mail archive of the barebox mailing list
 help / color / mirror / Atom feed
* [PATCH 1/5] login: rework login mechanism
@ 2015-08-27 15:26 Sascha Hauer
  2015-08-27 15:26 ` [PATCH 2/5] login: cleanup password code Sascha Hauer
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: Sascha Hauer @ 2015-08-27 15:26 UTC (permalink / raw)
  To: Barebox List

We used to have the login functionality in the /env/bin/init script.
This is hard to review and it's too easy to break the login functionality
with changes to this script. Move the places to ask for a password to
C code where we have only a few places where we have to ask for a password.
Mainly these are run_shell() and the menutree command.

This patch introduces a login() function which will only return if the correct
password has been entered. Following calls will return immediately without
asking for a password again.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
 commands/login.c                      | 70 +-------------------------------
 commands/menutree.c                   |  3 ++
 common/console.c                      |  6 ---
 common/console_common.c               | 27 -------------
 common/console_simple.c               |  9 ++---
 common/hush.c                         |  3 ++
 common/parser.c                       |  2 +
 common/password.c                     | 75 ++++++++++++++++++++++++++++++++++-
 common/startup.c                      |  7 +---
 defaultenv/defaultenv-2-base/bin/init | 18 ---------
 include/console.h                     |  3 --
 include/password.h                    |  8 ++++
 12 files changed, 96 insertions(+), 135 deletions(-)

diff --git a/commands/login.c b/commands/login.c
index bf5085c..58bb592 100644
--- a/commands/login.c
+++ b/commands/login.c
@@ -19,89 +19,23 @@
 #include <command.h>
 #include <complete.h>
 #include <password.h>
-#include <getopt.h>
-#include <environment.h>
-#include <globalvar.h>
-#include <magicvar.h>
-#include <init.h>
-#include <console.h>
-
-#define PASSWD_MAX_LENGTH	(128 + 1)
-
-#if defined(CONFIG_PASSWD_MODE_STAR)
-#define LOGIN_MODE STAR
-#elif defined(CONFIG_PASSWD_MODE_CLEAR)
-#define LOGIN_MODE CLEAR
-#else
-#define LOGIN_MODE HIDE
-#endif
-
-static int login_timeout = 0;
 
 static int do_login(int argc, char *argv[])
 {
-	unsigned char passwd[PASSWD_MAX_LENGTH];
-	int passwd_len, opt;
-	int timeout = login_timeout;
-	char *timeout_cmd = "boot";
-
-	console_allow_input(true);
-	if (!is_passwd_enable()) {
-		puts("login: password not set\n");
-		return 0;
-	}
-
-	while((opt = getopt(argc, argv, "t:")) > 0) {
-		switch(opt) {
-		case 't':
-			timeout = simple_strtoul(optarg, NULL, 10);
-			break;
-		}
-	}
-
-	if (optind != argc)
-		timeout_cmd = argv[optind];
-
-	do {
-		puts("Password: ");
-		passwd_len = password(passwd, PASSWD_MAX_LENGTH, LOGIN_MODE, timeout);
-
-		if (passwd_len < 0) {
-			console_allow_input(false);
-			run_command(timeout_cmd);
-		}
-
-		if (check_passwd(passwd, passwd_len) == 1)
-			return 0;
-	} while(1);
+	login();
 
 	return 0;
 }
 
 BAREBOX_CMD_HELP_START(login)
 BAREBOX_CMD_HELP_TEXT("Asks for a password from the console before script execution continues.")
-BAREBOX_CMD_HELP_TEXT("The password can be set with the 'passwd' command. Instead of specifying")
-BAREBOX_CMD_HELP_TEXT("a TIMEOUT the magic variable 'global.login.timeout' could be set.")
-BAREBOX_CMD_HELP_TEXT("")
-BAREBOX_CMD_HELP_TEXT("Options:")
-BAREBOX_CMD_HELP_OPT("-t TIMEOUT", "Execute COMMAND if no login withing TIMEOUT seconds")
+BAREBOX_CMD_HELP_TEXT("The password can be set with the 'passwd' command.")
 BAREBOX_CMD_HELP_END
 
