svn commit: r340132 - in head: bin/ed share/man/man5 share/mk tools/build/options
Conrad Meyer
cem at FreeBSD.org
Sun Nov 4 17:56:21 UTC 2018
Author: cem
Date: Sun Nov 4 17:56:16 2018
New Revision: 340132
URL: https://svnweb.freebsd.org/changeset/base/340132
Log:
Drop ed(1) "crypto"
You should not be using DES. You should not have been using DES for the
past 30 years.
The ed DES-CBC scheme lacked several desirable properties of a sealed
document system, even ignoring DES itself. In particular, it did not
provide the "integrity" cryptographic property (detection of tampering), and
it treated ASCII passwords as 64-bit keys (instead of using a KDF like
scrypt or PBKDF2).
Some general approaches ed(1) users might consider to replace the removed
DES mode:
1. Full disk encryption with something like AES-XTS. This is easy to
conceptualize, design, and implement, and it provides confidentiality for
data at rest. Like CBC, it lacks tampering protection. Examples include
GELI, LUKS, FileVault2.
2. Encrypted overlay ("stackable") filesystems (EncFS, PEFS?, CryptoFS,
others).
3. Native encryption at the filesystem layer. Ext4/F2FS, ZFS, APFS, and
NTFS all have some flavor of this.
4. Storing your files unencrypted. It's not like DES was doing you much
good.
If you have DES-CBC scrambled files produced by ed(1) prior to this change,
you may decrypt them with:
openssl des-cbc -d -iv 0 -K <key in hex> -in <inputfile> -out <plaintext>
Reviewed by: allanjude, bapt, emaste
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D17829
Deleted:
head/bin/ed/cbc.c
head/tools/build/options/WITHOUT_ED_CRYPTO
Modified:
head/bin/ed/Makefile
head/bin/ed/POSIX
head/bin/ed/README
head/bin/ed/ed.1
head/bin/ed/ed.h
head/bin/ed/io.c
head/bin/ed/main.c
head/share/man/man5/src.conf.5
head/share/mk/src.opts.mk
Modified: head/bin/ed/Makefile
==============================================================================
--- head/bin/ed/Makefile Sun Nov 4 17:56:09 2018 (r340131)
+++ head/bin/ed/Makefile Sun Nov 4 17:56:16 2018 (r340132)
@@ -4,13 +4,8 @@
PACKAGE=runtime
PROG= ed
-SRCS= buf.c cbc.c glbl.c io.c main.c re.c sub.c undo.c
+SRCS= buf.c glbl.c io.c main.c re.c sub.c undo.c
LINKS= ${BINDIR}/ed ${BINDIR}/red
MLINKS= ed.1 red.1
-
-.if ${MK_OPENSSL} != "no" && ${MK_ED_CRYPTO} != "no"
-CFLAGS+=-DDES
-LIBADD= crypto
-.endif
.include <bsd.prog.mk>
Modified: head/bin/ed/POSIX
==============================================================================
--- head/bin/ed/POSIX Sun Nov 4 17:56:09 2018 (r340131)
+++ head/bin/ed/POSIX Sun Nov 4 17:56:16 2018 (r340132)
@@ -25,29 +25,20 @@ EXTENSIONS
iv) `z' for scrolling through the buffer, and
v) BSD line addressing syntax (i.e., `^' and `%') is recognized.
-2) If crypt(3) is available, files can be read and written using DES
- encryption. The `x' command prompts the user to enter a key used for
- encrypting/ decrypting subsequent reads and writes. If only a newline
- is entered as the key, then encryption is disabled. Otherwise, a key
- is read in the same manner as a password entry. The key remains in
- effect until encryption is disabled. For more information on the
- encryption algorithm, see the bdes(1) man page. Encryption/decryption
- should be fully compatible with SunOS des(1).
-
-3) The POSIX interactive global commands `G' and `V' are extended to
+2) The POSIX interactive global commands `G' and `V' are extended to
support multiple commands, including `a', `i' and `c'. The command
format is the same as for the global commands `g' and `v', i.e., one
command per line with each line, except for the last, ending in a
backslash (\).
-4) An extension to the POSIX file commands `E', `e', `r', `W' and `w' is
+3) An extension to the POSIX file commands `E', `e', `r', `W' and `w' is
that <file> arguments are processed for backslash escapes, i.e., any
character preceded by a backslash is interpreted literally. If the
first unescaped character of a <file> argument is a bang (!), then the
rest of the line is interpreted as a shell command, and no escape
processing is performed by ed.
