWxjfapSVJQCwbFYjdmL9YX3uoU72bg0YP9nxj5cm3RfWd +NFAHZC1lgHgu3dYWHtYvyU5IJ+1AuwCjxNk3hQzmA5jSLwtJVoKvfqmJXED/Tz2fdjE0BER/Pjqz n7clzqqYtgOpoGBY=; Received: from mail-wr1-f49.google.com ([209.85.221.49]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1tXg7u-0001W0-Lv for openvpn-devel@lists.sourceforge.net; Tue, 14 Jan 2025 12:34:35 +0000 Received: by mail-wr1-f49.google.com with SMTP id ffacd0b85a97d-3863703258fso3985377f8f.1 for ; Tue, 14 Jan 2025 04:34:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1736858063; x=1737462863; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=oeSSmW69Qj1HiZzKRnDvrKFc29x2RWU45FL0CvEd2II=; b=O+l9Nh1d8mdSemw9zfs8Iif4T8sf6XtpnRY1CwbIeL9heHd6n/7hSa7kkvR0Uemaru tAMfwzNz10XdZ8KkRnmu4YA+N/wkLEHPEwmqcUdE669+7pSOzmwU4jxKTfDHTSXjlg8y WzlA0O7RsjhDZJtTzaZ2ZZv3cSLCl13TQOirV6hHQLFTwB+xBMVwmK3Ar9Ct2rEzL3fn cy4JX46rsqXqkJXME9mYI7GR3WrrgdrUhl58NBFefhxFU3j0Sr1V+5G779vtosXbyBMF ddyHoNDuKCK5s6VGMVV7OdAg1W9MjDLV7Z6gY1OeyjGW881Ews9Bx0vETx3H80hDOUOV sbGQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736858063; x=1737462863; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=oeSSmW69Qj1HiZzKRnDvrKFc29x2RWU45FL0CvEd2II=; b=RV5QfGfbwXQNAFlBLT+XHKIAB/pk23g5IRuFZTkHrHqPQuMnzADRH6ftBGuo5OfvyT gEX2PxscmpVE7RuliAmkaSwrkBbs7mJBYY/4E5Y0Sx5ZcrCXr5h+93BoliCnDrnMymA1 ZxO/fqnb6KYv+hpCOdwcxNLKEsEcBE/5oQSUHWunARKuhb9rMolfIMq06qoJGY76uw3p C/Go1sWMBhNPHAMDhVpQx7SCjdcRr7bcq2LT9i4P4MiDAYRwMpzWig9pm2mj2jKhtnTP NDIfj0TEt8jkp/M3LdijBeKzVOjdtyFBtjwkfjDG0tmpck27D0Xyr/nOhZ78PTkKEiUj dPxg== X-Gm-Message-State: AOJu0Yz1Ih2ddZqGm1eXISPe+6bixrp15oOfU9pwJid+TeJsmr1pp7OB n7W1es4AyKBBjrkbtY6ezB8/W/EPDgbvO54i2prnPe+MoA5NUBfVp7J8S2hg76Q= X-Gm-Gg: ASbGnct6+dbSum2XMLGM3xMm1Ubu9wUR9saCGKDk8hx31ddPL96EeFk15HkkT9kxr/Y 3KL0s2Rky16j2mYExEb1qXT+G+3kG0kyo4K9nqisKhK1t9ZLzKfEQBonYHFpzOBzJ4qGSkxeeN8 7LW/C16jnlFaPIDfXcRrDU8TEsCCGnXeFxti9ss3MwfCqAOFcVHYr1LTSG8Rgne4zUOsO0COXux 8N2u0CHNW+Ynd1773+u/QPV2VGE7nWLUId3TXfgoq4YQ5wwAygS1FkNfTVLbSyjU6n4iXxn3jZ/ vBIc86vq0J6h1UJuilYHCSxnW1zgkMkXG/0znPnCMhI342t9 X-Received: by 2002:adf:9d89:0:b0:38a:906e:16d0 with SMTP id ffacd0b85a97d-38a906e1826mr11879748f8f.21.1736858063057; Tue, 14 Jan 2025 04:34:23 -0800 (PST) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-436e2da66fcsm210434895e9.6.2025.01.14.04.34.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Jan 2025 04:34:22 -0800 (PST) From: "flichtenheld (Code Review)" X-Google-Original-From: "flichtenheld (Code Review)" X-Gerrit-PatchSet: 1 Date: Tue, 14 Jan 2025 12:34:22 +0000 To: plaisthos Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: Ifa06a3cb843dbf6a9639164d12aabe572aab162c X-Gerrit-Change-Number: 860 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: 66c6ffa2c4264074a48f360fc15281d9e1a25c94 References: Message-ID: <4ebb2404ad86ec3d03d8fb9960aca0f016ce8cb1-HTML@gerrit.openvpn.net> MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -2.0 (--) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: plaisthos. Hello plaisthos, I'd like you to do a code review. Please visit Content analysis details: (-2.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.221.49 listed in list.dnswl.org] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.221.49 listed in bl.score.senderscore.com] 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.221.49 listed in sa-accredit.habeas.com] -1.8 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.221.49 listed in wl.mailspike.net] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Headers-End: 1tXg7u-0001W0-Lv Subject: [Openvpn-devel] [M] Change in openvpn[master]: ssl_openssl: Clean up unused functions and add missing "static" X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: frank@lichtenheld.com, arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1821227705110398400?