 BAREBOX_CMD_START(login)
 	.cmd		= do_login,
 	BAREBOX_CMD_DESC("ask for a password")
-	BAREBOX_CMD_OPTS("[-t TIMEOUT] COMMAND")
 	BAREBOX_CMD_GROUP(CMD_GRP_CONSOLE)
 	BAREBOX_CMD_HELP(cmd_login_help)
 	BAREBOX_CMD_COMPLETE(empty_complete)
 BAREBOX_CMD_END
-
-static int login_global_init(void)
-{
-	globalvar_add_simple_int("login.timeout", &login_timeout, "%d");
-
-	return 0;
-}
-late_initcall(login_global_init);
-
-BAREBOX_MAGICVAR_NAMED(global_login_timeout, global.login.timeout, "timeout to type the password");
diff --git a/commands/menutree.c b/commands/menutree.c
index 5d30b67..ea5f65f 100644
--- a/commands/menutree.c
+++ b/commands/menutree.c
@@ -12,12 +12,15 @@
 #include <common.h>
 #include <getopt.h>
 #include <menu.h>
+#include <password.h>
 
 static int do_menutree(int argc, char *argv[])
 {
 	int opt, ret;
 	char *path = "/env/menu";
 
+	login();
+
 	while ((opt = getopt(argc, argv, "m:")) > 0) {
 		switch (opt) {
 		case 'm':
diff --git a/common/console.c b/common/console.c
index bf64c08..84d4ea7 100644
--- a/common/console.c
+++ b/common/console.c
@@ -344,9 +344,6 @@ int getc(void)
 	unsigned char ch;
 	uint64_t start;
 
-	if (unlikely(!console_is_input_allow()))
-		return -EPERM;
-
 	/*
 	 * For 100us we read the characters from the serial driver
 	 * into a kfifo. This helps us not to lose characters
@@ -381,9 +378,6 @@ EXPORT_SYMBOL(fgetc);
 
 int tstc(void)
 {
-	if (unlikely(!console_is_input_allow()))
-		return 0;
-
 	return kfifo_len(console_input_fifo) || tstc_raw();
 }
 EXPORT_SYMBOL(tstc);
diff --git a/common/console_common.c b/common/console_common.c
index 2c82c6f..fcf89e8 100644
--- a/common/console_common.c
+++ b/common/console_common.c
@@ -33,33 +33,6 @@
 
 #ifndef CONFIG_CONSOLE_NONE
 
-static int console_input_allow;
-
-static int console_global_init(void)
-{
-	if (IS_ENABLED(CONFIG_CMD_LOGIN) && is_passwd_enable())
-		console_input_allow = 0;
-	else
-		console_input_allow = 1;
-
-	globalvar_add_simple_bool("console.input_allow", &console_input_allow);
-
-	return 0;
-}
-late_initcall(console_global_init);
-
-BAREBOX_MAGICVAR_NAMED(global_console_input_allow, global.console.input_allow, "console input allowed");
-
-bool console_is_input_allow(void)
-{
-	return console_input_allow;
-}
-
-void console_allow_input(bool val)
-{
-	console_input_allow = val;
-}
-
 int barebox_loglevel = CONFIG_DEFAULT_LOGLEVEL;
 
 LIST_HEAD(barebox_logbuf);
diff --git a/common/console_simple.c b/common/console_simple.c
index 6cb72bb..2b1cc17 100644
--- a/common/console_simple.c
+++ b/common/console_simple.c
@@ -41,9 +41,6 @@ EXPORT_SYMBOL(console_putc);
 
 int tstc(void)
 {
-	if (unlikely(!console_is_input_allow()))
-		return 0;
-
 	if (!console)
 		return 0;
 
@@ -53,9 +50,6 @@ EXPORT_SYMBOL(tstc);
 
 int getc(void)
 {
-	if (unlikely(!console_is_input_allow()))
-		return -EPERM;
-
 	if (!console)
 		return -EINVAL;
 	return console->getc(console);
@@ -73,6 +67,9 @@ EXPORT_SYMBOL(console_flush);
 /* test if ctrl-c was pressed */
 int ctrlc (void)
 {
+	if (login())
+		return 0;
+
 	if (tstc() && getc() == 3)
 		return 1;
 	return 0;
diff --git a/common/hush.c b/common/hush.c
index ffd2513..abe8713 100644
--- a/common/hush.c
+++ b/common/hush.c
@@ -116,6 +116,7 @@
 #include <errno.h>
 #include <fs.h>
 #include <libbb.h>
+#include <password.h>
 #include <glob.h>
 #include <getopt.h>
 #include <libfile.h>
@@ -1914,6 +1915,8 @@ int run_shell(void)
 	struct p_context ctx;
 	int exit = 0;
 
