1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
24 */
25
26 /*
27 * Core KCF (Kernel Cryptographic Framework). This file implements
28 * the loadable module entry points and module verification routines.
29 */
30
31 #include <sys/systm.h>
32 #include <sys/cmn_err.h>
33 #include <sys/ddi.h>
34 #include <sys/sunddi.h>
35 #include <sys/modctl.h>
36 #include <sys/errno.h>
37 #include <sys/rwlock.h>
38 #include <sys/kmem.h>
39 #include <sys/door.h>
40 #include <sys/kobj.h>
41
42 #include <sys/crypto/common.h>
43 #include <sys/crypto/api.h>
44 #include <sys/crypto/spi.h>
45 #include <sys/crypto/impl.h>
46 #include <sys/crypto/sched_impl.h>
47 #include <sys/crypto/elfsign.h>
48 #include <sys/crypto/ioctladmin.h>
49
50 #ifdef DEBUG
51 int kcf_frmwrk_debug = 0;
52
53 #define KCF_FRMWRK_DEBUG(l, x) if (kcf_frmwrk_debug >= l) printf x
54 #else /* DEBUG */
55 #define KCF_FRMWRK_DEBUG(l, x)
56 #endif /* DEBUG */
57
58 /*
59 * Door to make upcalls to kcfd. kcfd will send us this
60 * handle when it is coming up.
61 */
62 kmutex_t kcf_dh_lock;
63 door_handle_t kcf_dh = NULL;
64
65 /* Setup FIPS 140 support variables */
66 uint32_t global_fips140_mode = FIPS140_MODE_UNSET;
67 kmutex_t fips140_mode_lock;
68 kcondvar_t cv_fips140;
69
70 /*
71 * Kernel FIPS140 boundary module list
72 * NOTE: "swrand" must be the last entry. FIPS 140 shutdown functions stop
73 * before getting to swrand as it is used for non-FIPS 140
74 * operations to. The FIPS 140 random API separately controls access.
75 */
76 #define FIPS140_MODULES_MAX 7
77 static char *fips140_module_list[FIPS140_MODULES_MAX] = {
78 "aes", "des", "ecc", "sha1", "sha2", "rsa", "swrand"
79 };
80
81 static struct modlmisc modlmisc = {
82 &mod_miscops, "Kernel Crypto Framework"
83 };
84
85 static struct modlinkage modlinkage = {
86 MODREV_1, (void *)&modlmisc, NULL
87 };
88
89 static int rngtimer_started;
90 extern int sys_shutdown;
91
92 int
_init()93 _init()
94 {
95 mutex_init(&fips140_mode_lock, NULL, MUTEX_DEFAULT, NULL);
96 cv_init(&cv_fips140, NULL, CV_DEFAULT, NULL);
97
98 /* initialize the mechanisms tables supported out-of-the-box */
99 kcf_init_mech_tabs();
100
101 /* initialize the providers tables */
102 kcf_prov_tab_init();
103
104 /* initialize the policy table */
105 kcf_policy_tab_init();
106
107 /* initialize soft_config_list */
108 kcf_soft_config_init();
109
110 /*
111 * Initialize scheduling structures. Note that this does NOT
112 * start any threads since it might not be safe to do so.
113 */
114 kcf_sched_init();
115
116 /* initialize the RNG support structures */
117 rngtimer_started = 0;
118 kcf_rnd_init();
119
120 return (mod_install(&modlinkage));
121 }
122
123 int
_info(struct modinfo * modinfop)124 _info(struct modinfo *modinfop)
125 {
126 return (mod_info(&modlinkage, modinfop));
127 }
128
129 /*
130 * We do not allow kcf to unload.
131 */
132 int
_fini(void)133 _fini(void)
134 {
135 return (EBUSY);
136 }
137
138
139 /* Returns the value of global_fips140_mode */
140 int
kcf_get_fips140_mode(void)141 kcf_get_fips140_mode(void)
142 {
143 return (global_fips140_mode);
144 }
145
146 /*
147 * If FIPS 140 has failed its tests. The providers must be disabled from the
148 * framework.
149 */
150 void
kcf_fips140_shutdown()151 kcf_fips140_shutdown()
152 {
153 kcf_provider_desc_t *pd;
154 int i;
155
156 cmn_err(CE_WARN,
157 "Shutting down FIPS 140 boundary as verification failed.");
158
159 /* Disable FIPS 140 modules, but leave swrand alone */
160 for (i = 0; i < (FIPS140_MODULES_MAX - 1); i++) {
161 /*
162 * Remove the predefined entries from the soft_config_list
163 * so the framework does not report the providers.
