Up to [cvs.NetBSD.org] / src / sbin / cgdconfig
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.61 / (download) - annotate - [select for diffs], Thu Nov 17 06:40:38 2022 UTC (17 months ago) by chs
Branch: MAIN
CVS Tags: netbsd-10-base,
netbsd-10-0-RELEASE,
netbsd-10-0-RC6,
netbsd-10-0-RC5,
netbsd-10-0-RC4,
netbsd-10-0-RC3,
netbsd-10-0-RC2,
netbsd-10-0-RC1,
netbsd-10,
HEAD
Changes since 1.60: +4 -2
lines
Diff to previous 1.60 (colored) to selected 1.34 (colored)
Restore backward compatibility of UFS2 with previous NetBSD releases by disabling support in UFS2 for extended attributes (including ACLs). Add a new variant of UFS2 called "UFS2ea" that does support extended attributes. Add new fsck_ffs operations "-c ea" and "-c no-ea" to convert file systems from UFS2 to UFS2ea and vice-versa (both of which delete all existing extended attributes in the process).
Revision 1.60 / (download) - annotate - [select for diffs], Tue Sep 13 10:14:32 2022 UTC (19 months ago) by riastradh
Branch: MAIN
Changes since 1.59: +17 -15
lines
Diff to previous 1.59 (colored) to selected 1.34 (colored)
cgdconfig(8): Restore loop for password re-entry for non-shared keys. Fixes mistake in previous which changed the semantics in the case where _no_ keys are shared.
Revision 1.59 / (download) - annotate - [select for diffs], Tue Aug 30 08:48:41 2022 UTC (19 months, 2 weeks ago) by riastradh
Branch: MAIN
Changes since 1.58: +48 -10
lines
Diff to previous 1.58 (colored) to selected 1.34 (colored)
cgdconfig(8): Gracefully handle failed verification with shared keys. The first time each key is verified, if verification fails, we chuck the failed key and try again with passphrase re-entry. But if a key has already been verified, and verification fails, assume something is wrong with the disk and fail.
Revision 1.58 / (download) - annotate - [select for diffs], Fri Aug 12 10:49:47 2022 UTC (20 months, 1 week ago) by riastradh
Branch: MAIN
Changes since 1.57: +52 -16
lines
Diff to previous 1.57 (colored) to selected 1.34 (colored)
cgdconfig(8): Handle -P/-S for shared keys with -G too. This way you can convert an existing parameters file to one that is derived from a shared key, and derive other subkeys for other disks from the same shared key. cgdconfig -G -S -o /etc/cgd/wd0.shared /etc/cgd/wd0 cgdconfig -G -S -o /etc/cgd/wd1.shared \ -P /etc/cgd/wd0.shared /etc/cgd/wd1 This way, if you enter the same new password both times, wd0.shared and wd1.shared generate the same keys as wd0 and wd1, but only need one password entry with `cgdconfig -C'.
Revision 1.57 / (download) - annotate - [select for diffs], Fri Aug 12 10:49:35 2022 UTC (20 months, 1 week ago) by riastradh
Branch: MAIN
Changes since 1.56: +68 -14
lines
Diff to previous 1.56 (colored) to selected 1.34 (colored)
cgdconfig(8): Add support for generating shared-key parameters files. Usage model: - Generate a parameters file that supports sharing its main key: cgdconfig -g -S -o /etc/cgd/wd0e -V gpt adiantum - Make another parameters file that uses the same shared main key but derives an independent subkey from it: cgdconfig -g -S -P /etc/cgd/wd0e -o /etc/cgd/ld1e \ -V disklabel aes-cbc 256
Revision 1.56 / (download) - annotate - [select for diffs], Fri Aug 12 10:49:17 2022 UTC (20 months, 1 week ago) by riastradh
Branch: MAIN
Changes since 1.55: +104 -4
lines
Diff to previous 1.55 (colored) to selected 1.34 (colored)
cgdconfig(8): Add support for shared keys. New clause `shared <id> algorithm <alg> subkey <info>' in a keygen block enables `cgdconfig -C' to reuse a key between different params files, so you can, e.g., use a single password for multiple disks. This is better than simply caching the password itself because: - Hashing the password is expensive, so it should only be done once. Suppose your budget is time t before you get bored, and you calibrate password hash parameters to unlock n disks before you get bored waiting for `cgdconfig -C'. . With n password hashings the adversary's cost goes up only by a factor of t/n. . With one password hashing and n subkeys the adversary's cost goes up by a factor of n. And if you ever add a disk, rehashing it will make `cgdconfig -C' go over budget, whereas another subkey adds negligible cost to you. - Subkeys work for other types of keygen blocks, like shell_cmd, which could be used to get a key from a hardware token that needs a button press. The <info> parameter must be different for each params file; everything else in the keygen block must be the same. With this clause, the keygen block determines a shared key used only to derive keys; the actual key used by cgdconfig is derived from the shared key by the specified algorithm. The only supported algorithm is hkdf-hmac-sha256, which uses HKDF-Expand of RFC 5869 instantiated with SHA-256. Example: algorithm aes-cbc; iv-method encblkno1; keylength 128; verify_method none; keygen pkcs5_pbkdf2/sha1 { iterations 39361; salt AAAAgMoHiYonye6KogdYJAobCHE=; shared "pw" algorithm hkdf-hmac-sha256 subkey AAAAgFlw0BMQ5gY+haYkZ6JC+yY=; }; The key used for this disk will be derived by HKDF-HMAC-SHA256_k(WXDQExDmBj6FpiRnokL7Jg==), where k is the outcome of PBKDF2-SHA1 with the given parameters. Note that <info> encodes a four-byte prefix giving the big-endian length in bits of the info argument to HKDF, just like all other bit strings in cgdconfig parameters files. If you have multiple disks configured using the same keygen block except for the info parameter, `cgdconfig -C' will only prompt once for your passphrase, generate a shared key k with PBKDF2 as usual, and then reuse it for each of the disks.
