CVS commit: src/sbin/cgdconfig
Module Name:src
Committed By: riastradh
Date: Wed Jun 16 23:22:08 UTC 2021
Modified Files:
src/sbin/cgdconfig: cgdconfig.c
Log Message:
cgdconfig(8): Fail more gracefully than SIGSEGV if shell_cmd fails.
To generate a diff of this commit:
cvs rdiff -u -r1.51 -r1.52 src/sbin/cgdconfig/cgdconfig.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sbin/cgdconfig/cgdconfig.c
diff -u src/sbin/cgdconfig/cgdconfig.c:1.51 src/sbin/cgdconfig/cgdconfig.c:1.52
--- src/sbin/cgdconfig/cgdconfig.c:1.51 Sun Apr 18 19:56:09 2021
+++ src/sbin/cgdconfig/cgdconfig.c Wed Jun 16 23:22:08 2021
@@ -1,4 +1,4 @@
-/* $NetBSD: cgdconfig.c,v 1.51 2021/04/18 19:56:09 maya Exp $ */
+/* $NetBSD: cgdconfig.c,v 1.52 2021/06/16 23:22:08 riastradh Exp $ */
/*-
* Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#ifndef lint
__COPYRIGHT("@(#) Copyright (c) 2002, 2003\
The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: cgdconfig.c,v 1.51 2021/04/18 19:56:09 maya Exp $");
+__RCSID("$NetBSD: cgdconfig.c,v 1.52 2021/06/16 23:22:08 riastradh Exp $");
#endif
#include
@@ -460,10 +460,14 @@ getkey_shell_cmd(const char *target, str
{
FILE *f;
bits_t *ret;
+ int status;
- f = popen(string_tocharstar(kg->kg_cmd), "r");
- ret = bits_fget(f, keylen);
- pclose(f);
+ if ((f = popen(string_tocharstar(kg->kg_cmd), "r")) == NULL)
+ errx(1, "command failed");
+ if ((ret = bits_fget(f, keylen)) == NULL)
+ errx(1, "command output too short");
+ if ((status = pclose(f)) != 0)
+ err(1, "command failed with status %d", status);
return ret;
}
CVS commit: src/sbin/cgdconfig
Module Name:src
Committed By: prlw1
Date: Thu Jun 3 15:40:27 UTC 2021
Modified Files:
src/sbin/cgdconfig: params.c
Log Message:
Make adiantum a first class citizen
To generate a diff of this commit:
cvs rdiff -u -r1.30 -r1.31 src/sbin/cgdconfig/params.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sbin/cgdconfig/params.c
diff -u src/sbin/cgdconfig/params.c:1.30 src/sbin/cgdconfig/params.c:1.31
--- src/sbin/cgdconfig/params.c:1.30 Sun Dec 30 12:05:48 2018
+++ src/sbin/cgdconfig/params.c Thu Jun 3 15:40:27 2021
@@ -1,4 +1,4 @@
-/* $NetBSD: params.c,v 1.30 2018/12/30 12:05:48 mlelstv Exp $ */
+/* $NetBSD: params.c,v 1.31 2021/06/03 15:40:27 prlw1 Exp $ */
/*-
* Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@@ -31,7 +31,7 @@
#include
#ifndef lint
-__RCSID("$NetBSD: params.c,v 1.30 2018/12/30 12:05:48 mlelstv Exp $");
+__RCSID("$NetBSD: params.c,v 1.31 2021/06/03 15:40:27 prlw1 Exp $");
#endif
#include
@@ -69,6 +69,7 @@ static struct crypto_defaults {
char alg[32];
int keylen;
} crypto_defaults[] = {
+ { "adiantum", 256 },
{ "aes-cbc", 128 },
{ "aes-xts", 256 },
{ "3des-cbc", 192 },
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: nia Date: Fri Apr 30 21:07:34 UTC 2021 Modified Files: src/sbin/cgdconfig: cgdconfig.8 Log Message: cgdconfig.8: use gpt in examples, it's more versatile for this use case To generate a diff of this commit: cvs rdiff -u -r1.49 -r1.50 src/sbin/cgdconfig/cgdconfig.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sbin/cgdconfig/cgdconfig.8 diff -u src/sbin/cgdconfig/cgdconfig.8:1.49 src/sbin/cgdconfig/cgdconfig.8:1.50 --- src/sbin/cgdconfig/cgdconfig.8:1.49 Sun Apr 18 19:56:09 2021 +++ src/sbin/cgdconfig/cgdconfig.8 Fri Apr 30 21:07:34 2021 @@ -1,4 +1,4 @@ -.\" $NetBSD: cgdconfig.8,v 1.49 2021/04/18 19:56:09 maya Exp $ +.\" $NetBSD: cgdconfig.8,v 1.50 2021/04/30 21:07:34 nia Exp $ .\" .\" Copyright (c) 2002, The NetBSD Foundation, Inc. .\" All rights reserved. @@ -387,14 +387,14 @@ when we configure the first time to set Here is the sequence of commands that is recommended: .Bd -literal - # cgdconfig -g -o /etc/cgd/wd0e -V disklabel adiantum - # cgdconfig -V re-enter cgd0 /dev/wd0e - /dev/wd0e's passphrase: + # cgdconfig -g -o /etc/cgd/dk3 -V gpt adiantum + # cgdconfig -V re-enter cgd0 /dev/dk3 + /dev/dk3's passphrase: re-enter device's passphrase: - # disklabel -e -I cgd0 + # gpt create cgd0 # cgdconfig -u cgd0 - # cgdconfig cgd0 /dev/wd0e - /dev/wd0e's passphrase: + # cgdconfig cgd0 /dev/dk3 + /dev/dk3's passphrase: .Ed .Pp To scrub data from a disk before setting up a cgd:
CVS commit: src/sbin/cgdconfig
Module Name:src
Committed By: maya
Date: Sun Apr 18 19:56:10 UTC 2021
Modified Files:
src/sbin/cgdconfig: cgdconfig.8 cgdconfig.c
Log Message:
The -n flag is useless with -g, don't mention it.
>From rudolf in PR misc/36243
To generate a diff of this commit:
cvs rdiff -u -r1.48 -r1.49 src/sbin/cgdconfig/cgdconfig.8
cvs rdiff -u -r1.50 -r1.51 src/sbin/cgdconfig/cgdconfig.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sbin/cgdconfig/cgdconfig.8
diff -u src/sbin/cgdconfig/cgdconfig.8:1.48 src/sbin/cgdconfig/cgdconfig.8:1.49
--- src/sbin/cgdconfig/cgdconfig.8:1.48 Fri Dec 11 21:52:19 2020
+++ src/sbin/cgdconfig/cgdconfig.8 Sun Apr 18 19:56:09 2021
@@ -1,4 +1,4 @@
-.\" $NetBSD: cgdconfig.8,v 1.48 2020/12/11 21:52:19 riastradh Exp $
+.\" $NetBSD: cgdconfig.8,v 1.49 2021/04/18 19:56:09 maya Exp $
.\"
.\" Copyright (c) 2002, The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -27,7 +27,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd December 11, 2020
+.Dd April 18, 2021
.Dt CGDCONFIG 8
.Os
.Sh NAME
@@ -52,7 +52,8 @@
.Ar paramsfile
.Nm
.Fl g
-.Op Fl nv
+.Op Fl v
+.Op Fl V Ar vmeth
.Op Fl i Ar ivmeth
.Op Fl k Ar kgmeth
.Op Fl o Ar outfile
Index: src/sbin/cgdconfig/cgdconfig.c
diff -u src/sbin/cgdconfig/cgdconfig.c:1.50 src/sbin/cgdconfig/cgdconfig.c:1.51
--- src/sbin/cgdconfig/cgdconfig.c:1.50 Wed Apr 10 06:11:37 2019
+++ src/sbin/cgdconfig/cgdconfig.c Sun Apr 18 19:56:09 2021
@@ -1,4 +1,4 @@
-/* $NetBSD: cgdconfig.c,v 1.50 2019/04/10 06:11:37 kre Exp $ */
+/* $NetBSD: cgdconfig.c,v 1.51 2021/04/18 19:56:09 maya Exp $ */
/*-
* Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#ifndef lint
__COPYRIGHT("@(#) Copyright (c) 2002, 2003\
The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: cgdconfig.c,v 1.50 2019/04/10 06:11:37 kre Exp $");
+__RCSID("$NetBSD: cgdconfig.c,v 1.51 2021/04/18 19:56:09 maya Exp $");
#endif
#include
@@ -144,7 +144,7 @@ usage(void)
getprogname());
(void)fprintf(stderr, " %s -G [-enpv] [-i ivmeth] [-k kgmeth] "
"[-o outfile] paramsfile\n", getprogname());
- (void)fprintf(stderr, " %s -g [-nv] [-i ivmeth] [-k kgmeth] "
+ (void)fprintf(stderr, " %s -g [-v] [-i ivmeth] [-k kgmeth] "
"[-o outfile] alg [keylen]\n", getprogname());
(void)fprintf(stderr, " %s -l [-v[v]] [cgd]\n", getprogname());
(void)fprintf(stderr, " %s -s [-nv] [-i ivmeth] cgd dev alg "
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: riastradh Date: Fri Dec 11 21:52:19 UTC 2020 Modified Files: src/sbin/cgdconfig: cgdconfig.8 Log Message: Touch up cgdconfig(8) man page. - Suggest adiantum first. - Remove references to Blowfish. - Clarify that ivmethod is relevant only for ancient compatibility. To generate a diff of this commit: cvs rdiff -u -r1.47 -r1.48 src/sbin/cgdconfig/cgdconfig.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sbin/cgdconfig/cgdconfig.8 diff -u src/sbin/cgdconfig/cgdconfig.8:1.47 src/sbin/cgdconfig/cgdconfig.8:1.48 --- src/sbin/cgdconfig/cgdconfig.8:1.47 Tue Jun 23 14:08:01 2020 +++ src/sbin/cgdconfig/cgdconfig.8 Fri Dec 11 21:52:19 2020 @@ -1,4 +1,4 @@ -.\" $NetBSD: cgdconfig.8,v 1.47 2020/06/23 14:08:01 wiz Exp $ +.\" $NetBSD: cgdconfig.8,v 1.48 2020/12/11 21:52:19 riastradh Exp $ .\" .\" Copyright (c) 2002, The NetBSD Foundation, Inc. .\" All rights reserved. @@ -27,7 +27,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd June 23, 2020 +.Dd December 11, 2020 .Dt CGDCONFIG 8 .Os .Sh NAME @@ -104,6 +104,15 @@ This may need to obtain multiple passphr Generate a paramsfile (to stdout). .It Fl i Ar ivmeth Specify the IV method (default: encblkno1). +.Pp +Setting the IV method is needed only for compatibility with disks +written with a very old version of +.Xr cgd 4 +from before +.Nx 5.0 , +released in 2010; see +.Xr cgd 4 +for details. .It Fl k Ar kgmeth Specify the key generation method (default: pkcs5_pbkdf2/sha1). .It Fl l Op Ar cgd @@ -144,8 +153,8 @@ Be verbose. May be specified multiple times. .El .Pp -For more information about the cryptographic algorithms and IV methods -supported, please refer to +For more information about the cryptographic algorithms supported, +please refer to .Xr cgd 4 . .Ss Key Generation Methods To generate the key which it will use, @@ -318,6 +327,15 @@ The following statements are defined: Defines the cryptographic algorithm. .It iv-method Ar string Defines the IV generation method. +This should always be +.Sq encblkno1 +except when dealing with disks written with a very old version of +.Xr cgd 4 +from before +.Nx 5.0 , +released in 2010; see +.Xr cgd 4 +for details. .It keylength Ar integer Defines the length of the key. .It verify_method Ar string @@ -352,12 +370,10 @@ configuration directory, used to store p cgd configuration file. .El .Sh EXAMPLES -To set up and configure a cgd that uses AES with a 192 bit key -in CBC mode with the IV Method -.Sq encblkno1 -(encrypted block number): +To set up and configure a cgd that uses adiantum, which takes a 256-bit +key: .Bd -literal - # cgdconfig -g -o /etc/cgd/wd0e aes-cbc 192 + # cgdconfig -g -o /etc/cgd/wd0e adiantum 256 # cgdconfig cgd0 /dev/wd0e /dev/wd0e's passphrase: .Ed @@ -370,7 +386,7 @@ when we configure the first time to set Here is the sequence of commands that is recommended: .Bd -literal - # cgdconfig -g -o /etc/cgd/wd0e -V disklabel aes-cbc + # cgdconfig -g -o /etc/cgd/wd0e -V disklabel adiantum # cgdconfig -V re-enter cgd0 /dev/wd0e /dev/wd0e's passphrase: re-enter device's passphrase: @@ -382,7 +398,7 @@ sequence of commands that is recommended .Pp To scrub data from a disk before setting up a cgd: .Bd -literal - # cgdconfig -s cgd0 /dev/sd0e aes-cbc 256 < /dev/urandom + # cgdconfig -s cgd0 /dev/sd0e adiantum 256 < /dev/urandom # dd if=/dev/zero of=/dev/rcgd0d bs=32k progress=512 # cgdconfig -u cgd0 .Ed @@ -395,10 +411,10 @@ parameters file: new file's passphrase: .Ed .Pp -To configure a cgd that uses Blowfish with a 200 bit key that it +To configure a cgd that uses aes-cbc with a 192 bit key that it reads from stdin: .Bd -literal - # cgdconfig -s cgd0 /dev/sd0h blowfish-cbc 200 + # cgdconfig -s cgd0 /dev/sd0h aes-cbc 192 .Ed .Pp An example parameters file which uses PKCS#5 PBKDF2: @@ -416,7 +432,7 @@ An example parameters file which uses PK .Pp An example parameters file which stores its key locally: .Bd -literal - algorithm aes-cbc; + algorithm adiantum; iv-method encblkno1; keylength 256; verify_method none;
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: wiz Date: Tue Jun 23 14:08:01 UTC 2020 Modified Files: src/sbin/cgdconfig: cgdconfig.8 Log Message: Use Nm. To generate a diff of this commit: cvs rdiff -u -r1.46 -r1.47 src/sbin/cgdconfig/cgdconfig.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sbin/cgdconfig/cgdconfig.8 diff -u src/sbin/cgdconfig/cgdconfig.8:1.46 src/sbin/cgdconfig/cgdconfig.8:1.47 --- src/sbin/cgdconfig/cgdconfig.8:1.46 Tue Jun 23 13:23:56 2020 +++ src/sbin/cgdconfig/cgdconfig.8 Tue Jun 23 14:08:01 2020 @@ -1,4 +1,4 @@ -.\" $NetBSD: cgdconfig.8,v 1.46 2020/06/23 13:23:56 nia Exp $ +.\" $NetBSD: cgdconfig.8,v 1.47 2020/06/23 14:08:01 wiz Exp $ .\" .\" Copyright (c) 2002, The NetBSD Foundation, Inc. .\" All rights reserved. @@ -187,8 +187,10 @@ The method simply reads and uses the resulting bits as the key. This is similar to the .Pa randomkey -method, but it guarantees that cgdconfig will not stall waiting for 256 -bits of entropy from a hardware RNG or seed. +method, but it guarantees that +.Nm +will not stall waiting for 256 bits of entropy from a hardware RNG +or seed. .It shell_cmd This method executes a shell command via .Xr popen 3
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: nia Date: Tue Jun 23 13:23:56 UTC 2020 Modified Files: src/sbin/cgdconfig: cgdconfig.8 Log Message: cgdconfig.8: remove references to using cgd for swap this is potentially misleading now that the kernel does swap encryption To generate a diff of this commit: cvs rdiff -u -r1.45 -r1.46 src/sbin/cgdconfig/cgdconfig.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sbin/cgdconfig/cgdconfig.8 diff -u src/sbin/cgdconfig/cgdconfig.8:1.45 src/sbin/cgdconfig/cgdconfig.8:1.46 --- src/sbin/cgdconfig/cgdconfig.8:1.45 Tue Jun 23 13:20:14 2020 +++ src/sbin/cgdconfig/cgdconfig.8 Tue Jun 23 13:23:56 2020 @@ -1,4 +1,4 @@ -.\" $NetBSD: cgdconfig.8,v 1.45 2020/06/23 13:20:14 nia Exp $ +.\" $NetBSD: cgdconfig.8,v 1.46 2020/06/23 13:23:56 nia Exp $ .\" .\" Copyright (c) 2002, The NetBSD Foundation, Inc. .\" All rights reserved. @@ -178,7 +178,7 @@ The method simply reads and uses the resulting bits as the key. It does not require a passphrase to be entered. This method is typically used to present disk devices that do not -need to survive a reboot, such as the swap partition. +need to survive a reboot. It is also handy to facilitate overwriting the contents of a disk volume with meaningless data prior to use. .It urandomkey @@ -188,8 +188,7 @@ and uses the resulting bits as the key. This is similar to the .Pa randomkey method, but it guarantees that cgdconfig will not stall waiting for 256 -bits of entropy from a hardware RNG or seed (useful when configuring a -cgd for swap at boot time). +bits of entropy from a hardware RNG or seed. .It shell_cmd This method executes a shell command via .Xr popen 3
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: nia Date: Tue Jun 23 13:20:14 UTC 2020 Modified Files: src/sbin/cgdconfig: cgdconfig.8 Log Message: cgdconfig.8: Reflect actual behaviour of /dev/(u)random To generate a diff of this commit: cvs rdiff -u -r1.44 -r1.45 src/sbin/cgdconfig/cgdconfig.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sbin/cgdconfig/cgdconfig.8 diff -u src/sbin/cgdconfig/cgdconfig.8:1.44 src/sbin/cgdconfig/cgdconfig.8:1.45 --- src/sbin/cgdconfig/cgdconfig.8:1.44 Sat Dec 29 18:34:01 2018 +++ src/sbin/cgdconfig/cgdconfig.8 Tue Jun 23 13:20:14 2020 @@ -1,4 +1,4 @@ -.\" $NetBSD: cgdconfig.8,v 1.44 2018/12/29 18:34:01 wiz Exp $ +.\" $NetBSD: cgdconfig.8,v 1.45 2020/06/23 13:20:14 nia Exp $ .\" .\" Copyright (c) 2002, The NetBSD Foundation, Inc. .\" All rights reserved. @@ -27,7 +27,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd December 27, 2018 +.Dd June 23, 2020 .Dt CGDCONFIG 8 .Os .Sh NAME @@ -187,12 +187,9 @@ The method simply reads and uses the resulting bits as the key. This is similar to the .Pa randomkey -method, but it guarantees that cgdconfig will not stall waiting for -hard-random bits (useful when configuring a cgd for swap at boot time). -Note, however, that some or all of the bits used to generate the -key may be obtained from a pseudo-random number generator, -which may not be as secure as the entropy based hard-random -number generator. +method, but it guarantees that cgdconfig will not stall waiting for 256 +bits of entropy from a hardware RNG or seed (useful when configuring a +cgd for swap at boot time). .It shell_cmd This method executes a shell command via .Xr popen 3
CVS commit: src/sbin/cgdconfig
Module Name:src
Committed By: kre
Date: Wed Apr 10 06:11:37 UTC 2019
Modified Files:
src/sbin/cgdconfig: cgdconfig.c
Log Message:
KNF, 80 column police, a few other tidy ups (use if (ret == 0) rather
than if (!ret) when ret is not a boolean, and test fopen result against
NULL, for example).
