From patchwork Sat Mar 8 10:04:55 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4170 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:b9c6:b0:60a:d70a:d3c7 with SMTP id gh6csp1309291mab; Sat, 8 Mar 2025 02:05:21 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCWWq8WNknP+4ydyOjU+cpI/NHoVvXdHe57FV90W4lLJHzR+HnOGaDyxP5qMFIk79rzVUpQndSoLb64=@openvpn.net X-Google-Smtp-Source: AGHT+IEraHIdW7BRMGM3vLkqmkV9j4bTYnpFLnXbSG8/dDZ3woxpj4YcYaeu4HvW1WeKejUWwfdM X-Received: by 2002:a05:6830:4123:b0:727:3001:7f92 with SMTP id 46e09a7af769-72a37c6a180mr3857033a34.26.1741428321564; Sat, 08 Mar 2025 02:05:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1741428321; cv=none; d=google.com; s=arc-20240605; b=B4pza2oEjsWNTwZl5NB9XLruQu4wqYovG/F6BEGWZgrDO3fGLOnXPtsgB+lb2cFAEi hXCDH15crXklu0SyJUQ053ENu1vNx6VEkVeqQCu993PKINUPavowYU+EFi81npylQVEr y05xM1KQzjLfKxf1XBU3mdV7RqjDwbjesyHtO/L17xEPlE5LQljl4TBpCjEFTy1u5P9M 3xAwFKSGBzBF8VFgiOwRfOHEkwHsQNPsWDOEJFkkuDa2eEQ1pq01EwVts0NGEmKRWN0f kHWsSa+LmZpGjAJyxHBLs1T+JxNlb5Pri0QbkylrIN5FXmsaIUZtxgkyJ0r1f/q5nieC +evw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=fixE+j/a07uUEcRkgrDwJLAcPG0ynqIRX8OqvQtxiu4=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=fs4ymh93hqI0YD98u5sWkrisVOU4hBFM11jepmNMrcDiLuK8WD/AklNoZeEpg8Fexs fFdxK2/PA8UrEACy6dSvrqsEFvsNAWLe9Bsibhlr7sTXxMVOvKA9ynDG3YIf8QBG7JQy Q+WwxfZ0JMNpP6RqeA+QOmALL2tdQxZ1UTR6Sy5tSUOY1MJ3FQoelMbMu1jXl+QD3Kjt b4c3KSMhLEa+iaAjK5IBrKxbitO8gi9KYp1IZPuMVAqcmXLwkTNkZYM8hdzNZqb8EOUj MkvmmF0AtzI3VNCyEOZJUgz3N09oGAL9XJnyaDfG9WQl2tShfO5TnOuqeBfbBn3f1+zr 3quw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=kQXoRpRb; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=WD2Z9ZGZ; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-2c2488d24bbsi3889118fac.85.2025.03.08.02.05.21 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 08 Mar 2025 02:05:21 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=kQXoRpRb; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=WD2Z9ZGZ; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1tqr3V-00071a-0X; Sat, 08 Mar 2025 10:05:17 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tqr3T-00071M-7i for openvpn-devel@lists.sourceforge.net; Sat, 08 Mar 2025 10:05:15 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=gpuiHsrPZK+BiAB8nuvs72XxqKEkReg1z0++oagsRhA=; b=kQXoRpRbX3z0l5VhjBxViK73Ak 2i7Qp7Yv3NodpMUPe+B+XBnuHS1XaRFgQaxOJkWmm6l7IK/7GsSKfsdmTiwfoFJlBRmL6FRmx5zIc C8OfO2WUsF5DrHAKSwHOJaflc9AGpu0bzeECscswycVIydHWEbeX/fzVAijMnW29Em8Q=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=gpuiHsrPZK+BiAB8nuvs72XxqKEkReg1z0++oagsRhA=; b=WD2Z9ZGZIRjfOYoMd/INcPnIVW ZjYhCPjVlMFQaU4/aqHfuoIzpSwtjJzluI0wqtk19Y6sWh8u1nRf7QE/yWppgVtB+LK/98cQndfaD xed/pREYVx/JAY36Uw+1jSqncvwBkwLEGneLP2Efn+6dP7FmZwvlfxUnDOWSL0wBbp8c=; Received: from dhcp-174.greenie.muc.de ([193.149.48.174] helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1tqr3H-0001n1-Hf for openvpn-devel@lists.sourceforge.net; Sat, 08 Mar 2025 10:05:15 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 528A4uH3032393 for ; Sat, 8 Mar 2025 11:04:56 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 528A4uKs032392 for openvpn-devel@lists.sourceforge.net; Sat, 8 Mar 2025 11:04:56 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Sat, 8 Mar 2025 