Revision 1.55 / (download) - annotate - [select for diffs], Fri Aug 12 10:48:44 2022 UTC (20 months, 1 week ago) by riastradh
Branch: MAIN
Changes since 1.54: +57 -9
lines
Diff to previous 1.54 (colored) to selected 1.34 (colored)
cgdconfig(8): New -T operation prints all generated keys in cgd.conf. For testing purposes.
Revision 1.54 / (download) - annotate - [select for diffs], Fri Aug 12 10:48:27 2022 UTC (20 months, 1 week ago) by riastradh
Branch: MAIN
Changes since 1.53: +56 -5
lines
Diff to previous 1.53 (colored) to selected 1.34 (colored)
cgdconfig(8): New -t operation just prints the derived key in base64. For testing purposes.
Revision 1.53 / (download) - annotate - [select for diffs], Mon Nov 22 14:34:35 2021 UTC (2 years, 4 months ago) by nia
Branch: MAIN
Changes since 1.52: +74 -11
lines
Diff to previous 1.52 (colored) to selected 1.34 (colored)
cgdconfig(8): Add an argon2id password-based key generation method This provides an extra level of side-channel and cracking resistance compared to the pre-existing pkcs5_pbkdf2/sha1 method used for password-based disk encryption. Several new keygen parameters are supported: memory (integer, in kilobytes) parallelism (integer, usually the number of CPU cores) version (integer, usually 19...) We do our best to calibrate these automatically when the paramsfile is initially generated. lgtm riastradh@
Revision 1.52 / (download) - annotate - [select for diffs], Wed Jun 16 23:22:08 2021 UTC (2 years, 10 months ago) by riastradh
Branch: MAIN
Changes since 1.51: +9 -5
lines
Diff to previous 1.51 (colored) to selected 1.34 (colored)
cgdconfig(8): Fail more gracefully than SIGSEGV if shell_cmd fails.
Revision 1.51 / (download) - annotate - [select for diffs], Sun Apr 18 19:56:09 2021 UTC (3 years ago) by maya
Branch: MAIN
CVS Tags: cjep_sun2x-base1,
cjep_sun2x-base,
cjep_sun2x,
cjep_staticlib_x-base1,
cjep_staticlib_x-base,
cjep_staticlib_x
Changes since 1.50: +3 -3
lines
Diff to previous 1.50 (colored) to selected 1.34 (colored)
The -n flag is useless with -g, don't mention it. From rudolf in PR misc/36243
Revision 1.48.2.1 / (download) - annotate - [select for diffs], Mon Jun 10 22:05:32 2019 UTC (4 years, 10 months ago) by christos
Branch: phil-wifi
Changes since 1.48: +22 -17
lines
Diff to previous 1.48 (colored) next main 1.49 (colored) to selected 1.34 (colored)
Sync with HEAD
Revision 1.50 / (download) - annotate - [select for diffs], Wed Apr 10 06:11:37 2019 UTC (5 years ago) by kre
Branch: MAIN
CVS Tags: phil-wifi-20200421,
phil-wifi-20200411,
phil-wifi-20200406,
phil-wifi-20191119,
phil-wifi-20190609,
netbsd-9-base,
netbsd-9-3-RELEASE,
netbsd-9-2-RELEASE,
netbsd-9-1-RELEASE,
netbsd-9-0-RELEASE,
netbsd-9-0-RC2,
netbsd-9-0-RC1,
netbsd-9,
is-mlppp-base,
is-mlppp
Changes since 1.49: +17 -14
lines
Diff to previous 1.49 (colored) to selected 1.34 (colored)
KNF, 80 column police, a few other tidy ups (use if (ret == 0) rather than if (!ret) when ret is not a boolean, and test fopen result against NULL, for example). NFCI.
Revision 1.49 / (download) - annotate - [select for diffs], Wed Apr 10 06:09:39 2019 UTC (5 years ago) by kre
Branch: MAIN
Changes since 1.48: +7 -5
lines
Diff to previous 1.48 (colored) to selected 1.34 (colored)
PR bin/53999 from rudolf (eq.cz) Fix cgdconfig to report verification failures with gpt and mbr verification methods (and not treat them as silent hard errors). This also causes the cgd to be unconfigured when one of those verification methods fails. Add ATF tests to check that bad verification is reported, and does not leave the cgd configured. Patches from the PR applied.
Revision 1.41.6.2 / (download) - annotate - [select for diffs], Tue Aug 7 13:19:51 2018 UTC (5 years, 8 months ago) by martin
Branch: netbsd-8
CVS Tags: netbsd-8-2-RELEASE,
netbsd-8-1-RELEASE,
netbsd-8-1-RC1
Changes since 1.41.6.1: +31 -15
lines
Diff to previous 1.41.6.1 (colored) to branchpoint 1.41 (colored) next main 1.42 (colored) to selected 1.34 (colored)
Pull up following revision(s) (requested by alnsn in ticket #958): sbin/cgdconfig/cgdconfig.c: revision 1.46 sbin/cgdconfig/cgdconfig.c: revision 1.47 sbin/cgdconfig/cgdconfig.c: revision 1.48 sbin/cgdconfig/cgdconfig.8: revision 1.39 sbin/cgdconfig/cgdconfig.8: revision 1.40 Add '-e' option (echo the passphrase) and wipe the passphrase after use. XXX Using memset for wiping isn't a good idea because memset is likely optimised away by gcc. This should be revisited. Missed one change when doing a manual merge of my patch with kre's commit. use explicit_memset(3) With the change to use getpass_r the 128 byte passphrase limit no longer applies, so update the BUGS section here to reflect that change. The limit now is 1023 whichever method is used to fetch the passphrase.
