tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream: pull passphrase reading and confirmation into a separate 

function so it can be used for FIDO2 PINs; no functional change

OpenBSD-Commit-ID: bf34f76b8283cc1d3f54633e0d4f13613d87bb2f
This commit is contained in:
djm@openbsd.org 2022-07-20 03:13:04 +00:00 committed by Damien Miller
parent eb679e2959
commit 5bcfc788b3
1 changed files with 37 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
ssh-keygen.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-keygen.c,v 1.454 2022/06/03 03:17:42 dtucker Exp $ */ /* $OpenBSD: ssh-keygen.c,v 1.455 2022/07/20 03:13:04 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -591,10 +591,13 @@ do_convert_private_ssh2(struct sshbuf *b)
error_f("remaining bytes in key blob %d", rlen); error_f("remaining bytes in key blob %d", rlen);
/* try the key */ /* try the key */
if (sshkey_sign(key, &sig, &slen, data, sizeof(data), if ((r = sshkey_sign(key, &sig, &slen, data, sizeof(data),
NULL, NULL, NULL, 0) != 0 || NULL, NULL, NULL, 0)) != 0)
sshkey_verify(key, sig, slen, data, sizeof(data), error_fr(r, "signing with converted key failed");
NULL, 0, NULL) != 0) { else if ((r = sshkey_verify(key, sig, slen, data, sizeof(data),
NULL, 0, NULL)) != 0)
error_fr(r, "verification with converted key failed");
if (r != 0) {
sshkey_free(key); sshkey_free(key);
free(sig); free(sig);
return NULL; return NULL;
@ -3026,37 +3029,43 @@ do_moduli_screen(const char *out_file, char **opts, size_t nopts)
#endif /* WITH_OPENSSL */ #endif /* WITH_OPENSSL */
} }
/* Read and confirm a passphrase */
static char * static char *
private_key_passphrase(void) read_check_passphrase(const char *prompt1, const char *prompt2,
const char *retry_prompt)
{ {
char *passphrase1, *passphrase2; char *passphrase1, *passphrase2;
/* Ask for a passphrase (twice). */ for (;;) {
if (identity_passphrase) passphrase1 = read_passphrase(prompt1, RP_ALLOW_STDIN);
passphrase1 = xstrdup(identity_passphrase); passphrase2 = read_passphrase(prompt2, RP_ALLOW_STDIN);
else if (identity_new_passphrase) if (strcmp(passphrase1, passphrase2) == 0) {
passphrase1 = xstrdup(identity_new_passphrase);
else {
passphrase_again:
passphrase1 =
read_passphrase("Enter passphrase (empty for no "
"passphrase): ", RP_ALLOW_STDIN);
passphrase2 = read_passphrase("Enter same passphrase again: ",
RP_ALLOW_STDIN);
if (strcmp(passphrase1, passphrase2) != 0) {
/*
* The passphrases do not match. Clear them and
* retry.
*/
freezero(passphrase1, strlen(passphrase1));
freezero(passphrase2, strlen(passphrase2)); freezero(passphrase2, strlen(passphrase2));
printf("Passphrases do not match. Try again.\n"); return passphrase1;
goto passphrase_again;
} }
/* Clear the other copy of the passphrase. */ /* The passphrases do not match. Clear them and retry. */
freezero(passphrase1, strlen(passphrase1));
freezero(passphrase2, strlen(passphrase2)); freezero(passphrase2, strlen(passphrase2));
fputs(retry_prompt, stdout);
fputc('\n', stdout);
fflush(stdout);
} }
return passphrase1; /* NOTREACHED */
return NULL;
}
static char *
private_key_passphrase(void)
{
if (identity_passphrase)
return xstrdup(identity_passphrase);
if (identity_new_passphrase)
return xstrdup(identity_new_passphrase);
return read_check_passphrase(
"Enter passphrase (empty for no passphrase): ",
"Enter same passphrase again: ",
"Passphrases do not match. Try again.");
} }
static char * static char *