return NULL;
}
-void
+bool
dco_update_keys(dco_context_t *dco, struct tls_multi *multi)
{
msg(D_DCO_DEBUG, "%s: peer_id=%d", __func__, multi->dco_peer_id);
*/
if (multi->dco_keys_installed == 0)
{
- return;
+ return true;
}
struct key_state *primary = tls_select_encryption_key(multi);
if (ret < 0)
{
msg(D_DCO, "Cannot delete primary key during wipe: %s (%d)", strerror(-ret), ret);
- return;
+ return false;
}
ret = dco_del_key(dco, multi->dco_peer_id, OVPN_KEY_SLOT_SECONDARY);
if (ret < 0)
{
msg(D_DCO, "Cannot delete secondary key during wipe: %s (%d)", strerror(-ret), ret);
- return;
+ return false;
}
multi->dco_keys_installed = 0;
- return;
+ return true;
}
/* if we have a primary key, it must have been installed already (keys
if (ret < 0)
{
msg(D_DCO, "Cannot swap keys: %s (%d)", strerror(-ret), ret);
- return;
+ return false;
}
primary->dco_status = DCO_INSTALLED_PRIMARY;
if (ret < 0)
{
msg(D_DCO, "Cannot delete secondary key: %s (%d)", strerror(-ret), ret);
- return;
+ return false;
}
multi->dco_keys_installed = 1;
}
ks->dco_status = DCO_NOT_INSTALLED;
}
}
+ return true;
}
static bool
*
* @param dco DCO device context
* @param multi TLS multi instance
+ *
+ * @return returns false if an error occurred that is not
+ * recoverable and should reset the connection
*/
-void dco_update_keys(dco_context_t *dco, struct tls_multi *multi);
-
+bool dco_update_keys(dco_context_t *dco, struct tls_multi *multi);
/**
* Install a new peer in DCO - to be called by a CLIENT (or P2P) instance
*
return 0;
}
-static inline void
+static inline bool
dco_update_keys(dco_context_t *dco, struct tls_multi *multi)
{
ASSERT(false);
+ return false;
}
static inline int
return;
}
- dco_update_keys(&c->c1.tuntap->dco, c->c2.tls_multi);
+ if (!dco_update_keys(&c->c1.tuntap->dco, c->c2.tls_multi))
+ {
+ /* Something bad happened. Kill the connection to
+ * be able to recover. */
+ register_signal(c, SIGUSR1, "dco update keys error");
+ }
}
/*
projects / thirdparty / openvpn.git / commitdiff
