rpm/cryptsetup
SHA256
1
0
Fork 0
forked from pool/cryptsetup
Code Pull Requests Activity

Accepting request 145279 from security

Browse Source 
ATTENTION: wait for cryptsetup-mkinitrd before checkin, otherwise installation
with root on crypto no longer boot

- version 1.5.1:
  * Added keyslot checker
  * Add crypt_keyslot_area() API call.
  * Optimize seek to keyfile-offset (Issue #135, thx to dreisner).
  * Fix luksHeaderBackup for very old v1.0 unaligned LUKS headers.
  * Allocate loop device late (only when real block device needed).
  * Rework underlying device/file access functions.
  * Create hash image if doesn't exist in veritysetup format.
  * Provide better error message if running as non-root user (device-mapper, loop).
- split off hashalot and boot.crypto
- move to /usr (forwarded request 145274 from lnussel)

OBS-URL: https://build.opensuse.org/request/show/145279
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=78
This commit is contained in:
Stephan Kulow 2012-12-21 13:32:57 +00:00 committed by Git OBS Bridge
commit 5a01b01f1d
17 changed files with 118 additions and 547 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
boot.crypto-0_201206151440.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:798e4ac415ebe1e4415e1b77b955b72c376dfc3d0fd7fc414f886f896da6393d
size 17582

35
bug-476290_hashalot-hashlen.diff
View File

@ -1,35 +0,0 @@
Index: hashalot-0.3/hashalot.c
===================================================================
--- hashalot-0.3.orig/hashalot.c
+++ hashalot-0.3/hashalot.c
@@ -34,6 +34,7 @@
#include "sha512.h"
#define PASSWDBUFFLEN 130
+#define MAXHASHLEN (ULONG_MAX/2 - 2)
typedef int (*phash_func_t)(char dest[], size_t dest_len, const char src[], size_t src_len);
@@ -182,8 +183,7 @@ static void *
xmalloc (size_t size) {
void *p;
- if (size == 0)
- return NULL;
+ assert(size != 0);
p = malloc(size);
if (p == NULL) {
@@ -242,6 +242,12 @@ main(int argc, char *argv[])
show_usage(argv[0]);
exit(EXIT_FAILURE);
}
+ if (hashlen >= MAXHASHLEN) {
+ fprintf(stderr,
+ "please supply a value smaller than %lu for the -n option\n",
+ MAXHASHLEN);
+ exit(EXIT_FAILURE);
+ }
break;
case 's':
salt = optarg;

3
cryptsetup-1.5.0.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:407154c510a2401ecfaa1919588003964ba36121882f8d26125324805565f8d0
size 864500

17
cryptsetup-1.5.0.tar.bz2.asc
View File

@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAABAgAGBQJP/HM8AAoJENmwV3vZPpj8vP0P/Ava8T7fJGfvn1H+56RKG1lh
I8RGFRzQCXN4xpYoxPBfFYpbc5GoteFw/Pcb0BKddePBk4tHuHYPRwvS1ps8nyH/
ekb8P5fsrkHV6+o/j5s99oY8dkW/FFYx0YfVOER63DpU7WWRK7md0smsQpaCUFKV
9pv3jvh/1AMDmvs5wgxV0BWKXih/COUoGlG1AJU9V6PlKol6wxOYzXw2t6LqU3Zg
9gHjlSPUuorabKnfkkcG+Gy7yT2Y8d+EnVdc1H+ihHLH27hmcSGMf/csm+tCCuJ5
To/jXFB642BObohLGmE9bPhRp9Pj2bi59M6lPKRYQ2ncowewkqIZ2s4SJ8r5stn5
W0UhXgkGLjQd4xti8/etpebnDPzMdSRg5LuLSxOTf/bjWI1jH63+4AfYoF+mx/N9
kT6EKiIR216TBdffv1i28HbG4pQIsGhlx0JkQnAUqklHDNWf7fSMGEuadYYNngcD
cBCPmD3R0JXM6qf6RasdCGlHUnR3DZKUzLGqqkq8/r7SvyxqRbIoerBrNxwcHUbh
emzfHS09ysx33RhEenFfZNH4lL6PEPnlrg2q8DfUj/NoUkiw9qfTM4cRIBabgoi9
uc2Qt/jK+QvE1clxBE4XmepZZH+e2Pdy52JrnI1ckA+FvY44GwBVE1hfxyyXFc+J
3V84y23640r2RvRoq2ff
=67gq
-----END PGP SIGNATURE-----

3
cryptsetup-1.5.1.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:16d23f78cab35937281a0ae7a8febce0c3a1a0f291cc94e169a7b968b81d2b36
size 958979

