[Openvpn-devel] [PATCH v3] Introduce get_key_by_management_key_id helper function
This function allows us to map from a management key id to a key structure
and also allows this function to be reused.
Patch v2: add message when key is not found.
Patch v3: only consider valid keys
Change-Id: I42d8785959c24bf688190965e58b9b98251b8557
Signed-off-by: Arne Schwabe
---
src/openvpn/ssl_common.h | 20
src/openvpn/ssl_verify.c | 23 +--
2 files changed, 33 insertions(+), 10 deletions(-)
diff --git a/src/openvpn/ssl_common.h b/src/openvpn/ssl_common.h
index 27b029479..be0f18746 100644
--- a/src/openvpn/ssl_common.h
+++ b/src/openvpn/ssl_common.h
@@ -722,4 +722,24 @@ get_primary_key(const struct tls_multi *multi)
return >session[TM_ACTIVE].key[KS_PRIMARY];
}
+#ifdef ENABLE_MANAGEMENT
+/**
+ * Gets the \c key_state object that belong to the management key id or
+ * return NULL if not found.
+ */
+static inline struct key_state *
+get_key_by_management_key_id(struct tls_multi *multi, unsigned int mda_key_id)
+{
+for (int i = 0; i < KEY_SCAN_SIZE; ++i)
+{
+struct key_state *ks = get_key_scan(multi, i);
+if (ks->mda_key_id == mda_key_id && ks->state > S_UNDEF)
+{
+return ks;
+}
+}
+return NULL;
+}
+#endif
+
#endif /* SSL_COMMON_H_ */
diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c
index 90416b69e..2395e55c8 100644
--- a/src/openvpn/ssl_verify.c
+++ b/src/openvpn/ssl_verify.c
@@ -1266,22 +1266,25 @@ tls_authentication_status(struct tls_multi *multi)
bool
tls_authenticate_key(struct tls_multi *multi, const unsigned int mda_key_id,
const bool auth, const char *client_reason)
{
-bool ret = false;
+struct key_state *ks = NULL;
if (multi)
{
-int i;
+
auth_set_client_reason(multi, client_reason);
-for (i = 0; i < KEY_SCAN_SIZE; ++i)
+ks = get_key_by_management_key_id(multi, mda_key_id);
+
+if (ks)
{
-struct key_state *ks = get_key_scan(multi, i);
-if (ks->mda_key_id == mda_key_id)
-{
-ks->mda_status = auth ? ACF_SUCCEEDED : ACF_FAILED;
-ret = true;
-}
+ks->mda_status = auth ? ACF_SUCCEEDED : ACF_FAILED;
}
+else
+{
+msg(D_TLS_DEBUG_LOW, "%s: no key state found for management key id
"
+"%d", __func__, mda_key_id);
+}
+
}
-return ret;
+return (bool) ks;
}
#endif /* ifdef ENABLE_MANAGEMENT */
--
2.39.2 (Apple Git-143)
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH v3] Introduce get_key_by_management_key_id helper function
This function allows us to map from a management key id to a key structure
and also allows this function to be reused.
Patch v2: add message when key is not found.
Patch v3: only consider valid keys
Change-Id: I42d8785959c24bf688190965e58b9b98251b8557
Signed-off-by: Arne Schwabe
---
src/openvpn/ssl_common.h | 20
src/openvpn/ssl_verify.c | 23 +--
2 files changed, 33 insertions(+), 10 deletions(-)
diff --git a/src/openvpn/ssl_common.h b/src/openvpn/ssl_common.h
index 27b029479..be0f18746 100644
--- a/src/openvpn/ssl_common.h
+++ b/src/openvpn/ssl_common.h
@@ -722,4 +722,24 @@ get_primary_key(const struct tls_multi *multi)
return >session[TM_ACTIVE].key[KS_PRIMARY];
}
+#ifdef ENABLE_MANAGEMENT
+/**
+ * Gets the \c key_state object that belong to the management key id or
+ * return NULL if not found.
+ */
+static inline struct key_state *
+get_key_by_management_key_id(struct tls_multi *multi, unsigned int mda_key_id)
+{
+for (int i = 0; i < KEY_SCAN_SIZE; ++i)
+{
+struct key_state *ks = get_key_scan(multi, i);
+if (ks->mda_key_id == mda_key_id && ks->state > S_UNDEF)
+{
+return ks;
+}
+}
+return NULL;
+}
+#endif
+
#endif /* SSL_COMMON_H_ */
diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c
index 90416b69e..2395e55c8 100644
--- a/src/openvpn/ssl_verify.c
+++ b/src/openvpn/ssl_verify.c
@@ -1266,22 +1266,25 @@ tls_authentication_status(struct tls_multi *multi)
bool
tls_authenticate_key(struct tls_multi *multi, const unsigned int mda_key_id,
const bool auth, const char *client_reason)
{
-bool ret = false;
+struct key_state *ks = NULL;
if (multi)
{
-int i;
+
auth_set_client_reason(multi, client_reason);
-for (i = 0; i < KEY_SCAN_SIZE; ++i)
+ks = get_key_by_management_key_id(multi, mda_key_id);
+
+if (ks)
{
-struct key_state *ks = get_key_scan(multi, i);
-if (ks->mda_key_id == mda_key_id)
-{
-ks->mda_status = auth ? ACF_SUCCEEDED : ACF_FAILED;
-ret = true;
-}
+ks->mda_status = auth ? ACF_SUCCEEDED : ACF_FAILED;
}
+else
+{
+msg(D_TLS_DEBUG_LOW, "%s: no key state found for management key id
"
+"%d", __func__, mda_key_id);
+}
+
}
-return ret;
+return (bool) ks;
}
#endif /* ifdef ENABLE_MANAGEMENT */
--
2.39.2 (Apple Git-143)
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
