Re: use libc base64 code instead of libcrypt for ifconfig wg key handling

Matt Dunwoodie Sun, 21 Jun 2020 18:15:49 -0700

On Mon, 22 Jun 2020 11:01:05 +1000
David Gwynne <[email protected]> wrote:


> libc has undocumented base64 encoding and decoding funtionality. this
> cuts ifconfig over to using it instead of the code in libcrypto.
> 
> whether the libc functionality should be "blessed" and documented is a
> separate issue.
> 
> ok?
> 
> Index: Makefile
> ===================================================================
> RCS file: /cvs/src/sbin/ifconfig/Makefile,v
> retrieving revision 1.16
> diff -u -p -r1.16 Makefile
> --- Makefile  21 Jun 2020 12:20:06 -0000      1.16
> +++ Makefile  21 Jun 2020 23:15:34 -0000
> @@ -4,7 +4,7 @@ PROG= ifconfig
>  SRCS=        ifconfig.c brconfig.c sff.c
>  MAN= ifconfig.8
>  
> -LDADD=       -lutil -lm -lcrypto
> +LDADD=       -lutil -lm
>  DPADD=       ${LIBUTIL}
>  
>  .include <bsd.prog.mk>
> Index: ifconfig.c
> ===================================================================
> RCS file: /cvs/src/sbin/ifconfig/ifconfig.c,v
> retrieving revision 1.422
> diff -u -p -r1.422 ifconfig.c
> --- ifconfig.c        21 Jun 2020 12:20:06 -0000      1.422
> +++ ifconfig.c        21 Jun 2020 23:15:35 -0000
> @@ -5673,14 +5673,12 @@ setifpriority(const char *id, int param)
>   * space.
>   */
>  #define WG_BASE64_KEY_LEN (4 * ((WG_KEY_LEN + 2) / 3))
> -#define WG_TMP_KEY_LEN (WG_BASE64_KEY_LEN / 4 * 3)
>  #define WG_LOAD_KEY(dst, src, fn_name) do {
>       \
> -     uint8_t _tmp[WG_TMP_KEY_LEN];
>       \
> +     uint8_t _tmp[WG_KEY_LEN]; int _r;
>       \ if (strlen(src) != WG_BASE64_KEY_LEN)
>               \ errx(1, fn_name " (key): invalid length");
>       \
> -     if (EVP_DecodeBlock(_tmp, src,
>               \
> -         WG_BASE64_KEY_LEN) != WG_TMP_KEY_LEN)
>       \
> -             errx(1, fn_name " (key): invalid base64");
>       \
> +     if ((_r = b64_pton(src, _tmp, sizeof(_tmp))) !=
> sizeof(_tmp))         \
> +             errx(1, fn_name " (key): invalid base64 %d/%zu", _r,
> sizeof(_tmp));                \ memcpy(dst, _tmp, WG_KEY_LEN);
>                               \ } while (0)
>  
> @@ -5899,13 +5897,15 @@ wg_status(void)
>       if (wg_interface->i_flags & WG_INTERFACE_HAS_RTABLE)
>               printf("\twgrtable %d\n", wg_interface->i_rtable);
>       if (wg_interface->i_flags & WG_INTERFACE_HAS_PUBLIC) {
> -             EVP_EncodeBlock(key, wg_interface->i_public,
> WG_KEY_LEN);
> +             b64_ntop(wg_interface->i_public, WG_KEY_LEN,
> +                 key, sizeof(key));
>               printf("\twgpubkey %s\n", key);
>       }
>  
>       wg_peer = &wg_interface->i_peers[0];
>       for (i = 0; i < wg_interface->i_peers_count; i++) {
> -             EVP_EncodeBlock(key, wg_peer->p_public, WG_KEY_LEN);
> +             b64_ntop(wg_peer->p_public, WG_KEY_LEN,
> +                 key, sizeof(key));
>               printf("\twgpeer %s\n", key);
>  
>               if (wg_peer->p_flags & WG_PEER_HAS_PSK)

looks good to me.

- Matt

Re: use libc base64 code instead of libcrypt for ifconfig wg key handling

Reply via email to