- Copy stable/10 (r259064) to releng/10.0 as part of the
10.0-RELEASE cycle.
- Update __FreeBSD_version [1]
- Set branch name to -RC1

[1] 10.0-CURRENT __FreeBSD_version value ended at '55', so
start releng/10.0 at '100' so the branch is started with
a value ending in zero.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Sweep man pages replacing ad -> ada.

Approved by: re (blackend)
MFC after: 1 week
X-MFC note: stable/9 only

Add the Clang specific -Wmissing-variable-declarations to WARNS=6.

This compiler flag enforces that that people either mark variables
static or use an external declarations for the variable, similar to how
-Wmissing-prototypes works for functions.

Due to the fact that Yacc/Lex generate code that cannot trivially be
changed to not warn because of this (lots of yy* variables), add a
NO_WMISSING_VARIABLE_DECLARATIONS that can be used to turn off this
specific compiler warning.

Announced on: toolchain@

Use NO_WCAST_ALIGN for sbin/gbde, this is more appropriate to fix the
alignment warnings than using WARNS=3, and it also works for clang.

MFC after: 1 week

MFtbemd:

Prefer MACHNE_CPUARCH to MACHINE_ARCH in most contexts where you want
to test of all the CPUs of a given family conform.

Remove dead variable assignments

Found by: clang static analyzer
Verified by: md5(1)

Bump WARNS where possible.

Checked by: make universe
Approved by: ed (co-mentor)

Remove temporary files when there are no longer needed.

Markup fixes.

Teach gbde(8) to use a key file in addition to a passphrase. This
makes it practical to use GBDE for "something you have plus something
you know" security together with a USB flash drive.

Reviewed by: phk
MFC after: 7 days

gbde(8) is also rejndael user.

Reported by: phk

- Fixed description of the "destroy" command options.
- Document the "nuke" command.
- Mention which commands correspond to which functions.

- Sort options.
- Put 'break' into separate line.

Fix whitespace.

- Remove bogus O_CREAT flag. We really don't want to create a file here.

PR: bin/67793
Submitted by: Amir Shalem <amir@boom.org.il>

- Sync usage with manual page.

Approved by: phk
MFC after: 1 week

Fix a type bug which sometimes wrote unusable lock sectors on the disk.

Allow to setup GBDE on providers which contain '/' in their names,
e.g. mirror/<name>, stripe/<name>.

Approved by: phk

o Fix semantics of comparison function for qsort(3). According to qsort(3)
manpage:

The comparison function must return an integer less than, equal to, or
greater than zero if the first argument is considered to be respectively
less than, equal to, or greater than the second.

Therefore, simply returning "arg1 > arg2" is incorrect. Actually it works
but for the number of items to be sorted less than 7 due to special case
handling in qsort(3);

o add missing '\n' to one of usage() calls.

Approved by: phk

Fix typo

Submitted by: edwin

Assorted markup, grammar, and spelling fixes.

Fix the last and most important bit of the test case to test the same
binary as the rest of it.

Add MD5 check that the md(4) device gets set up correctly.

Don't create a template file if we're not going to let the user edit it.

Fixed some non-critical memory leaks and one temporary file leak
(theoretical).

Approved by: phk, scottl (mentor)

Mechanical whitespace cleanup. Also, note that previous commit was

Sponsored by: Teleplan AS

Remove newline characters from error strings.

Clarify that the encrypted device is called foo.bde and mention that
unmounting it before detaching GBDE is a good idea.

Insisted on by: Flemming Jacobsen <fj@batmule.dk>
Approveed by: re@

Make the regression test run also with obj directories.

Insert an overview of the plans here, in case I get run over by a bus.

I think it is more correct to use modfind() than kldfind() here.

Improve regression test with an image file which must work.

Autoload kernel module if necessary.

Submitted by: mr

Interior decoration changes.

Simplify the GEOM OAM api: Drop the request type, and let everything
hinge on the "verb" parameter which the class gets to interpret as
it sees fit.

Move the entire request into the kernel and move changed parameters
back when done.

Moved libgeom.so dependencies to where they belong.

Reviewed by: phk
Approved by: re (scottl)

Normalize, fix ``make checkdpadd''.

Avoid off_t -> integer overflow when sorting the locksector addresses.

Don't pull in geom_enc.c any more.

Use new GEOM OAM. Kernels have supported this for a number of days, so
people should be OK.

Remove reference to unavailable paper.

Fix two unsafe uses of sprintf().

Correct some err() format string bugs.

Solve another bug in the mapping code: correctly skip lock sectors.
Make sure sector zero is protected if it contains metadata.

Lower WARNS for gbde to 3 on non-i386 archs. rijndael-fst is evil
but appearntly does the right thing and passes the test-vectors.

MFC Candidate.

Fix two blunders in the mapping functions which can lead to corrupt data,
for request sizes larger than the sectorsize or for multi-key setups.

See warning mailed to current@ for details of recovery.

Found by: Marcus Reid <marcus@blazingdot.com>

Untwist a twisty bit of logic which gcc for some reason cannot see
through on ia64.

A couple of stylistic improvements.

mdoc(7) police: markup overhaul.

Approved by: re

Synchronize usage() with reality.
Semi-automatic handling of /dev prefix for device names.

Sponsored by: DARPA & NAI Labs.
Approved by: re (blanket)

De-danglify the manual page.

Submitted by: ceri
Approved by: re (blanket)

o Bring the NOTICE section into the DESCRIPTION section and wrap it in
.Bf -emphasis ... .Ef
o Grammar/spelling

Sponsored by: DARPA, NAI Labs

Run a revision on the GBDE encryption facility.

Replace ARC4 with SHA2-512.
Change lock-structure encoding to use random ordering rather for obscurity.
Encrypt lock-structure with AES/256 instead of AES/128.
Change kkey derivation to be MD5 hash based.
Watch for malloc(M_NOWAIT) failures and ditch our cache when they happen.
Remove clause 3 of the license with NAI Labs consent.

Many thanks to "Lucky Green" <shamrock@cypherpunks.to> and "David
Wagner" <daw@cs.berkeley.edu>, for code reading, inputs and
suggestions.

This code has still not been stared at for 10 years by a gang of
hard-core cryptographers. Discretion advised.

NB: These changes result in the on-disk format changing: dump/restore needed.

Sponsored by: DARPA & NAI Labs.

Initialize the new salt field in the lock sector.

Sponsored by: DARPA & NAI Labs

I overlooked an absolute path.

Submitted by: Henric Jungheim <henric@attbi.com>

o Use .Cm for 'attach', 'detach', 'init', 'setkey', and 'destroy' commands
o Fix some punctuation and wording
o Wording consistency in command-line option documentation
o Make use of mdoc's markup a bit more (quoting and the like)

Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs

s/dettach/detach/g etc.

Pointed out by: chris

Use .PATH instead of VPATH.

Fix typo in man-page: man-section is 8.

Complete the Geom Based Disk Encryption: Add the OAM utility.

Sponsored by: DARPA and NAI Labs