Revision 1.41.6.1 / (download) - annotate - [select for diffs], Tue Jul 31 16:01:12 2018 UTC (5 years, 8 months ago) by martin
Branch: netbsd-8
Changes since 1.41: +35 -20
lines
Diff to previous 1.41 (colored) to selected 1.34 (colored)
Pull up following revision(s) (requested by kre in ticket #946): sbin/cgdconfig/cgdconfig.c: revision 1.42 sbin/cgdconfig/cgdconfig.c: revision 1.43 sbin/cgdconfig/cgdconfig.c: revision 1.44 sbin/cgdconfig/cgdconfig.c: revision 1.45 sbin/cgdconfig/cgdconfig.8: revision 1.37 sbin/cgdconfig/cgdconfig.8: revision 1.38 Check whether the cgd device selected is available to be configured,that is, not already in use, before requesting passwords from the user (or elsewhere). Fix usage for rump. Fixes test breakage caused by previous commit. Check arg count in configure() at entry, rather than later. This avoids the stupid null deref I added a couple of commits ago (on bad usage) and also simplifies the rest of the routine which no longer needs to check the arg count nearly as much. Thanks to Alexander Nasonov for finding the null deref bug. Fix missing -p in usage message (noted by Christoph Badura, thanks), and update -l usage as well. While here fix man page synopses and a few other odds and ends. Add commas in enumeration.
Revision 1.41.12.1 / (download) - annotate - [select for diffs], Mon May 21 04:35:56 2018 UTC (5 years, 11 months ago) by pgoyette
Branch: pgoyette-compat
CVS Tags: pgoyette-compat-merge-20190127
Changes since 1.41: +61 -30
lines
Diff to previous 1.41 (colored) next main 1.42 (colored) to selected 1.34 (colored)
Sync with HEAD
Revision 1.48 / (download) - annotate - [select for diffs], Wed May 9 19:38:46 2018 UTC (5 years, 11 months ago) by alnsn
Branch: MAIN
CVS Tags: phil-wifi-base,
pgoyette-compat-20190127,
pgoyette-compat-20190118,
pgoyette-compat-1226,
pgoyette-compat-1126,
pgoyette-compat-1020,
pgoyette-compat-0930,
pgoyette-compat-0906,
pgoyette-compat-0728,
pgoyette-compat-0625,
pgoyette-compat-0521
Branch point for: phil-wifi
Changes since 1.47: +4 -4
lines
Diff to previous 1.47 (colored) to selected 1.34 (colored)
use explicit_memset(3)
Revision 1.47 / (download) - annotate - [select for diffs], Wed May 9 18:18:11 2018 UTC (5 years, 11 months ago) by alnsn
Branch: MAIN
Changes since 1.46: +5 -3
lines
Diff to previous 1.46 (colored) to selected 1.34 (colored)
Missed one change when doing a manual merge of my patch with kre's commit.
Revision 1.46 / (download) - annotate - [select for diffs], Wed May 9 18:11:56 2018 UTC (5 years, 11 months ago) by alnsn
Branch: MAIN
Changes since 1.45: +27 -13
lines
Diff to previous 1.45 (colored) to selected 1.34 (colored)
Add '-e' option (echo the passphrase) and wipe the passphrase after use. XXX Using memset for wiping isn't a good idea because memset is likely optimised away by gcc. This should be revisited.
Revision 1.45 / (download) - annotate - [select for diffs], Wed May 9 14:27:41 2018 UTC (5 years, 11 months ago) by kre
Branch: MAIN
Changes since 1.44: +9 -7
lines
Diff to previous 1.44 (colored) to selected 1.34 (colored)
Fix missing -p in usage message (noted by Christoph Badura, thanks), and update -l usage as well. While here fix man page synopses and a few other odds and ends.
Revision 1.44 / (download) - annotate - [select for diffs], Wed May 9 13:19:33 2018 UTC (5 years, 11 months ago) by kre
Branch: MAIN
Changes since 1.43: +16 -17
lines
Diff to previous 1.43 (colored) to selected 1.34 (colored)
Check arg count in configure() at entry, rather than later. This avoids the stupid null deref I added a couple of commits ago (on bad usage) and also simplifies the rest of the routine which no longer needs to check the arg count nearly as much. Thanks to Alexander Nasonov for finding the null deref bug.
Revision 1.43 / (download) - annotate - [select for diffs], Sun May 6 20:55:42 2018 UTC (5 years, 11 months ago) by kre
Branch: MAIN
Changes since 1.42: +4 -4
lines
Diff to previous 1.42 (colored) to selected 1.34 (colored)
Fix usage for rump. Fixes test breakage caused by previous commit.
Revision 1.42 / (download) - annotate - [select for diffs], Sat May 5 11:28:44 2018 UTC (5 years, 11 months ago) by kre
Branch: MAIN
Changes since 1.41: +16 -2
lines
Diff to previous 1.41 (colored) to selected 1.34 (colored)
Check whether the cgd device selected is available to be configured,that is, not already in use, before requesting passwords from the user (or elsewhere).
Revision 1.40.2.1 / (download) - annotate - [select for diffs], Mon Mar 20 06:57:01 2017 UTC (7 years, 1 month ago) by pgoyette
Branch: pgoyette-localcount
Changes since 1.40: +3 -2
lines
Diff to previous 1.40 (colored) next main 1.41 (colored) to selected 1.34 (colored)
Sync with HEAD
Revision 1.41 / (download) - annotate - [select for diffs], Tue Jan 10 20:45:19 2017 UTC (7 years, 3 months ago) by christos
Branch: MAIN
CVS Tags: prg-localcount2-base3,
prg-localcount2-base2,
prg-localcount2-base1,
prg-localcount2-base,
prg-localcount2,
pgoyette-localcount-20170426,
pgoyette-localcount-20170320,
pgoyette-compat-base,
pgoyette-compat-0502,
pgoyette-compat-0422,
pgoyette-compat-0415,
pgoyette-compat-0407,
pgoyette-compat-0330,
pgoyette-compat-0322,
pgoyette-compat-0315,
perseant-stdc-iso10646-base,
perseant-stdc-iso10646,
netbsd-8-base,
netbsd-8-0-RELEASE,
netbsd-8-0-RC2,
netbsd-8-0-RC1,
matt-nb8-mediatek-base,
matt-nb8-mediatek,
bouyer-socketcan-base1,
bouyer-socketcan-base,
bouyer-socketcan
Branch point for: pgoyette-compat,
netbsd-8
Changes since 1.40: +3 -2
lines
Diff to previous 1.40 (colored) to selected 1.34 (colored)
Need <sys/stat.h> for S_IFBLK.