-5) For SunOS ed(1) compatibility, ed runs in restricted mode if invoked
+4) For SunOS ed(1) compatibility, ed runs in restricted mode if invoked
as red. This limits editing of files in the local directory only and
prohibits shell commands.
Modified: head/bin/ed/README
==============================================================================
--- head/bin/ed/README Sun Nov 4 17:56:09 2018 (r340131)
+++ head/bin/ed/README Sun Nov 4 17:56:16 2018 (r340132)
@@ -9,7 +9,6 @@ compile with little trouble. Otherwise, the macros SP
should be redefined to disable interrupts.
The following compiler directives are recognized:
-DES - to add encryption support (requires crypt(3))
NO_REALLOC_NULL - if realloc(3) does not accept a NULL pointer
BACKWARDS - for backwards compatibility
NEED_INSQUE - if insque(3) is missing
Modified: head/bin/ed/ed.1
==============================================================================
--- head/bin/ed/ed.1 Sun Nov 4 17:56:09 2018 (r340131)
+++ head/bin/ed/ed.1 Sun Nov 4 17:56:16 2018 (r340132)
@@ -1,5 +1,5 @@
.\" $FreeBSD$
-.Dd February 5, 2017
+.Dd November 3, 2018
.Dt ED 1
.Os
.Sh NAME
@@ -9,12 +9,12 @@
.Sh SYNOPSIS
.Nm
.Op Fl
-.Op Fl sx
+.Op Fl s
.Op Fl p Ar string
.Op Ar file
.Nm red
.Op Fl
-.Op Fl sx
+.Op Fl s
.Op Fl p Ar string
.Op Ar file
.Sh DESCRIPTION
@@ -141,11 +141,6 @@ Suppress diagnostics.
This should be used if
.Nm Ns 's
standard input is from a script.
-.It Fl x
-Prompt for an encryption key to be used in subsequent reads and writes
-(see the
-.Em x
-command).
.It Fl p Ar string
Specify a command prompt.
This may be toggled on and off with the
@@ -865,12 +860,6 @@ This is similar to the
.Em w
command, expect that the previous contents of file is not clobbered.
The current address is unchanged.
-.It x
-Prompt for an encryption key which is used in subsequent reads and
-writes.
-If a newline alone is entered as the key, then encryption is
-turned off.
-Otherwise, echoing is disabled while a key is read.
.It Pf (.+1)z n
Scroll
.Ar n
Modified: head/bin/ed/ed.h
==============================================================================
--- head/bin/ed/ed.h Sun Nov 4 17:56:09 2018 (r340131)
+++ head/bin/ed/ed.h Sun Nov 4 17:56:16 2018 (r340132)
@@ -175,18 +175,7 @@ if ((i) > (n)) { \
/* NEWLINE_TO_NUL: overwrite newlines with ASCII NULs */
#define NEWLINE_TO_NUL(s, l) translit_text(s, l, '\n', '\0')
-#ifdef ED_DES_INCLUDES
-void des_error(const char *);
-void expand_des_key(char *, char *);
-void set_des_key(DES_cblock *);
-#endif
-/* Other DES support stuff */
-void init_des_cipher(void);
-int flush_des_file(FILE *);
-int get_des_char(FILE *);
-int put_des_char(int, FILE *);
-
/* Local Function Declarations */
void add_line_node(line_t *);
int append_lines(long);
@@ -280,6 +269,5 @@ extern long u_current_addr;
extern long rows;
extern int cols;
extern int newline_added;
-extern int des;
extern int scripted;
extern int patlock;
Modified: head/bin/ed/io.c
==============================================================================
--- head/bin/ed/io.c Sun Nov 4 17:56:09 2018 (r340131)
+++ head/bin/ed/io.c Sun Nov 4 17:56:16 2018 (r340132)
@@ -76,8 +76,6 @@ read_stream(FILE *fp, long n)
int len;
isbinary = newline_added = 0;
- if (des)
- init_des_cipher();
for (current_addr = n; (len = get_stream_line(fp)) > 0; size += len) {
SPL1();
if (put_sbuf_line(sbuf) == NULL) {
@@ -106,8 +104,6 @@ read_stream(FILE *fp, long n)
newline_added = 1;
newline_added = appended ? newline_added : o_newline_added;
