--up2r7mkFEYHJ3y+X
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Last week, I sent out notice of an impending flag day for cgd(4)
changes. These were (in reverse of the original order):

> 2) There is an algorithm correctness fix for the pkcs5_pbkdf2 key
>    generation method.

With the help of a little creative naming, the necessity for an
disruptive reconfiguration around this issue has been avoided. =20

Some reconfiguration will still be required, as convenient to you,
before the backwards compatibilty code is eventually removed together
with support for other even older configuration files.

Detailed information on how to do this will be forthcoming shortly,
but in the meantime cgd users will see no immediate impact from this
first change. In fact, I committed the fix, together with backwards
compatible behaviour for existing config files, yesterday.

> 1) The blowfish cipher has a key length mismatch between cgdconfig(8)
>    and the kernel.

A flag day is still required for the blowfish issue.  These changes
will be committed today, around 8 hours from now, and a followup
message sent when its done.

This issue ONLY affects cgd users with the blowfish cipher. These
users will need to take special steps before next updating their
kernels. See below for further details.

These changes are being done now, since cgd(4) has not yet been part
of a formal NetBSD release, in order to avoid making these changes
compatible between releases later.  Once they are made, it is intended
that the back-port of cgd to the 1.6 branch can also be pulled up (it
was waiting on these changes).

Thanks for your attention, and please contact me if there are any
issues.

--
Dan.


BLOWFISH CIPHER USERS ONLY:
=09
I believe this affects a very small number of users other than myself;
indeed since several previous alert mails in an attempt to find them,
only 2 such users have come forward. They have both agreed the
requirement for backwards compatibility does not warrant the effort
nor the mess in the code.  This code does exist, if it should later
prove to be needed, but will not be in the tree.

Further, by the nature of the issue, I have strong reasons to believe
that, even if they missed these mails, there would be few other users
of blowfish who update their systems with any regularity; any such
users would have tripped over the problem in the same way I did when
it was first found over a year ago.

The fix is a kernel change, but the problem can be (was) exposed by
userland changes in the cgdconfig binary, compiler, libraries, etc.

The problem stems from two issues with the underlying blowfish
encryption routines used by cgd:
 - they take key length arguments counted in bytes, rather than bits
   like all the opther ciphers.
 - they silently truncate any keys longer than an internal limit,
   rather than returning an error (which would have exposed the=20
   previous discrepancy immediately).=20

As a result, the kernel reads too much data as the key from cgdconfig,
and then truncates most of it. This can easily be demonstrated/tested.
Currently, Blowfish users will find that if they mis-enter the cgd
passphrase on the first attempt, when validation fails and cgdconfig
prompts for the passphrase again, the cgd will not correctly configure
even when given a correct passphrase.

Blowfish users will need to dump their cgd's prior to installing a
kernel with the change, reboot into single user with a new kernel,
recreate the cgd and restore their filesystems. Once they have done
so, they will not be able to use the cgd with an old kernel, and will
not be able to use an old cgd image with a new kernel.

The current rev of src/sys/dev/cgd.c is 1.14; it will be 1.15 after
the change is committed.


--up2r7mkFEYHJ3y+X
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (NetBSD)

iD8DBQFAWOUgEAVxvV4N66cRAujcAJ4xv8q3ZJCp6oz6SOxm9BcS3tV1IQCfam+J
0K/qlkzvUfvOzsML9UM0mdI=
=N2ok
-----END PGP SIGNATURE-----

--up2r7mkFEYHJ3y+X--