NFCI.
To generate a diff of this commit:
cvs rdiff -u -r1.49 -r1.50 src/sbin/cgdconfig/cgdconfig.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sbin/cgdconfig/cgdconfig.c
diff -u src/sbin/cgdconfig/cgdconfig.c:1.49 src/sbin/cgdconfig/cgdconfig.c:1.50
--- src/sbin/cgdconfig/cgdconfig.c:1.49 Wed Apr 10 06:09:39 2019
+++ src/sbin/cgdconfig/cgdconfig.c Wed Apr 10 06:11:37 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: cgdconfig.c,v 1.49 2019/04/10 06:09:39 kre Exp $ */
+/* $NetBSD: cgdconfig.c,v 1.50 2019/04/10 06:11:37 kre Exp $ */
/*-
* Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#ifndef lint
__COPYRIGHT("@(#) Copyright (c) 2002, 2003\
The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: cgdconfig.c,v 1.49 2019/04/10 06:09:39 kre Exp $");
+__RCSID("$NetBSD: cgdconfig.c,v 1.50 2019/04/10 06:11:37 kre Exp $");
#endif
#include
@@ -629,7 +629,7 @@ configure(int argc, char **argv, struct
(void)unconfigure_fd(fd);
goto bail_err;
}
- if (!ret)
+ if (ret == 0) /* success */
break;
(void)unconfigure_fd(fd);
@@ -646,7 +646,8 @@ configure(int argc, char **argv, struct
params_free(p);
(void)prog_close(fd);
return 0;
-bail_err:
+
+ bail_err:;
params_free(p);
(void)prog_close(fd);
return -1;
@@ -703,7 +704,7 @@ opendisk_werror(const char *cgd, char *b
{
int fd;
- VPRINTF(3, ("opendisk_werror(%s, %s, %zu) called.\n", cgd, buf, buflen));
+ VPRINTF(3, ("opendisk_werror(%s, %s, %zu) called.\n", cgd,buf,buflen));
/* sanity */
if (!cgd || !buf)
@@ -919,14 +920,14 @@ verify_gpt(int fd)
}
ret = 1;
- for (blksize=DEV_BSIZE;
- (off = blksize * GPT_HDR_BLKNO) <= SCANSIZE - sizeof(hdr);
+ for (blksize = DEV_BSIZE;
+ (off = (blksize * GPT_HDR_BLKNO)) <= SCANSIZE - sizeof(hdr);
blksize <<= 1) {
memcpy(&hdr, &buf[off], sizeof(hdr));
- if (memcmp(hdr.hdr_sig, GPT_HDR_SIG, sizeof(hdr.hdr_sig)) == 0 &&
- le32toh(hdr.hdr_revision) == GPT_HDR_REVISION &&
- le32toh(hdr.hdr_size) == GPT_HDR_SIZE) {
+ if (memcmp(hdr.hdr_sig, GPT_HDR_SIG, sizeof(hdr.hdr_sig)) == 0
+ && le32toh(hdr.hdr_revision) == GPT_HDR_REVISION
+ && le32toh(hdr.hdr_size) == GPT_HDR_SIZE) {
hdr.hdr_crc_self = 0;
if (crc32(&hdr, sizeof(hdr))) {
@@ -993,7 +994,9 @@ verify_reenter(struct params *p)
/* add a compat flag till the _OLD method goes away */
key = getkey_pkcs5_pbkdf2("re-enter device", kg,
- bits_len(orig_key), kg->kg_method == KEYGEN_PKCS5_PBKDF2_OLD);
+ bits_len(orig_key),
+ kg->kg_method == KEYGEN_PKCS5_PBKDF2_OLD);
+
ret = !bits_match(key, orig_key);
bits_free(key);
@@ -1113,7 +1116,7 @@ generate_convert(struct params *p, int a
}
return params_cput(p, outfile);
-bail:
+ bail:;
params_free(oldp);
return -1;
}
@@ -1141,7 +1144,7 @@ do_all(const char *cfile, int argc, char
fn = cfile;
f = fopen(fn, "r");
- if (!f) {
+ if (f == NULL) {
warn("could not open config file \"%s\"", fn);
return -1;
}
@@ -1222,7 +1225,7 @@ show(const char *dev) {
printf("%s ", iv_method(cgu.cgu_mode));
}
-out:
+ out:;
putchar('\n');
close(fd);
}
CVS commit: src/sbin/cgdconfig
Module Name:src
Committed By: mlelstv
Date: Sun Dec 30 12:05:48 UTC 2018
Modified Files:
src/sbin/cgdconfig: params.c
Log Message:
Avoid crash when no algorithm is specified in parameter file.
To generate a diff of this commit:
cvs rdiff -u -r1.29 -r1.30 src/sbin/cgdconfig/params.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sbin/cgdconfig/params.c
diff -u src/sbin/cgdconfig/params.c:1.29 src/sbin/cgdconfig/params.c:1.30
--- src/sbin/cgdconfig/params.c:1.29 Sun Dec 11 00:34:39 2016
+++ src/sbin/cgdconfig/params.c Sun Dec 30 12:05:48 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: params.c,v 1.29 2016/12/11 00:34:39 alnsn Exp $ */
+/* $NetBSD: params.c,v 1.30 2018/12/30 12:05:48 mlelstv Exp $ */
/*-
* Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@@ -31,7 +31,7 @@
#include
#ifndef lint
-__RCSID("$NetBSD: params.c,v 1.29 2016/12/11 00:34:39 alnsn Exp $");
+__RCSID("$NetBSD: params.c,v 1.30 2018/12/30 12:05:48 mlelstv Exp $");
#endif
#include
@@ -158,6 +158,8 @@ params_filldefaults(struct params *p)
if (!p->ivmeth)
p->ivmeth = string_fromcharstar("encblkno1");
if (p->keylen == (size_t)-1) {
+ if (p->algorithm == NULL)
+ return -1;
i = crypt_defaults_lookup(string_tocharstar(p->algorithm));
if (i != (size_t)-1) {
p->keylen = crypto_defaults[i].keylen;
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: wiz Date: Sat Dec 29 18:34:01 UTC 2018 Modified Files: src/sbin/cgdconfig: cgdconfig.8 Log Message: Sort SEE ALSO. To generate a diff of this commit: cvs rdiff -u -r1.43 -r1.44 src/sbin/cgdconfig/cgdconfig.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sbin/cgdconfig/cgdconfig.8 diff -u src/sbin/cgdconfig/cgdconfig.8:1.43 src/sbin/cgdconfig/cgdconfig.8:1.44 --- src/sbin/cgdconfig/cgdconfig.8:1.43 Fri Dec 28 18:33:54 2018 +++ src/sbin/cgdconfig/cgdconfig.8 Sat Dec 29 18:34:01 2018 @@ -1,4 +1,4 @@ -.\" $NetBSD: cgdconfig.8,v 1.43 2018/12/28 18:33:54 alnsn Exp $ +.\" $NetBSD: cgdconfig.8,v 1.44 2018/12/29 18:34:01 wiz Exp $ .\" .\" Copyright (c) 2002, The NetBSD Foundation, Inc. .\" All rights reserved. @@ -456,9 +456,9 @@ program's execution. .El .Sh SEE ALSO .Xr cgd 4 , -.Xr disklabel 8 , .Xr dk 4 , .Xr fstab 5 , +.Xr disklabel 8 , .Xr gpt 8 .Pp .Dq PKCS #5 v2.0: Password-Based Cryptography Standard ,
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: alnsn Date: Fri Dec 28 18:33:54 UTC 2018 Modified Files: src/sbin/cgdconfig: cgdconfig.8 Log Message: s/Dec/December/. To generate a diff of this commit: cvs rdiff -u -r1.42 -r1.43 src/sbin/cgdconfig/cgdconfig.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sbin/cgdconfig/cgdconfig.8 diff -u src/sbin/cgdconfig/cgdconfig.8:1.42 src/sbin/cgdconfig/cgdconfig.8:1.43 --- src/sbin/cgdconfig/cgdconfig.8:1.42 Thu Dec 27 21:17:08 2018 +++ src/sbin/cgdconfig/cgdconfig.8 Fri Dec 28 18:33:54 2018 @@ -1,4 +1,4 @@ -.\" $NetBSD: cgdconfig.8,v 1.42 2018/12/27 21:17:08 alnsn Exp $ +.\" $NetBSD: cgdconfig.8,v 1.43 2018/12/28 18:33:54 alnsn Exp $ .\" .\" Copyright (c) 2002, The NetBSD Foundation, Inc. .\" All rights reserved. @@ -27,7 +27,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd Dec 27, 2018 +.Dd December 27, 2018 .Dt CGDCONFIG 8 .Os .Sh NAME
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: alnsn Date: Thu Dec 27 21:17:08 UTC 2018 Modified Files: src/sbin/cgdconfig: cgdconfig.8 Log Message: Document that cgd.conf supports NAME=label and ROOT. targets. XXX Default paramsfile for NAME=label is /etc/cgd/dkNN (resolved wedge partition) and /etc/cgd/ROOT. for ROOT.. This isn't yet documented. IMO, it should be the other way around: /etc/cgd/label for the former and /et/cgd/[root-device] for the latter. To generate a diff of this commit: cvs rdiff -u -r1.41 -r1.42 src/sbin/cgdconfig/cgdconfig.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sbin/cgdconfig/cgdconfig.8 diff -u src/sbin/cgdconfig/cgdconfig.8:1.41 src/sbin/cgdconfig/cgdconfig.8:1.42 --- src/sbin/cgdconfig/cgdconfig.8:1.41 Sat Sep 1 11:46:52 2018 +++ src/sbin/cgdconfig/cgdconfig.8 Thu Dec 27 21:17:08 2018 @@ -1,4 +1,4 @@ -.\" $NetBSD: cgdconfig.8,v 1.41 2018/09/01 11:46:52 prlw1 Exp $ +.\" $NetBSD: cgdconfig.8,v 1.42 2018/12/27 21:17:08 alnsn Exp $ .\" .\" Copyright (c) 2002, The NetBSD Foundation, Inc. .\" All rights reserved. @@ -27,7 +27,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd May 9, 2018 +.Dd Dec 27, 2018 .Dt CGDCONFIG 8 .Os .Sh NAME @@ -248,6 +248,24 @@ A at the end of a line indicates that the next line is a continuation of the current line. .Pp +If the second field is of the form +.Dq NAME= +then all the +.Xr dk 4 +wedge partitions are searched for one that has a wedge name equal to +.Ar +and the device corresponding to it is selected. +.Pp +If the second field starts with the prefix +.Dq ROOT. +the prefix is replaced with +.Dq /dev/[root_device] , +where +.Bq root_device +is the value of the +.Dq kern.root_device +sysctl. +.Pp See .Sx EXAMPLES for an example of @@ -418,7 +436,7 @@ An example # cgd target [paramsfile] cgd0 /dev/wd0e - cgd1 /dev/sd0h /usr/local/etc/cgd/sd0h + cgd1 NAME=mycgd /usr/local/etc/cgd/mycgd .Ed .Pp Note the first entry will store the parameters file as @@ -439,6 +457,8 @@ program's execution. .Sh SEE ALSO .Xr cgd 4 , .Xr disklabel 8 , +.Xr dk 4 , +.Xr fstab 5 , .Xr gpt 8 .Pp .Dq PKCS #5 v2.0: Password-Based Cryptography Standard ,
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: prlw1 Date: Sat Sep 1 11:46:52 UTC 2018 Modified Files: src/sbin/cgdconfig: cgdconfig.8 Log Message: typo To generate a diff of this commit: cvs rdiff -u -r1.40 -r1.41 src/sbin/cgdconfig/cgdconfig.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sbin/cgdconfig/cgdconfig.8 diff -u src/sbin/cgdconfig/cgdconfig.8:1.40 src/sbin/cgdconfig/cgdconfig.8:1.41 --- src/sbin/cgdconfig/cgdconfig.8:1.40 Wed May 9 20:23:35 2018 +++ src/sbin/cgdconfig/cgdconfig.8 Sat Sep 1 11:46:52 2018 @@ -1,4 +1,4 @@ -.\" $NetBSD: cgdconfig.8,v 1.40 2018/05/09 20:23:35 kre Exp $ +.\" $NetBSD: cgdconfig.8,v 1.41 2018/09/01 11:46:52 prlw1 Exp $ .\" .\" Copyright (c) 2002, The NetBSD Foundation, Inc. .\" All rights reserved. @@ -90,7 +90,7 @@ The options are as follows: .It Fl C Configure all the devices listed in the cgd configuration file. .It Fl e -Echo the passphase. +Echo the passphrase. .It Fl f Ar configfile Specify the configuration file explicitly, rather than using the default configuration file
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: kre Date: Wed May 9 20:23:35 UTC 2018 Modified Files: src/sbin/cgdconfig: cgdconfig.8 Log Message: With the change to use getpass_r the 128 byte passphrase limit no longer applies, so update the BUGS section here to reflect that change. The limit now is 1023 whichever method is used to fetch the passphrase. To generate a diff of this commit: cvs rdiff -u -r1.39 -r1.40 src/sbin/cgdconfig/cgdconfig.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sbin/cgdconfig/cgdconfig.8 diff -u src/sbin/cgdconfig/cgdconfig.8:1.39 src/sbin/cgdconfig/cgdconfig.8:1.40 --- src/sbin/cgdconfig/cgdconfig.8:1.39 Wed May 9 18:11:56 2018 +++ src/sbin/cgdconfig/cgdconfig.8 Wed May 9 20:23:35 2018 @@ -1,4 +1,4 @@ -.\" $NetBSD: cgdconfig.8,v 1.39 2018/05/09 18:11:56 alnsn Exp $ +.\" $NetBSD: cgdconfig.8,v 1.40 2018/05/09 20:23:35 kre Exp $ .\" .\" Copyright (c) 2002, The NetBSD Foundation, Inc. .\" All rights reserved. @@ -449,14 +449,4 @@ The utility appeared in .Nx 2.0 . .Sh BUGS -Since -.Nm -without -.Fl p -uses -.Xr getpass 3 -to read in the passphrase, -it is limited to sysconf(_SC_PASS_MAX) (128) characters. -With -.Fl p -the limit is 1023 characters. +Pass phrases are limited to 1023 bytes.
