From 73713debf56c06ed54a378f9b3d1d742c5f1ed45 Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Mon, 25 Apr 2022 14:27:09 +0200 Subject: [PATCH] Move pre decrypt lite check to its own function This prepares for extending this function with the HMAC based session ID check. Replace the check for m->top.c2.tls_auth_standalone with an ASSERT as this code path is only used in multi udp server and OpenVPN initialises the tls_auth_standalone always for the TOP context (CF_INIT_TLS_AUTH_STANDALONE), even for the tcp m2mp server that does not use it). Patch v2: replace if with ASSERT Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld Message-Id: <20220425122709.4148015-1-arne@rfc2549.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg24193.html Signed-off-by: Gert Doering --- src/openvpn/mudp.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c index 4fbe3c1a3..780ca171d 100644 --- a/src/openvpn/mudp.c +++ b/src/openvpn/mudp.c @@ -39,6 +39,17 @@ #include #endif +static bool +do_pre_decrypt_check(struct multi_context *m) +{ + ASSERT(m->top.c2.tls_auth_standalone); + if (!tls_pre_decrypt_lite(m->top.c2.tls_auth_standalone, &m->top.c2.from, &m->top.c2.buf)) + { + return false; + } + return true; +} + /* * Get a client instance based on real address. If * the instance doesn't exist, create it while @@ -95,8 +106,7 @@ multi_get_create_instance_udp(struct multi_context *m, bool *floated) } if (!mi) { - if (!m->top.c2.tls_auth_standalone - || tls_pre_decrypt_lite(m->top.c2.tls_auth_standalone, &m->top.c2.from, &m->top.c2.buf)) + if (do_pre_decrypt_check(m)) { if (frequency_limit_event_allowed(m->new_connection_limiter)) { -- 2.47.2