| #
329175 |
|
12-Feb-2018 |
kevans |
MFC Loader Fixes 2017q4p7: r324844,r326089,r326926,r326440,r326484,r326494,
r326588,r326708,r326784,r326914,r327390,r328446,r326090,r326143,r326144,
r326182,r326384,r326421,r326440,r326441,r326442,r326443,r326444,r326445,
r326446,r326447,r326448,r326484,r326485,r326486,r326487,r326488,r326490,
r326491,r326492,r326493,r326494,r326495,r326504,r326507,r326509,r326584,
r326585,r326586,r326587,r326588,r326589,r326590,r326591,r326592,r326593,
r326594,r326600,r326616,r326671,r326707,r326708,r326709,r326710,r326711,
r326712,r326714,r326720,r326768,r326772,r326784,r326792,r326812,r326854,
r326855,r326856,r326858,r326886,r326887,r326914,r326926,r326927,r326960,
r326961,r326962,r326963,r327351,r327453,r327390,r327523,r327524,r326489,
r327880,r328437,r328438,r328439,r328441,r328446,r328448,r328449,r328612,
r328613,r328615
While here, undo our libfdt hack of not including <stdlib.h> if we're
compiling _STANDALONE.
r324844: When building standalone, don't define errno. Let the definition from
stand.h override. This is similar to what we do in the kernel.
r326089: loader.efi: efipart does not recognize partitionless disks
r326090: net_parse_rootpath() has no parameters
r326143: Fix theoretical integer overflow issues. If the product here is
r326144: Mark the func pointer as __dead2. It looks up loader_main, which
r326182: Modify all FreeBSD bootloaders on PowerPC AIM (Book-S) systems
r326384: Use const pointers to avoid casting away constness.
r326421: loader.efi: efipart should exclude iPXE stub block protocol
r326440: Remove stale dependency on ufsread.c
r326441: Minor flags cleanup
r326442: Cleanup CFALGS usage here
r326443: We don't need both _STAND and _STANDALONE, use the latter.
r326444: Move geli to common DO32 stuff
r326445: Fix random() and srandom() prototypes to match the standard.
r326446: Undefine _STANDALONE since this is test code.
r326447: Tweaks to the beri boot loader so that it builds w/o warnings.
r326448: Fix all warnings related to geli and ZFS support on x86.
r326484: Const poison the propname.
r326485: Delcare md_load in libofw.h. Make all prototypes match for ofw
r326486: Include machine/md_var to pick up __syncicache prototype.
r326487: Cast mdp (a vm_offset_t) to void * to match prototype.
r326488: e_entry can be smaller than a pointer. Cast it to an intptr_t
r326490: Declare our strange brand of main().
r326491: Disconnet ps3 from the build. There's too many warnings to fix.
r326492: Cast void * pointer to char * so the arg matches the %s format.
r326493: Provide a md_load64 prototype.
r326494: Mark two things as unused (since they are only sometimes used)
r326495: Now it's safe to bump WARNS to 1.
r326504: Switch to proper MK_LOADER_GELI tests.
r326507: increase maximum size of zfsboot
r326509: loader.efi: add note about iPXE into the efipart.c
r326584: When building standalone, include stand.h rather than the kernel
r326585: Include ficl.h before anything else
r326586: No need to include the userland md5.h, the kernel one is just fine.
r326587: Use the kernel relative paths, rather than the userland relative
paths
r326588: Need to include skein in the include path
r326589: Make sure we include the right path for skein.h
r326590: Prefer stdint.h to inttypes.h
r326591: This isn't NetBSD specific code. Include these for any kernel /
r326592: Don't inherit CFLAGS. This a specialized test program.
r326593: Stop building with the standard system headers.
r326594: Now that we offer a semi-sane standards-ish set of #include files,
stop hacking includes with sed.
r326600: Since this is contrib code, create an upstreamable version of my
r326616: dhcp_try_rfc1048() is not used any more
r326671: Avoid setting -Wno-tentative-definition-incomplete-type with gcc.
r326707: Add partial support signal.h functioanlity. Pull in
machine/signal.h
r326708: Remove _KERNEL hack now that errno.h does the right thing when
built standalone.
r326709: Provide implementations for iscntrl, ispunct and isgraph.
r326710: Put the files we're copying over into a few variables and clean
hings up.
r326711: Const poison a couple of interfaces.
r326712: Create interp class.
r326714: boot1.c needs EFI_ZFS_BOOT too, so add it globally.
r326720: This path belongs in ficl/Makefile, not the common defines for
users
r326768: Fix a comment to be more accurate
r326772: Fix regression with lua import
r326784: Revert part of 362772. It was causing problems for includes
r326792: Attempt to unbreak buildworld
r326812: Revert r326792, r326784, r326772, r326712
r326854: libefi: make efichar.h more usable in stand code
r326855: Cargo cut a fix for the regressions r326585 caused.