CVS commit: src/sbin/cgdconfig
Module Name:src
Committed By: alnsn
Date: Wed May 9 19:38:46 UTC 2018
Modified Files:
src/sbin/cgdconfig: cgdconfig.c
Log Message:
use explicit_memset(3)
To generate a diff of this commit:
cvs rdiff -u -r1.47 -r1.48 src/sbin/cgdconfig/cgdconfig.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sbin/cgdconfig/cgdconfig.c
diff -u src/sbin/cgdconfig/cgdconfig.c:1.47 src/sbin/cgdconfig/cgdconfig.c:1.48
--- src/sbin/cgdconfig/cgdconfig.c:1.47 Wed May 9 18:18:11 2018
+++ src/sbin/cgdconfig/cgdconfig.c Wed May 9 19:38:46 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: cgdconfig.c,v 1.47 2018/05/09 18:18:11 alnsn Exp $ */
+/* $NetBSD: cgdconfig.c,v 1.48 2018/05/09 19:38:46 alnsn Exp $ */
/*-
* Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#ifndef lint
__COPYRIGHT("@(#) Copyright (c) 2002, 2003\
The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: cgdconfig.c,v 1.47 2018/05/09 18:18:11 alnsn Exp $");
+__RCSID("$NetBSD: cgdconfig.c,v 1.48 2018/05/09 19:38:46 alnsn Exp $");
#endif
#include
@@ -412,7 +412,7 @@ maybe_getpass(char *prompt)
err(EXIT_FAILURE, "failed to read passphrase");
pass = estrdup(p);
- memset(buf, 0, sizeof(buf));
+ explicit_memset(buf, 0, sizeof(buf));
return pass;
}
@@ -448,7 +448,7 @@ getkey_pkcs5_pbkdf2(const char *target,
ret = bits_new(tmp, keylen);
kg->kg_key = bits_dup(ret);
- memset(passp, 0, strlen(passp));
+ explicit_memset(passp, 0, strlen(passp));
free(passp);
free(tmp);
return ret;
CVS commit: src/sbin/cgdconfig
Module Name:src
Committed By: alnsn
Date: Wed May 9 18:18:11 UTC 2018
Modified Files:
src/sbin/cgdconfig: cgdconfig.c
Log Message:
Missed one change when doing a manual merge of my patch with kre's commit.
To generate a diff of this commit:
cvs rdiff -u -r1.46 -r1.47 src/sbin/cgdconfig/cgdconfig.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sbin/cgdconfig/cgdconfig.c
diff -u src/sbin/cgdconfig/cgdconfig.c:1.46 src/sbin/cgdconfig/cgdconfig.c:1.47
--- src/sbin/cgdconfig/cgdconfig.c:1.46 Wed May 9 18:11:56 2018
+++ src/sbin/cgdconfig/cgdconfig.c Wed May 9 18:18:11 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: cgdconfig.c,v 1.46 2018/05/09 18:11:56 alnsn Exp $ */
+/* $NetBSD: cgdconfig.c,v 1.47 2018/05/09 18:18:11 alnsn Exp $ */
/*-
* Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#ifndef lint
__COPYRIGHT("@(#) Copyright (c) 2002, 2003\
The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: cgdconfig.c,v 1.46 2018/05/09 18:11:56 alnsn Exp $");
+__RCSID("$NetBSD: cgdconfig.c,v 1.47 2018/05/09 18:18:11 alnsn Exp $");
#endif
#include
@@ -599,7 +599,9 @@ configure(int argc, char **argv, struct
* a password.
*/
- for (kg = p->keygen; pflag == PFLAG_GETPASS && kg; kg = kg->next)
+ for (kg = p->keygen;
+ (pflag & PFLAG_GETPASS_MASK) && kg;
+ kg = kg->next)
if ((kg->kg_method == KEYGEN_PKCS5_PBKDF2_SHA1) ||
(kg->kg_method == KEYGEN_PKCS5_PBKDF2_OLD )) {
loop = 1;
CVS commit: src/sbin/cgdconfig
Module Name:src
Committed By: alnsn
Date: Wed May 9 18:11:56 UTC 2018
Modified Files:
src/sbin/cgdconfig: cgdconfig.8 cgdconfig.c
Log Message:
Add '-e' option (echo the passphrase) and wipe the passphrase after use.
XXX Using memset for wiping isn't a good idea because memset is likely
optimised away by gcc. This should be revisited.
To generate a diff of this commit:
cvs rdiff -u -r1.38 -r1.39 src/sbin/cgdconfig/cgdconfig.8
cvs rdiff -u -r1.45 -r1.46 src/sbin/cgdconfig/cgdconfig.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sbin/cgdconfig/cgdconfig.8
diff -u src/sbin/cgdconfig/cgdconfig.8:1.38 src/sbin/cgdconfig/cgdconfig.8:1.39
--- src/sbin/cgdconfig/cgdconfig.8:1.38 Wed May 9 17:35:03 2018
+++ src/sbin/cgdconfig/cgdconfig.8 Wed May 9 18:11:56 2018
@@ -1,4 +1,4 @@
-.\" $NetBSD: cgdconfig.8,v 1.38 2018/05/09 17:35:03 wiz Exp $
+.\" $NetBSD: cgdconfig.8,v 1.39 2018/05/09 18:11:56 alnsn Exp $
.\"
.\" Copyright (c) 2002, The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -35,17 +35,17 @@
.Nd configuration utility for the cryptographic disk driver
.Sh SYNOPSIS
.Nm
-.Op Fl npv
+.Op Fl enpv
.Op Fl V Ar vmeth
.Ar cgd dev
.Op Ar paramsfile
.Nm
.Fl C
-.Op Fl npv
+.Op Fl enpv
.Op Fl f Ar configfile
.Nm
.Fl G
-.Op Fl npv
+.Op Fl enpv
.Op Fl i Ar ivmeth
.Op Fl k Ar kgmeth
.Op Fl o Ar outfile
@@ -89,6 +89,8 @@ The options are as follows:
.Bl -tag -width configfile
.It Fl C
Configure all the devices listed in the cgd configuration file.
+.It Fl e
+Echo the passphase.
.It Fl f Ar configfile
Specify the configuration file explicitly, rather than using the default
configuration file
Index: src/sbin/cgdconfig/cgdconfig.c
diff -u src/sbin/cgdconfig/cgdconfig.c:1.45 src/sbin/cgdconfig/cgdconfig.c:1.46
--- src/sbin/cgdconfig/cgdconfig.c:1.45 Wed May 9 14:27:41 2018
+++ src/sbin/cgdconfig/cgdconfig.c Wed May 9 18:11:56 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: cgdconfig.c,v 1.45 2018/05/09 14:27:41 kre Exp $ */
+/* $NetBSD: cgdconfig.c,v 1.46 2018/05/09 18:11:56 alnsn Exp $ */
/*-
* Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#ifndef lint
__COPYRIGHT("@(#) Copyright (c) 2002, 2003\
The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: cgdconfig.c,v 1.45 2018/05/09 14:27:41 kre Exp $");
+__RCSID("$NetBSD: cgdconfig.c,v 1.46 2018/05/09 18:11:56 alnsn Exp $");
#endif
#include
@@ -89,8 +89,10 @@ int nflag = 0;
/* if pflag is set to PFLAG_STDIN read from stdin rather than getpass(3) */
-#define PFLAG_GETPASS 0x01
-#define PFLAG_STDIN 0x02
+#define PFLAG_GETPASS 0x01
+#define PFLAG_GETPASS_ECHO 0x02
+#define PFLAG_GETPASS_MASK 0x03
+#define PFLAG_STDIN 0x04
int pflag = PFLAG_GETPASS;
static int configure(int, char **, struct params *, int);
@@ -136,11 +138,11 @@ static void
usage(void)
{
- (void)fprintf(stderr, "usage: %s [-npv] [-V vmeth] cgd dev "
+ (void)fprintf(stderr, "usage: %s [-enpv] [-V vmeth] cgd dev "
"[paramsfile]\n", getprogname());
- (void)fprintf(stderr, " %s -C [-npv] [-f configfile]\n",
+ (void)fprintf(stderr, " %s -C [-enpv] [-f configfile]\n",
getprogname());
- (void)fprintf(stderr, " %s -G [-npv] [-i ivmeth] [-k kgmeth] "
+ (void)fprintf(stderr, " %s -G [-enpv] [-i ivmeth] [-k kgmeth] "
"[-o outfile] paramsfile\n", getprogname());
(void)fprintf(stderr, " %s -g [-nv] [-i ivmeth] [-k kgmeth] "
"[-o outfile] alg [keylen]\n", getprogname());
@@ -201,7 +203,7 @@ main(int argc, char **argv)
p = params_new();
kg = NULL;
- while ((ch = getopt(argc, argv, "CGUV:b:f:gi:k:lno:spuv")) != -1)
+ while ((ch = getopt(argc, argv, "CGUV:b:ef:gi:k:lno:spuv")) != -1)
switch (ch) {
case 'C':
set_action(&action, ACTION_CONFIGALL);
@@ -230,6 +232,9 @@ main(int argc, char **argv)
p = params_combine(p, tp);
}
break;
+ case 'e':
+ pflag = PFLAG_GETPASS_ECHO;
+ break;
case 'f':
if (cfile)
usage();
@@ -377,12 +382,17 @@ static char *
maybe_getpass(char *prompt)
{
char buf[1024];
- char *p = buf;
- char *tmp;
+ char *p = NULL;
+ char *tmp, *pass;
switch (pflag) {
case PFLAG_GETPASS:
- p = getpass(prompt);
+ p = getpass_r(prompt, buf, sizeof(buf));
+ break;
+
+ case PFLAG_GETPASS_ECHO:
+ p = getpassfd(prompt, buf, sizeof(buf), NULL,
+ GETPASS_ECHO|GETPASS_ECHO_NL|GETPASS_NEED_TTY, 0);
break;
case PFLAG_STDIN:
@@ -401,7 +411,10 @@ maybe_getpass(char *prompt)
if (!p)
err(EXIT_FAILURE, "failed to read passphrase");
- return estrdup(p);
+ pass = estrdup(p);
+ memset(buf, 0, sizeof(buf));
+
+ return pass;
}
/*ARGSUSED*/
@@ -422,7 +435,8 @@ getkey_pkcs5_pbkdf2(const char *target,
char buf[1024];
u_int8_t *tmp;
- snprintf(buf, sizeof(buf), "%s's passphrase:", target);
+ snprintf(buf, sizeof(buf), "%s's passphrase%s:", target,
+ pflag & PFLAG_GETPASS_ECHO ? " (echo)" : "");
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: wiz Date: Wed May 9 17:35:03 UTC 2018 Modified Files: src/sbin/cgdconfig: cgdconfig.8 Log Message: Add commas in enumeration. To generate a diff of this commit: cvs rdiff -u -r1.37 -r1.38 src/sbin/cgdconfig/cgdconfig.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sbin/cgdconfig/cgdconfig.8 diff -u src/sbin/cgdconfig/cgdconfig.8:1.37 src/sbin/cgdconfig/cgdconfig.8:1.38 --- src/sbin/cgdconfig/cgdconfig.8:1.37 Wed May 9 14:27:41 2018 +++ src/sbin/cgdconfig/cgdconfig.8 Wed May 9 17:35:03 2018 @@ -1,4 +1,4 @@ -.\" $NetBSD: cgdconfig.8,v 1.37 2018/05/09 14:27:41 kre Exp $ +.\" $NetBSD: cgdconfig.8,v 1.38 2018/05/09 17:35:03 wiz Exp $ .\" .\" Copyright (c) 2002, The NetBSD Foundation, Inc. .\" All rights reserved. @@ -435,8 +435,8 @@ Ensure that the processor clock frequenc program's execution. .El .Sh SEE ALSO -.Xr cgd 4 -.Xr disklabel 8 +.Xr cgd 4 , +.Xr disklabel 8 , .Xr gpt 8 .Pp .Dq PKCS #5 v2.0: Password-Based Cryptography Standard ,
CVS commit: src/sbin/cgdconfig
Module Name:src
Committed By: kre
Date: Wed May 9 14:27:41 UTC 2018
Modified Files:
src/sbin/cgdconfig: cgdconfig.8 cgdconfig.c
Log Message:
Fix missing -p in usage message (noted by Christoph Badura, thanks),
and update -l usage as well.
While here fix man page synopses and a few other odds and ends.
To generate a diff of this commit:
cvs rdiff -u -r1.36 -r1.37 src/sbin/cgdconfig/cgdconfig.8
cvs rdiff -u -r1.44 -r1.45 src/sbin/cgdconfig/cgdconfig.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sbin/cgdconfig/cgdconfig.8
diff -u src/sbin/cgdconfig/cgdconfig.8:1.36 src/sbin/cgdconfig/cgdconfig.8:1.37
--- src/sbin/cgdconfig/cgdconfig.8:1.36 Sun Sep 11 01:09:34 2016
+++ src/sbin/cgdconfig/cgdconfig.8 Wed May 9 14:27:41 2018
@@ -1,4 +1,4 @@
-.\" $NetBSD: cgdconfig.8,v 1.36 2016/09/11 01:09:34 sevan Exp $
+.\" $NetBSD: cgdconfig.8,v 1.37 2018/05/09 14:27:41 kre Exp $
.\"
.\" Copyright (c) 2002, The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -27,7 +27,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd September 11, 2016
+.Dd May 9, 2018
.Dt CGDCONFIG 8
.Os
.Sh NAME
@@ -41,11 +41,11 @@
.Op Ar paramsfile
.Nm
.Fl C
-.Op Fl nv
+.Op Fl npv
.Op Fl f Ar configfile
.Nm
.Fl G
-.Op Fl nv
+.Op Fl npv
.Op Fl i Ar ivmeth
.Op Fl k Ar kgmeth
.Op Fl o Ar outfile
@@ -60,7 +60,8 @@
.Op Ar keylen
.Nm
.Fl l
-.Op Fl cgd
+.Op Fl v Ns Op Cm v
+.Op Ar cgd
.Nm
.Fl s
.Op Fl nv
@@ -96,7 +97,7 @@ configuration file
Generate a new paramsfile (to stdout) using the values from
.Ar paramsfile
which will generate the same key.
-This may need to prompt for multiple passphrases.
+This may need to obtain multiple passphrases.
.It Fl g
Generate a paramsfile (to stdout).
.It Fl i Ar ivmeth
@@ -116,6 +117,9 @@ When generating a
.Ar paramsfile ,
store it in
.Ar outfile .
+If
+.Fl o
+is not given, any paramsfile content is written to standard output.
.It Fl p
Read all passphrases from stdin rather than
.Pa /dev/tty .
@@ -126,7 +130,7 @@ If this flag is specified then verificat
in question to be unconfigured rather than prompting for the passphrase
again.
.It Fl s
-Read the key from stdin.
+Read the key (nb: not the passphrase) from stdin.
.It Fl U
Unconfigure all the devices listed in the cgd configuration file.
