From patchwork Fri Apr 22 03:40:33 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2410 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director9.mail.ord1d.rsapps.net ([172.30.191.6]) by backend41.mail.ord1d.rsapps.net with LMTP id kBBwCGnYYmIPLQAAqwncew (envelope-from ) for ; Fri, 22 Apr 2022 12:31:37 -0400 Received: from proxy17.mail.ord1d.rsapps.net ([172.30.191.6]) by director9.mail.ord1d.rsapps.net with LMTP id aLdsCmnYYmLvCgAAalYnBA (envelope-from ) for ; Fri, 22 Apr 2022 12:31:37 -0400 Received: from smtp18.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy17.mail.ord1d.rsapps.net with LMTPS id 0INWCmnYYmJnLgAAWC7mWg (envelope-from ) for ; Fri, 22 Apr 2022 12:31:37 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp18.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: ad7610e4-c259-11ec-9405-5254005167a7-1-1 Received: from [216.105.38.7] ([216.105.38.7:45758] helo=lists.sourceforge.net) by smtp18.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 85/F7-32138-868D2626; Fri, 22 Apr 2022 12:31:36 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nhwAi-0004r8-3M; Fri, 22 Apr 2022 16:30:14 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nhwAg-0004r0-Li for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 16:30:13 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=cB7+/1AxNjihcjx6rQweur1SX0reK+mpMZ7357eEYnA=; b=PWo0WmpGqnKt4miVvCeBtKIO0+ Z1pCqVka+eYy2bnft/r5ItjjHwKf/7s35RFDNznqmMbedavA7aa9pJADSHQMfI8jNoLuBRrQu298E VkptSiS8jbDuNpYXNUUj4geWgE9REE/oH59wcL2iEn640N8tPFv4aykOgknTsIeyJ5Qc=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=cB7+/1AxNjihcjx6rQweur1SX0reK+mpMZ7357eEYnA=; b=igsI5s2NTbx/y+N2p+l0dY1lA1 jGL1EZKfQYq2uQOf0/LH2UIDZadHxsLuAdxbyNz3pBoIausKIdaGRFoka/ioW7Mcl7WXwRwNooFvr c8JygOq5T5hr60Ta+/oGiUpayre1+sdgk417KrDW3KDBOd0zi7mwd3ApI5s9hJbr2RzU=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nhwAd-0003VF-6Q for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 16:30:13 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1nhtWY-0008sO-Mb for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 15:40:38 +0200 Received: (nullmailer pid 3801297 invoked by uid 10006); Fri, 22 Apr 2022 13:40:38 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 22 Apr 2022 15:40:33 +0200 Message-Id: <20220422134038.3801239-5-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220422134038.3801239-1-arne@rfc2549.org> References: <20220422134038.3801239-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Signed-off-by: Arne Schwabe --- src/openvpn/ssl.c | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 4ebf5acc2..f58f3b727 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -1366,10 +1366,7 @@ tls_multi_free(struct tls_multi *multi, bool [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1nhwAd-0003VF-6Q Subject: [Openvpn-devel] [PATCH 04/28] Add documentation for swap_hmac function X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- src/openvpn/ssl.c | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 4ebf5acc2..f58f3b727 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -1366,10 +1366,7 @@ tls_multi_free(struct tls_multi *multi, bool clear) } -/* - * Move a packet authentication HMAC + related fields to or from the front - * of the buffer so it can be processed by encrypt/decrypt. - */ + /* * Dependent on hmac size, opcode size, and session_id size. @@ -1377,6 +1374,23 @@ tls_multi_free(struct tls_multi *multi, bool clear) */ #define SWAP_BUF_SIZE 256 +/** + * Move a packet authentication HMAC + related fields to or from the front + * of the buffer so it can be processed by encrypt/decrypt. + * + * Turning the on wire format that starts with the opcode to a format + * that starts with the hmac + * e.g. "onwire" [opcode + packet id] [hmac] [remainder of packed] + * + * + * "internal" [hmac] [opcode + packet id] [remainer of packet] + * + * @param buf the buffer the swap operation is executed on + * @param incoming determines the direction of the swap + * @param co crypto options, determines the hmac to use in the swap + * + * @return if the swap was successful (buf was large enough) + */ static bool swap_hmac(struct buffer *buf, const struct crypto_options *co, bool incoming) {