From owner-freebsd-audit@FreeBSD.ORG  Thu Mar 17 13:46:19 2005
Return-Path: <owner-freebsd-audit@FreeBSD.ORG>
Delivered-To: freebsd-audit@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 2376916A4CE; Thu, 17 Mar 2005 13:46:19 +0000 (GMT)
Received: from ss.eunet.cz (ss.eunet.cz [193.85.228.13])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 4AAC143D5D; Thu, 17 Mar 2005 13:46:18 +0000 (GMT)
	(envelope-from mime@traveller.cz)
Received: from localhost.i.cz (ss.eunet.cz [193.85.228.13])
	by ss.eunet.cz (8.13.1/8.13.1) with ESMTP id j2HDkEev064035;
	Thu, 17 Mar 2005 14:46:14 +0100 (CET)
	(envelope-from mime@traveller.cz)
From: Michal Mertl <mime@traveller.cz>
To: Anton Berezin <tobez@freebsd.org>
In-Reply-To: <20050317110538.GA61247@heechee.tobez.org>
References: <20050317110538.GA61247@heechee.tobez.org>
Content-Type: text/plain
Date: Thu, 17 Mar 2005 14:46:13 +0100
Message-Id: <1111067173.670.14.camel@genius2.i.cz>
Mime-Version: 1.0
X-Mailer: Evolution 2.0.4 FreeBSD GNOME Team Port 
Content-Transfer-Encoding: 7bit
cc: cperciva@freebsd.org
cc: freebsd-audit@freebsd.org
Subject: Re: [PATCH] review requested, add sha256 to mtree + small fixes
X-BeenThere: freebsd-audit@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: FreeBSD Security Audit <freebsd-audit.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-audit>,
	<mailto:freebsd-audit-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-audit>
List-Post: <mailto:freebsd-audit@freebsd.org>
List-Help: <mailto:freebsd-audit-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-audit>,
	<mailto:freebsd-audit-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Mar 2005 13:46:19 -0000

Anton Berezin wrote:

> Since we now have sha256 in libmd, I think it is time to add it to
> mtree(1).

I think all longer sha variants should be added at the same time. There
are implementations of SHA-384 a SHA-512 already available in
src/sys/crypto/sha2.

ISTR someone is working at the moment on the cleanup of crypto
algorithms' implementations in the tree so that there's only one copy of
each or at most two (openssl and small-util/kernel one). Colin's sha256
implementation is IMHO a step in the wrong direction. He admitted he
hadn't known about the other implementation in the tree, otherwise he
probably wouldn't have written the new one in libmd.

I haven't looked at your patch, sorry.

Just my 2 cents.

Michal Mertl