Revision 1.40 / (download) - annotate - [select for diffs], Sun Nov 22 20:24:19 2015 UTC (8 years, 4 months ago) by christos
Branch: MAIN
CVS Tags: pgoyette-localcount-base,
pgoyette-localcount-20170107,
pgoyette-localcount-20161104,
pgoyette-localcount-20160806,
pgoyette-localcount-20160726,
localcount-20160914
Branch point for: pgoyette-localcount
Changes since 1.39: +5 -21
lines
Diff to previous 1.39 (colored) to selected 1.34 (colored)
Don't chdir to the config directory; just form the parameters file with a path if needed.
Revision 1.39 / (download) - annotate - [select for diffs], Sun Dec 14 23:27:14 2014 UTC (9 years, 4 months ago) by christos
Branch: MAIN
Changes since 1.38: +3 -3
lines
Diff to previous 1.38 (colored) to selected 1.34 (colored)
fix possibly uninitialized variable.
Revision 1.38 / (download) - annotate - [select for diffs], Sun Dec 14 23:25:07 2014 UTC (9 years, 4 months ago) by christos
Branch: MAIN
Changes since 1.37: +8 -8
lines
Diff to previous 1.37 (colored) to selected 1.34 (colored)
avoid local variable shadowing devname.
Revision 1.37 / (download) - annotate - [select for diffs], Sun Dec 14 12:31:39 2014 UTC (9 years, 4 months ago) by mlelstv
Branch: MAIN
Changes since 1.36: +138 -3
lines
Diff to previous 1.36 (colored) to selected 1.34 (colored)
Add validation methods "mbr" and "gpt" for disks without a valid disklabel.
Revision 1.36 / (download) - annotate - [select for diffs], Sun Dec 14 11:31:39 2014 UTC (9 years, 4 months ago) by mlelstv
Branch: MAIN
Changes since 1.35: +35 -9
lines
Diff to previous 1.35 (colored) to selected 1.34 (colored)
support wedge names. The default param file for a wedge is still named after the device (dkN) which might be unpredictable. Use an explicit param file instead.
Revision 1.33.2.2 / (download) - annotate - [select for diffs], Thu May 22 11:37:27 2014 UTC (9 years, 11 months ago) by yamt
Branch: yamt-pagecache
Changes since 1.33.2.1: +79 -53
lines
Diff to previous 1.33.2.1 (colored) to branchpoint 1.33 (colored) next main 1.34 (colored)
sync with head. for a reference, the tree before this commit was tagged as yamt-pagecache-tag8. this commit was splitted into small chunks to avoid a limitation of cvs. ("Protocol error: too many arguments")
Revision 1.33.8.2 / (download) - annotate - [select for diffs], Sun Jun 23 06:28:50 2013 UTC (10 years, 9 months ago) by tls
Branch: tls-maxphys
Changes since 1.33.8.1: +79 -53
lines
Diff to previous 1.33.8.1 (colored) to branchpoint 1.33 (colored) next main 1.34 (colored)
resync from head
Revision 1.35 / (download) - annotate - [select for diffs], Sun Jun 9 18:37:40 2013 UTC (10 years, 10 months ago) by christos
Branch: MAIN
CVS Tags: yamt-pagecache-base9,
tls-maxphys-base,
tls-earlyentropy-base,
tls-earlyentropy,
riastradh-xf86-video-intel-2-7-1-pre-2-21-15,
riastradh-drm2-base3,
riastradh-drm2-base2,
riastradh-drm2-base1,
riastradh-drm2-base,
riastradh-drm2,
netbsd-7-nhusb-base-20170116,
netbsd-7-nhusb-base,
netbsd-7-nhusb,
netbsd-7-base,
netbsd-7-2-RELEASE,
netbsd-7-1-RELEASE,
netbsd-7-1-RC2,
netbsd-7-1-RC1,
netbsd-7-1-2-RELEASE,
netbsd-7-1-1-RELEASE,
netbsd-7-1,
netbsd-7-0-RELEASE,
netbsd-7-0-RC3,
netbsd-7-0-RC2,
netbsd-7-0-RC1,
netbsd-7-0-2-RELEASE,
netbsd-7-0-1-RELEASE,
netbsd-7-0,
netbsd-7
Changes since 1.34: +79 -53
lines
Diff to previous 1.34 (colored)
List all cgd's no matter if they are not contiguously allocated
Revision 1.33.8.1 / (download) - annotate - [select for diffs], Mon Feb 25 00:28:04 2013 UTC (11 years, 1 month ago) by tls
Branch: tls-maxphys
Changes since 1.33: +94 -6
lines
Diff to previous 1.33 (colored) to selected 1.34 (colored)
resync with head
Revision 1.33.2.1 / (download) - annotate - [select for diffs], Wed Jan 16 05:32:32 2013 UTC (11 years, 3 months ago) by yamt
Branch: yamt-pagecache
CVS Tags: yamt-pagecache-tag8
Changes since 1.33: +94 -6
lines
Diff to previous 1.33 (colored) to selected 1.34 (colored)
sync with (a bit old) head
Revision 1.34 / (download) - annotate - [selected], Wed Dec 5 02:23:20 2012 UTC (11 years, 4 months ago) by christos
Branch: MAIN
CVS Tags: yamt-pagecache-base8,
yamt-pagecache-base7,
agc-symver-base,
agc-symver
Changes since 1.33: +94 -6
lines
Diff to previous 1.33 (colored)
add cgdconfig -l like vnconfig -l
Revision 1.33 / (download) - annotate - [select for diffs], Mon Aug 29 14:34:59 2011 UTC (12 years, 7 months ago) by joerg
Branch: MAIN
CVS Tags: yamt-pagecache-base6,
yamt-pagecache-base5,
yamt-pagecache-base4,
yamt-pagecache-base3,
yamt-pagecache-base2,
yamt-pagecache-base,
netbsd-6-base,
netbsd-6-1-RELEASE,
netbsd-6-1-RC4,
netbsd-6-1-RC3,
