On Thu, Oct 15, 2015 at 05:19:08PM +0200, Andriy Gapon wrote: > On 14/10/2015 13:12, Alexander Motin wrote: > > Author: mav > > Date: Wed Oct 14 11:12:47 2015 > > New Revision: 289310 > > URL: https://svnweb.freebsd.org/changeset/base/289310 > > > > Log: > > 4185 add new cryptographic checksums to ZFS: SHA-512, Skein, Edon-R > > Thank you very much for importing this complex commit. > I have one question below. > > > Reviewed by: George Wilson <george.wil...@delphix.com> > > Reviewed by: Prakash Surya <prakash.su...@delphix.com> > > Reviewed by: Saso Kiselkov <saso.kisel...@nexenta.com> > > Reviewed by: Richard Lowe <richl...@richlowe.net> > > Approved by: Garrett D'Amore <garr...@damore.org> > > Author: Matthew Ahrens <mahr...@delphix.com> > > > > illumos/illumos-gate@45818ee124adeaaf947698996b4f4c722afc6d1f > > > > Added: > > vendor-sys/illumos/dist/uts/common/crypto/ > > vendor-sys/illumos/dist/uts/common/crypto/io/ > > vendor-sys/illumos/dist/uts/common/crypto/io/edonr_mod.c (contents, > > props changed) > > vendor-sys/illumos/dist/uts/common/crypto/io/skein_mod.c (contents, > > props changed) > > Do we actually need these two file in the vendor area? > They look like illumos crypto drivers to me, so I think that it is > unlikely that we will have a use for them. Or do you have some big > plans about that? :-)
From a securitiy engineering perspective, it would be extremely nice to be able to use these additional hashing algorithms from elsewhere. Would it be possible to genericize them and integrate the ZFS support with that? HardenedBSD has a feature called Integriforce, which allows us to validate executables against a pre-computed list of hashes loaded into the kernel. It'd be extremely nice to add support for these other hashing algorithms. Thanks, -- Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
pgpcBuNS7uJTp.pgp
Description: PGP signature
