mirror/openvpn
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2024-09-20 03:52:28 +02:00
Code

Remove key_type argument from generate_key_random

Browse Source 
This part of the function is not used by any part of
our source code. It looks also broken if called with kt!=NULL
The function cipher_kt_key_size expects its argument to be not
NULL and would break. So remove the unused code instead of fixing
it.

Found by Coverity.

Change-Id: Id56628cfb3dfd2f306bd9bdcca2e567ac0ca9ab2
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20230601102506.4068185-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26737.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This commit is contained in:
Arne Schwabe 2023-06-01 12:25:06 +02:00 committed by Gert Doering
parent 13f5e61531
commit 68e45eda7b
2 changed files with 11 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
src/openvpn/crypto.c
View File

@ -957,41 +957,25 @@ check_replay_consistency(const struct key_type *kt, bool packet_id)
} }
/* /*
* Generate a random key. If key_type is provided, make * Generate a random key.
* sure generated key is valid for key_type.
*/ */
void static void
generate_key_random(struct key *key, const struct key_type *kt) generate_key_random(struct key *key)
{ {
int cipher_len = MAX_CIPHER_KEY_LENGTH; int cipher_len = MAX_CIPHER_KEY_LENGTH;
int hmac_len = MAX_HMAC_KEY_LENGTH; int hmac_len = MAX_HMAC_KEY_LENGTH;
struct gc_arena gc = gc_new(); struct gc_arena gc = gc_new();
do CLEAR(*key);
if (!rand_bytes(key->cipher, cipher_len)
|| !rand_bytes(key->hmac, hmac_len))
{ {
CLEAR(*key); msg(M_FATAL, "ERROR: Random number generator cannot obtain entropy for key generation");
if (kt) }
{
cipher_len = cipher_kt_key_size(kt->cipher);
int kt_hmac_length = md_kt_size(kt->digest); dmsg(D_SHOW_KEY_SOURCE, "Cipher source entropy: %s", format_hex(key->cipher, cipher_len, 0, &gc));
dmsg(D_SHOW_KEY_SOURCE, "HMAC source entropy: %s", format_hex(key->hmac, hmac_len, 0, &gc));
if (kt->digest && kt_hmac_length > 0 && kt_hmac_length <= hmac_len)
{
hmac_len = kt_hmac_length;
}
}
if (!rand_bytes(key->cipher, cipher_len)
|| !rand_bytes(key->hmac, hmac_len))
{
msg(M_FATAL, "ERROR: Random number generator cannot obtain entropy for key generation");
}
dmsg(D_SHOW_KEY_SOURCE, "Cipher source entropy: %s", format_hex(key->cipher, cipher_len, 0, &gc));
dmsg(D_SHOW_KEY_SOURCE, "HMAC source entropy: %s", format_hex(key->hmac, hmac_len, 0, &gc));
} while (kt && !check_key(key, kt));
gc_free(&gc); gc_free(&gc);
} }
@ -1398,7 +1382,7 @@ write_key_file(const int nkeys, const char *filename)
char *fmt; char *fmt;
/* generate random bits */ /* generate random bits */
generate_key_random(&key, NULL); generate_key_random(&key);
/* format key as ascii */ /* format key as ascii */
fmt = format_hex_ex((const uint8_t *)&key, fmt = format_hex_ex((const uint8_t *)&key,

2
src/openvpn/crypto.h
View File

@ -304,8 +304,6 @@ void read_key_file(struct key2 *key2, const char *file, const unsigned int flags
*/ */
int write_key_file(const int nkeys, const char *filename); int write_key_file(const int nkeys, const char *filename);
void generate_key_random(struct key *key, const struct key_type *kt);
void check_replay_consistency(const struct key_type *kt, bool packet_id); void check_replay_consistency(const struct key_type *kt, bool packet_id);
bool check_key(struct key *key, const struct key_type *kt); bool check_key(struct key *key, const struct key_type *kt);