diff options
author | Thomas Haller <thaller@redhat.com> | 2022-03-18 21:57:37 +0100 |
---|---|---|
committer | Thomas Haller <thaller@redhat.com> | 2022-03-29 11:56:04 +0200 |
commit | 79f676c83a3bdc9926b87702ef8a39bb14f50ee5 (patch) | |
tree | 7ccd66711e2ed827c417c64a120d7deace7a0244 /src/libnm-crypto | |
parent | 723e1fc76f127001eded94ffbeabc0395738bec7 (diff) | |
download | NetworkManager-79f676c83a3bdc9926b87702ef8a39bb14f50ee5.tar.gz |
crypto: move nm_crypto_read_file() to "libnm-glib-aux"
It has no actual dependency on the crypto library. All it does, is
to be careful about not leaking secrets in memory. We have code
for that in libnm-glib-aux already. Move.
The goal is to reduce the number of places where we use libnm-crypto,
because that has a large dependency. libnm-glib-aux is a very light
dependency instead.
Diffstat (limited to 'src/libnm-crypto')
-rw-r--r-- | src/libnm-crypto/nm-crypto.c | 37 |
1 files changed, 4 insertions, 33 deletions
diff --git a/src/libnm-crypto/nm-crypto.c b/src/libnm-crypto/nm-crypto.c index 0480105120..4a38f0c4c1 100644 --- a/src/libnm-crypto/nm-crypto.c +++ b/src/libnm-crypto/nm-crypto.c @@ -432,35 +432,6 @@ parse_tpm2_wrapped_key_file(const guint8 *data, return TRUE; } -static gboolean -file_read_contents(const char *filename, NMSecretPtr *out_contents, GError **error) -{ - nm_assert(out_contents); - nm_assert(out_contents->len == 0); - nm_assert(!out_contents->str); - - return nm_utils_file_get_contents(-1, - filename, - 100 * 1024 * 1024, - NM_UTILS_FILE_GET_CONTENTS_FLAG_SECRET, - &out_contents->str, - &out_contents->len, - NULL, - error); -} - -GBytes * -nm_crypto_read_file(const char *filename, GError **error) -{ - nm_auto_clear_secret_ptr NMSecretPtr contents = {0}; - - g_return_val_if_fail(filename, NULL); - - if (!file_read_contents(filename, &contents, error)) - return NULL; - return nm_secret_copy_to_gbytes(contents.bin, contents.len); -} - /* * Convert a hex string into bytes. */ @@ -661,7 +632,7 @@ nmtst_crypto_decrypt_openssl_private_key(const char *file, if (!_nm_crypto_init(error)) return NULL; - if (!file_read_contents(file, &contents, error)) + if (!nm_utils_read_crypto_file(file, &contents, error)) return NULL; return nmtst_crypto_decrypt_openssl_private_key_data(contents.bin, @@ -735,7 +706,7 @@ nm_crypto_load_and_verify_certificate(const char *file, if (!_nm_crypto_init(error)) goto out; - if (!file_read_contents(file, &contents, error)) + if (!nm_utils_read_crypto_file(file, &contents, error)) goto out; if (contents.len == 0) { @@ -826,7 +797,7 @@ nm_crypto_is_pkcs12_file(const char *file, GError **error) if (!_nm_crypto_init(error)) return FALSE; - if (!file_read_contents(file, &contents, error)) + if (!nm_utils_read_crypto_file(file, &contents, error)) return FALSE; return nm_crypto_is_pkcs12_data(contents.bin, contents.len, error); @@ -904,7 +875,7 @@ nm_crypto_verify_private_key(const char *filename, if (!_nm_crypto_init(error)) return NM_CRYPTO_FILE_FORMAT_UNKNOWN; - if (!file_read_contents(filename, &contents, error)) + if (!nm_utils_read_crypto_file(filename, &contents, error)) return NM_CRYPTO_FILE_FORMAT_UNKNOWN; return nm_crypto_verify_private_key_data(contents.bin, |