17
cryptsetup-1.5.1.tar.bz2.asc Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAABAgAGBQJQfb41AAoJENmwV3vZPpj8nv4QAJAGr5zYVzCnuBS3j6AKWwIo
JUcoxRnNPNSuw+qIk3oVhsEfCZKZrhPbVKN4l058r9UVrKfCjH/BpemkEkvPpJXe
I7xm6H+PI9nSx43h69Y+aW9LVD4y4F5WpBrlzCcYbJbKiDYmobXciaU+c81AuJFe
s682e0oDp691oiUHtuXD70ivhqi7hkUgm5ftLSDNJ8K2i4V60AsQ6CCHNc7HobJo
jEnzwwsSXhyad8SCiyWhfyCadHcDfMrlQHcbCOl5DnFRM5hJz7fOedXz2D6jpGhA
MLQHVEE7ANDCz2RvrX7Bh9BTfGydQfDlelD+gDqVmdrOcy0x9EDQ6Ux3ITroms65
wLfX5yWA7yaqWUGpoeQhQ0w5Pnsy7SnDxXXRK+yg90QRkJYrS7idrwXHQSPhkaFS
LSgxnEMEYnyEy6g25nFSEx+gRqkdnXioXpe2ULr4DgZwRcjTeLyQ8aeVu0a/9JWw
amTLEgq77R5uk10Eco5dlI0bjb/bkSvT/9IrvKSWiPnE3XkaX6isK5F0EmLhnZDj
uotYrZ0MBHfaqFP/qiqbMQ1kb0AFdhzYyEJ63gGd0gRNcdM/GYxvKOADii9WDOT2
MSX2KZOnaTxFBUsatgGcedJgcQL3QumHUfPzE2qOkzt5KCthbV5Oe9tyvGoy/UVh
/TQwxHvPZVH/lpaJsGtx
=VyhW
-----END PGP SIGNATURE-----

8
cryptsetup-mktar
View File

@ -1,8 +0,0 @@
#!/bin/sh
# repo is at http://cryptsetup.googlecode.com/svn/trunk
set -e -x
SVN_VERSION="1.0.7_SVNr`svnversion .`"
rm -rf cryptsetup-${SVN_VERSION}
svn export . cryptsetup-${SVN_VERSION}
tar --owner=root --group=root --force-local -cjf cryptsetup-${SVN_VERSION}.tar.bz2 cryptsetup-${SVN_VERSION}
rm -rf cryptsetup-${SVN_VERSION}

24
cryptsetup.changes
View File

@ -1,3 +1,27 @@
-------------------------------------------------------------------
Thu Dec 13 10:46:43 UTC 2012 - lnussel@suse.de
- version 1.5.1:
* Added keyslot checker
* Add crypt_keyslot_area() API call.
* Optimize seek to keyfile-offset (Issue #135, thx to dreisner).
* Fix luksHeaderBackup for very old v1.0 unaligned LUKS headers.
* Allocate loop device late (only when real block device needed).
* Rework underlying device/file access functions.
* Create hash image if doesn't exist in veritysetup format.
* Provide better error message if running as non-root user (device-mapper, loop).
-------------------------------------------------------------------
Wed Dec 12 16:00:29 UTC 2012 - lnussel@suse.de
- split off hashalot and boot.crypto
- move to /usr
-------------------------------------------------------------------
Tue Nov 20 18:41:11 CET 2012 - sbrabec@suse.cz
- Verify GPG signature.
-------------------------------------------------------------------
Tue Sep 25 11:40:07 UTC 2012 - fcrozat@suse.com

