On 10/05/2020 16:00, Antonio Quartulli wrote:
> The inline logic was recently changed by commit
> ("convert *_inline attributes to bool"), however the code testing a
> newly created tls-crypt-v2 client key was not adapted.
>
> Adapt tls-crypt-v2 test routine by properly signaling when the passed
> key is inlined or not.
>
> Signed-off-by: Antonio Quartulli <a...@unstable.cc>
> ---
> src/openvpn/tls_crypt.c | 10 +++++-----
> 1 file changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c
> index 484d4d46..a3894d66 100644
> --- a/src/openvpn/tls_crypt.c
> +++ b/src/openvpn/tls_crypt.c
> @@ -697,14 +697,14 @@ tls_crypt_v2_write_client_key_file(const char *filename,
> goto cleanup;
> }
>
> - const char *client_filename = filename;
> - const char *client_inline = NULL;
> + const char *client_file = filename;
> + bool client_inline = false;
>
> if (!filename || streq(filename, ""))
> {
> printf("%s\n", BPTR(&client_key_pem));
> - client_filename = INLINE_FILE_TAG;
> - client_inline = (const char *)BPTR(&client_key_pem);
> + client_file = (const char *)BPTR(&client_key_pem);
> + client_inline = true;
> }
> else if (!buffer_write_file(filename, &client_key_pem))
> {
> @@ -717,7 +717,7 @@ tls_crypt_v2_write_client_key_file(const char *filename,
> struct buffer test_wrapped_client_key;
> msg(D_GENKEY, "Testing client-side key loading...");
> tls_crypt_v2_init_client_key(&test_client_key, &test_wrapped_client_key,
> - client_filename, client_inline);
> + client_file, client_inline);
> free_key_ctx_bi(&test_client_key);
>
> /* Sanity check: unwrap and load client key (as "server") */
> This looks good. Without this patch, generating tls-crypt-v2-client keys fails. -------------------------------------------------------------- $ ./src/openvpn/openvpn --tls-crypt-v2 tv2-srv --genkey tls-crypt-v2-client -----BEGIN OpenVPN tls-crypt-v2 client key----- OCvS/y1ZC/jDJ6wSkVMITJ7t5kI4XRLRikUP8TTukOtXlLHVwVbkL5Sw7cO+ChAf RcngI8Zzglk2u3fYmlsfU9W6aBouUeBxjixPamA0Yr4xg15eb30HZU2i6YPkJVIL iiSU+IlfR694fSEWM/j/+Yy3dOid6/kqUpw6Py5wpGuwMJ2ZKBYq+OQhwQ+HBZvF ftYMJ1W21wx4hWiNT4EyqlC/WYJJFsOpW67eLHQ6L61tMxrQBdSEMTfrP0vlC8lj anQMIfaDg7RHVq4oiXiTvrA7EgVJi0dra3DND/OXrtk5SyiDfJ1V2VuQ8fs6IoYf PHXXGuWYCAfBT+0A/ZQ9Agc1jtvRbyYJxkebCid5xCOV8sDSEBCP/PivP+Mysysk 3kptpJQhJx4FHf65xxvVdxio9VW2fyw5NawYdX1XFtVzro486f++8q32Ma8HtD4V ZCy39QdjK5SzNXKO3Q1Vun3IVtrCA6TMfoyHMkTYcnWkr0a4t47u9tefIJmcwmF5 iBMvKGoEQqjM+Xll9Vqi1FmW35JaQXz9gE8YXi+CC2vB3jrW07W9Xg+m9E6qhxv7 x3wTWRvHDeGaCJlQOO3QVClQMcsryLmBe7Dev8ido54JEAGVHkf0kfC/7E+yFgDq PMFg99QKQph2HlLS8NOUg5RTgRGkg0VWj+paaOQ7Vej77io9M/1yR4TtyDxovfgN AZFUlRNuCd7sGHDmwHKA0giaAgvfDpCodQEr -----END OpenVPN tls-crypt-v2 client key----- Mon May 11 14:16:24 2020 crypto_pem_decode: PEM decode failed Mon May 11 14:16:24 2020 ERROR: OpenVPN tls-crypt-v2 client key pem decode failed Mon May 11 14:16:24 2020 ERROR: invalid tls-crypt-v2 client key format Mon May 11 14:16:24 2020 Exiting due to fatal error -------------------------------------------------------------- With this patch, the error messages below the generated key is gone. And since the code changes are not surprising, this is good to go. Acked-by: David Sommerseth <dav...@openvpn.net> -- kind regards, David Sommerseth OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
