Rename tls_crypt_v2_read_keyfile into generic pem_read_key_file

The function is fairly generic and to avoid duplicating the same
functionality move the function to crypto.c and change fixed string to
be the same as the pem_name parameter.

Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20190122150333.1061-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/search?l=mid&q=20190122150333.1061-1-arne@rfc2549.org

Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index 19136799d2e9921fee4831844e0aa2ce69842666..ff9dbfdc8a5c7679d8637ed31230595aaee2f77d 100644 (file)
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -1882,3 +1882,42 @@ cleanup:
     gc_free(&gc);
     return;
 }
+
+bool
+read_pem_key_file(struct buffer *key, const char *pem_name,
+                  const char *key_file, const char *key_inline)
+{
+    bool ret = false;
+    struct buffer key_pem = { 0 };
+    struct gc_arena gc = gc_new();
+
+    if (strcmp(key_file, INLINE_FILE_TAG))
+    {
+        key_pem = buffer_read_from_file(key_file, &gc);
+        if (!buf_valid(&key_pem))
+        {
+            msg(M_WARN, "ERROR: failed to read %s file (%s)",
+                pem_name, key_file);
+            goto cleanup;
+        }
+    }
+    else
+    {
+        buf_set_read(&key_pem, (const void *)key_inline, strlen(key_inline) + 1);
+    }
+
+    if (!crypto_pem_decode(pem_name, key, &key_pem))
+    {
+        msg(M_WARN, "ERROR: %s pem decode failed", pem_name);
+        goto cleanup;
+    }
+
+    ret = true;
+cleanup:
+    if (strcmp(key_file, INLINE_FILE_TAG))
+    {
+        buf_clear(&key_pem);
+    }
+    gc_free(&gc);
+    return ret;
+}

diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h
index c0574ff6d6c4fe0a8858201f7fe5e7c65b3ec1f0..09f7bb25d6e656fae2c899e07c4aba9874f51b45 100644 (file)
--- a/src/openvpn/crypto.h
+++ b/src/openvpn/crypto.h
@@ -430,6 +430,18 @@ unsigned int crypto_max_overhead(void);
 void
 write_pem_key_file(const char *filename, const char *pem_name);
 
+/**
+ * Read key material from a PEM encoded files into the key structure
+ * @param key           the key structure that will hold the key material
+ * @param pem_name      the name used in the pem encoding start/end lines
+ * @param key_file      name of the file to read
+ * @param key_inline    a string holding the data in case of an inline key
+ * @return              true if reading into key was successful
+ */
+bool
+read_pem_key_file(struct buffer *key, const char *pem_name,
+                  const char *key_file, const char *key_inline);
+
 /* Minimum length of the nonce used by the PRNG */
 #define NONCE_SECRET_LEN_MIN 16
 

diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h
index eafb235ef0d474b8dc055b036ce2a2569632ad83..660e9eb46fb9bc4ddb86e2378fc7b960ed024f9c 100644 (file)
--- a/src/openvpn/ssl.h
+++ b/src/openvpn/ssl.h
@@ -634,5 +634,4 @@ void
 show_available_tls_ciphers(const char *cipher_list,
                            const char *cipher_list_tls13,
                            const char *tls_cert_profile);
-
 #endif /* ifndef OPENVPN_SSL_H */

diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c
index eeac794b0ade7d5b14664cc056c32fc9cd78a212..d6a82252d18eb48840fa0af5f8cda670c940a577 100644 (file)
--- a/src/openvpn/tls_crypt.c
+++ b/src/openvpn/tls_crypt.c
@@ -278,45 +278,6 @@ error_exit:
     return false;
 }
 
-static inline bool
-tls_crypt_v2_read_keyfile(struct buffer *key, const char *pem_name,
-                          const char *key_file, const char *key_inline)
-{
-    bool ret = false;
-    struct buffer key_pem = { 0 };
-    struct gc_arena gc = gc_new();
-
-    if (strcmp(key_file, INLINE_FILE_TAG))
-    {
-        key_pem = buffer_read_from_file(key_file, &gc);
-        if (!buf_valid(&key_pem))
-        {
-            msg(M_WARN, "ERROR: failed to read tls-crypt-v2 key file (%s)",
-                key_file);
-            goto cleanup;
-        }
-    }
-    else
-    {
-        buf_set_read(&key_pem, (const void *)key_inline, strlen(key_inline) + 1);
-    }
-
-    if (!crypto_pem_decode(pem_name, key, &key_pem))
-    {
-        msg(M_WARN, "ERROR: tls-crypt-v2 pem decode failed");
-        goto cleanup;
-    }
-
-    ret = true;
-cleanup:
-    if (strcmp(key_file, INLINE_FILE_TAG))
-    {
-        buf_clear(&key_pem);
-    }
-    gc_free(&gc);
-    return ret;
-}
-
 static inline void
 tls_crypt_v2_load_client_key(struct key_ctx_bi *key, const struct key2 *key2,
                              bool tls_server)
@@ -339,8 +300,8 @@ tls_crypt_v2_init_client_key(struct key_ctx_bi *key, struct buffer *wkc_buf,
     struct buffer client_key = alloc_buf(TLS_CRYPT_V2_CLIENT_KEY_LEN
                                          + TLS_CRYPT_V2_MAX_WKC_LEN);
 
-    if (!tls_crypt_v2_read_keyfile(&client_key, tls_crypt_v2_cli_pem_name,
-                                   key_file, key_inline))
+    if (!read_pem_key_file(&client_key, tls_crypt_v2_cli_pem_name,
+                           key_file, key_inline))
     {
         msg(M_FATAL, "ERROR: invalid tls-crypt-v2 client key format");
     }
@@ -365,8 +326,8 @@ tls_crypt_v2_init_server_key(struct key_ctx *key_ctx, bool encrypt,
     struct buffer srv_key_buf;
 
     buf_set_write(&srv_key_buf, (void *)&srv_key, sizeof(srv_key));
-    if (!tls_crypt_v2_read_keyfile(&srv_key_buf, tls_crypt_v2_srv_pem_name,
-                                   key_file, key_inline))
+    if (!read_pem_key_file(&srv_key_buf, tls_crypt_v2_srv_pem_name,
+                           key_file, key_inline))
     {
         msg(M_FATAL, "ERROR: invalid tls-crypt-v2 server key format");
     }