56
cryptsetup.keyring Normal file
View File

@ -0,0 +1,56 @@
pub 4096R/D93E98FC 2012-04-01 [expires: 2022-03-30]
uid Milan Broz <gmazyland@gmail.com>
sub 4096R/4BBD6F43 2012-04-01 [expires: 2022-03-30]
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.19 (GNU/Linux)
mQINBE94p38BEADZRET8y1gVxlfDk44/XwBbFjC7eM6EanyCuivUPMmPwYDo9qRe
y0JdOGhWhAZeutGGxsKliozmeTL25Z6wWICu2oeY+ZfbgJQYHFeQ01NVwoYy57hh
ytZw/6IMLFRcIaWSHd7oNdneQg6mVJcGdA/BOX68uo3RKSHj6Q8GoQ54F/NpCotz
VcP1ORpVJ5ptyG0x6OZm5Esn61pKE979wcHsz7EzcDYl+3MS63gZm+O3D1u80bUM
mBUlxyEiC5jo5ksTFheA8m/5CAPQtxzYvgezYlLLS3nkxaq2ERK5DhvMv0NktXSu
tfWQsOI5WLjG7UWStwAnO2W+CVZLcnZV0K6OKDaFbCj4ovg5HV0FyQZknN2O5Qbx
esNlNWkMOJAnnX6c/zowO7jq8GCpa3oJl3xxmwFbCZtH4z3fEVw0wAFc2JlnufR4
dhaax9fhNoUJ4OSVTi9zqstxhEyywkazakEvAYwOlC5+1FKoc9UIvApAGvgcTJGT
Op7MuHptHGwWvGZEaJqcsqoy7rsYPxtDQ7bJuJJblzGIUxWAl8qsUsF8M4ISxBkf
fcUYiR0wh1luUhXFo2rRTKT+Ic/nJDE66Ee4Ecn9+BPlNODhlEG1vk62rhiYSnyz
y5MAUhUlstDxuEjYK+NGd2aYH0VANZalqlUZFTEdOdA6NYROxkYZVsVtXQARAQAB
tCBNaWxhbiBCcm96IDxnbWF6eWxhbmRAZ21haWwuY29tPokCPgQTAQIAKAUCT3in
fwIbAwUJEswDAAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ2bBXe9k+mPxp
bg//ZWDcQVNAKOWCviNnNvT315WbDrjsJ6FApF83hB52qQO9tvjb5ZY54794uwof
idOqi0XFoLkoLyiJkkvc3Q9SnM89hyhzrxnh2ym4rUr4cL6F9e99uC656er4telM
bg9OSPR2iNuqsAzyMhOGMEnnm97YQ2QWOnvbC8QgoQB5VvF3nZMgqTPTxctlUfc7
t4BlGcIBLG0oINUNDf441KAXgMP05kVK0CDQd02CTPok2Qshbg6aw56eSSUTB4aq
ZM8St1ySJ2ccMDRC9mCqcNFtuuPyAAJAJFmEvlxahd0BA0mwV3ce38JBbTqs5k0X
2JVljHObgnfp3WDtuY8Lj0u8KvN0CAYJhRuhY40fARh8EPfkNvIx/740ueexsUBW
3N1/lCeABaOKtu11kVUxvDxaFRQc2I5vl/sZMunSjJQQiwrWNbrwZgidwkHzvizm
LjdgHgCJeEC+tu1qifTCOllufvXagjYmrH4hm/Qz6+91lLksrHooxp3nAcN78d5/
E4reamx0+DleOJ2yD1UeP2wUDdB23OQU3ipVDYwIuIvDWiZSIVwXyDLhuc64ti4t
ScUGfucEKMER1eLTJ+zILHZ9R4K7C2BhEGSAyxkeeX/Z8pLNOJ1RdU+B+ZFNXuIH
LJbgrAiOOqr07WPbvRT1LvO/w/4m31D9Kalc4Jyqn9+pjtm5Ag0ET3infwEQAN6E
dXyfw9xr56CJ1asnQ1PSxpzEGlUsEHvn4wcufyC8KN6VGUlR3WinlaGvOICzvYOi
S06E6PqKDEgbbApBh2//6Ihk1OynS0y4hYepJi+pstdXoiud6NQSNQlcFjCfI8Wz
AT3rensVLmwc3HgRW5qqt5Vc+EWdg9cylZ48QdPyo3WyOd2pyL+yqNZPjMGijE8z
vzurwZiO9aBkJCjulqXMs1YyyIqfTxKQ1GCUQq4SoIQXjD8HvgJ7T/TpuDf9wFhe
onGqxiJpxb02LMEdkPgugKIgG6iOFplzrsySyoiJsGa0mJ0n0O6rXQxl1mK/zdfg
vm4CPDujbgINnIxRxPescCVYcmjM8kTlGYJuKp4GgbwbwkCISs4retaAXiP3a2f3
eSaJc5SnWWa3JqH5ogkEWvuezjNxW5fMpBWszdQEsgnsdlK37V+aB5oWnnkZRlWk
1YhGwL1ODz+EZzSsGlkIr7BYakK3xRYbxVfQkUr7EeqruXohSOnPAowePYAXCigC
fWvIJMlrPLIOD2GOy9eV3UZ/JDn/7YPfFAjNb0gVdpqBCQNH/fP2ePC0FzW+3YL1
UbR+qMAEbKbFepycg75LbC08jFuQVvauDQta4EAvBkF460PoskCzcMuREntjMxip
B6IMSoOD74tcGYfUp6/kcgdEaqyK8214couO/u8HABEBAAGJAiUEGAECAA8FAk94
p38CGwwFCRLMAwAACgkQ2bBXe9k+mPzIRA//bAf0Ng8dJ+IgydRtdT9X2xYKyukk
A3HlrOImOoA4Thrv/HVe7U28AkiQt2DxOmNZYIV0BqvL+dWAD1HYCdQgsgVWVLpr
sFfqOYHnAWKsdqyNZHtPC9J6drnwv0vcER0dtDJjMDP4MJMTa4JNjNJYb29WfbIm
viDRtIcVujYFoZK2ZBa1Ec7yPfk4CsyE+Y3Qh9Gy8Z08NrrxIn+MVATBbocKs7j1
JAvkFk+o1grGnw3NTXnB8gEygAKHHyUgzr5Nyn5qJ28EZr7Vc1FP2lUiKv0JBcHT
/9vVXJ1Grd+VF2cwYftMWRKR66lTaUS2BX0ta6IQQSj8nSRsoKapRniCfTm1D4I1
6j9bOoEfFdVsMkcrYFtfhq97qgR8gZtVCJkrX2CARZ+a1J+NP/erASd6M1A3n3aM
F3xBFfFsotzPplmhzExCYwuOCWIBfPerUQh1MughvG/oT8ZapR6x/EVE+K90J10X
pPi8VMi/3QRC5DpCin3Kc14WAE4uEbyUWLKb3PmfmZaS6qFaJNtf2TyZodT0ACgu
v9Xs4el0j8FRaCqLvEZS4rKLNxb8EY3Z4LC61QfyAbg5P114muVZ4ro8dzhZ0zwk
ZLGeEsYPsQpLo6XPT/32PP8aHn/KKX+KM7ouCEhVeWszR20BMK6sxTBR+4aNqSKC
dgr42jrtvzRmJp4=
=E79s
-----END PGP PUBLIC KEY BLOCK-----

