In the attempt of adhering to the C99 standard as much as possible,
ensure that all the function declarations with no parameter contain
the "void" keyword[1].
Defects identified with sparse[2].
[1] ISO/IEC 9899:1999 spec, TC3 - section 6.7.5.3
[1] https://sparse.wiki.kernel.org/index.php/Main_Page
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20170811090744.31750-2-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15203.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
In tls_ctx_load_ecdh_params() the SSL_CTX_get0_privatekey() function
is invoked only when "OPENSSL_VERSION_NUMBER >= 0x10002000L" and
curve_name is NULL.
However, under the very same conditions the code flow will
lead to an earlier return, thus never reaching the invocation of
SSL_CTX_get0_privatekey().
Restructure the surrounding code in order to make the if/else
block a bit easier to read and get rid of the unreachable
invocation.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
Acked-by: Steffan Karger <steffan@karger.me>
Message-Id: <20170809074237.31291-1-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15186.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
The init_random_seed() function is only used by the init_static() in
init.c. As this function was pretty basic and it is only being called
once, it was merged into init_static() instead of keeping it as a separate
function.
(I agree that calling functions often makes the code more readable, but
I would rather see that as a part of cleaning up the whole init_static()
function - in fact when moving all "unit tests" in init_static() to cmocka,
it will not be too bad in the end.)
Signed-off-by: David Sommerseth <davids@openvpn.net>
Acked-by: Steffan Karger <steffan@karger.me>
Message-Id: <20170725150723.14919-1-davids@openvpn.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15136.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
V2: Print also curve details, add missing ifdef
V3: Goto err instead of using M_FATAL, format fixes, use
EC_GROUP_get_curve_name + OBJ_nid2sn instead of ECPKParameters_print, add
compat headers for 1.0.2
V4: Formatting changes and change M_ERR to M_WARN
Acked-by: Steffan Karger <steffan@karger.me>
Message-Id: <1500828336-30314-1-git-send-email-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15124.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
This patch does not introduce any functional or behavioural change.
The code in ntlm.c has been restyled to better to obey to the
new coding style and its readability has been a improved a bit.
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Steffan Karger <steffan@karger.me>
Message-Id: <20170710043441.24770-5-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15028.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
The gen_md4_hash() function is receiving as first argument a buffer
that is filled by a function invoked when evaluating the second
argument.
Although this is proper C, it makes the call invocation a bit obscure
because it is not immediately easy to grasp how the 'pwbuf' buffer is
filled.
Unroll the multiple function call onto lines and make the core more
readable.
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Steffan Karger <steffan@karger.me>
Message-Id: <20170710043441.24770-4-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15030.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
Several binary buffers in the ntlm component are stored
as char *, however this generates a lot of warnings, because
hashing functions expect something unsigned.
Convert binary buffers to uint8_t *, while use explicit cast
for buffers that are really carrying a string inside.
This commit removes several warnings from ntlm.c that you can
catch with "-Wall -std=c99".
[DS: Done minor typo-fixes in commit message at commit time]
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Steffan Karger <steffan@karger.me>
Message-Id: <20170710043441.24770-2-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15032.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
The write_pid() function is only used in openvpn.c, so no
need to have that in the misc.[ch] mixed bag.
[on-the-fly change: Added #include "platform.h"]
Signed-off-by: David Sommerseth <davids@openvpn.net>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20170725145718.13175-1-davids@openvpn.net>
URL: https://www.mail-archive.com/search?l=mid&q=20170725145718.13175-1-davids@openvpn.net
Signed-off-by: David Sommerseth <davids@openvpn.net>
Avoid including the content of tls_crypt.h when --disable-crypto
is used, as it will trigger some warnings due to missing
structures declarations.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
Acked-by: Steffan Karger <steffan@karger.me>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <20170707102238.8781-1-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15014.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
With the introduction of the wait_for_push field in the auth_user_pass
structure, we have to make sure that such field is not accidentally
erased when the management asks the user for user/pass.
Erasing such field would mess up the logic introduced by
("Ignore auth-nocache for auth-user-pass if auth-token is pushed").
Thanks to David Sommerseth for the preliminary analysis and debugging.
