1 /*
2  *  OpenVPN -- An application to securely tunnel IP networks
3  *             over a single TCP/UDP port, with support for SSL/TLS-based
4  *             session authentication and key exchange,
5  *             packet encryption, packet authentication, and
6  *             packet compression.
7  *
8  *  Copyright (C) 2002-2020 OpenVPN Inc <sales@openvpn.net>
9  *
10  *  This program is free software; you can redistribute it and/or modify
11  *  it under the terms of the GNU General Public License version 2
12  *  as published by the Free Software Foundation.
13  *
14  *  This program is distributed in the hope that it will be useful,
15  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
16  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17  *  GNU General Public License for more details.
18  *
19  *  You should have received a copy of the GNU General Public License along
20  *  with this program; if not, write to the Free Software Foundation, Inc.,
21  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
24 /**
25  * @file SSL utility function. This file (and its .c file) is designed to
26  *       to be included in units/etc without pulling in a lot of dependencies
27  */
28 
29 #ifndef SSL_UTIL_H_
30 #define SSL_UTIL_H_
31 
32 #include "buffer.h"
33 
34 /**
35  * Extracts a variable from peer info, the returned string will be allocated
36  * using the supplied gc_arena
37  *
38  * @param peer_info     The peer's peer_info
39  * @param var           The variable *including* =, e.g. IV_CIPHERS=
40  *
41  * @return  The content of the variable as NULL terminated string or NULL if the
42  *          variable cannot be found.
43  */
44 char *
45 extract_var_peer_info(const char *peer_info,
46                       const char *var,
47                       struct gc_arena *gc);
48 
49 /**
50  * Extracts the IV_PROTO variable and returns its value or 0
51  * if it cannot be extracted.
52  *
53  * @param peer_info     peer info string to search for IV_PROTO
54  */
55 unsigned int
56 extract_iv_proto(const char *peer_info);
57 
58 /**
59  * Takes a locally produced OCC string for TLS server mode and modifies as
60  * if the option comp-lzo was enabled. This is to send a client in
61  * comp-lzo migrate mode the expected OCC string.
62  *
63  * Note: This function expects the string to be in the locally generated
64  * format and does not accept arbitrary strings.
65  *
66  * @param options   the locally generated OCC string
67  * @param gc        gc_arena to allocate the returned string in
68  * @return          the modified string or options on error
69  */
70 const char *
71 options_string_compat_lzo(const char *options, struct gc_arena *gc);
72 #endif
73