11:04:55 +0100 Message-ID: <20250308100456.32383-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.45.2 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 0.0 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Frank Lichtenheld Change-Id: Ia3b0f22b0049a111ce52b3c87dd08a843ea9a919 Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering --- Content analysis details: (0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.149.48.174 listed in bl.score.senderscore.com] 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.149.48.174 listed in sa-trusted.bondedsender.org] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1tqr3H-0001n1-Hf Subject: [Openvpn-devel] [PATCH v4] Remove various unused function parameters X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1826019943707249706?= X-GMAIL-MSGID: =?utf-8?q?1826019943707249706?= From: Frank Lichtenheld Change-Id: Ia3b0f22b0049a111ce52b3c87dd08a843ea9a919 Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/862 This mail reflects revision 4 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 8b94469..33ca2da 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -257,11 +257,11 @@ } else if (buf_string_match_head_str(buf, "INFO_PRE")) { - server_pushed_info(c, buf, 8); + server_pushed_info(buf, 8); } else if (buf_string_match_head_str(buf, "INFO")) { - server_pushed_info(c, buf, 4); + server_pushed_info(buf, 4); } else if (buf_string_match_head_str(buf, "CR_RESPONSE")) { diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 7ab9289..96333ab 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -1763,8 +1763,7 @@ } static void -multi_client_connect_setenv(struct multi_context *m, - struct multi_instance *mi) +multi_client_connect_setenv(struct multi_instance *mi) { struct gc_arena gc = gc_new(); @@ -2559,7 +2558,7 @@ /* do --client-connect setenvs */ multi_select_virtual_addr(m, mi); - multi_client_connect_setenv(m, mi); + multi_client_connect_setenv(mi); } /** @@ -2652,7 +2651,7 @@ */ multi_select_virtual_addr(m, mi); - multi_client_connect_setenv(m, mi); + multi_client_connect_setenv(mi); ret = CC_RET_SUCCEEDED; } @@ -2924,7 +2923,6 @@ multi_bcast(struct multi_context *m, const struct buffer *buf, const struct multi_instance *sender_instance, - const struct mroute_addr *sender_addr, uint16_t vid) { struct hash_iterator hi; @@ -3452,7 +3450,7 @@ if (mroute_flags & MROUTE_EXTRACT_MCAST) { /* for now, treat multicast as broadcast */ - multi_bcast(m, &c->c2.to_tun, m->pending, NULL, 0); + multi_bcast(m, &c->c2.to_tun, m->pending, 0); } else /* possible client to client routing */ { @@ -3504,8 +3502,7 @@ { if (mroute_flags & (MROUTE_EXTRACT_BCAST|MROUTE_EXTRACT_MCAST)) { - multi_bcast(m, &c->c2.to_tun, m->pending, NULL, - vid); + multi_bcast(m, &c->c2.to_tun, m->pending, vid); } else /* try client-to-client routing */ { @@ -3598,7 +3595,7 @@ if (mroute_flags & (MROUTE_EXTRACT_BCAST|MROUTE_EXTRACT_MCAST)) { /* for now, treat multicast as broadcast */ - multi_bcast(m, &m->top.c2.buf, NULL, NULL, vid); + multi_bcast(m, &m->top.c2.buf, NULL, vid); } else { @@ -3770,7 +3767,7 @@ for (i = 0; i < parm.n_packets; ++i) { - multi_bcast(m, &buf, NULL, NULL, 0); + multi_bcast(m, &buf, NULL, 0); } gc_free(&gc); diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 