Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/external/bsd/netpgp/dist/src Fix PR 44075 from Peter ...
details: https://anonhg.NetBSD.org/src/rev/d8b6b3edd455
branches: trunk
changeset: 759108:d8b6b3edd455
user: agc <agc%NetBSD.org@localhost>
date: Mon Nov 29 04:20:12 2010 +0000
description:
Fix PR 44075 from Peter Pentchev, but do this by adding a
--numtries=<attempts> option to netpgp(1) to provide the maximum
number of attempts to retrieve the correct passphrase when signing or
decrypting, and use it in libnetpgp(3). The default number of
attempts is 3, and a value of "unlimited" will loop until the correct
passphrase has been entered.
diffstat:
crypto/external/bsd/netpgp/dist/src/lib/crypto.c | 24 +++-
crypto/external/bsd/netpgp/dist/src/lib/crypto.h | 24 +++--
crypto/external/bsd/netpgp/dist/src/lib/netpgp.c | 91 ++++++++++++++++----
crypto/external/bsd/netpgp/dist/src/lib/reader.c | 23 +++-
crypto/external/bsd/netpgp/dist/src/netpgp/netpgp.1 | 14 ++-
crypto/external/bsd/netpgp/dist/src/netpgp/netpgp.c | 10 ++-
6 files changed, 141 insertions(+), 45 deletions(-)
diffs (truncated from 540 to 300 lines):
diff -r b5649d77d260 -r d8b6b3edd455 crypto/external/bsd/netpgp/dist/src/lib/crypto.c
--- a/crypto/external/bsd/netpgp/dist/src/lib/crypto.c Mon Nov 29 00:39:40 2010 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/lib/crypto.c Mon Nov 29 04:20:12 2010 +0000
@@ -54,7 +54,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: crypto.c,v 1.33 2010/11/15 08:50:32 agc Exp $");
+__RCSID("$NetBSD: crypto.c,v 1.34 2010/11/29 04:20:12 agc Exp $");
#endif
#include <sys/types.h>
@@ -447,13 +447,14 @@
const unsigned allow_overwrite,
const unsigned sshkeys,
void *passfp,
+ int numtries,
pgp_cbfunc_t *getpassfunc)
{
pgp_stream_t *parse = NULL;
- const int printerrors = 1;
- char *filename = NULL;
- int fd_in;
- int fd_out;
+ const int printerrors = 1;
+ char *filename = NULL;
+ int fd_in;
+ int fd_out;
/* setup for reading from given input file */
fd_in = pgp_setup_file_read(io, &parse, infile,
@@ -510,6 +511,7 @@
parse->cbinfo.cryptinfo.getpassphrase = getpassfunc;
parse->cbinfo.cryptinfo.pubring = pubring;
parse->cbinfo.sshseckey = (sshkeys) ? &secring->keys[0].key.seckey : NULL;
+ parse->cbinfo.numtries = numtries;
/* Set up armour/passphrase options */
if (use_armour) {
@@ -524,6 +526,11 @@
pgp_reader_pop_dearmour(parse);
}
+ /* if we didn't get the passphrase, unlink output file */
+ if (!parse->cbinfo.gotpass) {
+ (void) unlink((filename) ? filename : outfile);
+ }
+
if (filename) {
pgp_teardown_file_write(parse->cbinfo.output, fd_out);
free(filename);
@@ -544,6 +551,7 @@
const unsigned use_armour,
const unsigned sshkeys,
void *passfp,
+ int numtries,
pgp_cbfunc_t *getpassfunc)
{
pgp_stream_t *parse = NULL;
@@ -575,6 +583,7 @@
parse->cbinfo.passfp = passfp;
parse->cbinfo.cryptinfo.getpassphrase = getpassfunc;
parse->cbinfo.sshseckey = (sshkeys) ? &secring->keys[0].key.seckey : NULL;
+ parse->cbinfo.numtries = numtries;
/* Set up armour/passphrase options */
if (use_armour) {
@@ -589,6 +598,7 @@
pgp_reader_pop_dearmour(parse);
}
+
/* tidy up */
pgp_teardown_memory_read(parse, inmem);
pgp_memory_release(inmem);
@@ -597,6 +607,6 @@
pgp_writer_close(parse->cbinfo.output);
