From b5907098c09a0d8ee61a966f3fc73a73cec4007b Mon Sep 17 00:00:00 2001
From: fishwaldo <>
Date: Sat, 21 Sep 2002 06:26:56 +0000
Subject: [PATCH] hybrid rc4 rsarespond fixes

---
 tools/rsa_respond/README    | 12 ++++++++----
 tools/rsa_respond/respond.c | 36 +++++++++++++++++++++++++++++++++---
 2 files changed, 41 insertions(+), 7 deletions(-)

diff --git a/tools/rsa_respond/README b/tools/rsa_respond/README
index db651e9..97456f9 100644
--- a/tools/rsa_respond/README
+++ b/tools/rsa_respond/README
@@ -6,13 +6,17 @@ respond takes the challenge from the server and creates a valid response
 to pass back to the server.
 
 Syntax:
-$ ./respond <private key> <challenge>
+$ ./respond <private key> <challenge> [passphrase]
 
 Notes:
 
 The private key file is protected by a passphrase, entered when the key is
 created.  The passphrase is prompted for whenever respond is called.
 
+If the passphrase is passed on the command line (insecure mode), the
+program will not prompt for a passphrase.  This is primarily for running
+rsa_respond from a script.
+
 Compiling:
 
 Untar the distribution
@@ -25,7 +29,7 @@ Note that you may have to explicitly add -L/usr/local/lib if OpenSSL
 was installed there, instead of one of the system library paths.
 
 System support:
-genkey and respond compile properly, and have been tested on FreeBSD 4.x,
-Linux glibc, and Cygwin 1.2 or higher.
+respond compiles properly, and have been tested on FreeBSD 4.x, Linux glibc,
+Solaris 8, and Cygwin 1.2 or higher.
 
-# $Id: README,v 1.2 2002/08/13 14:45:13 fishwaldo Exp $
+# $Id: README,v 1.3 2002/09/21 06:26:56 fishwaldo Exp $
diff --git a/tools/rsa_respond/respond.c b/tools/rsa_respond/respond.c
index dde749f..e7ac474 100644
--- a/tools/rsa_respond/respond.c
+++ b/tools/rsa_respond/respond.c
@@ -17,7 +17,7 @@
  *  You should have received a copy of the GNU General Public License
  *  along with this program; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- *  $Id: respond.c,v 1.2 2002/08/13 14:45:13 fishwaldo Exp $
+ *  $Id: respond.c,v 1.3 2002/09/21 06:26:56 fishwaldo Exp $
  */
 #include <stdio.h>
 #include <openssl/err.h>
@@ -26,10 +26,27 @@
 #include <openssl/md5.h>
 #include <unistd.h>
 
+static int insecure_mode = 0;
+static char *pass_param = NULL;
+
 static int pass_cb(char *buf, int size, int rwflag, void *u)
 {
 	int len;
         char *tmp;
+
+	if (insecure_mode != 0)
+	{
+		if (pass_param == NULL)
+			return 0;
+		len = strlen(pass_param);
+		if (len <= 0)  /* This SHOULDN'T happen */
+			return 0;
+		if (len > size)
+			len = size;
+		memcpy(buf, pass_param, len);
+		return len;
+	}
+
 	tmp = getpass("Enter passphrase for challenge: ");
         len = strlen(tmp);
         if (len <= 0) 
@@ -40,7 +57,6 @@ static int pass_cb(char *buf, int size, int rwflag, void *u)
         return len;
 }
 
-                                                                                        
 static void
 binary_to_hex( unsigned char * bin, char * hex, int length )
 {
@@ -92,10 +108,24 @@ main(int argc, char **argv)
 	/* respond privatefile challenge */
 	if (argc < 3)
 	{
-		puts("Usage: respond privatefile challenge");
+		puts("Usage: respond privatefile challenge [passphrase]");
 		return 0;
 	}
 
+	if (argc == 4)
+	{
+		/* This is TOTALLY insecure and not recommended, but for
+		** interfacing with irc client scripts, it's either this
+		** or don't use a passphrase.
+		**
+		** The likelihood of a passphrase leaking isn't TOO great,
+		** only ps auxww will show it, and even then, only at the
+		** precise moment this is called.
+		*/
+		insecure_mode = 1;
+		pass_param = argv[3];
+	}
+
 	if (!(kfile = fopen(argv[1], "r")))
 	{
 		puts("Could not open the private keyfile.");