isbinary = isbinary | o_isbinary;
- if (des)
- size += 8 - size % 8; /* adjust DES size */
return size;
}
@@ -119,8 +115,8 @@ get_stream_line(FILE *fp)
int c;
int i = 0;
- while (((c = des ? get_des_char(fp) : getc(fp)) != EOF || (!feof(fp) &&
- !ferror(fp))) && c != '\n') {
+ while (((c = getc(fp)) != EOF || (!feof(fp) && !ferror(fp))) &&
+ c != '\n') {
REALLOC(sbuf, sbufsz, i + 1, ERR);
if (!(sbuf[i++] = c))
isbinary = 1;
@@ -180,8 +176,6 @@ write_stream(FILE *fp, long n, long m)
char *s;
int len;
- if (des)
- init_des_cipher();
for (; n && n <= m; n++, lp = lp->q_forw) {
if ((s = get_sbuf_line(lp)) == NULL)
return ERR;
@@ -192,10 +186,6 @@ write_stream(FILE *fp, long n, long m)
return ERR;
size += len;
}
- if (des) {
- flush_des_file(fp); /* flush buffer */
- size += 8 - size % 8; /* adjust DES size */
- }
return size;
}
@@ -205,7 +195,7 @@ int
put_stream_line(FILE *fp, const char *s, int len)
{
while (len--)
- if ((des ? put_des_char(*s++, fp) : fputc(*s++, fp)) < 0) {
+ if (fputc(*s++, fp) < 0) {
fprintf(stderr, "%s\n", strerror(errno));
errmsg = "cannot write file";
return ERR;
Modified: head/bin/ed/main.c
==============================================================================
--- head/bin/ed/main.c Sun Nov 4 17:56:09 2018 (r340131)
+++ head/bin/ed/main.c Sun Nov 4 17:56:16 2018 (r340132)
@@ -47,10 +47,6 @@ __FBSDID("$FreeBSD$");
* The buffering algorithm is attributed to Rodney Ruddock of
* the University of Guelph, Guelph, Ontario.
*
- * The cbc.c encryption code is adapted from
- * the bdes program by Matt Bishop of Dartmouth College,
- * Hanover, NH.
- *
*/
#include <sys/types.h>
@@ -81,7 +77,6 @@ int ibufsz; /* ed command-line buffer size */
char *ibufp; /* pointer to ed command-line buffer */
/* global flags */
-int des = 0; /* if set, use crypt(3) for i/o */
static int garrulous = 0; /* if set, print all error messages */
int isbinary; /* if set, buffer contains ASCII NULs */
int isglobal; /* if set, doing a global command */
@@ -121,11 +116,7 @@ top:
scripted = 1;
break;
case 'x': /* use crypt */
-#ifdef DES
- des = get_keyword();
-#else
fprintf(stderr, "crypt unavailable\n?\n");
-#endif
break;
default:
@@ -821,13 +812,8 @@ exec_command(void)
return ERR;
}
GET_COMMAND_SUFFIX();
-#ifdef DES
- des = get_keyword();
- break;
-#else
errmsg = "crypt unavailable";
return ERR;
-#endif
case 'z':
#ifdef BACKWARDS
if (check_addr_range(first_addr = 1, current_addr + 1) < 0)
Modified: head/share/man/man5/src.conf.5
==============================================================================
--- head/share/man/man5/src.conf.5 Sun Nov 4 17:56:09 2018 (r340131)
+++ head/share/man/man5/src.conf.5 Sun Nov 4 17:56:16 2018 (r340132)
@@ -1,6 +1,6 @@
.\" DO NOT EDIT-- this file is @generated by tools/build/options/makeman.
.\" $FreeBSD$
-.Dd October 30, 2018
+.Dd November 3, 2018
.Dt SRC.CONF 5
.Os
.Sh NAME
@@ -624,10 +624,6 @@ Set this if you do not want to link
and
.Pa /sbin
dynamically.
-.It Va WITHOUT_ED_CRYPTO
-Set to build
-.Xr ed 1
-without support for encryption/decryption.
.It Va WITHOUT_EE
Set to not build and install
.Xr edit 1 ,
Modified: head/share/mk/src.opts.mk
==============================================================================
--- head/share/mk/src.opts.mk Sun Nov 4 17:56:09 2018 (r340131)
+++ head/share/mk/src.opts.mk Sun Nov 4 17:56:16 2018 (r340132)
@@ -90,7 +90,6 @@ __DEFAULT_YES_OPTIONS = \
DICT \
DMAGENT \
DYNAMICROOT \
- ED_CRYPTO \
EE \
EFI \
ELFTOOLCHAIN_BOOTSTRAP \
More information about the svn-src-all
mailing list