+	login();
+
 	do {
 		setup_file_in_str(&input);
 		rcode = parse_stream_outer(&ctx, &input, FLAG_PARSE_SEMICOLON);
diff --git a/common/parser.c b/common/parser.c
index 207599f..b5ffe51 100644
--- a/common/parser.c
+++ b/common/parser.c
@@ -266,6 +266,8 @@ int run_shell(void)
 	int len;
 	int rc = 1;
 
+	login();
+
 	for (;;) {
 		len = readline (CONFIG_PROMPT, console_buffer, CONFIG_CBSIZE);
 
diff --git a/common/password.c b/common/password.c
index c845422..6532143 100644
--- a/common/password.c
+++ b/common/password.c
@@ -24,8 +24,11 @@
 #include <digest.h>
 #include <malloc.h>
 #include <xfuncs.h>
+#include <magicvar.h>
 #include <clock.h>
+#include <init.h>
 #include <stdlib.h>
+#include <globalvar.h>
 #include <generated/passwd.h>
 #include <crypto/pbkdf2.h>
 
@@ -73,7 +76,7 @@ int password(unsigned char *passwd, size_t length, int flags, int timeout)
 			case CTL_CH('c'):
 				passwd[0] = '\0';
 				puts("\r\n");
-				return 0;
+				return -EINTR;
 			case CTL_CH('h'):
 			case BB_KEY_DEL7:
 			case BB_KEY_DEL:
@@ -104,7 +107,7 @@ int password(unsigned char *passwd, size_t length, int flags, int timeout)
 		}
 	} while (!is_timeout(start, timeout * SECOND) || timeout == 0);
 
-	return -1;
+	return -ETIMEDOUT;
 }
 EXPORT_SYMBOL(password);
 
@@ -374,6 +377,8 @@ int set_env_passwd(unsigned char* passwd, size_t length)
 		hash_len = PBKDF2_LENGTH;
 	} else {
 		d = digest_alloc(PASSWD_SUM);
+		if (!d)
+			return -EINVAL;
 
 		hash_len = digest_length(d);
 	}
@@ -406,3 +411,69 @@ err:
 	return ret;
 }
 EXPORT_SYMBOL(set_env_passwd);
+
+#define PASSWD_MAX_LENGTH	(128 + 1)
+
+#if defined(CONFIG_PASSWD_MODE_STAR)
+#define LOGIN_MODE STAR
+#elif defined(CONFIG_PASSWD_MODE_CLEAR)
+#define LOGIN_MODE CLEAR
+#else
+#define LOGIN_MODE HIDE
+#endif
+
+static int logged_in;
+static int login_timeout;
+static char *login_fail_command;
+
+/**
+ * login() - Prompt for password
+ *
+ * This function only returns when the correct password has been entered or
+ * no password is necessary because either no password is configured or the
+ * correct password has been entered in a previous call to this function.
+ */
+void login(void)
+{
+	unsigned char passwd[PASSWD_MAX_LENGTH];
+	int ret;
+
+	if (!is_passwd_enable())
+		return;
+
+	if (logged_in)
+		return;
+
+	while (1) {
+		printf("Password: ");
+
+		ret = password(passwd, PASSWD_MAX_LENGTH, LOGIN_MODE, login_timeout);
+		if (ret < 0)
+			run_command(login_fail_command);
+
+		if (ret < 0)
+			continue;
+
+		if (check_passwd(passwd, ret) != 1)
+			continue;
+
+		logged_in = 1;
+		return;
+	}
+}
+
+static int login_global_init(void)
+{
+	login_fail_command = xstrdup("boot");
+
+	globalvar_add_simple_int("login.timeout", &login_timeout, "%d");
+	globalvar_add_simple_string("login.fail_command", &login_fail_command);
+
+	return 0;
+}
+late_initcall(login_global_init);
+
+BAREBOX_MAGICVAR_NAMED(global_login_fail_command, global.login.fail_command,
+		"command to run when password entry failed");
+BAREBOX_MAGICVAR_NAMED(global_login_timeout, global.login.timeout,
+		"timeout to type the password");
diff --git a/common/startup.c b/common/startup.c
index 802b90e..4a303b2 100644
--- a/common/startup.c
+++ b/common/startup.c
@@ -108,13 +108,10 @@ void __noreturn start_barebox(void)
 	if (IS_ENABLED(CONFIG_COMMAND_SUPPORT)) {
 		pr_info("running /env/bin/init...\n");
 