164 */
165 remove_soft_config(fips140_module_list[i]);
166
167 pd = kcf_prov_tab_lookup_by_name(fips140_module_list[i]);
168 if (pd == NULL)
169 continue;
170
171 /* Allow the unneeded providers to be unloaded */
172 pd->pd_mctlp->mod_loadflags &= ~(MOD_NOAUTOUNLOAD);
173
174 /* Invalidate the FIPS 140 providers */
175 mutex_enter(&pd->pd_lock);
176 pd->pd_state = KCF_PROV_VERIFICATION_FAILED;
177 mutex_exit(&pd->pd_lock);
178 KCF_PROV_REFRELE(pd);
179 undo_register_provider(pd, B_FALSE);
180
181 }
182 }
183
184 /*
185 * Activates the kernel providers
186 *
187 * If we are getting ready to enable FIPS 140 mode, then all providers should
188 * be loaded and ready.
189 *
190 * If FIPS 140 is disabled, then we can skip any errors because some crypto
191 * modules may not have been loaded.
192 */
193 void
kcf_activate()194 kcf_activate()
195 {
196 kcf_provider_desc_t *pd;
197 int i;
198
199 for (i = 0; i < (FIPS140_MODULES_MAX - 1); i++) {
200 pd = kcf_prov_tab_lookup_by_name(fips140_module_list[i]);
201 if (pd == NULL) {
202 if (global_fips140_mode == FIPS140_MODE_DISABLED)
203 continue;
204
205 /* There should never be a NULL value in FIPS 140 */
206 cmn_err(CE_WARN, "FIPS 140 activation: %s not in "
207 "kernel provider table", fips140_module_list[i]);
208 kcf_fips140_shutdown();
209 break;
210 }
211
212 /*
213 * Change the provider state so the verification functions
214 * can signature verify, if necessary, and ready it.
215 */
216 if (pd->pd_state == KCF_PROV_UNVERIFIED_FIPS140) {
217 mutex_enter(&pd->pd_lock);
218 pd->pd_state = KCF_PROV_UNVERIFIED;
219 mutex_exit(&pd->pd_lock);
220 }
221
222 KCF_PROV_REFRELE(pd);
223 }
224
225 /* If we are not in FIPS 140 mode, then exit */
226 if (global_fips140_mode == FIPS140_MODE_DISABLED)
227 return;
228
229 /* If we in the process of validating FIPS 140, enable it */
230 mutex_enter(&fips140_mode_lock);
231 global_fips140_mode = FIPS140_MODE_ENABLED;
232 cv_signal(&cv_fips140);
233 mutex_exit(&fips140_mode_lock);
234 cmn_err(CE_CONT, "?FIPS 140 enabled. Boundary check complete.");
235
236 verify_unverified_providers();
237 }
238
239
240 /*
241 * Perform a door call to kcfd to have it check the integrity of the
242 * kernel boundary. Failure of the boundary will cause a FIPS 140
243 * configuration to fail
244 */
245 int
kcf_fips140_integrity_check()246 kcf_fips140_integrity_check()
247 {
248 door_arg_t darg;
249 door_handle_t ldh;
250 kcf_door_arg_t *kda = { 0 }, *rkda = NULL;
251 int ret = 0;
252
253 KCF_FRMWRK_DEBUG(1, ("Starting IC check"));
254
255 mutex_enter(&kcf_dh_lock);
256 if (kcf_dh == NULL) {
257 mutex_exit(&kcf_dh_lock);
258 cmn_err(CE_WARN, "FIPS 140 Integrity Check failed, Door not "
259 "available\n");
260 return (1);
261 }
262
263 ldh = kcf_dh;
264 door_ki_hold(ldh);
265 mutex_exit(&kcf_dh_lock);
266
267 kda = kmem_alloc(sizeof (kcf_door_arg_t), KM_SLEEP);
268 kda->da_version = KCFD_FIPS140_INTCHECK;
269 kda->da_iskernel = B_TRUE;
270
271 darg.data_ptr = (char *)kda;
272 darg.data_size = sizeof (kcf_door_arg_t);
273 darg.desc_ptr = NULL;
274 darg.desc_num = 0;
275 darg.rbuf = (char *)kda;
276 darg.rsize = sizeof (kcf_door_arg_t);
277
278 ret = door_ki_upcall_limited(ldh, &darg, NULL, SIZE_MAX, 0);
279 if (ret != 0) {
280 ret = 1;
281 goto exit;
282 }
283
284 KCF_FRMWRK_DEBUG(1, ("Integrity Check door returned = %d\n", ret));
285
286 rkda = (kcf_door_arg_t *)(void *)darg.rbuf;
287 if (rkda->da_u.result.status != ELFSIGN_SUCCESS) {
288 ret = 1;
289 KCF_FRMWRK_DEBUG(1, ("Integrity Check failed = %d\n",
290 rkda->da_u.result.status));
291 goto exit;
292 }
293
294 KCF_FRMWRK_DEBUG(1, ("Integrity Check succeeds.\n"));
295
296 exit:
297 if ((rkda != NULL) && (rkda != kda))
298 kmem_free(rkda, darg.rsize);
299
300 kmem_free(kda, sizeof (kcf_door_arg_t));
301 door_ki_rele(ldh);
302 if (ret)
303 cmn_err(CE_WARN, "FIPS 140 Integrity Check failed.\n");
304 return (ret);
305 }
306
307 /*
308 * If FIPS 140 is configured to be enabled, before it can be turned on, the
309 * providers must run their Power On Self Test (POST) and we must wait to sure
310 * userland has performed its validation tests.
