[illumos-Developer] webrev: removal of closed kcfd
Garrett D'Amore
garrett at nexenta.com
Wed Sep 8 00:25:38 PDT 2010
Ok, I've integrated all of richlowes suggestions, plus I've removed
nightly's use of the crypto tarball (verified!), and cleaned up a bunch
more FIPS 140 stale/dead code. The end result is a lot more code
deleted.
The new webrev is
http://http://mexico.purplecow.org/gdamore/webrev/nofips/
Notes:
* FIPS 140-2 support is totally gone.
* the FIPS entry points in crypto ops are left in place, for
compatibility
* elfsign support remains in place in nightly, but is not used.
* kcfpoold runs in the SYS class, and so cannot be priocntl'd or
pbind'ed. Fixing this is potentially a low priority tasks, but
admittedly I'm less confident about using FX or TS for a process with
out at least *some* presence in userland. So I'd like to defer until
someone complains if possible. This only affects crypto run *from the
kernel.*
* I've not tested any of this on SPARC yet. I'd like willing
volunteers, especially folks with hardware crypto like dca.
Thanks.
- Garrett
More information about the Developer
mailing list