632 print_key_id (struct tls_multi *multi, struct gc_arena *gc)
639       struct key_state *ks = multi->key_scan[i];
835  * @param multi        - A pointer to the \c tls_multi structure
842 tls_session_init (struct tls_multi *multi, struct tls_session *session)
851   session->opt = &multi->opt;
932 move_session (struct tls_multi* multi, int dest, int src, bool reinit_src)
941   tls_session_free (&multi->session[dest], false);
942   multi->session[dest] = multi->session[src];
943   tls_session_set_self_referential_pointers (&multi->session[dest]);
946     tls_session_init (multi, &multi->session[src]);
948     CLEAR (multi->session[src]);
954 reset_session (struct tls_multi *multi, struct tls_session *session)
957   tls_session_init (multi, session);
965 initiate_untrusted_session (struct tls_multi *multi, struct sockaddr_in *to)
967   struct tls_session *session = &multi->session[TM_UNTRUSTED];
970   reset_session (multi, session);
1037 tls_multi_init_finalize (struct tls_multi* multi, const struct frame* frame)
1039   tls_init_control_channel_frame_parameters (frame, &multi->opt.frame);
1043   tls_session_init (multi, &multi->session[TM_ACTIVE]);
1045   if (!multi->opt.single_session)
1046     tls_session_init (multi, &multi->session[TM_UNTRUSTED]);
1085 tls_multi_init_set_options (struct tls_multi* multi,
1091   multi->opt.local_options = local;
1092   multi->opt.remote_options = remote;
1100 tls_multi_free (struct tls_multi *multi, bool clear)
1104   ASSERT (multi);
1107   man_def_auth_set_client_reason(multi, NULL);  
1109   free (multi->peer_info);
1112   if (multi->locked_cn)
1113     free (multi->locked_cn);
1115   if (multi->locked_username)
1116     free (multi->locked_username);
1118   cert_hash_free (multi->locked_cert_hash_set);
1121     tls_session_free (&multi->session[i], false);
1124     CLEAR (*multi);
1126   free(multi);
1987 key_method_2_read (struct buffer *buf, struct tls_multi *multi, struct tls_session *session)
2053       free (multi->peer_info);
2054       multi->peer_info = read_string_alloc (buf);
2057       verify_user_pass(up, multi, session);
2075       verify_final_auth_checks(multi, session);
2154 tls_process (struct tls_multi *multi,
2329 	      ASSERT (buf_init (buf, FRAME_HEADROOM (&multi->opt.frame)));
2430 		  if (!key_method_2_read (buf, multi, session))
2467 		  int status = key_state_read_ciphertext (&ks->ks_ssl, buf, PAYLOAD_SIZE_DYNAMIC (&multi->opt.frame));
2494       ASSERT (buf_init (buf, FRAME_HEADROOM (&multi->opt.frame)));
2554 tls_multi_process (struct tls_multi *multi,
2577       struct tls_session *session = &multi->session[i];
2600 	  if (tls_process (multi, session, to_link, &tla,
2611 	      multi->to_link_addr = *tla;
2612 	      *to_link_addr = &multi->to_link_addr;
2623 	      ++multi->n_soft_errors;
2630 		  && !multi->opt.single_session)
2631 		move_session (multi, TM_LAME_DUCK, TM_ACTIVE, true);
2633 		reset_session (multi, session);
2640   tas = tls_authentication_status (multi, TLS_MULTI_AUTH_STATUS_INTERVAL);
2645   if (lame_duck_must_die (&multi->session[TM_LAME_DUCK], wakeup)) {
2646     tls_session_free (&multi->session[TM_LAME_DUCK], true);
2659   if (DECRYPT_KEY_ENABLED (multi, &multi->session[TM_UNTRUSTED].key[KS_PRIMARY])) {
2660     move_session (multi, TM_ACTIVE, TM_UNTRUSTED, true);
2671       for (i = 0; i < (int) SIZE (multi->key_scan); ++i)
2673 	  if (multi->key_scan[i]->state >= S_ACTIVE)
2676       ++multi->n_hard_errors;
2683     const int throw_level = GREMLIN_CONNECTION_FLOOD_LEVEL (multi->opt.gremlin);
2686 	for (i = 0; i < (int) SIZE (multi->key_scan); ++i)
2688 	    if (multi->key_scan[i]->state >= throw_level)
2690 		++multi->n_hard_errors;
2691 		++multi->n_soft_errors;
2735 tls_pre_decrypt (struct tls_multi *multi,
2760 	      struct key_state *ks = multi->key_scan[i];
2775 	      if (DECRYPT_KEY_ENABLED (multi, ks)
2785 		  opt->packet_id = multi->opt.replay ? &ks->packet_id : NULL;
2787 		  opt->flags &= multi->opt.crypto_flags_and;
2788 		  opt->flags |= multi->opt.crypto_flags_or;
2803 			DECRYPT_KEY_ENABLED (multi, ks),
2842 		    || op == P_CONTROL_HARD_RESET_CLIENT_V2) && !multi->opt.server)
2844 		       || op == P_CONTROL_HARD_RESET_SERVER_V2) && multi->opt.server))
2875 	      struct tls_session *session = &multi->session[i];
2910 	      struct tls_session *session = &multi->session[TM_ACTIVE];
2913 	      if (!is_hard_reset (op, multi->opt.key_method))
2916 		       multi->opt.key_method,
2927 		  if (multi->opt.single_session && multi->n_sessions)
2964 	      struct tls_session *session = &multi->session[TM_UNTRUSTED];
2970 	      if (multi->opt.single_session)
2978 	      if (!is_hard_reset (op, multi->opt.key_method))
2981 		       multi->opt.key_method,
3005 	      struct tls_session *session = &multi->session[i];
3035 		  && DECRYPT_KEY_ENABLED (multi, ks))
3069 	    struct tls_session *session = &multi->session[i];
3087 		++multi->n_sessions;
3113 		     ks->key_id, key_id, print_key_id (multi, &gc));
3168   opt->flags &= multi->opt.crypto_flags_and;
3173   ++multi->n_soft_errors;
3293 tls_pre_encrypt (struct tls_multi *multi,
3296   multi->save_ks = NULL;
3303 	  struct key_state *ks = multi->key_scan[i];
3324 	  opt->packet_id = multi->opt.replay ? &ks_select->packet_id : NULL;
3326 	  opt->flags &= multi->opt.crypto_flags_and;
3327 	  opt->flags |= multi->opt.crypto_flags_or;
3328 	  multi->save_ks = ks_select;
3336 		print_key_id (multi, &gc));
3345   opt->flags &= multi->opt.crypto_flags_and;
3350 tls_post_encrypt (struct tls_multi *multi, struct buffer *buf)
3355   ks = multi->save_ks;
3356   multi->save_ks = NULL;
3373 tls_send_payload (struct tls_multi *multi,
3383   ASSERT (multi);
3385   session = &multi->session[TM_ACTIVE];
3408 tls_rec_payload (struct tls_multi *multi,
3417   ASSERT (multi);
3419   session = &multi->session[TM_ACTIVE];

Indexes created Fri Aug 02 20:52:59 MDT 2024