r326856: Fix comments after bump in size.
r326858: Revert r326855: Cargo cut a fix for the regressions r326585 caused.
r326886: Panic in sbrk if setheap hasn't been called yet. This is preferable
o a mysterious crash
r326887: Remove the 'mini libstand in libstand' that util.[ch] provided.
r326914: Move loader-only defines to loader.mk from defs.mk
r326926: Move loader help file definitions to being 100% inside of
loader.mk.
r326927: libficl is only ever used in a loader (never a boot) program. Move
it.
r326960: Simplify things a little. The RETURN macro isn't required.
r326961: Interact is always called with NULL. Simplify code a little
r326962: Hoist btx include stuff to i386/Makefile.inc
r326963: No need to use relative paths like this here.
r327351: Fix ubldr. uboot/lib uses defines for the loader.
r327453: Add a validbcd() routine that uses the bcd2bin_data[] array
r327390: Garbage-collect loader.ps3. It is currently disconnected from the
build and kboot replaces.
r327523: Don't clobber system LDFLAGS for beri boot loaders.
r327524: Use 'extern uint8_t' instead of 'extern void' for external symbols.
r326489: Allow this file to be used in libsa without warning...
r327880: Move getsecs() prototype to stand.h from net.h so it can be used
r328437: Split panic routine
r328438: Implement abort() as a call to panic.
r328439: Provide abs form stdlib.h.
r328441: abort() should be marked __dead2 since it won't return.
r328446: Now that exit is __dead2, we need to tag ub_exit() as __dead2.
r328448: Make exit() never return until host_exit can be written.
r328449: Tag unreachable places as such. I left the while (1); in place
r328612: Move strtold wrapper from strtol.c to its own strtold.c.
r328613: Kill copies of strtol and strtoul.
r328615: Update stand.h for changes for strto*l
PR: 223969
|
| #
327856 |
|
12-Jan-2018 |
asomers |
MFC r313962, r313972-r313973, r315230
r313962 by allanjude:
improve PBKDF2 performance
The PBKDF2 in sys/geom/eli/pkcs5v2.c is around half the speed it could be
GELI's PBKDF2 uses a simple benchmark to determine a number of iterations
that will takes approximately 2 seconds. The security provided is actually
half what is expected, because an attacker could use the optimized
algorithm to brute force the key in half the expected time.
With this change, all newly generated GELI keys will be approximately 2x
as strong. Previously generated keys will talk half as long to calculate,
resulting in faster mounting of encrypted volumes. Users may choose to
rekey, to generate a new key with the larger default number of iterations
using the geli(8) setkey command.
Security of existing data is not compromised, as ~1 second per brute force
attempt is still a very high threshold.
PR: 202365
Original Research: https://jbp.io/2015/08/11/pbkdf2-performance-matters/
Submitted by: Joe Pixton <jpixton@gmail.com> (Original Version), jmg (Later Version)
Reviewed by: ed, pjd, delphij
Approved by: secteam, pjd (maintainer)
Differential Revision: https://reviews.freebsd.org/D8236
r313972 by ngie:
Unbreak the build when "make obj" is executed beforehand
Using relative paths imply working directory (in this case .OBJDIR), whereas the
sources live in the .CURDIR-relative path.
X-MFC with: r313962
Pointyhat to: allanjude
Sponsored by: Dell EMC Isilon
r313973 by ngie:
A forced commit to note other portion of the Makefile change accidentally
committed in r313972
The code committed in r313962 implicitly relies on python 2.x to generate
testvect.h . There are a handful of issues with this approach:
- python is not an explicit build dependency for FreeBSD
- python 2.x is deprecated and will be removed sometime in the future
(potentially before 11.x's EOL), and the script does not function with
python 3.5 (it uses deprecated idioms and incompatible function calls).
- python(1) (by default) lives in /usr/local/bin (${LOCALBASE}/bin) and
gentestvect.py is a dependency of testvect.h (prior to r313972) which
means that if the mtime of the generator script was newer than the
mtime of the test vector, it could cause a spurious build failure in
build time or at install time.
A better solution using C/C++ should be devised.
Discussed with: allanjude
X-MFC with: r313962, r313972
Sponsored by: Dell EMC Isilon
r315230 by ngie:
Move .../sys/geom/eli/pbkdf2... to .../sys/geom/class/eli/...
This change moves the tests added in r313962 to an existing directory
structure used by the geli TAP tests. It also, renames the test from
pbkdf2 to pbkdf2_test .
The changes to ObsoleteFiles.inc are being committed separately as they
aren't needed for the MFC to ^/stable/11, etc, if the MFC for the tests
is done all in one commit.
X-MFC with: r313962, r313972-r313973
Reviewed by: allanjude
Sponsored by: Dell EMC Isilon
Differential Revision: D9985
|