d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8ea4debe59
freebsd-dev/sys/geom/eli
History
Pawel Jakub Dawidek 9d18043979 Always initialize sc_ekey, because as of r238116 it is always used. 
If GELI provider was created on FreeBSD HEAD r238116 or later (but before this
change), it is using very weak keys and the data is not protected.
The bug was introduced on 4th July 2012.

One can verify if its provider was created with weak keys by running:

	# geli dump <provider> | grep version

If the version is 7 and the system didn't include this fix when provider was
initialized, then the data has to be backed up, underlying provider overwritten
with random data, system upgraded and provider recreated.

Reported by:	Fabian Keil <fk@fabiankeil.de>
Tested by:	Fabian Keil <fk@fabiankeil.de>
Discussed with:	so
MFC after:	3 days
2012-08-10 18:43:29 +00:00
..
g_eli_crypto.c Update copyright years. 2010-09-23 12:02:08 +00:00
g_eli_ctl.c Use correct part of the Master-Key for generating encryption keys. 2012-07-04 17:54:17 +00:00
g_eli_integrity.c Add missing period at the end of the error message 2012-05-13 23:27:06 +00:00
g_eli_key_cache.c Always initialize sc_ekey, because as of r238116 it is always used. 2012-08-10 18:43:29 +00:00
g_eli_key.c Correct a comment and correct style of a flag check. 2012-07-04 17:43:25 +00:00
g_eli_privacy.c Instead of allocating memory for all the keys at device attach, 2011-04-21 13:31:43 +00:00
g_eli.c Use correct part of the Master-Key for generating encryption keys. 2012-07-04 17:54:17 +00:00
g_eli.h Use correct part of the Master-Key for generating encryption keys. 2012-07-04 17:54:17 +00:00
pkcs5v2.c
pkcs5v2.h