CVS commit: src/sbin/cgdconfig

Module Name:src Committed By: riastradh Date: Tue Sep 13 10:14:32 UTC 2022 Modified Files: src/sbin/cgdconfig: cgdconfig.c Log Message: cgdconfig(8): Restore loop for password re-entry for non-shared keys. Fixes mistake in previous which changed the semantics in the case

CVS commit: src/sbin/cgdconfig

Module Name:src Committed By: riastradh Date: Tue Sep 13 10:14:32 UTC 2022 Modified Files: src/sbin/cgdconfig: cgdconfig.c Log Message: cgdconfig(8): Restore loop for password re-entry for non-shared keys. Fixes mistake in previous which changed the semantics in the case

CVS commit: src/sbin/cgdconfig

Module Name:src Committed By: riastradh Date: Tue Aug 30 08:48:42 UTC 2022 Modified Files: src/sbin/cgdconfig: cgdconfig.c Log Message: cgdconfig(8): Gracefully handle failed verification with shared keys. The first time each key is verified, if verification fails, we

CVS commit: src/sbin/cgdconfig

Module Name:src Committed By: riastradh Date: Tue Aug 30 08:48:42 UTC 2022 Modified Files: src/sbin/cgdconfig: cgdconfig.c Log Message: cgdconfig(8): Gracefully handle failed verification with shared keys. The first time each key is verified, if verification fails, we

CVS commit: src/sbin/cgdconfig

Module Name:src Committed By: riastradh Date: Fri Aug 12 10:49:47 UTC 2022 Modified Files: src/sbin/cgdconfig: cgdconfig.8 cgdconfig.c Log Message: cgdconfig(8): Handle -P/-S for shared keys with -G too. This way you can convert an existing parameters file to one that is

CVS commit: src/sbin/cgdconfig

Module Name:src Committed By: riastradh Date: Fri Aug 12 10:49:47 UTC 2022 Modified Files: src/sbin/cgdconfig: cgdconfig.8 cgdconfig.c Log Message: cgdconfig(8): Handle -P/-S for shared keys with -G too. This way you can convert an existing parameters file to one that is

CVS commit: src/sbin/cgdconfig

Module Name:src Committed By: riastradh Date: Fri Aug 12 10:49:35 UTC 2022 Modified Files: src/sbin/cgdconfig: cgdconfig.8 cgdconfig.c params.c params.h Log Message: cgdconfig(8): Add support for generating shared-key parameters files. Usage model: - Generate a

CVS commit: src/sbin/cgdconfig

Module Name:src Committed By: riastradh Date: Fri Aug 12 10:49:35 UTC 2022 Modified Files: src/sbin/cgdconfig: cgdconfig.8 cgdconfig.c params.c params.h Log Message: cgdconfig(8): Add support for generating shared-key parameters files. Usage model: - Generate a

CVS commit: src/sbin/cgdconfig

Module Name:src Committed By: christos Date: Tue May 17 18:56:30 UTC 2022 Modified Files: src/sbin/cgdconfig: Makefile Log Message: Use the Makefile.inc from libargon2 (fixes the vax build that requires a compiler hack). To generate a diff of this commit: cvs rdiff -u

CVS commit: src/sbin/cgdconfig

Module Name:src Committed By: christos Date: Tue May 17 18:56:30 UTC 2022 Modified Files: src/sbin/cgdconfig: Makefile Log Message: Use the Makefile.inc from libargon2 (fixes the vax build that requires a compiler hack). To generate a diff of this commit: cvs rdiff -u

Re: CVS commit: src/sbin/cgdconfig

Please test it. In HEAD today, and last week, and for probably a long time back into the past, /sbin/cgdconfig has threads, and /rescue/cgdconfig does not. I don"t know when argon2 support was added, or how to use it, but if you do, it should be simple to create an cgd in vnd using one, and then

Re: CVS commit: src/sbin/cgdconfig

On Mon, May 16, 2022 at 09:10:40AM +, Taylor R Campbell wrote: > Surely `disabling threads' just means cgdconfig can't take advantage > of parallelism to compute the same function in less time, not that > cgdconfig computes a different function or fails to compute the same > function, no? >