6b2dfa5..dbae3a6 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -2118,7 +2118,6 @@ parse_http_proxy_override(const char *server, const char *port, const char *flags, - const int msglevel, struct gc_arena *gc) { if (server && port) @@ -2287,7 +2286,7 @@ } static struct pull_filter * -alloc_pull_filter(struct options *o, const int msglevel) +alloc_pull_filter(struct options *o) { struct pull_filter_list *l = alloc_pull_filter_list(o); struct pull_filter *f; @@ -6299,7 +6298,7 @@ else if (streq(p[0], "http-proxy-override") && p[1] && p[2] && !p[4]) { VERIFY_PERMISSION(OPT_P_GENERAL); - options->http_proxy_override = parse_http_proxy_override(p[1], p[2], p[3], msglevel, &options->gc); + options->http_proxy_override = parse_http_proxy_override(p[1], p[2], p[3], &options->gc); if (!options->http_proxy_override) { goto err; @@ -7213,7 +7212,7 @@ { struct pull_filter *f; VERIFY_PERMISSION(OPT_P_GENERAL) - f = alloc_pull_filter(options, msglevel); + f = alloc_pull_filter(options); if (strcmp("accept", p[1]) == 0) { diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c index 404ea08..560db6f 100644 --- a/src/openvpn/proxy.c +++ b/src/openvpn/proxy.c @@ -573,8 +573,7 @@ static bool add_proxy_headers(struct http_proxy_info *p, socket_descriptor_t sd, /* already open to proxy */ - const char *host, /* openvpn server remote */ - const char *port /* openvpn server port */ + const char *host /* openvpn server remote */ ) { char buf[512]; @@ -694,7 +693,7 @@ goto error; } - if (!add_proxy_headers(p, sd, host, port)) + if (!add_proxy_headers(p, sd, host)) { goto error; } @@ -833,7 +832,7 @@ } /* send HOST etc, */ - if (!add_proxy_headers(p, sd, host, port)) + if (!add_proxy_headers(p, sd, host)) { goto error; } @@ -959,7 +958,7 @@ } /* send HOST etc, */ - if (!add_proxy_headers(p, sd, host, port)) + if (!add_proxy_headers(p, sd, host)) { goto error; } diff --git a/src/openvpn/push.c b/src/openvpn/push.c index 80f9065..914f520 100644 --- a/src/openvpn/push.c +++ b/src/openvpn/push.c @@ -226,8 +226,7 @@ void -server_pushed_info(struct context *c, const struct buffer *buffer, - const int adv) +server_pushed_info(const struct buffer *buffer, const int adv) { const char *m = ""; struct buffer buf = *buffer; @@ -259,7 +258,7 @@ gc_free(&gc); } - #endif +#endif msg(D_PUSH, "Info command was pushed by server ('%s')", m); } diff --git a/src/openvpn/push.h b/src/openvpn/push.h index 4a13327..6af0853 100644 --- a/src/openvpn/push.h +++ b/src/openvpn/push.h @@ -50,8 +50,7 @@ void receive_exit_message(struct context *c); -void server_pushed_info(struct context *c, const struct buffer *buffer, - const int adv); +void server_pushed_info(const struct buffer *buffer, const int adv); void receive_cr_response(struct context *c, const struct buffer *buffer); diff --git a/src/openvpn/route.c b/src/openvpn/route.c index bc41492..245b15b 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -1243,7 +1243,7 @@ { if (flags & ROUTE_DELETE_FIRST) { - delete_route_ipv6(r, tt, flags, es, ctx); + delete_route_ipv6(r, tt, es, ctx); } ret = add_route_ipv6(r, tt, flags, es, ctx) && ret; } @@ -1280,7 +1280,7 @@ struct route_ipv6 *r6; for (r6 = rl6->routes_ipv6; r6; r6 = r6->next) { - delete_route_ipv6(r6, tt, flags, es, ctx); + delete_route_ipv6(r6, tt, es, ctx); } rl6->iflags &= ~RL_ROUTES_ADDED; } @@ -2383,7 +2383,7 @@ void delete_route_ipv6(const struct route_ipv6 *r6, const struct tuntap *tt, - unsigned int flags, const struct env_set *es, + const struct env_set *es, openvpn_net_ctx_t *ctx) { const char *network; diff --git a/src/openvpn/route.h b/src/openvpn/route.h index 98ea79e..dda210a 100644 --- a/src/openvpn/route.h +++ b/src/openvpn/route.h @@ -280,7 +280,7 @@ bool add_route_ipv6(struct route_ipv6 *r, const struct tuntap *tt, unsigned int flags, const struct env_set *es, openvpn_net_ctx_t *ctx); -void delete_route_ipv6(const struct route_ipv6 *r, const struct tuntap *tt, unsigned int flags, const struct env_set *es, openvpn_net_ctx_t *ctx); +void delete_route_ipv6(const struct route_ipv6 *r, const struct tuntap *tt, const struct env_set *es, openvpn_net_ctx_t *ctx); bool add_route(struct route_ipv4 *r, const struct tuntap *tt, unsigned int flags, const struct route_gateway_info *rgi, const struct env_set *es, diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index 5b32885..630ffb4 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -2148,7 +2148,6 @@ establish_socks_proxy_udpassoc(sock->socks_proxy, sock->ctrl_sd, - sock->sd, &sock->socks_relay.dest, sock->server_poll_timeout, sig_info); @@ -3461,7 +3460,7 @@ #ifdef _WIN32 return link_socket_write_win32(sock, buf, to); #else - return link_socket_write_tcp_posix(sock, buf, to); + return link_socket_write_tcp_posix(sock, buf); #endif } diff --git a/src/openvpn/socket.h b/src/openvpn/socket.h index 2c33319..29311de 100644 --- a/src/openvpn/socket.h +++ b/src/openvpn/socket.h @@ -1172,8 +1172,7 @@ static inline ssize_t link_socket_write_tcp_posix(struct link_socket *sock, - struct buffer *buf, - struct link_socket_actual *to) + struct buffer *buf) { return send(sock->sd, BPTR(buf), BLEN(buf), MSG_NOSIGNAL); } diff --git a/src/openvpn/socks.c b/src/openvpn/socks.c index e280453..d2105cb 100644 --- a/src/openvpn/socks.c +++ b/src/openvpn/socks.c @@ -516,7 +516,6 @@ void establish_socks_proxy_udpassoc(struct socks_proxy_info *p, socket_descriptor_t ctrl_sd, /* already open to proxy */ - socket_descriptor_t udp_sd, struct openvpn_sockaddr *relay_addr, struct event_timeout *server_poll_timeout, struct signal_info *sig_info) diff --git a/src/openvpn/socks.h b/src/openvpn/socks.h index 5c4b4a1..d5658ee 100644 --- a/src/openvpn/socks.h +++ b/src/openvpn/socks.h @@ -57,7 +57,6 @@ void establish_socks_proxy_udpassoc(struct socks_proxy_info *p, socket_descriptor_t ctrl_sd, /* already open to proxy */ - socket_descriptor_t udp_sd, struct openvpn_sockaddr *relay_addr, struct event_timeout *server_poll_timeout, struct signal_info *sig_info); diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 439ce79..48f2a49 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -1676,7 +1676,7 @@ /* If dynamic tls-crypt has been negotiated, and we are on the * first session (key_id = 0), generate a tls-crypt key for the * following renegotiations */ - if (!tls_session_generate_dynamic_tls_crypt_key(multi, session)) + if (!tls_session_generate_dynamic_tls_crypt_key(session)) { return false; } @@ -2241,8 +2241,7 @@ } static void -export_user_keying_material(struct key_state_ssl *ssl, - struct tls_session *session) +export_user_keying_material(struct