123
cryptsetup.spec
View File

@ -23,16 +23,13 @@ Name: cryptsetup
Url: http://code.google.com/p/cryptsetup/
BuildRequires: device-mapper-devel
BuildRequires: e2fsprogs-devel
BuildRequires: gpg-offline
BuildRequires: libgcrypt-devel
BuildRequires: libselinux-devel
BuildRequires: libtool
BuildRequires: pkgconfig
BuildRequires: popt-devel
# hashalot version
%define haver 0.3
# boot.crypto version
%define bcver 0_201206151440
Version: 1.5.0
Version: 1.5.1
Release: 0
#Release: %{?beta:0.}<CI_CNT>.<B_CNT>%{?beta:.}%{?beta}
Summary: Set Up dm-crypt Based Encrypted Block Devices
@ -41,26 +38,8 @@ Group: System/Base
Source: http://cryptsetup.googlecode.com/files/cryptsetup-%{ver}.tar.bz2
Source1: http://cryptsetup.googlecode.com/files/cryptsetup-%{ver}.tar.bz2.asc
Source2: baselibs.conf
Source10: hashalot-%haver.tar.bz2
# git://gitorious.org/opensuse/boot_crypto.git
Source20: boot.crypto-%{bcver}.tar.bz2
# use this to create the tarball from svn
Source99: cryptsetup-mktar
#Patch0: cryptsetup-svn131-noascii.diff
Patch10: hashalot-fixes.diff
Patch11: hashalot-libgcrypt.diff
Patch12: hashalot-ctrl-d.diff
Patch13: hashalot-timeout.diff
Patch14: hashalot-manpage.diff
Patch15: bug-476290_hashalot-hashlen.diff
Patch16: hashalot-glibc210.diff
Source3: %{name}.keyring
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Provides: aaa_base:/etc/init.d/boot.crypto
Obsoletes: util-linux-crypto <= 2.12r
# we need losetup
Requires: util-linux
PreReq: %fillup_prereq %insserv_prereq
PreReq: coreutils diffutils
%description
cryptsetup is used to conveniently set up dm-crypt based device-mapper
@ -101,20 +80,8 @@ includes support for automatically setting up encrypted volumes at boot
time via the config file /etc/crypttab.
%prep
%setup -n %name-%ver -q -b 10 -b 20
#patch0 -p1
pushd ../hashalot-%haver
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
popd
pushd ../boot.crypto-%bcver
#patch20 -p1
popd
%gpg_verify %{S:1}
%setup -n %name-%ver -q
%build
# cryptsetup build
@ -122,61 +89,24 @@ popd
autoreconf -f -i
test -e po/Makevars || cp po/Makevars.template po/Makevars
%configure \
--libdir=/%_lib \
--bindir=/sbin --sbindir=/sbin \
--disable-static --enable-shared \
--enable-cryptsetup-reencrypt \
--enable-selinux
--disable-static --enable-shared \
--enable-cryptsetup-reencrypt \
--enable-selinux
make %{?_smp_mflags}
#
# hashalot build
pushd ../hashalot-%haver
autoreconf -f -i
%{?suse_update_config:%{suse_update_config}}
%configure --sbindir=/sbin
make %{?_smp_mflags}
popd
%install
make install DESTDIR=$RPM_BUILD_ROOT
# move devel stuff to %%{libdir}
rm -f $RPM_BUILD_ROOT/%{_lib}/libcryptsetup.so
mkdir -p $RPM_BUILD_ROOT%{_libdir}
ln -s /%{_lib}/libcryptsetup.so.4 $RPM_BUILD_ROOT%{_libdir}/libcryptsetup.so
