From patchwork Tue Jan 14 16:49:38 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4060 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:b7cb:b0:5e7:b9eb:58e8 with SMTP id en11csp2353183mab; Tue, 14 Jan 2025 08:49:57 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCX0zLK6IoQsZ5MPaDiXnNVcz45VSbzzKv4j6ekeBStvWisL41kIrEj2jFj3DYiSlFJblS6U6mlkvJU=@openvpn.net X-Google-Smtp-Source: AGHT+IGa6G8x9FDyEcu0Vqvs/Efhzq3xeah9AXJVIUKKuv330ZCSDSG0rPdDcF/JxzjoYNAjvFeM X-Received: by 2002:a05:6808:2023:b0:3eb:428b:fa5a with SMTP id 5614622812f47-3ef2ee372d4mr17490714b6e.37.1736873397419; Tue, 14 Jan 2025 08:49:57 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1736873397; cv=none; d=google.com; s=arc-20240605; b=OK4Z/vO8OxX3RCQY9iRcTVtqD8oOLfkBl5VAxm6rdbCv0AMrCK5dFwPZvAZi4Zz+PA Ut+8p/mebvC1lvuIhlGZItkgqbetdleLXsjFqpUtzA3hKKTsxNZrVXn/ypVRGx0FIU8a fX2FLqToNmEaNMPMs6rKK2dxUW1CMr5WR7loA3KRmCeNiBgvqMUv0rJ5/hg7YjsDZmGl +DiRQW6cwRU0PBy2Zi+zglrBRbYqFLKPlzubQi2qkKLPSjH+f1w2R/WzRCxjh2OyAuh7 BdJVLohOu6YbPAQXct0pgPpVI3CbawQ64RUTOw/PMlyVGiqG4qvSlDVkEhqrba2NuVv5 iFYw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=lvKqwxdv/OtgnegEbhGEpNzJigQ60q1yd0lf1TA88hs=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=Bd0FFt22MjB57Wgm+NdsyggUrM66JnZeWuNgqScD3e1x2LDAmEJ6Ai7euHiX50i1zP hhSSM9TnAQzevKEDg9zyTyNsWbmI1gUh5PWz/S80Uc2ijW1PDw1DUmvGbWJxp3MqkReI RydQxnYQxYx8W2F24Ml49omA/4287e5YKsu6d+WpWs92zZmCTr7g5GQDCcwYxUap6Y4J LaJ5n0VQwwtT/yqFyA9ma89we0ffEI6dkvr5nn4q7/87NW8zfrWPNlX4YzNHJOOSCBAs 5mKXKLl1zdbyMcjPwmJjbs7u9HxARRqupZXXvits6oADZ8ITILeL9r6I34Tf7dsIaulQ zTMA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=XqTjh7Ww; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=O7TKV8qZ; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 5614622812f47-3f037a7767asi8723152b6e.195.2025.01.14.08.49.57 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 14 Jan 2025 08:49:57 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=XqTjh7Ww; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=O7TKV8qZ; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1tXk6z-00066o-Co; Tue, 14 Jan 2025 16:49:53 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tXk6y-00066d-F9 for openvpn-devel@lists.sourceforge.net; Tue, 14 Jan 2025 16:49:52 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=zINfLvihVSztSG9HvSaD85JczG5ea4rEc2Yn9QNgEz8=; b=XqTjh7WwMxtNP0/lyHNHpbO4uo L16qiVsTC5uOebbbwH3jPwuJiXoZg+y3/kseplWFfE9EW1D/73Ya8qsxn4xY5tyOy08R/mmcpfuPx /0aXgQ71G8u8Ndlo7a6KQj5ZW57jcVuSjkaxV49LRhiVSmn3Eh19Ym9O/z+W1Y2pQC7U=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=zINfLvihVSztSG9HvSaD85JczG5ea4rEc2Yn9QNgEz8=; b=O7TKV8qZR5/ybvoXBWy5BS6ohD n2bHeJ+wQXlfO6uazRDUjelUJaoyU10M8iE0zEzeBJd9t2StAUVosUh82gyep3moKsYgr1pn83FE4 eFK/6L9p0IMdq7vXTz9ieCtEoYpMEQMgXDHiqMqMFT0JTYXSYNmrEcV8t/oVk5b0gJB8=; Received: from dhcp-174.greenie.muc.de ([193.149.48.174] helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1tXk6w-0000kC-TN for openvpn-devel@lists.sourceforge.net; Tue, 14 Jan 2025 16:49:52 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 50EGndc6012838 for ; Tue, 14 Jan 2025 17:49:39 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 50EGndvJ012837 for openvpn-devel@lists.sourceforge.net; Tue, 14 Jan 2025 17:49:39 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Tue, 14 Jan 2025 17:49:38 +0100 Message-ID: <20250114164938.12828-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.45.2 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 0.0 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Frank Lichtenheld