Use functions to access key_state instead direct member access

author Arne Schwabe <arne@rfc2549.org>

Thu, 22 Apr 2021 15:17:19 +0000 (17:17 +0200)

committer Gert Doering <gert@greenie.muc.de>

Wed, 28 Apr 2021 13:03:03 +0000 (15:03 +0200)
author Arne Schwabe <arne@rfc2549.org>
Thu, 22 Apr 2021 15:17:19 +0000 (17:17 +0200)
committer Gert Doering <gert@greenie.muc.de>
Wed, 28 Apr 2021 13:03:03 +0000 (15:03 +0200)
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c

index cfa8f87d1e9969b86cc7f8a308106883e1b857c3..32e2821d3fb43db4c0f1fcb9d414c3f11a3c8898 100644 (file)
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -1799,8 +1799,7 @@ multi_client_set_protocol_options(struct context *c)
       * cipher -> so log the fact and push the "what we have now" cipher
       * (so the client is always told what we expect it to use)
       */
-    const struct tls_session *session = &tls_multi->session[TM_ACTIVE];
-    if (session->key[KS_PRIMARY].crypto_options.key_ctx_bi.initialized)
+    if (get_primary_key(tls_multi)->crypto_options.key_ctx_bi.initialized)
      {
          msg(M_INFO, "PUSH: client wants to negotiate cipher (NCP), but "
              "server has already generated data channel keys, "
diff --git a/src/openvpn/push.c b/src/openvpn/push.c

index 2e92d8ee2b2eee5638b5927503ed023f0579d5a9..99aaa3e3e886573dc789a160ac5cdd523d962184 100644 (file)
--- a/src/openvpn/push.c
+++ b/src/openvpn/push.c
@@ -222,7 +222,7 @@ receive_cr_response(struct context *c, const struct buffer *buffer)
      struct tls_session *session = &c->c2.tls_multi->session[TM_ACTIVE];
      struct man_def_auth_context *mda = session->opt->mda_context;
      struct env_set *es = session->opt->es;
-    int key_id = session->key[KS_PRIMARY].key_id;
+    int key_id = get_primary_key(c->c2.tls_multi)->key_id;
  
  
      management_notify_client_cr_response(key_id, mda, es, m);
@@ -300,7 +300,7 @@ receive_auth_pending(struct context *c, const struct buffer *buffer)
                  "to %us", c->options.handshake_window,
                  min_uint(max_timeout, server_timeout));
  
-    struct key_state *ks = &c->c2.tls_multi->session[TM_ACTIVE].key[KS_PRIMARY];
+    const struct key_state *ks = get_primary_key(c->c2.tls_multi);
      c->c2.push_request_timeout = ks->established + min_uint(max_timeout, server_timeout);
  }
  
@@ -365,7 +365,7 @@ bool
  send_auth_pending_messages(struct tls_multi *tls_multi, const char *extra,
                             unsigned int timeout)
  {
-    struct key_state *ks = &tls_multi->session[TM_ACTIVE].key[KS_PRIMARY];
+    struct key_state *ks = get_key_scan(tls_multi, 0);
  
      static const char info_pre[] = "INFO_PRE,";
  
@@ -472,8 +472,7 @@ cleanup:
  bool
  send_push_request(struct context *c)
  {
-    struct tls_session *session = &c->c2.tls_multi->session[TM_ACTIVE];
-    struct key_state *ks = &session->key[KS_PRIMARY];
+    const struct key_state *ks = get_primary_key(c->c2.tls_multi);
  
      /* We timeout here under two conditions:
       * a) we reached the hard limit of push_request_timeout
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c

index 69d90e8682f856467881e71ff9e270938b05f6df..b16f6bcc5d06111916ee06933c1bb59f0afd6966 100644 (file)
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -3425,7 +3425,7 @@ tls_pre_decrypt(struct tls_multi *multi,
      if (i == TM_SIZE && is_hard_reset_method2(op))
      {
          struct tls_session *session = &multi->session[TM_ACTIVE];
-        struct key_state *ks = &session->key[KS_PRIMARY];
+        const struct key_state *ks = get_primary_key(multi);
  
          /*
           * If we have no session currently in progress, the initial packet will
@@ -3910,7 +3910,6 @@ tls_send_payload(struct tls_multi *multi,
                   const uint8_t *data,
                   int size)
  {
-    struct tls_session *session;
      struct key_state *ks;
      bool ret = false;
  
@@ -3918,8 +3917,7 @@ tls_send_payload(struct tls_multi *multi,
  
      ASSERT(multi);
  
-    session = &multi->session[TM_ACTIVE];
-    ks = &session->key[KS_PRIMARY];
+    ks = get_key_scan(multi, 0);
  
      if (ks->state >= S_ACTIVE)
      {
@@ -3948,16 +3946,13 @@ bool
  tls_rec_payload(struct tls_multi *multi,
                  struct buffer *buf)
  {
-    struct tls_session *session;
-    struct key_state *ks;
      bool ret = false;
  
      tls_clear_error();
  
      ASSERT(multi);
  
-    session = &multi->session[TM_ACTIVE];
-    ks = &session->key[KS_PRIMARY];
+    struct key_state *ks = get_key_scan(multi, 0);
  
      if (ks->state >= S_ACTIVE && BLEN(&ks->plaintext_read_buf))
      {
diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h

index ffd2679e89aa4c7b6e78bf618b84dfe22b7e898b..769d885a38c301386baad1b7ed5830c17e547c48 100644 (file)
--- a/src/openvpn/ssl.h
+++ b/src/openvpn/ssl.h
@@ -545,7 +545,7 @@ tls_test_payload_len(const struct tls_multi *multi)
  {
      if (multi)
      {
-        const struct key_state *ks = &multi->session[TM_ACTIVE].key[KS_PRIMARY];
+        const struct key_state *ks = get_primary_key(multi);
          if (ks->state >= S_ACTIVE)
          {
              return BLEN(&ks->plaintext_read_buf);
diff --git a/src/openvpn/ssl_common.h b/src/openvpn/ssl_common.h

index 0b2b8c931df31fda2f890cab2f97b8650a62beb7..4ce6983c511dc91bc4dead7086cd9b43b53671dd 100644 (file)
--- a/src/openvpn/ssl_common.h
+++ b/src/openvpn/ssl_common.h
@@ -624,4 +624,13 @@ get_key_scan(struct tls_multi *multi, int index)
      }
  }
  
+/**  gets an item  of \c key_state objects in the
+ *   order they should be scanned by data
+ *   channel modules. */
+static inline const struct key_state *
+get_primary_key(const struct tls_multi *multi)
+{
+        return &multi->session[TM_ACTIVE].key[KS_PRIMARY];
+}
+
  #endif /* SSL_COMMON_H_ */
author	Arne Schwabe <arne@rfc2549.org>
	Thu, 22 Apr 2021 15:17:19 +0000 (17:17 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Wed, 28 Apr 2021 13:03:03 +0000 (15:03 +0200)
src/openvpn/multi.c		patch \| blob \| blame \| history
src/openvpn/push.c		patch \| blob \| blame \| history
src/openvpn/ssl.c		patch \| blob \| blame \| history
src/openvpn/ssl.h		patch \| blob \| blame \| history
src/openvpn/ssl_common.h		patch \| blob \| blame \| history