From patchwork Fri Apr 22 04:29:49 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2403 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director7.mail.ord1d.rsapps.net ([172.30.191.6]) by backend41.mail.ord1d.rsapps.net with LMTP id mF51Kq2+YmLFVQAAqwncew (envelope-from ) for ; Fri, 22 Apr 2022 10:41:49 -0400 Received: from proxy13.mail.ord1d.rsapps.net ([172.30.191.6]) by director7.mail.ord1d.rsapps.net with LMTP id 4BXjCK6+YmIKcwAAovjBpQ (envelope-from ) for ; Fri, 22 Apr 2022 10:41:50 -0400 Received: from smtp11.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy13.mail.ord1d.rsapps.net with LMTPS id wLimCK6+YmLneQAAgjf6aA (envelope-from ) for ; Fri, 22 Apr 2022 10:41:50 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp11.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 574b176e-c24a-11ec-88cb-5254005f837b-1-1 Received: from [216.105.38.7] ([216.105.38.7:40412] helo=lists.sourceforge.net) by smtp11.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id AF/71-02354-DAEB2626; Fri, 22 Apr 2022 10:41:49 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nhuSm-0001Tz-Mm; Fri, 22 Apr 2022 14:40:47 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nhuSl-0001Rv-Jx for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:40:46 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=H8//FMCEFLhXtsuUzRZDNterBf8x5iEsp3X7TWAqip4=; b=XWtQ+fVBP5n+1FUJ0hAQkZKRRI e94PxRl0Bh/MMdS/aqrmCjPnkV7XApZbkfSAn0rsQ524xvDsuo+X+TiJzAdhrpcbtyL18YtyHtmwo BmfgLbJnY6P9mMo6Yq/EZCwyDeDy3z/f9PDCAuNs1PRSJWV2Y5ZpDDiHf/qe0QG/4Sfc=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=H8//FMCEFLhXtsuUzRZDNterBf8x5iEsp3X7TWAqip4=; b=l3pb2gLwiijcQNOfYppGSuKIXb bj6KSaDhTi7gZX9UrlmiZqObwPmkF9BYpXMn06KQ4cSfHPQh1m0vLxQUbAPTNLklYRbpSkyReV/6X 29ObYKF9kmmnTaRPBLAROrqqRtbk3Rhlbc7qaef8c762hVaRVPYU2VZOp1zDa0C7N3AE=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nhuSh-0006BA-Bs for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:40:43 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1nhuIE-000970-C5 for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 16:29:54 +0200 Received: (nullmailer pid 3805453 invoked by uid 10006); Fri, 22 Apr 2022 14:29:54 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 22 Apr 2022 16:29:49 +0200 Message-Id: <20220422142953.3805364-15-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220422142953.3805364-1-arne@rfc2549.org> References: <20220422134038.3801239-1-arne@rfc2549.org> <20220422142953.3805364-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This makes the tls_process_state function a bit easier to read allows extending the read_incoming_tls_plaintext function later without making tls_process_state even longer. --- src/openvpn/ssl.c | 38 [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1nhuSh-0006BA-Bs Subject: [Openvpn-devel] [PATCH 24/28] Extract read_incoming_tls_plaintext into its own function X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This makes the tls_process_state function a bit easier to read allows extending the read_incoming_tls_plaintext function later without making tls_process_state even longer. --- src/openvpn/ssl.c | 38 +++++++++++++++++++++++--------------- 1 file changed, 23 insertions(+), 15 deletions(-) diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index e3101c7fa..01717559c 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -2612,6 +2612,28 @@ control_packet_needs_wkc(const struct key_state *ks) && (ks->send_reliable->packet_id == 1); } +static bool +read_incoming_tls_plaintext(struct buffer *buf, struct key_state *ks, interval_t *wakeup) +{ + ASSERT(buf_init(buf, 0)); + int status = key_state_read_plaintext(&ks->ks_ssl, buf, TLS_CHANNEL_BUF_SIZE); + update_time(); + if (status == -1) + { + msg(D_TLS_ERRORS, "TLS Error: TLS object -> incoming plaintext read error"); + return false; + } + if (status == 1) + { + *state_change = true; + dmsg(D_TLS_DEBUG, "TLS -> Incoming Plaintext"); + + /* More data may be available, wake up again asap to check. */ + *wakeup = 0; + } + return true; +} + static bool tls_process_state(struct tls_multi *multi, @@ -2705,24 +2727,10 @@ tls_process_state(struct tls_multi *multi, struct buffer *buf = &ks->plaintext_read_buf; if (!buf->len) { - int status; - - ASSERT(buf_init(buf, 0)); - status = key_state_read_plaintext(&ks->ks_ssl, buf, TLS_CHANNEL_BUF_SIZE); - update_time(); - if (status == -1) + if (!read_incoming_tls_plaintext(buf, ks, wakeup)) { - msg(D_TLS_ERRORS, "TLS Error: TLS object -> incoming plaintext read error"); goto error; } - if (status == 1) - { - state_change = true; - dmsg(D_TLS_DEBUG, "TLS -> Incoming Plaintext"); - - /* More data may be available, wake up again asap to check. */ - *wakeup = 0; - } } /* Send Key */