Commit Graph

58 Commits

Author SHA1 Message Date
christos
2a1607d040 Programs that use efun. 2006-08-26 18:14:28 +00:00
mrg
aadd7d4847 sprinkle some -fno-strict-aliasing and -Wno-pointer-sign with GCC4. 2006-05-11 23:16:28 +00:00
mrg
c2d7663a8e __b64_pton() wants unsigned char *. 2006-05-11 00:42:08 +00:00
mrg
41093909e9 HMAC() wants unsigned int pointer for the final argument; make it so. 2006-05-11 00:40:54 +00:00
christos
fbdfb6fbf0 Coverity CID 2753: Free the correct variable. 2006-03-22 16:35:44 +00:00
christos
bd5a805fc3 fix compile problem. 2006-03-22 15:45:16 +00:00
christos
7ef824757b Coverity CID 1593: Plug memory leak 2006-03-22 02:21:20 +00:00
christos
25207a2398 Coverity CID 1203: Check return code of b64_ntop(). 2006-03-20 00:53:39 +00:00
elad
6ec9e1c359 Proper bounds check, found by Coverity, CID 1468. 2006-03-17 13:58:27 +00:00
simonb
3204463045 We link against libl and liby, so depend on them too. 2006-02-25 11:57:52 +00:00
christos
cc9c2b575d - constify.
- don't dup extern declarations on each file because they end up being
  inconsistent (yyerror).
2005-06-27 03:07:45 +00:00
lukem
2d447a3b0c Avoid dereferencing/free()ing invalid pointers if the random device
cannot be opened.
Detected with gcc -Wuninitialized.
(The bug was fixed in rev 1.4 by rumble but reintroduced in rev 1.5 by tv !)
2005-06-02 01:31:30 +00:00
elric
1cdd98012f setprogname(3) needs to come before calls to err(3). 2005-03-30 20:59:34 +00:00
elric
6230b2ec40 Lock all memory. 2005-03-30 19:56:05 +00:00
elric
646d61aa58 one more malloc -> emalloc. 2005-03-30 17:17:51 +00:00
christos
f8ce51d45f Centralize error checking for malloc,calloc,strdup. 2005-03-30 17:10:18 +00:00
elric
2dcfc0c616 Turn off core dumps. 2005-03-30 15:45:56 +00:00
christos
192c2eccf6 Add -lcrypt where -lcrypto is specified. 2005-03-09 03:11:22 +00:00
elric
0664f91dd8 s/milliseconds/microseconds/ in comments and a variable because it is
misleading to say one when we've been meaning the other.
2005-01-04 04:55:18 +00:00
elric
1b0f3868f6 Fix comment. We're using microseconds not milliseconds. 2005-01-04 04:52:50 +00:00
elric
d28b037b6f Fix bits vs. bytes problem in call to calibration routine. 2005-01-04 04:50:26 +00:00
salo
61948d78ec Correct the omission in 're-enter' verification method addition in EXAMPLES. 2004-10-15 15:25:14 +00:00
wiz
a5c8081d79 Bump date for previous, and re-add some flags that were removed in the
previous commit without a mention in the commit message, and which are
still in the usage.
2004-08-13 15:24:03 +00:00
tv
21840e450a Add "urandomkey" key generation method as described in PR kern/22766;
useful for configuring a throwaway key for cgd-on-swap at boot time.
2004-08-13 15:03:57 +00:00
rumble
6b72b5c789 In getkey(), check the return values of the various keygen functions
and abort if necessary. Also, check for errors in its callers and
handle them gracefully.

OK'd by elric.
2004-08-10 02:29:34 +00:00
rumble
3db339be14 Avoid dereferencing/free()ing invalid pointers if the random device
cannot be opened.

OK'd by elric.
2004-08-10 02:27:26 +00:00
elric
04b4d00046 Add options to SYNOPSIS.
Addresses PR misc/26065.
2004-07-04 17:19:57 +00:00
wiz
edf16149c3 Drop trailing whitespace; new sentence, new line. 2004-03-17 01:40:34 +00:00
dan
064ca2e3d1 Fix a longstanding algorithmic flaw in PKCS#5 key generation.
The existing pkcs5_pbdkf2 keygen method is retained functionally
as-is, for compatibility with existing params files.  The corrected
algorithm, which is now the default for new params file generation, is
called pkcs5_pbkdf2/sha1.

