upstream/openvpn
1
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2026-05-28 04:03:29 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

uncrustify openvpn/ sources

Browse source 
There are an amazing number of brackets that were either
totally missing, or have snuck up on the "for(...){"
line.  Further, uncrustify wants "|" in multi-line
logical expressions now at the beginning of the new
line, and "PRIi64" now gets surrounding spaces.

Added "sp_after_semi_for_empty=Add" to uncrustify.conf
to leave a few for() statements alone that look better
the way they are.

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <20181130135641.11533-3-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17970.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
This commit is contained in:
Gert Doering 2018-11-30 14:56:41 +01:00 committed by David Sommerseth
parent a7b5993d9d
commit f57431cdc8
No known key found for this signature in database
GPG key ID: 86CF944C9671FDF2
53 changed files with 241 additions and 202 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
dev-tools/uncrustify.conf
View file

@ -60,6 +60,9 @@ mod_add_long_ifdef_else_comment=5
# Misc cleanup
mod_remove_extra_semicolon=true
# leave blank at end of empty for() statements
sp_after_semi_for_empty=Add
# Use C-style comments (/* .. */)
cmt_c_nl_end=true
cmt_star_cont=true

4
src/openvpn/block_dns.h
View file

@ -65,5 +65,5 @@ DWORD
set_interface_metric(const NET_IFINDEX index, const ADDRESS_FAMILY family,
const ULONG metric);
#endif
#endif
#endif /* ifndef OPENVPN_BLOCK_DNS_H */
#endif /* ifdef _WIN32 */

4
src/openvpn/buffer.c
View file

@ -312,7 +312,7 @@ openvpn_snprintf(char *str, size_t size, const char *format, ...)
/*
* openvpn_swprintf() is currently only used by Windows code paths
* and when enabled for all platforms it will currently break older
* and when enabled for all platforms it will currently break older
* OpenBSD versions lacking vswprintf(3) support in their libc.
*/
@ -474,7 +474,7 @@ x_gc_freespecial(struct gc_arena *a)
}
void
gc_addspecial(void *addr, void(free_function)(void *), struct gc_arena *a)
gc_addspecial(void *addr, void (free_function)(void *), struct gc_arena *a)
{
ASSERT(a);
struct gc_entry_special *e;

1
src/openvpn/buffer.h
View file

@ -458,6 +458,7 @@ __attribute__ ((format(__printf__, 3, 4)))
*/
bool
openvpn_swprintf(wchar_t *const str, const size_t size, const wchar_t *const format, ...);
/*
* Unlike in openvpn_snprintf, we cannot use format attributes since
* GCC doesn't support wprintf as archetype.

2
src/openvpn/console.h
View file

@ -21,7 +21,7 @@
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
*/
#ifndef CONSOLE_H
#define CONSOLE_H

10
src/openvpn/crypto.c
View file

@ -920,10 +920,12 @@ key_is_zero(struct key *key, const struct key_type *kt)
{
int i;
for (i = 0; i < kt->cipher_length; ++i)
{
if (key->cipher[i])
{
return false;
}
}
msg(D_CRYPT_ERRORS, "CRYPTO INFO: WARNING: zero key detected");
return true;
}
@ -1270,7 +1272,9 @@ read_key_file(struct key2 *key2, const char *file, const unsigned int flags)
{
in = buffer_read_from_file(file, &gc);
if (!buf_valid(&in))
{
msg(M_FATAL, "Read error on key file ('%s')", file);
}
size = in.len;
}
@ -1462,7 +1466,7 @@ write_key_file(const int nkeys, const char *filename)
buf_printf(&out, "%s\n", static_key_foot);
/* write key file, now formatted in out, to file */
if(!buffer_write_file(filename, &out))
if (!buffer_write_file(filename, &out))
{
nbits = -1;
}
@ -1692,7 +1696,9 @@ prng_reset_nonce(void)
{
int i;
for (i = 0; i < size; ++i)
{
nonce_data[i] = (uint8_t) i;
}
}
#endif
}
@ -1773,7 +1779,7 @@ void
print_cipher(const cipher_kt_t *cipher)
{
const char *var_key_size = cipher_kt_var_key_size(cipher) ?
" by default" : "";
" by default" : "";
printf("%s (%d bit key%s, ",
translate_cipher_name_to_openvpn(cipher_kt_name(cipher)),

5
src/openvpn/crypto.h
View file

@ -318,7 +318,7 @@ void free_key_ctx(struct key_ctx *ctx);
void init_key_ctx_bi(struct key_ctx_bi *ctx, const struct key2 *key2,
int key_direction, const struct key_type *kt,
const char *name);
const char *name);
void free_key_ctx_bi(struct key_ctx_bi *ctx);
@ -504,7 +504,8 @@ memcmp_constant_time(const void *a, const void *b, size_t size)
int ret = 0;
size_t i;
for (i = 0; i < size; i++) {
for (i = 0; i < size; i++)
{
ret |= *a1++ ^ *b1++;
}

2
src/openvpn/crypto_backend.h
View file

@ -51,7 +51,7 @@
typedef enum {
MD_SHA1,
MD_SHA256
} hash_algo_type ;
} hash_algo_type;
/** Struct used in cipher name translation table */
typedef struct {

7
src/openvpn/crypto_mbedtls.c
View file

@ -233,8 +233,8 @@ crypto_pem_encode(const char *name, struct buffer *dst,
size_t out_len = 0;
if (MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL !=
mbedtls_pem_write_buffer(header, footer, BPTR(src), BLEN(src),
NULL, 0, &out_len))
mbedtls_pem_write_buffer(header, footer, BPTR(src), BLEN(src),
NULL, 0, &out_len))
{
return false;
}
@ -858,7 +858,8 @@ md_ctx_new(void)
return ctx;
}
void md_ctx_free(mbedtls_md_context_t *ctx)
void
md_ctx_free(mbedtls_md_context_t *ctx)
{
free(ctx);
}

3
src/openvpn/crypto_mbedtls.h
View file

@ -146,7 +146,8 @@ mbed_log_func_line_lite(unsigned int flags, int errval,
#define mbed_ok(errval) \
mbed_log_func_line_lite(D_CRYPT_ERRORS, errval, __func__, __LINE__)
static inline bool cipher_kt_var_key_size(const cipher_kt_t *cipher)
static inline bool
cipher_kt_var_key_size(const cipher_kt_t *cipher)
{
return cipher->flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN;
}