netbsd-6-1-RC2,
netbsd-6-1-RC1,
netbsd-6-1-5-RELEASE,
netbsd-6-1-4-RELEASE,
netbsd-6-1-3-RELEASE,
netbsd-6-1-2-RELEASE,
netbsd-6-1-1-RELEASE,
netbsd-6-1,
netbsd-6-0-RELEASE,
netbsd-6-0-RC2,
netbsd-6-0-RC1,
netbsd-6-0-6-RELEASE,
netbsd-6-0-5-RELEASE,
netbsd-6-0-4-RELEASE,
netbsd-6-0-3-RELEASE,
netbsd-6-0-2-RELEASE,
netbsd-6-0-1-RELEASE,
netbsd-6-0,
netbsd-6,
matt-nb6-plus-nbase,
matt-nb6-plus-base,
matt-nb6-plus
Branch point for: yamt-pagecache,
tls-maxphys
Changes since 1.32: +3 -3
lines
Diff to previous 1.32 (colored) to selected 1.34 (colored)
Use __dead
Revision 1.32 / (download) - annotate - [select for diffs], Tue Dec 14 17:46:21 2010 UTC (13 years, 4 months ago) by pooka
Branch: MAIN
CVS Tags: matt-mips64-premerge-20101231,
cherry-xenmp-base,
cherry-xenmp,
bouyer-quota2-nbase,
bouyer-quota2-base,
bouyer-quota2
Changes since 1.31: +16 -22
lines
Diff to previous 1.31 (colored) to selected 1.34 (colored)
Convert from the oldstyle cgd_kops.op_open to the newstyle prog_open and define RUMPPRG. Get rid of the Makefile.inc stuff, since it was useful only for the oldstyle regime.
Revision 1.31 / (download) - annotate - [select for diffs], Thu Dec 2 18:02:58 2010 UTC (13 years, 4 months ago) by elric
Branch: MAIN
Changes since 1.30: +2 -4
lines
Diff to previous 1.30 (colored) to selected 1.34 (colored)
Remove a line that was intended only for my personal testing and that breaks things.
Revision 1.30 / (download) - annotate - [select for diffs], Thu Dec 2 04:54:32 2010 UTC (13 years, 4 months ago) by elric
Branch: MAIN
Changes since 1.29: +12 -4
lines
Diff to previous 1.29 (colored) to selected 1.34 (colored)
In -G, refuse to operate if KEYGEN_URANDOM is specified as we already do for KEYGEN_RANDOMKEY. Print a warning if such a refusal is made---this will help the user understand why there is an error. Patch provided by: Taylor R Campbell <campbell+netbsd@mumble.net>.
Revision 1.29 / (download) - annotate - [select for diffs], Sat Nov 27 17:08:36 2010 UTC (13 years, 4 months ago) by elric
Branch: MAIN
Changes since 1.28: +4 -4
lines
Diff to previous 1.28 (colored) to selected 1.34 (colored)
Remove trailing whitespace (patch provided by: Taylor R Campbell <campbell+netbsd@mumble.net>)
Revision 1.28 / (download) - annotate - [select for diffs], Tue Sep 8 21:36:35 2009 UTC (14 years, 7 months ago) by pooka
Branch: MAIN
CVS Tags: matt-premerge-20091211
Changes since 1.27: +23 -12
lines
Diff to previous 1.27 (colored) to selected 1.34 (colored)
* allow specification of kernel operations vector * make it possible to build cgdconfig as a library
Revision 1.20.8.2 / (download) - annotate - [select for diffs], Sun Sep 28 11:17:10 2008 UTC (15 years, 6 months ago) by mjf
Branch: mjf-devfs2
Changes since 1.20.8.1: +7 -6
lines
Diff to previous 1.20.8.1 (colored) to branchpoint 1.20 (colored) next main 1.21 (colored) to selected 1.34 (colored)
Sync with HEAD.
Revision 1.21.2.2 / (download) - annotate - [select for diffs], Thu Sep 18 04:28:22 2008 UTC (15 years, 7 months ago) by wrstuden
Branch: wrstuden-revivesa
Changes since 1.21.2.1: +9 -8
lines
Diff to previous 1.21.2.1 (colored) next main 1.22 (colored) to selected 1.34 (colored)
Sync with wrstuden-revivesa-base-2.
Revision 1.27 / (download) - annotate - [select for diffs], Thu Jul 24 19:07:36 2008 UTC (15 years, 8 months ago) by christos
Branch: MAIN
CVS Tags: wrstuden-revivesa-base-3,
wrstuden-revivesa-base-2,
netbsd-5-base,
netbsd-5-2-RELEASE,
netbsd-5-2-RC1,
netbsd-5-2-3-RELEASE,
netbsd-5-2-2-RELEASE,
netbsd-5-2-1-RELEASE,
netbsd-5-2,
netbsd-5-1-RELEASE,
netbsd-5-1-RC4,
netbsd-5-1-RC3,
netbsd-5-1-RC2,
netbsd-5-1-RC1,
netbsd-5-1-5-RELEASE,
netbsd-5-1-4-RELEASE,
netbsd-5-1-3-RELEASE,
netbsd-5-1-2-RELEASE,
netbsd-5-1-1-RELEASE,
netbsd-5-1,
netbsd-5-0-RELEASE,
netbsd-5-0-RC4,
netbsd-5-0-RC3,
netbsd-5-0-RC2,
netbsd-5-0-RC1,
netbsd-5-0-2-RELEASE,
netbsd-5-0-1-RELEASE,
netbsd-5-0,
netbsd-5,
mjf-devfs2-base,
matt-nb5-pq3-base,
matt-nb5-pq3,
matt-nb5-mips64-u2-k2-k4-k7-k8-k9,
matt-nb5-mips64-u1-k1-k5,
matt-nb5-mips64-premerge-20101231,
matt-nb5-mips64-premerge-20091211,
matt-nb5-mips64-k15,
matt-nb5-mips64,
matt-nb4-mips64-k7-u2a-k9b,
matt-mips64-base2,
jym-xensuspend-nbase,
jym-xensuspend-base,
jym-xensuspend
Changes since 1.26: +3 -3
lines
Diff to previous 1.26 (colored) to selected 1.34 (colored)
PR/39525: Joachim Schueth, Frederik Sausmikat: cgd inadvertently encrypts blkno eight times to generate IV Add "encblkno1" IV type to encrypt only once, rename old "encblkno" to "encblkno8" for clarity, and make "encblkno" an alias for "encblkno8" for backward compatibility.
Revision 1.26 / (download) - annotate - [select for diffs], Thu Jul 24 05:35:59 2008 UTC (15 years, 8 months ago) by dholland
Branch: MAIN
Changes since 1.25: +3 -2
lines
Diff to previous 1.25 (colored) to selected 1.34 (colored)
bzero the passphrase before freeing it, to discourage chill attacks.
Revision 1.25 / (download) - annotate - [select for diffs], Thu Jul 24 05:32:45 2008 UTC (15 years, 8 months ago) by dholland
Branch: MAIN
Changes since 1.24: +6 -5
lines
Diff to previous 1.24 (colored) to selected 1.34 (colored)
Adjust this to not need -Wno-pointer-sign.
Revision 1.24 / (download) - annotate - [select for diffs], Sun Jul 20 01:20:21 2008 UTC (15 years, 9 months ago) by lukem
Branch: MAIN
Changes since 1.23: +4 -5
lines
Diff to previous 1.23 (colored) to selected 1.34 (colored)
Remove the \n and tabs from the __COPYRIGHT() strings. (Tweak some to use a consistent format.)
Revision 1.21.2.1 / (download) - annotate - [select for diffs], Mon Jun 23 04:29:57 2008 UTC (15 years, 9 months ago) by wrstuden
Branch: wrstuden-revivesa
Changes since 1.21: +86 -8
lines
Diff to previous 1.21 (colored) to selected 1.34 (colored)
Sync w/ -current. 34 merge conflicts to follow.
Revision 1.20.8.1 / (download) - annotate - [select for diffs], Mon Jun 2 13:21:20 2008 UTC (15 years, 10 months ago) by mjf
Branch: mjf-devfs2
Changes since 1.20: +86 -15
lines
Diff to previous 1.20 (colored) to selected 1.34 (colored)
Sync with HEAD.
Revision 1.20.10.1 / (download) - annotate - [select for diffs], Sun May 18 12:30:50 2008 UTC (15 years, 11 months ago) by yamt
Branch: yamt-pf42
Changes since 1.20: +86 -15
lines
Diff to previous 1.20 (colored) next main 1.21 (colored) to selected 1.34 (colored)
sync with head.
Revision 1.23 / (download) - annotate - [select for diffs], Sun May 11 03:15:21 2008 UTC (15 years, 11 months ago) by elric
Branch: MAIN
CVS Tags: yamt-pf42-base4,
yamt-pf42-base3,
yamt-pf42-base2,
wrstuden-revivesa-base-1,
wrstuden-revivesa-base,
hpcarm-cleanup-nbase
Changes since 1.22: +22 -3
lines
Diff to previous 1.22 (colored) to selected 1.34 (colored)
Add a new keygen method which will execute an external command and take its output as the key. I've been meaning to do this for quite a while...
Revision 1.22 / (download) - annotate - [select for diffs], Sat May 10 21:38:40 2008 UTC (15 years, 11 months ago) by elric
Branch: MAIN
Changes since 1.21: +66 -7
lines
Diff to previous 1.21 (colored) to selected 1.34 (colored)
Add -p flag to retrieve passphrases from stdin. This is mainly aimed at programatic use where the caller wants to be able to use PKCS#5. Disable looping on invalid verifications unless both a passphrase method is in use and the -p flag is not specified. Update man page to document -p flag.
Revision 1.21 / (download) - annotate - [select for diffs], Mon Apr 28 20:23:08 2008 UTC (15 years, 11 months ago) by martin
Branch: MAIN
Branch point for: wrstuden-revivesa
Changes since 1.20: +2 -9
lines
Diff to previous 1.20 (colored) to selected 1.34 (colored)
Remove clause 3 and 4 from TNF licenses
Revision 1.18.4.4 / (download) - annotate - [select for diffs], Sun Mar 23 00:44:22 2008 UTC (16 years, 1 month ago) by matt
Branch: matt-armv6
Changes since 1.18.4.3: +7 -7
lines
Diff to previous 1.18.4.3 (colored) to branchpoint 1.18 (colored) next main 1.19 (colored) to selected 1.34 (colored)
sync with HEAD
Revision 1.18.4.3 / (download) - annotate - [select for diffs], Tue Jan 8 07:17:52 2008 UTC (16 years, 3 months ago) by matt
Branch: matt-armv6
CVS Tags: matt-armv6-prevmlocking
Changes since 1.18.4.2: +7 -7
lines
Diff to previous 1.18.4.2 (colored) to branchpoint 1.18 (colored) to selected 1.34 (colored)
Pull in changes from HEAD to make compile
Revision 1.18.4.2 / (download) - annotate - [select for diffs], Thu Nov 8 11:13:39 2007 UTC (16 years, 5 months ago) by matt
Branch: matt-armv6
Changes since 1.18.4.1: +3 -3
lines
Diff to previous 1.18.4.1 (colored) to branchpoint 1.18 (colored) to selected 1.34 (colored)
sync with HEAD
Revision 1.18.4.1 / (download) - annotate - [select for diffs], Tue Nov 6 23:12:30 2007 UTC (16 years, 5 months ago) by matt
Branch: matt-armv6
Changes since 1.18: +51 -58
lines
Diff to previous 1.18 (colored) to selected 1.34 (colored)
sync with HEAD
Revision 1.20 / (download) - annotate - [select for diffs], Tue Nov 6 10:44:23 2007 UTC (16 years, 5 months ago) by martin
Branch: MAIN
CVS Tags: yamt-pf42-baseX,
yamt-pf42-base,
mjf-devfs-base,
mjf-devfs,
matt-armv6-nbase,
matt-armv6-base,
keiichi-mipv6-base,
keiichi-mipv6,
hpcarm-cleanup-base,
cube-autoconf-base,
cube-autoconf
Branch point for: yamt-pf42,
mjf-devfs2
Changes since 1.19: +3 -3
lines
Diff to previous 1.19 (colored) to selected 1.34 (colored)
Do not use %d for size_t
Revision 1.19 / (download) - annotate - [select for diffs], Tue Nov 6 02:50:48 2007 UTC (16 years, 5 months ago) by christos
Branch: MAIN
Changes since 1.18: +51 -58
lines
Diff to previous 1.18 (colored) to selected 1.34 (colored)
3 month roland feedback timeout: - Pass lint - knf - convert ints to size_t's
Revision 1.18 / (download) - annotate - [select for diffs], Tue Feb 6 14:04:01 2007 UTC (17 years, 2 months ago) by cbiere
Branch: MAIN
CVS Tags: matt-mips64-base,
matt-mips64,
hpcarm-cleanup
Branch point for: matt-armv6
Changes since 1.17: +3 -3
lines
Diff to previous 1.17 (colored) to selected 1.34 (colored)
Fixed format string in opendisk_werror() which was wrong since my previous commit.