.It Fl u
@@ -421,7 +425,7 @@ And use the entered passphrase to genera
.Pp
Although not required, the partition type
.Ar cgd
-should be used in the disklabel for the cgd partition.
+should be used in the disklabel or GPT type field for the cgd partition.
.Sh DIAGNOSTICS
.Bl -diag
.It "cgdconfig: could not calibrate pkcs5_pbkdf2"
@@ -432,6 +436,8 @@ program's execution.
.El
.Sh SEE ALSO
.Xr cgd 4
+.Xr disklabel 8
+.Xr gpt 8
.Pp
.Dq PKCS #5 v2.0: Password-Based Cryptography Standard ,
RSA Laboratories, March 25, 1999.
@@ -443,6 +449,12 @@ utility appeared in
.Sh BUGS
Since
.Nm
+without
+.Fl p
uses
.Xr getpass 3
-to read in the passphrase, it is limited to 128 characters.
+to read in the passphrase,
+it is limited to sysconf(_SC_PASS_MAX) (128) characters.
+With
+.Fl p
+the limit is 1023 characters.
Index: src/sbin/cgdconfig/cgdconfig.c
diff -u src/sbin/cgdconfig/cgdconfig.c:1.44 src/sbin/cgdconfig/cgdconfig.c:1.45
--- src/sbin/cgdconfig/cgdconfig.c:1.44 Wed May 9 13:19:33 2018
+++ src/sbin/cgdconfig/cgdconfig.c Wed May 9 14:27:41 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: cgdconfig.c,v 1.44 2018/05/09 13:19:33 kre Exp $ */
+/* $NetBSD: cgdconfig.c,v 1.45 2018/05/09 14:27:41 kre Exp $ */
/*-
* Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#ifndef lint
__COPYRIGHT("@(#) Copyright (c) 2002, 2003\
The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: cgdconfig.c,v 1.44 2018/05/09 13:19:33 kre Exp $");
+__RCSID("$NetBSD: cgdconfig.c,v 1.45 2018/05/09 14:27:41 kre Exp $");
#endif
#include
@@ -136,17 +136,19 @@ static void
usage(void)
{
- (void)fprintf(stderr, "usage: %s [-nv] [-V vmeth] cgd dev [paramsfile]\n",
+ (void)fprintf(stderr, "usage: %s [-npv] [-V vmeth] cgd dev "
+ "[paramsfile]\n", getprogname());
+ (void)fprintf(stderr, " %s -C [-npv] [-f configfile]\n",
getprogname());
- (void)fprintf(stderr, " %s -C [-nv] [-f configfile]\n", getprogname());
- (void)fprintf(stderr, " %s -G [-nv] [-i ivmeth] [-k kgmeth] "
+ (void)fprintf(stderr, " %s -G [-npv] [-i ivmeth] [-k kgmeth] "
"[-o outfile] paramsfile\n", getprogname());
(void)fprintf(stderr, " %s -g [-nv] [-i ivmeth] [-k kgmeth] "
"[-o outfile] alg [keylen]\n", getprogname());
- (void)fprintf(stderr, " %s -l\n", getprogname());
+ (void)fprintf(stderr, " %s -l [-v[v]] [cgd]\n", getprogname());
(void)fprintf(stderr, " %s -s [-nv] [-i ivmeth] cgd dev alg "
"[keylen]\n", getprogname());
- (void)fprintf(stde
CVS commit: src/sbin/cgdconfig
Module Name:src
Committed By: kre
Date: Wed May 9 13:19:33 UTC 2018
Modified Files:
src/sbin/cgdconfig: cgdconfig.c
Log Message:
Check arg count in configure() at entry, rather than later.
This avoids the stupid null deref I added a couple of commits
ago (on bad usage) and also simplifies the rest of the routine
which no longer needs to check the arg count nearly as much.
Thanks to Alexander Nasonov for finding the null deref bug.
To generate a diff of this commit:
cvs rdiff -u -r1.43 -r1.44 src/sbin/cgdconfig/cgdconfig.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sbin/cgdconfig/cgdconfig.c
diff -u src/sbin/cgdconfig/cgdconfig.c:1.43 src/sbin/cgdconfig/cgdconfig.c:1.44
--- src/sbin/cgdconfig/cgdconfig.c:1.43 Sun May 6 20:55:42 2018
+++ src/sbin/cgdconfig/cgdconfig.c Wed May 9 13:19:33 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: cgdconfig.c,v 1.43 2018/05/06 20:55:42 kre Exp $ */
+/* $NetBSD: cgdconfig.c,v 1.44 2018/05/09 13:19:33 kre Exp $ */
/*-
* Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#ifndef lint
__COPYRIGHT("@(#) Copyright (c) 2002, 2003\
The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: cgdconfig.c,v 1.43 2018/05/06 20:55:42 kre Exp $");
+__RCSID("$NetBSD: cgdconfig.c,v 1.44 2018/05/09 13:19:33 kre Exp $");
#endif
#include
@@ -515,6 +515,15 @@ configure(int argc, char **argv, struct
char devicename[PATH_MAX];
const char *dev = NULL; /* XXX: gcc */
+ if (argc < 2 || argc > 3) {
+ /* print usage and exit, only if called from main() */
+ if (flags == CONFIG_FLAGS_FROMMAIN) {
+ warnx("wrong number of args");
+ usage();
+ }
+ return -1;
+ }
+
if ((
fd = opendisk1(*argv, O_RDWR, cgdname, sizeof(cgdname), 1, prog_open)
) != -1) {
@@ -529,12 +538,10 @@ configure(int argc, char **argv, struct
prog_close(fd);
}
- if (argc == 2 || argc == 3) {
- dev = getfsspecname(devicename, sizeof(devicename), argv[1]);
- if (dev == NULL) {
- warnx("getfsspecname failed: %s", devicename);
- return -1;
- }
+ dev = getfsspecname(devicename, sizeof(devicename), argv[1]);
+ if (dev == NULL) {
+ warnx("getfsspecname failed: %s", devicename);
+ return -1;
}
if (argc == 2) {
@@ -543,16 +550,8 @@ configure(int argc, char **argv, struct
/* make string writable for basename */
strlcpy(pfile, dev, sizeof(pfile));
p = params_cget(basename(pfile));
- } else if (argc == 3) {
+ } else
p = params_cget(argv[2]);
- } else {
- /* print usage and exit, only if called from main() */
- if (flags == CONFIG_FLAGS_FROMMAIN) {
- warnx("wrong number of args");
- usage();
- }
- return -1;
- }
if (!p)
return -1;
CVS commit: src/sbin/cgdconfig
Module Name:src
Committed By: kre
Date: Sun May 6 20:55:42 UTC 2018
Modified Files:
src/sbin/cgdconfig: cgdconfig.c
Log Message:
Fix usage for rump. Fixes test breakage caused by previous commit.
To generate a diff of this commit:
cvs rdiff -u -r1.42 -r1.43 src/sbin/cgdconfig/cgdconfig.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sbin/cgdconfig/cgdconfig.c
diff -u src/sbin/cgdconfig/cgdconfig.c:1.42 src/sbin/cgdconfig/cgdconfig.c:1.43
--- src/sbin/cgdconfig/cgdconfig.c:1.42 Sat May 5 11:28:44 2018
+++ src/sbin/cgdconfig/cgdconfig.c Sun May 6 20:55:42 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: cgdconfig.c,v 1.42 2018/05/05 11:28:44 kre Exp $ */
+/* $NetBSD: cgdconfig.c,v 1.43 2018/05/06 20:55:42 kre Exp $ */
/*-
* Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#ifndef lint
__COPYRIGHT("@(#) Copyright (c) 2002, 2003\
The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: cgdconfig.c,v 1.42 2018/05/05 11:28:44 kre Exp $");
+__RCSID("$NetBSD: cgdconfig.c,v 1.43 2018/05/06 20:55:42 kre Exp $");
#endif
#include
@@ -523,10 +523,10 @@ configure(int argc, char **argv, struct
cgu.cgu_unit = -1;
if (prog_ioctl(fd, CGDIOCGET, &cgu) != -1 && cgu.cgu_dev != 0) {
warnx("device %s already in use", *argv);
- close(fd);
+ prog_close(fd);
return -1;
}
- close(fd);
+ prog_close(fd);
}
if (argc == 2 || argc == 3) {
CVS commit: src/sbin/cgdconfig
Module Name:src
Committed By: kre
Date: Sat May 5 11:28:44 UTC 2018
Modified Files:
src/sbin/cgdconfig: cgdconfig.c
Log Message:
Check whether the cgd device selected is available to be
configured,that is, not already in use, before requesting
passwords from the user (or elsewhere).
To generate a diff of this commit:
cvs rdiff -u -r1.41 -r1.42 src/sbin/cgdconfig/cgdconfig.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sbin/cgdconfig/cgdconfig.c
diff -u src/sbin/cgdconfig/cgdconfig.c:1.41 src/sbin/cgdconfig/cgdconfig.c:1.42
--- src/sbin/cgdconfig/cgdconfig.c:1.41 Tue Jan 10 20:45:19 2017
+++ src/sbin/cgdconfig/cgdconfig.c Sat May 5 11:28:44 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: cgdconfig.c,v 1.41 2017/01/10 20:45:19 christos Exp $ */
+/* $NetBSD: cgdconfig.c,v 1.42 2018/05/05 11:28:44 kre Exp $ */
/*-
* Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#ifndef lint
__COPYRIGHT("@(#) Copyright (c) 2002, 2003\
The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: cgdconfig.c,v 1.41 2017/01/10 20:45:19 christos Exp $");
+__RCSID("$NetBSD: cgdconfig.c,v 1.42 2018/05/05 11:28:44 kre Exp $");
#endif
#include
@@ -515,6 +515,20 @@ configure(int argc, char **argv, struct
char devicename[PATH_MAX];
const char *dev = NULL; /* XXX: gcc */
+ if ((
+ fd = opendisk1(*argv, O_RDWR, cgdname, sizeof(cgdname), 1, prog_open)
+ ) != -1) {
+ struct cgd_user cgu;
+
+ cgu.cgu_unit = -1;
+ if (prog_ioctl(fd, CGDIOCGET, &cgu) != -1 && cgu.cgu_dev != 0) {
+ warnx("device %s already in use", *argv);
+ close(fd);
+ return -1;
+ }
+ close(fd);
+ }
+
if (argc == 2 || argc == 3) {
dev = getfsspecname(devicename, sizeof(devicename), argv[1]);
if (dev == NULL) {
CVS commit: src/sbin/cgdconfig
Module Name:src
Committed By: christos
Date: Tue Jan 10 20:45:19 UTC 2017
Modified Files:
src/sbin/cgdconfig: cgdconfig.c
Log Message:
Need for S_IFBLK.
To generate a diff of this commit:
cvs rdiff -u -r1.40 -r1.41 src/sbin/cgdconfig/cgdconfig.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sbin/cgdconfig/cgdconfig.c
diff -u src/sbin/cgdconfig/cgdconfig.c:1.40 src/sbin/cgdconfig/cgdconfig.c:1.41
--- src/sbin/cgdconfig/cgdconfig.c:1.40 Sun Nov 22 15:24:19 2015
+++ src/sbin/cgdconfig/cgdconfig.c Tue Jan 10 15:45:19 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: cgdconfig.c,v 1.40 2015/11/22 20:24:19 christos Exp $ */
+/* $NetBSD: cgdconfig.c,v 1.41 2017/01/10 20:45:19 christos Exp $ */
/*-
* Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#ifndef lint
__COPYRIGHT("@(#) Copyright (c) 2002, 2003\
The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: cgdconfig.c,v 1.40 2015/11/22 20:24:19 christos Exp $");
+__RCSID("$NetBSD: cgdconfig.c,v 1.41 2017/01/10 20:45:19 christos Exp $");
#endif
#include
@@ -49,6 +49,7 @@ __RCSID("$NetBSD: cgdconfig.c,v 1.40 201
#include
#include
+#include
#include
#include
#include
CVS commit: src/sbin/cgdconfig
Module Name:src
Committed By: alnsn
Date: Sun Dec 11 00:34:39 UTC 2016
Modified Files:
src/sbin/cgdconfig: params.c
Log Message:
Add aes-xts to cgdconfig(8).
To generate a diff of this commit:
cvs rdiff -u -r1.28 -r1.29 src/sbin/cgdconfig/params.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sbin/cgdconfig/params.c
diff -u src/sbin/cgdconfig/params.c:1.28 src/sbin/cgdconfig/params.c:1.29
--- src/sbin/cgdconfig/params.c:1.28 Tue Nov 24 14:07:18 2015
+++ src/sbin/cgdconfig/params.c Sun Dec 11 00:34:39 2016
@@ -1,4 +1,4 @@
-/* $NetBSD: params.c,v 1.28 2015/11/24 14:07:18 christos Exp $ */
+/* $NetBSD: params.c,v 1.29 2016/12/11 00:34:39 alnsn Exp $ */
/*-
* Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@@ -31,7 +31,7 @@
#include
#ifndef lint
-__RCSID("$NetBSD: params.c,v 1.28 2015/11/24 14:07:18 christos Exp $");
+__RCSID("$NetBSD: params.c,v 1.29 2016/12/11 00:34:39 alnsn Exp $");
#endif
#include
@@ -70,6 +70,7 @@ static struct crypto_defaults {
int keylen;
} crypto_defaults[] = {
{ "aes-cbc", 128 },
+ { "aes-xts", 256 },
{ "3des-cbc", 192 },
{ "blowfish-cbc", 128 }
};
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: sevan Date: Sun Sep 11 01:09:34 UTC 2016 Modified Files: src/sbin/cgdconfig: cgdconfig.8 Log Message: Spelling mistake. Bump date. To generate a diff of this commit: cvs rdiff -u -r1.35 -r1.36 src/sbin/cgdconfig/cgdconfig.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sbin/cgdconfig/cgdconfig.8 diff -u src/sbin/cgdconfig/cgdconfig.8:1.35 src/sbin/cgdconfig/cgdconfig.8:1.36 --- src/sbin/cgdconfig/cgdconfig.8:1.35 Sun Dec 14 17:15:14 2014 +++ src/sbin/cgdconfig/cgdconfig.8 Sun Sep 11 01:09:34 2016 @@ -1,4 +1,4 @@ -.\" $NetBSD: cgdconfig.8,v 1.35 2014/12/14 17:15:14 wiz Exp $ +.\" $NetBSD: cgdconfig.8,v 1.36 2016/09/11 01:09:34 sevan Exp $ .\" .\" Copyright (c) 2002, The NetBSD Foundation, Inc. .\" All rights reserved. @@ -27,7 +27,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd December 14, 2014 +.Dd September 11, 2016 .Dt CGDCONFIG 8 .Os .Sh NAME @@ -425,7 +425,7 @@ should be used in the disklabel for the .Sh DIAGNOSTICS .Bl -diag .It "cgdconfig: could not calibrate pkcs5_pbkdf2" -An error greater than 5% in calibration occured. +An error greater than 5% in calibration occurred. This could be the result of dynamic processor frequency scaling technology. Ensure that the processor clock frequency remains static throughout the program's execution.
CVS commit: src/sbin/cgdconfig
Module Name:src
Committed By: christos
Date: Fri Jul 1 22:50:09 UTC 2016
Modified Files:
src/sbin/cgdconfig: Makefile pkcs5_pbkdf2.c
Log Message:
replace openssl HMAC(3) with our hmac(3).
