From owner-svn-src-all@freebsd.org Thu Oct 15 15:49:13 2015 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 26508A158E3 for ; Thu, 15 Oct 2015 15:49:13 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-qk0-f169.google.com (mail-qk0-f169.google.com [209.85.220.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D832561B for ; Thu, 15 Oct 2015 15:49:12 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: by qkap81 with SMTP id p81so40957608qka.2 for ; Thu, 15 Oct 2015 08:49:06 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=a8gfLratcTHOa0fJRjfmQlH3ZY2EGc+xLYvGHDFRwHE=; b=RIQYUxROmH/gjE732mwpJ7GrtJfvqwOzdoqaiogu1em1DnuxwcioR7v1z2wzPiQZuW LdBqOUmO0FCf3rw/oovzDN+zDkdlhNeSoLVHWVPPtX4oLPl9tHKV/2MF9q27SNtlqkvG dKG0hMcrfozemHwDyTd5jgw1Vrfpn34DuWZH1eI0yQ5JUkIjXFHUJLUM1LnmHgFM12Pq P+lXAvkgHspOLBaoXaJ1dYJJHKhIlFONn5Dn0XrEdq4LRCp30cOdUFlgGOTk+kdq+JdN zAYaA6FmP/cPWZS8E9vbklHYO4bpHds9lQEKO8vPoos8YFn9K0smvp88YnkSeZKFwTjQ uqSg== X-Gm-Message-State: ALoCoQnku59sqYdkq+0tgYtkYyN2h2MDVFxKq32PbArg6tjV/7qlQE67O29IUq6g+LPg4/P1R4mL X-Received: by 10.55.25.141 with SMTP id 13mr12742739qkz.105.1444924145818; Thu, 15 Oct 2015 08:49:05 -0700 (PDT) Received: from mutt-hardenedbsd ([63.88.83.104]) by smtp.gmail.com with ESMTPSA id q32sm5711120qkq.1.2015.10.15.08.49.04 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 15 Oct 2015 08:49:05 -0700 (PDT) Date: Thu, 15 Oct 2015 11:49:02 -0400 From: Shawn Webb To: Andriy Gapon Cc: Alexander Motin , src-committers@FreeBSD.org, svn-src-all@FreeBSD.org, svn-src-vendor@FreeBSD.org Subject: Re: svn commit: r289310 - vendor-sys/illumos/dist/common/zfs vendor-sys/illumos/dist/uts/common vendor-sys/illumos/dist/uts/common/crypto vendor-sys/illumos/dist/uts/common/crypto/io vendor-sys/illumos... Message-ID: <20151015154853.GA60326@mutt-hardenedbsd> References: <201510141112.t9EBClT3022215@repo.freebsd.org> <561FC3EC.7020706@FreeBSD.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="envbJBWh7q8WU6mo" Content-Disposition: inline In-Reply-To: <561FC3EC.7020706@FreeBSD.org> X-Operating-System: FreeBSD mutt-hardenedbsd 11.0-CURRENT-HBSD FreeBSD 11.0-CURRENT-HBSD X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0x6A84658F52456EEE User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Oct 2015 15:49:13 -0000 --envbJBWh7q8WU6mo Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Oct 15, 2015 at 05:19:08PM +0200, Andriy Gapon wrote: > On 14/10/2015 13:12, Alexander Motin wrote: > > Author: mav > > Date: Wed Oct 14 11:12:47 2015 > > New Revision: 289310 > > URL: https://svnweb.freebsd.org/changeset/base/289310 > >=20 > > Log: > > 4185 add new cryptographic checksums to ZFS: SHA-512, Skein, Edon-R >=20 > Thank you very much for importing this complex commit. > I have one question below. >=20 > > Reviewed by: George Wilson > > Reviewed by: Prakash Surya > > Reviewed by: Saso Kiselkov > > Reviewed by: Richard Lowe > > Approved by: Garrett D'Amore > > Author: Matthew Ahrens > > =20 > > illumos/illumos-gate@45818ee124adeaaf947698996b4f4c722afc6d1f > >=20 > > Added: > > vendor-sys/illumos/dist/uts/common/crypto/ > > vendor-sys/illumos/dist/uts/common/crypto/io/ > > vendor-sys/illumos/dist/uts/common/crypto/io/edonr_mod.c (contents,= props changed) > > vendor-sys/illumos/dist/uts/common/crypto/io/skein_mod.c (contents,= props changed) >=20 > Do we actually need these two file in the vendor area? > They look like illumos crypto drivers to me, so I think that it is > unlikely that we will have a use for them. Or do you have some big > plans about that? :-) =46rom a securitiy engineering perspective, it would be extremely nice to be able to use these additional hashing algorithms from elsewhere. Would it be possible to genericize them and integrate the ZFS support with that? HardenedBSD has a feature called Integriforce, which allows us to validate executables against a pre-computed list of hashes loaded into the kernel. It'd be extremely nice to add support for these other hashing algorithms. Thanks, --=20 Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --envbJBWh7q8WU6mo Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWH8rjAAoJEGqEZY9SRW7uIcEP/R8+znW/japTaYM6m74NizEJ tJAQ1HeewOtiI4ujQU+fGs8WkEyQNIa/hPI3IUOVBNKZDp31L3cHZnr6Eeo1UWHM pZUjIv1SzYHL1RhXVqNPWIruL8IoidOaYk/aftifMb/2nqhBfkEpOutPGwWx42UB 2s/ZaUtVzL/Ulq5mudxm3uZJtcIxlUP+tjTlWAm+62I4DxiH0PCEWzSNa/4JIjua g7YIp3u6fIZyMB0CPAoQsGFbudXAA55ETcPaAoSmc1+tCLAr2Dd8JWyW5pkBVeCm tiQSybyBZQK4h/ti/ei8EODi9Q5Rb18SRjgVzfHknP9/rBRzgo9fsLtgGlGFSc7N k1JEF9HMsZ85MIE2H+sqmKF7l/s8pg4rSqMQ6gzDWyzeYEkjoHhY8/krI4SLJJ1x afAIuHChqiBCEy04+w4Z8CQ1SXGrziKhD//akF+/WPJ0N5G8uPTMLNzDqd/XUYJI cKC34i4/625Fq51Aaf/olvoI+GUHQ0zGbawTEtafo3tFNcao4MNxS8hQPef3DIov jG0aaU7thVC2wYX0nQ/3SLTpLSW0zp1yYMgVv8jT+QN8nMk9gwbp/PsNnS2qYv5a hW8Qo8Ra+aoYN8h3Ym9dQVpd5Ga7nMRDvGs/uY2HPmbl0oemGLiOQBvVbk36MYth CKicxOBdalhE4wM7qzRy =o8so -----END PGP SIGNATURE----- --envbJBWh7q8WU6mo--