[illumos-Developer] webrev: removal of closed kcfd

Sriram Narayanan sriram at belenix.org
Wed Sep 8 01:01:51 PDT 2010


Wow :)

-- Sriram

On 9/8/10, Garrett D'Amore <garrett at nexenta.com> wrote:
> Ok, I've integrated all of richlowes suggestions, plus I've removed
> nightly's use of the crypto tarball (verified!), and cleaned up a bunch
> more FIPS 140 stale/dead code.  The end result is a lot more code
> deleted.
>
> The new webrev is
>
>  http://http://mexico.purplecow.org/gdamore/webrev/nofips/
>
> Notes:
>
> * FIPS 140-2 support is totally gone.
>
> * the FIPS entry points in crypto ops are left in place, for
> compatibility
>
> * elfsign support remains in place in nightly, but is not used.
>
> * kcfpoold runs in the SYS class, and so cannot be priocntl'd or
> pbind'ed.  Fixing this is potentially a low priority tasks, but
> admittedly I'm less confident about using FX or TS for a process with
> out at least *some* presence in userland.  So I'd like to defer until
> someone complains if possible.  This only affects crypto run *from the
> kernel.*
>
> * I've not tested any of this on SPARC yet.  I'd like willing
> volunteers, especially folks with hardware crypto like dca.
>
> Thanks.
>
> 	- Garrett
>
>
> _______________________________________________
> Developer mailing list
> Developer at lists.illumos.org
> http://lists.illumos.org/m/listinfo/developer
>

-- 
Sent from my mobile device

Belenix: www.belenix.org



More information about the Developer mailing list