-		if (!stat("/env/bin/init", &s)) {
+		if (!stat("/env/bin/init", &s))
 			run_command("source /env/bin/init");
-		} else {
+		else
 			pr_err("/env/bin/init not found\n");
-			if (IS_ENABLED(CONFIG_CMD_LOGIN))
-				while(run_command("login -t 0"));
-		}
 	}
 
 	if (!barebox_main) {
diff --git a/defaultenv/defaultenv-2-base/bin/init b/defaultenv/defaultenv-2-base/bin/init
index 30651e5..37ee365 100644
--- a/defaultenv/defaultenv-2-base/bin/init
+++ b/defaultenv/defaultenv-2-base/bin/init
@@ -27,25 +27,15 @@ magicvar -a global.allow_color "Allow color on the console (boolean)"
 [ -e /env/config-board ] && /env/config-board
 /env/config
 
-# request password to login if a timeout is specified and password set
-if [ -n ${global.login.timeout} ]; then
-	[ ${global.login.timeout} -gt 0 ] && login_cmd=login
-fi
-# allow the input if not
-[ -n ${global.console.input_allow} ] && global.console.input_allow=1
-
 # allow to stop the boot before execute the /env/init/*
 # but without waiting
 timeout -s -a -v key 0
 autoboot="$?"
 
 if [ "${key}" = "q" ]; then
-	${login_cmd}
 	exit
 fi
 
-[ -n ${login_cmd} ] && global.console.input_allow=0
-
 for i in /env/init/*; do
 	. $i
 done
@@ -56,17 +46,12 @@ else
 	echo -e -n "\nHit any key to stop autoboot: "
 fi
 
-[ -n ${login_cmd} ] && global.console.input_allow=1
-
 if [ "$autoboot" = 0 ]; then
 	timeout -a $global.autoboot_timeout -v key
 	autoboot="$?"
 fi
 
-[ -n ${login_cmd} ] && global.console.input_allow=0
-
 if [ "${key}" = "q" ]; then
-	${login_cmd}
 	exit
 fi
 
@@ -75,12 +60,9 @@ if [ "$autoboot" = 0 ]; then
 fi
 
 if [ -e /env/menu ]; then
-	${login_cmd}
 	if [ "${key}" != "m" ]; then
 		echo -e "\ntype exit to get to the menu"
 		sh
 	fi
 	/env/menu/mainmenu
 fi
-
-${login_cmd}
diff --git a/include/console.h b/include/console.h
index a6737c8..4b2f134 100644
--- a/include/console.h
+++ b/include/console.h
@@ -71,9 +71,6 @@ extern struct list_head console_list;
 
 #define CFG_PBSIZE (CONFIG_CBSIZE+sizeof(CONFIG_PROMPT)+16)
 
-bool console_is_input_allow(void);
-void console_allow_input(bool val);
-
 extern int barebox_loglevel;
 
 struct console_device *console_get_first_active(void);
diff --git a/include/password.h b/include/password.h
index 0dd1054..fec831f 100644
--- a/include/password.h
+++ b/include/password.h
@@ -42,6 +42,14 @@ int passwd_env_disable(void);
 int check_env_passwd(unsigned char* passwd, size_t length);
 int set_env_passwd(unsigned char* passwd, size_t length);
 
+#ifdef CONFIG_PASSWORD
+void login(void);
+#else
+static inline void login(void)
+{
+}
+#endif
+
 static inline int is_passwd_enable(void)
 {
 	return is_passwd_default_enable() || is_passwd_env_enable();
-- 
2.5.0


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH 2/5] login: cleanup password code
  2015-08-27 15:26 [PATCH 1/5] login: rework login mechanism Sascha Hauer
@ 2015-08-27 15:26 ` Sascha Hauer
  2015-08-27 15:26 ` [PATCH 3/5] login: check return value of digest_alloc Sascha Hauer
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: Sascha Hauer @ 2015-08-27 15:26 UTC (permalink / raw)
  To: Barebox List

- make some locally used functions static
- remove read_passwd which is unused
- some refactoring to make code pathes clearer

