From patchwork Tue May 3 01:29:00 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2428 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director13.mail.ord1d.rsapps.net ([172.30.191.6]) by backend41.mail.ord1d.rsapps.net with LMTP id YDeRE1IScWLTTQAAqwncew (envelope-from ) for ; Tue, 03 May 2022 07:30:26 -0400 Received: from proxy14.mail.ord1d.rsapps.net ([172.30.191.6]) by director13.mail.ord1d.rsapps.net with LMTP id eF4PJFIScWJSdAAA91zNiA (envelope-from ) for ; Tue, 03 May 2022 07:30:26 -0400 Received: from smtp20.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy14.mail.ord1d.rsapps.net with LMTPS id WCtOOFQScWLFVQAAtEH5vw (envelope-from ) for ; Tue, 03 May 2022 07:30:28 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp20.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 6d37b9c8-cad4-11ec-84f6-525400b8bfda-1-1 Received: from [216.105.38.7] ([216.105.38.7:50072] helo=lists.sourceforge.net) by smtp20.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 0C/2A-20620-15211726; Tue, 03 May 2022 07:30:26 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nlqiW-0006mq-Js; Tue, 03 May 2022 11:29:19 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nlqiU-0006mg-JS for openvpn-devel@lists.sourceforge.net; Tue, 03 May 2022 11:29:17 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=6wGVeDt3a6giclVMIGkWV+3vxiyMvj7isWIVtwgvh6s=; b=ZPfVi0op+bfc7A6kaJMlNqn+ZE 4q1verXv/CYjAfHzrFqaezz6VwcRpUhd2C/Grn9Zv0/Xkz40N/mDjKLS9yoXFFSe7ICIHH2Nzi+3i RcMzFcYKw7laeUzpOLg9yvJpl5bE0skM/5qv1r3J8MBJBJpG/l4Vkobgx1NcafOAFEJs=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=6wGVeDt3a6giclVMIGkWV+3vxiyMvj7isWIVtwgvh6s=; b=j9atBkDcf5Y+3IOpaNtcLnpDV1 r9NCHa4cNr6jsEXCNvIR8slbc0on81WYHqz/VCRSrHfLF01rRgK0KavdwI0V/BznUi27ZGOY3mPFm WhtMEBTvk10k4+p3uz3HPXbPxMrbHRuqk9fVEMR38TywleTvx4C+hoJpwW+zYPbKjs1s=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nlqiO-0002jJ-9A for openvpn-devel@lists.sourceforge.net; Tue, 03 May 2022 11:29:17 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1nlqiC-000OUr-7l for openvpn-devel@lists.sourceforge.net; Tue, 03 May 2022 13:29:00 +0200 Received: (nullmailer pid 934024 invoked by uid 10006); Tue, 03 May 2022 11:29:00 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Tue, 3 May 2022 13:29:00 +0200 Message-Id: <20220503112900.933975-1-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220422142953.3805364-15-arne@rfc2549.org> References: <20220422142953.3805364-15-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: This makes the tls_process_state function a bit easier to read allows extending the read_incoming_tls_plaintext function later without making tls_process_state even longer. Patch v2: fix compile error. Content analysis details: (0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1nlqiO-0002jJ-9A Subject: [Openvpn-devel] [PATCH v2] Extract read_incoming_tls_plaintext into its own function X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This makes the tls_process_state function a bit easier to read allows extending the read_incoming_tls_plaintext function later without making tls_process_state even longer. Patch v2: fix compile error. Signed-off-by: Arne Schwabe Acked-By: Frank Lichtenheld --- src/openvpn/ssl.c | 42 +++++++++++++++++++++++++++--------------- 1 file changed, 27 insertions(+), 15 deletions(-) diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index e3101c7fa..bd28260aa 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -2613,6 +2613,32 @@ control_packet_needs_wkc(const struct key_state *ks) } +static bool +read_incoming_tls_plaintext(struct key_state *ks, struct buffer *buf, + interval_t *wakeup, bool *state_change) +{ + ASSERT(buf_init(buf, 0)); + + int status = key_state_read_plaintext(&ks->ks_ssl, buf, TLS_CHANNEL_BUF_SIZE); + + update_time(); + if (status == -1) + { + msg(D_TLS_ERRORS, "TLS Error: TLS object -> incoming plaintext read error"); + return false; + } + if (status == 1) + { + *state_change = true; + dmsg(D_TLS_DEBUG, "TLS -> Incoming Plaintext"); + + /* More data may be available, wake up again asap to check. */ + *wakeup = 0; + } + return true; +} + + static bool tls_process_state(struct tls_multi *multi, struct tls_session *session, @@ -2705,24 +2731,10 @@ tls_process_state(struct tls_multi *multi, struct buffer *buf = &ks->plaintext_read_buf; if (!buf->len) { - int status; - - ASSERT(buf_init(buf, 0)); - status = key_state_read_plaintext(&ks->ks_ssl, buf, TLS_CHANNEL_BUF_SIZE); - update_time(); - if (status == -1) + if (!read_incoming_tls_plaintext(ks, buf, wakeup, &state_change)) { - msg(D_TLS_ERRORS, "TLS Error: TLS object -> incoming plaintext read error"); goto error; } - if (status == 1) - { - state_change = true; - dmsg(D_TLS_DEBUG, "TLS -> Incoming Plaintext"); - - /* More data may be available, wake up again asap to check. */ - *wakeup = 0; - } } /* Send Key */