From: Arne Schwabe Date: Fri, 18 Oct 2024 06:31:23 +0000 (+0200) Subject: Remove unused methods write_key/read_key X-Git-Tag: v2.7_alpha1~177 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8ae409ad72a980d79dd8d40ab4284c3fab1efeb9;p=thirdparty%2Fopenvpn.git Remove unused methods write_key/read_key These were used in the key-method 1 that we remove by commit 36bef1b52 in 2020. That commit unfortunately missed that these methods were only used for directly sending/receiving key material over the control channel. Change-Id: Ib480e57b62ea33f2aea52bee895badaf5607b72d Signed-off-by: Arne Schwabe Acked-by: Gert Doering Message-Id: <20241018063123.11631-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29595.html Signed-off-by: Gert Doering --- diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index 064e59e6..8f34eaab 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -1540,87 +1540,6 @@ verify_fix_key2(struct key2 *key2, const struct key_type *kt, const char *shared } } -/* given a key and key_type, write key to buffer */ -bool -write_key(const struct key *key, const struct key_type *kt, - struct buffer *buf) -{ - ASSERT(cipher_kt_key_size(kt->cipher) <= MAX_CIPHER_KEY_LENGTH - && md_kt_size(kt->digest) <= MAX_HMAC_KEY_LENGTH); - - const uint8_t cipher_length = (uint8_t)cipher_kt_key_size(kt->cipher); - if (!buf_write(buf, &cipher_length, 1)) - { - return false; - } - - uint8_t hmac_length = (uint8_t)md_kt_size(kt->digest); - - if (!buf_write(buf, &hmac_length, 1)) - { - return false; - } - if (!buf_write(buf, key->cipher, cipher_kt_key_size(kt->cipher))) - { - return false; - } - if (!buf_write(buf, key->hmac, hmac_length)) - { - return false; - } - - return true; -} - -/* - * Given a key_type and buffer, read key from buffer. - * Return: 1 on success - * -1 read failure - * 0 on key length mismatch - */ -int -read_key(struct key *key, const struct key_type *kt, struct buffer *buf) -{ - uint8_t cipher_length; - uint8_t hmac_length; - - CLEAR(*key); - if (!buf_read(buf, &cipher_length, 1)) - { - goto read_err; - } - if (!buf_read(buf, &hmac_length, 1)) - { - goto read_err; - } - - if (cipher_length != cipher_kt_key_size(kt->cipher) || hmac_length != md_kt_size(kt->digest)) - { - goto key_len_err; - } - - if (!buf_read(buf, key->cipher, cipher_length)) - { - goto read_err; - } - if (!buf_read(buf, key->hmac, hmac_length)) - { - goto read_err; - } - - return 1; - -read_err: - msg(D_TLS_ERRORS, "TLS Error: error reading key from remote"); - return -1; - -key_len_err: - msg(D_TLS_ERRORS, - "TLS Error: key length mismatch, local cipher/hmac %d/%d, remote cipher/hmac %d/%d", - cipher_kt_key_size(kt->cipher), md_kt_size(kt->digest), cipher_length, hmac_length); - return 0; -} - void prng_bytes(uint8_t *output, int len) { diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h index d91de748..074dad68 100644 --- a/src/openvpn/crypto.h +++ b/src/openvpn/crypto.h @@ -313,11 +313,6 @@ int write_key_file(const int nkeys, const char *filename); bool check_key(struct key *key, const struct key_type *kt); -bool write_key(const struct key *key, const struct key_type *kt, - struct buffer *buf); - -int read_key(struct key *key, const struct key_type *kt, struct buffer *buf); - /** * Initialize a key_type structure with. *