Just some misc cleanups found while looking at the code. Change-Id: Ifa06a3cb843dbf6a9639164d12aabe572aab162c Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering --- Content analysis details: (0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.149.48.174 listed in bl.score.senderscore.com] 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.149.48.174 listed in sa-accredit.habeas.com] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1tXk6w-0000kC-TN Subject: [Openvpn-devel] [PATCH v1] ssl_openssl: Clean up unused functions and add missing "static" X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1821243759559809115?= X-GMAIL-MSGID: =?utf-8?q?1821243759559809115?= From: Frank Lichtenheld Just some misc cleanups found while looking at the code. Change-Id: Ifa06a3cb843dbf6a9639164d12aabe572aab162c Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/860 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/src/openvpn/ssl_backend.h b/src/openvpn/ssl_backend.h index a6a9695..e25727f 100644 --- a/src/openvpn/ssl_backend.h +++ b/src/openvpn/ssl_backend.h @@ -529,12 +529,12 @@ * ***************************************/ -/* +/** * Print a one line summary of SSL/TLS session handshake. */ void print_details(struct key_state_ssl *ks_ssl, const char *prefix); -/* +/** * Show the TLS ciphers that are available for us to use in the * library depending on the TLS version. This function prints * a list of ciphers without headers/footers. @@ -549,17 +549,11 @@ const char *tls_cert_profile, bool tls13); -/* +/** * Show the available elliptic curves in the crypto library */ void show_available_curves(void); -/* - * The OpenSSL library has a notion of preference in TLS ciphers. Higher - * preference == more secure. Return the highest preference cipher. - */ -void get_highest_preference_tls_cipher(char *buf, int size); - /** * return a pointer to a static memory area containing the * name and version number of the SSL library in use diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c index 56eef36..92b52fe 100644 --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c @@ -1585,20 +1585,6 @@ } } -void -get_highest_preference_tls_cipher(char *buf, int size) -{ - const char *cipher_name; - const int *ciphers = mbedtls_ssl_list_ciphersuites(); - if (*ciphers == 0) - { - msg(M_FATAL, "Cannot retrieve list of supported SSL ciphers."); - } - - cipher_name = mbedtls_ssl_get_ciphersuite_name(*ciphers); - strncpynt(buf, cipher_name, size); -} - const char * get_ssl_library_version(void) { diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index 98eba9d..89d0328 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -354,7 +354,7 @@ return true; } -void +static void convert_tls_list_to_openssl(char *openssl_ciphers, size_t len, const char *ciphers) { /* Parse supplied cipher list and pass on to OpenSSL */ @@ -461,7 +461,7 @@ } } -void +static void convert_tls13_list_to_openssl(char *openssl_ciphers, size_t len, const char *ciphers) { @@ -2638,31 +2638,6 @@ #endif /* ifndef OPENSSL_NO_EC */ } -void -get_highest_preference_tls_cipher(char *buf, int size) -{ - SSL_CTX *ctx; - SSL *ssl; - const char *cipher_name; - - ctx = SSL_CTX_new(SSLv23_method()); - if (!ctx) - { - crypto_msg(M_FATAL, "Cannot create SSL_CTX object"); - } - ssl = SSL_new(ctx); - if (!ssl) - { - crypto_msg(M_FATAL, "Cannot create SSL object"); - } - - cipher_name = SSL_get_cipher_list(ssl, 0); - strncpynt(buf, cipher_name, size); - - SSL_free(ssl); - SSL_CTX_free(ctx); -} - const char * get_ssl_library_version(void) {