Created
August 25, 2011 18:57
-
-
Save andj/1171480 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- /tmp/removed123.txt 2011-08-25 20:57:38.503776323 +0200 | |
+++ /tmp/added123.txt 2011-08-25 20:57:38.533791323 +0200 | |
@@ -1,8 +1,72 @@ | |
--- a/ssl.c | |
+++ b/ssl.c | |
+ status = key_state_read_plaintext (&ks->ks_ssl, buf, TLS_CHANNEL_BUF_SIZE); | |
+ int status = key_state_read_ciphertext (&ks->ks_ssl, buf, PAYLOAD_SIZE_DYNAMIC (&multi->opt.frame)); | |
+++ b/ssl_backend.h | |
+/**************************************************************************/ | |
+/** @addtogroup control_tls | |
+ * @{ */ | |
+ | |
+/** @name Functions for packets to be sent to a remote OpenVPN peer | |
+ * @{ */ | |
+ | |
+/** | |
+ * Extract ciphertext data from the TLS module. | |
+ * | |
+ * If the \a buf buffer has a length other than zero, this function does | |
+ * not perform any action and returns 0. | |
+ * | |
+ * @param ks_ssl - The security parameter state for this %key | |
+ * session. | |
+ * @param buf - A buffer in which to store the ciphertext. | |
+ * @param maxlen - The maximum number of bytes to extract. | |
+ * | |
+ * @return The return value indicates whether the data was successfully | |
+ * processed: | |
+ * - \c 1: Data was extracted successfully. | |
+ * - \c 0: No data was extracted, this function should be called again | |
+ * later to retry. | |
+ * - \c -1: An error occurred. | |
+ */ | |
+int key_state_read_ciphertext (struct key_state_ssl *ks_ssl, struct buffer *buf, | |
+ int maxlen); | |
+ | |
+/** @} name Functions for packets to be sent to a remote OpenVPN peer */ | |
+ | |
+ | |
+/** @name Functions for packets received from a remote OpenVPN peer | |
+ * @{ */ | |
+ | |
+/** | |
+ * Extract plaintext data from the TLS module. | |
+ * | |
+ * If the \a buf buffer has a length other than zero, this function does | |
+ * not perform any action and returns 0. | |
+ * | |
+ * @param ks_ssl - The security parameter state for this %key | |
+ * session. | |
+ * @param buf - A buffer in which to store the plaintext. | |
+ * @param maxlen - The maximum number of bytes to extract. | |
+ * | |
+ * @return The return value indicates whether the data was successfully | |
+ * processed: | |
+ * - \c 1: Data was extracted successfully. | |
+ * - \c 0: No data was extracted, this function should be called again | |
+ * later to retry. | |
+ * - \c -1: An error occurred. | |
+ */ | |
+int key_state_read_plaintext (struct key_state_ssl *ks_ssl, struct buffer *buf, | |
+ int maxlen); | |
+ | |
+/** @} name Functions for packets received from a remote OpenVPN peer */ | |
+ | |
+/** @} addtogroup control_tls */ | |
+ | |
+++ b/ssl_openssl.c | |
+/* | |
* Read from an OpenSSL BIO in non-blocking mode. | |
*/ | |
static int | |
-bio_read (struct tls_multi* multi, BIO *bio, struct buffer *buf, int maxlen, const char *desc) | |
+bio_read (BIO *bio, struct buffer *buf, int maxlen, const char *desc) | |
{ | |
int i; | |
int ret = 0; | |
@@ -58,68 +122,37 @@ | |
return ret; | |
} | |
-/* | |
-/** | |
- * Extract ciphertext data from the TLS module. | |
- * | |
- * If the \a buf buffer has a length other than zero, this function does | |
- * not perform any action and returns 0. | |
- * | |
- * @param multi - The security parameter state for this VPN tunnel. | |
- * @param ks - The security parameter state for this %key | |
- * session. | |
- * @param buf - A buffer in which to store the ciphertext. | |
- * @param maxlen - The maximum number of bytes to extract. | |
- * | |
- * @return The return value indicates whether the data was successfully | |
- * processed: | |
- * - \c 1: Data was extracted successfully. | |
- * - \c 0: No data was extracted, this function should be called again | |
- * later to retry. | |
- * - \c -1: An error occurred. | |
- */ | |
-static int | |
-key_state_read_ciphertext (struct tls_multi *multi, struct key_state *ks, struct buffer *buf, | |
+int | |
+key_state_read_ciphertext (struct key_state_ssl *ks_ssl, struct buffer *buf, | |
int maxlen) | |
{ | |
- int ret; | |
+ int ret = 0; | |
perf_push (PERF_BIO_READ_CIPHERTEXT); | |
- ret = bio_read (multi, ks->ks_ssl.ct_out, buf, maxlen, "tls_read_ciphertext"); | |
+ | |
+#ifdef USE_OPENSSL | |
+ ASSERT (NULL != ks_ssl); | |
+ | |
+ ret = bio_read (ks_ssl->ct_out, buf, maxlen, "tls_read_ciphertext"); | |
+#endif /* USE_OPENSSL */ | |
+ | |
perf_pop (); | |
return ret; | |
} | |
-/** | |
- * Extract plaintext data from the TLS module. | |
- * | |
- * If the \a buf buffer has a length other than zero, this function does | |
- * not perform any action and returns 0. | |
- * | |
- * @param multi - The security parameter state for this VPN tunnel. | |
- * @param ks - The security parameter state for this %key | |
- * session. | |
- * @param buf - A buffer in which to store the plaintext. | |
- * @param maxlen - The maximum number of bytes to extract. | |
- * | |
- * @return The return value indicates whether the data was successfully | |
- * processed: | |
- * - \c 1: Data was extracted successfully. | |
- * - \c 0: No data was extracted, this function should be called again | |
- * later to retry. | |
- * - \c -1: An error occurred. | |
- */ | |
-static int | |
-key_state_read_plaintext (struct tls_multi *multi, struct key_state *ks, struct buffer *buf, | |
+int | |
+key_state_read_plaintext (struct key_state_ssl *ks_ssl, struct buffer *buf, | |
int maxlen) | |
{ | |
- int ret; | |
+ int ret = 0; | |
perf_push (PERF_BIO_READ_PLAINTEXT); | |
- ret = bio_read (multi, ks->ks_ssl.ssl_bio, buf, maxlen, "tls_read_plaintext"); | |
+ | |
+#ifdef USE_OPENSSL | |
+ ASSERT (NULL != ks_ssl); | |
+ | |
+ ret = bio_read (ks_ssl->ssl_bio, buf, maxlen, "tls_read_plaintext"); | |
+#endif /* USE_OPENSSL */ | |
+ | |
perf_pop (); | |
return ret; | |
} | |
- status = key_state_read_plaintext (multi, ks, buf, TLS_CHANNEL_BUF_SIZE); | |
- int status = key_state_read_ciphertext (multi, ks, buf, PAYLOAD_SIZE_DYNAMIC (&multi->opt.frame)); | |
--- a/ssl_backend.h | |
--- a/ssl_openssl.c |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment