Message ID | 20210422151724.2132573-1-arne@rfc2549.org |
---|---|
State | Accepted |
Headers | show |
Series | [Openvpn-devel,1/7] Move tls_select_primary_key into its own function | expand |
Hi, On 22/04/2021 17:17, Arne Schwabe wrote: > tls_pre_encrypt mainly performs the task of selecting the primary > encryption key but also performs other minor tasks. To allow only > querying for the key that should be used for encryption extract this > part of the function into its own function. > > Signed-off-by: Arne Schwabe <arne@rfc2549.org> The patch is basically isolating a portion of code in a new helper function and then invoking it where it once was. No functional change involved, no code change involved either (except for removing useless parenthesis in an if condition). All compile tests passed. Basic connectivity tests and basic renegotiation tests passed. Acked-by: Antonio Quartulli <antonio@openvpn.net> Regards,
As Antonio says, "just moving around code" (and cleaning up a messy if() statement - so besides this, it's really trivial to see in diff) Your patch has been applied to the master branch. commit 26e40c48b89478cb53d6c2733b346e6dbdc7480b Author: Arne Schwabe Date: Thu Apr 22 17:17:18 2021 +0200 Move tls_select_primary_key into its own function Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Antonio Quartulli <antonio@openvpn.net> Message-Id: <20210422151724.2132573-1-arne@rfc2549.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22198.html Signed-off-by: Gert Doering <gert@greenie.muc.de> -- kind regards, Gert Doering
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 3921b3ba9..3bc84e02c 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -3820,27 +3820,15 @@ error: return false; } -/* Choose the key with which to encrypt a data packet */ -void -tls_pre_encrypt(struct tls_multi *multi, - struct buffer *buf, struct crypto_options **opt) +struct key_state *tls_select_encryption_key(struct tls_multi *multi) { - multi->save_ks = NULL; - if (buf->len <= 0) - { - buf->len = 0; - *opt = NULL; - return; - } - struct key_state *ks_select = NULL; for (int i = 0; i < KEY_SCAN_SIZE; ++i) { struct key_state *ks = get_key_scan(multi, i); if (ks->state >= S_ACTIVE - && (ks->authenticated == KS_AUTH_TRUE) - && ks->crypto_options.key_ctx_bi.initialized - ) + && ks->authenticated == KS_AUTH_TRUE + && ks->crypto_options.key_ctx_bi.initialized) { if (!ks_select) { @@ -3853,6 +3841,24 @@ tls_pre_encrypt(struct tls_multi *multi, } } } + return ks_select; +} + + +/* Choose the key with which to encrypt a data packet */ +void +tls_pre_encrypt(struct tls_multi *multi, + struct buffer *buf, struct crypto_options **opt) +{ + multi->save_ks = NULL; + if (buf->len <= 0) + { + buf->len = 0; + *opt = NULL; + return; + } + + struct key_state *ks_select = tls_select_encryption_key(multi); if (ks_select) { diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h index 6369e8bf6..135c60732 100644 --- a/src/openvpn/ssl.h +++ b/src/openvpn/ssl.h @@ -372,6 +372,16 @@ bool tls_pre_decrypt_lite(const struct tls_auth_standalone *tas, void tls_pre_encrypt(struct tls_multi *multi, struct buffer *buf, struct crypto_options **opt); +/** + * Selects the primary encryption that should be used to encrypt data of an + * outgoing packet. + * @ingroup data_crypto + * + * If no key is found NULL is returned instead. + * + * @param multi - The TLS state for this packet's destination VPN tunnel. + */ +struct key_state *tls_select_encryption_key(struct tls_multi *multi); /** * Prepend a one-byte OpenVPN data channel P_DATA_V1 opcode to the packet.
tls_pre_encrypt mainly performs the task of selecting the primary encryption key but also performs other minor tasks. To allow only querying for the key that should be used for encryption extract this part of the function into its own function. Signed-off-by: Arne Schwabe <arne@rfc2549.org> --- src/openvpn/ssl.c | 36 +++++++++++++++++++++--------------- src/openvpn/ssl.h | 10 ++++++++++ 2 files changed, 31 insertions(+), 15 deletions(-)