From 370f94cd97e6869be267a69d1ab4943a3418f27c Mon Sep 17 00:00:00 2001
From: Arne Schwabe <arne@rfc2549.org>
Date: Sun, 14 Dec 2014 23:40:31 +0100
Subject: Update OpenVPN to current -master

--HG--
extra : rebase_source : 85910d09bae449f484bc15d94583e0ac12772282
---
 main/openvpn/src/openvpn/crypto.c | 65 +++------------------------------------
 1 file changed, 4 insertions(+), 61 deletions(-)

(limited to 'main/openvpn/src/openvpn/crypto.c')

diff --git a/main/openvpn/src/openvpn/crypto.c b/main/openvpn/src/openvpn/crypto.c
index ef2bde1d..eaef9643 100644
--- a/main/openvpn/src/openvpn/crypto.c
+++ b/main/openvpn/src/openvpn/crypto.c
@@ -770,22 +770,13 @@ get_tls_handshake_key (const struct key_type *key_type,
 	  }
 	else
 	  {
-	    int hash_size;
-
 	    CLEAR (key2);
 
-	    /* failed, now try to get hash from a freeform file */
-	    hash_size = read_passphrase_hash (passphrase_file,
-					      kt.digest,
-					      key2.keys[0].hmac,
-					      MAX_HMAC_KEY_LENGTH);
-	    ASSERT (hash_size == kt.hmac_length);
-
-	    /* suceeded */
-	    key2.n = 1;
+	    /* failed, now bail out */
 
-	    msg (M_INFO,
-		 "Control Channel Authentication: using '%s' as a free-form passphrase file",
+	    msg (M_ERR,
+		 "Control Channel Authentication: File '%s' does not have OpenVPN Static Key format. "
+		 "Using free-form passphrase file is not supported anymore",
 		 passphrase_file);
 	  }
       }
@@ -1012,54 +1003,6 @@ read_key_file (struct key2 *key2, const char *file, const unsigned int flags)
   gc_free (&gc);
 }
 
-int
-read_passphrase_hash (const char *passphrase_file,
-		      const md_kt_t *digest,
-		      uint8_t *output,
-		      int len)
-{
-  md_ctx_t md;
-
-  ASSERT (len >= md_kt_size(digest));
-  memset (output, 0, len);
-
-  md_ctx_init(&md, digest);
-
-  /* read passphrase file */
-  {
-    const int min_passphrase_size = 8;
-    uint8_t buf[64];
-    int total_size = 0;
-    int fd = platform_open (passphrase_file, O_RDONLY, 0);
-
-    if (fd == -1)
-      msg (M_ERR, "Cannot open passphrase file: '%s'", passphrase_file);
-
-    for (;;)
-      {
-	int size = read (fd, buf, sizeof (buf));
-	if (size == 0)
-	  break;
-	if (size == -1)
-	  msg (M_ERR, "Read error on passphrase file: '%s'",
-	       passphrase_file);
-	md_ctx_update(&md, buf, size);
-	total_size += size;
-      }
-    close (fd);
-
-    warn_if_group_others_accessible (passphrase_file);
-
-    if (total_size < min_passphrase_size)
-      msg (M_FATAL,
-	   "Passphrase file '%s' is too small (must have at least %d characters)",
-	   passphrase_file, min_passphrase_size);
-  }
-  md_ctx_final(&md, output);
-  md_ctx_cleanup(&md);
-  return md_kt_size(digest);
-}
-
 /*
  * Write key to file, return number of random bits
  * written.
-- 
cgit v1.2.3