From patchwork Tue Apr 26 03:23:24 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2417 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director8.mail.ord1d.rsapps.net ([172.30.191.6]) by backend41.mail.ord1d.rsapps.net with LMTP id wIpYOaPyZ2KbBwAAqwncew (envelope-from ) for ; Tue, 26 Apr 2022 09:24:51 -0400 Received: from proxy3.mail.ord1d.rsapps.net ([172.30.191.6]) by director8.mail.ord1d.rsapps.net with LMTP id MB9hDqTyZ2KvFgAAfY0hYg (envelope-from ) for ; Tue, 26 Apr 2022 09:24:52 -0400 Received: from smtp6.gate.ord1c ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy3.mail.ord1d.rsapps.net with LMTPS id sMjhDqTyZ2JLDgAA7WKfLA (envelope-from ) for ; Tue, 26 Apr 2022 09:24:52 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp6.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 408e01a4-c564-11ec-af43-bc305bf03f9c-1-1 Received: from [216.105.38.7] ([216.105.38.7:47274] helo=lists.sourceforge.net) by smtp6.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id C9/4C-13379-3A2F7626; Tue, 26 Apr 2022 09:24:51 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1njLAI-0008Nq-Th; Tue, 26 Apr 2022 13:23:38 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1njLAI-0008Nk-4S for openvpn-devel@lists.sourceforge.net; Tue, 26 Apr 2022 13:23:37 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Qir/3dnW79Ut4wj2P8FQE3LAzLu6IpnXwdNycfp0vh4=; b=JJGMWVyp0QLqEtz88pth8wbse4 BgtcICixjWIjF28/MKVyo90kpAGAOxux5ZmAW+FIGiNZUBkLxtCnfoU/iTWfk3gbOqGCy/5Btje1m sH67VwHKqOLa2ZHNWBhkQWw90UH/uXFPrgKd7RSrbHZuHkyfGWVPzwlgsLQ+m2r9eyD4=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Qir/3dnW79Ut4wj2P8FQE3LAzLu6IpnXwdNycfp0vh4=; b=l1gRntV/AHbAjThPBA9pwcGq60 q5f6gMAvEuXywrjka0/rbhLn2JJGq9+yVfGq9Wnj8B/5fcQHdoTcTu/n4jgEDCjetA5quoFlz0+iZ JWXlhsyXlM3SIt/nubduGoZJyfJj7gHKZGH3tIKgC52znHAm4kvLXndtnYPFHTs7UHFo=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1njLAF-00AgkY-KN for openvpn-devel@lists.sourceforge.net; Tue, 26 Apr 2022 13:23:37 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1njLA4-0006ew-Bj for openvpn-devel@lists.sourceforge.net; Tue, 26 Apr 2022 15:23:24 +0200 Received: (nullmailer pid 76566 invoked by uid 10006); Tue, 26 Apr 2022 13:23:24 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Tue, 26 Apr 2022 15:23:24 +0200 Message-Id: <20220426132324.76517-2-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220426132324.76517-1-arne@rfc2549.org> References: <0220422134038.3801239-1-arne@rfc2549.org> <20220426132324.76517-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This makes the tls_process function smaller and easier to understand and this state easier to understand in its own function. --- src/openvpn/ssl.c | 92 ++++++++++++++++++++++++++ [...] Content analysis details: (0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different X-Headers-End: 1njLAF-00AgkY-KN Subject: [Openvpn-devel] [PATCH v2] Extract session_move_active into its own function X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This makes the tls_process function smaller and easier to understand and this state easier to understand in its own function. Acked-by: Gert Doering --- src/openvpn/ssl.c | 92 ++++++++++++++++++++++++++--------------------- 1 file changed, 52 insertions(+), 40 deletions(-) diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 6c6648afa..c90113044 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -2431,6 +2431,54 @@ session_move_pre_start(const struct tls_session *session, return true; } + +/** + * Moves the key to state to S_ACTIVE and also advances the multi_state state + * machine if this is the initial connection. + */ +static void +session_move_active(struct tls_multi *multi, struct tls_session *session, + struct link_socket_info *to_link_socket_info, + struct key_state *ks) +{ + dmsg(D_TLS_DEBUG_MED, "STATE S_ACTIVE"); + + ks->established = now; + if (check_debug_level(D_HANDSHAKE)) + { + print_details(&ks->ks_ssl, "Control Channel:"); + } + ks->state = S_ACTIVE; + /* Cancel negotiation timeout */ + ks->must_negotiate = 0; + INCR_SUCCESS; + + /* Set outgoing address for data channel packets */ + link_socket_set_outgoing_addr(to_link_socket_info, &ks->remote_addr, + session->common_name, session->opt->es); + + /* Check if we need to advance the tls_multi state machine */ + if (multi->multi_state == CAS_NOT_CONNECTED) + { + if (session->opt->mode == MODE_SERVER) + { + /* On a server we continue with running connect scripts next */ + multi->multi_state = CAS_WAITING_AUTH; + } + else + { + /* Skip the connect script related states */ + multi->multi_state = CAS_WAITING_OPTIONS_IMPORT; + } + } + + /* Flush any payload packets that were buffered before our state transitioned to S_ACTIVE */ + flush_payload_buffer(ks); + +#ifdef MEASURE_TLS_HANDSHAKE_STATS + show_tls_performance_stats(); +#endif +} /* * This is the primary routine for processing TLS stuff inside the * the main event loop. When this routine exits @@ -2545,47 +2593,11 @@ tls_process(struct tls_multi *multi, /* Wait for ACK */ if (((ks->state == S_GOT_KEY && !session->opt->server) - || (ks->state == S_SENT_KEY && session->opt->server))) + || (ks->state == S_SENT_KEY && session->opt->server)) + && no_pending_reliable_packets(ks)) { - if (no_pending_reliable_packets(ks)) - { - ks->established = now; - dmsg(D_TLS_DEBUG_MED, "STATE S_ACTIVE"); - if (check_debug_level(D_HANDSHAKE)) - { - print_details(&ks->ks_ssl, "Control Channel:"); - } - state_change = true; - ks->state = S_ACTIVE; - /* Cancel negotiation timeout */ - ks->must_negotiate = 0; - INCR_SUCCESS; - - /* Set outgoing address for data channel packets */ - link_socket_set_outgoing_addr(to_link_socket_info, &ks->remote_addr, session->common_name, session->opt->es); - - /* Check if we need to advance the tls_multi state machine */ - if (multi->multi_state == CAS_NOT_CONNECTED) - { - if (session->opt->mode == MODE_SERVER) - { - /* On a server we continue with running connect scripts next */ - multi->multi_state = CAS_WAITING_AUTH; - } - else - { - /* Skip the connect script related states */ - multi->multi_state = CAS_WAITING_OPTIONS_IMPORT; - } - } - - /* Flush any payload packets that were buffered before our state transitioned to S_ACTIVE */ - flush_payload_buffer(ks); - -#ifdef MEASURE_TLS_HANDSHAKE_STATS - show_tls_performance_stats(); -#endif - } + session_move_active(multi, session, to_link_socket_info, ks); + state_change = true; } /* Reliable buffer to outgoing TCP/UDP (send up to CONTROL_SEND_ACK_MAX ACKs