Move pre decrypt lite check to its own function

This prepares for extending this function with the HMAC based session ID
check.

Replace the check for m->top.c2.tls_auth_standalone with an ASSERT as this
code path is only used in multi udp server and OpenVPN initialises the
tls_auth_standalone always for the TOP context (CF_INIT_TLS_AUTH_STANDALONE),
even for the tcp m2mp server that does not use it).

Patch v2: replace if with ASSERT

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <20220425122709.4148015-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg24193.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c
index 4fbe3c1a373625e93624cebe89153f204961d1b3..780ca171da6c533c28d435dfe6d6555674de181e 100644 (file)
--- a/src/openvpn/mudp.c
+++ b/src/openvpn/mudp.c
@@ -39,6 +39,17 @@
 #include <sys/inotify.h>
 #endif
 
+static bool
+do_pre_decrypt_check(struct multi_context *m)
+{
+    ASSERT(m->top.c2.tls_auth_standalone);
+    if (!tls_pre_decrypt_lite(m->top.c2.tls_auth_standalone, &m->top.c2.from, &m->top.c2.buf))
+    {
+        return false;
+    }
+    return true;
+}
+
 /*
  * Get a client instance based on real address.  If
  * the instance doesn't exist, create it while
@@ -95,8 +106,7 @@ multi_get_create_instance_udp(struct multi_context *m, bool *floated)
         }
         if (!mi)
         {
-            if (!m->top.c2.tls_auth_standalone
-                || tls_pre_decrypt_lite(m->top.c2.tls_auth_standalone, &m->top.c2.from, &m->top.c2.buf))
+            if (do_pre_decrypt_check(m))
             {
                 if (frequency_limit_event_allowed(m->new_connection_limiter))
                 {