This is useful for features that can use enither a persistent
or an ephemeral key.
Patch V2: Move the functionality of generating a random key into a
separate function that acts as wrapper for pem_read_key_file
Patch V4: Move wrapper functionality to caller and leave only generate
epehermal key functionality in the new function
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <
20190613134834.5709-2-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18527.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
return;
}
+bool
+generate_ephemeral_key(struct buffer *key, const char *key_name)
+{
+ msg(M_INFO, "Using random %s.", key_name);
+ uint8_t rand[BCAP(key)];
+ if (!rand_bytes(rand, BCAP(key)))
+ {
+ msg(M_WARN, "ERROR: could not generate random key");
+ return false;
+ }
+ buf_write(key, rand, BCAP(key));
+ return true;
+}
+
bool
read_pem_key_file(struct buffer *key, const char *pem_name,
const char *key_file, const char *key_inline)
* @param pem_name The name to use in the PEM header/footer.
*/
void
-write_pem_key_file(const char *filename, const char *pem_name);
+write_pem_key_file(const char *filename, const char *key_name);
+
+/**
+ * Generate ephermal key material into the key structure
+ *
+ * @param key the key structure that will hold the key material
+ * @param pem_name the name used for logging
+ * @return true if key generation was successful
+ */
+bool
+generate_ephemeral_key(struct buffer *key, const char *pem_name);
/**
* Read key material from a PEM encoded files into the key structure
projects / thirdparty / openvpn.git / commitdiff