= X-GMAIL-MSGID: =?utf-8?q?1821227705110398400?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: plaisthos. Hello plaisthos, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/860?usp=email to review the following change. Change subject: ssl_openssl: Clean up unused functions and add missing "static" ...................................................................... ssl_openssl: Clean up unused functions and add missing "static" Just some misc cleanups found while looking at the code. Change-Id: Ifa06a3cb843dbf6a9639164d12aabe572aab162c Signed-off-by: Frank Lichtenheld --- M src/openvpn/ssl_backend.h M src/openvpn/ssl_mbedtls.c M src/openvpn/ssl_openssl.c 3 files changed, 5 insertions(+), 50 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/60/860/1 diff --git a/src/openvpn/ssl_backend.h b/src/openvpn/ssl_backend.h index a6a9695..e25727f 100644 --- a/src/openvpn/ssl_backend.h +++ b/src/openvpn/ssl_backend.h @@ -529,12 +529,12 @@ * ***************************************/ -/* +/** * Print a one line summary of SSL/TLS session handshake. */ void print_details(struct key_state_ssl *ks_ssl, const char *prefix); -/* +/** * Show the TLS ciphers that are available for us to use in the * library depending on the TLS version. This function prints * a list of ciphers without headers/footers. @@ -549,17 +549,11 @@ const char *tls_cert_profile, bool tls13); -/* +/** * Show the available elliptic curves in the crypto library */ void show_available_curves(void); -/* - * The OpenSSL library has a notion of preference in TLS ciphers. Higher - * preference == more secure. Return the highest preference cipher. - */ -void get_highest_preference_tls_cipher(char *buf, int size); - /** * return a pointer to a static memory area containing the * name and version number of the SSL library in use diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c index 56eef36..92b52fe 100644 --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c @@ -1585,20 +1585,6 @@ } } -void -get_highest_preference_tls_cipher(char *buf, int size) -{ - const char *cipher_name; - const int *ciphers = mbedtls_ssl_list_ciphersuites(); - if (*ciphers == 0) - { - msg(M_FATAL, "Cannot retrieve list of supported SSL ciphers."); - } - - cipher_name = mbedtls_ssl_get_ciphersuite_name(*ciphers); - strncpynt(buf, cipher_name, size); -} - const char * get_ssl_library_version(void) { diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index 98eba9d..89d0328 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -354,7 +354,7 @@ return true; } -void +static void convert_tls_list_to_openssl(char *openssl_ciphers, size_t len, const char *ciphers) { /* Parse supplied cipher list and pass on to OpenSSL */ @@ -461,7 +461,7 @@ } } -void +static void convert_tls13_list_to_openssl(char *openssl_ciphers, size_t len, const char *ciphers) { @@ -2638,31 +2638,6 @@ #endif /* ifndef OPENSSL_NO_EC */ } -void -get_highest_preference_tls_cipher(char *buf, int size) -{ - SSL_CTX *ctx; - SSL *ssl; - const char *cipher_name; - - ctx = SSL_CTX_new(SSLv23_method()); - if (!ctx) - { - crypto_msg(M_FATAL, "Cannot create SSL_CTX object"); - } - ssl = SSL_new(ctx); - if (!ssl) - { - crypto_msg(M_FATAL, "Cannot create SSL object"); - } - - cipher_name = SSL_get_cipher_list(ssl, 0); - strncpynt(buf, cipher_name, size); - - SSL_free(ssl); - SSL_CTX_free(ctx); -} - const char * get_ssl_library_version(void) {