From patchwork Fri Oct 18 06:31:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 3901 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:29d4:b0:5b9:581e:f939 with SMTP id g20csp685782max; Thu, 17 Oct 2024 23:31:48 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWL8u9He1z1qw+Z2CSM3Y50mDOCpXrxQTSyqv30kHOqEaV2LrvrAX5F6phheklJCyFKUfGynp9DWb4=@openvpn.net X-Google-Smtp-Source: AGHT+IFGhfBsDUQ6RtS8A0LMgtHe1F6go+KzpKCmtUvYjks88LnVn8nJ/nom6ksWc2v8+UmRprM8 X-Received: by 2002:a05:6e02:1fcc:b0:3a0:ce43:fb62 with SMTP id e9e14a558f8ab-3a3e531953amr41340325ab.11.1729233108207; Thu, 17 Oct 2024 23:31:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1729233108; cv=none; d=google.com; s=arc-20240605; b=LRjDAoWHTW1FLopwO10YUojiw9bQ1yfIlLhT3tpgZyc88PzjFlgYnXn3xX/3ZNtNq5 uFq0BC1nOl9ugan5wD3zlTUHCYwHJdeV8vyL4/1HCbFRTSgjKzBhg5tsFbGK/+AZAgRZ GzLvodqDQhOSpoqi+0hASUNjV6y+ofEx14vCldCW3OxPJ99maAW29KZstPkITHu0YjZT oUGH2ZCwjuWj3zdyTEhiosh80315CnXOma+nIt+bkWjjECW0bUKchsvpyQ79R/sxT8jI 0udWuduqQ5/1jIyOr2JbNCBfSmMnEm+Cko2ljpB+iSrojZzk627kC4FTKeqoAQKScRb6 nQ0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=LuMUTEdZVXMbM+k6TVghb3dW/zJyze2O4kdBL0fK/J8=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=To58M7X4U1ZbOIYJpooTE+RzBm2S94NOmcbpQo2xBskcrXfeOgiw0QBaN9XrI7jXFa nnRfICqCfWMhYNw/LrYb0ovsL8GBI6lTsBXyGXUKYu8byxJhEK6norhIPRUZ7F2jTAgr RWKW58LmPYLdSdoL4FGhp4k5avK7y+b7Q7GdwbHypnrR1xY8w+LwnqzEZYI5R98Nf3BG fffePbVmg2mUDdAov5Itx0dI6QiKTSb6ipwPS9W4i6v457z5lr5DZKWKt31hN5hjjgMY bnqpCWrGz5n6hzDqRwBkMkQXWQYQKE/+2n67XXY4I4IKrGvrjFdFZ6BFpvl/IejiNkRA UB/A==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=DYLAlb6E; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=jiikTijo; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id e9e14a558f8ab-3a3f3fda802si4548475ab.40.2024.10.17.23.31.47 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 17 Oct 2024 23:31:48 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=DYLAlb6E; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=jiikTijo; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1t1gWS-0000Kt-Vs; Fri, 18 Oct 2024 06:31:40 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1t1gWR-0000Kl-0M for openvpn-devel@lists.sourceforge.net; Fri, 18 Oct 2024 06:31:38 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=ct1oo1sIE/gh4+Xec7fRzkFOJJIoUJGR6rhvse/ZXVU=; b=DYLAlb6EiFsIYX+mgh57D+rfH6 HtEUA5gwmbKAKKK9PToU/1IWqL9D5pKQkSXXcFFTjHokoOP3lVjlfTj58Fi+ZgnWN4Vo8AZMw2xrQ Uwjbt3tF76jBLAMwTlz0+FcBKkXUw2AD3Hbi8/3/MeD5vCkM9hTzegyOJMvraFLJfOdo=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=ct1oo1sIE/gh4+Xec7fRzkFOJJIoUJGR6rhvse/ZXVU=; b=jiikTijojZ3PaoKsaANnbl0eD2 oFGPOuuDd78JX4kDbF7aBptfjqq+EyDmWjouwJE5kXG9Eky/kVju1q7ufX3V1ijv3HnAWCJmIxj4q OGbFzeQY/ALJ0Nsxzn31oBSVMhn47rvoUFbRSPMmArYnYWcdvs3h0uru7lYMDDsPjZ8g=; Received: from dhcp-174.greenie.muc.de ([193.149.48.174] helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1t1gWN-0005in-PC for openvpn-devel@lists.sourceforge.net; Fri, 18 Oct 2024 06:31:37 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 49I6VOCR011703 for ; Fri, 18 Oct 2024 08:31:24 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 49I6VO4m011702 for openvpn-devel@lists.sourceforge.net; Fri, 18 Oct 2024 08:31:24 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Fri, 18 Oct 2024 08:31:23 +0200 Message-ID: <20241018063123.11631-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.45.2 