@@ -1540,87 +1540,6 @@
}
}
-/* given a key and key_type, write key to buffer */
-bool
-write_key(const struct key *key, const struct key_type *kt,
- struct buffer *buf)
-{
- ASSERT(cipher_kt_key_size(kt->cipher) <= MAX_CIPHER_KEY_LENGTH
- && md_kt_size(kt->digest) <= MAX_HMAC_KEY_LENGTH);
-
- const uint8_t cipher_length = (uint8_t)cipher_kt_key_size(kt->cipher);
- if (!buf_write(buf, &cipher_length, 1))
- {
- return false;
- }
-
- uint8_t hmac_length = (uint8_t)md_kt_size(kt->digest);
-
- if (!buf_write(buf, &hmac_length, 1))
- {
- return false;
- }
- if (!buf_write(buf, key->cipher, cipher_kt_key_size(kt->cipher)))
- {
- return false;
- }
- if (!buf_write(buf, key->hmac, hmac_length))
- {
- return false;
- }
-
- return true;
-}
-
-/*
- * Given a key_type and buffer, read key from buffer.
- * Return: 1 on success
- * -1 read failure
- * 0 on key length mismatch
- */
-int
-read_key(struct key *key, const struct key_type *kt, struct buffer *buf)
-{
- uint8_t cipher_length;
- uint8_t hmac_length;
-
- CLEAR(*key);
- if (!buf_read(buf, &cipher_length, 1))
- {
- goto read_err;
- }
- if (!buf_read(buf, &hmac_length, 1))
- {
- goto read_err;
- }
-
- if (cipher_length != cipher_kt_key_size(kt->cipher) || hmac_length != md_kt_size(kt->digest))
- {
- goto key_len_err;
- }
-
- if (!buf_read(buf, key->cipher, cipher_length))
- {
- goto read_err;
- }
- if (!buf_read(buf, key->hmac, hmac_length))
- {
- goto read_err;
- }
-
- return 1;
-
-read_err:
- msg(D_TLS_ERRORS, "TLS Error: error reading key from remote");
- return -1;
-
-key_len_err:
- msg(D_TLS_ERRORS,
- "TLS Error: key length mismatch, local cipher/hmac %d/%d, remote cipher/hmac %d/%d",
- cipher_kt_key_size(kt->cipher), md_kt_size(kt->digest), cipher_length, hmac_length);
- return 0;
-}
-
void
prng_bytes(uint8_t *output, int len)
{
@@ -313,11 +313,6 @@
bool check_key(struct key *key, const struct key_type *kt);
-bool write_key(const struct key *key, const struct key_type *kt,
- struct buffer *buf);
-
-int read_key(struct key *key, const struct key_type *kt, struct buffer *buf);
-
/**
* Initialize a key_type structure with.
*
Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/784?usp=email to review the following change. Change subject: Remove unused methods write_key/read_key ...................................................................... Remove unused methods write_key/read_key These were used in the key-method 1 that we remove by commit 36bef1b52 in 2020. That commit unfortunately missed that these methods were only used for directly sending/receiving key material over the control channel. Change-Id: Ib480e57b62ea33f2aea52bee895badaf5607b72d Signed-off-by: Arne Schwabe <arne@rfc2549.org> --- M src/openvpn/crypto.c M src/openvpn/crypto.h 2 files changed, 0 insertions(+), 86 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/84/784/1