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
 common/password.c  | 48 +++++++++---------------------------------------
 include/password.h | 20 +-------------------
 2 files changed, 10 insertions(+), 58 deletions(-)

diff --git a/common/password.c b/common/password.c
index 6532143..0cb79b8 100644
--- a/common/password.c
+++ b/common/password.c
@@ -158,17 +158,7 @@ static unsigned char to_hexa(unsigned char c)
 	return c;
 }
 
-int read_passwd(unsigned char *sum, size_t length)
-{
-	if (is_passwd_env_enable())
-		return read_env_passwd(sum, length);
-	else if (is_passwd_default_enable())
-		return read_default_passwd(sum, length);
-	else
-		return -EINVAL;
-}
-
-int read_default_passwd(unsigned char *sum, size_t length)
+static int read_default_passwd(unsigned char *sum, size_t length)
 {
 	int i = 0;
 	int len = strlen(default_passwd);
@@ -195,7 +185,7 @@ int read_default_passwd(unsigned char *sum, size_t length)
 }
 EXPORT_SYMBOL(read_default_passwd);
 
-int read_env_passwd(unsigned char *sum, size_t length)
+static int read_env_passwd(unsigned char *sum, size_t length)
 {
 	int fd;
 	int ret = 0;
@@ -286,7 +276,7 @@ exit:
 }
 EXPORT_SYMBOL(write_env_passwd);
 
-static int __check_passwd(unsigned char* passwd, size_t length, int std)
+static int check_passwd(unsigned char *passwd, size_t length)
 {
 	struct digest *d = NULL;
 	unsigned char *passwd1_sum;
@@ -308,10 +298,12 @@ static int __check_passwd(unsigned char* passwd, size_t length, int std)
 
 	passwd2_sum = passwd1_sum + hash_len;
 
-	if (std)
+	if (is_passwd_env_enable())
 		ret = read_env_passwd(passwd2_sum, hash_len);
-	else
+	else if (is_passwd_default_enable())
 		ret = read_default_passwd(passwd2_sum, hash_len);
+	else
+		ret = -EINVAL;
 
 	if (ret < 0)
 		goto err;
@@ -345,28 +337,6 @@ err:
 	return ret;
 }
 
-int check_default_passwd(unsigned char* passwd, size_t length)
-{
-	return __check_passwd(passwd, length, 0);
-}
-EXPORT_SYMBOL(check_default_passwd);
-
-int check_env_passwd(unsigned char* passwd, size_t length)
-{
-	return __check_passwd(passwd, length, 1);
-}
-EXPORT_SYMBOL(check_env_passwd);
-
-int check_passwd(unsigned char* passwd, size_t length)
-{
-	if (is_passwd_env_enable())
-		return check_env_passwd(passwd, length);
-	else if (is_passwd_default_enable())
-		return check_default_passwd(passwd, length);
-	else
-		return -EINVAL;
-}
-
 int set_env_passwd(unsigned char* passwd, size_t length)
 {
 	struct digest *d = NULL;
@@ -423,7 +393,7 @@ EXPORT_SYMBOL(set_env_passwd);
 #endif
 
 static int logged_in;
-static int login_timeout;
+static int login_timeout = 60;
 static char *login_fail_command;
 
 /**
@@ -438,7 +408,7 @@ void login(void)
 	unsigned char passwd[PASSWD_MAX_LENGTH];
 	int ret;
 
-	if (!is_passwd_enable())
+	if (!is_passwd_default_enable() && !is_passwd_env_enable())
 		return;
 
 	if (logged_in)
diff --git a/include/password.h b/include/password.h
index fec831f..8b99618 100644
--- a/include/password.h
+++ b/include/password.h
@@ -26,21 +26,8 @@
 #define CLEAR	(1 << 2)
 
 int password(unsigned char *passwd, size_t length, int flags, int timeout);
-
-int read_passwd(unsigned char *sum, size_t length);
-int check_passwd(unsigned char* passwd, size_t length);
-
-int read_env_passwd(unsigned char *sum, size_t length);
-int write_env_passwd(unsigned char *sum, size_t length);
-
-int read_default_passwd(unsigned char *sum, size_t length);
-int is_passwd_default_enable(void);
-int check_default_passwd(unsigned char* passwd, size_t length);
-
-int is_passwd_env_enable(void);
 int passwd_env_disable(void);
-int check_env_passwd(unsigned char* passwd, size_t length);
-int set_env_passwd(unsigned char* passwd, size_t length);
+int set_env_passwd(unsigned char *passwd, size_t length);
 
