diff options
| author | Klemens Nanni <kn@cvs.openbsd.org> | 2023-08-21 08:33:12 +0000 |
|---|---|---|
| committer | Klemens Nanni <kn@cvs.openbsd.org> | 2023-08-21 08:33:12 +0000 |
| commit | 1f6770fb2b1af6534bcc24606d4e2b388878a790 (patch) | |
| tree | fde1d3fbea1ff32a9c7718c83a81d3df4d62abfc | |
| parent | 3f740f34beb912568cb2f73eddcb66bad256805d (diff) | |
Retry passphrase on mismatch by default
Gracefully prompt again during interactive creation and passphrase change on
CRYPTO/1C volumes when confirmation fails instead of exiting, so bioctl(8)
behaves more like passwd(1) in this regard.
Use -s aka. non-interactive scripting mode to try just once.
Input OK jsing op
| -rw-r--r-- | sbin/bioctl/bioctl.8 | 9 | ||||
| -rw-r--r-- | sbin/bioctl/bioctl.c | 7 |
2 files changed, 11 insertions, 5 deletions
diff --git a/sbin/bioctl/bioctl.8 b/sbin/bioctl/bioctl.8 index e8c6bcbce96..3323de05e1b 100644 --- a/sbin/bioctl/bioctl.8 +++ b/sbin/bioctl/bioctl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: bioctl.8,v 1.112 2023/08/18 14:09:19 kn Exp $ +.\" $OpenBSD: bioctl.8,v 1.113 2023/08/21 08:33:11 kn Exp $ .\" .\" Copyright (c) 2004, 2005 Marco Peereboom .\" @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd $Mdocdate: August 18 2023 $ +.Dd $Mdocdate: August 21 2023 $ .Dt BIOCTL 8 .Os .Sh NAME @@ -288,10 +288,11 @@ is specified as "auto", the number of rounds will be automatically determined based on system performance. Otherwise the minimum is 4 rounds and the default is 16. .It Fl s -Omit prompts and read passphrases without confirmation from +Read passphrases from .Pa /dev/stdin rather than -.Pa /dev/tty . +.Pa /dev/tty , +without prompts, confirmation or retry on mismatch. .El .Sh EXAMPLES Configure a new diff --git a/sbin/bioctl/bioctl.c b/sbin/bioctl/bioctl.c index 5a54734e33d..0f1ddf21f39 100644 --- a/sbin/bioctl/bioctl.c +++ b/sbin/bioctl/bioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bioctl.c,v 1.153 2023/08/21 08:13:37 kn Exp $ */ +/* $OpenBSD: bioctl.c,v 1.154 2023/08/21 08:33:11 kn Exp $ */ /* * Copyright (c) 2004, 2005 Marco Peereboom @@ -1355,6 +1355,7 @@ derive_key(u_int32_t type, int rounds, u_int8_t *key, size_t keysz, } else { rpp_flag |= interactive ? RPP_REQUIRE_TTY : RPP_STDIN; + retry: if (readpassphrase(prompt, passphrase, sizeof(passphrase), rpp_flag) == NULL) err(1, "unable to read passphrase"); @@ -1371,6 +1372,10 @@ derive_key(u_int32_t type, int rounds, u_int8_t *key, size_t keysz, (strcmp(passphrase, verifybuf) != 0)) { explicit_bzero(passphrase, sizeof(passphrase)); explicit_bzero(verifybuf, sizeof(verifybuf)); + if (interactive) { + warnx("Passphrases did not match, try again"); + goto retry; + } errx(1, "Passphrases did not match"); } /* forget the re-typed one */ |