37
src/openvpn/crypto_openssl.c
View file

@ -202,12 +202,12 @@ crypto_print_openssl_errors(const unsigned int flags)
else if (ERR_GET_REASON(err) == SSL_R_UNSUPPORTED_PROTOCOL)
{
msg(D_CRYPT_ERRORS, "TLS error: Unsupported protocol. This typically "
"indicates that client and server have no common TLS version enabled. "
"This can be caused by mismatched tls-version-min and tls-version-max "
"options on client and server. "
"If your OpenVPN client is between v2.3.6 and v2.3.2 try adding "
"tls-version-min 1.0 to the client configuration to use TLS 1.0+ "
"instead of TLS 1.0 only");
"indicates that client and server have no common TLS version enabled. "
"This can be caused by mismatched tls-version-min and tls-version-max "
"options on client and server. "
"If your OpenVPN client is between v2.3.6 and v2.3.2 try adding "
"tls-version-min 1.0 to the client configuration to use TLS 1.0+ "
"instead of TLS 1.0 only");
}
msg(flags, "OpenSSL: %s", ERR_error_string(err, NULL));
}
@ -315,7 +315,8 @@ show_available_ciphers(void)
qsort(cipher_list, num_ciphers, sizeof(*cipher_list), cipher_name_cmp);
for (i = 0; i < num_ciphers; i++) {
for (i = 0; i < num_ciphers; i++)
{
if (!cipher_kt_insecure(cipher_list[i]))
{
print_cipher(cipher_list[i]);
@ -324,7 +325,8 @@ show_available_ciphers(void)
printf("\nThe following ciphers have a block size of less than 128 bits, \n"
"and are therefore deprecated. Do not use unless you have to.\n\n");
for (i = 0; i < num_ciphers; i++) {
for (i = 0; i < num_ciphers; i++)
{
if (cipher_kt_insecure(cipher_list[i]))
{
print_cipher(cipher_list[i]);
@ -405,7 +407,7 @@ crypto_pem_encode(const char *name, struct buffer *dst,
cleanup:
if (!BIO_free(bio))
{
ret = false;;
ret = false;
}
return ret;
@ -458,7 +460,7 @@ cleanup:
OPENSSL_free(data_read);
if (!BIO_free(bio))
{
ret = false;;
ret = false;
}
return ret;
@ -688,7 +690,7 @@ cipher_kt_insecure(const EVP_CIPHER *cipher)
#ifdef NID_chacha20_poly1305
|| EVP_CIPHER_nid(cipher) == NID_chacha20_poly1305
#endif
);
);
}
int
@ -729,13 +731,13 @@ cipher_kt_mode_aead(const cipher_kt_t *cipher)
{
switch (EVP_CIPHER_nid(cipher))
{
case NID_aes_128_gcm:
case NID_aes_192_gcm:
case NID_aes_256_gcm:
case NID_aes_128_gcm:
case NID_aes_192_gcm:
case NID_aes_256_gcm:
#ifdef NID_chacha20_poly1305
case NID_chacha20_poly1305:
case NID_chacha20_poly1305:
#endif
return true;
return true;
}
}
#endif
@ -962,7 +964,8 @@ md_ctx_new(void)
return ctx;
}
void md_ctx_free(EVP_MD_CTX *ctx)
void
md_ctx_free(EVP_MD_CTX *ctx)
{
EVP_MD_CTX_free(ctx);
}

3
src/openvpn/crypto_openssl.h
View file

@ -101,7 +101,8 @@ void crypto_print_openssl_errors(const unsigned int flags);
msg((flags), __VA_ARGS__); \
} while (false)
static inline bool cipher_kt_var_key_size(const cipher_kt_t *cipher)
static inline bool
cipher_kt_var_key_size(const cipher_kt_t *cipher)
{
return EVP_CIPHER_flags(cipher) & EVP_CIPH_VARIABLE_LENGTH;
}

26
src/openvpn/cryptoapi.c
View file

@ -159,7 +159,8 @@ ms_error_text(DWORD ms_err)
/* trim to the left */
if (rv)
{
for (p = rv + strlen(rv) - 1; p >= rv; p--) {
for (p = rv + strlen(rv) - 1; p >= rv; p--)
{
if (isspace(*p))
{
*p = '\0';
@ -198,7 +199,8 @@ err_put_ms_error(DWORD ms_err, int func, const char *file, int line)
}
/* since MS error codes are 32 bit, and the ones in the ERR_... system is
* only 12, we must have a mapping table between them. */
for (i = 0; i < ERR_MAP_SZ; i++) {
for (i = 0; i < ERR_MAP_SZ; i++)
{
if (err_map[i].ms_err == ms_err)
{
ERR_PUT_error(ERR_LIB_CRYPTOAPI, func, err_map[i].err, file, line);
@ -267,8 +269,8 @@ priv_enc_CNG(const CAPI_DATA *cd, const wchar_t *hash_algo, const unsigned char
BCRYPT_PKCS1_PADDING_INFO padinfo = {hash_algo};
DWORD status;
status = NCryptSignHash(hkey, padding? &padinfo : NULL, (BYTE*) from, flen,
to, tlen, &len, padding? BCRYPT_PAD_PKCS1 : 0);
status = NCryptSignHash(hkey, padding ? &padinfo : NULL, (BYTE *) from, flen,
to, tlen, &len, padding ? BCRYPT_PAD_PKCS1 : 0);
if (status != ERROR_SUCCESS)
{
SetLastError(status);
@ -375,7 +377,7 @@ rsa_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, i
*/
static int
rsa_sign_CNG(int type, const unsigned char *m, unsigned int m_len,
unsigned char *sig, unsigned int *siglen, const RSA *rsa)
unsigned char *sig, unsigned int *siglen, const RSA *rsa)
{
CAPI_DATA *cd = (CAPI_DATA *) RSA_meth_get0_app_data(RSA_get_method(rsa));
const wchar_t *alg = NULL;
@ -419,6 +421,7 @@ rsa_sign_CNG(int type, const unsigned char *m, unsigned int m_len,
/* No DigestInfo header is required -- set alg-name to NULL */
alg = NULL;
break;
default:
msg(M_WARN, "cryptoapicert: Unknown hash type NID=0x%x", type);
RSAerr(RSA_F_RSA_SIGN, RSA_R_UNKNOWN_ALGORITHM_TYPE);
@ -459,7 +462,7 @@ finish(RSA *rsa)
return 0;
}
CAPI_DATA_free(cd);
RSA_meth_free((RSA_METHOD*) rsa_meth);
RSA_meth_free((RSA_METHOD *) rsa_meth);
return 1;
}
@ -586,7 +589,7 @@ ssl_ctx_set_eckey(SSL_CTX *ssl_ctx, CAPI_DATA *cd, EVP_PKEY *pkey)
if (cd->key_spec != CERT_NCRYPT_KEY_SPEC)
{
msg(M_NONFATAL, "ERROR: cryptoapicert with only legacy private key handle available."
" EC certificate not supported.");
" EC certificate not supported.");
goto err;
}
/* create a method struct with default callbacks filled in */
@ -686,7 +689,8 @@ find_certificate_in_store(const char *cert_prop, HCERTSTORE cert_store)
/* skip the tag */
cert_prop += 6;
for (p = (char *) cert_prop, i = 0; *p && i < sizeof(hash); i++) {
for (p = (char *) cert_prop, i = 0; *p && i < sizeof(hash); i++)
{
if (*p >= '0' && *p <= '9')
{
x = (*p - '0') << 4;
@ -739,7 +743,7 @@ ssl_ctx_set_rsakey(SSL_CTX *ssl_ctx, CAPI_DATA *cd, EVP_PKEY *pkey)
bool rsa_method_set = false;
my_rsa_method = RSA_meth_new("Microsoft Cryptography API RSA Method",
RSA_METHOD_FLAG_NO_CHECK);
RSA_METHOD_FLAG_NO_CHECK);
check_malloc_return(my_rsa_method);
RSA_meth_set_pub_enc(my_rsa_method, rsa_pub_enc);
RSA_meth_set_pub_dec(my_rsa_method, rsa_pub_dec);
@ -797,7 +801,7 @@ ssl_ctx_set_rsakey(SSL_CTX *ssl_ctx, CAPI_DATA *cd, EVP_PKEY *pkey)
goto err;
}
/* SSL_CTX_use_RSAPrivateKey() increased the reference count in 'rsa', so
* we decrease it here with RSA_free(), or it will never be cleaned up. */
* we decrease it here with RSA_free(), or it will never be cleaned up. */
RSA_free(rsa);
return 1;
@ -867,7 +871,7 @@ SSL_CTX_use_CryptoAPI_certificate(SSL_CTX *ssl_ctx, const char *cert_prop)
DWORD flags = CRYPT_ACQUIRE_COMPARE_KEY_FLAG
| CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG;
if (!CryptAcquireCertificatePrivateKey(cd->cert_context, flags, NULL,
&cd->crypt_prov, &cd->key_spec, &cd->free_crypt_prov))
&cd->crypt_prov, &cd->key_spec, &cd->free_crypt_prov))
{
/* if we don't have a smart card reader here, and we try to access a
* smart card certificate, we get:

