From patchwork Fri Apr 22 03:40:30 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2408 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director8.mail.ord1d.rsapps.net ([172.27.255.53]) by backend41.mail.ord1d.rsapps.net with LMTP id QKoaHkzKYmJ+OAAAqwncew (envelope-from ) for ; Fri, 22 Apr 2022 11:31:24 -0400 Received: from proxy1.mail.iad3a.rsapps.net ([172.27.255.53]) by director8.mail.ord1d.rsapps.net with LMTP id sA7bKUzKYmJ3MAAAfY0hYg (envelope-from ) for ; Fri, 22 Apr 2022 11:31:24 -0400 Received: from smtp31.gate.iad3a ([172.27.255.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy1.mail.iad3a.rsapps.net with LMTPS id AJ5nIkzKYmIwMQAA8TVjwQ (envelope-from ) for ; Fri, 22 Apr 2022 11:31:24 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp31.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 431956aa-c251-11ec-97e5-5254003d9392-1-1 Received: from [216.105.38.7] ([216.105.38.7:54656] helo=lists.sourceforge.net) by smtp31.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 03/18-15567-A4AC2626; Fri, 22 Apr 2022 11:31:22 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nhvEa-0003Fn-Jf; Fri, 22 Apr 2022 15:30:11 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nhvEZ-0003Fh-3r for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 15:30:09 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=zE8ScFdKWylOLdfqUqkV0XhFlKizM4uJrO6Ye8WzTO0=; b=UUjrJwzl4/xBGahDa3ZPbfqWP4 xyAxbx9kjdKnhEvr1rcQ+UZLyf91GnupoWxlqj2CNEZWKDM0EcwTdmauzpv+6G3E8cKS4cL4HpRQ5 m0ulK9Forq/ZLD8qmikm49e9JGq2VuWDG0aFAC3oEA9MXNsYsoDnoxYpqUIyXzBIJu2A=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=zE8ScFdKWylOLdfqUqkV0XhFlKizM4uJrO6Ye8WzTO0=; b=nQs3AiqAY23VzwhPbPTPHAo8KO MZIJQpXQulYbbI4lME56YrzTz3alN2w89oO9xJbezutd90ey6NVQ2WoGCbEQZFzDYe3fQPxGw6nJ2 W6q7KTvpe79JTZY8pTX0V/mD1lIorJS3HwpfMcLJ1eoh3BnF+nuuyPQxrJbwO6H5Dljs=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nhvEW-0000BI-Hk for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 15:30:09 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1nhtWY-0008sE-Fo for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 15:40:38 +0200 Received: (nullmailer pid 3801288 invoked by uid 10006); Fri, 22 Apr 2022 13:40:38 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 22 Apr 2022 15:40:30 +0200 Message-Id: <20220422134038.3801239-2-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220422134038.3801239-1-arne@rfc2549.org> References: <20220422134038.3801239-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: While calling this wrapper function is strictly more correct, these indirection layer with tiny wrapper make the code more complex and going through more layer than it really needs to. Signed-off-by: Arne Schwabe --- src/openvpn/init.c | 2 +- src/openvpn/ssl.c | 14 + src/openvpn/ssl.h | 7 ++++--- 3 files changed, 6 insertions(+), 17 deletions(-) Content analysis details: (0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1nhvEW-0000BI-Hk Subject: [Openvpn-devel] [PATCH 01/28] Remove tls_init_control_channel_frame_parameters wrapper function X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox While calling this wrapper function is strictly more correct, these indirection layer with tiny wrapper make the code more complex and going through more layer than it really needs to. Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- src/openvpn/init.c | 2 +- src/openvpn/ssl.c | 14 +------------- src/openvpn/ssl.h | 7 ++++--- 3 files changed, 6 insertions(+), 17 deletions(-) diff --git a/src/openvpn/init.c b/src/openvpn/init.c index b233b9d86..d5be3cf9f 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -2994,7 +2994,7 @@ do_init_frame_tls(struct context *c) } if (c->c2.tls_auth_standalone) { - tls_auth_standalone_finalize(c->c2.tls_auth_standalone, &c->c2.frame); + tls_init_control_channel_frame_parameters(&c->c2.frame, &c->c2.tls_auth_standalone->frame); frame_print(&c->c2.tls_auth_standalone->frame, D_MTU_INFO, "TLS-Auth MTU parms"); } diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index f2613228a..4ebf5acc2 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -295,11 +295,7 @@ tls_limit_reneg_bytes(const char *ciphername, int *reneg_bytes) } } -/* - * Max number of bytes we will add - * to control channel packet. - */ -static void +void tls_init_control_channel_frame_parameters(const struct frame *data_channel_frame, struct frame *frame) { @@ -1284,7 +1280,6 @@ void tls_multi_init_finalize(struct tls_multi *multi, const struct frame *frame) { tls_init_control_channel_frame_parameters(frame, &multi->opt.frame); - /* initialize the active and untrusted sessions */ tls_session_init(multi, &multi->session[TM_ACTIVE]); @@ -1322,13 +1317,6 @@ tls_auth_standalone_init(struct tls_options *tls_options, return tas; } -void -tls_auth_standalone_finalize(struct tls_auth_standalone *tas, - const struct frame *frame) -{ - tls_init_control_channel_frame_parameters(frame, &tas->frame); -} - /* * Set local and remote option compatibility strings. * Used to verify compatibility of local and remote option diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h index cf754ad28..5b9232006 100644 --- a/src/openvpn/ssl.h +++ b/src/openvpn/ssl.h @@ -209,10 +209,11 @@ struct tls_auth_standalone *tls_auth_standalone_init(struct tls_options *tls_opt struct gc_arena *gc); /* - * Finalize a standalone tls-auth verification object. + * Setups up the control channel frame size parameters from the data channel + * parameters */ -void tls_auth_standalone_finalize(struct tls_auth_standalone *tas, - const struct frame *frame); +void tls_init_control_channel_frame_parameters(const struct frame *data_channel_frame, + struct frame *frame); /* * Set local and remote option compatibility strings.