Handle signals in tool context.

src/cryptsetup.c

@@ -126,6 +126,7 @@ static int action_open_plain(void)
 			 NULL, NULL,
 			 key_size,
 			 &params);
+	check_signal(&r);
 	if (r < 0)
 		goto out;
 
@@ -145,7 +146,7 @@ static int action_open_plain(void)
 			params.hash ? 0 : key_size, 0,
 			activate_flags);
 	else {
-		r = crypt_get_key(_("Enter passphrase: "),
+		r = tools_get_key(_("Enter passphrase: "),
 				  &password, &passwordLen,
 				  opt_keyfile_offset, opt_keyfile_size,
 				  NULL, opt_timeout,
@@ -192,6 +193,7 @@ static int action_open_loopaes(void)
 
 	r = crypt_format(cd, CRYPT_LOOPAES, opt_cipher ?: DEFAULT_LOOPAES_CIPHER,
 			 NULL, NULL, NULL, key_size, &params);
+	check_signal(&r);
 	if (r < 0)
 		goto out;
 
@@ -222,7 +224,7 @@ static int action_open_tcrypt(void)
 		goto out;
 
 	/* TCRYPT header is encrypted, get passphrase now */
-	r = crypt_get_key(_("Enter passphrase: "),
+	r = tools_get_key(_("Enter passphrase: "),
 			  CONST_CAST(char**)&params.passphrase,
 			  &params.passphrase_size, 0, 0, NULL, opt_timeout,
 			  _verify_passphrase(0), cd);
@@ -233,6 +235,7 @@ static int action_open_tcrypt(void)
 		params.flags |= CRYPT_TCRYPT_HIDDEN_HEADER;
 
 	r = crypt_load(cd, CRYPT_TCRYPT, &params);
+	check_signal(&r);
 	if (r < 0)
 		goto out;
 
@@ -303,7 +306,7 @@ static int action_tcryptDump(void)
 		goto out;
 
 	/* TCRYPT header is encrypted, get passphrase now */
-	r = crypt_get_key(_("Enter passphrase: "),
+	r = tools_get_key(_("Enter passphrase: "),
 			  CONST_CAST(char**)&params.passphrase,
 			  &params.passphrase_size, 0, 0, NULL, opt_timeout,
 			  _verify_passphrase(0), cd);
@@ -314,6 +317,7 @@ static int action_tcryptDump(void)
 		params.flags |= CRYPT_TCRYPT_HIDDEN_HEADER;
 
 	r = crypt_load(cd, CRYPT_TCRYPT, &params);
+	check_signal(&r);
 	if (r < 0)
 		goto out;
 
@@ -460,6 +464,9 @@ static int action_benchmark(void)
 		{ "twofish", "xts", 64, 16 },
 		{  NULL, NULL, 0, 0 }
 	};
+	static char *bkdfs[] = {
+		"sha1", "sha256", "sha512", "ripemd160", "whirlpool", NULL
+	};
 	char cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN];
 	double enc_mbr = 0, dec_mbr = 0;
 	int key_size = (opt_key_size ?: DEFAULT_PLAIN_KEYBITS);
@@ -496,16 +503,18 @@ static int action_benchmark(void)
 		} else if (r == -ENOENT)
 			log_err(_("Cipher %s is not available.\n"), opt_cipher);
 	} else {
-		action_benchmark_kdf("sha1");
-		action_benchmark_kdf("sha256");
-		action_benchmark_kdf("sha512");
-		action_benchmark_kdf("ripemd160");
-		action_benchmark_kdf("whirlpool");
+		for (i = 0; bkdfs[i]; i++) {
+			r = action_benchmark_kdf(bkdfs[i]);
+			check_signal(&r);
+			if (r == -EINTR)
+				break;
+		}
 		for (i = 0; bciphers[i].cipher; i++) {
 			r = crypt_benchmark(NULL, bciphers[i].cipher, bciphers[i].mode,
 					    bciphers[i].key_size, bciphers[i].iv_size,
 					    buffer_size, &enc_mbr, &dec_mbr);
-			if (r == -ENOTSUP)
+			check_signal(&r);
+			if (r == -ENOTSUP || r == -EINTR)
 				break;
 			if (r == -ENOENT)
 				skipped++;
@@ -634,7 +643,7 @@ static int action_luksFormat(void)
 	else if (opt_urandom)
 		crypt_set_rng_type(cd, CRYPT_RNG_URANDOM);
 