2
src/openvpn/env_set.c
View file

@ -277,7 +277,7 @@ void
setenv_long_long(struct env_set *es, const char *name, long long value)
{
char buf[64];
openvpn_snprintf(buf, sizeof(buf), "%"PRIi64, (int64_t)value);
openvpn_snprintf(buf, sizeof(buf), "%" PRIi64, (int64_t)value);
setenv_str(es, name, buf);
}

6
src/openvpn/env_set.h
View file

@ -94,13 +94,15 @@ void env_set_print(int msglevel, const struct env_set *es);
void env_set_inherit(struct env_set *es, const struct env_set *src);
/* returns true if environmental variable name starts with 'password' */
static inline bool is_password_env_var(const char *str)
static inline bool
is_password_env_var(const char *str)
{
return (strncmp(str, "password", 8) == 0);
}
/* returns true if environmental variable safe to print to log */
static inline bool env_safe_to_print(const char *str)
static inline bool
env_safe_to_print(const char *str)
{
#ifndef UNSAFE_DEBUG
if (is_password_env_var(str))

2
src/openvpn/error.c
View file

@ -343,7 +343,7 @@ x_msg_va(const unsigned int flags, const char *format, va_list arglist)
struct timeval tv;
gettimeofday(&tv, NULL);
fprintf(fp, "%"PRIi64".%06ld %x %s%s%s%s",
fprintf(fp, "%" PRIi64 ".%06ld %x %s%s%s%s",
(int64_t)tv.tv_sec,
(long)tv.tv_usec,
flags,

4
src/openvpn/event.c
View file

@ -1041,7 +1041,7 @@ se_wait_fast(struct event_set *es, const struct timeval *tv, struct event_set_re
struct timeval tv_tmp = *tv;
int stat;
dmsg(D_EVENT_WAIT, "SE_WAIT_FAST maxfd=%d tv=%"PRIi64"/%ld",
dmsg(D_EVENT_WAIT, "SE_WAIT_FAST maxfd=%d tv=%" PRIi64 "/%ld",
ses->maxfd,
(int64_t)tv_tmp.tv_sec,
(long)tv_tmp.tv_usec);
@ -1065,7 +1065,7 @@ se_wait_scalable(struct event_set *es, const struct timeval *tv, struct event_se
fd_set write = ses->writefds;
int stat;
dmsg(D_EVENT_WAIT, "SE_WAIT_SCALEABLE maxfd=%d tv=%"PRIi64"/%ld",
dmsg(D_EVENT_WAIT, "SE_WAIT_SCALEABLE maxfd=%d tv=%" PRIi64 "/%ld",
ses->maxfd, (int64_t)tv_tmp.tv_sec, (long)tv_tmp.tv_usec);
stat = select(ses->maxfd + 1, &read, &write, NULL, &tv_tmp);

4
src/openvpn/forward.c
View file

@ -757,7 +757,7 @@ static void
process_coarse_timers(struct context *c)
{
/* flush current packet-id to file once per 60
* seconds if --replay-persist was specified */
* seconds if --replay-persist was specified */
check_packet_id_persist_flush(c);
/* should we update status file? */
@ -836,7 +836,7 @@ check_coarse_timers_dowork(struct context *c)
process_coarse_timers(c);
c->c2.coarse_timer_wakeup = now + c->c2.timeval.tv_sec;
dmsg(D_INTERVAL, "TIMER: coarse timer wakeup %"PRIi64" seconds", (int64_t)c->c2.timeval.tv_sec);
dmsg(D_INTERVAL, "TIMER: coarse timer wakeup %" PRIi64 " seconds", (int64_t)c->c2.timeval.tv_sec);
/* Is the coarse timeout NOT the earliest one? */
if (c->c2.timeval.tv_sec > save.tv_sec)

2
src/openvpn/forward.h
View file

@ -80,10 +80,12 @@ void check_incoming_control_channel_dowork(struct context *c);
void check_scheduled_exit_dowork(struct context *c);
void check_push_request_dowork(struct context *c);
#endif /* P2MP */
#ifdef ENABLE_FRAGMENT
void check_fragment_dowork(struct context *c);
#endif /* ENABLE_FRAGMENT */
void check_connection_established_dowork(struct context *c);

22
src/openvpn/init.c
View file

@ -1077,13 +1077,13 @@ do_genkey(const struct options *options)
}
if (options->tls_crypt_v2_genkey_type)
{
if(!strcmp(options->tls_crypt_v2_genkey_type, "server"))
if (!strcmp(options->tls_crypt_v2_genkey_type, "server"))
{
tls_crypt_v2_write_server_key_file(options->tls_crypt_v2_genkey_file);
return true;
}
if (options->tls_crypt_v2_genkey_type
&& !strcmp(options->tls_crypt_v2_genkey_type, "client"))
&& !strcmp(options->tls_crypt_v2_genkey_type, "client"))
{
if (!options->tls_crypt_v2_file)
{
@ -1091,8 +1091,8 @@ do_genkey(const struct options *options)
}
tls_crypt_v2_write_client_key_file(options->tls_crypt_v2_genkey_file,
options->tls_crypt_v2_metadata, options->tls_crypt_v2_file,
options->tls_crypt_v2_inline);
options->tls_crypt_v2_metadata, options->tls_crypt_v2_file,
options->tls_crypt_v2_inline);
return true;
}
@ -2568,8 +2568,8 @@ do_init_tls_wrap_key(struct context *c)
if (!streq(options->authname, "none"))
{
c->c1.ks.tls_auth_key_type.digest = md_kt_get(options->authname);
c->c1.ks.tls_auth_key_type.hmac_length =
md_kt_size(c->c1.ks.tls_auth_key_type.digest);
c->c1.ks.tls_auth_key_type.hmac_length =
md_kt_size(c->c1.ks.tls_auth_key_type.digest);
}
else
{
@ -2653,7 +2653,7 @@ do_init_crypto_tls_c1(struct context *c)
return;
#else /* if P2MP */
msg(M_FATAL, "Error: private key password verification failed");
#endif
#endif /* if P2MP */
}
/* Get cipher & hash algorithms */
@ -2761,15 +2761,15 @@ do_init_crypto_tls(struct context *c, const unsigned int flags)
{
/* Add 10% jitter to reneg-sec by default (server side only) */
int auto_jitter = options->mode != MODE_SERVER ? 0 :
get_random() % max_int(options->renegotiate_seconds / 10, 1);
get_random() % max_int(options->renegotiate_seconds / 10, 1);
to.renegotiate_seconds = options->renegotiate_seconds - auto_jitter;
}
else
{
/* Add user-specified jitter to reneg-sec */
to.renegotiate_seconds = options->renegotiate_seconds -
(get_random() % max_int(options->renegotiate_seconds
- options->renegotiate_seconds_min, 1));
to.renegotiate_seconds = options->renegotiate_seconds
-(get_random() % max_int(options->renegotiate_seconds
- options->renegotiate_seconds_min, 1));
}
to.single_session = options->single_session;
to.mode = options->mode;