Reported-by: Steven Haigh <netwiz@crc.id.au>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Tested-by: Steven Haigh <netwiz@crc.id.au>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <20170707140108.31612-1-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15015.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
- fix typ0 in message: NLSMG -> NLMSG
- use strerror() to print a human readable message
- don't print error message if error is ENETUNREACH: it means no route
found
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20170720082338.1302-1-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15101.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
openvpn_sleep() is basically "service the management interface for x
seconds, then return". Therefore, manage.c is a more suitable location
than the random collection of unrelated stuff called misc.c.
(I think we should find a better place for everything currently in misc.c,
and get rid of it all together. This patch is part of that effort.)
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1500566435-29920-1-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15109.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This function was only called in string format functions, which already
copy the contents, so all this ever did was adding redundant malloc() and
free() calls.
Also, this wasn't as thread-safe as it claims: another thread could still
change the string value between the strerror() and buf_printf() calls. So,
instead of a not needed false sense of thread-safeness, just be honest and
use strerror() directly.
(I think we should find a better place for everything currently in misc.c,
and get rid of it all together. In this case, the better place is
/dev/null. This patch is part of that effort.)
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1500550740-24773-1-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15105.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
In order to improve code readability it is better to unwrap
multiple function calls onto multiple lines.
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20170712043002.11083-1-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15041.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
The argument passed to my_strupr() is converted to an upper case
string by means of toupper(). The latter expects a single signed int
as argument, therefore it makes sense to have my_strupr() take a
signed argument too and avoid an explicit and an implicit cast.
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20170710043441.24770-3-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15031.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
when passing the M_ERRNO flag to msg(), the latter will already
print the errno message (in a form of a string and number) for us,
hence there is no need to explicitly print it a second time.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20170713080527.13299-2-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15057.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
the msg() function will print the errno for us when
provided with the M_ERRNO flag.
Therefore, don't bother printing errno explicitly and always
pass M_ERRNO to msg().
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20170713080527.13299-1-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15056.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Because of the way we re-use the options parser for both config files and
pushed options, we always update the local options state when we accept an
option. This resulted in a pushed cipher being rejected the first time it
was pushed, but being accepted the second time.
This patch is a minimal way to resolve this issue in the master and
release/2.4 branches. I'll send a more invasive patch for master, to
reset the entire options state on reconnects, later.
Trac: #906
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20170627222029.26623-1-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14984.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
For unknown reason, the writer of the compat layer seemed to think that
this function was only present in OpenSSL 1.1. This is not the case at
all, since it has been introduced in OpenSSL before version 0.9.8.
Thus, there is no need to add this function to the compat layer, and it
can be safely removed.
Signed-off-by: Emmanuel Deloget <logout@free.fr>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20170629142119.29502-2-logout@free.fr>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14988.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
For unknown reason, the writer of the compat layer seemed to think that
this function was only present in OpenSSL 1.1. This is not the case at
all, since it has been introduced in OpenSSL before version 0.9.8.
Thus, there is no need to add this function to the compat layer, and it
can be safely removed.
Signed-off-by: Emmanuel Deloget <logout@free.fr>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20170629142119.29502-1-logout@free.fr>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14989.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
misc.c is a mess of incoherent functions, and is therefore included by
virtually all our source files. That makes testing harder than it should
be. As a first step of cleaning up misc.c, move adjust_power_of_2() to
integer.h, which is a more suitable place for a function like this.
This allows us to remove the duplicate implementation from test_argv.c.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <20170621211043.6490-1-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14940.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
In older OpenSSL, the key and iv arguments of EVP_CipherInit_ex() were not
const, which meant that our API could not be const either. Since we
dropped support for OpenSSL 0.9.8, we can now fix our internal API.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <1497873065-2229-1-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14881.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
OpenSSL 1.1 does not allow MD5 signed certificates by default anymore.
This can be enabled again by settings tls-cipher "DEFAULT:@SECLEVEL=0" but
only if the cipher list is set before loading the certificates. This patch
changes the order of loading.
Acked-by: Christian Hesse <list@eworm.de>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1498475606-8337-1-git-send-email-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14961.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