tls_session *session) { if (session->opt->ekm_size > 0) { @@ -2430,7 +2429,7 @@ if ((ks->authenticated > KS_AUTH_FALSE) && plugin_defined(session->opt->plugins, OPENVPN_PLUGIN_TLS_FINAL)) { - export_user_keying_material(&ks->ks_ssl, session); + export_user_keying_material(session); if (plugin_call(session->opt->plugins, OPENVPN_PLUGIN_TLS_FINAL, NULL, NULL, session->opt->es) != OPENVPN_PLUGIN_FUNC_SUCCESS) { diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c index e7d7ed6..1ac94fc 100644 --- a/src/openvpn/ssl_verify.c +++ b/src/openvpn/ssl_verify.c @@ -401,7 +401,7 @@ */ static void verify_cert_set_env(struct env_set *es, openvpn_x509_cert_t *peer_cert, int cert_depth, - const char *subject, const char *common_name, + const char *subject, const struct x509_track *x509_track) { char envname[64]; @@ -422,12 +422,6 @@ snprintf(envname, sizeof(envname), "tls_id_%d", cert_depth); setenv_str(es, envname, subject); -#if 0 - /* export common name string as environmental variable */ - snprintf(envname, sizeof(envname), "tls_common_name_%d", cert_depth); - setenv_str(es, envname, common_name); -#endif - /* export X509 cert fingerprints */ { struct buffer sha1 = x509_get_sha1_fingerprint(peer_cert, &gc); @@ -518,7 +512,7 @@ */ static result_t verify_cert_call_command(const char *verify_command, struct env_set *es, - int cert_depth, openvpn_x509_cert_t *cert, char *subject) + int cert_depth, char *subject) { int ret; struct gc_arena gc = gc_new(); @@ -744,8 +738,7 @@ } } /* export certificate values to the environment */ - verify_cert_set_env(opt->es, cert, cert_depth, subject, common_name, - opt->x509_track); + verify_cert_set_env(opt->es, cert, cert_depth, subject, opt->x509_track); /* export current untrusted IP */ setenv_untrusted(session); @@ -764,7 +757,7 @@ /* run --tls-verify script */ if (opt->verify_command && SUCCESS != verify_cert_call_command(opt->verify_command, - opt->es, cert_depth, cert, subject)) + opt->es, cert_depth, subject)) { goto cleanup; } @@ -1017,7 +1010,6 @@ */ static char * key_state_check_auth_failed_message_file(const struct auth_deferred_status *ads, - struct tls_multi *multi, struct gc_arena *gc) { char *ret = NULL; @@ -1201,8 +1193,8 @@ { struct gc_arena gc = gc_new(); const struct key_state *ks = get_primary_key(multi); - const char *plugin_message = key_state_check_auth_failed_message_file(&ks->plugin_auth, multi, &gc); - const char *script_message = key_state_check_auth_failed_message_file(&ks->script_auth, multi, &gc); + const char *plugin_message = key_state_check_auth_failed_message_file(&ks->plugin_auth, &gc); + const char *script_message = key_state_check_auth_failed_message_file(&ks->script_auth, &gc); if (plugin_message) { @@ -1286,7 +1278,7 @@ struct auth_deferred_status *status) { struct gc_arena gc = gc_new(); - const char *msg = key_state_check_auth_failed_message_file(status, multi, &gc); + const char *msg = key_state_check_auth_failed_message_file(status, &gc); if (msg) { auth_set_client_reason(multi, msg); @@ -1529,7 +1521,6 @@ static int verify_user_pass_management(struct tls_session *session, - struct tls_multi *multi, const struct user_pass *up) { int retval = KMDA_ERROR; @@ -1675,7 +1666,7 @@ #ifdef ENABLE_MANAGEMENT if (man_def_auth == KMDA_DEF) { - man_def_auth = verify_user_pass_management(session, multi, up); + man_def_auth = verify_user_pass_management(session, up); } #endif if (plugin_defined(session->opt->plugins, OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY)) diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c index 2e51c1d..eb7b03d 100644 --- a/src/openvpn/tls_crypt.c +++ b/src/openvpn/tls_crypt.c @@ -95,8 +95,7 @@ } bool -tls_session_generate_dynamic_tls_crypt_key(struct tls_multi *multi, - struct tls_session *session) +tls_session_generate_dynamic_tls_crypt_key(struct tls_session *session) { session->tls_wrap_reneg.opt = session->tls_wrap.opt; session->tls_wrap_reneg.mode = TLS_WRAP_CRYPT; diff --git a/src/openvpn/tls_crypt.h b/src/openvpn/tls_crypt.h index ffb1f2a..e98aae7 100644 --- a/src/openvpn/tls_crypt.h +++ b/src/openvpn/tls_crypt.h @@ -122,13 +122,11 @@ * * All renegotiations of a session use the same generated dynamic key. * - * @param multi multi session struct * @param session session that will be used for the TLS EKM exporter * @return true iff generating the key was successful */ bool -tls_session_generate_dynamic_tls_crypt_key(struct tls_multi *multi, - struct tls_session *session); +tls_session_generate_dynamic_tls_crypt_key(struct tls_session *session); /** * Returns the maximum overhead (in bytes) added to the destination buffer by diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index dbe3dfc..4817f45 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -1068,7 +1068,7 @@ r6.metric = 0; /* connected route */ r6.flags = RT_DEFINED | RT_ADDED | RT_METRIC_DEFINED; route_ipv6_clear_host_bits(&r6); - delete_route_ipv6(&r6, tt, 0, NULL, NULL); + delete_route_ipv6(&r6, tt, NULL, NULL); } #endif /* if defined(_WIN32) || defined(TARGET_DARWIN) || defined(TARGET_NETBSD) || defined(TARGET_OPENBSD) */ diff --git a/tests/unit_tests/openvpn/test_tls_crypt.c b/tests/unit_tests/openvpn/test_tls_crypt.c index 94cd0ee..ee252f4 100644 --- a/tests/unit_tests/openvpn/test_tls_crypt.c +++ b/tests/unit_tests/openvpn/test_tls_crypt.c @@ -241,7 +241,6 @@ struct gc_arena gc = gc_new(); - struct tls_multi multi = { 0 }; struct tls_session session = { 0 }; struct tls_options tls_opt = { 0 }; @@ -250,7 +249,7 @@ tls_opt.frame.buf.payload_size = 512; session.opt = &tls_opt; - tls_session_generate_dynamic_tls_crypt_key(&multi, &session); + tls_session_generate_dynamic_tls_crypt_key(&session); struct tls_wrap_ctx *rctx = &session.tls_wrap_reneg; @@ -272,7 +271,7 @@ memset(&session.tls_wrap.original_wrap_keydata.keys, 0x00, sizeof(session.tls_wrap.original_wrap_keydata.keys)); session.tls_wrap.original_wrap_keydata.n = 2; - tls_session_generate_dynamic_tls_crypt_key(&multi, &session); + tls_session_generate_dynamic_tls_crypt_key(&session); tls_crypt_wrap(&ctx->source, &rctx->work, &rctx->opt); assert_int_equal(buf_len(&ctx->source) + 40, buf_len(&rctx->work)); @@ -281,7 +280,7 @@ /* XOR should not force a different key */ memset(&session.tls_wrap.original_wrap_keydata.keys, 0x42, sizeof(session.tls_wrap.original_wrap_keydata.keys)); - tls_session_generate_dynamic_tls_crypt_key(&multi, &session); + tls_session_generate_dynamic_tls_crypt_key(&session); tls_crypt_wrap(&ctx->source, &rctx->work, &rctx->opt); assert_int_equal(buf_len(&ctx->source) + 40, buf_len(&rctx->work));