4
src/openvpn/integer.h
View file

@ -28,12 +28,12 @@
#ifndef htonll
#define htonll(x) ((1==htonl(1)) ? (x) : \
((uint64_t)htonl((x) & 0xFFFFFFFF) << 32) | htonl((x) >> 32))
((uint64_t)htonl((x) & 0xFFFFFFFF) << 32) | htonl((x) >> 32))
#endif
#ifndef ntohll
#define ntohll(x) ((1==ntohl(1)) ? (x) : \
((uint64_t)ntohl((x) & 0xFFFFFFFF) << 32) | ntohl((x) >> 32))
((uint64_t)ntohl((x) & 0xFFFFFFFF) << 32) | ntohl((x) >> 32))
#endif
/*

4
src/openvpn/manage.c
View file

@ -3640,7 +3640,7 @@ management_query_multiline_flatten(struct management *man,
char *
/* returns allocated base64 signature */
management_query_pk_sig(struct management *man,
const char *b64_data)
const char *b64_data)
{
const char *prompt = "PK_SIGN";
const char *desc = "pk-sign";
@ -3650,7 +3650,7 @@ management_query_pk_sig(struct management *man,
desc = "rsa-sign";
}
return management_query_multiline_flatten(man, b64_data, prompt, desc,
&man->connection.ext_key_state, &man->connection.ext_key_input);
&man->connection.ext_key_state, &man->connection.ext_key_input);
}
char *

2
src/openvpn/mss.c
View file

@ -150,7 +150,7 @@ mss_fixup_dowork(struct buffer *buf, uint16_t maxmss)
if (BLEN(buf) < (int) sizeof(struct openvpn_tcphdr))
{
return;
return;
}
verify_align_4(buf);

2
src/openvpn/multi.c
View file

@ -2394,7 +2394,7 @@ multi_process_post(struct multi_context *m, struct multi_instance *mi, const uns
multi_set_pending(m, ANY_OUT(&mi->context) ? mi : NULL);
#ifdef MULTI_DEBUG_EVENT_LOOP
printf("POST %s[%d] to=%d lo=%d/%d w=%"PRIi64"/%ld\n",
printf("POST %s[%d] to=%d lo=%d/%d w=%" PRIi64 "/%ld\n",
id(mi),
(int) (mi == m->pending),
mi ? mi->context.c2.to_tun.len : -1,

1
src/openvpn/multi.h
View file

@ -537,6 +537,7 @@ clear_prefix(void)
#define MULTI_CACHE_ROUTE_TTL 60
void multi_reap_process_dowork(const struct multi_context *m);
void multi_process_per_second_timers_dowork(struct multi_context *m);
static inline void

4
src/openvpn/ntlm.c
View file

@ -314,8 +314,8 @@ ntlm_phase_3(const struct http_proxy_info *p, const char *phase_2,
* byte order on the wire for the NTLM header is LE.
*/
const size_t hoff = 0x14;
unsigned long flags = buf2[hoff] | (buf2[hoff + 1] << 8) |
(buf2[hoff + 2] << 16) | (buf2[hoff + 3] << 24);
unsigned long flags = buf2[hoff] | (buf2[hoff + 1] << 8)
|(buf2[hoff + 2] << 16) | (buf2[hoff + 3] << 24);
if ((flags & 0x00800000) == 0x00800000)
{
tib_len = buf2[0x28]; /* Get Target Information block size */

47
src/openvpn/openssl_compat.h
View file

@ -193,8 +193,8 @@ X509_get0_pubkey(const X509 *x)
* @param store X509 object store
* @return the X509 object stack
*/
static inline STACK_OF(X509_OBJECT) *
X509_STORE_get0_objects(X509_STORE *store)
static inline STACK_OF(X509_OBJECT)
*X509_STORE_get0_objects(X509_STORE *store)
{
return store ? store->objs : NULL;
}
@ -369,7 +369,7 @@ RSA_set0_key(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d)
return 1;
}
#endif
#endif /* if !defined(HAVE_RSA_SET0_KEY) */
#if !defined(HAVE_RSA_BITS)
/**
@ -483,9 +483,9 @@ RSA_meth_free(RSA_METHOD *meth)
*/
static inline int
RSA_meth_set_pub_enc(RSA_METHOD *meth,
int (*pub_enc) (int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,
int padding))
int (*pub_enc)(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,
int padding))
{
if (meth)
{
@ -506,9 +506,9 @@ RSA_meth_set_pub_enc(RSA_METHOD *meth,
*/
static inline int
RSA_meth_set_pub_dec(RSA_METHOD *meth,
int (*pub_dec) (int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,
int padding))
int (*pub_dec)(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,
int padding))
{
if (meth)
{
@ -529,9 +529,9 @@ RSA_meth_set_pub_dec(RSA_METHOD *meth,
*/
static inline int
RSA_meth_set_priv_enc(RSA_METHOD *meth,
int (*priv_enc) (int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,
int padding))
int (*priv_enc)(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,
int padding))
{
if (meth)
{
@ -552,9 +552,9 @@ RSA_meth_set_priv_enc(RSA_METHOD *meth,
*/
static inline int
RSA_meth_set_priv_dec(RSA_METHOD *meth,
int (*priv_dec) (int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,
int padding))
int (*priv_dec)(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,
int padding))
{
if (meth)
{
@ -574,7 +574,7 @@ RSA_meth_set_priv_dec(RSA_METHOD *meth,
* @return 1 on success, 0 on error
*/
static inline int
RSA_meth_set_init(RSA_METHOD *meth, int (*init) (RSA *rsa))
RSA_meth_set_init(RSA_METHOD *meth, int (*init)(RSA *rsa))
{
if (meth)
{
@ -594,11 +594,12 @@ RSA_meth_set_init(RSA_METHOD *meth, int (*init) (RSA *rsa))
* @return 1 on success, 0 on error
*/
static inline
int RSA_meth_set_sign(RSA_METHOD *meth,
int (*sign) (int type, const unsigned char *m,
unsigned int m_length,
unsigned char *sigret, unsigned int *siglen,
const RSA *rsa))
int
RSA_meth_set_sign(RSA_METHOD *meth,
int (*sign)(int type, const unsigned char *m,
unsigned int m_length,
unsigned char *sigret, unsigned int *siglen,
const RSA *rsa))
{
meth->rsa_sign = sign;
return 1;
@ -614,7 +615,7 @@ int RSA_meth_set_sign(RSA_METHOD *meth,
* @return 1 on success, 0 on error
*/
static inline int
RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa))
RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa))
{
if (meth)
{
@ -669,7 +670,7 @@ RSA_meth_get0_app_data(const RSA_METHOD *meth)
static inline int
EC_GROUP_order_bits(const EC_GROUP *group)
{
BIGNUM* order = BN_new();
BIGNUM *order = BN_new();
EC_GROUP_get_order(group, order, NULL);
int bits = BN_num_bits(order);
BN_free(order);

