Commit Graph

16 Commits

Author SHA1 Message Date
christos cc9c2b575d - constify.
- don't dup extern declarations on each file because they end up being
  inconsistent (yyerror).
2005-06-27 03:07:45 +00:00
elric 1cdd98012f setprogname(3) needs to come before calls to err(3). 2005-03-30 20:59:34 +00:00
elric 6230b2ec40 Lock all memory. 2005-03-30 19:56:05 +00:00
elric 2dcfc0c616 Turn off core dumps. 2005-03-30 15:45:56 +00:00
tv 21840e450a Add "urandomkey" key generation method as described in PR kern/22766;
useful for configuring a throwaway key for cgd-on-swap at boot time.
2004-08-13 15:03:57 +00:00
rumble 6b72b5c789 In getkey(), check the return values of the various keygen functions
and abort if necessary. Also, check for errors in its callers and
handle them gracefully.

OK'd by elric.
2004-08-10 02:29:34 +00:00
dan 064ca2e3d1 Fix a longstanding algorithmic flaw in PKCS#5 key generation.
The existing pkcs5_pbdkf2 keygen method is retained functionally
as-is, for compatibility with existing params files.  The corrected
algorithm, which is now the default for new params file generation, is
called pkcs5_pbkdf2/sha1.

NB. The backwards compatibility for the miscreant keygen method will
be removed at the same time as support for the previous parameters
file syntax. Sometime between now and then, users should update their
params files using -G, which will create a new params file including
an xor value so that the resulting generated key is the same; they
should also

Problem discovery and 2-char algorithm fix by Charles Blundell, messy
compat goop by me, long complicated names by Roland Dowdeswell.

Update manpage accordingly and bump date.
2004-03-17 01:29:13 +00:00
cb 7543b55c56 add a new verification method that prompts for the pkcs#5 pbkdf2
passphrase again and checks the generated key against the original.
2003-09-23 17:24:45 +00:00
itojun fe09a0efcb use strlcpy 2003-05-17 23:03:28 +00:00
fvdl 42614ed3f3 Add support for UFS2. UFS2 is an enhanced FFS, adding support for
64 bit block pointers, extended attribute storage, and a few
other things.

This commit does not yet include the code to manipulate the extended
storage (for e.g. ACLs), this will be done later.

Originally written by Kirk McKusick and Network Associates Laboratories for
FreeBSD.
2003-04-02 10:39:19 +00:00
elric 7687f10a7a Quick bugfix:
o  need to do keygen_filldefaults() in generate_convert no
	   matter what, not only if there are no existing keygen
	   methods in the new parameters.
2003-03-24 03:12:22 +00:00
elric 8c6033d202 substantial rototill of the code.
o  added new features:
		o  -G:  generate a new paramsfile that produces the same
			key as the old paramsfile,
		o  ffs verify_method,
		o  multiple keygen methods that are xor'ed together
		   (for n-factor authentication), and
		o  calibrating the iteration count of PKCS#5 PBKDF2 to
		   the current machine's speed.
	o  changed paramsfile format to allow for the new features.
	o  replaced open-coded parser with yacc grammar.
	o  lots of supporting changes.
	o  updated documentation to reflect new features and new
	   paramsfile format.
2003-03-24 02:02:49 +00:00
elric ae48183d48 bugfix: was still pulling random bits from /dev/random when generating
a paramsfile of type randomkey which does not need them.  Pointed out
by dan@netbsd.org.
2002-10-28 05:46:01 +00:00
elric 1242e52a64 Add the concept of a verification method which allows cgdconfig(8)
to reprompt for the passphrase if the key does not meet certain
criteria.  The currently implemented methods are ``none'' and
``disklabel''.  The first behaves in the original fashion, the
second will scan for a disklabel on the cgd after configuration
and if it does not find a disklabel then it will reprompt for the
password and reconfigure the disk.
2002-10-12 21:02:18 +00:00
elric 13daed40b1 Small usage enhancement: open the cgd before prompting for the passphrase
so that errors can be reported w/o asking for the passphrase unnec.
2002-10-12 15:56:26 +00:00
elric 49ec72f444 Initial checkin of cgdconfig(8), a program to configure a cgd. 2002-10-04 18:37:19 +00:00