This makes the code a bit more structured and easier to read.
---
src/openvpn/ssl.c | 53 +++++++++++++++++++++++++++++------------------
1 file changed, 33 insertions(+), 20 deletions(-)
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index 80440c411..8ea7c06fa 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -2525,6 +2525,37 @@ session_skip_to_pre_start(struct tls_session *session,
return session_move_pre_start(session, ks, true);
}
+/**
+ * Read incoming ciphertext and passes it to the buffer of the SSL library.
+ * Returns false if an error is encountered that should abort the session.
+ */
+static bool
+read_incoming_tls_ciphertext(struct buffer *buf, struct key_state *ks,
+ bool *state_change)
+{
+ int status = 0;
+ if (buf->len)
+ {
+ status = key_state_write_ciphertext(&ks->ks_ssl, buf);
+ if (status == -1)
+ {
+ msg(D_TLS_ERRORS,
+ "TLS Error: Incoming Ciphertext -> TLS object write error");
+ return false;
+ }
+ }
+ else
+ {
+ status = 1;
+ }
+ if (status == 1)
+ {
+ reliable_mark_deleted(ks->rec_reliable, buf);
+ *state_change = true;
+ dmsg(D_TLS_DEBUG, "Incoming Ciphertext -> TLS");
+ }
+ return true;
+}
static bool
@@ -2595,27 +2626,9 @@ tls_process_state(struct tls_multi *multi,
struct reliable_entry *entry =
reliable_get_entry_sequenced(ks->rec_reliable);
if (entry)
{
- struct buffer *buf = &entry->buf;
- int status = 0;
- if (buf->len)
- {
- status = key_state_write_ciphertext(&ks->ks_ssl, buf);
- if (status == -1)
- {
- msg(D_TLS_ERRORS,
- "TLS Error: Incoming Ciphertext -> TLS object write
error");
- goto error;
- }
- }
- else
- {
- status = 1;
- }
- if (status == 1)
+ if (!read_incoming_tls_ciphertext(&entry->buf, ks, &state_change))
{
- reliable_mark_deleted(ks->rec_reliable, buf);
- state_change = true;
- dmsg(D_TLS_DEBUG, "Incoming Ciphertext -> TLS");
+ goto error;
}
}
--
2.32.0 (Apple Git-132)
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
