Add generate_ephemeral_key that allows a random ephermal key

This is useful for features that can use enither a persistent
or an ephemeral key.

Patch V2: Move the functionality of generating a random key into a
          separate function that acts as wrapper for pem_read_key_file
Patch V4: Move wrapper functionality to caller and leave only generate
          epehermal key functionality in the new function
Acked-by: David Sommerseth <[email protected]>
Message-Id: <[email protected]>
URL: https://www.mail-archive.com/[email protected]/msg18527.html

Signed-off-by: Gert Doering <[email protected]>

src/openvpn/crypto.c

@@ -1892,6 +1892,20 @@ write_pem_key_file(const char *filename, const char *pem_name)
     return;
 }
 
+bool
+generate_ephemeral_key(struct buffer *key, const char *key_name)
+{
+    msg(M_INFO, "Using random %s.", key_name);
+    uint8_t rand[BCAP(key)];
+    if (!rand_bytes(rand, BCAP(key)))
+    {
+        msg(M_WARN, "ERROR: could not generate random key");
+        return false;
+    }
+    buf_write(key, rand, BCAP(key));
+    return true;
+}
+
 bool
 read_pem_key_file(struct buffer *key, const char *pem_name,
                   const char *key_file, const char *key_inline)

src/openvpn/crypto.h

@@ -428,7 +428,17 @@ unsigned int crypto_max_overhead(void);
  * @param pem_name          The name to use in the PEM header/footer.
  */
 void
-write_pem_key_file(const char *filename, const char *pem_name);
+write_pem_key_file(const char *filename, const char *key_name);
+
+/**
+ * Generate ephermal key material into the key structure
+ *
+ * @param key           the key structure that will hold the key material
+ * @param pem_name      the name used for logging
+ * @return              true if key generation was successful
+ */
+bool
+generate_ephemeral_key(struct buffer *key, const char *pem_name);
 
 /**
  * Read key material from a PEM encoded files into the key structure