 #ifdef CONFIG_PASSWORD
 void login(void);
@@ -50,9 +37,4 @@ static inline void login(void)
 }
 #endif
 
-static inline int is_passwd_enable(void)
-{
-	return is_passwd_default_enable() || is_passwd_env_enable();
-}
-
 #endif /* __PASSWORD_H__ */
-- 
2.5.0


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH 3/5] login: check return value of digest_alloc
  2015-08-27 15:26 [PATCH 1/5] login: rework login mechanism Sascha Hauer
  2015-08-27 15:26 ` [PATCH 2/5] login: cleanup password code Sascha Hauer
@ 2015-08-27 15:26 ` Sascha Hauer
  2015-08-27 15:26 ` [PATCH 4/5] crypto: fix selecting of digests Sascha Hauer
  2015-08-27 15:26 ` [PATCH 5/5] login: explain PASSWORD_DEFAULT option Sascha Hauer
  3 siblings, 0 replies; 5+ messages in thread
From: Sascha Hauer @ 2015-08-27 15:26 UTC (permalink / raw)
  To: Barebox List

digest_alloc can fail, check the return value.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
 common/password.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/common/password.c b/common/password.c
index 0cb79b8..43c5e0c 100644
--- a/common/password.c
+++ b/common/password.c
@@ -288,6 +288,10 @@ static int check_passwd(unsigned char *passwd, size_t length)
 		hash_len = PBKDF2_LENGTH;
 	} else {
 		d = digest_alloc(PASSWD_SUM);
+		if (!d) {
+			pr_err("No such digest: %s\n", PASSWD_SUM);
+			return -ENOENT;
+		}
 
 		hash_len = digest_length(d);
 	}
-- 
2.5.0


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH 4/5] crypto: fix selecting of digests
  2015-08-27 15:26 [PATCH 1/5] login: rework login mechanism Sascha Hauer
  2015-08-27 15:26 ` [PATCH 2/5] login: cleanup password code Sascha Hauer
  2015-08-27 15:26 ` [PATCH 3/5] login: check return value of digest_alloc Sascha Hauer
@ 2015-08-27 15:26 ` Sascha Hauer
  2015-08-27 15:26 ` [PATCH 5/5] login: explain PASSWORD_DEFAULT option Sascha Hauer
  3 siblings, 0 replies; 5+ messages in thread
From: Sascha Hauer @ 2015-08-27 15:26 UTC (permalink / raw)
  To: Barebox List

SHA1 is meant as a boolean option which is true when sha1 support is available.
This works because the providers (DIGEST_SHA1_GENERIC and DIGEST_SHA1_ARM) have
a 'select SHA1'. However, consumers like the sha1sum command do a 'select SHA1'
to enable SHA1 support. This of course does not work; selecting SHA1 will not
select any of the SHA1 providers.

This is broken for all digest consumers. We have to explicitly select a digest
provider, that is DIGEST_*_GENERIC to enable the corresponding digest.

