WireGuard implementation for the OpenBSD kernel https://git.zx2c4.com/wireguard-openbsd/atom/sys/lib/libsa/softraid.c?h=jd%2Fqueueboosts 2018-08-10T16:41:35Z 2018-08-10T16:41:35Z jsing jsing@openbsd.org 2018-08-10T16:41:35Z urn:sha1:27bea9a3c7fdba43cfa7c5fb6f268efe98f7720b Historically, the softraid crypto support in the boot loaders has only given one attempt to provide the correct passphrase. There were a few reasons for this, including the fact that pkcs5_pbkdf2() allows an empty passphrase and that returning EPERM allowed for another attempt. With the event of KARL and the need for bsd.booted with hibernate resumption, this becomes much more of an issue - if you get the passphrase wrong you fail to resume. There are also other situations like using /etc/boot.conf to switch serial console, but an incorrect passphrase results in the config not being read. Also, bcrypt_pbkdf() does not permit empty passphrases. This reworks the softraid crypto support in the boot loaders so that it loops requesting a valid passphrase until one is provided, or an empty passphrase is entered (at which point it will abort). ok mortimer@ tb@ 2017-11-10T16:50:59Z sunil sunil@openbsd.org 2017-11-10T16:50:59Z urn:sha1:c5a202708cc86e06652bf6f5152bbc63c6d6fffb Inputs and ok jsing@. 2016-09-18T16:34:59Z jsing jsing@openbsd.org 2016-09-18T16:34:59Z urn:sha1:df1890a2d2078c7e4514e8b74146e8390b916a92 Based on a diff from djm@ 2016-09-11T17:49:36Z jsing jsing@openbsd.org 2016-09-11T17:49:36Z urn:sha1:94e1d41593133729fe996c9476ea70a0cc82c399 and softraid crypto key handling code.