@@ -2848,13 +2848,19 @@
struct link_socket_info *to_link_socket_info,
interval_t *wakeup)
{
- bool state_change = false;
+ /* This variable indicates if we should call this method
+ * again to process more incoming/outgoing TLS state/data
+ * We want to repeat this until we either determined that there
+ * is nothing more to process or that further processing
+ * should only be done after the outer loop (sending packets etc.)
+ * has run once more */
+ bool continue_tls_process = false;
struct key_state *ks = &session->key[KS_PRIMARY]; /* primary key */
/* Initial handshake */
if (ks->state == S_INITIAL)
{
- state_change = session_move_pre_start(session, ks, false);
+ continue_tls_process = session_move_pre_start(session, ks, false);
}
/* Are we timed out on receive? */
@@ -2872,7 +2878,7 @@
if (ks->state == S_PRE_START && reliable_empty(ks->send_reliable))
{
ks->state = S_START;
- state_change = true;
+ continue_tls_process = true;
/* New connection, remove any old X509 env variables */
tls_x509_clear_env(session->opt->es);
@@ -2885,7 +2891,7 @@
&& reliable_empty(ks->send_reliable))
{
session_move_active(multi, session, to_link_socket_info, ks);
- state_change = true;
+ continue_tls_process = true;
}
/* Reliable buffer to outgoing TCP/UDP (send up to CONTROL_SEND_ACK_MAX ACKs
@@ -2927,7 +2933,7 @@
}
else
{
- if (!read_incoming_tls_ciphertext(&entry->buf, ks, &state_change))
+ if (!read_incoming_tls_ciphertext(&entry->buf, ks, &continue_tls_process))
{
goto error;
}
@@ -2938,7 +2944,7 @@
struct buffer *buf = &ks->plaintext_read_buf;
if (!buf->len)
{
- if (!read_incoming_tls_plaintext(ks, buf, wakeup, &state_change))
+ if (!read_incoming_tls_plaintext(ks, buf, wakeup, &continue_tls_process))
{
goto error;
}
@@ -2954,7 +2960,7 @@
goto error;
}
- state_change = true;
+ continue_tls_process = true;
dmsg(D_TLS_DEBUG_MED, "STATE S_SENT_KEY");
ks->state = S_SENT_KEY;
}
@@ -2970,7 +2976,7 @@
goto error;
}
- state_change = true;
+ continue_tls_process = true;
dmsg(D_TLS_DEBUG_MED, "STATE S_GOT_KEY");
ks->state = S_GOT_KEY;
}
@@ -2988,7 +2994,7 @@
}
if (status == 1)
{
- state_change = true;
+ continue_tls_process = true;
dmsg(D_TLS_DEBUG, "Outgoing Plaintext -> TLS");
}
}
@@ -3006,7 +3012,7 @@
}
}
- return state_change;
+ return continue_tls_process;
error:
tls_clear_error();
ks->state = S_ERROR;
@@ -3065,19 +3071,19 @@
msg(D_TLS_DEBUG_LOW, "TLS: tls_process: killed expiring key");
}
- bool state_change = true;
- while (state_change)
+ bool continue_tls_process = true;
+ while (continue_tls_process)
{
update_time();
dmsg(D_TLS_DEBUG, "TLS: tls_process: chg=%d ks=%s lame=%s to_link->len=%d wakeup=%d",
- state_change,
+ continue_tls_process,
state_name(ks->state),
state_name(ks_lame->state),
to_link->len,
*wakeup);
- state_change = tls_process_state(multi, session, to_link, to_link_addr,
- to_link_socket_info, wakeup);
+ continue_tls_process = tls_process_state(multi, session, to_link, to_link_addr,
+ to_link_socket_info, wakeup);
if (ks->state == S_ERROR)
{
Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/452?usp=email to review the following change. Change subject: Rename state_change to continue_tls_process ...................................................................... Rename state_change to continue_tls_process The name state_change is more confusing than helpful as it not really indicates if there was a state change but rather if processing should be continued. There even some states that are definitively state changes (setting to_link buffer) that require continue_tls_process to be set to false. Change-Id: Ib6d713f2eb08a4c39d97de3e1a4a832cedc09585 --- M src/openvpn/ssl.c 1 file changed, 21 insertions(+), 15 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/52/452/1