mv $RPM_BUILD_ROOT/%_lib/pkgconfig $RPM_BUILD_ROOT/%_libdir
install -d -m 755 $RPM_BUILD_ROOT/sbin
ln -s ..%{_sbindir}/cryptsetup $RPM_BUILD_ROOT/sbin
# don't want this file in /lib (FHS compat check), and can't move it to /usr/lib
rm -f $RPM_BUILD_ROOT/%_lib/*.la
#
# hashalot install
pushd ../hashalot-%haver
make install DESTDIR=$RPM_BUILD_ROOT
popd
# remove unwanted symlinks
rm -f $RPM_BUILD_ROOT/sbin/{rmd160,sha256,sha384,sha512}
#
# boot.crypto
make -C ../boot.crypto-* install DESTDIR=$RPM_BUILD_ROOT
ln -s /etc/init.d/boot.crypto $RPM_BUILD_ROOT/sbin/rccrypto
rm -f $RPM_BUILD_ROOT/%_libdir/*.la
#
%find_lang %name --all-name
# systemd is now providing cryptsetup manpage
rm -f $RPM_BUILD_ROOT%_mandir/man5/crypttab.5*
%pre
# hack to catch update case from aaa_base/util-linux-crypto
if [ -f /etc/init.d/boot.d/S??boot.crypto ]; then
touch /var/run/cryptsetup.boot.crypto.enabled
fi
%post
[ -x /sbin/mkinitrd_setup ] && mkinitrd_setup
%{fillup_and_insserv boot.crypto}
if [ -e /var/run/cryptsetup.boot.crypto.enabled ]; then
rm -f /var/run/cryptsetup.boot.crypto.enabled
%{fillup_and_insserv -fY boot.crypto}
fi
%{fillup_and_insserv boot.crypto-early}
test -n "$FIRST_ARG" || FIRST_ARG="$1"
#
# convert noauto to nofail and turn on fsck (bnc#724113)
#
@ -195,42 +125,25 @@ if [ "$FIRST_ARG" -gt 1 -a ! -e "$marker" ]; then
fi
fi
%postun
[ -x /sbin/mkinitrd_setup ] && mkinitrd_setup
%{insserv_cleanup}
%post -n libcryptsetup4 -p /sbin/ldconfig
%postun -n libcryptsetup4 -p /sbin/ldconfig
%files -f %name.lang
%defattr(-,root,root)
%ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/crypttab
%ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/cryptotab
/etc/init.d/boot.crypto
/etc/init.d/boot.crypto-early
%dir /lib/mkinitrd
%dir /lib/mkinitrd/scripts
/lib/mkinitrd/scripts/setup-luks.sh
/lib/mkinitrd/scripts/boot-luks.sh
/lib/mkinitrd/scripts/setup-luks2.sh
/lib/mkinitrd/scripts/setup-luks_final.sh
/usr/sbin/convert_cryptotab
#ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/crypttab
#ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/cryptotab
/sbin/cryptsetup
/sbin/veritysetup
/sbin/hashalot
/sbin/rccrypto
/sbin/cryptsetup-reencrypt
%_mandir/man1/hashalot.1.gz
%{_sbindir}/cryptsetup
%{_sbindir}/veritysetup
%{_sbindir}/cryptsetup-reencrypt
%_mandir/man8/cryptsetup.8.gz
%_mandir/man8/cryptsetup-reencrypt.8.gz
%_mandir/man8/veritysetup.8.gz
%_mandir/man5/cryptotab.5.gz
/lib/cryptsetup
%files -n libcryptsetup4
%defattr(-,root,root)
/%_lib/libcryptsetup.so.4*
/%{_libdir}/libcryptsetup.so.4*
%files -n libcryptsetup-devel
%defattr(-,root,root)

3
hashalot-0.3.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5958c371ba2469150b19f4c3a66bb374a7b1e287df4d0bfeb5e7c480da15424d
size 68508

