| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
default_passwd is a compile-time constant. In case, where it's unset,
the function will early-return and the static analyzer will warn about
len being initialized, but never used, move the length calculation later
to avoid this false positive.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20220905095557.596891-18-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
| |
Cryptographic verifications should be time-constant so that an attacker
cannot get information about the secrets used by observing the system,
so use crypto_memneq() rather than memcmp() to compare password hashes.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For all files in common/ that already have a license text:
- Replace with appropriate SPDX-License-Identifier
- Remove empty comment lines around replacement
- remove comment completely if only thing remaining is name
of file without description
Reviewed-by: Roland Hieber <rhi@pengutronix.de>
Reviewed-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
| |
BAREBOX_MAGICVAR now generates a unique identifier automatically,
so we can convert users of BAREBOX_MAGICVAR_NAMED to the simpler
BAREBOX_MAGICVAR macro.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When CONFIG_PASSWORD_DEFAULT is unset, the default_passwd buffer is set
to the empty string. The read_default_passwd() function wants to read at
least two characters from that buffer, causing GCC to generate an array
bounds warning:
barebox/common/password.c: In function 'login':
barebox/common/password.c:173:5: warning: array subscript [1, 2147483647] is outside array bounds of 'const char[1]' [-Warray-bounds]
In file included from barebox/common/password.c:30:
include/generated/passwd.h:1:19: note: while referencing 'default_passwd'
Add an ARRAY_SIZE check to default_passwd so that the loop is optimized
away and the warning is no longer generated. Since the
read_default_passwd() function is only called when default_passwd is not
the empty string, this is not a functional change.
Signed-off-by: David Dgien <dgienda125@gmail.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
| |
This function is used only in common/password.c itself, so it doesn't
need to be exported.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
| |
The CREDITS file was removed from barebox in 2015 by commit 6570288f2d97
("Remove the CREDITS file"). Remove references to it from several files.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
| |
This reverts commit 1b4a05c9263ae26083526acfabdea1ef96531a1d.
|
|
|
|
|
|
|
|
|
| |
Similar to the device parameter functions also make the globalvar
functions more consistent. This also adds support for readonly
globalvars and changes several existing globalvars which should
really be readonly to readonly.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
| |
get_random_bytes is providing prng, if we have HWRNG we should be
able to use it over get_crypto_bytes
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
| |
The function we have implemented as getc has the semantics of the
standard function getchar, so rename it accorgingly.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
| |
run_command fits much better into command.h, move it there.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch continues cleanup password code from
commit 40596b856f61c281fb34f804bf42550c099f26c3
Author: Sascha Hauer <s.hauer@pengutronix.de>
Date: Thu Aug 27 15:58:50 2015 +0200
login: cleanup password code
Signed-off-by: Sergey Koshechkin <tritel59@gmail.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes
common/password.c: In function 'check_passwd':
common/password.c:292:4: warning: reading through null pointer (argument 3)
pr_err("No such digest: %s\n", PASSWD_SUM);
if no algo is enabled in which case PASSWD_SUM is defined to NULL.
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
| |
digest_alloc can fail, check the return value.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
| |
- make some locally used functions static
- remove read_passwd which is unused
- some refactoring to make code pathes clearer
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We used to have the login functionality in the /env/bin/init script.
This is hard to review and it's too easy to break the login functionality
with changes to this script. Move the places to ask for a password to
C code where we have only a few places where we have to ask for a password.
Mainly these are run_shell() and the menutree command.
This patch introduces a login() function which will only return if the correct
password has been entered. Following calls will return immediately without
asking for a password again.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
| |
We will use random 32 bytes salt and 10000 round to generate a
32 bytes key.
Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
| |
Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
|
|
| |
Now you need to call digest_alloc and when you finish to use it digest_free.
We need this for upcomming aes encryption support and secure boot
as we will need multiple instance of the same digest.
Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
| |
This will allow to move from a one at a time digest to a multi-instance
with too much impact on the code using it
Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
| |
Our KEY_ defines conflict with the standard Linux KEY_ defines, so
add a BB_ prefix to them.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
| |
even if the env is broken you will have a password
Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
| |
due to missing/misplaced boundary check, deleting characters could
underflow the password buffer.
Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
| |
The FSF address has changed in the past. Instead of updating it
each time the address changes, just drop it completely treewide.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
| |
Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
|
| |
If a timeout is specified and expired the command will be executed
by default boot
Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
|
|
|
|
|
| |
add missing EXPORT_SYMBOL for nan static function
Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
|
|
Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
|