From b5907098c09a0d8ee61a966f3fc73a73cec4007b Mon Sep 17 00:00:00 2001 From: fishwaldo <> Date: Sat, 21 Sep 2002 06:26:56 +0000 Subject: [PATCH] hybrid rc4 rsarespond fixes --- tools/rsa_respond/README | 12 ++++++++---- tools/rsa_respond/respond.c | 36 +++++++++++++++++++++++++++++++++--- 2 files changed, 41 insertions(+), 7 deletions(-) diff --git a/tools/rsa_respond/README b/tools/rsa_respond/README index db651e9..97456f9 100644 --- a/tools/rsa_respond/README +++ b/tools/rsa_respond/README @@ -6,13 +6,17 @@ respond takes the challenge from the server and creates a valid response to pass back to the server. Syntax: -$ ./respond +$ ./respond [passphrase] Notes: The private key file is protected by a passphrase, entered when the key is created. The passphrase is prompted for whenever respond is called. +If the passphrase is passed on the command line (insecure mode), the +program will not prompt for a passphrase. This is primarily for running +rsa_respond from a script. + Compiling: Untar the distribution @@ -25,7 +29,7 @@ Note that you may have to explicitly add -L/usr/local/lib if OpenSSL was installed there, instead of one of the system library paths. System support: -genkey and respond compile properly, and have been tested on FreeBSD 4.x, -Linux glibc, and Cygwin 1.2 or higher. +respond compiles properly, and have been tested on FreeBSD 4.x, Linux glibc, +Solaris 8, and Cygwin 1.2 or higher. -# $Id: README,v 1.2 2002/08/13 14:45:13 fishwaldo Exp $ +# $Id: README,v 1.3 2002/09/21 06:26:56 fishwaldo Exp $ diff --git a/tools/rsa_respond/respond.c b/tools/rsa_respond/respond.c index dde749f..e7ac474 100644 --- a/tools/rsa_respond/respond.c +++ b/tools/rsa_respond/respond.c @@ -17,7 +17,7 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * $Id: respond.c,v 1.2 2002/08/13 14:45:13 fishwaldo Exp $ + * $Id: respond.c,v 1.3 2002/09/21 06:26:56 fishwaldo Exp $ */ #include #include @@ -26,10 +26,27 @@ #include #include +static int insecure_mode = 0; +static char *pass_param = NULL; + static int pass_cb(char *buf, int size, int rwflag, void *u) { int len; char *tmp; + + if (insecure_mode != 0) + { + if (pass_param == NULL) + return 0; + len = strlen(pass_param); + if (len <= 0) /* This SHOULDN'T happen */ + return 0; + if (len > size) + len = size; + memcpy(buf, pass_param, len); + return len; + } + tmp = getpass("Enter passphrase for challenge: "); len = strlen(tmp); if (len <= 0) @@ -40,7 +57,6 @@ static int pass_cb(char *buf, int size, int rwflag, void *u) return len; } - static void binary_to_hex( unsigned char * bin, char * hex, int length ) { @@ -92,10 +108,24 @@ main(int argc, char **argv) /* respond privatefile challenge */ if (argc < 3) { - puts("Usage: respond privatefile challenge"); + puts("Usage: respond privatefile challenge [passphrase]"); return 0; } + if (argc == 4) + { + /* This is TOTALLY insecure and not recommended, but for + ** interfacing with irc client scripts, it's either this + ** or don't use a passphrase. + ** + ** The likelihood of a passphrase leaking isn't TOO great, + ** only ps auxww will show it, and even then, only at the + ** precise moment this is called. + */ + insecure_mode = 1; + pass_param = argv[3]; + } + if (!(kfile = fopen(argv[1], "r"))) { puts("Could not open the private keyfile.");