Revision 1.17 / (download) - annotate - [select for diffs], Tue Feb 6 02:09:19 2007 UTC (17 years, 2 months ago) by cbiere
Branch: MAIN
Changes since 1.16: +147 -84
lines
Diff to previous 1.16 (colored) to selected 1.34 (colored)
* 1 -> EXIT_FAILURE. * Replaced atoi() with parse_int(). * Use an enum for ACTION_* instead of #define. * Use strdup() or asnprintf() instead of strlcpy() to avoid truncation. * pread() returns ssize_t not int. * Suppress "unused parameter" warnings. * verify_disklabel(): Pass the correct size to disklabel_scan(). * verify_ffs(): * Don't indicate success if pread() fails. * Check the amount of bytes read. * Don't cast buf to (struct fs *), it's not aligned. * eliminate_cores(): No need for a temporary variable.
Revision 1.16 / (download) - annotate - [select for diffs], Mon Jun 27 03:07:45 2005 UTC (18 years, 9 months ago) by christos
Branch: MAIN
CVS Tags: wrstuden-fixsa-newbase,
wrstuden-fixsa-base-1,
wrstuden-fixsa-base,
wrstuden-fixsa,
netbsd-4-base,
netbsd-4-0-RELEASE,
netbsd-4-0-RC5,
netbsd-4-0-RC4,
netbsd-4-0-RC3,
netbsd-4-0-RC2,
netbsd-4-0-RC1,
netbsd-4-0-1-RELEASE,
netbsd-4-0,
netbsd-4,
abandoned-netbsd-4-base,
abandoned-netbsd-4
Changes since 1.15: +6 -6
lines
Diff to previous 1.15 (colored) to selected 1.34 (colored)
- constify. - don't dup extern declarations on each file because they end up being inconsistent (yyerror).
Revision 1.15 / (download) - annotate - [select for diffs], Wed Mar 30 20:59:34 2005 UTC (19 years ago) by elric
Branch: MAIN
Changes since 1.14: +3 -3
lines
Diff to previous 1.14 (colored) to selected 1.34 (colored)
setprogname(3) needs to come before calls to err(3).
Revision 1.14 / (download) - annotate - [select for diffs], Wed Mar 30 19:56:05 2005 UTC (19 years ago) by elric
Branch: MAIN
Changes since 1.13: +5 -2
lines
Diff to previous 1.13 (colored) to selected 1.34 (colored)
Lock all memory.
Revision 1.13 / (download) - annotate - [select for diffs], Wed Mar 30 15:45:56 2005 UTC (19 years ago) by elric
Branch: MAIN
Changes since 1.12: +18 -2
lines
Diff to previous 1.12 (colored) to selected 1.34 (colored)
Turn off core dumps.
Revision 1.12 / (download) - annotate - [select for diffs], Fri Aug 13 15:03:57 2004 UTC (19 years, 8 months ago) by tv
Branch: MAIN
CVS Tags: netbsd-3-base,
netbsd-3-1-RELEASE,
netbsd-3-1-RC4,
netbsd-3-1-RC3,
netbsd-3-1-RC2,
netbsd-3-1-RC1,
netbsd-3-1-1-RELEASE,
netbsd-3-1,
netbsd-3-0-RELEASE,
netbsd-3-0-RC6,
netbsd-3-0-RC5,
netbsd-3-0-RC4,
netbsd-3-0-RC3,
netbsd-3-0-RC2,
netbsd-3-0-RC1,
netbsd-3-0-3-RELEASE,
netbsd-3-0-2-RELEASE,
netbsd-3-0-1-RELEASE,
netbsd-3-0,
netbsd-3
Changes since 1.11: +9 -16
lines
Diff to previous 1.11 (colored) to selected 1.34 (colored)
Add "urandomkey" key generation method as described in PR kern/22766; useful for configuring a throwaway key for cgd-on-swap at boot time.
Revision 1.10.2.1 / (download) - annotate - [select for diffs], Fri Aug 13 15:02:17 2004 UTC (19 years, 8 months ago) by tv
Branch: netbsd-2-0
CVS Tags: netbsd-2-base,
netbsd-2-1-RELEASE,
netbsd-2-1-RC6,
netbsd-2-1-RC5,
netbsd-2-1-RC4,
netbsd-2-1-RC3,
netbsd-2-1-RC2,
netbsd-2-1-RC1,
netbsd-2-1,
netbsd-2-0-RELEASE,
netbsd-2-0-RC5,
netbsd-2-0-RC4,
netbsd-2-0-RC3,
netbsd-2-0-RC2,
netbsd-2-0-RC1,
netbsd-2-0-3-RELEASE,
netbsd-2-0-2-RELEASE,
netbsd-2-0-1-RELEASE,
netbsd-2
Changes since 1.10: +2 -2
lines
Diff to previous 1.10 (colored) next main 1.11 (colored) to selected 1.34 (colored)
Oy, sometimes CVS sticky tags hurt. Revert urandomkey; that should be on HEAD.