-	r = crypt_get_key(_("Enter LUKS passphrase: "), &password, &passwordLen,
+	r = tools_get_key(_("Enter LUKS passphrase: "), &password, &passwordLen,
 			  opt_keyfile_offset, opt_keyfile_size, opt_key_file,
 			  opt_timeout, _verify_passphrase(1), cd);
 	if (r < 0)
@@ -648,6 +657,7 @@ static int action_luksFormat(void)
 
 	r = crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode,
 			 opt_uuid, key, keysize, &params);
+	check_signal(&r);
 	if (r < 0)
 		goto out;
 
@@ -744,7 +754,7 @@ static int verify_keyslot(struct crypt_device *cd, int key_slot,
 	if (ki == CRYPT_SLOT_ACTIVE_LAST && msg_last && !yesDialog(msg_last, NULL))
 		return -EPERM;
 
-	r = crypt_get_key(msg_pass, &password, &passwordLen,
+	r = tools_get_key(msg_pass, &password, &passwordLen,
 			  keyfile_offset, keyfile_size, key_file, opt_timeout,
 			  _verify_passphrase(0), cd);
 	if(r < 0)
@@ -832,7 +842,7 @@ static int action_luksRemoveKey(void)
 	if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
 		goto out;
 
-	r = crypt_get_key(_("Enter LUKS passphrase to be deleted: "),
+	r = tools_get_key(_("Enter LUKS passphrase to be deleted: "),
 		      &password, &passwordLen,
 		      opt_keyfile_offset, opt_keyfile_size, opt_key_file,
 		      opt_timeout,
@@ -843,6 +853,7 @@ static int action_luksRemoveKey(void)
 
 	r = crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT,
 					 password, passwordLen, 0);
+	check_signal(&r);
 	if (r < 0)
 		goto out;
 
@@ -924,7 +935,7 @@ static int action_luksChangeKey(void)
 	if (opt_iteration_time)
 		crypt_set_iteration_time(cd, opt_iteration_time);
 
-	r = crypt_get_key(_("Enter LUKS passphrase to be changed: "),
+	r = tools_get_key(_("Enter LUKS passphrase to be changed: "),
 		      &password, &password_size,
 		      opt_keyfile_offset, opt_keyfile_size, opt_key_file,
 		      opt_timeout, _verify_passphrase(0), cd);
@@ -934,10 +945,11 @@ static int action_luksChangeKey(void)
 	/* Check password before asking for new one */
 	r = crypt_activate_by_passphrase(cd, NULL, opt_key_slot,
 					 password, password_size, 0);
+	check_signal(&r);
 	if (r < 0)
 		goto out;
 
-	r = crypt_get_key(_("Enter new LUKS passphrase: "),
+	r = tools_get_key(_("Enter new LUKS passphrase: "),
 			  &password_new, &password_new_size,
 			  opt_new_keyfile_offset, opt_new_keyfile_size,
 			  opt_new_key_file,
@@ -1016,7 +1028,7 @@ static int luksDump_with_volume_key(struct crypt_device *cd)
 	if (!vk)
 		return -ENOMEM;
 
-	r = crypt_get_key(_("Enter LUKS passphrase: "), &password, &passwordLen,
+	r = tools_get_key(_("Enter LUKS passphrase: "), &password, &passwordLen,
 			  opt_keyfile_offset, opt_keyfile_size, opt_key_file,
 			  opt_timeout, 0, cd);
 	if (r < 0)
@@ -1024,6 +1036,7 @@ static int luksDump_with_volume_key(struct crypt_device *cd)
 
 	r = crypt_volume_key_get(cd, CRYPT_ANY_SLOT, vk, &vk_size,
 				 password, passwordLen);
+	check_signal(&r);
 	if (r < 0)
 		goto out;
 
@@ -1272,6 +1285,7 @@ static int run_action(struct action_type *action)
 	if (action->required_memlock)
 		crypt_memory_lock(NULL, 1);
 
+	set_int_handler(0);
 	r = action->handler();
 
 	if (action->required_memlock)
@@ -1280,6 +1294,7 @@ static int run_action(struct action_type *action)
 	/* Some functions returns keyslot # */
 	if (r > 0)
 		r = 0;
+	check_signal(&r);
 
 	show_status(r);
 	return translate_errno(r);

src/cryptsetup.h

@@ -72,7 +72,15 @@ int translate_errno(int r);
 
 extern volatile int quit;
 void set_int_block(int block);
-void set_int_handler(void);
+void set_int_handler(int block);
+void check_signal(int *r);
+
+int tools_get_key(const char *prompt,
+		  char **key, size_t *key_size,
+		  size_t keyfile_offset, size_t keyfile_size_max,
+		  const char *key_file,
+		  int timeout, int verify,
+		  struct crypt_device *cd);
 
