Replace ARC4 with SHA2-512.
Change lock-structure encoding to use random ordering rather for obscurity.
Encrypt lock-structure with AES/256 instead of AES/128.
Change kkey derivation to be MD5 hash based.
Watch for malloc(M_NOWAIT) failures and ditch our cache when they happen.
Remove clause 3 of the license with NAI Labs consent.
Many thanks to "Lucky Green" <shamrock@cypherpunks.to> and "David
Wagner" <daw@cs.berkeley.edu>, for code reading, inputs and
suggestions.
This code has still not been stared at for 10 years by a gang of
hard-core cryptographers. Discretion advised.
NB: These changes result in the on-disk format changing: dump/restore needed.
Sponsored by: DARPA & NAI Labs.
getdiskinfo(). For the fixed-disk case, bpb->hid probably isn't
handled correctly, but I'm not sure if this is a serious problem since
the primary use of this program is to format floppy disks.
Reviewed by: phk
o Use DCE compliant UUID functions and provide local
implementations if they don't exist,
o Move dumping of the map to show.c and print the
partition type,
o Some cleanups and rearrangements.
The default GPT partition type is UFS. When no starting block
or size are specified, the tool will create a partition in the
first free space it find (or that fits, depending on the size).
code is directly copied from migrate.c. The intend is to express
migrate in terms of create and add. The functionality to add
partitions is not yet there.
Quoting luigi:
In order to make the userland code fully 64-bit clean it may
be necessary to commit other changes that may or may not cause
a minor change in the ABI.
Reviewed by: luigi
regarding 802.1 MAC and Mandatory Access Control (MAC). Some
potential for confusion remains further in other areas of the
system regarding Message Authentication Codes (MAC).
Requested by: wollman
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
interfaces using the 'mac' argument. Without MAC support in the
kernel, this does not change the behavior of ifconfig.
Approved by: re
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
result of an incomplete migration. An incomplete migration is
one where the MBR is not turned into a PMBR after creating the
GPT. This early in the game it's more convenient to allow the
inconsistency, because that avoids that we have to destroy the
MBR partitioning for now.
arbitrary commands when devices come and go in the device tree (which is
different than the /dev directory).
This is an initial version. Much of the planned power isn't here.
Instead of doing the full matching, we always run /etc/devd-generic.
/etc/devd.generic will go away at some point, I think.
I'm committing it in this early state so I can start getting feedback
from early adapters.
Approved by: re
o Fix some punctuation and wording
o Wording consistency in command-line option documentation
o Make use of mdoc's markup a bit more (quoting and the like)
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
command, permitting it to set FS_ACLS and FS_MULTILABEL administrative
flags on UFS file systems.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