To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 src/sbin/cgdconfig/Makefile
cvs rdiff -u -r1.15 -r1.16 src/sbin/cgdconfig/pkcs5_pbkdf2.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sbin/cgdconfig/Makefile
diff -u src/sbin/cgdconfig/Makefile:1.14 src/sbin/cgdconfig/Makefile:1.15
--- src/sbin/cgdconfig/Makefile:1.14 Tue Dec 14 12:46:21 2010
+++ src/sbin/cgdconfig/Makefile Fri Jul 1 18:50:09 2016
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.14 2010/12/14 17:46:21 pooka Exp $
+# $NetBSD: Makefile,v 1.15 2016/07/01 22:50:09 christos Exp $
RUMPPRG=cgdconfig
MAN= cgdconfig.8
@@ -14,7 +14,7 @@ CPPFLAGS+= -I${.CURDIR} -I. -DYY_NO_INPU
YHEADER=1
-DPADD= ${LIBUTIL} ${LIBCRYPTO} ${LIBCRYPT} ${LIBY} ${LIBL}
-LDADD= -lutil -lcrypto -lcrypt -ly -ll
+DPADD= ${LIBUTIL} ${LIBCRYPT} ${LIBY} ${LIBL}
+LDADD= -lutil -lcrypt -ly -ll
.include
Index: src/sbin/cgdconfig/pkcs5_pbkdf2.c
diff -u src/sbin/cgdconfig/pkcs5_pbkdf2.c:1.15 src/sbin/cgdconfig/pkcs5_pbkdf2.c:1.16
--- src/sbin/cgdconfig/pkcs5_pbkdf2.c:1.15 Sat Nov 27 12:08:37 2010
+++ src/sbin/cgdconfig/pkcs5_pbkdf2.c Fri Jul 1 18:50:09 2016
@@ -1,4 +1,4 @@
-/* $NetBSD: pkcs5_pbkdf2.c,v 1.15 2010/11/27 17:08:37 elric Exp $ */
+/* $NetBSD: pkcs5_pbkdf2.c,v 1.16 2016/07/01 22:50:09 christos Exp $ */
/*-
* Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@@ -46,7 +46,7 @@
#include
#ifndef lint
-__RCSID("$NetBSD: pkcs5_pbkdf2.c,v 1.15 2010/11/27 17:08:37 elric Exp $");
+__RCSID("$NetBSD: pkcs5_pbkdf2.c,v 1.16 2016/07/01 22:50:09 christos Exp $");
#endif
#include
@@ -58,8 +58,6 @@ __RCSID("$NetBSD: pkcs5_pbkdf2.c,v 1.15
#include
#include
-#include
-
#include "pkcs5_pbkdf2.h"
#include "utils.h"
@@ -76,9 +74,9 @@ prf_iterate(u_int8_t *r, const u_int8_t
int first_time = 1;
size_t i;
size_t datalen;
- unsigned int tmplen;
+ ssize_t tmplen;
u_int8_t *data;
- u_int8_t tmp[EVP_MAX_MD_SIZE];
+ u_int8_t tmp[128];
data = emalloc(Slen + 4);
(void)memcpy(data, S, Slen);
@@ -86,7 +84,7 @@ prf_iterate(u_int8_t *r, const u_int8_t
datalen = Slen + 4;
for (i=0; i < c; i++) {
- (void)HMAC(EVP_sha1(), P, Plen, data, datalen, tmp, &tmplen);
+ tmplen = hmac("sha1", P, Plen, data, datalen, tmp, sizeof(tmp));
assert(tmplen == PRF_BLOCKLEN);
CVS commit: src/sbin/cgdconfig
Module Name:src
Committed By: christos
Date: Tue Nov 24 14:07:18 UTC 2015
Modified Files:
src/sbin/cgdconfig: params.c
Log Message:
CID 1340063: fix TOCTOU
To generate a diff of this commit:
cvs rdiff -u -r1.27 -r1.28 src/sbin/cgdconfig/params.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sbin/cgdconfig/params.c
diff -u src/sbin/cgdconfig/params.c:1.27 src/sbin/cgdconfig/params.c:1.28
--- src/sbin/cgdconfig/params.c:1.27 Sun Nov 22 15:24:19 2015
+++ src/sbin/cgdconfig/params.c Tue Nov 24 09:07:18 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: params.c,v 1.27 2015/11/22 20:24:19 christos Exp $ */
+/* $NetBSD: params.c,v 1.28 2015/11/24 14:07:18 christos Exp $ */
/*-
* Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@@ -31,7 +31,7 @@
#include
#ifndef lint
-__RCSID("$NetBSD: params.c,v 1.27 2015/11/22 20:24:19 christos Exp $");
+__RCSID("$NetBSD: params.c,v 1.28 2015/11/24 14:07:18 christos Exp $");
#endif
#include
@@ -622,15 +622,15 @@ params_cget(const char *fn)
struct params *p;
FILE *f;
char filename[MAXPATHLEN];
- struct stat st;
- if (fn[0] != '/' && stat(fn, &st) == -1 && errno == ENOENT) {
+ if ((f = fopen(fn, "r")) == NULL && fn[0] != '/') {
snprintf(filename, sizeof(filename), "%s/%s",
CGDCONFIG_DIR, fn);
fn = filename;
+ f = fopen(fn, "r");
}
- if ((f = fopen(fn, "r")) == NULL) {
+ if (f == NULL) {
warn("failed to open params file \"%s\"", fn);
return NULL;
}
CVS commit: src/sbin/cgdconfig
Module Name:src
Committed By: christos
Date: Sun Nov 22 20:24:19 UTC 2015
Modified Files:
src/sbin/cgdconfig: cgdconfig.c cgdconfig.h params.c
Log Message:
Don't chdir to the config directory; just form the parameters file with a
path if needed.
To generate a diff of this commit:
cvs rdiff -u -r1.39 -r1.40 src/sbin/cgdconfig/cgdconfig.c
cvs rdiff -u -r1.1 -r1.2 src/sbin/cgdconfig/cgdconfig.h
cvs rdiff -u -r1.26 -r1.27 src/sbin/cgdconfig/params.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sbin/cgdconfig/cgdconfig.c
diff -u src/sbin/cgdconfig/cgdconfig.c:1.39 src/sbin/cgdconfig/cgdconfig.c:1.40
--- src/sbin/cgdconfig/cgdconfig.c:1.39 Sun Dec 14 18:27:14 2014
+++ src/sbin/cgdconfig/cgdconfig.c Sun Nov 22 15:24:19 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: cgdconfig.c,v 1.39 2014/12/14 23:27:14 christos Exp $ */
+/* $NetBSD: cgdconfig.c,v 1.40 2015/11/22 20:24:19 christos Exp $ */
/*-
* Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#ifndef lint
__COPYRIGHT("@(#) Copyright (c) 2002, 2003\
The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: cgdconfig.c,v 1.39 2014/12/14 23:27:14 christos Exp $");
+__RCSID("$NetBSD: cgdconfig.c,v 1.40 2015/11/22 20:24:19 christos Exp $");
#endif
#include
@@ -68,7 +68,6 @@ __RCSID("$NetBSD: cgdconfig.c,v 1.39 201
#include "cgdconfig.h"
#include "prog_ops.h"
-#define CGDCONFIG_DIR "/etc/cgd"
#define CGDCONFIG_CFILE CGDCONFIG_DIR "/cgd.conf"
enum action {
@@ -524,22 +523,11 @@ configure(int argc, char **argv, struct
}
if (argc == 2) {
- char *pfile, *base;
+ char pfile[MAXPATHLEN];
/* make string writable for basename */
- base = strdup(dev);
- if (base == NULL)
- return -1;
-
- if (asprintf(&pfile, "%s/%s",
- CGDCONFIG_DIR, basename(base)) == -1) {
- free(base);
- return -1;
- }
-
- p = params_cget(pfile);
- free(pfile);
- free(base);
+ strlcpy(pfile, dev, sizeof(pfile));
+ p = params_cget(basename(pfile));
} else if (argc == 3) {
p = params_cget(argv[2]);
} else {
@@ -1124,10 +1112,6 @@ do_all(const char *cfile, int argc, char
return -1;
}
- ret = chdir(CGDCONFIG_DIR);
- if (ret == -1)
- warn("could not chdir to %s", CGDCONFIG_DIR);
-
ret = 0;
lineno = 0;
for (;;) {
Index: src/sbin/cgdconfig/cgdconfig.h
diff -u src/sbin/cgdconfig/cgdconfig.h:1.1 src/sbin/cgdconfig/cgdconfig.h:1.2
--- src/sbin/cgdconfig/cgdconfig.h:1.1 Tue Sep 8 18:16:56 2009
+++ src/sbin/cgdconfig/cgdconfig.h Sun Nov 22 15:24:19 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: cgdconfig.h,v 1.1 2009/09/08 22:16:56 pooka Exp $ */
+/* $NetBSD: cgdconfig.h,v 1.2 2015/11/22 20:24:19 christos Exp $ */
/*
* Copyright (c) 2009 The NetBSD Foundation, Inc.
@@ -31,4 +31,6 @@
int cgdconfig(int, char **);
+#define CGDCONFIG_DIR "/etc/cgd"
+
#endif /* _SBIN_CGDCONFIG_H_ */
Index: src/sbin/cgdconfig/params.c
diff -u src/sbin/cgdconfig/params.c:1.26 src/sbin/cgdconfig/params.c:1.27
--- src/sbin/cgdconfig/params.c:1.26 Tue Jun 16 19:18:54 2015
+++ src/sbin/cgdconfig/params.c Sun Nov 22 15:24:19 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: params.c,v 1.26 2015/06/16 23:18:54 christos Exp $ */
+/* $NetBSD: params.c,v 1.27 2015/11/22 20:24:19 christos Exp $ */
/*-
* Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@@ -31,10 +31,12 @@
#include
#ifndef lint
-__RCSID("$NetBSD: params.c,v 1.26 2015/06/16 23:18:54 christos Exp $");
+__RCSID("$NetBSD: params.c,v 1.27 2015/11/22 20:24:19 christos Exp $");
#endif
#include
+#include
+#include
#include
#include
@@ -46,6 +48,7 @@ __RCSID("$NetBSD: params.c,v 1.26 2015/0
#include "params.h"
#include "pkcs5_pbkdf2.h"
#include "utils.h"
+#include "cgdconfig.h"
#include "extern.h"
static void params_init(struct params *);
@@ -618,6 +621,14 @@ params_cget(const char *fn)
{
struct params *p;
FILE *f;
+ char filename[MAXPATHLEN];
+ struct stat st;
+
+ if (fn[0] != '/' && stat(fn, &st) == -1 && errno == ENOENT) {
+ snprintf(filename, sizeof(filename), "%s/%s",
+ CGDCONFIG_DIR, fn);
+ fn = filename;
+ }
if ((f = fopen(fn, "r")) == NULL) {
warn("failed to open params file \"%s\"", fn);
CVS commit: src/sbin/cgdconfig
Module Name:src
Committed By: christos
Date: Sun Dec 14 23:27:14 UTC 2014
Modified Files:
src/sbin/cgdconfig: cgdconfig.c
Log Message:
fix possibly uninitialized variable.
To generate a diff of this commit:
cvs rdiff -u -r1.38 -r1.39 src/sbin/cgdconfig/cgdconfig.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sbin/cgdconfig/cgdconfig.c
diff -u src/sbin/cgdconfig/cgdconfig.c:1.38 src/sbin/cgdconfig/cgdconfig.c:1.39
--- src/sbin/cgdconfig/cgdconfig.c:1.38 Sun Dec 14 18:25:07 2014
+++ src/sbin/cgdconfig/cgdconfig.c Sun Dec 14 18:27:14 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: cgdconfig.c,v 1.38 2014/12/14 23:25:07 christos Exp $ */
+/* $NetBSD: cgdconfig.c,v 1.39 2014/12/14 23:27:14 christos Exp $ */
/*-
* Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#ifndef lint
__COPYRIGHT("@(#) Copyright (c) 2002, 2003\
The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: cgdconfig.c,v 1.38 2014/12/14 23:25:07 christos Exp $");
+__RCSID("$NetBSD: cgdconfig.c,v 1.39 2014/12/14 23:27:14 christos Exp $");
#endif
#include
@@ -513,7 +513,7 @@ configure(int argc, char **argv, struct
int ret;
char cgdname[PATH_MAX];
char devicename[PATH_MAX];
- const char *dev;
+ const char *dev = NULL; /* XXX: gcc */
if (argc == 2 || argc == 3) {
dev = getfsspecname(devicename, sizeof(devicename), argv[1]);
CVS commit: src/sbin/cgdconfig
Module Name:src
Committed By: christos
Date: Sun Dec 14 23:25:07 UTC 2014
Modified Files:
src/sbin/cgdconfig: cgdconfig.c
Log Message:
avoid local variable shadowing devname.
To generate a diff of this commit:
cvs rdiff -u -r1.37 -r1.38 src/sbin/cgdconfig/cgdconfig.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sbin/cgdconfig/cgdconfig.c
diff -u src/sbin/cgdconfig/cgdconfig.c:1.37 src/sbin/cgdconfig/cgdconfig.c:1.38
--- src/sbin/cgdconfig/cgdconfig.c:1.37 Sun Dec 14 07:31:39 2014
+++ src/sbin/cgdconfig/cgdconfig.c Sun Dec 14 18:25:07 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: cgdconfig.c,v 1.37 2014/12/14 12:31:39 mlelstv Exp $ */
+/* $NetBSD: cgdconfig.c,v 1.38 2014/12/14 23:25:07 christos Exp $ */
/*-
* Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#ifndef lint
__COPYRIGHT("@(#) Copyright (c) 2002, 2003\
The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: cgdconfig.c,v 1.37 2014/12/14 12:31:39 mlelstv Exp $");
+__RCSID("$NetBSD: cgdconfig.c,v 1.38 2014/12/14 23:25:07 christos Exp $");
#endif
#include
@@ -512,13 +512,13 @@ configure(int argc, char **argv, struct
int loop = 0;
int ret;
char cgdname[PATH_MAX];
- char devname[PATH_MAX];
+ char devicename[PATH_MAX];
const char *dev;
if (argc == 2 || argc == 3) {
- dev = getfsspecname(devname, sizeof(devname), argv[1]);
+ dev = getfsspecname(devicename, sizeof(devicename), argv[1]);
if (dev == NULL) {
- warnx("getfsspecname failed: %s", devname);
+ warnx("getfsspecname failed: %s", devicename);
return -1;
}
}
@@ -636,15 +636,15 @@ configure_stdin(struct params *p, int ar
int fd;
int ret;
char cgdname[PATH_MAX];
- char devname[PATH_MAX];
+ char devicename[PATH_MAX];
const char *dev;
if (argc < 3 || argc > 4)
usage();
- dev = getfsspecname(devname, sizeof(devname), argv[1]);
+ dev = getfsspecname(devicename, sizeof(devicename), argv[1]);
if (dev == NULL) {
- warnx("getfsspecname failed: %s", devname);
+ warnx("getfsspecname failed: %s", devicename);
return -1;
}
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: wiz Date: Sun Dec 14 17:15:15 UTC 2014 Modified Files: src/sbin/cgdconfig: cgdconfig.8 Log Message: Bump date for previous. Fix typo. To generate a diff of this commit: cvs rdiff -u -r1.34 -r1.35 src/sbin/cgdconfig/cgdconfig.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sbin/cgdconfig/cgdconfig.8 diff -u src/sbin/cgdconfig/cgdconfig.8:1.34 src/sbin/cgdconfig/cgdconfig.8:1.35 --- src/sbin/cgdconfig/cgdconfig.8:1.34 Sun Dec 14 12:31:39 2014 +++ src/sbin/cgdconfig/cgdconfig.8 Sun Dec 14 17:15:14 2014 @@ -1,4 +1,4 @@ -.\" $NetBSD: cgdconfig.8,v 1.34 2014/12/14 12:31:39 mlelstv Exp $ +.\" $NetBSD: cgdconfig.8,v 1.35 2014/12/14 17:15:14 wiz Exp $ .\" .\" Copyright (c) 2002, The NetBSD Foundation, Inc. .\" All rights reserved. @@ -27,7 +27,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd December 3, 2012 +.Dd December 14, 2014 .Dt CGDCONFIG 8 .Os .Sh NAME @@ -211,7 +211,7 @@ scan for a valid disklabel. .It mbr scan for a valid Master Boot Record. .It gpt -scan for a valid GUUID partition table. +scan for a valid GUID partition table. .It ffs scan for a valid FFS file system. .It re-enter
CVS commit: src/sbin/cgdconfig
Module Name:src
Committed By: mlelstv
Date: Sun Dec 14 12:31:39 UTC 2014
Modified Files:
src/sbin/cgdconfig: cgdconfig.8 cgdconfig.c params.c params.h
Log Message:
Add validation methods "mbr" and "gpt" for disks without a valid disklabel.
