This provides an extra level of side-channel and cracking resistance
compared to the pre-existing pkcs5_pbkdf2/sha1 method used for
password-based disk encryption.
Several new keygen parameters are supported:
memory (integer, in kilobytes)
parallelism (integer, usually the number of CPU cores)
version (integer, usually 19...)
We do our best to calibrate these automatically when the paramsfile
is initially generated.
lgtm riastradh@
COPTS.*+= -Wno-error=.*
lines for building argon2 sources, by fixing the problems at source.
Addresses Rin Okuyama's concerns on tech-userlevel/tech-crypto in
Message-ID: <f1eab199-3607-bb05-15cc-033e38721ba4@gmail.com>
This changes argon2 from a separately built library into a private
dependency of libcrypt and removes the argon2(1) utility (we already
have pwhash(1)). Giving libcrypt more library dependencies
complicates things (e.g. libcrypt is a dependency of openssl).
pthreads support gets disabled in argon2 for similar reasons.
For testing argon2, we rely on the libcrypt test suite.
This enables the use of modules for a significant build performance gain
when building with clang as host compiler or when using HAVE_LLVM=yes.
Switch libc++ to using the copy from the mono-repo.
mDNSResponder: another wrong return local address
dhcp: ignore a seemingly impossible stringop overflow
hpacel: avoid maybe uninitialised error that is wrong.
rsh: avoid impossible malloc(0)
udf: cast pointers through (uintptr_t) to fool invalid boundary checks
right now. new address-of-packed-member and format-overflow
warnings have new GCC_NO_ADDR_OF_PACKED_MEMBER amd
GCC_NO_FORMAT_OVERFLOW variables to remove these warnings.
apply to a bunch of the tree. mostly, these are real bugs that
should be fixed, but in many cases, only by removing the 'packed'
attribute from some structure that doesn't really need it. (i
looked at many different ones, and while perhaps 60-80% were
already properly aligned, it wasn't clear to me that the uses
were always coming from sane data vs network alignment, so it
doesn't seem safe to remove packed without careful research for
each affect struct.) clang already warned (and was not erroring)
for many of these cases, but gcc picked up dozens more.
llvm-symbolizer is an alternative for GNU addr2line(1), heavily used by the
LLVM sanitizers.
Do not install it as tools as it is not necessary as of today in that
stage.
be the case we never have V4 interfaces (in a V6 system) so this
is bogus. The code was recently changed to ignore loopback interfaces.
If mdnsd was started too early, this means that no interfaces would
be found (since interfaces down, with no addresses, or tentative
are ignored). I put back the loopback interfaces yesterday to avoid
this error, but this seems like the left hand not knowing what the
right hand does because whoever removed the loopback interfaces
from the list, did not read the 'self discovery' comment and the
special code that deals with loopback in this file. Nevertheless,
I think it is better to ignore the loopback interfaces in the long
run, but it is ok to keep them around since the code is handling
them just fine (and works both with and without them).
riastradh