From patchwork Fri Apr 22 04:29:37 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2391 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director15.mail.ord1d.rsapps.net ([172.30.191.6]) by backend41.mail.ord1d.rsapps.net with LMTP id COTVEDi8YmI9RAAAqwncew (envelope-from ) for ; Fri, 22 Apr 2022 10:31:20 -0400 Received: from proxy18.mail.ord1d.rsapps.net ([172.30.191.6]) by director15.mail.ord1d.rsapps.net with LMTP id 0NeaJji8YmJMPQAAIcMcQg (envelope-from ) for ; Fri, 22 Apr 2022 10:31:20 -0400 Received: from smtp20.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy18.mail.ord1d.rsapps.net with LMTPS id sCMuJji8YmJnUAAATCaURg (envelope-from ) for ; Fri, 22 Apr 2022 10:31:20 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp20.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: e03a29d6-c248-11ec-84f6-525400b8bfda-1-1 Received: from [216.105.38.7] ([216.105.38.7:54310] helo=lists.sourceforge.net) by smtp20.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id CD/89-20620-83CB2626; Fri, 22 Apr 2022 10:31:20 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nhuIZ-0002cY-DH; Fri, 22 Apr 2022 14:30:14 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nhuIL-0002ba-Q2 for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:30:01 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=XOYbfebFaz5/2SzIxg8Bj04MsfnsG20mnwMRN/5siC4=; b=NgLp0mTfWVWQNWSMBcTX9m1cP0 OhyxEPqZco0vN6NletLvIsLiukZYJlt+qXtWLWE9iVVg+uCjwD9f+elv6UGUsPRTKP2x5eztgsDaI VWssj+vt75U6wxJxZ5rnVXXTDh7GA9JEuhCHP9XfoVgz+fexGmFuFcPjNR/Bt0UHyfsA=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=XOYbfebFaz5/2SzIxg8Bj04MsfnsG20mnwMRN/5siC4=; b=Hwo2FbCi3875y8fkZHHhBbeaHG 25UMF92UNkPkNwD868WvtU1PIjOrkbqe6O5Ry2Jy1SpFziu1HDHJeZbq2/N7ydECdtesmECcBM8a9 q0K/ptoyNijW5zlQ9rNAE7H8ZmgBcI/EBCAQzlpxHlYj57Hi4elDZvHKm3KDO9XmuP5s=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nhuIJ-0005de-Sp for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 14:30:00 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1nhuID-00096Q-DB for openvpn-devel@lists.sourceforge.net; Fri, 22 Apr 2022 16:29:53 +0200 Received: (nullmailer pid 3805417 invoked by uid 10006); Fri, 22 Apr 2022 14:29:53 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 22 Apr 2022 16:29:37 +0200 Message-Id: <20220422142953.3805364-3-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220422142953.3805364-1-arne@rfc2549.org> References: <20220422134038.3801239-1-arne@rfc2549.org> <20220422142953.3805364-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This changes the C90 struct buffer declaration to a C99 style one. Also move the state transition from S_INITIAL to S_PE_START into its own function. --- src/openvpn/ssl.c | 84 +++++++++++++++++++++++ [...] Content analysis details: (0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1nhuIJ-0005de-Sp Subject: [Openvpn-devel] [PATCH 12/28] Extract session_move_pre_start as own function, use local buffer variable X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This changes the C90 struct buffer declaration to a C99 style one. Also move the state transition from S_INITIAL to S_PE_START into its own function. Acked-By: Frank Lichtenheld --- src/openvpn/ssl.c | 84 ++++++++++++++++++++++++++++------------------- 1 file changed, 50 insertions(+), 34 deletions(-) diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 6669c4719..bad59f2a1 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -2382,6 +2382,52 @@ auth_deferred_expire_window(const struct tls_options *o) return ret; } +/** + * Move the session from S_INITIAL to S_PRE_START. This will also generate + * the intial message based on ks->initial_opcode + * + * @return if the state change was succesful + */ +static bool +session_move_pre_start(const struct tls_session *session, + struct key_state *ks) +{ + struct buffer *buf = reliable_get_buf_output_sequenced(ks->send_reliable); + if (!buf) + { + return false; + } + + ks->initial = now; + ks->must_negotiate = now + session->opt->handshake_window; + ks->auth_deferred_expire = now + auth_deferred_expire_window(session->opt); + + /* null buffer */ + reliable_mark_active_outgoing(ks->send_reliable, buf, ks->initial_opcode); + INCR_GENERATED; + + ks->state = S_PRE_START; + + struct gc_arena gc = gc_new(); + dmsg(D_TLS_DEBUG, "TLS: Initial Handshake, sid=%s", + session_id_print(&session->session_id, &gc)); + gc_free(&gc); + +#ifdef ENABLE_MANAGEMENT + if (management && ks->initial_opcode != P_CONTROL_SOFT_RESET_V1) + { + management_set_state(management, + OPENVPN_STATE_WAIT, + NULL, + NULL, + NULL, + NULL, + NULL); + } +#endif + return true; + +} /* * This is the primary routine for processing TLS stuff inside the * the main event loop. When this routine exits @@ -2400,7 +2446,6 @@ tls_process(struct tls_multi *multi, interval_t *wakeup) { struct gc_arena gc = gc_new(); - struct buffer *buf; bool state_change = false; bool active = false; struct key_state *ks = &session->key[KS_PRIMARY]; /* primary key */ @@ -2460,35 +2505,7 @@ tls_process(struct tls_multi *multi, /* Initial handshake */ if (ks->state == S_INITIAL) { - buf = reliable_get_buf_output_sequenced(ks->send_reliable); - if (buf) - { - ks->initial = now; - ks->must_negotiate = now + session->opt->handshake_window; - ks->auth_deferred_expire = now + auth_deferred_expire_window(session->opt); - - /* null buffer */ - reliable_mark_active_outgoing(ks->send_reliable, buf, ks->initial_opcode); - INCR_GENERATED; - - ks->state = S_PRE_START; - state_change = true; - dmsg(D_TLS_DEBUG, "TLS: Initial Handshake, sid=%s", - session_id_print(&session->session_id, &gc)); - -#ifdef ENABLE_MANAGEMENT - if (management && ks->initial_opcode != P_CONTROL_SOFT_RESET_V1) - { - management_set_state(management, - OPENVPN_STATE_WAIT, - NULL, - NULL, - NULL, - NULL, - NULL); - } -#endif - } + state_change = session_move_pre_start(session, ks); } /* Are we timed out on receive? */ @@ -2573,11 +2590,10 @@ tls_process(struct tls_multi *multi, if (!to_link->len && reliable_can_send(ks->send_reliable)) { int opcode; - struct buffer b; - buf = reliable_send(ks->send_reliable, &opcode); + struct buffer *buf = reliable_send(ks->send_reliable, &opcode); ASSERT(buf); - b = *buf; + struct buffer b = *buf; INCR_SENT; write_control_auth(session, ks, &b, to_link_addr, opcode, @@ -2590,7 +2606,7 @@ tls_process(struct tls_multi *multi, } /* Write incoming ciphertext to TLS object */ - buf = reliable_get_buf_sequenced(ks->rec_reliable); + struct buffer *buf = reliable_get_buf_sequenced(ks->rec_reliable); if (buf) { int status = 0;