hybrid rc4 rsarespond fixes
This commit is contained in:
fishwaldo
parent
19b410a8a8
commit
b5907098c0
2 changed files with 41 additions and 7 deletions
|
|
@ -6,13 +6,17 @@ respond takes the challenge from the server and creates a valid response
|
|||
to pass back to the server.
|
||||
|
||||
Syntax:
|
||||
$ ./respond <private key> <challenge>
|
||||
$ ./respond <private key> <challenge> [passphrase]
|
||||
|
||||
Notes:
|
||||
|
||||
The private key file is protected by a passphrase, entered when the key is
|
||||
created. The passphrase is prompted for whenever respond is called.
|
||||
|
||||
If the passphrase is passed on the command line (insecure mode), the
|
||||
program will not prompt for a passphrase. This is primarily for running
|
||||
rsa_respond from a script.
|
||||
|
||||
Compiling:
|
||||
|
||||
Untar the distribution
|
||||
|
|
@ -25,7 +29,7 @@ Note that you may have to explicitly add -L/usr/local/lib if OpenSSL
|
|||
was installed there, instead of one of the system library paths.
|
||||
|
||||
System support:
|
||||
genkey and respond compile properly, and have been tested on FreeBSD 4.x,
|
||||
Linux glibc, and Cygwin 1.2 or higher.
|
||||
respond compiles properly, and have been tested on FreeBSD 4.x, Linux glibc,
|
||||
Solaris 8, and Cygwin 1.2 or higher.
|
||||
|
||||
# $Id: README,v 1.2 2002/08/13 14:45:13 fishwaldo Exp $
|
||||
# $Id: README,v 1.3 2002/09/21 06:26:56 fishwaldo Exp $
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@
|
|||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
* $Id: respond.c,v 1.2 2002/08/13 14:45:13 fishwaldo Exp $
|
||||
* $Id: respond.c,v 1.3 2002/09/21 06:26:56 fishwaldo Exp $
|
||||
*/
|
||||
#include <stdio.h>
|
||||
#include <openssl/err.h>
|
||||
|
|
@ -26,10 +26,27 @@
|
|||
#include <openssl/md5.h>
|
||||
#include <unistd.h>
|
||||
|
||||
static int insecure_mode = 0;
|
||||
static char *pass_param = NULL;
|
||||
|
||||
static int pass_cb(char *buf, int size, int rwflag, void *u)
|
||||
{
|
||||
int len;
|
||||
char *tmp;
|
||||
|
||||
if (insecure_mode != 0)
|
||||
{
|
||||
if (pass_param == NULL)
|
||||
return 0;
|
||||
len = strlen(pass_param);
|
||||
if (len <= 0) /* This SHOULDN'T happen */
|
||||
return 0;
|
||||
if (len > size)
|
||||
len = size;
|
||||
memcpy(buf, pass_param, len);
|
||||
return len;
|
||||
}
|
||||
|
||||
tmp = getpass("Enter passphrase for challenge: ");
|
||||
len = strlen(tmp);
|
||||
if (len <= 0)
|
||||
|
|
@ -40,7 +57,6 @@ static int pass_cb(char *buf, int size, int rwflag, void *u)
|
|||
return len;
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
binary_to_hex( unsigned char * bin, char * hex, int length )
|
||||
{
|
||||
|
|
@ -92,10 +108,24 @@ main(int argc, char **argv)
|
|||
/* respond privatefile challenge */
|
||||
if (argc < 3)
|
||||
{
|
||||
puts("Usage: respond privatefile challenge");
|
||||
puts("Usage: respond privatefile challenge [passphrase]");
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (argc == 4)
|
||||
{
|
||||
/* This is TOTALLY insecure and not recommended, but for
|
||||
** interfacing with irc client scripts, it's either this
|
||||
** or don't use a passphrase.
|
||||
**
|
||||
** The likelihood of a passphrase leaking isn't TOO great,
|
||||
** only ps auxww will show it, and even then, only at the
|
||||
** precise moment this is called.
|
||||
*/
|
||||
insecure_mode = 1;
|
||||
pass_param = argv[3];
|
||||
}
|
||||
|
||||
if (!(kfile = fopen(argv[1], "r")))
|
||||
{
|
||||
puts("Could not open the private keyfile.");
|
||||
|
|
|
|||
Reference in a new issue