311 */
312 void
kcf_fips140_validate()313 kcf_fips140_validate()
314 {
315 kcf_provider_desc_t *pd;
316 kthread_t *post_thr;
317 int post_rv[FIPS140_MODULES_MAX];
318 kt_did_t post_t_did[FIPS140_MODULES_MAX];
319 int ret = 0;
320 int i;
321
322 /*
323 * Run POST tests for FIPS 140 modules, if they aren't loaded, load them
324 */
325 for (i = 0; i < FIPS140_MODULES_MAX; i++) {
326 pd = kcf_prov_tab_lookup_by_name(fips140_module_list[i]);
327 if (pd == NULL) {
328 /* If the module isn't loaded, load it */
329 ret = modload("crypto", fips140_module_list[i]);
330 if (ret == -1) {
331 cmn_err(CE_WARN, "FIPS 140 validation failed: "
332 "error modloading module %s.",
333 fips140_module_list[i]);
334 goto error;
335 }
336
337 /* Try again to get provider desc */
338 pd = kcf_prov_tab_lookup_by_name(
339 fips140_module_list[i]);
340 if (pd == NULL) {
341 cmn_err(CE_WARN, "FIPS 140 validation failed: "
342 "Could not find module %s.",
343 fips140_module_list[i]);
344 goto error;
345 }
346 }
347
348 /* Make sure there are FIPS 140 entry points */
349 if (KCF_PROV_FIPS140_OPS(pd) == NULL) {
350 cmn_err(CE_WARN, "FIPS 140 validation failed: "
351 "No POST function entry point in %s.",
352 fips140_module_list[i]);
353 goto error;
354 }
355
356 /* Make sure the module is not unloaded */
357 pd->pd_mctlp->mod_loadflags |= MOD_NOAUTOUNLOAD;
358
359 /*
360 * With the FIPS 140 POST function provided by the module in
361 * SPI v4, start a thread to run the function.
362 */
363 post_rv[i] = CRYPTO_OPERATION_NOT_INITIALIZED;
364 post_thr = thread_create(NULL, 0,
365 (*(KCF_PROV_FIPS140_OPS(pd)->fips140_post)), &post_rv[i],
366 0, &p0, TS_RUN, MAXCLSYSPRI);
367 post_t_did[i] = post_thr->t_did;
368 KCF_FRMWRK_DEBUG(1, ("kcf_fips140_validate: started POST "
369 "for %s\n", fips140_module_list[i]));
370 KCF_PROV_REFRELE(pd);
371 }
372
373 /* Do integrity check of kernel boundary */
374 ret = kcf_fips140_integrity_check();
375 if (ret == 1)
376 goto error;
377
378 /* Wait for POST threads to come back and verify results */
379 for (i = 0; i < FIPS140_MODULES_MAX; i++) {
380 /* If the POST has already returned a success, we can move on */
381 if (post_rv[i] == CRYPTO_SUCCESS)
382 continue;
383
384 /* POST test is taking more time, need to wait for thread */
385 if (post_rv[i] == CRYPTO_OPERATION_NOT_INITIALIZED &&
386 post_t_did[i] != NULL)
387 thread_join(post_t_did[i]);
388
389 if (post_rv[i] != CRYPTO_SUCCESS) {
390 cmn_err(CE_WARN, "FIPS 140 POST failed for %s. "
391 "Error = 0x%x", fips140_module_list[i], post_rv[i]);
392 goto error;
393 }
394 }
395
396 kcf_activate();
397 return;
398
399 error:
400 mutex_enter(&fips140_mode_lock);
401 global_fips140_mode = FIPS140_MODE_SHUTDOWN;
402 kcf_fips140_shutdown();
403 cv_signal(&cv_fips140);
404 mutex_exit(&fips140_mode_lock);
405
406 }
407
408
409 /*
410 * Return a pointer to the modctl structure of the
411 * provider's module.