To generate a diff of this commit:
cvs rdiff -u -r1.33 -r1.34 src/sbin/cgdconfig/cgdconfig.8
cvs rdiff -u -r1.36 -r1.37 src/sbin/cgdconfig/cgdconfig.c
cvs rdiff -u -r1.24 -r1.25 src/sbin/cgdconfig/params.c
cvs rdiff -u -r1.10 -r1.11 src/sbin/cgdconfig/params.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sbin/cgdconfig/cgdconfig.8
diff -u src/sbin/cgdconfig/cgdconfig.8:1.33 src/sbin/cgdconfig/cgdconfig.8:1.34
--- src/sbin/cgdconfig/cgdconfig.8:1.33 Wed Dec 5 08:56:54 2012
+++ src/sbin/cgdconfig/cgdconfig.8 Sun Dec 14 12:31:39 2014
@@ -1,4 +1,4 @@
-.\" $NetBSD: cgdconfig.8,v 1.33 2012/12/05 08:56:54 wiz Exp $
+.\" $NetBSD: cgdconfig.8,v 1.34 2014/12/14 12:31:39 mlelstv Exp $
.\"
.\" Copyright (c) 2002, The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -208,6 +208,10 @@ The following verification methods are s
perform no verification.
.It disklabel
scan for a valid disklabel.
+.It mbr
+scan for a valid Master Boot Record.
+.It gpt
+scan for a valid GUUID partition table.
.It ffs
scan for a valid FFS file system.
.It re-enter
Index: src/sbin/cgdconfig/cgdconfig.c
diff -u src/sbin/cgdconfig/cgdconfig.c:1.36 src/sbin/cgdconfig/cgdconfig.c:1.37
--- src/sbin/cgdconfig/cgdconfig.c:1.36 Sun Dec 14 11:31:39 2014
+++ src/sbin/cgdconfig/cgdconfig.c Sun Dec 14 12:31:39 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: cgdconfig.c,v 1.36 2014/12/14 11:31:39 mlelstv Exp $ */
+/* $NetBSD: cgdconfig.c,v 1.37 2014/12/14 12:31:39 mlelstv Exp $ */
/*-
* Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#ifndef lint
__COPYRIGHT("@(#) Copyright (c) 2002, 2003\
The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: cgdconfig.c,v 1.36 2014/12/14 11:31:39 mlelstv Exp $");
+__RCSID("$NetBSD: cgdconfig.c,v 1.37 2014/12/14 12:31:39 mlelstv Exp $");
#endif
#include
@@ -49,7 +49,9 @@ __RCSID("$NetBSD: cgdconfig.c,v 1.36 201
#include
#include
+#include
#include
+#include
#include
#include
#include
@@ -119,6 +121,8 @@ static int verify(struct params *, int)
static int verify_disklabel(int);
static int verify_ffs(int);
static int verify_reenter(struct params *);
+static int verify_mbr(int);
+static int verify_gpt(int);
__dead static void usage(void);
@@ -751,6 +755,10 @@ verify(struct params *p, int fd)
return verify_ffs(fd);
case VERIFY_REENTER:
return verify_reenter(p);
+ case VERIFY_MBR:
+ return verify_mbr(fd);
+ case VERIFY_GPT:
+ return verify_gpt(fd);
default:
warnx("unimplemented verification method");
return -1;
@@ -771,7 +779,7 @@ verify_disklabel(int fd)
* partition information.
*/
- ret = prog_pread(fd, buf, 8192, 0);
+ ret = prog_pread(fd, buf, SCANSIZE, 0);
if (ret < 0) {
warn("can't read disklabel area");
return -1;
@@ -782,6 +790,133 @@ verify_disklabel(int fd)
return disklabel_scan(&l, buf, (size_t)ret);
}
+static int
+verify_mbr(int fd)
+{
+ struct mbr_sector mbr;
+ ssize_t ret;
+ char buf[SCANSIZE];
+
+ /*
+ * we read the first blocks to avoid sector size issues and
+ * verify the MBR in the beginning
+ */
+
+ ret = prog_pread(fd, buf, SCANSIZE, 0);
+ if (ret < 0) {
+ warn("can't read mbr area");
+ return -1;
+ }
+
+ memcpy(&mbr, buf, sizeof(mbr));
+ if (le16toh(mbr.mbr_magic) != MBR_MAGIC)
+ return -1;
+
+ return 0;
+}
+
+static uint32_t crc32_tab[] = {
+ 0x, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f,
+ 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988,
+ 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2,
+ 0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7,
+ 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9,
+ 0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172,
+ 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c,
+ 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59,
+ 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423,
+ 0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,
+ 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106,
+ 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433,
+ 0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d,
+ 0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e,
+ 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950,
+ 0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65,
+ 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7,
+ 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc,
CVS commit: src/sbin/cgdconfig
Module Name:src
Committed By: mlelstv
Date: Sun Dec 14 11:31:39 UTC 2014
Modified Files:
src/sbin/cgdconfig: cgdconfig.c
Log Message:
support wedge names.
The default param file for a wedge is still named after the device (dkN)
which might be unpredictable. Use an explicit param file instead.
To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.36 src/sbin/cgdconfig/cgdconfig.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sbin/cgdconfig/cgdconfig.c
diff -u src/sbin/cgdconfig/cgdconfig.c:1.35 src/sbin/cgdconfig/cgdconfig.c:1.36
--- src/sbin/cgdconfig/cgdconfig.c:1.35 Sun Jun 9 18:37:40 2013
+++ src/sbin/cgdconfig/cgdconfig.c Sun Dec 14 11:31:39 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: cgdconfig.c,v 1.35 2013/06/09 18:37:40 christos Exp $ */
+/* $NetBSD: cgdconfig.c,v 1.36 2014/12/14 11:31:39 mlelstv Exp $ */
/*-
* Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#ifndef lint
__COPYRIGHT("@(#) Copyright (c) 2002, 2003\
The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: cgdconfig.c,v 1.35 2013/06/09 18:37:40 christos Exp $");
+__RCSID("$NetBSD: cgdconfig.c,v 1.36 2014/12/14 11:31:39 mlelstv Exp $");
#endif
#include
@@ -508,16 +508,34 @@ configure(int argc, char **argv, struct
int loop = 0;
int ret;
char cgdname[PATH_MAX];
+ char devname[PATH_MAX];
+ const char *dev;
+
+ if (argc == 2 || argc == 3) {
+ dev = getfsspecname(devname, sizeof(devname), argv[1]);
+ if (dev == NULL) {
+ warnx("getfsspecname failed: %s", devname);
+ return -1;
+ }
+ }
if (argc == 2) {
- char *pfile;
+ char *pfile, *base;
+
+ /* make string writable for basename */
+ base = strdup(dev);
+ if (base == NULL)
+ return -1;
if (asprintf(&pfile, "%s/%s",
- CGDCONFIG_DIR, basename(argv[1])) == -1)
+ CGDCONFIG_DIR, basename(base)) == -1) {
+ free(base);
return -1;
+ }
p = params_cget(pfile);
free(pfile);
+ free(base);
} else if (argc == 3) {
p = params_cget(argv[2]);
} else {
@@ -578,7 +596,7 @@ configure(int argc, char **argv, struct
if (!p->key)
goto bail_err;
- ret = configure_params(fd, cgdname, argv[1], p);
+ ret = configure_params(fd, cgdname, dev, p);
if (ret)
goto bail_err;
@@ -611,13 +629,21 @@ bail_err:
static int
configure_stdin(struct params *p, int argc, char **argv)
{
- int fd;
- int ret;
- char cgdname[PATH_MAX];
+ int fd;
+ int ret;
+ char cgdname[PATH_MAX];
+ char devname[PATH_MAX];
+ const char *dev;
if (argc < 3 || argc > 4)
usage();
+ dev = getfsspecname(devname, sizeof(devname), argv[1]);
+ if (dev == NULL) {
+ warnx("getfsspecname failed: %s", devname);
+ return -1;
+ }
+
p->algorithm = string_fromcharstar(argv[2]);
if (argc > 3) {
size_t keylen;
@@ -643,7 +669,7 @@ configure_stdin(struct params *p, int ar
return -1;
}
- return configure_params(fd, cgdname, argv[1], p);
+ return configure_params(fd, cgdname, dev, p);
}
static int
CVS commit: src/sbin/cgdconfig
Module Name:src
Committed By: christos
Date: Sun Jun 9 18:37:40 UTC 2013
Modified Files:
src/sbin/cgdconfig: cgdconfig.c
Log Message:
List all cgd's no matter if they are not contiguously allocated
To generate a diff of this commit:
cvs rdiff -u -r1.34 -r1.35 src/sbin/cgdconfig/cgdconfig.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sbin/cgdconfig/cgdconfig.c
diff -u src/sbin/cgdconfig/cgdconfig.c:1.34 src/sbin/cgdconfig/cgdconfig.c:1.35
--- src/sbin/cgdconfig/cgdconfig.c:1.34 Tue Dec 4 21:23:20 2012
+++ src/sbin/cgdconfig/cgdconfig.c Sun Jun 9 14:37:40 2013
@@ -1,4 +1,4 @@
-/* $NetBSD: cgdconfig.c,v 1.34 2012/12/05 02:23:20 christos Exp $ */
+/* $NetBSD: cgdconfig.c,v 1.35 2013/06/09 18:37:40 christos Exp $ */
/*-
* Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#ifndef lint
__COPYRIGHT("@(#) Copyright (c) 2002, 2003\
The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: cgdconfig.c,v 1.34 2012/12/05 02:23:20 christos Exp $");
+__RCSID("$NetBSD: cgdconfig.c,v 1.35 2013/06/09 18:37:40 christos Exp $");
#endif
#include
@@ -45,6 +45,8 @@ __RCSID("$NetBSD: cgdconfig.c,v 1.34 201
#include
#include
#include
+#include
+#include
#include
#include
@@ -52,6 +54,7 @@ __RCSID("$NetBSD: cgdconfig.c,v 1.34 201
#include
#include
#include
+#include
#include
@@ -999,68 +1002,91 @@ iv_method(int mode)
}
}
+
+static void
+show(const char *dev) {
+ char path[64];
+ struct cgd_user cgu;
+ int fd;
+
+ fd = opendisk(dev, O_RDONLY, path, sizeof(path), 0);
+ if (fd == -1) {
+ warn("open: %s", dev);
+ return;
+ }
+
+ cgu.cgu_unit = -1;
+ if (prog_ioctl(fd, CGDIOCGET, &cgu) == -1) {
+ close(fd);
+ err(1, "CGDIOCGET");
+ }
+
+ printf("%s: ", dev);
+
+ if (cgu.cgu_dev == 0) {
+ printf("not in use");
+ goto out;
+ }
+
+ dev = devname(cgu.cgu_dev, S_IFBLK);
+ if (dev != NULL)
+ printf("%s ", dev);
+ else
+ printf("dev %llu,%llu ", (unsigned long long)major(cgu.cgu_dev),
+ (unsigned long long)minor(cgu.cgu_dev));
+
+ if (verbose)
+ printf("%s ", cgu.cgu_alg);
+ if (verbose > 1) {
+ printf("keylen %d ", cgu.cgu_keylen);
+ printf("blksize %zd ", cgu.cgu_blocksize);
+ printf("%s ", iv_method(cgu.cgu_mode));
+ }
+
+out:
+ putchar('\n');
+ close(fd);
+}
+
static int
do_list(int argc, char **argv)
{
- char path[64], buf[16];
- struct cgd_user cgu;
- const char *fn;
- int fd, n, rv;
if (argc != 0 && argc != 1)
usage();
- fn = argc ? argv[0] : "cgd0";
- n = 0;
- for (;;) {
- fd = opendisk(fn, O_RDONLY, path, sizeof(path), 0);
- if (fd == -1) {
- if (argc)
-err(1, "open: %s", fn);
- break;
- }
-
- cgu.cgu_unit = argc ? -1 : n;
- rv = prog_ioctl(fd, CGDIOCGET, &cgu);
- if (rv == -1) {
- close(fd);
- err(1, "CGDIOCGET");
- }
-
- printf("%s: ", fn);
+ if (argc) {
+ show(argv[0]);
+ return 0;
+ }
- if (cgu.cgu_dev == 0)
- printf("not in use");
- else {
- char *dev;
-
- dev = devname(cgu.cgu_dev, S_IFBLK);
- if (dev != NULL)
-printf("%s ", dev);
- else
-printf("dev %llu,%llu ",
-(unsigned long long)major(cgu.cgu_dev),
-(unsigned long long)minor(cgu.cgu_dev));
-
- if (verbose)
-printf("%s ", cgu.cgu_alg);
- if (verbose > 1) {
-printf("keylen %d ", cgu.cgu_keylen);
-printf("blksize %zd ", cgu.cgu_blocksize);
-printf("%s ", iv_method(cgu.cgu_mode));
- }
+ DIR *dirp;
+ struct dirent *dp;
+ __BITMAP_TYPE(, uint32_t, 65536) bm;
+
+ __BITMAP_ZERO(&bm);
+
+ if ((dirp = opendir(_PATH_DEV)) == NULL)
+ err(1, "opendir: %s", _PATH_DEV);
+
+ while ((dp = readdir(dirp)) != NULL) {
+ char *ep;
+ if (strncmp(dp->d_name, "rcgd", 4) != 0)
+ continue;
+ errno = 0;
+ int n = (int)strtol(dp->d_name + 4, &ep, 0);
+ if (ep == dp->d_name + 4 || errno != 0) {
+ warnx("bad name %s", dp->d_name);
+ continue;
}
- putchar('\n');
- close(fd);
-
- if (argc)
- break;
-
- n++;
- snprintf(buf, sizeof(buf), "cgd%d", n);
- fn = buf;
+ *ep = '\0';
+ if (__BITMAP_ISSET(n, &bm))
+ continue;
+ __BITMAP_SET(n, &bm);
+ show(dp->d_name + 1);
}
+ closedir(dirp);
return 0;
}
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: wiz Date: Wed Dec 5 08:56:55 UTC 2012 Modified Files: src/sbin/cgdconfig: cgdconfig.8 Log Message: Whitespace. New sentence, new line. To generate a diff of this commit: cvs rdiff -u -r1.32 -r1.33 src/sbin/cgdconfig/cgdconfig.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sbin/cgdconfig/cgdconfig.8 diff -u src/sbin/cgdconfig/cgdconfig.8:1.32 src/sbin/cgdconfig/cgdconfig.8:1.33 --- src/sbin/cgdconfig/cgdconfig.8:1.32 Wed Dec 5 02:23:20 2012 +++ src/sbin/cgdconfig/cgdconfig.8 Wed Dec 5 08:56:54 2012 @@ -1,4 +1,4 @@ -.\" $NetBSD: cgdconfig.8,v 1.32 2012/12/05 02:23:20 christos Exp $ +.\" $NetBSD: cgdconfig.8,v 1.33 2012/12/05 08:56:54 wiz Exp $ .\" .\" Copyright (c) 2002, The NetBSD Foundation, Inc. .\" All rights reserved. @@ -178,7 +178,8 @@ a disk volume with meaningless data prio .It urandomkey The method simply reads .Pa /dev/urandom -and uses the resulting bits as the key. This is similar to the +and uses the resulting bits as the key. +This is similar to the .Pa randomkey method, but it guarantees that cgdconfig will not stall waiting for hard-random bits (useful when configuring a cgd for swap at boot time). @@ -355,7 +356,7 @@ sequence of commands that is recommended .Pp To scrub data from a disk before setting up a cgd: .Bd -literal - # cgdconfig -s cgd0 /dev/sd0e aes-cbc 256 < /dev/urandom + # cgdconfig -s cgd0 /dev/sd0e aes-cbc 256 < /dev/urandom # dd if=/dev/zero of=/dev/rcgd0d bs=32k progress=512 # cgdconfig -u cgd0 .Ed
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: dholland Date: Sun Jul 3 19:05:10 UTC 2011 Modified Files: src/sbin/cgdconfig: cgdconfig.8 Log Message: fix typo To generate a diff of this commit: cvs rdiff -u -r1.30 -r1.31 src/sbin/cgdconfig/cgdconfig.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sbin/cgdconfig/cgdconfig.8 diff -u src/sbin/cgdconfig/cgdconfig.8:1.30 src/sbin/cgdconfig/cgdconfig.8:1.31 --- src/sbin/cgdconfig/cgdconfig.8:1.30 Tue Mar 30 14:26:55 2010 +++ src/sbin/cgdconfig/cgdconfig.8 Sun Jul 3 19:05:10 2011 @@ -1,4 +1,4 @@ -.\" $NetBSD: cgdconfig.8,v 1.30 2010/03/30 14:26:55 joerg Exp $ +.\" $NetBSD: cgdconfig.8,v 1.31 2011/07/03 19:05:10 dholland Exp $ .\" .\" Copyright (c) 2002, The NetBSD Foundation, Inc. .\" All rights reserved. @@ -190,7 +190,7 @@ If the newly configured disk fails to verify, then .Nm will regenerate the key and re-configure the device. -It only makes sense to specify a verification method if at least of the +It only makes sense to specify a verification method if at least one of the key generation methods is error prone, e.g., uses a user-entered passphrase. The following verification methods are supported: .Pp
CVS commit: src/sbin/cgdconfig
Module Name:src
Committed By: pooka
Date: Tue Dec 14 17:46:21 UTC 2010
Modified Files:
src/sbin/cgdconfig: Makefile cgdconfig.c
Added Files:
src/sbin/cgdconfig: cgdconfig_hostops.c cgdconfig_rumpops.c prog_ops.h
Removed Files:
src/sbin/cgdconfig: Makefile.cgdconfig cgd_kernelops.c cgd_kernelops.h
cgd_rumpops.c
Log Message:
Convert from the oldstyle cgd_kops.op_open to the newstyle prog_open
and define RUMPPRG. Get rid of the Makefile.inc stuff, since it was
useful only for the oldstyle regime.