29
hashalot-ctrl-d.diff
View File

@ -1,29 +0,0 @@
exit unsuccessfully on empty passphrase if input is a tty
allows user to press ctrl-d to abort
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
Index: hashalot-0.3/hashalot.c
===================================================================
--- hashalot-0.3.orig/hashalot.c
+++ hashalot-0.3/hashalot.c
@@ -135,10 +135,14 @@ phash_lookup(const char phash_name[], si
static char *
xgetpass(const char *prompt)
{
- if (isatty(STDIN_FILENO)) /* terminal */
- return getpass(prompt); /* FIXME getpass(3) obsolete */
- else { /* file descriptor */
- char *pass = NULL;
+ char *pass = NULL;
+ if (isatty(STDIN_FILENO)) { /* terminal */
+ pass = getpass(prompt); /* FIXME getpass(3) obsolete */
+ if(!pass || !*pass) {
+ exit(EXIT_FAILURE);
+ }
+ return pass;
+ } else { /* file descriptor */
int buflen, i;
buflen=0;

37
hashalot-fixes.diff
View File

@ -1,37 +0,0 @@
- print help text to stdout so it can be read via pager
- use proper length in phash_rmd160()
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
Index: hashalot-0.3/hashalot.c
===================================================================
--- hashalot-0.3/hashalot.c.orig
+++ hashalot-0.3/hashalot.c
@@ -42,7 +42,7 @@ phash_rmd160(char dest[], size_t dest_le
tmp[PASSWDBUFFLEN - 1] = '\0';
rmd160_hash_buffer(key, src, src_len);
- rmd160_hash_buffer(key + RMD160_HASH_SIZE, tmp, src_len + 1 /* dangerous! */);
+ rmd160_hash_buffer(key + RMD160_HASH_SIZE, tmp, strlen(tmp));
memcpy(dest, key, dest_len);
@@ -95,7 +95,7 @@ show_usage(const char argv0[])
{
struct func_table_t *p = func_table;
- fprintf (stderr,
+ fprintf (stdout,
"usage:\n"
" hashalot [ -x ] [ -s SALT ] [ -n _#bytes_ ] HASHTYPE\n"
" or\n"
@@ -106,7 +106,8 @@ show_usage(const char argv0[])
for (; p->name; ++p)
fprintf (stderr, "%s ", p->name);
- fprintf (stderr, "\n");
+
+ fprintf (stdout, "\n");
return 1;
}

25
hashalot-glibc210.diff
View File

@ -1,25 +0,0 @@
Index: hashalot-0.3/hashalot.c
===================================================================
--- hashalot-0.3.orig/hashalot.c
+++ hashalot-0.3/hashalot.c
@@ -22,6 +22,7 @@
#include <unistd.h>
#include <assert.h>
#include <signal.h>
+#include <limits.h>
#include <sys/types.h>
#include <sys/mman.h>
Index: hashalot-0.3/Makefile.am
===================================================================
--- hashalot-0.3.orig/Makefile.am
+++ hashalot-0.3/Makefile.am
@@ -4,7 +4,7 @@ sbin_PROGRAMS = hashalot
man_MANS = hashalot.1
hashalot_CFLAGS = $(LIBGCRYPT_CFLAGS)
-hashalot_LDFLAGS = $(LIBGCRYPT_LIBS)
+hashalot_LDADD = $(LIBGCRYPT_LIBS)
hashalot_SOURCES = hashalot.c rmd160.c rmd160.h sha512.c sha512.h

