From patchwork Fri Oct 5 05:00:32 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steffan Karger X-Patchwork-Id: 489 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director10.mail.ord1d.rsapps.net ([172.31.255.6]) by backend30.mail.ord1d.rsapps.net with LMTP id uOliKNB8t1vkQgAAIUCqbw for ; Fri, 05 Oct 2018 11:01:36 -0400 Received: from proxy7.mail.iad3b.rsapps.net ([172.31.255.6]) by director10.mail.ord1d.rsapps.net with LMTP id YH8TJtB8t1vhGAAApN4f7A ; Fri, 05 Oct 2018 11:01:36 -0400 Received: from smtp36.gate.iad3b ([172.31.255.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy7.mail.iad3b.rsapps.net with LMTP id ANTnINB8t1tuGwAAQkQ5tQ ; Fri, 05 Oct 2018 11:01:36 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp36.gate.iad3b.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=karger-me.20150623.gappssmtp.com; dmarc=none (p=nil; dis=none) header.from=karger.me X-Suspicious-Flag: YES X-Classification-ID: 8d712bf0-c8af-11e8-b3ab-5254003a7283-1-1 Received: from [216.105.38.7] ([216.105.38.7:15935] helo=lists.sourceforge.net) by smtp36.gate.iad3b.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 2F/39-31504-FCC77BB5; Fri, 05 Oct 2018 11:01:36 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1g8Rb3-0005au-S8; Fri, 05 Oct 2018 15:00:53 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1g8Rb2-0005aj-0H for openvpn-devel@lists.sourceforge.net; Fri, 05 Oct 2018 15:00:52 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Zas3DEKFsZipon1dVz+OjDWotd70xAZjFNlHHotoZOQ=; b=N+cIrEWiNROFFXJ/1jyAS1g63o zsHhbvu3Ieqx9ZUOuFOrnbGXoAEhbxNG2BjRiOhlkO1RMAwux7bi3tAhO9BgTDa0XvNqKFhi+mv0P ObODFmyJ/ig5UqfJpEczwf56mrMVU3V+5dfwPTe152phMXuF7W2LvH+bnpusLRdp6grI=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Zas3DEKFsZipon1dVz+OjDWotd70xAZjFNlHHotoZOQ=; b=LsKFxBjYj10IopAzVHJM44f4+v WM+u3ZYtALKdDTOuIqxtFrm8wtYGDaI4N5FK02uZGEV4Dfzx7ZShMtaFvniHhQVuEzTol2zVpVxSd vGRj+pdeuw6X6ct8NXpKZt00OI6Lt4k6IixrrBBqvDKLeA4MJngxGUyJoY+3wWswG+Gw=; Received: from mail-ed1-f67.google.com ([209.85.208.67]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.90_1) id 1g8Rau-001BjD-PL for openvpn-devel@lists.sourceforge.net; Fri, 05 Oct 2018 15:00:51 +0000 Received: by mail-ed1-f67.google.com with SMTP id h13-v6so442418edq.0 for ; Fri, 05 Oct 2018 08:00:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=karger-me.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id; bh=Zas3DEKFsZipon1dVz+OjDWotd70xAZjFNlHHotoZOQ=; b=WZMwbeS546rQhf/1XWz7LlK+IvuLqf+Kg6UTY/Mg4nwCfKlk5H7JVwgzKN5Idcnwph hEFb2kuQaEIUwBVe7BL8QU4sIe5CvNhD42Z8oL3SXma8t/nmktvcG7WTthkiLP1o4JUn NFPqWXNgmZbVXQTs8rQKnnLzI5td+4mMc9FOfTPthwUjifuGLVjwpc3i4YrxMImLzP/D 4EnpPh41TYSuAogoFjRRgUsPYeLT43soPSdEFczC6P+G9//AfKRRdObBILHg6Akxh5fZ velwxsxTG3HNhIlsxiLNUstGoFgcUL2woyqbyhx2NQuRDP0g9Wnd9csxHSN30/0RoIyS B0hg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=Zas3DEKFsZipon1dVz+OjDWotd70xAZjFNlHHotoZOQ=; b=TRUEdUI/NDUxXnFitYt1I/+YAJ8cK37vpzszBLb8rl4anVBX6HCZSHtuc8eKyce/mn YF00hR9qEDfHfCmyyccJ1aB19NTgFuTjDhSWyM/hWVPblrhS7niF2+WCYABurosREM8N kziK45Jlfc8RkhL9sX58t2FCrrf5ynV3PBvi9fEjYgnT1vYd7nYgP8PBrd5cGhXXEiz5 Mly1AXBtlcYRdoNLcmVac539GVpxWzEUBU3uZMVNqNrQdpNCISkadyMQ440w90tavNw+ D+JK5TIxlCkK+Gob+1wjp/r7tH5f99Oy21uPnZf4npYXah2FQTKtaBE5Ke19l10hxjwd 0SOA== X-Gm-Message-State: ABuFfojSNHtSbrSpM6m67lEdo0LkYe57dA8qQR1NoaMXMlog4tKHi8rD CB8OY/7TFq63u8bt1xaQGU75c5dpvbzY3Q== X-Google-Smtp-Source: ACcGV624cBKV0p5UKZXL8j+tqGEeHLQiRKX9kNLoG1/iwQpZE+LRyr+tLPYD+Kkg+83QfxJDflRTHg== X-Received: by 2002:a17:906:82cc:: with SMTP id a12-v6mr11654753ejy.239.1538751636637; Fri, 05 Oct 2018 08:00:36 -0700 (PDT) Received: from localhost.localdomain ([2001:985:e54:1050::1000]) by smtp.gmail.com with ESMTPSA id k13-v6sm450186edb.89.2018.10.05.08.00.35 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 05 Oct 2018 08:00:36 -0700 (PDT) From: Steffan Karger To: openvpn-devel@lists.sourceforge.net Date: Fri, 5 Oct 2018 17:00:32 +0200 Message-Id: <20181005150032.16541-1-steffan@karger.me> X-Mailer: git-send-email 2.17.1 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.208.67 listed in wl.mailspike.net] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [209.85.208.67 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 DKIMWL_WL_MED DKIMwl.org - Whitelisted Medium sender 0.0 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1g8Rau-001BjD-PL Subject: [Openvpn-devel] [PATCH] Simplify --genkey option syntax X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Instead of requiring users to do "--genkey --secret new.key", allow them to just do "--genkey new.key". This has hit me often enough that I decided to write a patch for it. Also, the upcoming tls-crypt-v2-genkey uses a similar syntax and Antonio suggested we should make them consistent. The documentation is updated to no longer mention the old syntax, but it is still supported so people who are used to the old syntax can still use it. Signed-off-by: Steffan Karger Acked-by: Antonio Quartulli Tested-by: Antonio Quartulli --- doc/openvpn.8 | 26 ++++++++++++++------------ src/openvpn/options.c | 12 +++++++----- 2 files changed, 21 insertions(+), 17 deletions(-) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index de1a1928..084c5415 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -5674,20 +5674,22 @@ option. Used only for non\-TLS static key encryption mode. .\"********************************************************* .TP -.B \-\-genkey +.B \-\-genkey file (Standalone) -Generate a random key to be used as a shared secret, -for use with the +Generate a random key to be used as a shared secret, for use with the .B \-\-secret -option. This file must be shared with the -peer over a pre\-existing secure channel such as -.BR scp (1) -. -.\"********************************************************* -.TP -.B \-\-secret file -Write key to -.B file. +, +.B \-\-tls-auth +or +.B \-\-tls-crypt +options. Stores the key in +.B file\fR. + +If using this for +.B \-\-secret +, this file must be shared with the peer over a pre\-existing secure channel +such as +.BR scp (1)\fR. .\"********************************************************* .SS TUN/TAP persistent tunnel config mode: Available with Linux 2.4.7+. These options comprise a standalone mode diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 61fa9833..2199af53 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -739,10 +739,8 @@ static const char usage_message[] = " to access TAP adapter.\n" #endif /* ifdef _WIN32 */ "\n" - "Generate a random key (only for non-TLS static key encryption mode):\n" - "--genkey : Generate a random key to be used as a shared secret,\n" - " for use with the --secret option.\n" - "--secret file : Write key to file.\n" + "Generate a new key (for use with --secret, --tls-auth or --tls-crypt):\n" + "--genkey file : Generate a new random key and write to file.\n" #ifdef ENABLE_FEATURE_TUN_PERSIST "\n" "Tun/tap config mode (available with linux 2.4+):\n" @@ -7518,10 +7516,14 @@ add_option(struct options *options, } options->shared_secret_file = p[1]; } - else if (streq(p[0], "genkey") && !p[1]) + else if (streq(p[0], "genkey") && !p[2]) { VERIFY_PERMISSION(OPT_P_GENERAL); options->genkey = true; + if (p[1]) + { + options->shared_secret_file = p[1]; + } } else if (streq(p[0], "auth") && p[1] && !p[2]) {