10
src/openvpn/options.c
View file

@ -2140,7 +2140,7 @@ options_postprocess_verify_ce(const struct options *options, const struct connec
"passwords is STRONGLY discouraged and considered insecure");
}
#endif
#endif /* ifdef ENABLE_MANAGEMENT */
/*
* Windows-specific options.
@ -2865,8 +2865,10 @@ options_postprocess_mutate_ce(struct options *o, struct connection_entry *ce)
{
struct buffer in = buffer_read_from_file(o->tls_auth_file, &o->gc);
if (!buf_valid(&in))
{
msg(M_FATAL, "Cannot pre-load tls-auth keyfile (%s)",
o->tls_auth_file);
}
ce->tls_auth_file = INLINE_FILE_TAG;
ce->tls_auth_file_inline = (char *)in.data;
@ -2876,8 +2878,10 @@ options_postprocess_mutate_ce(struct options *o, struct connection_entry *ce)
{
struct buffer in = buffer_read_from_file(o->tls_crypt_file, &o->gc);
if (!buf_valid(&in))
{
msg(M_FATAL, "Cannot pre-load tls-crypt keyfile (%s)",
o->tls_auth_file);
}
ce->tls_crypt_file = INLINE_FILE_TAG;
ce->tls_crypt_inline = (char *)in.data;
@ -3046,7 +3050,7 @@ options_postprocess_mutate(struct options *o)
{
/* DH file is only meaningful in a tls-server context. */
msg(M_WARN, "WARNING: Ignoring option 'dh' in tls-client mode, please only "
"include this in your server configuration");
"include this in your server configuration");
o->dh_file = NULL;
}
@ -7169,7 +7173,7 @@ add_option(struct options *options,
{
if (strstr(p[2], ":"))
{
ipv6dns=true;
ipv6dns = true;
foreign_option(options, p, 3, es);
dhcp_option_dns6_parse(p[2], o->dns6, &o->dns6_len, msglevel);
}

4
src/openvpn/otime.c
View file

@ -88,7 +88,7 @@ const char *
tv_string(const struct timeval *tv, struct gc_arena *gc)
{
struct buffer out = alloc_buf_gc(64, gc);
buf_printf(&out, "[%"PRIi64"/%ld]",
buf_printf(&out, "[%" PRIi64 "/%ld]",
(int64_t)tv->tv_sec,
(long)tv->tv_usec);
return BSTR(&out);
@ -198,7 +198,7 @@ time_test(void)
t = time(NULL);
gettimeofday(&tv, NULL);
#if 1
msg(M_INFO, "t=%"PRIi64" s=%"PRIi64" us=%ld",
msg(M_INFO, "t=%" PRIi64 " s=%" PRIi64 " us=%ld",
(int64_t)t,
(int64_t)tv.tv_sec,
(long)tv.tv_usec);

12
src/openvpn/packet_id.c
View file

@ -347,7 +347,7 @@ packet_id_send_update(struct packet_id_send *p, bool long_form)
bool
packet_id_write(struct packet_id_send *p, struct buffer *buf, bool long_form,
bool prepend)
bool prepend)
{
if (!packet_id_send_update(p, long_form))
{
@ -606,13 +606,13 @@ packet_id_debug_print(int msglevel,
}
buf_printf(&out, "%c", c);
}
buf_printf(&out, "] %"PRIi64":" packet_id_format, (int64_t)p->time, (packet_id_print_type)p->id);
buf_printf(&out, "] %" PRIi64 ":" packet_id_format, (int64_t)p->time, (packet_id_print_type)p->id);
if (pin)
{
buf_printf(&out, " %"PRIi64":" packet_id_format, (int64_t)pin->time, (packet_id_print_type)pin->id);
buf_printf(&out, " %" PRIi64 ":" packet_id_format, (int64_t)pin->time, (packet_id_print_type)pin->id);
}
buf_printf(&out, " t=%"PRIi64"[%d]",
buf_printf(&out, " t=%" PRIi64 "[%d]",
(int64_t)prev_now,
(int)(prev_now - tv.tv_sec));
@ -666,7 +666,7 @@ packet_id_interactive_test(void)
{
packet_id_reap_test(&pid.rec);
test = packet_id_test(&pid.rec, &pin);
printf("packet_id_test (%"PRIi64", " packet_id_format ") returned %d\n",
printf("packet_id_test (%" PRIi64 ", " packet_id_format ") returned %d\n",
(int64_t)pin.time,
(packet_id_print_type)pin.id,
test);
@ -679,7 +679,7 @@ packet_id_interactive_test(void)
{
long_form = (count < 20);
packet_id_alloc_outgoing(&pid.send, &pin, long_form);
printf("(%"PRIi64"(" packet_id_format "), %d)\n",
printf("(%" PRIi64 "(" packet_id_format "), %d)\n",
(int64_t)pin.time,
(packet_id_print_type)pin.id,
long_form);

2
src/openvpn/packet_id.h
View file

@ -263,7 +263,7 @@ bool packet_id_read(struct packet_id_net *pin, struct buffer *buf, bool long_for
* @return true if successful, false otherwise.
*/
bool packet_id_write(struct packet_id_send *p, struct buffer *buf,
bool long_form, bool prepend);
bool long_form, bool prepend);
/*
* Inline functions.

2
src/openvpn/ping.h
View file

@ -84,4 +84,4 @@ check_ping_send(struct context *c)
}
}
#endif
#endif /* ifndef PING_H */

3
src/openvpn/plugin.c
View file

@ -552,8 +552,7 @@ plugin_call_item(const struct plugin *p,
p->plugin_handle,
per_client_context,
(current_cert ? certdepth : -1),
current_cert
};
current_cert };
struct openvpn_plugin_args_func_return retargs;

4
src/openvpn/proxy.c
View file

@ -884,10 +884,10 @@ establish_http_proxy_passthru(struct http_proxy_info *p,
const char *algor = get_pa_var("algorithm", pa, &gc);
const char *opaque = get_pa_var("opaque", pa, &gc);
if ( !realm || !nonce )
if (!realm || !nonce)
{
msg(D_LINK_ERRORS, "HTTP proxy: digest auth failed, malformed response "
"from server: realm= or nonce= missing" );
"from server: realm= or nonce= missing" );
goto error;
}

4
src/openvpn/reliable.c
View file

@ -762,14 +762,14 @@ reliable_debug_print(const struct reliable *rel, char *desc)
printf("********* struct reliable %s\n", desc);
printf(" initial_timeout=%d\n", (int)rel->initial_timeout);
printf(" packet_id=" packet_id_format "\n", rel->packet_id);
printf(" now=%"PRIi64"\n", (int64_t)now);
printf(" now=%" PRIi64 "\n", (int64_t)now);
for (i = 0; i < rel->size; ++i)
{
const struct reliable_entry *e = &rel->array[i];
if (e->active)
{
printf(" %d: packet_id=" packet_id_format " len=%d", i, e->packet_id, e->buf.len);
printf(" next_try=%"PRIi64, (int64_t)e->next_try);
printf(" next_try=%" PRIi64, (int64_t)e->next_try);
printf("\n");
}
}

4
src/openvpn/route.c
View file

@ -3074,7 +3074,7 @@ do_route_ipv6_service(const bool add, const struct route_ipv6 *r, const struct t
* (only do this for routes actually using the tun/tap device)
*/
if (tt->type == DEV_TYPE_TUN
&& msg.iface.index == tt->adapter_index )
&& msg.iface.index == tt->adapter_index)
{
inet_pton(AF_INET6, "fe80::8", &msg.gateway.ipv6);
}
@ -3298,7 +3298,7 @@ get_default_gateway(struct route_gateway_info *rgi)
if (rgi->flags & RGI_ON_LINK)
{
/* check that interface name of current interface
* matches interface name of best default route */
* matches interface name of best default route */
if (strcmp(ifreq.ifr_name, best_name))
{
continue;

6
src/openvpn/run_command.c
View file

@ -41,12 +41,14 @@
/* contains an SSEC_x value defined in platform.h */
static int script_security_level = SSEC_BUILT_IN; /* GLOBAL */
int script_security(void)
int
script_security(void)
{
return script_security_level;
}
void script_security_set(int level)
void
script_security_set(int level)
{
script_security_level = level;
}

