[Openvpn-devel,21/28] Extract read_incoming_tls_ciphertext into function

Message ID 20220422142953.3805364-12-arne@rfc2549.org
State Accepted
Headers show
Series
  • Stateless three-way handshake and control channel improvements
Related show

Commit Message

Arne Schwabe April 22, 2022, 2:29 p.m.
This makes the code a bit more structured and easier to read.
---
 src/openvpn/ssl.c | 53 +++++++++++++++++++++++++++++------------------
 1 file changed, 33 insertions(+), 20 deletions(-)

Comments

Frank Lichtenheld April 29, 2022, 12:21 p.m. | #1
Ack-By: Frank Lichtenheld <frank@lichtenheld.com>

Trivial code move. Applied and compile-tested on top of master + 17 v2 + 18 v2.

> Arne Schwabe <arne@rfc2549.org> hat am 22.04.2022 16:29 geschrieben:
> 
>  
> This makes the code a bit more structured and easier to read.
[...]

Regards,
--
Frank Lichtenheld
Gert Doering May 5, 2022, 11:42 a.m. | #2
Stare-at-code and running client/server tests confirm that this is,
indeed, only trivial move-around.

Your patch has been applied to the master branch.

commit 8b9b8f91b76af59e26edee46f1a1f4eebdca762b
Author: Arne Schwabe
Date:   Fri Apr 22 16:29:46 2022 +0200

     Extract read_incoming_tls_ciphertext into function

     Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
     Message-Id: <20220422142953.3805364-12-arne@rfc2549.org>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg24152.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering

Patch

diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index 80440c411..8ea7c06fa 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -2525,6 +2525,37 @@  session_skip_to_pre_start(struct tls_session *session,
     return session_move_pre_start(session, ks, true);
 }
 
+/**
+ * Read incoming ciphertext and passes it to the buffer of the SSL library.
+ * Returns false if an error is encountered that should abort the session.
+ */
+static bool
+read_incoming_tls_ciphertext(struct buffer *buf, struct key_state *ks,
+                             bool *state_change)
+{
+    int status = 0;
+    if (buf->len)
+    {
+        status = key_state_write_ciphertext(&ks->ks_ssl, buf);
+        if (status == -1)
+        {
+            msg(D_TLS_ERRORS,
+                "TLS Error: Incoming Ciphertext -> TLS object write error");
+            return false;
+        }
+    }
+    else
+    {
+        status = 1;
+    }
+    if (status == 1)
+    {
+        reliable_mark_deleted(ks->rec_reliable, buf);
+        *state_change = true;
+        dmsg(D_TLS_DEBUG, "Incoming Ciphertext -> TLS");
+    }
+    return true;
+}
 
 
 static bool
@@ -2595,27 +2626,9 @@  tls_process_state(struct tls_multi *multi,
     struct reliable_entry *entry = reliable_get_entry_sequenced(ks->rec_reliable);
     if (entry)
     {
-        struct buffer *buf = &entry->buf;
-        int status = 0;
-        if (buf->len)
-        {
-            status = key_state_write_ciphertext(&ks->ks_ssl, buf);
-            if (status == -1)
-            {
-                msg(D_TLS_ERRORS,
-                    "TLS Error: Incoming Ciphertext -> TLS object write error");
-                goto error;
-            }
-        }
-        else
-        {
-            status = 1;
-        }
-        if (status == 1)
+        if (!read_incoming_tls_ciphertext(&entry->buf, ks, &state_change))
         {
-            reliable_mark_deleted(ks->rec_reliable, buf);
-            state_change = true;
-            dmsg(D_TLS_DEBUG, "Incoming Ciphertext -> TLS");
+            goto error;
         }
     }