From patchwork Fri Apr 22 04:29:46 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2392 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director9.mail.ord1d.rsapps.net ([172.30.191.6]) by backend41.mail.ord1d.rsapps.net with LMTP id OGsbBT28YmJbRAAAqwncew (envelope-from ) for ; Fri, 22 Apr 2022 10:31:25 -0400 Received: from proxy16.mail.ord1d.rsapps.net ([172.30.191.6]) by director9.mail.ord1d.rsapps.net with LMTP id kAr/Gj28YmIiCwAAalYnBA (envelope-from ) for ; Fri, 22 Apr 2022 10:31:25 -0400 Received: from smtp15.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy16.mail.ord1d.rsapps.net with LMTPS id SPyvGj28YmKRXQAAetu3IA (envelope-from ) for ; Fri, 22 Apr 2022 10:31:25 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp15.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: e2e5453a-c248-11ec-9d9d-5254007ab6c8-1-1 Received: from [216.105.38.7] ([216.105.38.7:36410] helo=lists.sourceforge.net) by smtp15.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 94/17-16970-C3CB2626; Fri, 22 Apr 2022 10:31:24 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nhuIe-0004Lb-3T; Fri, 22 Apr 2022 14:30:21 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nhuIc-0004L7-3f for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:30:19 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Nr/Illr6LwymLDD3zbmqs6Jecm2FOp6ipw2qL22jEMQ=; b=IwXyvwcyKXRC8nhmQPjwQ1U9mF R9Djhw8BhsB2kcraYkHydxsHLnngu/p1C2FnrTzDTc9aH/J4kdKuvBQHMLTe7pgeOpRah6Hl6UL9J ptzwmSFxU9ysxCSsjBoFKoOB2TlXKKVd8KzYBb+7pvW3UhjwDvaH0b40zHljCtRlFsAw=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Nr/Illr6LwymLDD3zbmqs6Jecm2FOp6ipw2qL22jEMQ=; b=iXQ7/wGR38bPrmF7sdawPHZEc5 ROBxOBCI52mwHnpV/Xfl1iTwXKHzuso4mgs0iVZ2keFuLfihM2BTciggmtAQzKmMdBCWmc+bTyFBr KLqDdmo4rT3Uj+KjstV5m4hRafDiDJE8OhfJ2oijK67slzxzeLVGsGNydkGDr3gUyRzo=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nhuIL-0005dk-Ic for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:30:02 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1nhuIE-00096r-43 for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 16:29:54 +0200 Received: (nullmailer pid 3805444 invoked by uid 10006); Fri, 22 Apr 2022 14:29:54 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 22 Apr 2022 16:29:46 +0200 Message-Id: <20220422142953.3805364-12-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220422142953.3805364-1-arne@rfc2549.org> References: <20220422134038.3801239-1-arne@rfc2549.org> <20220422142953.3805364-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This makes the code a bit more structured and easier to read. --- src/openvpn/ssl.c | 53 +++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+), 20 deletions(-) diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 80440c411..8ea7c06fa 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -2525,6 +2525,37 @@ session_skip_to_pre_start(struct tls_session [...] Content analysis details: (0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1nhuIL-0005dk-Ic Subject: [Openvpn-devel] [PATCH 21/28] Extract read_incoming_tls_ciphertext into function X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This makes the code a bit more structured and easier to read. --- src/openvpn/ssl.c | 53 +++++++++++++++++++++++++++++------------------ 1 file changed, 33 insertions(+), 20 deletions(-) diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 80440c411..8ea7c06fa 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -2525,6 +2525,37 @@ session_skip_to_pre_start(struct tls_session *session, return session_move_pre_start(session, ks, true); } +/** + * Read incoming ciphertext and passes it to the buffer of the SSL library. + * Returns false if an error is encountered that should abort the session. + */ +static bool +read_incoming_tls_ciphertext(struct buffer *buf, struct key_state *ks, + bool *state_change) +{ + int status = 0; + if (buf->len) + { + status = key_state_write_ciphertext(&ks->ks_ssl, buf); + if (status == -1) + { + msg(D_TLS_ERRORS, + "TLS Error: Incoming Ciphertext -> TLS object write error"); + return false; + } + } + else + { + status = 1; + } + if (status == 1) + { + reliable_mark_deleted(ks->rec_reliable, buf); + *state_change = true; + dmsg(D_TLS_DEBUG, "Incoming Ciphertext -> TLS"); + } + return true; +} static bool @@ -2595,27 +2626,9 @@ tls_process_state(struct tls_multi *multi, struct reliable_entry *entry = reliable_get_entry_sequenced(ks->rec_reliable); if (entry) { - struct buffer *buf = &entry->buf; - int status = 0; - if (buf->len) - { - status = key_state_write_ciphertext(&ks->ks_ssl, buf); - if (status == -1) - { - msg(D_TLS_ERRORS, - "TLS Error: Incoming Ciphertext -> TLS object write error"); - goto error; - } - } - else - { - status = 1; - } - if (status == 1) + if (!read_incoming_tls_ciphertext(&entry->buf, ks, &state_change)) { - reliable_mark_deleted(ks->rec_reliable, buf); - state_change = true; - dmsg(D_TLS_DEBUG, "Incoming Ciphertext -> TLS"); + goto error; } }