2
src/openvpn/shaper.c
View file

@ -76,7 +76,7 @@ shaper_soonest_event(struct timeval *tv, int delay)
}
}
#ifdef SHAPER_DEBUG
dmsg(D_SHAPER_DEBUG, "SHAPER shaper_soonest_event sec=%"PRIi64" usec=%ld ret=%d",
dmsg(D_SHAPER_DEBUG, "SHAPER shaper_soonest_event sec=%" PRIi64 " usec=%ld ret=%d",
(int64_t)tv->tv_sec, (long)tv->tv_usec, (int)ret);
#endif
return ret;

2
src/openvpn/shaper.h
View file

@ -147,7 +147,7 @@ shaper_wrote_bytes(struct shaper *s, int nbytes)
tv_add(&s->wakeup, &tv);
#ifdef SHAPER_DEBUG
dmsg(D_SHAPER_DEBUG, "SHAPER shaper_wrote_bytes bytes=%d delay=%ld sec=%"PRIi64" usec=%ld",
dmsg(D_SHAPER_DEBUG, "SHAPER shaper_wrote_bytes bytes=%d delay=%ld sec=%" PRIi64 " usec=%ld",
nbytes,
(long)tv.tv_usec,
(int64_t)s->wakeup.tv_sec,

6
src/openvpn/socket.c
View file

@ -100,10 +100,12 @@ get_addr_generic(sa_family_t af, unsigned int flags, const char *hostname,
bits = 0;
max_bits = sizeof(in_addr_t) * 8;
break;
case AF_INET6:
bits = 64;
max_bits = sizeof(struct in6_addr) * 8;
break;
default:
msg(M_WARN,
"Unsupported AF family passed to getaddrinfo for %s (%d)",
@ -125,7 +127,7 @@ get_addr_generic(sa_family_t af, unsigned int flags, const char *hostname,
}
/* check if this hostname has a /bits suffix */
sep = strchr(var_host , '/');
sep = strchr(var_host, '/');
if (sep)
{
bits = strtoul(sep + 1, &endp, 10);
@ -156,10 +158,12 @@ get_addr_generic(sa_family_t af, unsigned int flags, const char *hostname,
*ip4 = ntohl(*ip4);
}
break;
case AF_INET6:
ip6 = network;
*ip6 = ((struct sockaddr_in6 *)ai->ai_addr)->sin6_addr;
break;
default:
/* can't get here because 'af' was previously checked */
msg(M_WARN,

2
src/openvpn/socket.h
View file

@ -138,7 +138,7 @@ struct stream_buf
int len; /* -1 if not yet known */
bool error; /* if true, fatal TCP error has occurred,
* requiring that connection be restarted */
* requiring that connection be restarted */
#if PORT_SHARE
#define PS_DISABLED 0
#define PS_ENABLED 1

20
src/openvpn/ssl.c
View file

@ -684,7 +684,7 @@ init_ssl(const struct options *options, struct tls_root_ctx *new_ctx)
{
if (tls_ctx_use_management_external_key(new_ctx))
{
msg (M_WARN, "Cannot initialize mamagement-external-key");
msg(M_WARN, "Cannot initialize mamagement-external-key");
goto err;
}
}
@ -1103,7 +1103,7 @@ tls_session_init(struct tls_multi *multi, struct tls_session *session)
else
{
session->initial_opcode = session->opt->tls_crypt_v2 ?
P_CONTROL_HARD_RESET_CLIENT_V3 : P_CONTROL_HARD_RESET_CLIENT_V2;
P_CONTROL_HARD_RESET_CLIENT_V3 : P_CONTROL_HARD_RESET_CLIENT_V2;
}
}
@ -1531,9 +1531,9 @@ read_control_auth(struct buffer *buf,
if (opcode == P_CONTROL_HARD_RESET_CLIENT_V3
&& !tls_crypt_v2_extract_client_key(buf, ctx, opt))
{
msg (D_TLS_ERRORS,
"TLS Error: can not extract tls-crypt-v2 client key from %s",
print_link_socket_actual(from, &gc));
msg(D_TLS_ERRORS,
"TLS Error: can not extract tls-crypt-v2 client key from %s",
print_link_socket_actual(from, &gc));
goto cleanup;
}
@ -3792,7 +3792,7 @@ tls_pre_decrypt(struct tls_multi *multi,
/* Save incoming ciphertext packet to reliable buffer */
struct buffer *in = reliable_get_buf(ks->rec_reliable);
ASSERT(in);
if(!buf_copy(in, buf))
if (!buf_copy(in, buf))
{
msg(D_MULTI_DROPPED,
"Incoming control channel packet too big, dropping.");
@ -4193,10 +4193,10 @@ show_available_tls_ciphers(const char *cipher_list,
show_available_tls_ciphers_list(cipher_list, tls_cert_profile, false);
printf("\n"
"Be aware that that whether a cipher suite in this list can actually work\n"
"depends on the specific setup of both peers. See the man page entries of\n"
"--tls-cipher and --show-tls for more details.\n\n"
);
"Be aware that that whether a cipher suite in this list can actually work\n"
"depends on the specific setup of both peers. See the man page entries of\n"
"--tls-cipher and --show-tls for more details.\n\n"
);
}
/*

4
src/openvpn/ssl_common.h
View file

@ -215,10 +215,10 @@ struct tls_wrap_ctx
struct buffer work; /**< Work buffer (only for --tls-crypt) */
struct key_ctx tls_crypt_v2_server_key; /**< Decrypts client keys */
const struct buffer *tls_crypt_v2_wkc; /**< Wrapped client key,
sent to server */
* sent to server */
struct buffer tls_crypt_v2_metadata; /**< Received from client */
bool cleanup_key_ctx; /**< opt.key_ctx_bi is owned by
this context */
* this context */
};
/*

32
src/openvpn/ssl_mbedtls.c
View file

@ -65,12 +65,12 @@
static const mbedtls_x509_crt_profile openvpn_x509_crt_profile_legacy =
{
/* Hashes from SHA-1 and above */
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) |
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_RIPEMD160 ) |
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) |
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 )
|MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_RIPEMD160 )
|MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 )
|MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 )
|MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 )
|MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
0xFFFFFFF, /* Any PK alg */
0xFFFFFFF, /* Any curve */
1024, /* RSA-1024 and larger */
@ -79,10 +79,10 @@ static const mbedtls_x509_crt_profile openvpn_x509_crt_profile_legacy =
static const mbedtls_x509_crt_profile openvpn_x509_crt_profile_preferred =
{
/* SHA-2 and above */
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) |
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 )
|MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 )
|MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 )
|MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
0xFFFFFFF, /* Any PK alg */
0xFFFFFFF, /* Any curve */
2048, /* RSA-2048 and larger */
@ -232,7 +232,7 @@ tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers)
}
msg(M_WARN, "mbed TLS does not support setting tls-ciphersuites. "
"Ignoring TLS 1.3 cipher list: %s", ciphers);
"Ignoring TLS 1.3 cipher list: %s", ciphers);
}
void
@ -299,7 +299,7 @@ tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile)
}
else
{
msg (M_FATAL, "ERROR: Invalid cert profile: %s", profile);
msg(M_FATAL, "ERROR: Invalid cert profile: %s", profile);
}
}
@ -600,14 +600,14 @@ tls_ctx_use_external_signing_func(struct tls_root_ctx *ctx,
if (ctx->crt_chain == NULL)
{
msg (M_WARN, "ERROR: external key requires a certificate.");
msg(M_WARN, "ERROR: external key requires a certificate.");
return 1;
}
if (mbedtls_pk_get_type(&ctx->crt_chain->pk) != MBEDTLS_PK_RSA)
{
msg(M_WARN, "ERROR: external key with mbed TLS requires a "
"certificate with an RSA key.");
"certificate with an RSA key.");
return 1;
}
@ -653,8 +653,8 @@ management_sign_func(void *sign_ctx, const void *src, size_t src_len,
ret = true;
cleanup:
free (src_b64);
free (dst_b64);
free(src_b64);
free(dst_b64);
return ret;
}