412 */
413 struct modctl *
kcf_get_modctl(crypto_provider_info_t * pinfo)414 kcf_get_modctl(crypto_provider_info_t *pinfo)
415 {
416 struct modctl *mctlp;
417
418 /* Get the modctl struct for this module */
419 if (pinfo->pi_provider_type == CRYPTO_SW_PROVIDER)
420 mctlp = mod_getctl(pinfo->pi_provider_dev.pd_sw);
421 else {
422 major_t major;
423 char *drvmod;
424
425 if ((major = ddi_driver_major(pinfo->pi_provider_dev.pd_hw))
426 != DDI_MAJOR_T_NONE) {
427 drvmod = ddi_major_to_name(major);
428 mctlp = mod_find_by_filename("drv", drvmod);
429 } else
430 return (NULL);
431 }
432
433 return (mctlp);
434 }
435
436 /* Check if this provider requires to be verified. */
437 int
verifiable_provider(crypto_ops_t * prov_ops)438 verifiable_provider(crypto_ops_t *prov_ops)
439 {
440
441 if (prov_ops->co_cipher_ops == NULL && prov_ops->co_dual_ops == NULL &&
442 prov_ops->co_dual_cipher_mac_ops == NULL &&
443 prov_ops->co_key_ops == NULL && prov_ops->co_sign_ops == NULL &&
444 prov_ops->co_verify_ops == NULL)
445 return (0);
446
447 return (1);
448 }
449
450 /*
451 * With a given provider being registered, this looks through the FIPS 140
452 * modules list and returns a 1 if it's part of the FIPS 140 boundary and
453 * the framework registration must be delayed until we know the FIPS 140 mode
454 * status. A zero mean the provider does not need to wait for the FIPS 140
455 * boundary.
456 *
457 * If the provider in the boundary only provides random (like swrand), we
458 * can let it register as the random API will block operations.
459 */
460 int
kcf_need_fips140_verification(kcf_provider_desc_t * pd)461 kcf_need_fips140_verification(kcf_provider_desc_t *pd)
462 {
463 int i, ret = 0;
464
465 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER)
466 return (0);
467
468 mutex_enter(&fips140_mode_lock);
469
470 if (global_fips140_mode >= FIPS140_MODE_ENABLED)
471 goto exit;
472
473 for (i = 0; i < FIPS140_MODULES_MAX; i++) {
474 if (strcmp(fips140_module_list[i], pd->pd_name) != 0)
475 continue;
476
477 /* If this module is only random, we can let it register */
478 if (KCF_PROV_RANDOM_OPS(pd) &&
479 !verifiable_provider(pd->pd_ops_vector))
480 break;
481
482 if (global_fips140_mode == FIPS140_MODE_SHUTDOWN) {
483 ret = -1;
484 break;
485 }
486
487 ret = 1;
488 break;
489 }
490
491 exit:
492 mutex_exit(&fips140_mode_lock);
493 return (ret);
494 }
495
496
497 /*
498 * Check if signature verification is needed for a provider.
499 *
500 * Returns 0, if no verification is needed. Returns 1, if
501 * verification is needed. Returns -1, if there is an
502 * error.
503 */
504 int
kcf_need_signature_verification(kcf_provider_desc_t * pd)505 kcf_need_signature_verification(kcf_provider_desc_t *pd)
506 {
507 struct module *mp;
508 struct modctl *mctlp = pd->pd_mctlp;
509
510 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER)
511 return (0);
512
513 if (mctlp == NULL || mctlp->mod_mp == NULL)
514 return (-1);
515
516 mp = (struct module *)mctlp->mod_mp;
517
518 /*
519 * Check if we need to verify this provider signature and if so,
520 * make sure it has a signature section.
521 */
522 if (verifiable_provider(pd->pd_ops_vector) == 0)
523 return (0);
524
525 /* See if this module has its required signature section. */
526 if (mp->sigdata == NULL)
527 return (-1);
528
529 return (1);
530 }
531
532 /*
533 * Do the signature verification on the given module. This function can
534 * be called from user context or kernel context.
535 *
536 * We call kcfd with the full pathname of the module to be
537 * verified. kcfd will return success/fail, signature length
538 * and the actual signature in the ELF section of the module. If
539 * kcfd returns success, we compare the signature and the length
540 * with the values that krtld stored in the module structure. We
541 * log an error message in case of a failure.