CVS commit: src/sbin/cgdconfig

Module Name:src Committed By: christos Date: Mon May 16 14:57:44 UTC 2022 Modified Files: src/sbin/cgdconfig: Makefile Log Message: make things behave just like before the libcrypt symbol renaming: The normal cgdconfig binary is built with threads and the crunched one in

CVS commit: src/sbin/cgdconfig

Module Name:src Committed By: christos Date: Mon May 16 14:57:44 UTC 2022 Modified Files: src/sbin/cgdconfig: Makefile Log Message: make things behave just like before the libcrypt symbol renaming: The normal cgdconfig binary is built with threads and the crunched one in

Re: CVS commit: src/sbin/cgdconfig

Date:Mon, 16 May 2022 09:10:40 + From:Taylor R Campbell Message-ID: <20220516090946.a3c4660...@jupiter.mumble.net> | > Please re-enable threads. They influence the output hash | > so by disabling threads you stop people from being able | > to decrypt their

Re: CVS commit: src/sbin/cgdconfig

> On May 16, 2022, at 5:10 AM, Taylor R Campbell wrote: > >> Date: Mon, 16 May 2022 04:49:22 + >> From: nia >> >> On Sun, May 15, 2022 at 03:53:27PM -0400, Christos Zoulas wrote: >>> Log Message: >>> Build argon2 inline so that crunched programs work. I also disabled threads >>> for now;

CVS commit: src/sbin/cgdconfig

Module Name:src Committed By: christos Date: Mon May 16 10:44:06 UTC 2022 Modified Files: src/sbin/cgdconfig: Makefile Log Message: Re-enable threads; apparently we get different results depending if we are threaded or not... This tastes like a bug. To generate a diff

CVS commit: src/sbin/cgdconfig

Module Name:src Committed By: christos Date: Mon May 16 10:44:06 UTC 2022 Modified Files: src/sbin/cgdconfig: Makefile Log Message: Re-enable threads; apparently we get different results depending if we are threaded or not... This tastes like a bug. To generate a diff

Re: CVS commit: src/sbin/cgdconfig

> Date: Mon, 16 May 2022 04:49:22 + > From: nia > > On Sun, May 15, 2022 at 03:53:27PM -0400, Christos Zoulas wrote: > > Log Message: > > Build argon2 inline so that crunched programs work. I also disabled threads > > for now; we can put them back if needed. > > Please re-enable threads.

Re: CVS commit: src/sbin/cgdconfig

On Sun, May 15, 2022 at 03:53:27PM -0400, Christos Zoulas wrote: > Log Message: > Build argon2 inline so that crunched programs work. I also disabled threads > for now; we can put them back if needed. Please re-enable threads. They influence the output hash so by disabling threads you stop people

CVS commit: src/sbin/cgdconfig

Module Name:src Committed By: christos Date: Sun May 15 19:53:27 UTC 2022 Modified Files: src/sbin/cgdconfig: Makefile Log Message: Build argon2 inline so that crunched programs work. I also disabled threads for now; we can put them back if needed. To generate a diff of

CVS commit: src/sbin/cgdconfig

Module Name:src Committed By: christos Date: Sun May 15 19:53:27 UTC 2022 Modified Files: src/sbin/cgdconfig: Makefile Log Message: Build argon2 inline so that crunched programs work. I also disabled threads for now; we can put them back if needed. To generate a diff of

CVS commit: src/sbin/cgdconfig

Module Name:src Committed By: nia Date: Sat Dec 4 15:03:58 UTC 2021 Modified Files: src/sbin/cgdconfig: cgdconfig.8 Log Message: cgdconfig.8: Use argon2id in examples To generate a diff of this commit: cvs rdiff -u -r1.51 -r1.52 src/sbin/cgdconfig/cgdconfig.8 Please

Re: CVS commit: src/sbin/cgdconfig

On Sun, Nov 28, 2021 at 07:42:55AM -0800, Jason Thorpe wrote: > > > > On Nov 27, 2021, at 6:01 PM, Christos Zoulas wrote: > > > > Module Name:src > > Committed By: christos > > Date: Sun Nov 28 02:01:30 UTC 2021 > > > > Modified Files: > > src/sbin/cgdconfig:

