svn commit: r289310 - vendor-sys/illumos/dist/common/zfs vendor-sys/illumos/dist/uts/common vendor-sys/illumos/dist/uts/common/crypto vendor-sys/illumos/dist/uts/common/crypto/io vendor-sys/illumos...

Shawn Webb shawn.webb at hardenedbsd.org
Thu Oct 15 15:49:13 UTC 2015 

On Thu, Oct 15, 2015 at 05:19:08PM +0200, Andriy Gapon wrote:
> On 14/10/2015 13:12, Alexander Motin wrote:
> > Author: mav
> > Date: Wed Oct 14 11:12:47 2015
> > New Revision: 289310
> > URL: https://svnweb.freebsd.org/changeset/base/289310
> > 
> > Log:
> >   4185 add new cryptographic checksums to ZFS: SHA-512, Skein, Edon-R
> 
> Thank you very much for importing this complex commit.
> I have one question below.
> 
> >   Reviewed by: George Wilson <george.wilson at delphix.com>
> >   Reviewed by: Prakash Surya <prakash.surya at delphix.com>
> >   Reviewed by: Saso Kiselkov <saso.kiselkov at nexenta.com>
> >   Reviewed by: Richard Lowe <richlowe at richlowe.net>
> >   Approved by: Garrett D'Amore <garrett at damore.org>
> >   Author: Matthew Ahrens <mahrens at delphix.com>
> >   
> >   illumos/illumos-gate at 45818ee124adeaaf947698996b4f4c722afc6d1f
> > 
> > Added:
> >   vendor-sys/illumos/dist/uts/common/crypto/
> >   vendor-sys/illumos/dist/uts/common/crypto/io/
> >   vendor-sys/illumos/dist/uts/common/crypto/io/edonr_mod.c   (contents, props changed)
> >   vendor-sys/illumos/dist/uts/common/crypto/io/skein_mod.c   (contents, props changed)
> 
> Do we actually need these two file in the vendor area?
> They look like illumos crypto drivers to me, so I think that it is
> unlikely that we will have a use for them.  Or do you have some big
> plans about that? :-)

From a securitiy engineering perspective, it would be extremely nice to
be able to use these additional hashing algorithms from elsewhere. Would
it be possible to genericize them and integrate the ZFS support with
that?

HardenedBSD has a feature called Integriforce, which allows us to
validate executables against a pre-computed list of hashes loaded into
the kernel. It'd be extremely nice to add support for these other
hashing algorithms.

Thanks,

-- 
Shawn Webb
HardenedBSD

GPG Key ID:          0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89  3D9E 6A84 658F 5245 6EEE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/svn-src-all/attachments/20151015/8bd0cf69/attachment.bin>

More information about the svn-src-all mailing list