Our "natural" place for this function would be ssl.c but ssl.c has a lot of
dependencies on all kinds of other compilation units so including ssl.c into
unit tests is near impossible currently. Instead create a new file ssl_util.c
that holds small utility functions like this one.
Signed-off-by: Arne Schwabe
---
src/openvpn/Makefile.am | 1 +
src/openvpn/openvpn.vcxproj | 2 +
src/openvpn/openvpn.vcxproj.filters | 6 +++
src/openvpn/ssl.c| 2 +-
src/openvpn/ssl_ncp.c| 20 ++
src/openvpn/ssl_util.c | 59
src/openvpn/ssl_util.h | 49 +++
src/openvpn/ssl_verify.c | 1 +
tests/unit_tests/openvpn/Makefile.am | 3 +-
9 files changed, 125 insertions(+), 18 deletions(-)
create mode 100644 src/openvpn/ssl_util.c
create mode 100644 src/openvpn/ssl_util.h
diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am
index 37b002c6..ec84929b 100644
--- a/src/openvpn/Makefile.am
+++ b/src/openvpn/Makefile.am
@@ -119,6 +119,7 @@ openvpn_SOURCES = \
ssl_openssl.c ssl_openssl.h \
ssl_mbedtls.c ssl_mbedtls.h \
ssl_ncp.c ssl_ncp.h \
+ ssl_util.c ssl_util.h \
ssl_common.h \
ssl_verify.c ssl_verify.h ssl_verify_backend.h \
ssl_verify_openssl.c ssl_verify_openssl.h \
diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj
index 3863854b..cf31940c 100644
--- a/src/openvpn/openvpn.vcxproj
+++ b/src/openvpn/openvpn.vcxproj
@@ -212,6 +212,7 @@
+
@@ -300,6 +301,7 @@
+
diff --git a/src/openvpn/openvpn.vcxproj.filters
b/src/openvpn/openvpn.vcxproj.filters
index cf5748c7..e8aed2c5 100644
--- a/src/openvpn/openvpn.vcxproj.filters
+++ b/src/openvpn/openvpn.vcxproj.filters
@@ -243,6 +243,9 @@
Source Files
+
+ Source Files
+
@@ -509,6 +512,9 @@
Header Files
+
+ Header Files
+
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index f0664a0f..a125afa2 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -4138,4 +4138,4 @@ delayed_auth_pass_purge(void)
{
auth_user_pass.wait_for_push = false;
purge_user_pass(_user_pass, false);
-}
+}
\ No newline at end of file
diff --git a/src/openvpn/ssl_ncp.c b/src/openvpn/ssl_ncp.c
index 55496395..f4d755af 100644
--- a/src/openvpn/ssl_ncp.c
+++ b/src/openvpn/ssl_ncp.c
@@ -48,6 +48,7 @@
#include "common.h"
#include "ssl_ncp.h"
+#include "ssl_util.h"
#include "openvpn.h"
/**
@@ -181,23 +182,10 @@ const char *
tls_peer_ncp_list(const char *peer_info, struct gc_arena *gc)
{
/* Check if the peer sends the IV_CIPHERS list */
-const char *ncp_ciphers_start;
-if (peer_info && (ncp_ciphers_start = strstr(peer_info, "IV_CIPHERS=")))
+const char *iv_ciphers = extract_var_peer_info(peer_info,"IV_CIPHERS=",
gc);
+if (iv_ciphers)
{
-ncp_ciphers_start += strlen("IV_CIPHERS=");
-const char *ncp_ciphers_end = strstr(ncp_ciphers_start, "\n");
-if (!ncp_ciphers_end)
-{
-/* IV_CIPHERS is at end of the peer_info list and no '\n'
- * follows */
-ncp_ciphers_end = ncp_ciphers_start + strlen(ncp_ciphers_start);
-}
-
-char *ncp_ciphers_peer = string_alloc(ncp_ciphers_start, gc);
-/* NULL terminate the copy at the right position */
-ncp_ciphers_peer[ncp_ciphers_end - ncp_ciphers_start] = '\0';
-return ncp_ciphers_peer;
-
+return iv_ciphers;
}
else if (tls_peer_info_ncp_ver(peer_info)>=2)
{
diff --git a/src/openvpn/ssl_util.c b/src/openvpn/ssl_util.c
new file mode 100644
index ..90ec97f7
--- /dev/null
+++ b/src/openvpn/ssl_util.c
@@ -0,0 +1,59 @@
+/*
+ * OpenVPN -- An application to securely tunnel IP networks
+ * over a single TCP/UDP port, with support for SSL/TLS-based
+ * session authentication and key exchange,
+ * packet encryption, packet authentication, and
+ * packet compression.
+ *
+ * Copyright (C) 2002-2020 OpenVPN Inc
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#elif defined(_MSC_VER)
+#include