mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager
synced 2024-10-15 04:24:32 +00:00
crypto: move nm_crypto_read_file() to "libnm-glib-aux"
It has no actual dependency on the crypto library. All it does, is to be careful about not leaking secrets in memory. We have code for that in libnm-glib-aux already. Move. The goal is to reduce the number of places where we use libnm-crypto, because that has a large dependency. libnm-glib-aux is a very light dependency instead.
This commit is contained in:
parent
723e1fc76f
commit
79f676c83a
|
@ -516,7 +516,7 @@ _cert_impl_set(NMSetting8021x *setting,
|
|||
gs_unref_bytes GBytes *file = NULL;
|
||||
|
||||
if (NM_IN_SET(property, PROP_PRIVATE_KEY, PROP_PHASE2_PRIVATE_KEY)) {
|
||||
file = nm_crypto_read_file(value, error);
|
||||
file = nm_utils_read_crypto_file_to_bytes(value, error);
|
||||
if (!file)
|
||||
goto err;
|
||||
format = nm_crypto_verify_private_key_data(g_bytes_get_data(file, NULL),
|
||||
|
|
|
@ -432,35 +432,6 @@ parse_tpm2_wrapped_key_file(const guint8 *data,
|
|||
return TRUE;
|
||||
}
|
||||
|
||||
static gboolean
|
||||
file_read_contents(const char *filename, NMSecretPtr *out_contents, GError **error)
|
||||
{
|
||||
nm_assert(out_contents);
|
||||
nm_assert(out_contents->len == 0);
|
||||
nm_assert(!out_contents->str);
|
||||
|
||||
return nm_utils_file_get_contents(-1,
|
||||
filename,
|
||||
100 * 1024 * 1024,
|
||||
NM_UTILS_FILE_GET_CONTENTS_FLAG_SECRET,
|
||||
&out_contents->str,
|
||||
&out_contents->len,
|
||||
NULL,
|
||||
error);
|
||||
}
|
||||
|
||||
GBytes *
|
||||
nm_crypto_read_file(const char *filename, GError **error)
|
||||
{
|
||||
nm_auto_clear_secret_ptr NMSecretPtr contents = {0};
|
||||
|
||||
g_return_val_if_fail(filename, NULL);
|
||||
|
||||
if (!file_read_contents(filename, &contents, error))
|
||||
return NULL;
|
||||
return nm_secret_copy_to_gbytes(contents.bin, contents.len);
|
||||
}
|
||||
|
||||
/*
|
||||
* Convert a hex string into bytes.
|
||||
*/
|
||||
|
@ -661,7 +632,7 @@ nmtst_crypto_decrypt_openssl_private_key(const char *file,
|
|||
if (!_nm_crypto_init(error))
|
||||
return NULL;
|
||||
|
||||
if (!file_read_contents(file, &contents, error))
|
||||
if (!nm_utils_read_crypto_file(file, &contents, error))
|
||||
return NULL;
|
||||
|
||||
return nmtst_crypto_decrypt_openssl_private_key_data(contents.bin,
|
||||
|
@ -735,7 +706,7 @@ nm_crypto_load_and_verify_certificate(const char *file,
|
|||
if (!_nm_crypto_init(error))
|
||||
goto out;
|
||||
|
||||
if (!file_read_contents(file, &contents, error))
|
||||
if (!nm_utils_read_crypto_file(file, &contents, error))
|
||||
goto out;
|
||||
|
||||
if (contents.len == 0) {
|
||||
|
@ -826,7 +797,7 @@ nm_crypto_is_pkcs12_file(const char *file, GError **error)
|
|||
if (!_nm_crypto_init(error))
|
||||
return FALSE;
|
||||
|
||||
if (!file_read_contents(file, &contents, error))
|
||||
if (!nm_utils_read_crypto_file(file, &contents, error))
|
||||
return FALSE;
|
||||
|
||||
return nm_crypto_is_pkcs12_data(contents.bin, contents.len, error);
|
||||
|
@ -904,7 +875,7 @@ nm_crypto_verify_private_key(const char *filename,
|
|||
if (!_nm_crypto_init(error))
|
||||
return NM_CRYPTO_FILE_FORMAT_UNKNOWN;
|
||||
|
||||
if (!file_read_contents(filename, &contents, error))
|
||||
if (!nm_utils_read_crypto_file(filename, &contents, error))
|
||||
return NM_CRYPTO_FILE_FORMAT_UNKNOWN;
|
||||
|
||||
return nm_crypto_verify_private_key_data(contents.bin,
|
||||
|
|
|
@ -10,6 +10,8 @@
|
|||
|
||||
#include <malloc.h>
|
||||
|
||||
#include "nm-io-utils.h"
|
||||
|
||||
/*****************************************************************************/
|
||||
|
||||
void
|
||||
|
@ -176,3 +178,34 @@ nm_utils_memeqzero_secret(gconstpointer data, gsize length)
|
|||
}
|
||||
return 1 & ((acc - 1) >> 8);
|
||||
}
|
||||
|
||||
/*****************************************************************************/
|
||||
|
||||
gboolean
|
||||
nm_utils_read_crypto_file(const char *filename, NMSecretPtr *out_contents, GError **error)
|
||||
{
|
||||
nm_assert(out_contents);
|
||||
nm_assert(out_contents->len == 0);
|
||||
nm_assert(!out_contents->str);
|
||||
|
||||
return nm_utils_file_get_contents(-1,
|
||||
filename,
|
||||
100 * 1024 * 1024,
|
||||
NM_UTILS_FILE_GET_CONTENTS_FLAG_SECRET,
|
||||
&out_contents->str,
|
||||
&out_contents->len,
|
||||
NULL,
|
||||
error);
|
||||
}
|
||||
|
||||
GBytes *
|
||||
nm_utils_read_crypto_file_to_bytes(const char *filename, GError **error)
|
||||
{
|
||||
nm_auto_clear_secret_ptr NMSecretPtr contents = {0};
|
||||
|
||||
g_return_val_if_fail(filename, NULL);
|
||||
|
||||
if (!nm_utils_read_crypto_file(filename, &contents, error))
|
||||
return NULL;
|
||||
return nm_secret_copy_to_gbytes(contents.bin, contents.len);
|
||||
}
|
||||
|
|
|
@ -286,4 +286,8 @@ nm_secret_mem_try_realloc_take(gpointer m_old, gboolean do_bzero_mem, gsize cur_
|
|||
|
||||
/*****************************************************************************/
|
||||
|
||||
gboolean nm_utils_read_crypto_file(const char *filename, NMSecretPtr *out_contents, GError **error);
|
||||
|
||||
GBytes *nm_utils_read_crypto_file_to_bytes(const char *filename, GError **error);
|
||||
|
||||
#endif /* __NM_SECRET_UTILS_H__ */
|
||||
|
|
Loading…
Reference in a new issue