[Openvpn-devel,1/7] Move tls_select_primary_key into its own function

Message ID 20210422151724.2132573-1-arne@rfc2549.org
State Accepted
Headers show
Series
  • [Openvpn-devel,1/7] Move tls_select_primary_key into its own function
Related show

Commit Message

Arne Schwabe April 22, 2021, 3:17 p.m.
tls_pre_encrypt mainly performs the task of selecting the primary
encryption key but also performs other minor tasks. To allow only
querying for the key that should be used for encryption extract this
part of the function into its own function.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
---
 src/openvpn/ssl.c | 36 +++++++++++++++++++++---------------
 src/openvpn/ssl.h | 10 ++++++++++
 2 files changed, 31 insertions(+), 15 deletions(-)

Comments

Antonio Quartulli April 27, 2021, 9:54 a.m. | #1
Hi,

On 22/04/2021 17:17, Arne Schwabe wrote:
> tls_pre_encrypt mainly performs the task of selecting the primary
> encryption key but also performs other minor tasks. To allow only
> querying for the key that should be used for encryption extract this
> part of the function into its own function.
> 
> Signed-off-by: Arne Schwabe <arne@rfc2549.org>

The patch is basically isolating a portion of code in a new helper
function and then invoking it where it once was.

No functional change involved, no code change involved either (except
for removing useless parenthesis in an if condition).

All compile tests passed.
Basic connectivity tests and basic renegotiation tests passed.

Acked-by: Antonio Quartulli <antonio@openvpn.net>

Regards,
Gert Doering April 27, 2021, 10:31 a.m. | #2
As Antonio says, "just moving around code" (and cleaning up a messy if()
statement - so besides this, it's really trivial to see in diff)

Your patch has been applied to the master branch.

commit 26e40c48b89478cb53d6c2733b346e6dbdc7480b
Author: Arne Schwabe
Date:   Thu Apr 22 17:17:18 2021 +0200

     Move tls_select_primary_key into its own function

     Signed-off-by: Arne Schwabe <arne@rfc2549.org>
     Acked-by: Antonio Quartulli <antonio@openvpn.net>
     Message-Id: <20210422151724.2132573-1-arne@rfc2549.org>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22198.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering

Patch

diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index 3921b3ba9..3bc84e02c 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -3820,27 +3820,15 @@  error:
     return false;
 }
 
-/* Choose the key with which to encrypt a data packet */
-void
-tls_pre_encrypt(struct tls_multi *multi,
-                struct buffer *buf, struct crypto_options **opt)
+struct key_state *tls_select_encryption_key(struct tls_multi *multi)
 {
-    multi->save_ks = NULL;
-    if (buf->len <= 0)
-    {
-        buf->len = 0;
-        *opt = NULL;
-        return;
-    }
-
     struct key_state *ks_select = NULL;
     for (int i = 0; i < KEY_SCAN_SIZE; ++i)
     {
         struct key_state *ks = get_key_scan(multi, i);
         if (ks->state >= S_ACTIVE
-            && (ks->authenticated == KS_AUTH_TRUE)
-            && ks->crypto_options.key_ctx_bi.initialized
-            )
+            && ks->authenticated == KS_AUTH_TRUE
+            && ks->crypto_options.key_ctx_bi.initialized)
         {
             if (!ks_select)
             {
@@ -3853,6 +3841,24 @@  tls_pre_encrypt(struct tls_multi *multi,
             }
         }
     }
+    return ks_select;
+}
+
+
+/* Choose the key with which to encrypt a data packet */
+void
+tls_pre_encrypt(struct tls_multi *multi,
+                struct buffer *buf, struct crypto_options **opt)
+{
+    multi->save_ks = NULL;
+    if (buf->len <= 0)
+    {
+        buf->len = 0;
+        *opt = NULL;
+        return;
+    }
+
+    struct key_state *ks_select = tls_select_encryption_key(multi);
 
     if (ks_select)
     {
diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h
index 6369e8bf6..135c60732 100644
--- a/src/openvpn/ssl.h
+++ b/src/openvpn/ssl.h
@@ -372,6 +372,16 @@  bool tls_pre_decrypt_lite(const struct tls_auth_standalone *tas,
 void tls_pre_encrypt(struct tls_multi *multi,
                      struct buffer *buf, struct crypto_options **opt);
 
+/**
+ * Selects the primary encryption that should be used to encrypt data of an
+ * outgoing packet.
+ * @ingroup data_crypto
+ *
+ * If no key is found NULL is returned instead.
+ *
+ * @param multi - The TLS state for this packet's destination VPN tunnel.
+ */
+struct key_state *tls_select_encryption_key(struct tls_multi *multi);
 
 /**
  * Prepend a one-byte OpenVPN data channel P_DATA_V1 opcode to the packet.