pgp_output_delete(parse->cbinfo.output);
- return outmem;
+ /* if we didn't get the passphrase, return NULL */
+ return (parse->cbinfo.gotpass) ? outmem : NULL;
}
-
diff -r b5649d77d260 -r d8b6b3edd455 crypto/external/bsd/netpgp/dist/src/lib/crypto.h
--- a/crypto/external/bsd/netpgp/dist/src/lib/crypto.h Mon Nov 29 00:39:40 2010 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/lib/crypto.h Mon Nov 29 04:20:12 2010 +0000
@@ -64,7 +64,7 @@
/** pgp_hash_t */
struct pgp_hash_t {
- pgp_hash_alg_t alg; /* algorithm */
+ pgp_hash_alg_t alg; /* algorithm */
size_t size; /* size */
const char *name; /* what it's known as */
int (*init)(pgp_hash_t *);
@@ -185,6 +185,7 @@
const unsigned,
const unsigned,
void *,
+ int,
pgp_cbfunc_t *);
pgp_memory_t *
@@ -200,6 +201,7 @@
const unsigned,
const unsigned,
void *,
+ int,
pgp_cbfunc_t *);
/* Keys */
@@ -217,15 +219,15 @@
/** pgp_reader_t */
struct pgp_reader_t {
pgp_reader_func_t *reader; /* reader func to get parse data */
- pgp_reader_destroyer_t *destroyer;
+ pgp_reader_destroyer_t *destroyer;
void *arg; /* args to pass to reader function */
unsigned accumulate:1; /* set to gather packet data */
- uint8_t *accumulated; /* the accumulated data */
+ uint8_t *accumulated; /* the accumulated data */
unsigned asize; /* size of the buffer */
unsigned alength;/* used buffer */
unsigned position; /* reader-specific offset */
pgp_reader_t *next;
- pgp_stream_t *parent;/* parent parse_info structure */
+ pgp_stream_t *parent;/* parent parse_info structure */
};
@@ -235,7 +237,7 @@
struct pgp_cryptinfo_t {
char *passphrase;
pgp_keyring_t *secring;
- const pgp_key_t *keydata;
+ const pgp_key_t *keydata;
pgp_cbfunc_t *getpassphrase;
pgp_keyring_t *pubring;
};
@@ -246,12 +248,14 @@
void *arg; /* args to pass to callback func */
pgp_error_t **errors; /* address of error stack */
pgp_cbdata_t *next;
- pgp_output_t *output;/* used if writing out parsed info */
+ pgp_output_t *output; /* when writing out parsed info */
pgp_io_t *io; /* error/output messages */
void *passfp; /* fp for passphrase input */
- pgp_cryptinfo_t cryptinfo; /* used when decrypting */
- pgp_printstate_t printstate; /* used to keep state when printing */
+ pgp_cryptinfo_t cryptinfo; /* used when decrypting */
+ pgp_printstate_t printstate; /* used to keep printing state */
pgp_seckey_t *sshseckey; /* secret key for ssh */
+ int numtries; /* # of passphrase attempts */
+ int gotpass; /* when passphrase entered */
};
/** pgp_hashtype_t */
@@ -294,9 +298,9 @@
pgp_error_t *errors;
void *io; /* io streams */
pgp_crypt_t decrypt;
- pgp_cryptinfo_t cryptinfo;
+ pgp_cryptinfo_t cryptinfo;
size_t hashc;
- pgp_hashtype_t *hashes;
+ pgp_hashtype_t *hashes;
unsigned reading_v3_secret:1;
unsigned reading_mpi_len:1;
unsigned exact_read:1;
diff -r b5649d77d260 -r d8b6b3edd455 crypto/external/bsd/netpgp/dist/src/lib/netpgp.c
--- a/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c Mon Nov 29 00:39:40 2010 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c Mon Nov 29 04:20:12 2010 +0000
@@ -34,7 +34,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: netpgp.c,v 1.84 2010/11/15 08:27:40 agc Exp $");
+__RCSID("$NetBSD: netpgp.c,v 1.85 2010/11/29 04:20:12 agc Exp $");
#endif
#include <sys/types.h>
@@ -707,10 +707,11 @@