Re: CVS commit: src/sbin/cgdconfig

> On Nov 28, 2021, at 11:57 AM, Roland Illig wrote: > > Am 28.11.2021 um 17:37 schrieb Jason Thorpe: >>> On Nov 28, 2021, at 8:05 AM, Christos Zoulas >>> wrote: >>> >>> 1. which compilation flag should we add -pthread to? CFLAGS or >>> COPTS? What about c++? >> >> GCC defines some preprocessor

Re: CVS commit: src/sbin/cgdconfig

Am 28.11.2021 um 17:37 schrieb Jason Thorpe: On Nov 28, 2021, at 8:05 AM, Christos Zoulas wrote: 1. which compilation flag should we add -pthread to? CFLAGS or COPTS? What about c++? GCC defines some preprocessor macros in response to -pthread, so … CPPFLAGS? Perhaps a better choice is to

Re: CVS commit: src/sbin/cgdconfig

> On Nov 28, 2021, at 8:05 AM, Christos Zoulas wrote: > > The change is correct; this is how it is done everywhere else in the tree. > You are right about -pthread doing more than adding -lpthread, but > in that case, the -pthread should be added to CFLAGS/COPTS etc, > not LDADD so that it

Re: CVS commit: src/sbin/cgdconfig

The change is correct; this is how it is done everywhere else in the tree. You are right about -pthread doing more than adding -lpthread, but in that case, the -pthread should be added to CFLAGS/COPTS etc, not LDADD so that it is effective during the compilation phase too, not just the link

Re: CVS commit: src/sbin/cgdconfig

> On Nov 27, 2021, at 6:01 PM, Christos Zoulas wrote: > > Module Name: src > Committed By: christos > Date: Sun Nov 28 02:01:30 UTC 2021 > > Modified Files: > src/sbin/cgdconfig: Makefile > > Log Message: > -lpthread to LDADD (fixes lint build) This change is wrong. The

CVS commit: src/sbin/cgdconfig

Module Name:src Committed By: christos Date: Sun Nov 28 02:01:30 UTC 2021 Modified Files: src/sbin/cgdconfig: Makefile Log Message: -lpthread to LDADD (fixes lint build) To generate a diff of this commit: cvs rdiff -u -r1.16 -r1.17 src/sbin/cgdconfig/Makefile Please

CVS commit: src/sbin/cgdconfig

Module Name:src Committed By: christos Date: Sun Nov 28 02:01:30 UTC 2021 Modified Files: src/sbin/cgdconfig: Makefile Log Message: -lpthread to LDADD (fixes lint build) To generate a diff of this commit: cvs rdiff -u -r1.16 -r1.17 src/sbin/cgdconfig/Makefile Please

CVS commit: src/sbin/cgdconfig

Module Name:src Committed By: nia Date: Mon Nov 22 16:04:03 UTC 2021 Modified Files: src/sbin/cgdconfig: pkcs5_pbkdf2.c Log Message: cgdconfig(8): add some console feedback when calculating the number of pkcs5_pbkdf2 iterations To generate a diff of this commit: cvs

CVS commit: src/sbin/cgdconfig

Module Name:src Committed By: nia Date: Mon Nov 22 16:04:03 UTC 2021 Modified Files: src/sbin/cgdconfig: pkcs5_pbkdf2.c Log Message: cgdconfig(8): add some console feedback when calculating the number of pkcs5_pbkdf2 iterations To generate a diff of this commit: cvs

Re: CVS commit: src/sbin/cgdconfig

On Sat, Dec 29, 2018 at 01:33:23PM +, Alexander Nasonov wrote: > Christoph Badura wrote: > > On Thu, Dec 27, 2018 at 10:41:55PM +, Alexander Nasonov wrote: > > > Perhaps the simplest change would be to pass an unresolved (original) > > > name when composing a paramsfile. E.g. > > > > > >

Re: CVS commit: src/sbin/cgdconfig

On Thu, Dec 27, 2018 at 10:41:55PM +, Alexander Nasonov wrote: > Perhaps the simplest change would be to pass an unresolved (original) > name when composing a paramsfile. E.g. > > /etc/cgd/NAME=mylabel > /etc/cgd/ROOT.e Alas, this will break existing installations that e.g. use /etc/cgd/dkNN

