From: kn Date: Mon, 21 Aug 2023 08:33:11 +0000 (+0000) Subject: Retry passphrase on mismatch by default X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=954c7a3468f66f671662bfce77e3b148be294f34;p=openbsd Retry passphrase on mismatch by default Gracefully prompt again during interactive creation and passphrase change on CRYPTO/1C volumes when confirmation fails instead of exiting, so bioctl(8) behaves more like passwd(1) in this regard. Use -s aka. non-interactive scripting mode to try just once. Input OK jsing op --- diff --git a/sbin/bioctl/bioctl.8 b/sbin/bioctl/bioctl.8 index e8c6bcbce96..3323de05e1b 100644 --- a/sbin/bioctl/bioctl.8 +++ b/sbin/bioctl/bioctl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: bioctl.8,v 1.112 2023/08/18 14:09:19 kn Exp $ +.\" $OpenBSD: bioctl.8,v 1.113 2023/08/21 08:33:11 kn Exp $ .\" .\" Copyright (c) 2004, 2005 Marco Peereboom .\" @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd $Mdocdate: August 18 2023 $ +.Dd $Mdocdate: August 21 2023 $ .Dt BIOCTL 8 .Os .Sh NAME @@ -288,10 +288,11 @@ is specified as "auto", the number of rounds will be automatically determined based on system performance. Otherwise the minimum is 4 rounds and the default is 16. .It Fl s -Omit prompts and read passphrases without confirmation from +Read passphrases from .Pa /dev/stdin rather than -.Pa /dev/tty . +.Pa /dev/tty , +without prompts, confirmation or retry on mismatch. .El .Sh EXAMPLES Configure a new diff --git a/sbin/bioctl/bioctl.c b/sbin/bioctl/bioctl.c index 5a54734e33d..0f1ddf21f39 100644 --- a/sbin/bioctl/bioctl.c +++ b/sbin/bioctl/bioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bioctl.c,v 1.153 2023/08/21 08:13:37 kn Exp $ */ +/* $OpenBSD: bioctl.c,v 1.154 2023/08/21 08:33:11 kn Exp $ */ /* * Copyright (c) 2004, 2005 Marco Peereboom @@ -1355,6 +1355,7 @@ derive_key(u_int32_t type, int rounds, u_int8_t *key, size_t keysz, } else { rpp_flag |= interactive ? RPP_REQUIRE_TTY : RPP_STDIN; + retry: if (readpassphrase(prompt, passphrase, sizeof(passphrase), rpp_flag) == NULL) err(1, "unable to read passphrase"); @@ -1371,6 +1372,10 @@ derive_key(u_int32_t type, int rounds, u_int8_t *key, size_t keysz, (strcmp(passphrase, verifybuf) != 0)) { explicit_bzero(passphrase, sizeof(passphrase)); explicit_bzero(verifybuf, sizeof(verifybuf)); + if (interactive) { + warnx("Passphrases did not match, try again"); + goto retry; + } errx(1, "Passphrases did not match"); } /* forget the re-typed one */