4
src/openvpn/ssl_mbedtls.h
View file

@ -71,8 +71,8 @@ typedef struct {
* @return true if signing succeeded, false otherwise.
*/
typedef bool (*external_sign_func)(
void *sign_ctx, const void *src, size_t src_size,
void *dst, size_t dst_size);
void *sign_ctx, const void *src, size_t src_size,
void *dst, size_t dst_size);
/** Context used by external_pkcs1_sign() */
struct external_context {

32
src/openvpn/ssl_openssl.c
View file

@ -217,7 +217,7 @@ tls_version_max(void)
return TLS_VER_1_2;
#elif defined(TLS1_1_VERSION) || defined(SSL_OP_NO_TLSv1_1)
return TLS_VER_1_1;
#else
#else /* if defined(TLS1_3_VERSION) */
return TLS_VER_1_0;
#endif
}
@ -322,7 +322,7 @@ tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags)
}
void
convert_tls_list_to_openssl(char* openssl_ciphers, size_t len,const char *ciphers)
convert_tls_list_to_openssl(char *openssl_ciphers, size_t len,const char *ciphers)
{
/* Parse supplied cipher list and pass on to OpenSSL */
size_t begin_of_cipher, end_of_cipher;
@ -466,9 +466,9 @@ tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers)
}
#if (OPENSSL_VERSION_NUMBER < 0x1010100fL)
crypto_msg(M_WARN, "Not compiled with OpenSSL 1.1.1 or higher. "
"Ignoring TLS 1.3 only tls-ciphersuites '%s' setting.",
ciphers);
crypto_msg(M_WARN, "Not compiled with OpenSSL 1.1.1 or higher. "
"Ignoring TLS 1.3 only tls-ciphersuites '%s' setting.",
ciphers);
#else
ASSERT(NULL != ctx);
@ -509,13 +509,13 @@ tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const char *profile)
{
msg(M_FATAL, "ERROR: Invalid cert profile: %s", profile);
}
#else
#else /* ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL */
if (profile)
{
msg(M_WARN, "WARNING: OpenSSL 1.0.1 does not support --tls-cert-profile"
", ignoring user-set profile: '%s'", profile);
}
#endif
#endif /* ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL */
}
void
@ -658,7 +658,7 @@ tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name
{
nid = EC_GROUP_get_curve_name(ecgrp);
}
#endif
#endif /* if OPENSSL_VERSION_NUMBER >= 0x10002000L */
}
/* Translate NID back to name , just for kicks */
@ -1137,7 +1137,7 @@ rsa_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, i
ret = get_sig_from_man(from, flen, to, len);
return (ret == len)? ret : -1;
return (ret == len) ? ret : -1;
}
static int
@ -1325,7 +1325,7 @@ err:
{
EVP_PKEY_free(privkey);
}
if(ec)
if (ec)
{
EC_KEY_free(ec);
}
@ -1375,7 +1375,7 @@ tls_ctx_use_management_external_key(struct tls_root_ctx *ctx)
crypto_msg(M_WARN, "management-external-key requires an RSA or EC certificate");
goto cleanup;
}
#else
#else /* if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_EC) && !defined(LIBRESSL_VERSION_NUMBER) */
else
{
crypto_msg(M_WARN, "management-external-key requires an RSA certificate");
@ -1644,7 +1644,7 @@ bio_debug_data(const char *mode, BIO *bio, const uint8_t *buf, int len, const ch
if (len > 0)
{
open_biofp();
fprintf(biofp, "BIO_%s %s time=%"PRIi64" bio=" ptr_format " len=%d data=%s\n",
fprintf(biofp, "BIO_%s %s time=%" PRIi64 " bio=" ptr_format " len=%d data=%s\n",
mode, desc, (int64_t)time(NULL), (ptr_type)bio, len, format_hex(buf, len, 0, &gc));
fflush(biofp);
}
@ -1655,7 +1655,7 @@ static void
bio_debug_oc(const char *mode, BIO *bio)
{
open_biofp();
fprintf(biofp, "BIO %s time=%"PRIi64" bio=" ptr_format "\n",
fprintf(biofp, "BIO %s time=%" PRIi64 " bio=" ptr_format "\n",
mode, (int64_t)time(NULL), (ptr_type)bio);
fflush(biofp);
}
@ -1963,7 +1963,7 @@ print_details(struct key_state_ssl *ks_ssl, const char *prefix)
{
EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
const EC_GROUP *group = EC_KEY_get0_group(ec);
const char* curve;
const char *curve;
int nid = EC_GROUP_get_curve_name(group);
if (nid == 0 || (curve = OBJ_nid2sn(nid)) == NULL)
@ -2024,7 +2024,7 @@ show_available_tls_ciphers_list(const char *cipher_list,
#else
STACK_OF(SSL_CIPHER) *sk = SSL_get1_supported_ciphers(ssl);
#endif
for (int i=0;i < sk_SSL_CIPHER_num(sk);i++)
for (int i = 0; i < sk_SSL_CIPHER_num(sk); i++)
{
const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);
@ -2035,7 +2035,7 @@ show_available_tls_ciphers_list(const char *cipher_list,
if (tls13)
{
printf("%s\n", cipher_name);
printf("%s\n", cipher_name);
}
else if (NULL == pair)
{

38
src/openvpn/ssl_verify.c
View file

@ -72,7 +72,7 @@ setenv_untrusted(struct tls_session *session)
static void
wipe_auth_token(struct tls_multi *multi)
{
if(multi)
if (multi)
{
if (multi->auth_token)
{
@ -712,24 +712,24 @@ verify_cert(struct tls_session *session, openvpn_x509_cert_t *cert, int cert_dep
switch (opt->verify_hash_algo)
{
case MD_SHA1:
ca_hash = x509_get_sha1_fingerprint(cert, &gc);
break;
case MD_SHA1:
ca_hash = x509_get_sha1_fingerprint(cert, &gc);
break;
case MD_SHA256:
ca_hash = x509_get_sha256_fingerprint(cert, &gc);
break;
case MD_SHA256:
ca_hash = x509_get_sha256_fingerprint(cert, &gc);
break;
default:
/* This should normally not happen at all; the algorithm used
* is parsed by add_option() [options.c] and set to a predefined
* value in an enumerated type. So if this unlikely scenario
* happens, consider this a failure
*/
msg(M_WARN, "Unexpected invalid algorithm used with "
"--verify-hash (%i)", opt->verify_hash_algo);
ret = FAILURE;
goto cleanup;
default:
/* This should normally not happen at all; the algorithm used
* is parsed by add_option() [options.c] and set to a predefined
* value in an enumerated type. So if this unlikely scenario
* happens, consider this a failure
*/
msg(M_WARN, "Unexpected invalid algorithm used with "
"--verify-hash (%i)", opt->verify_hash_algo);
ret = FAILURE;
goto cleanup;
}
if (memcmp(BPTR(&ca_hash), opt->verify_hash, BLEN(&ca_hash)))
@ -1178,8 +1178,8 @@ verify_user_pass_plugin(struct tls_session *session, const struct user_pass *up)
/* generate filename for deferred auth control file */
if (!key_state_gen_auth_control_file(ks, session->opt))
{
msg (D_TLS_ERRORS, "TLS Auth Error (%s): "
"could not create deferred auth control file", __func__);
msg(D_TLS_ERRORS, "TLS Auth Error (%s): "
"could not create deferred auth control file", __func__);
goto cleanup;
}
#endif