Re: CVS commit: src/sbin/cgdconfig

Christoph Badura wrote: > Using /etc/cgd/ROOT. has the advantage that the cgd will configure > if the root device changes name, thus upholding POLA. > > E.g. moving disks from a controller that attaches sd(4)s to one that > attaches ld(4)s. I believe you can see that when dd'ing an image from >

Re: CVS commit: src/sbin/cgdconfig

On Thu, Dec 27, 2018 at 09:53:44PM +, Alexander Nasonov wrote: > Alexander Nasonov wrote: > > XXX Default paramsfile for NAME=label is /etc/cgd/dkNN (resolved wedge > > partition) and /etc/cgd/ROOT. for ROOT.. This isn't yet > > documented. IMO, it should be the other way around:

Re: CVS commit: src/sbin/cgdconfig

Robert Elz wrote: > Module Name: src > Committed By: kre > Date: Sat May 5 11:28:44 UTC 2018 > > Modified Files: > src/sbin/cgdconfig: cgdconfig.c > > Log Message: > Check whether the cgd device selected is available to be > configured,that is, not already in use, before

Re: CVS commit: src/sbin/cgdconfig

matthew green wrote: > "Alexander Nasonov" writes: > > XXX Using memset for wiping isn't a good idea because memset is likely > > optimised away by gcc. This should be revisited. > > use explicit_memset(3)? Yes, we should change memsets of sensitive buffers to explicit_memset but we also should

re: CVS commit: src/sbin/cgdconfig

"Alexander Nasonov" writes: > Module Name: src > Committed By: alnsn > Date: Wed May 9 18:11:56 UTC 2018 > > Modified Files: > src/sbin/cgdconfig: cgdconfig.8 cgdconfig.c > > Log Message: > Add '-e' option (echo the passphrase) and wipe the passphrase after use. > > XXX Using

Re: CVS commit: src/sbin/cgdconfig

Date:Wed, 9 May 2018 08:59:55 +0100 From:Alexander Nasonov Message-ID: <20180509075955.GA7743@neva> | Adding (argc > 0) check before calling opendisk1 fixes the crash. Thanks - and I see what is wrong now, but (for whatever reason) that did not

Re: CVS commit: src/sbin/cgdconfig

Alexander Nasonov wrote: > (gdb) b opendisk1 > (gdb) run -p > Starting program: > /home/alnsn/netbsd-current/clean/src/sbin/cgdconfig/obj/cgdconfig -p > > Breakpoint 1, 0x7f7ff78111f6 in opendisk1 () from /lib/libutil.so.7 > (gdb) x/s $rdi > 0x0: # path=NULL Adding (argc > 0) check

Re: CVS commit: src/sbin/cgdconfig

Robert Elz wrote: > Date:Tue, 8 May 2018 19:15:28 +0100 > From:Alexander Nasonov > Message-ID: <20180508180815.GA5990@neva> > > | I think it broke the tool. If you run > | > | cgdconfig -p > | > | it will crash. > > Sorry, I cannot

Re: CVS commit: src/sbin/cgdconfig

Date:Tue, 8 May 2018 19:15:28 +0100 From:Alexander Nasonov Message-ID: <20180508180815.GA5990@neva> | I think it broke the tool. If you run | | cgdconfig -p | | it will crash. Sorry, I cannot reproduce this, it looks to work OK to me. Can

Re: CVS commit: src/sbin/cgdconfig

Date:Tue, 8 May 2018 19:15:28 +0100 From:Alexander Nasonov Message-ID: <20180508180815.GA5990@neva> | I think it broke the tool. If you run | cgdconfig -p | it will crash. I shall take a look. kre

Re: CVS commit: src/sbin/cgdconfig

Robert Elz wrote: > Module Name: src > Committed By: kre > Date: Sat May 5 11:28:44 UTC 2018 > > Modified Files: > src/sbin/cgdconfig: cgdconfig.c > > Log Message: > Check whether the cgd device selected is available to be > configured,that is, not already in use, before