Message ID | 20190613134834.5709-2-arne@rfc2549.org |
---|---|
State | Accepted |
Delegated to: | David Sommerseth |
Headers | show |
Series | None | expand |
On 13/06/2019 15:48, Arne Schwabe wrote: > From: Arne Schwabe <arne@openvpn.net> > > This is useful for features that can use enither a persistent > or an ephemeral key. > > Patch V2: Move the functionality of generating a random key into a > separate function that acts as wrapper for pem_read_key_file > Patch V4: Move wrapper functionality to caller and leave only generate > epehermal key functionality in the new function > --- > src/openvpn/crypto.c | 14 ++++++++++++++ > src/openvpn/crypto.h | 12 +++++++++++- > 2 files changed, 25 insertions(+), 1 deletion(-) This looks good ... but one nit-pick, but can be fixed during commit: > diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h > index c5947483..72244997 100644 > --- a/src/openvpn/crypto.h > +++ b/src/openvpn/crypto.h > @@ -428,7 +428,17 @@ unsigned int crypto_max_overhead(void); [....]> +/** > + * Generate ephermal key material into the key structure or if ^^^^^ This comment don't need those two last words, but that can be fixed during commit time. Acked-By: David Sommerseth <davids@openvpn.net>
Your patch has been applied to the master branch. I have adjusted the comment as David suggested. Not much to test yet, as the new code is not used yet. commit fb4e8abca908d90faa98f20125e49a2590bccaa3 Author: Arne Schwabe Date: Thu Jun 13 15:48:30 2019 +0200 Add generate_ephemeral_key that allows a random ephermal key Acked-by: David Sommerseth <davids@openvpn.net> Message-Id: <20190613134834.5709-2-arne@rfc2549.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18527.html Signed-off-by: Gert Doering <gert@greenie.muc.de> -- kind regards, Gert Doering
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index 9a150fa2..69877d1d 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -1892,6 +1892,20 @@ cleanup: return; } +bool +generate_ephemeral_key(struct buffer *key, const char *key_name) +{ + msg(M_INFO, "Using random %s.", key_name); + uint8_t rand[BCAP(key)]; + if (!rand_bytes(rand, BCAP(key))) + { + msg(M_WARN, "ERROR: could not generate random key"); + return false; + } + buf_write(key, rand, BCAP(key)); + return true; +} + bool read_pem_key_file(struct buffer *key, const char *pem_name, const char *key_file, const char *key_inline) diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h index c5947483..72244997 100644 --- a/src/openvpn/crypto.h +++ b/src/openvpn/crypto.h @@ -428,7 +428,17 @@ unsigned int crypto_max_overhead(void); * @param pem_name The name to use in the PEM header/footer. */ void -write_pem_key_file(const char *filename, const char *pem_name); +write_pem_key_file(const char *filename, const char *key_name); + +/** + * Generate ephermal key material into the key structure or if + * + * @param key the key structure that will hold the key material + * @param pem_name the name used for logging + * @return true if key generation was successful + */ +bool +generate_ephemeral_key(struct buffer *key, const char *pem_name); /** * Read key material from a PEM encoded files into the key structure
From: Arne Schwabe <arne@openvpn.net> This is useful for features that can use enither a persistent or an ephemeral key. Patch V2: Move the functionality of generating a random key into a separate function that acts as wrapper for pem_read_key_file Patch V4: Move wrapper functionality to caller and leave only generate epehermal key functionality in the new function --- src/openvpn/crypto.c | 14 ++++++++++++++ src/openvpn/crypto.h | 12 +++++++++++- 2 files changed, 25 insertions(+), 1 deletion(-)