 /* Log */
 #define log_dbg(x...) clogger(NULL, CRYPT_LOG_DEBUG, __FILE__, __LINE__, x)

src/cryptsetup_reencrypt.c

@@ -795,7 +795,7 @@ static int copy_data(struct reenc_ctx *rc)
 		goto out;
 	}
 
-	set_int_handler();
+	set_int_handler(0);
 	gettimeofday(&rc->start_time, NULL);
 
 	if (rc->reencrypt_direction == FORWARD)
@@ -857,7 +857,7 @@ static int init_passphrase1(struct reenc_ctx *rc, struct crypt_device *cd,
 
 	retry_count = opt_tries ?: 1;
 	while (retry_count--) {
-		set_int_handler();
+		set_int_handler(0);
 		r = crypt_get_key(msg, &rc->p[slot].password,
 			&rc->p[slot].passwordLen,
 			0, 0, NULL /*opt_key_file*/,

src/utils_tools.c

@@ -28,6 +28,7 @@ int opt_batch_mode = 0;
 
 /* interrupt handling */
 volatile int quit = 0;
+static int signals_blocked = 0;
 
 static void int_handler(int sig __attribute__((__unused__)))
 {
@@ -38,21 +39,54 @@ void set_int_block(int block)
 {
 	sigset_t signals_open;
 
+	log_dbg("%slocking interruption on signal.", block ? "B" : "Unb");
+
 	sigemptyset(&signals_open);
 	sigaddset(&signals_open, SIGINT);
 	sigaddset(&signals_open, SIGTERM);
 	sigprocmask(block ? SIG_SETMASK : SIG_UNBLOCK, &signals_open, NULL);
+	signals_blocked = block;
+	quit = 0;
 }
 
-void set_int_handler(void)
+void set_int_handler(int block)
 {
 	struct sigaction sigaction_open;
 
+	log_dbg("Installing SIGINT/SIGTERM handler.");
 	memset(&sigaction_open, 0, sizeof(struct sigaction));
 	sigaction_open.sa_handler = int_handler;
 	sigaction(SIGINT, &sigaction_open, 0);
 	sigaction(SIGTERM, &sigaction_open, 0);
+	set_int_block(block);
+}
+
+void check_signal(int *r)
+{
+	if (quit && !*r)
+		*r = -EINTR;
+}
+
+/* crypt_get_key() with signal handler */
+int tools_get_key(const char *prompt,
+		  char **key, size_t *key_size,
+		  size_t keyfile_offset, size_t keyfile_size_max,
+		  const char *key_file,
+		  int timeout, int verify,
+		  struct crypt_device *cd)
+{
+	int r, block;
+
+	block = signals_blocked;
+	if (block)
 		set_int_block(0);
+
+	r = crypt_get_key(prompt, key, key_size, keyfile_offset,
+			  keyfile_size_max, key_file, timeout, verify, cd);
+	if (block && !quit)
+		set_int_block(1);
+
+	return r;
 }
 
 __attribute__((format(printf, 5, 6)))
@@ -115,21 +149,30 @@ int yesDialog(const char *msg, void *usrptr __attribute__((unused)))
 {
 	char *answer = NULL;
 	size_t size = 0;
-	int r = 1;
+	int r = 1, block;
+
+	block = signals_blocked;
+	if (block)
+		set_int_block(0);
 
 	if(isatty(STDIN_FILENO) && !opt_batch_mode) {
 		log_std("\nWARNING!\n========\n");
 		log_std("%s\n\nAre you sure? (Type uppercase yes): ", msg);
 		if(getline(&answer, &size, stdin) == -1) {
-			perror("getline");
-			free(answer);
-			return 0;
-		}
-		if(strcmp(answer, "YES\n"))
 			r = 0;
-		free(answer);
+			/* Aborted by signal */
+			if (!quit)
+				log_err(_("Error reading response from terminal.\n"));
+			else
+				log_dbg("Query interrupted on signal.");
+		} else if(strcmp(answer, "YES\n"))
+			r = 0;
 	}
 
+	if (block && !quit)
+		set_int_block(1);
+
+	free(answer);
 	return r;
 }