NB. The backwards compatibility for the miscreant keygen method will
be removed at the same time as support for the previous parameters
file syntax. Sometime between now and then, users should update their
params files using -G, which will create a new params file including
an xor value so that the resulting generated key is the same; they
should also

Problem discovery and 2-char algorithm fix by Charles Blundell, messy
compat goop by me, long complicated names by Roland Dowdeswell.

Update manpage accordingly and bump date.
2004-03-17 01:29:13 +00:00
cb
88823a8138 back out revision 1.3. this should not have been committed yet,
since it breaks backward compatibility.

noticed by recht@
2003-09-25 01:43:12 +00:00
wiz
72b77eb9e9 Add article. 2003-09-23 21:25:20 +00:00
cb
7543b55c56 add a new verification method that prompts for the pkcs#5 pbkdf2
passphrase again and checks the generated key against the original.
2003-09-23 17:24:45 +00:00
itojun
a9282a99c0 die if asprintf fails to malloc 2003-07-13 07:58:19 +00:00
wiz
8a0999a756 Remove superfluous "". 2003-06-27 23:02:16 +00:00
itojun
fe09a0efcb use strlcpy 2003-05-17 23:03:28 +00:00
thorpej
817eb1cb2e We need -I., too. 2003-04-17 22:12:50 +00:00
fvdl
38f661d48d -I. -> -I${.CURDIR} 2003-04-17 10:55:43 +00:00
wiz
843df8bc67 Bump date for last-but-one; remove superfluous .Pp. 2003-04-16 10:09:47 +00:00
elric
3c7e4881c4 Fix typo. params files are not stored in /dev/cgd/ 2003-04-15 06:43:36 +00:00
elric
8105111443 If reading an old style parameters file then default a missing
keygen_iteration to 128.  This will not default the iteration count
on a new style parameter file as it is an error in the new style
to fail to specify the iteration count.

Addresses PR: bin/21056
2003-04-10 05:45:29 +00:00
fvdl
42614ed3f3 Add support for UFS2. UFS2 is an enhanced FFS, adding support for
64 bit block pointers, extended attribute storage, and a few
other things.

This commit does not yet include the code to manipulate the extended
storage (for e.g. ACLs), this will be done later.

Originally written by Kirk McKusick and Network Associates Laboratories for
FreeBSD.
2003-04-02 10:39:19 +00:00
elric
7687f10a7a Quick bugfix:
o  need to do keygen_filldefaults() in generate_convert no
	   matter what, not only if there are no existing keygen
	   methods in the new parameters.
2003-03-24 03:12:22 +00:00
elric
8c6033d202 substantial rototill of the code.
o  added new features:
		o  -G:  generate a new paramsfile that produces the same
			key as the old paramsfile,
		o  ffs verify_method,
		o  multiple keygen methods that are xor'ed together
		   (for n-factor authentication), and
		o  calibrating the iteration count of PKCS#5 PBKDF2 to
		   the current machine's speed.
	o  changed paramsfile format to allow for the new features.
	o  replaced open-coded parser with yacc grammar.
	o  lots of supporting changes.
	o  updated documentation to reflect new features and new
	   paramsfile format.
2003-03-24 02:02:49 +00:00
wiz
990562bfef .Nm does not need a dummy argument ("") before punctuation or
for correct formatting of the SYNOPSIS any longer.
2003-02-25 10:34:36 +00:00
atatat
dd0a8acd21 The next release will be 2.0, not 1.7. 2003-01-19 21:25:36 +00:00
elric
60e3448f30 Make iteration count for PKCS#5 settable in the parameters files. 2002-12-04 05:02:29 +00:00
lukem
d348d3d723 tweaks for fparseln(3) move from libutil to libc:
- remove #include <util.h> if nothing else needed it
- remove LDFLAGS+=-lutil if nothing else needed it
2002-11-30 03:10:53 +00:00
elric
ae48183d48 bugfix: was still pulling random bits from /dev/random when generating
a paramsfile of type randomkey which does not need them.  Pointed out
by dan@netbsd.org.
2002-10-28 05:46:01 +00:00
elric
b66bf7b197 At the suggestion of wiz@, we remove the lines that mention that the
lack of the feature added earlier today was a bug.
2002-10-13 01:30:29 +00:00
elric
87a5815bdf Add documentation for verification methods. Specify defaults for IV
method, keygen method and verification method.
2002-10-12 21:10:31 +00:00