for KEYGEN_RANDOMKEY.
Print a warning if such a refusal is made---this will help the user understand
why there is an error.
Patch provided by: Taylor R Campbell <campbell+netbsd@mumble.net>.
cgd inadvertently encrypts blkno eight times to generate IV
Add "encblkno1" IV type to encrypt only once, rename old "encblkno" to
"encblkno8" for clarity, and make "encblkno" an alias for "encblkno8"
for backward compatibility.
at programatic use where the caller wants to be able to use PKCS#5.
Disable looping on invalid verifications unless both a passphrase method
is in use and the -p flag is not specified.
Update man page to document -p flag.
* Replaced atoi() with parse_int().
* Use an enum for ACTION_* instead of #define.
* Use strdup() or asnprintf() instead of strlcpy() to avoid truncation.
* pread() returns ssize_t not int.
* Suppress "unused parameter" warnings.
* verify_disklabel(): Pass the correct size to disklabel_scan().
* verify_ffs():
* Don't indicate success if pread() fails.
* Check the amount of bytes read.
* Don't cast buf to (struct fs *), it's not aligned.
* eliminate_cores(): No need for a temporary variable.
The existing pkcs5_pbdkf2 keygen method is retained functionally
as-is, for compatibility with existing params files. The corrected
algorithm, which is now the default for new params file generation, is
called pkcs5_pbkdf2/sha1.
NB. The backwards compatibility for the miscreant keygen method will
be removed at the same time as support for the previous parameters
file syntax. Sometime between now and then, users should update their
params files using -G, which will create a new params file including
an xor value so that the resulting generated key is the same; they
should also
Problem discovery and 2-char algorithm fix by Charles Blundell, messy
compat goop by me, long complicated names by Roland Dowdeswell.
Update manpage accordingly and bump date.
64 bit block pointers, extended attribute storage, and a few
other things.
This commit does not yet include the code to manipulate the extended
storage (for e.g. ACLs), this will be done later.
Originally written by Kirk McKusick and Network Associates Laboratories for
FreeBSD.
o added new features:
o -G: generate a new paramsfile that produces the same
key as the old paramsfile,
o ffs verify_method,
o multiple keygen methods that are xor'ed together
(for n-factor authentication), and
o calibrating the iteration count of PKCS#5 PBKDF2 to
the current machine's speed.
o changed paramsfile format to allow for the new features.
o replaced open-coded parser with yacc grammar.
o lots of supporting changes.
o updated documentation to reflect new features and new
paramsfile format.
to reprompt for the passphrase if the key does not meet certain
criteria. The currently implemented methods are ``none'' and
``disklabel''. The first behaves in the original fashion, the
second will scan for a disklabel on the cgd after configuration
and if it does not find a disklabel then it will reprompt for the
password and reconfigure the disk.
christos