156
hashalot-libgcrypt.diff
View File

@ -1,156 +0,0 @@
add support for -C (itercountk) option of loop-AES if libgcrypt is available
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
Index: hashalot-0.3/Makefile.am
===================================================================
--- hashalot-0.3/Makefile.am.orig
+++ hashalot-0.3/Makefile.am
@@ -3,6 +3,9 @@ sbin_PROGRAMS = hashalot
man_MANS = hashalot.1
+hashalot_CFLAGS = $(LIBGCRYPT_CFLAGS)
+hashalot_LDFLAGS = $(LIBGCRYPT_LIBS)
+
hashalot_SOURCES = hashalot.c rmd160.c rmd160.h sha512.c sha512.h
install-exec-hook:
Index: hashalot-0.3/configure.ac
===================================================================
--- hashalot-0.3/configure.ac.orig
+++ hashalot-0.3/configure.ac
@@ -8,5 +8,6 @@ AC_PROG_LN_S
AC_HEADER_STDC
AC_CHECK_HEADERS(libgen.h stdio.h stdlib.h string.h unistd.h assert.h sys/types.h sys/mman.h endian.h , , [ AC_MSG_ERROR(required header not found)])
AC_CHECK_FUNCS(getopt snprintf , , [ AC_MSG_ERROR(required function not found)])
+AM_PATH_LIBGCRYPT(,[AC_DEFINE([HAVE_LIBGCRYPT], 1)])
AC_OUTPUT(Makefile)
Index: hashalot-0.3/hashalot.c
===================================================================
--- hashalot-0.3/hashalot.c.orig
+++ hashalot-0.3/hashalot.c
@@ -25,6 +25,10 @@
#include <sys/types.h>
#include <sys/mman.h>
+#if HAVE_LIBGCRYPT
+#include <gcrypt.h>
+#endif
+
#include "rmd160.h"
#include "sha512.h"
@@ -97,9 +101,9 @@ show_usage(const char argv0[])
fprintf (stdout,
"usage:\n"
- " hashalot [ -x ] [ -s SALT ] [ -n _#bytes_ ] HASHTYPE\n"
+ " hashalot [ -x ] [ -s SALT ] [ -n _#bytes_ ] [ -C itercountk ] HASHTYPE\n"
" or\n"
- " HASHTYPE [ -x ] [ -s SALT ] [ -n _#bytes_ ]\n"
+ " HASHTYPE [ -x ] [ -s SALT ] [ -n _#bytes_ ] [ -C itercountk ]\n"
"\n"
"supported values for HASHTYPE: ");
@@ -214,8 +218,9 @@ main(int argc, char *argv[])
size_t hashlen = 0;
phash_func_t func;
int hex_output = 0, c;
+ unsigned long itercountk = 0;
- while ((c = getopt(argc, argv, "n:s:x")) != -1) {
+ while ((c = getopt(argc, argv, "n:s:xC:")) != -1) {
switch (c) {
case 'n':
hashlen = strtoul(optarg, &p, 0);
@@ -233,6 +238,9 @@ main(int argc, char *argv[])
case 'x':
hex_output++;
break;
+ case 'C':
+ itercountk = atoi(optarg);
+ break;
default:
show_usage(argv[0]);
exit(EXIT_FAILURE);
@@ -257,6 +265,8 @@ main(int argc, char *argv[])
* plus a newline, plus a null */
passhash = xmalloc(2*hashlen + 2);
+ memset(passhash, 0, 2*hashlen+2);
+
/* try to lock memory so it doesn't get swapped out for sure */
if (mlockall(MCL_CURRENT | MCL_FUTURE) == -1) {
perror("mlockall");
@@ -268,6 +278,69 @@ main(int argc, char *argv[])
if (salt)
pass = salt_passphrase(pass, salt);
hashlen = func(passhash, hashlen, pass, strlen(pass));
+
+ if(itercountk) /* from loop-AES */
+ {
+#if HAVE_LIBGCRYPT
+ gcry_cipher_hd_t ctx;
+ gcry_error_t err;
+ char tmp[32];
+ char out[32];
+
+ if(hashlen > 32) {
+ fprintf(stderr, "WARNING: hashlen truncated to 32\n");
+ hashlen = 32;
+ }
+
+ if(!gcry_check_version("1.1.0")) {
+ fprintf(stderr, "libgcrypt initialization failed\n");
+ exit(EXIT_FAILURE);
+ }
+
+ memset(out, 0, sizeof(out));
+ memcpy(out, passhash, hashlen);
+
+ err = gcry_cipher_open(&ctx, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 0);
+ if(err)
+ {
+ fprintf(stderr, "can't initialize AES: %s\n", gcry_strerror (err));
+ exit(EXIT_FAILURE);
+ }
+
+ /*
+ * Set up AES-256 encryption key using same password and hash function
+ * as before but with password bit 0 flipped before hashing. That key
+ * is then used to encrypt actual loop key 'itercountk' thousand times.
+ */
+ pass[0] ^= 1;
+ func(&tmp[0], 32, pass, strlen(pass));
+ gcry_cipher_setkey(ctx, &tmp[0], 32);
+ itercountk *= 1000;
+ while(itercountk > 0) {
+ gcry_cipher_reset(ctx);
+ gcry_cipher_setiv(ctx, NULL, 0);
+ /* encrypt both 128bit blocks with AES-256 */
+ gcry_cipher_encrypt(ctx, &out[ 0], 16, &out[ 0], 16);
+ gcry_cipher_reset(ctx);
+ gcry_cipher_setiv(ctx, NULL, 0);
+ gcry_cipher_encrypt(ctx, &out[16], 16, &out[16], 16);
+ /* exchange upper half of first block with lower half of second block */
+ memcpy(&tmp[0], &out[8], 8);
+ memcpy(&out[8], &out[16], 8);
+ memcpy(&out[16], &tmp[0], 8);
+ itercountk--;
+ }
+ memset(&tmp[0], 0, sizeof(tmp));
+
+ memcpy(passhash, out, hashlen);
+
+ gcry_cipher_close(ctx);
+#else
+ fprintf(stderr, "libgcrypt support is required for option -C\n");
+ exit(EXIT_FAILURE);
+#endif
+
+ }
memset (pass, 0, strlen (pass)); /* paranoia */
free(pass);