This means now we will always have the generic digest in the binary, even
when an optimized one is enabled. There is no sane way in Kconfig to
"select provider for feature xy", so let's live with the overhead in the binary.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
 commands/Kconfig | 12 ++++++------
 common/Kconfig   |  8 ++++----
 crypto/Kconfig   |  2 +-
 3 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/commands/Kconfig b/commands/Kconfig
index 133dcbf..c2c42cc 100644
--- a/commands/Kconfig
+++ b/commands/Kconfig
@@ -928,7 +928,7 @@ config CMD_LS
 config CMD_MD5SUM
 	tristate
 	select COMPILE_HASH
-	select MD5
+	select DIGEST_MD5_GENERIC
 	prompt "md5sum"
 	help
 	  Usage: md5sum FILE|AREA...
@@ -993,7 +993,7 @@ config CMD_RMDIR
 config CMD_SHA1SUM
 	tristate
 	select COMPILE_HASH
-	select SHA1
+	select DIGEST_SHA1_GENERIC
 	prompt "sha1sum"
 	help
 	  Calculate SHA1 digest
@@ -1005,7 +1005,7 @@ config CMD_SHA1SUM
 config CMD_SHA224SUM
 	tristate
 	select COMPILE_HASH
-	select SHA224
+	select DIGEST_SHA224_GENERIC
 	prompt "sha224sum"
 	help
 	  Calculate SHA224 digest
@@ -1017,7 +1017,7 @@ config CMD_SHA224SUM
 config CMD_SHA256SUM
 	tristate
 	select COMPILE_HASH
-	select SHA256
+	select DIGEST_SHA256_GENERIC
 	prompt "sha256sum"
 	help
 	  sha256sum - calculate SHA256 digest
@@ -1029,7 +1029,7 @@ config CMD_SHA256SUM
 config CMD_SHA384SUM
 	tristate
 	select COMPILE_HASH
-	select SHA384
+	select DIGEST_SHA384_GENERIC
 	prompt "sha384sum"
 	help
 	  Calculate SHA384 digest
@@ -1041,7 +1041,7 @@ config CMD_SHA384SUM
 config CMD_SHA512SUM
 	tristate
 	select COMPILE_HASH
-	select SHA512
+	select DIGEST_SHA512_GENERIC
 	prompt "sha512sum"
 	help
 	  sha512sum - calculate SHA512 digest
diff --git a/common/Kconfig b/common/Kconfig
index 8c6ba7f..03a0dc9 100644
--- a/common/Kconfig
+++ b/common/Kconfig
@@ -460,19 +460,19 @@ choice
 
 config PASSWD_SUM_MD5
 	bool "MD5"
-	select MD5
+	select DIGEST_MD5_GENERIC
 
 config PASSWD_SUM_SHA1
 	bool "SHA1"
-	select SHA1
+	select DIGEST_SHA1_GENERIC
 
 config PASSWD_SUM_SHA256
 	bool "SHA256"
-	select SHA256
+	select DIGEST_SHA256_GENERIC
 
 config PASSWD_SUM_SHA512
 	bool "SHA512"
-	select SHA512
+	select DIGEST_SHA512_GENERIC
 
 config PASSWD_CRYPTO_PBKDF2
 	bool "PBKDF2"
diff --git a/crypto/Kconfig b/crypto/Kconfig
index 24f8b41..ef807de 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -82,5 +82,5 @@ endif
 
 config CRYPTO_PBKDF2
 	select DIGEST
-	select SHA1
+	select DIGEST_SHA1_GENERIC
 	bool
-- 
2.5.0


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH 5/5] login: explain PASSWORD_DEFAULT option
  2015-08-27 15:26 [PATCH 1/5] login: rework login mechanism Sascha Hauer
                   ` (2 preceding siblings ...)
  2015-08-27 15:26 ` [PATCH 4/5] crypto: fix selecting of digests Sascha Hauer
@ 2015-08-27 15:26 ` Sascha Hauer
  3 siblings, 0 replies; 5+ messages in thread
From: Sascha Hauer @ 2015-08-27 15:26 UTC (permalink / raw)
  To: Barebox List

This option looks like it takes the default password, but instead
it takes a filename of a file which contains the password encoded
with the selected password digest.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
 common/Kconfig | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/common/Kconfig b/common/Kconfig
index 03a0dc9..877d385 100644
--- a/common/Kconfig
+++ b/common/Kconfig
@@ -450,8 +450,14 @@ config PASSWORD
 
 config PASSWORD_DEFAULT
 	string
-	prompt "Password default"
+	prompt "Password default file"
 	depends on PASSWORD
+	help
+	  Set this to a file which is used as default password file. This file
+	  has to contain the passwd encoded with the selected password digest.
+	  i.e.:
+	  echo -ne "MyPassword" | md5sum | while read a b; do echo $a > passwdfile; done
+
 
 if PASSWORD
 
-- 
2.5.0


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2015-08-27 15:26 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-08-27 15:26 [PATCH 1/5] login: rework login mechanism Sascha Hauer
2015-08-27 15:26 ` [PATCH 2/5] login: cleanup password code Sascha Hauer
2015-08-27 15:26 ` [PATCH 3/5] login: check return value of digest_alloc Sascha Hauer
2015-08-27 15:26 ` [PATCH 4/5] crypto: fix selecting of digests Sascha Hauer
2015-08-27 15:26 ` [PATCH 5/5] login: explain PASSWORD_DEFAULT option Sascha Hauer

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox