Commit Graph

23 Commits

Author SHA1 Message Date
elric
98059cd502 Add a new keygen method which will execute an external command and
take its output as the key.  I've been meaning to do this for quite
a while...
2008-05-11 03:15:21 +00:00
martin
ce099b4099 Remove clause 3 and 4 from TNF licenses 2008-04-28 20:22:51 +00:00
christos
f4f95f573f simplify and fix the combination code. Hi pooka. 2007-11-11 22:44:12 +00:00
christos
ad18d2e41e 3 month roland feedback timeout:
- Pass lint
- knf
- convert ints to size_t's
2007-11-06 02:50:48 +00:00
cbiere
6d1dbd06cb Use warn() and warnx(). 2007-02-06 01:55:40 +00:00
cbiere
6065c2bb2b crypt_defaults_lookup():
* Avoid comparison of int with unsigned.
 * Simplified.
2007-02-06 00:51:09 +00:00
hubertf
df06563bc3 Remove more duplicate #includes,
from Slava Semushin <slava.semushin@gmail.com>
2007-01-17 21:59:49 +00:00
christos
2a1607d040 Programs that use efun. 2006-08-26 18:14:28 +00:00
elad
6ec9e1c359 Proper bounds check, found by Coverity, CID 1468. 2006-03-17 13:58:27 +00:00
christos
cc9c2b575d - constify.
- don't dup extern declarations on each file because they end up being
  inconsistent (yyerror).
2005-06-27 03:07:45 +00:00
christos
f8ce51d45f Centralize error checking for malloc,calloc,strdup. 2005-03-30 17:10:18 +00:00
elric
1b0f3868f6 Fix comment. We're using microseconds not milliseconds. 2005-01-04 04:52:50 +00:00
elric
d28b037b6f Fix bits vs. bytes problem in call to calibration routine. 2005-01-04 04:50:26 +00:00
tv
21840e450a Add "urandomkey" key generation method as described in PR kern/22766;
useful for configuring a throwaway key for cgd-on-swap at boot time.
2004-08-13 15:03:57 +00:00
dan
064ca2e3d1 Fix a longstanding algorithmic flaw in PKCS#5 key generation.
The existing pkcs5_pbdkf2 keygen method is retained functionally
as-is, for compatibility with existing params files.  The corrected
algorithm, which is now the default for new params file generation, is
called pkcs5_pbkdf2/sha1.

NB. The backwards compatibility for the miscreant keygen method will
be removed at the same time as support for the previous parameters
file syntax. Sometime between now and then, users should update their
params files using -G, which will create a new params file including
an xor value so that the resulting generated key is the same; they
should also

Problem discovery and 2-char algorithm fix by Charles Blundell, messy
compat goop by me, long complicated names by Roland Dowdeswell.

Update manpage accordingly and bump date.
2004-03-17 01:29:13 +00:00
cb
7543b55c56 add a new verification method that prompts for the pkcs#5 pbkdf2
passphrase again and checks the generated key against the original.
2003-09-23 17:24:45 +00:00
itojun
a9282a99c0 die if asprintf fails to malloc 2003-07-13 07:58:19 +00:00
elric
8105111443 If reading an old style parameters file then default a missing
keygen_iteration to 128.  This will not default the iteration count
on a new style parameter file as it is an error in the new style
to fail to specify the iteration count.

Addresses PR: bin/21056
2003-04-10 05:45:29 +00:00
elric
8c6033d202 substantial rototill of the code.
o  added new features:
		o  -G:  generate a new paramsfile that produces the same
			key as the old paramsfile,
		o  ffs verify_method,
		o  multiple keygen methods that are xor'ed together
		   (for n-factor authentication), and
		o  calibrating the iteration count of PKCS#5 PBKDF2 to
		   the current machine's speed.
	o  changed paramsfile format to allow for the new features.
	o  replaced open-coded parser with yacc grammar.
	o  lots of supporting changes.
	o  updated documentation to reflect new features and new
	   paramsfile format.
2003-03-24 02:02:49 +00:00
elric
60e3448f30 Make iteration count for PKCS#5 settable in the parameters files. 2002-12-04 05:02:29 +00:00
lukem
d348d3d723 tweaks for fparseln(3) move from libutil to libc:
- remove #include <util.h> if nothing else needed it
- remove LDFLAGS+=-lutil if nothing else needed it
2002-11-30 03:10:53 +00:00
elric
1242e52a64 Add the concept of a verification method which allows cgdconfig(8)
to reprompt for the passphrase if the key does not meet certain
criteria.  The currently implemented methods are ``none'' and
``disklabel''.  The first behaves in the original fashion, the
second will scan for a disklabel on the cgd after configuration
and if it does not find a disklabel then it will reprompt for the
password and reconfigure the disk.
2002-10-12 21:02:18 +00:00
elric
49ec72f444 Initial checkin of cgdconfig(8), a program to configure a cgd. 2002-10-04 18:37:19 +00:00