Revision 1.11 / (download) - annotate - [select for diffs], Tue Aug 10 02:29:34 2004 UTC (19 years, 8 months ago) by rumble
Branch: MAIN
Changes since 1.10: +12 -2
lines
Diff to previous 1.10 (colored) to selected 1.34 (colored)
In getkey(), check the return values of the various keygen functions and abort if necessary. Also, check for errors in its callers and handle them gracefully. OK'd by elric.
Revision 1.10 / (download) - annotate - [select for diffs], Wed Mar 17 01:29:13 2004 UTC (20 years, 1 month ago) by dan
Branch: MAIN
CVS Tags: netbsd-2-0-base
Branch point for: netbsd-2-0
Changes since 1.9: +25 -11
lines
Diff to previous 1.9 (colored) to selected 1.34 (colored)
Fix a longstanding algorithmic flaw in PKCS#5 key generation. The existing pkcs5_pbdkf2 keygen method is retained functionally as-is, for compatibility with existing params files. The corrected algorithm, which is now the default for new params file generation, is called pkcs5_pbkdf2/sha1. NB. The backwards compatibility for the miscreant keygen method will be removed at the same time as support for the previous parameters file syntax. Sometime between now and then, users should update their params files using -G, which will create a new params file including an xor value so that the resulting generated key is the same; they should also Problem discovery and 2-char algorithm fix by Charles Blundell, messy compat goop by me, long complicated names by Roland Dowdeswell. Update manpage accordingly and bump date.
Revision 1.9 / (download) - annotate - [select for diffs], Tue Sep 23 17:24:46 2003 UTC (20 years, 7 months ago) by cb
Branch: MAIN
Changes since 1.8: +33 -2
lines
Diff to previous 1.8 (colored) to selected 1.34 (colored)
add a new verification method that prompts for the pkcs#5 pbkdf2 passphrase again and checks the generated key against the original.
Revision 1.8 / (download) - annotate - [select for diffs], Sat May 17 23:09:06 2003 UTC (20 years, 11 months ago) by itojun
Branch: MAIN
Changes since 1.7: +5 -5
lines
Diff to previous 1.7 (colored) to selected 1.34 (colored)
use strlcpy
Revision 1.7 / (download) - annotate - [select for diffs], Wed Apr 2 10:39:23 2003 UTC (21 years ago) by fvdl
Branch: MAIN
Changes since 1.6: +22 -13
lines
Diff to previous 1.6 (colored) to selected 1.34 (colored)
Add support for UFS2. UFS2 is an enhanced FFS, adding support for 64 bit block pointers, extended attribute storage, and a few other things. This commit does not yet include the code to manipulate the extended storage (for e.g. ACLs), this will be done later. Originally written by Kirk McKusick and Network Associates Laboratories for FreeBSD.
Revision 1.6 / (download) - annotate - [select for diffs], Mon Mar 24 03:12:22 2003 UTC (21 years, 1 month ago) by elric
Branch: MAIN
Changes since 1.5: +3 -3
lines
Diff to previous 1.5 (colored) to selected 1.34 (colored)
Quick bugfix: o need to do keygen_filldefaults() in generate_convert no matter what, not only if there are no existing keygen methods in the new parameters.
Revision 1.5 / (download) - annotate - [select for diffs], Mon Mar 24 02:02:50 2003 UTC (21 years, 1 month ago) by elric
Branch: MAIN
Changes since 1.4: +284 -212
lines
Diff to previous 1.4 (colored) to selected 1.34 (colored)
substantial rototill of the code. o added new features: o -G: generate a new paramsfile that produces the same key as the old paramsfile, o ffs verify_method, o multiple keygen methods that are xor'ed together (for n-factor authentication), and o calibrating the iteration count of PKCS#5 PBKDF2 to the current machine's speed. o changed paramsfile format to allow for the new features. o replaced open-coded parser with yacc grammar. o lots of supporting changes. o updated documentation to reflect new features and new paramsfile format.
Revision 1.4 / (download) - annotate - [select for diffs], Mon Oct 28 05:46:01 2002 UTC (21 years, 5 months ago) by elric
Branch: MAIN
CVS Tags: fvdl_fs64_base
Changes since 1.3: +3 -3
lines
Diff to previous 1.3 (colored) to selected 1.34 (colored)
bugfix: was still pulling random bits from /dev/random when generating a paramsfile of type randomkey which does not need them. Pointed out by dan@netbsd.org.
Revision 1.3 / (download) - annotate - [select for diffs], Sat Oct 12 21:02:18 2002 UTC (21 years, 6 months ago) by elric
Branch: MAIN
Changes since 1.2: +128 -27
lines
Diff to previous 1.2 (colored) to selected 1.34 (colored)
Add the concept of a verification method which allows cgdconfig(8) to reprompt for the passphrase if the key does not meet certain criteria. The currently implemented methods are ``none'' and ``disklabel''. The first behaves in the original fashion, the second will scan for a disklabel on the cgd after configuration and if it does not find a disklabel then it will reprompt for the password and reconfigure the disk.
Revision 1.2 / (download) - annotate - [select for diffs], Sat Oct 12 15:56:26 2002 UTC (21 years, 6 months ago) by elric
Branch: MAIN
Changes since 1.1: +44 -19
lines
Diff to previous 1.1 (colored) to selected 1.34 (colored)
Small usage enhancement: open the cgd before prompting for the passphrase so that errors can be reported w/o asking for the passphrase unnec.
Revision 1.1 / (download) - annotate - [select for diffs], Fri Oct 4 18:37:20 2002 UTC (21 years, 6 months ago) by elric
Branch: MAIN
Diff to selected 1.34 (colored)
Initial checkin of cgdconfig(8), a program to configure a cgd.