39
hashalot-manpage.diff
View File

@ -1,39 +0,0 @@
document -C and -t options in manpage
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
Index: hashalot-0.3/hashalot.1
===================================================================
--- hashalot-0.3/hashalot.1.orig
+++ hashalot-0.3/hashalot.1
@@ -2,9 +2,9 @@
.SH NAME
hashalot \- read a passphrase and print a hash
.SH SYNOPSIS
-.B hashalot [ \-s SALT ] [ \-x ] [ \-n #BYTES ] HASHTYPE
+.B hashalot [ \-t secs ] [ \-s SALT ] [ \-x ] [ \-n #BYTES ] [ \-C itercountk ] HASHTYPE
.br
-.B HASHTYPE [ \-s SALT ] [ \-x ] [ \-n #BYTES ]
+.B HASHTYPE [ \-t secs ] [ \-s SALT ] [ \-x ] [ \-n #BYTES ] [ \-C itercountk ]
.SH DESCRIPTION
.PP
\fIhashalot\fP is a small tool that reads a passphrase from standard
@@ -36,6 +36,18 @@ option can be used to limit (or increase
default is as appropriate for the specified hash algorithm: 20 bytes for
RIPEMD160, 32 bytes for SHA256, etc. The default for the "rmd160compat"
hash is 16 bytes, for compatibility with the old kerneli.org utilities.
+.PP
+The
+.B \-t
+option specifies a timeout for reading the passphrase from the terminal.
+.PP
+The
+.B \-C
+option specifies that the hashed password has to be encrypted
+itercountk thousand times using AES-256. Use for compatability with
+loop-AES.
+.PP
+The options \-t and \-C are currently SUSE specific
.SH AUTHOR
Ben Slusky <sluskyb@paranoiacs.org>
.PP

87
hashalot-timeout.diff
View File

@ -1,87 +0,0 @@
add timeout option -t
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
Index: hashalot-0.3/hashalot.c
===================================================================
--- hashalot-0.3.orig/hashalot.c
+++ hashalot-0.3/hashalot.c
@@ -21,6 +21,7 @@
#include <string.h>
#include <unistd.h>
#include <assert.h>
+#include <signal.h>
#include <sys/types.h>
#include <sys/mman.h>
@@ -36,6 +37,12 @@
typedef int (*phash_func_t)(char dest[], size_t dest_len, const char src[], size_t src_len);
+static int got_timeout;
+void alrm_handler(int num)
+{
+ got_timeout = 1;
+}
+
static int
phash_rmd160(char dest[], size_t dest_len, const char src[], size_t src_len)
{
@@ -101,9 +108,9 @@ show_usage(const char argv0[])
fprintf (stdout,
"usage:\n"
- " hashalot [ -x ] [ -s SALT ] [ -n _#bytes_ ] [ -C itercountk ] HASHTYPE\n"
+ " hashalot [ -t secs ] [ -x ] [ -s SALT ] [ -n _#bytes_ ] [ -C itercountk ] HASHTYPE\n"
" or\n"
- " HASHTYPE [ -x ] [ -s SALT ] [ -n _#bytes_ ] [ -C itercountk ]\n"
+ " HASHTYPE [ -t secs ] [ -x ] [ -s SALT ] [ -n _#bytes_ ] [ -C itercountk ]\n"
"\n"
"supported values for HASHTYPE: ");
@@ -222,8 +229,9 @@ main(int argc, char *argv[])
phash_func_t func;
int hex_output = 0, c;
unsigned long itercountk = 0;
+ unsigned timeout = 0;
- while ((c = getopt(argc, argv, "n:s:xC:")) != -1) {
+ while ((c = getopt(argc, argv, "n:s:xC:t:")) != -1) {
switch (c) {
case 'n':
hashlen = strtoul(optarg, &p, 0);
@@ -238,6 +246,9 @@ main(int argc, char *argv[])
case 's':
salt = optarg;
break;
+ case 't':
+ timeout = atoi(optarg);
+ break;
case 'x':
hex_output++;
break;
@@ -276,8 +287,24 @@ main(int argc, char *argv[])
fputs("Warning: couldn't lock memory, are you root?\n", stderr);
}
+ if(timeout) {
+ struct sigaction sa;
+ sa.sa_handler = alrm_handler;
+ sigemptyset (&sa.sa_mask);
+ sa.sa_flags = 0;
+ sigaction(SIGALRM, &sa, NULL);
+ alarm(timeout);
+ }
+
/* here we acquire the precious passphrase... */
pass = xgetpass("Enter passphrase: ");
+ if(got_timeout) {
+ exit(EXIT_FAILURE);
+ }
+ if(timeout) {
+ alarm(0);
+ }
+
if (salt)
pass = salt_passphrase(pass, salt);
hashlen = func(passhash, hashlen, pass, strlen(pass));