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: -0.0 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Arne Schwabe These were used in the key-method 1 that we remove by commit 36bef1b52 in 2020. That commit unfortunately missed that these methods were only used for directly sending/receiving key material over the [...] Content analysis details: (-0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record X-Headers-End: 1t1gWN-0005in-PC Subject: [Openvpn-devel] [PATCH v1] Remove unused methods write_key/read_key X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1813232335621530397?= X-GMAIL-MSGID: =?utf-8?q?1813232335621530397?= From: Arne Schwabe These were used in the key-method 1 that we remove by commit 36bef1b52 in 2020. That commit unfortunately missed that these methods were only used for directly sending/receiving key material over the control channel. Change-Id: Ib480e57b62ea33f2aea52bee895badaf5607b72d Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/784 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index 064e59e..8f34eaa 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -1540,87 +1540,6 @@ } } -/* given a key and key_type, write key to buffer */ -bool -write_key(const struct key *key, const struct key_type *kt, - struct buffer *buf) -{ - ASSERT(cipher_kt_key_size(kt->cipher) <= MAX_CIPHER_KEY_LENGTH - && md_kt_size(kt->digest) <= MAX_HMAC_KEY_LENGTH); - - const uint8_t cipher_length = (uint8_t)cipher_kt_key_size(kt->cipher); - if (!buf_write(buf, &cipher_length, 1)) - { - return false; - } - - uint8_t hmac_length = (uint8_t)md_kt_size(kt->digest); - - if (!buf_write(buf, &hmac_length, 1)) - { - return false; - } - if (!buf_write(buf, key->cipher, cipher_kt_key_size(kt->cipher))) - { - return false; - } - if (!buf_write(buf, key->hmac, hmac_length)) - { - return false; - } - - return true; -} - -/* - * Given a key_type and buffer, read key from buffer. - * Return: 1 on success - * -1 read failure - * 0 on key length mismatch - */ -int -read_key(struct key *key, const struct key_type *kt, struct buffer *buf) -{ - uint8_t cipher_length; - uint8_t hmac_length; - - CLEAR(*key); - if (!buf_read(buf, &cipher_length, 1)) - { - goto read_err; - } - if (!buf_read(buf, &hmac_length, 1)) - { - goto read_err; - } - - if (cipher_length != cipher_kt_key_size(kt->cipher) || hmac_length != md_kt_size(kt->digest)) - { - goto key_len_err; - } - - if (!buf_read(buf, key->cipher, cipher_length)) - { - goto read_err; - } - if (!buf_read(buf, key->hmac, hmac_length)) - { - goto read_err; - } - - return 1; - -read_err: - msg(D_TLS_ERRORS, "TLS Error: error reading key from remote"); - return -1; - -key_len_err: - msg(D_TLS_ERRORS, - "TLS Error: key length mismatch, local cipher/hmac %d/%d, remote cipher/hmac %d/%d", - cipher_kt_key_size(kt->cipher), md_kt_size(kt->digest), cipher_length, hmac_length); - return 0; -} - void prng_bytes(uint8_t *output, int len) { diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h index d91de74..074dad6 100644 --- a/src/openvpn/crypto.h +++ b/src/openvpn/crypto.h @@ -313,11 +313,6 @@ bool check_key(struct key *key, const struct key_type *kt); -bool write_key(const struct key *key, const struct key_type *kt, - struct buffer *buf); - -int read_key(struct key *key, const struct key_type *kt, struct buffer *buf); - /** * Initialize a key_type structure with. *