1
src/openvpn/ssl_verify_backend.h
View file

@ -130,6 +130,7 @@ result_t backend_x509_get_username(char *common_name, int cn_len,
* --x509-username-field option.
*/
bool x509_username_field_ext_supported(const char *extname);
#endif
/*

7
src/openvpn/ssl_verify_openssl.c
View file

@ -114,7 +114,8 @@ cleanup:
}
#ifdef ENABLE_X509ALTUSERNAME
bool x509_username_field_ext_supported(const char *fieldname)
bool
x509_username_field_ext_supported(const char *fieldname)
{
int nid = OBJ_txt2nid(fieldname);
return nid == NID_subject_alt_name || nid == NID_issuer_alt_name;
@ -587,7 +588,7 @@ x509_verify_ns_cert_type(openvpn_x509_cert_t *peer_cert, const int usage)
* prevent it to take a const argument
*/
result_t result = X509_check_purpose(peer_cert, X509_PURPOSE_SSL_CLIENT, 0) ?
SUCCESS : FAILURE;
SUCCESS : FAILURE;
/*
* old versions of OpenSSL allow us to make the less strict check we used to
@ -615,7 +616,7 @@ x509_verify_ns_cert_type(openvpn_x509_cert_t *peer_cert, const int usage)
* prevent it to take a const argument
*/
result_t result = X509_check_purpose(peer_cert, X509_PURPOSE_SSL_SERVER, 0) ?
SUCCESS : FAILURE;
SUCCESS : FAILURE;
/*
* old versions of OpenSSL allow us to make the less strict check we used to

6
src/openvpn/tls_crypt.c
View file

@ -86,7 +86,7 @@ tls_crypt_init_key(struct key_ctx_bi *key, const char *key_file,
struct key_type kt = tls_crypt_kt();
if (!kt.cipher || !kt.digest)
{
msg (M_FATAL, "ERROR: --tls-crypt not supported");
msg(M_FATAL, "ERROR: --tls-crypt not supported");
}
crypto_read_openvpn_key(&kt, key, key_file, key_inline, key_direction,
"Control Channel Encryption", "tls-crypt");
@ -530,7 +530,7 @@ tls_crypt_v2_unwrap_client_key(struct key2 *client_key, struct buffer *metadata,
memcpy(&client_key->keys, BPTR(&plaintext), sizeof(client_key->keys));
ASSERT(buf_advance(&plaintext, sizeof(client_key->keys)));
if(!buf_copy(metadata, &plaintext))
if (!buf_copy(metadata, &plaintext))
{
CRYPT_ERROR("metadata too large for supplied buffer");
}
@ -613,7 +613,7 @@ tls_crypt_v2_extract_client_key(struct buffer *buf,
if (!ctx->tls_crypt_v2_server_key.cipher)
{
msg(D_TLS_ERRORS,
"Client wants tls-crypt-v2, but no server key present.");
"Client wants tls-crypt-v2, but no server key present.");
return false;
}

6
src/openvpn/tls_crypt.h
View file

@ -99,10 +99,10 @@
#define TLS_CRYPT_V2_SERVER_KEY_LEN (sizeof(struct key))
#define TLS_CRYPT_V2_TAG_SIZE (TLS_CRYPT_TAG_SIZE)
#define TLS_CRYPT_V2_MAX_METADATA_LEN (unsigned)(TLS_CRYPT_V2_MAX_WKC_LEN \
- (TLS_CRYPT_V2_CLIENT_KEY_LEN + TLS_CRYPT_V2_TAG_SIZE \
+ sizeof(uint16_t)))
- (TLS_CRYPT_V2_CLIENT_KEY_LEN + TLS_CRYPT_V2_TAG_SIZE \
+ sizeof(uint16_t)))
#define TLS_CRYPT_V2_MAX_B64_METADATA_LEN \
OPENVPN_BASE64_LENGTH(TLS_CRYPT_V2_MAX_METADATA_LEN - 1)
OPENVPN_BASE64_LENGTH(TLS_CRYPT_V2_MAX_METADATA_LEN - 1)
/**
* Initialize a key_ctx_bi structure for use with --tls-crypt.

15
src/openvpn/tun.c
View file

@ -553,8 +553,8 @@ is_tun_p2p(const struct tuntap *tt)
bool tun = false;
if (tt->type == DEV_TYPE_TAP
|| (tt->type == DEV_TYPE_TUN && tt->topology == TOP_SUBNET)
|| tt->type == DEV_TYPE_NULL )
|| (tt->type == DEV_TYPE_TUN && tt->topology == TOP_SUBNET)
|| tt->type == DEV_TYPE_NULL)
{
tun = false;
}
@ -893,7 +893,7 @@ do_ifconfig_ipv6(struct tuntap *tt, const char *ifname, int tun_mtu,
ifconfig_ipv6_local, tt->netbits_ipv6, ifname);
argv_msg(M_INFO, &argv);
openvpn_execve_check(&argv, es, S_FATAL, "Linux ip -6 addr add failed");
#else
#else /* ifdef ENABLE_IPROUTE */
argv_printf(&argv, "%s %s add %s/%d mtu %d up", IFCONFIG_PATH, ifname,
ifconfig_ipv6_local, tt->netbits_ipv6, tun_mtu);
argv_msg(M_INFO, &argv);
@ -1387,6 +1387,7 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, int tun_mtu,
ifname, ifconfig_local,
print_in_addr_t(tt->adapter_netmask, 0, &gc));
break;
case IPW32_SET_NETSH:
netsh_ifconfig(&tt->options, ifname, tt->local,
tt->adapter_netmask, NI_IP_NETMASK|NI_OPTIONS);
@ -2442,7 +2443,7 @@ close_tun(struct tuntap *tt)
struct argv argv = argv_new();
/* setup command, close tun dev (clears tt->actual_name!), run command
*/
*/
argv_printf(&argv, "%s %s destroy",
IFCONFIG_PATH, tt->actual_name);
@ -2528,7 +2529,7 @@ close_tun(struct tuntap *tt)
struct argv argv = argv_new();
/* setup command, close tun dev (clears tt->actual_name!), run command
*/
*/
argv_printf(&argv, "%s %s destroy",
IFCONFIG_PATH, tt->actual_name);
@ -2668,7 +2669,7 @@ close_tun(struct tuntap *tt)
struct argv argv = argv_new();
/* setup command, close tun dev (clears tt->actual_name!), run command
*/
*/
argv_printf(&argv, "%s %s destroy",
IFCONFIG_PATH, tt->actual_name);
@ -5923,7 +5924,7 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun
};
if (send_msg_iservice(tt->options.msg_channel, &msg, sizeof(msg),
&ack, "TUN"))
&ack, "TUN"))
{
status = ack.error_number;
}

2
src/openvpn/win32.c
View file

@ -1481,7 +1481,7 @@ send_msg_iservice(HANDLE pipe, const void *data, size_t size,
|| !ReadFile(pipe, ack, sizeof(*ack), &len, NULL))
{
msg(M_WARN, "%s: could not talk to service: %s [%lu]",
context? context : "Unknown",
context ? context : "Unknown",
strerror_win32(GetLastError(), &gc), GetLastError());
ret = false;
}