}
#define MAX_PASSPHRASE_ATTEMPTS 3
+#define INFINITE_ATTEMPTS -1
/* get the passphrase from the user */
static int
-find_passphrase(FILE *passfp, const char *id, char *passphrase, size_t size)
+find_passphrase(FILE *passfp, const char *id, char *passphrase, size_t size, int attempts)
{
char prompt[BUFSIZ];
char buf[128];
@@ -719,12 +720,12 @@
int i;
if (passfp) {
- if (fgets(passphrase, size, passfp) == NULL) {
+ if (fgets(passphrase, (int)size, passfp) == NULL) {
return 0;
}
return strlen(passphrase);
}
- for (i = 0 ; i < MAX_PASSPHRASE_ATTEMPTS ; i++) {
+ for (i = 0 ; i < attempts ; i++) {
(void) snprintf(prompt, sizeof(prompt), "Enter passphrase for %.16s: ", id);
if ((cp = getpass(prompt)) == NULL) {
break;
@@ -1151,6 +1152,8 @@
char dir[MAXPATHLEN];
char *cp;
char *ringfile;
+ char *numtries;
+ int attempts;
int passc;
int fd;
@@ -1199,8 +1202,14 @@
return 0;
}
/* get the passphrase */
- passc = find_passphrase(netpgp->passfp, &cp[ID_OFFSET], passphrase, sizeof(passphrase));
- if (!pgp_write_xfer_seckey(create, key, (uint8_t *)passphrase, passc, noarmor)) {
+ if ((numtries = netpgp_getvar(netpgp, "numtries")) == NULL ||
+ (attempts = atoi(numtries)) <= 0) {
+ attempts = MAX_PASSPHRASE_ATTEMPTS;
+ } else if (strcmp(numtries, "unlimited") == 0) {
+ attempts = INFINITE_ATTEMPTS;
+ }
+ passc = find_passphrase(netpgp->passfp, &cp[ID_OFFSET], passphrase, sizeof(passphrase), attempts);
+ if (!pgp_write_xfer_seckey(create, key, (uint8_t *)passphrase, (const unsigned)passc, noarmor)) {
(void) fprintf(io->errs, "Cannot write seckey\n");
return 0;
}
@@ -1256,6 +1265,8 @@
pgp_io_t *io;
unsigned realarmor;
unsigned sshkeys;
+ char *numtries;
+ int attempts;
__PGP_USED(armored);
io = netpgp->io;
@@ -1266,10 +1277,16 @@
}
realarmor = isarmoured(io, f, NULL, ARMOR_HEAD);
sshkeys = (unsigned)(netpgp_getvar(netpgp, "ssh keys") != NULL);
+ if ((numtries = netpgp_getvar(netpgp, "numtries")) == NULL ||
+ (attempts = atoi(numtries)) <= 0) {
+ attempts = MAX_PASSPHRASE_ATTEMPTS;
+ } else if (strcmp(numtries, "unlimited") == 0) {
+ attempts = INFINITE_ATTEMPTS;
+ }
return pgp_decrypt_file(netpgp->io, f, out, netpgp->secring,
netpgp->pubring,
realarmor, overwrite, sshkeys,
- netpgp->passfp, get_passphrase_cb);
+ netpgp->passfp, attempts, get_passphrase_cb);
}
/* sign a file */
@@ -1282,13 +1299,16 @@
int cleartext,
int detached)
{
- const pgp_key_t *keypair;
- const pgp_key_t *pubkey;
- pgp_seckey_t *seckey;
+ const pgp_key_t *keypair;
+ const pgp_key_t *pubkey;
const unsigned overwrite = 1;
- pgp_io_t *io;
+ pgp_seckey_t *seckey;
const char *hashalg;
+ pgp_io_t *io;
+ char *numtries;
+ int attempts;
int ret;
+ int i;
io = netpgp->io;
if (f == NULL) {
@@ -1301,7 +1321,13 @@
return 0;
}
ret = 1;
- do {
+ if ((numtries = netpgp_getvar(netpgp, "numtries")) == NULL ||
+ (attempts = atoi(numtries)) <= 0) {
+ attempts = MAX_PASSPHRASE_ATTEMPTS;
+ } else if (strcmp(numtries, "unlimited") == 0) {
+ attempts = INFINITE_ATTEMPTS;
+ }
+ for (i = 0, seckey = NULL ; !seckey && (i < attempts || attempts == INFINITE_ATTEMPTS) ; i++) {
if (netpgp->passfp == NULL) {
/* print out the user id */
pubkey = pgp_getkeybyname(io, netpgp->pubring, userid);
@@ -1327,7 +1353,11 @@
Home |
Main Index |
Thread Index |
Old Index