OpenVPN
ssl_ncp.h
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
9  * Copyright (C) 2010-2018 Fox Crypto B.V. <openvpn@fox-it.com>
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License version 2
13  * as published by the Free Software Foundation.
14  *
15  * This program is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18  * GNU General Public License for more details.
19  *
20  * You should have received a copy of the GNU General Public License along
21  * with this program; if not, write to the Free Software Foundation, Inc.,
22  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23  */
24 
30 #ifndef OPENVPN_SSL_NCP_H
31 #define OPENVPN_SSL_NCP_H
32 
33 #include "buffer.h"
34 #include "options.h"
35 
40 bool
41 tls_peer_supports_ncp(const char *peer_info);
42 
43 /* forward declaration to break include dependency loop */
44 struct context;
45 
52 bool
53 check_pull_client_ncp(struct context *c, int found);
54 
72 char *
73 ncp_get_best_cipher(const char *server_list, const char *peer_info,
74  const char *remote_cipher, struct gc_arena *gc);
75 
76 
85 const char *
86 tls_peer_ncp_list(const char *peer_info, struct gc_arena *gc);
87 
101 char *
102 mutate_ncp_cipher_list(const char *list, struct gc_arena *gc);
103 
108 bool tls_item_in_cipher_list(const char *item, const char *list);
109 
116 #define MAX_NCP_CIPHERS_LENGTH 127
117 
118 #endif /* ifndef OPENVPN_SSL_NCP_H */
Contains all state information for one tunnel.
Definition: openvpn.h:503
const char * tls_peer_ncp_list(const char *peer_info, struct gc_arena *gc)
Returns the support cipher list from the peer according to the IV_NCP and IV_CIPHER values in peer_in...
Definition: ssl_ncp.c:195
char * ncp_get_best_cipher(const char *server_list, const char *peer_info, const char *remote_cipher, struct gc_arena *gc)
Iterates through the ciphers in server_list and return the first cipher that is also supported by the...
Definition: ssl_ncp.c:229
bool check_pull_client_ncp(struct context *c, int found)
Checks whether the cipher negotiation is in an acceptable state and we continue to connect or should ...
Definition: ssl_ncp.c:296
char * mutate_ncp_cipher_list(const char *list, struct gc_arena *gc)
Check whether the ciphers in the supplied list are supported.
Definition: ssl_ncp.c:96
bool tls_item_in_cipher_list(const char *item, const char *list)
Return true iff item is present in the colon-separated zero-terminated cipher list.
Definition: ssl_ncp.c:175
bool tls_peer_supports_ncp(const char *peer_info)
Returns whether the client supports NCP either by announcing IV_NCP>=2 or the IV_CIPHERS list...
Definition: ssl_ncp.c:78
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
struct gc_arena gc
Garbage collection arena for allocations done in the scope of this context structure.
Definition: openvpn.h:522