To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 src/sbin/cgdconfig/Makefile
cvs rdiff -u -r1.3 -r0 src/sbin/cgdconfig/Makefile.cgdconfig \
src/sbin/cgdconfig/cgd_kernelops.h
cvs rdiff -u -r1.2 -r0 src/sbin/cgdconfig/cgd_kernelops.c
cvs rdiff -u -r1.1 -r0 src/sbin/cgdconfig/cgd_rumpops.c
cvs rdiff -u -r1.31 -r1.32 src/sbin/cgdconfig/cgdconfig.c
cvs rdiff -u -r0 -r1.1 src/sbin/cgdconfig/cgdconfig_hostops.c \
src/sbin/cgdconfig/cgdconfig_rumpops.c src/sbin/cgdconfig/prog_ops.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sbin/cgdconfig/Makefile
diff -u src/sbin/cgdconfig/Makefile:1.13 src/sbin/cgdconfig/Makefile:1.14
--- src/sbin/cgdconfig/Makefile:1.13 Sat Dec 19 15:03:34 2009
+++ src/sbin/cgdconfig/Makefile Tue Dec 14 17:46:21 2010
@@ -1,8 +1,20 @@
-# $NetBSD: Makefile,v 1.13 2009/12/19 15:03:34 pooka Exp $
+# $NetBSD: Makefile,v 1.14 2010/12/14 17:46:21 pooka Exp $
-PROG= cgdconfig
+RUMPPRG=cgdconfig
MAN= cgdconfig.8
-.include "${.CURDIR}/Makefile.cgdconfig"
+SRCS+= cgdconfig.c \
+ cgdlex.l \
+ cgdparse.y \
+ pkcs5_pbkdf2.c \
+ params.c \
+ utils.c
+
+CPPFLAGS+= -I${.CURDIR} -I. -DYY_NO_INPUT
+
+YHEADER=1
+
+DPADD= ${LIBUTIL} ${LIBCRYPTO} ${LIBCRYPT} ${LIBY} ${LIBL}
+LDADD= -lutil -lcrypto -lcrypt -ly -ll
.include
Index: src/sbin/cgdconfig/cgdconfig.c
diff -u src/sbin/cgdconfig/cgdconfig.c:1.31 src/sbin/cgdconfig/cgdconfig.c:1.32
--- src/sbin/cgdconfig/cgdconfig.c:1.31 Thu Dec 2 18:02:58 2010
+++ src/sbin/cgdconfig/cgdconfig.c Tue Dec 14 17:46:21 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: cgdconfig.c,v 1.31 2010/12/02 18:02:58 elric Exp $ */
+/* $NetBSD: cgdconfig.c,v 1.32 2010/12/14 17:46:21 pooka Exp $ */
/*-
* Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#ifndef lint
__COPYRIGHT("@(#) Copyright (c) 2002, 2003\
The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: cgdconfig.c,v 1.31 2010/12/02 18:02:58 elric Exp $");
+__RCSID("$NetBSD: cgdconfig.c,v 1.32 2010/12/14 17:46:21 pooka Exp $");
#endif
#include
@@ -59,8 +59,8 @@
#include "params.h"
#include "pkcs5_pbkdf2.h"
#include "utils.h"
-#include "cgd_kernelops.h"
#include "cgdconfig.h"
+#include "prog_ops.h"
#define CGDCONFIG_DIR "/etc/cgd"
#define CGDCONFIG_CFILE CGDCONFIG_DIR "/cgd.conf"
@@ -170,18 +170,9 @@
*action = value;
}
-#ifndef CGDCONFIG_AS_LIB
int
main(int argc, char **argv)
{
-
- return cgdconfig(argc, argv);
-}
-#endif
-
-int
-cgdconfig(int argc, char *argv[])
-{
struct params *p;
struct params *tp;
struct keygen *kg;
@@ -278,6 +269,9 @@
if (!cfile)
cfile = "";
+ if (prog_init && prog_init() == -1)
+ err(1, "init failed");
+
/* validate the consistency of the arguments */
switch (action) {
@@ -458,7 +452,7 @@
if (flags == CONFIG_FLAGS_FROMALL && (argc < 2 || argc > 3))
return -1;
- fd = opendisk1(*argv, O_RDWR, buf, sizeof(buf), 1, cgd_kops.ko_open);
+ fd = opendisk1(*argv, O_RDWR, buf, sizeof(buf), 1, prog_open);
if (fd == -1) {
int saved_errno = errno;
@@ -475,7 +469,7 @@
return 0;
ret = unconfigure_fd(fd);
- (void)cgd_kops.ko_close(fd);
+ (void)prog_close(fd);
return ret;
}
@@ -484,7 +478,7 @@
{
struct cgd_ioctl ci;
- if (cgd_kops.ko_ioctl(fd, CGDIOCCLR, &ci) == -1) {
+ if (prog_ioctl(fd, CGDIOCCLR, &ci) == -1) {
warn("ioctl");
return -1;
}
@@ -583,7 +577,7 @@
break;
(void)unconfigure_fd(fd);
- (void)cgd_kops.ko_close(fd);
+ (void)prog_close(fd);
if (!loop) {
warnx("verification failed permanently");
@@ -594,11 +588,11 @@
}
params_free(p);
- (void)cgd_kops.ko_close(fd);
+ (void)prog_close(fd);
return 0;
bail_err:
params_free(p);
- (void)cgd_kops.ko_close(fd);
+ (void)prog_close(fd);
return -1;
}
@@ -657,7 +651,7 @@
return 0;
}
- fd = opendisk1(cgd, O_RDWR, buf, buflen, 0, cgd_kops.ko_open);
+ fd = opendisk1(cgd, O_RDWR, buf, buflen, 0, prog_open);
if (fd == -1)
warnx("can't open cgd \"%s\", \"%s\"", cgd, buf);
@@ -691,7 +685,7 @@
if (nflag)
return 0;
- if (cgd_kops.ko_ioctl(fd, CGDIOCSET, &ci) == -1) {
+ if (prog_ioctl(fd, CGDIOCSET, &ci) == -1) {
int saved_errno = errno;
warn("ioctl");
return saved_errno;
@@ -739,7 +733,7 @@
* partition information.
*/
- ret = cgd_kops.ko_pread(fd, buf, 8192, 0);
+ ret = prog_pread(fd, buf, 8192, 0);
if (ret < 0) {
warn("can
CVS commit: src/sbin/cgdconfig
Module Name:src
Committed By: elric
Date: Thu Dec 2 18:02:58 UTC 2010
Modified Files:
src/sbin/cgdconfig: cgdconfig.c
Log Message:
Remove a line that was intended only for my personal testing and that
breaks things.
To generate a diff of this commit:
cvs rdiff -u -r1.30 -r1.31 src/sbin/cgdconfig/cgdconfig.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sbin/cgdconfig/cgdconfig.c
diff -u src/sbin/cgdconfig/cgdconfig.c:1.30 src/sbin/cgdconfig/cgdconfig.c:1.31
--- src/sbin/cgdconfig/cgdconfig.c:1.30 Thu Dec 2 04:54:32 2010
+++ src/sbin/cgdconfig/cgdconfig.c Thu Dec 2 18:02:58 2010
@@ -1,6 +1,4 @@
-#define opendisk1(x,y,z,t,u,v) opendisk(x,y,z,t,u)
-
-/* $NetBSD: cgdconfig.c,v 1.30 2010/12/02 04:54:32 elric Exp $ */
+/* $NetBSD: cgdconfig.c,v 1.31 2010/12/02 18:02:58 elric Exp $ */
/*-
* Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@@ -35,7 +33,7 @@
#ifndef lint
__COPYRIGHT("@(#) Copyright (c) 2002, 2003\
The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: cgdconfig.c,v 1.30 2010/12/02 04:54:32 elric Exp $");
+__RCSID("$NetBSD: cgdconfig.c,v 1.31 2010/12/02 18:02:58 elric Exp $");
#endif
#include
CVS commit: src/sbin/cgdconfig
Module Name:src
Committed By: elric
Date: Thu Dec 2 04:54:32 UTC 2010
Modified Files:
src/sbin/cgdconfig: cgdconfig.c
Log Message:
In -G, refuse to operate if KEYGEN_URANDOM is specified as we already do
for KEYGEN_RANDOMKEY.
Print a warning if such a refusal is made---this will help the user understand
why there is an error.
Patch provided by: Taylor R Campbell .
To generate a diff of this commit:
cvs rdiff -u -r1.29 -r1.30 src/sbin/cgdconfig/cgdconfig.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sbin/cgdconfig/cgdconfig.c
diff -u src/sbin/cgdconfig/cgdconfig.c:1.29 src/sbin/cgdconfig/cgdconfig.c:1.30
--- src/sbin/cgdconfig/cgdconfig.c:1.29 Sat Nov 27 17:08:36 2010
+++ src/sbin/cgdconfig/cgdconfig.c Thu Dec 2 04:54:32 2010
@@ -1,4 +1,6 @@
-/* $NetBSD: cgdconfig.c,v 1.29 2010/11/27 17:08:36 elric Exp $ */
+#define opendisk1(x,y,z,t,u,v) opendisk(x,y,z,t,u)
+
+/* $NetBSD: cgdconfig.c,v 1.30 2010/12/02 04:54:32 elric Exp $ */
/*-
* Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@@ -33,7 +35,7 @@
#ifndef lint
__COPYRIGHT("@(#) Copyright (c) 2002, 2003\
The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: cgdconfig.c,v 1.29 2010/11/27 17:08:36 elric Exp $");
+__RCSID("$NetBSD: cgdconfig.c,v 1.30 2010/12/02 04:54:32 elric Exp $");
#endif
#include
@@ -872,11 +874,17 @@
/* for sanity, we ensure that none of the keygens are randomkey */
for (kg=p->keygen; kg; kg=kg->next)
- if (kg->kg_method == KEYGEN_RANDOMKEY)
+ if ((kg->kg_method == KEYGEN_RANDOMKEY) ||
+ (kg->kg_method == KEYGEN_URANDOMKEY)) {
+ warnx("can't preserve randomly generated key");
goto bail;
+ }
for (kg=oldp->keygen; kg; kg=kg->next)
- if (kg->kg_method == KEYGEN_RANDOMKEY)
+ if ((kg->kg_method == KEYGEN_RANDOMKEY) ||
+ (kg->kg_method == KEYGEN_URANDOMKEY)) {
+ warnx("can't preserve randomly generated key");
goto bail;
+ }
if (!params_verify(oldp)) {
warnx("invalid old parameters file \"%s\"", *argv);
CVS commit: src/sbin/cgdconfig
Module Name:src
Committed By: elric
Date: Sat Nov 27 17:08:37 UTC 2010
Modified Files:
src/sbin/cgdconfig: cgdconfig.c pkcs5_pbkdf2.c
Log Message:
Remove trailing whitespace (patch provided by: Taylor R Campbell
)
To generate a diff of this commit:
cvs rdiff -u -r1.28 -r1.29 src/sbin/cgdconfig/cgdconfig.c
cvs rdiff -u -r1.14 -r1.15 src/sbin/cgdconfig/pkcs5_pbkdf2.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sbin/cgdconfig/cgdconfig.c
diff -u src/sbin/cgdconfig/cgdconfig.c:1.28 src/sbin/cgdconfig/cgdconfig.c:1.29
--- src/sbin/cgdconfig/cgdconfig.c:1.28 Tue Sep 8 21:36:35 2009
+++ src/sbin/cgdconfig/cgdconfig.c Sat Nov 27 17:08:36 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: cgdconfig.c,v 1.28 2009/09/08 21:36:35 pooka Exp $ */
+/* $NetBSD: cgdconfig.c,v 1.29 2010/11/27 17:08:36 elric Exp $ */
/*-
* Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#ifndef lint
__COPYRIGHT("@(#) Copyright (c) 2002, 2003\
The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: cgdconfig.c,v 1.28 2009/09/08 21:36:35 pooka Exp $");
+__RCSID("$NetBSD: cgdconfig.c,v 1.29 2010/11/27 17:08:36 elric Exp $");
#endif
#include
@@ -393,7 +393,7 @@
}
/*ARGSUSED*/
-/*
+/*
* XXX take, and pass through, a compat flag that indicates whether we
* provide backwards compatibility with a previous bug. The previous
* behaviour is indicated by the keygen method pkcs5_pbkdf2, and a
@@ -795,7 +795,7 @@
ret = 0;
for (kg = p->keygen; kg && !ret; kg = kg->next) {
- if ((kg->kg_method != KEYGEN_PKCS5_PBKDF2_SHA1) &&
+ if ((kg->kg_method != KEYGEN_PKCS5_PBKDF2_SHA1) &&
(kg->kg_method != KEYGEN_PKCS5_PBKDF2_OLD ))
continue;
Index: src/sbin/cgdconfig/pkcs5_pbkdf2.c
diff -u src/sbin/cgdconfig/pkcs5_pbkdf2.c:1.14 src/sbin/cgdconfig/pkcs5_pbkdf2.c:1.15
--- src/sbin/cgdconfig/pkcs5_pbkdf2.c:1.14 Mon Apr 28 20:23:08 2008
+++ src/sbin/cgdconfig/pkcs5_pbkdf2.c Sat Nov 27 17:08:37 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: pkcs5_pbkdf2.c,v 1.14 2008/04/28 20:23:08 martin Exp $ */
+/* $NetBSD: pkcs5_pbkdf2.c,v 1.15 2010/11/27 17:08:37 elric Exp $ */
/*-
* Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@@ -46,7 +46,7 @@
#include
#ifndef lint
-__RCSID("$NetBSD: pkcs5_pbkdf2.c,v 1.14 2008/04/28 20:23:08 martin Exp $");
+__RCSID("$NetBSD: pkcs5_pbkdf2.c,v 1.15 2010/11/27 17:08:37 elric Exp $");
#endif
#include
@@ -93,7 +93,7 @@
if (first_time) {
(void)memcpy(r, tmp, PRF_BLOCKLEN);
first_time = 0;
- } else
+ } else
memxor(r, tmp, PRF_BLOCKLEN);
(void)memcpy(data, tmp, PRF_BLOCKLEN);
datalen = PRF_BLOCKLEN;
@@ -128,7 +128,7 @@
/* Step 3 */
for (i = 0; i < l; i++)
- prf_iterate(*r + (PRF_BLOCKLEN * i), P, Plen, S, Slen, c,
+ prf_iterate(*r + (PRF_BLOCKLEN * i), P, Plen, S, Slen, c,
(compat?i:i+1));
/* Step 4 and 5
CVS commit: src/sbin/cgdconfig
Module Name:src
Committed By: joerg
Date: Tue Mar 30 14:26:55 UTC 2010
Modified Files:
src/sbin/cgdconfig: cgdconfig.8
Log Message:
\\ -> \e
To generate a diff of this commit:
cvs rdiff -u -r1.29 -r1.30 src/sbin/cgdconfig/cgdconfig.8
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sbin/cgdconfig/cgdconfig.8
diff -u src/sbin/cgdconfig/cgdconfig.8:1.29 src/sbin/cgdconfig/cgdconfig.8:1.30
--- src/sbin/cgdconfig/cgdconfig.8:1.29 Mon Oct 19 14:35:04 2009
+++ src/sbin/cgdconfig/cgdconfig.8 Tue Mar 30 14:26:55 2010
@@ -1,4 +1,4 @@
-.\" $NetBSD: cgdconfig.8,v 1.29 2009/10/19 14:35:04 wiz Exp $
+.\" $NetBSD: cgdconfig.8,v 1.30 2010/03/30 14:26:55 joerg Exp $
.\"
.\" Copyright (c) 2002, The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -367,7 +367,7 @@
verify_method none;
keygen pkcs5_pbkdf2/sha1 {
iterations 39361;
- salt gMoHiYonye6Kog \\
+ salt gMoHiYonye6Kog \e
dYJAobCHE=;
};
.Ed
@@ -378,7 +378,7 @@
iv-method encblkno1;
keylength 256;
verify_method none;
- keygen storedkey key AAABAK3QO6d7xzLfrXTdsgg4 \\
+ keygen storedkey key AAABAK3QO6d7xzLfrXTdsgg4 \e
ly2TdxkFqOkYYcbyUKu/f60L;
.Ed
.Pp
CVS commit: src/sbin/cgdconfig
Module Name:src
Committed By: christos
Date: Wed Oct 28 20:59:46 UTC 2009
Modified Files:
src/sbin/cgdconfig: cgdlex.l
Log Message:
no unput
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/sbin/cgdconfig/cgdlex.l
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sbin/cgdconfig/cgdlex.l
diff -u src/sbin/cgdconfig/cgdlex.l:1.3 src/sbin/cgdconfig/cgdlex.l:1.4
--- src/sbin/cgdconfig/cgdlex.l:1.3 Sat May 10 23:15:21 2008
+++ src/sbin/cgdconfig/cgdlex.l Wed Oct 28 16:59:46 2009
@@ -1,5 +1,5 @@
%{
-/* $NetBSD: cgdlex.l,v 1.3 2008/05/11 03:15:21 elric Exp $ */
+/* $NetBSD: cgdlex.l,v 1.4 2009/10/28 20:59:46 christos Exp $ */
/*-
* Copyright (c) 2003 The NetBSD Foundation, Inc.
