[Openvpn-devel,v3,1/7] Write key to stdout if filename is not given

Message ID 20190510121114.30468-2-arne@rfc2549.org
State Accepted
Delegated to: David Sommerseth
Headers show
Series
  • Auth token patches v3
Related show

Commit Message

Arne Schwabe May 10, 2019, 12:11 p.m.
This change is preperation for changing the way --genkey works.
---
 src/openvpn/crypto.c    | 13 +++++++++++--
 src/openvpn/tls_crypt.c | 13 +++++++++++--
 2 files changed, 22 insertions(+), 4 deletions(-)

Comments

David Sommerseth June 7, 2019, 8:46 p.m. | #1
On 10/05/2019 14:11, Arne Schwabe wrote:
> This change is preperation for changing the way --genkey works.
> ---
>  src/openvpn/crypto.c    | 13 +++++++++++--
>  src/openvpn/tls_crypt.c | 13 +++++++++++--
>  2 files changed, 22 insertions(+), 4 deletions(-)
> 
> diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
> index ff9dbfdc..eb56421b 100644
> --- a/src/openvpn/crypto.c
> +++ b/src/openvpn/crypto.c
> @@ -1465,8 +1465,13 @@ write_key_file(const int nkeys, const char *filename)
>  
>      buf_printf(&out, "%s\n", static_key_foot);
>  
> +    /* write key file to stdout if no filename given */
> +    if (!filename || strcmp(filename, "")==0)
> +    {
> +        printf("%s\n", BPTR(&out));
> +    }
>      /* write key file, now formatted in out, to file */
> -    if (!buffer_write_file(filename, &out))
> +    else if (!buffer_write_file(filename, &out))
>      {
>          nbits = -1;
>      }
> @@ -1870,7 +1875,11 @@ write_pem_key_file(const char *filename, const char *pem_name)
>          goto cleanup;
>      }
>  
> -    if (!buffer_write_file(filename, &server_key_pem))
> +    if (!filename || strcmp(filename, "")==0)
> +    {
> +        printf("%s\n", BPTR(&server_key_pem));
> +    }
> +    else if (!buffer_write_file(filename, &server_key_pem))
>      {
>          msg(M_ERR, "ERROR: could not write key file");
>          goto cleanup;
> diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c
> index d6a82252..e8889e93 100644
> --- a/src/openvpn/tls_crypt.c
> +++ b/src/openvpn/tls_crypt.c
> @@ -697,7 +697,16 @@ tls_crypt_v2_write_client_key_file(const char *filename,
>          goto cleanup;
>      }
>  
> -    if (!buffer_write_file(filename, &client_key_pem))
> +    const char *client_filename = filename;
> +    const char *client_inline = NULL;
> +
> +    if (!filename || streq(filename, ""))
> +    {
> +        printf("%s\n", BPTR(&client_key_pem));
> +        client_filename = INLINE_FILE_TAG;
> +        client_inline = (const char *)BPTR(&client_key_pem);
> +    }
> +    else if (!buffer_write_file(filename, &client_key_pem))
>      {
>          msg(M_FATAL, "ERROR: could not write client key file");
>          goto cleanup;
> @@ -708,7 +717,7 @@ tls_crypt_v2_write_client_key_file(const char *filename,
>      struct buffer test_wrapped_client_key;
>      msg(D_GENKEY, "Testing client-side key loading...");
>      tls_crypt_v2_init_client_key(&test_client_key, &test_wrapped_client_key,
> -                                 filename, NULL);
> +                                 client_filename, client_inline);
>      free_key_ctx_bi(&test_client_key);
>  
>      /* Sanity check: unwrap and load client key (as "server") */
> 

Acked-By: David Sommerseth <davids@openvpn.net>
Gert Doering June 8, 2019, 7:03 a.m. | #2
Your patch has been applied to the master branch.

(No further review done on my side, just basic compile / make check)

commit f636d11ff50658c18e0b90b20d641dc54b63e517
Author: Arne Schwabe
Date:   Fri May 10 14:11:08 2019 +0200

     Write key to stdout if filename is not given

     Acked-by: David Sommerseth <davids@openvpn.net>
     Message-Id: <20190510121114.30468-2-arne@rfc2549.org>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18445.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering

Patch

diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index ff9dbfdc..eb56421b 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -1465,8 +1465,13 @@  write_key_file(const int nkeys, const char *filename)
 
     buf_printf(&out, "%s\n", static_key_foot);
 
+    /* write key file to stdout if no filename given */
+    if (!filename || strcmp(filename, "")==0)
+    {
+        printf("%s\n", BPTR(&out));
+    }
     /* write key file, now formatted in out, to file */
-    if (!buffer_write_file(filename, &out))
+    else if (!buffer_write_file(filename, &out))
     {
         nbits = -1;
     }
@@ -1870,7 +1875,11 @@  write_pem_key_file(const char *filename, const char *pem_name)
         goto cleanup;
     }
 
-    if (!buffer_write_file(filename, &server_key_pem))
+    if (!filename || strcmp(filename, "")==0)
+    {
+        printf("%s\n", BPTR(&server_key_pem));
+    }
+    else if (!buffer_write_file(filename, &server_key_pem))
     {
         msg(M_ERR, "ERROR: could not write key file");
         goto cleanup;
diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c
index d6a82252..e8889e93 100644
--- a/src/openvpn/tls_crypt.c
+++ b/src/openvpn/tls_crypt.c
@@ -697,7 +697,16 @@  tls_crypt_v2_write_client_key_file(const char *filename,
         goto cleanup;
     }
 
-    if (!buffer_write_file(filename, &client_key_pem))
+    const char *client_filename = filename;
+    const char *client_inline = NULL;
+
+    if (!filename || streq(filename, ""))
+    {
+        printf("%s\n", BPTR(&client_key_pem));
+        client_filename = INLINE_FILE_TAG;
+        client_inline = (const char *)BPTR(&client_key_pem);
+    }
+    else if (!buffer_write_file(filename, &client_key_pem))
     {
         msg(M_FATAL, "ERROR: could not write client key file");
         goto cleanup;
@@ -708,7 +717,7 @@  tls_crypt_v2_write_client_key_file(const char *filename,
     struct buffer test_wrapped_client_key;
     msg(D_GENKEY, "Testing client-side key loading...");
     tls_crypt_v2_init_client_key(&test_client_key, &test_wrapped_client_key,
-                                 filename, NULL);
+                                 client_filename, client_inline);
     free_key_ctx_bi(&test_client_key);
 
     /* Sanity check: unwrap and load client key (as "server") */