gistfile1.diff

--- /tmp/removed123.txt	2011-08-25 20:57:38.503776323 +0200
+++ /tmp/added123.txt	2011-08-25 20:57:38.533791323 +0200
@@ -1,8 +1,72 @@
--- a/ssl.c
+++ b/ssl.c
+	      status = key_state_read_plaintext (&ks->ks_ssl, buf, TLS_CHANNEL_BUF_SIZE);
+		  int status = key_state_read_ciphertext (&ks->ks_ssl, buf, PAYLOAD_SIZE_DYNAMIC (&multi->opt.frame));
+++ b/ssl_backend.h
+/**************************************************************************/
+/** @addtogroup control_tls
+ *  @{ */
+
+/** @name Functions for packets to be sent to a remote OpenVPN peer
+ *  @{ */
+
+/**
+ * Extract ciphertext data from the TLS module.
+ *
+ * If the \a buf buffer has a length other than zero, this function does
+ * not perform any action and returns 0.
+ *
+ * @param ks_ssl       - The security parameter state for this %key
+ *                       session.
+ * @param buf          - A buffer in which to store the ciphertext.
+ * @param maxlen       - The maximum number of bytes to extract.
+ *
+ * @return The return value indicates whether the data was successfully
+ *     processed:
+ * - \c 1: Data was extracted successfully.
+ * - \c 0: No data was extracted, this function should be called again
+ *   later to retry.
+ * - \c -1: An error occurred.
+ */
+int key_state_read_ciphertext (struct key_state_ssl *ks_ssl, struct buffer *buf,
+    int maxlen);
+
+/** @} name Functions for packets to be sent to a remote OpenVPN peer */
+
+
+/** @name Functions for packets received from a remote OpenVPN peer
+ *  @{ */
+
+/**
+ * Extract plaintext data from the TLS module.
+ *
+ * If the \a buf buffer has a length other than zero, this function does
+ * not perform any action and returns 0.
+ *
+ * @param ks_ssl       - The security parameter state for this %key
+ *                       session.
+ * @param buf          - A buffer in which to store the plaintext.
+ * @param maxlen       - The maximum number of bytes to extract.
+ *
+ * @return The return value indicates whether the data was successfully
+ *     processed:
+ * - \c 1: Data was extracted successfully.
+ * - \c 0: No data was extracted, this function should be called again
+ *   later to retry.
+ * - \c -1: An error occurred.
+ */
+int key_state_read_plaintext (struct key_state_ssl *ks_ssl, struct buffer *buf,
+    int maxlen);
+
+/** @} name Functions for packets received from a remote OpenVPN peer */
+
+/** @} addtogroup control_tls */
+
+++ b/ssl_openssl.c
+/*
  * Read from an OpenSSL BIO in non-blocking mode.
  */
 static int
-bio_read (struct tls_multi* multi, BIO *bio, struct buffer *buf, int maxlen, const char *desc)
+bio_read (BIO *bio, struct buffer *buf, int maxlen, const char *desc)
 {
   int i;
   int ret = 0;
@@ -58,68 +122,37 @@
   return ret;
 }
 
-/*
-/**
- * Extract ciphertext data from the TLS module.
- * 
- * If the \a buf buffer has a length other than zero, this function does
- * not perform any action and returns 0.
- * 
- * @param multi        - The security parameter state for this VPN tunnel.
- * @param ks           - The security parameter state for this %key
- *                       session.
- * @param buf          - A buffer in which to store the ciphertext.
- * @param maxlen       - The maximum number of bytes to extract.
- * 
- * @return The return value indicates whether the data was successfully
- *     processed:
- * - \c 1: Data was extracted successfully.
- * - \c 0: No data was extracted, this function should be called again
- *   later to retry.
- * - \c -1: An error occurred.
- */
-static int
-key_state_read_ciphertext (struct tls_multi *multi, struct key_state *ks, struct buffer *buf,
+int
+key_state_read_ciphertext (struct key_state_ssl *ks_ssl, struct buffer *buf,
 			   int maxlen)
 {
-  int ret;
+  int ret = 0;
   perf_push (PERF_BIO_READ_CIPHERTEXT);
-  ret = bio_read (multi, ks->ks_ssl.ct_out, buf, maxlen, "tls_read_ciphertext");
+
+#ifdef USE_OPENSSL
+  ASSERT (NULL != ks_ssl);
+
+  ret = bio_read (ks_ssl->ct_out, buf, maxlen, "tls_read_ciphertext");
+#endif /* USE_OPENSSL */
+
   perf_pop ();
   return ret;
 }
 
-/**
- * Extract plaintext data from the TLS module.
- * 
- * If the \a buf buffer has a length other than zero, this function does
- * not perform any action and returns 0.
- * 
- * @param multi        - The security parameter state for this VPN tunnel.
- * @param ks           - The security parameter state for this %key
- *                       session.
- * @param buf          - A buffer in which to store the plaintext.
- * @param maxlen       - The maximum number of bytes to extract.
- * 
- * @return The return value indicates whether the data was successfully
- *     processed:
- * - \c 1: Data was extracted successfully.
- * - \c 0: No data was extracted, this function should be called again
- *   later to retry.
- * - \c -1: An error occurred.
- */
-static int
-key_state_read_plaintext (struct tls_multi *multi, struct key_state *ks, struct buffer *buf,
+int
+key_state_read_plaintext (struct key_state_ssl *ks_ssl, struct buffer *buf,
 			  int maxlen)
 {
-  int ret;
+  int ret = 0;
   perf_push (PERF_BIO_READ_PLAINTEXT);
-  ret = bio_read (multi, ks->ks_ssl.ssl_bio, buf, maxlen, "tls_read_plaintext");
+
+#ifdef USE_OPENSSL
+  ASSERT (NULL != ks_ssl);
+
+  ret = bio_read (ks_ssl->ssl_bio, buf, maxlen, "tls_read_plaintext");
+#endif /* USE_OPENSSL */
+
   perf_pop ();
   return ret;
 }
 
-	      status = key_state_read_plaintext (multi, ks, buf, TLS_CHANNEL_BUF_SIZE);
-		  int status = key_state_read_ciphertext (multi, ks, buf, PAYLOAD_SIZE_DYNAMIC (&multi->opt.frame));
--- a/ssl_backend.h
--- a/ssl_openssl.c