@@ -32,7 +32,7 @@
#include
#ifndef lint
-__RCSID("$NetBSD: cgdlex.l,v 1.3 2008/05/11 03:15:21 elric Exp $");
+__RCSID("$NetBSD: cgdlex.l,v 1.4 2009/10/28 20:59:46 christos Exp $");
#endif
#include
@@ -41,6 +41,7 @@
#include "utils.h"
#include "cgdparse.h"
+#define YY_NO_UNPUT
/*
* We use macros here to separate the C from the tokeniser, to
* ease reading each.
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: wiz Date: Mon Oct 19 14:35:05 UTC 2009 Modified Files: src/sbin/cgdconfig: cgdconfig.8 Log Message: Document -n, from Jukka Ruohonen in private mail. Bump date. To generate a diff of this commit: cvs rdiff -u -r1.28 -r1.29 src/sbin/cgdconfig/cgdconfig.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sbin/cgdconfig/cgdconfig.8 diff -u src/sbin/cgdconfig/cgdconfig.8:1.28 src/sbin/cgdconfig/cgdconfig.8:1.29 --- src/sbin/cgdconfig/cgdconfig.8:1.28 Fri Sep 12 16:51:55 2008 +++ src/sbin/cgdconfig/cgdconfig.8 Mon Oct 19 14:35:04 2009 @@ -1,4 +1,4 @@ -.\" $NetBSD: cgdconfig.8,v 1.28 2008/09/12 16:51:55 christos Exp $ +.\" $NetBSD: cgdconfig.8,v 1.29 2009/10/19 14:35:04 wiz Exp $ .\" .\" Copyright (c) 2002, The NetBSD Foundation, Inc. .\" All rights reserved. @@ -27,7 +27,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd September 12, 2008 +.Dd October 19, 2009 .Dt CGDCONFIG 8 .Os .Sh NAME @@ -100,6 +100,9 @@ Specify the IV method (default: encblkno1). .It Fl k Ar kgmeth Specify the key generation method (default: pkcs5_pbkdf2/sha1). +.It Fl n +Do not actually configure or unconfigure a cryptographic disk +device, but instead report the steps that would be taken. .It Fl o Ar outfile When generating a .Ar paramsfile ,
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: pooka Date: Thu Sep 10 09:10:29 UTC 2009 Modified Files: src/sbin/cgdconfig: cgd_kernelops.h Log Message: fix LP64 builds. yay, C type system. patch from Joachim Kuebart To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 src/sbin/cgdconfig/cgd_kernelops.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sbin/cgdconfig/cgd_kernelops.h diff -u src/sbin/cgdconfig/cgd_kernelops.h:1.1 src/sbin/cgdconfig/cgd_kernelops.h:1.2 --- src/sbin/cgdconfig/cgd_kernelops.h:1.1 Tue Sep 8 21:36:35 2009 +++ src/sbin/cgdconfig/cgd_kernelops.h Thu Sep 10 09:10:29 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: cgd_kernelops.h,v 1.1 2009/09/08 21:36:35 pooka Exp $ */ +/* $NetBSD: cgd_kernelops.h,v 1.2 2009/09/10 09:10:29 pooka Exp $ */ /* * Copyright (c) 2009 The NetBSD Foundation, Inc. @@ -38,7 +38,7 @@ int (*ko_open)(const char *, int, mode_t); int (*ko_ioctl)(int, unsigned long, void *); int (*ko_close)(int); - int (*ko_pread)(int, void *, size_t, off_t); + ssize_t (*ko_pread)(int, void *, size_t, off_t); }; extern const struct cgd_kernelops cgd_kops;
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: pooka Date: Tue Sep 8 22:16:57 UTC 2009 Added Files: src/sbin/cgdconfig: cgdconfig.h Log Message: Remember to add cgdconfig.h too. To generate a diff of this commit: cvs rdiff -u -r0 -r1.1 src/sbin/cgdconfig/cgdconfig.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Added files: Index: src/sbin/cgdconfig/cgdconfig.h diff -u /dev/null src/sbin/cgdconfig/cgdconfig.h:1.1 --- /dev/null Tue Sep 8 22:16:57 2009 +++ src/sbin/cgdconfig/cgdconfig.h Tue Sep 8 22:16:56 2009 @@ -0,0 +1,34 @@ +/* $NetBSD: cgdconfig.h,v 1.1 2009/09/08 22:16:56 pooka Exp $ */ + +/* + * Copyright (c) 2009 The NetBSD Foundation, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + *notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + *notice, this list of conditions and the following disclaimer in the + *documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef _SBIN_CGDCONFIG_H_ +#define _SBIN_CGDCONFIG_H_ + +int cgdconfig(int, char **); + +#endif /* _SBIN_CGDCONFIG_H_ */
CVS commit: src/sbin/cgdconfig
Module Name:src
Committed By: pooka
Date: Tue Sep 8 21:36:35 UTC 2009
Modified Files:
src/sbin/cgdconfig: Makefile cgdconfig.c
Added Files:
src/sbin/cgdconfig: Makefile.cgdconfig cgd_kernelops.c cgd_kernelops.h
Log Message:
* allow specification of kernel operations vector
* make it possible to build cgdconfig as a library
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 src/sbin/cgdconfig/Makefile
cvs rdiff -u -r0 -r1.1 src/sbin/cgdconfig/Makefile.cgdconfig \
src/sbin/cgdconfig/cgd_kernelops.c src/sbin/cgdconfig/cgd_kernelops.h
cvs rdiff -u -r1.27 -r1.28 src/sbin/cgdconfig/cgdconfig.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sbin/cgdconfig/Makefile
diff -u src/sbin/cgdconfig/Makefile:1.11 src/sbin/cgdconfig/Makefile:1.12
--- src/sbin/cgdconfig/Makefile:1.11 Mon Apr 20 16:05:30 2009
+++ src/sbin/cgdconfig/Makefile Tue Sep 8 21:36:35 2009
@@ -1,20 +1,10 @@
-# $NetBSD: Makefile,v 1.11 2009/04/20 16:05:30 drochner Exp $
+# $NetBSD: Makefile,v 1.12 2009/09/08 21:36:35 pooka Exp $
PROG= cgdconfig
MAN= cgdconfig.8
-SRCS= cgdconfig.c \
- cgdlex.l \
- cgdparse.y \
- pkcs5_pbkdf2.c \
- params.c \
- utils.c
+SRCS+= cgd_kernelops.c
-CPPFLAGS+= -I${.CURDIR} -I. -DYY_NO_INPUT
-
-YHEADER=1
-
-DPADD= ${LIBUTIL} ${LIBCRYPTO} ${LIBCRYPT} ${LIBY} ${LIBL}
-LDADD= -lutil -lcrypto -lcrypt -ly -ll
+.include "${.CURDIR}/Makefile.cgdconfig"
.include
Index: src/sbin/cgdconfig/cgdconfig.c
diff -u src/sbin/cgdconfig/cgdconfig.c:1.27 src/sbin/cgdconfig/cgdconfig.c:1.28
--- src/sbin/cgdconfig/cgdconfig.c:1.27 Thu Jul 24 19:07:36 2008
+++ src/sbin/cgdconfig/cgdconfig.c Tue Sep 8 21:36:35 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: cgdconfig.c,v 1.27 2008/07/24 19:07:36 christos Exp $ */
+/* $NetBSD: cgdconfig.c,v 1.28 2009/09/08 21:36:35 pooka Exp $ */
/*-
* Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@@ -33,7 +33,7 @@
#ifndef lint
__COPYRIGHT("@(#) Copyright (c) 2002, 2003\
The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: cgdconfig.c,v 1.27 2008/07/24 19:07:36 christos Exp $");
+__RCSID("$NetBSD: cgdconfig.c,v 1.28 2009/09/08 21:36:35 pooka Exp $");
#endif
#include
@@ -59,6 +59,8 @@
#include "params.h"
#include "pkcs5_pbkdf2.h"
#include "utils.h"
+#include "cgd_kernelops.h"
+#include "cgdconfig.h"
#define CGDCONFIG_DIR "/etc/cgd"
#define CGDCONFIG_CFILE CGDCONFIG_DIR "/cgd.conf"
@@ -168,9 +170,18 @@
*action = value;
}
+#ifndef CGDCONFIG_AS_LIB
int
main(int argc, char **argv)
{
+
+ return cgdconfig(argc, argv);
+}
+#endif
+
+int
+cgdconfig(int argc, char *argv[])
+{
struct params *p;
struct params *tp;
struct keygen *kg;
@@ -447,7 +458,7 @@
if (flags == CONFIG_FLAGS_FROMALL && (argc < 2 || argc > 3))
return -1;
- fd = opendisk(*argv, O_RDWR, buf, sizeof(buf), 1);
+ fd = opendisk1(*argv, O_RDWR, buf, sizeof(buf), 1, cgd_kops.ko_open);
if (fd == -1) {
int saved_errno = errno;
@@ -464,7 +475,7 @@
return 0;
ret = unconfigure_fd(fd);
- (void)close(fd);
+ (void)cgd_kops.ko_close(fd);
return ret;
}
@@ -473,7 +484,7 @@
{
struct cgd_ioctl ci;
- if (ioctl(fd, CGDIOCCLR, &ci) == -1) {
+ if (cgd_kops.ko_ioctl(fd, CGDIOCCLR, &ci) == -1) {
warn("ioctl");
return -1;
}
@@ -572,7 +583,7 @@
break;
(void)unconfigure_fd(fd);
- (void)close(fd);
+ (void)cgd_kops.ko_close(fd);
if (!loop) {
warnx("verification failed permanently");
@@ -583,11 +594,11 @@
}
params_free(p);
- (void)close(fd);
+ (void)cgd_kops.ko_close(fd);
return 0;
bail_err:
params_free(p);
- (void)close(fd);
+ (void)cgd_kops.ko_close(fd);
return -1;
}
@@ -646,7 +657,7 @@
return 0;
}
- fd = opendisk(cgd, O_RDWR, buf, buflen, 0);
+ fd = opendisk1(cgd, O_RDWR, buf, buflen, 0, cgd_kops.ko_open);
if (fd == -1)
warnx("can't open cgd \"%s\", \"%s\"", cgd, buf);
@@ -680,7 +691,7 @@
if (nflag)
return 0;
- if (ioctl(fd, CGDIOCSET, &ci) == -1) {
+ if (cgd_kops.ko_ioctl(fd, CGDIOCSET, &ci) == -1) {
int saved_errno = errno;
warn("ioctl");
return saved_errno;
@@ -728,7 +739,7 @@
* partition information.
*/
- ret = pread(fd, buf, 8192, 0);
+ ret = cgd_kops.ko_pread(fd, buf, 8192, 0);
if (ret < 0) {
warn("can't read disklabel area");
return -1;
@@ -753,7 +764,7 @@
} u;
ssize_t ret;
- ret = pread(fd, &u, sizeof(u), sblock_try[i]);
+ ret = cgd_kops.ko_pread(fd, &u, sizeof(u), sblock_try[i]);
if (ret < 0) {
warn("pread");
break;
Added files:
Index: src/sbin/cgdconfig/Makefile.cgdconfig
diff -u /dev/null src/sbin/cgdconfig/Makefile.cgdconfig:1.1
--- /dev/null Tue Sep 8 21:36:35 2009
+++ src/sbin/cgdconfig/Makefile.cgdconfig Tue Sep 8 21:36:35 2009
@@ -0,0 +1,24 @@
+# $NetBSD: Makefile.cgdconfig,v 1.1 2009/09/08 21:36:35 pooka Exp $
+#
+
+SRCS+= cgdconfig.c \
+ cgdlex.l \
+ cgdparse.y \
+ pkcs5_pbkdf2.c \
+ params.c \
+ utils.c
+
+CPPF
CVS commit: src/sbin/cgdconfig
Module Name:src
Committed By: lukem
Date: Sat Apr 11 07:40:37 UTC 2009
Modified Files:
src/sbin/cgdconfig: utils.c
Log Message:
fix sign-compare issues
To generate a diff of this commit:
cvs rdiff -u -r1.19 -r1.20 src/sbin/cgdconfig/utils.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sbin/cgdconfig/utils.c
diff -u src/sbin/cgdconfig/utils.c:1.19 src/sbin/cgdconfig/utils.c:1.20
--- src/sbin/cgdconfig/utils.c:1.19 Sun May 11 03:15:21 2008
+++ src/sbin/cgdconfig/utils.c Sat Apr 11 07:40:37 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: utils.c,v 1.19 2008/05/11 03:15:21 elric Exp $ */
+/* $NetBSD: utils.c,v 1.20 2009/04/11 07:40:37 lukem Exp $ */
/*-
* Copyright (c) 2002, 2003 The NetBSD Foundation, Inc.
@@ -31,7 +31,7 @@
#include
#ifndef lint
-__RCSID("$NetBSD: utils.c,v 1.19 2008/05/11 03:15:21 elric Exp $");
+__RCSID("$NetBSD: utils.c,v 1.20 2009/04/11 07:40:37 lukem Exp $");
#endif
#include
@@ -303,7 +303,7 @@
int
bits_match(const bits_t *b1, const bits_t *b2)
{
- int i;
+ size_t i;
if (b1->length != b2->length)
return 0;
@@ -319,7 +319,7 @@
bits_xor(const bits_t *x1, const bits_t *x2)
{
bits_t *b;
- int i;
+ size_t i;
b = emalloc(sizeof(*b));
b->length = MAX(x1->length, x2->length);
