Date: Thu, 15 Oct 2015 11:49:02 -0400 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: Andriy Gapon <avg@FreeBSD.org> Cc: Alexander Motin <mav@FreeBSD.org>, src-committers@FreeBSD.org, svn-src-all@FreeBSD.org, svn-src-vendor@FreeBSD.org Subject: Re: svn commit: r289310 - vendor-sys/illumos/dist/common/zfs vendor-sys/illumos/dist/uts/common vendor-sys/illumos/dist/uts/common/crypto vendor-sys/illumos/dist/uts/common/crypto/io vendor-sys/illumos... Message-ID: <20151015154853.GA60326@mutt-hardenedbsd> In-Reply-To: <561FC3EC.7020706@FreeBSD.org> References: <201510141112.t9EBClT3022215@repo.freebsd.org> <561FC3EC.7020706@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--envbJBWh7q8WU6mo Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Oct 15, 2015 at 05:19:08PM +0200, Andriy Gapon wrote: > On 14/10/2015 13:12, Alexander Motin wrote: > > Author: mav > > Date: Wed Oct 14 11:12:47 2015 > > New Revision: 289310 > > URL: https://svnweb.freebsd.org/changeset/base/289310 > >=20 > > Log: > > 4185 add new cryptographic checksums to ZFS: SHA-512, Skein, Edon-R >=20 > Thank you very much for importing this complex commit. > I have one question below. >=20 > > Reviewed by: George Wilson <george.wilson@delphix.com> > > Reviewed by: Prakash Surya <prakash.surya@delphix.com> > > Reviewed by: Saso Kiselkov <saso.kiselkov@nexenta.com> > > Reviewed by: Richard Lowe <richlowe@richlowe.net> > > Approved by: Garrett D'Amore <garrett@damore.org> > > Author: Matthew Ahrens <mahrens@delphix.com> > > =20 > > illumos/illumos-gate@45818ee124adeaaf947698996b4f4c722afc6d1f > >=20 > > Added: > > vendor-sys/illumos/dist/uts/common/crypto/ > > vendor-sys/illumos/dist/uts/common/crypto/io/ > > vendor-sys/illumos/dist/uts/common/crypto/io/edonr_mod.c (contents,= props changed) > > vendor-sys/illumos/dist/uts/common/crypto/io/skein_mod.c (contents,= props changed) >=20 > Do we actually need these two file in the vendor area? > They look like illumos crypto drivers to me, so I think that it is > unlikely that we will have a use for them. Or do you have some big > plans about that? :-) =46rom a securitiy engineering perspective, it would be extremely nice to be able to use these additional hashing algorithms from elsewhere. Would it be possible to genericize them and integrate the ZFS support with that? HardenedBSD has a feature called Integriforce, which allows us to validate executables against a pre-computed list of hashes loaded into the kernel. It'd be extremely nice to add support for these other hashing algorithms. Thanks, --=20 Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --envbJBWh7q8WU6mo Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWH8rjAAoJEGqEZY9SRW7uIcEP/R8+znW/japTaYM6m74NizEJ tJAQ1HeewOtiI4ujQU+fGs8WkEyQNIa/hPI3IUOVBNKZDp31L3cHZnr6Eeo1UWHM pZUjIv1SzYHL1RhXVqNPWIruL8IoidOaYk/aftifMb/2nqhBfkEpOutPGwWx42UB 2s/ZaUtVzL/Ulq5mudxm3uZJtcIxlUP+tjTlWAm+62I4DxiH0PCEWzSNa/4JIjua g7YIp3u6fIZyMB0CPAoQsGFbudXAA55ETcPaAoSmc1+tCLAr2Dd8JWyW5pkBVeCm tiQSybyBZQK4h/ti/ei8EODi9Q5Rb18SRjgVzfHknP9/rBRzgo9fsLtgGlGFSc7N k1JEF9HMsZ85MIE2H+sqmKF7l/s8pg4rSqMQ6gzDWyzeYEkjoHhY8/krI4SLJJ1x afAIuHChqiBCEy04+w4Z8CQ1SXGrziKhD//akF+/WPJ0N5G8uPTMLNzDqd/XUYJI cKC34i4/625Fq51Aaf/olvoI+GUHQ0zGbawTEtafo3tFNcao4MNxS8hQPef3DIov jG0aaU7thVC2wYX0nQ/3SLTpLSW0zp1yYMgVv8jT+QN8nMk9gwbp/PsNnS2qYv5a hW8Qo8Ra+aoYN8h3Ym9dQVpd5Ga7nMRDvGs/uY2HPmbl0oemGLiOQBvVbk36MYth CKicxOBdalhE4wM7qzRy =o8so -----END PGP SIGNATURE----- --envbJBWh7q8WU6mo--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20151015154853.GA60326>