542 *
543 * The provider state is changed to KCF_PROV_READY on success.
544 */
545 void
kcf_verify_signature(void * arg)546 kcf_verify_signature(void *arg)
547 {
548 int rv;
549 int error = CRYPTO_MODVERIFICATION_FAILED;
550 door_arg_t darg;
551 door_handle_t ldh;
552 kcf_door_arg_t *kda;
553 char *filename;
554 kcf_provider_desc_t *pd = arg;
555 struct module *mp;
556 boolean_t do_notify = B_FALSE;
557 boolean_t modhold_done = B_FALSE;
558 struct modctl *mctlp = pd->pd_mctlp;
559
560 ASSERT(pd->pd_prov_type != CRYPTO_LOGICAL_PROVIDER);
561 ASSERT(mctlp != NULL);
562
563 /*
564 * Because of FIPS 140 delays module loading, we may be running through
565 * this code with a non-crypto signed module; therefore, another
566 * check is necessary
567 */
568 if (verifiable_provider(pd->pd_ops_vector) == 0) {
569 error = 0;
570 goto setverify;
571 }
572
573 for (;;) {
574 mutex_enter(&pd->pd_lock);
575 /* No need to do verification */
576 if (pd->pd_state != KCF_PROV_UNVERIFIED) {
577 mutex_exit(&pd->pd_lock);
578 goto out;
579 }
580 mutex_exit(&pd->pd_lock);
581
582 mutex_enter(&mod_lock);
583 if (mctlp->mod_mp == NULL) {
584 mutex_exit(&mod_lock);
585 goto out;
586 }
587
588 /*
589 * This check is needed since a software provider can call
590 * us directly from the _init->crypto_register_provider path.
591 */
592 if (pd->pd_prov_type == CRYPTO_SW_PROVIDER &&
593 mctlp->mod_inprogress_thread == curthread) {
594 mutex_exit(&mod_lock);
595 modhold_done = B_FALSE;
596 break;
597 }
598
599 /*
600 * We could be in a race with the register thread or
601 * the unregister thread. So, retry if register or
602 * unregister is in progress. Note that we can't do
603 * mod_hold_by_modctl without this check since that
604 * could result in a deadlock with the other threads.
605 */
606 if (mctlp->mod_busy) {
607 mutex_exit(&mod_lock);
608 /* delay for 10ms and try again */
609 delay(drv_usectohz(10000));
610 continue;
611 }
612
613 (void) mod_hold_by_modctl(mctlp,
614 MOD_WAIT_FOREVER | MOD_LOCK_HELD);
615 mutex_exit(&mod_lock);
616 modhold_done = B_TRUE;
617 break;
618 }
619
620 /*
621 * Check if the door is set up yet. This will be set when kcfd
622 * comes up. If not, we return and leave the provider state unchanged
623 * at KCF_PROV_UNVERIFIED. This will trigger the verification of
624 * the module later when kcfd is up. This is safe as we NEVER use
625 * a provider that has not been verified yet.
626 */
627 mutex_enter(&kcf_dh_lock);
628 if (kcf_dh == NULL) {
629 mutex_exit(&kcf_dh_lock);
630 goto out;
631 }
632
633 ldh = kcf_dh;
634 door_ki_hold(ldh);
635 mutex_exit(&kcf_dh_lock);
636
637 mp = (struct module *)mctlp->mod_mp;
638 filename = mp->filename;
639 KCF_FRMWRK_DEBUG(2, ("Verifying module: %s\n", filename));
640
641 kda = kmem_alloc(sizeof (kcf_door_arg_t) + mp->sigsize, KM_SLEEP);
642 kda->da_version = KCF_KCFD_VERSION1;
643 kda->da_iskernel = B_TRUE;
644 bcopy(filename, kda->da_u.filename, strlen(filename) + 1);
645
646 darg.data_ptr = (char *)kda;
647 darg.data_size = sizeof (kcf_door_arg_t) + mp->sigsize;
648 darg.desc_ptr = NULL;
649 darg.desc_num = 0;
650 darg.rbuf = (char *)kda;
651 darg.rsize = sizeof (kcf_door_arg_t);
652
653 /*
654 * Make door upcall. door_ki_upcall() checks for validity of the handle.
655 */
656 rv = door_ki_upcall_limited(ldh, &darg, NULL, SIZE_MAX, 0);
657
658 if (rv == 0) {
659 kcf_door_arg_t *rkda = (kcf_door_arg_t *)(void *)darg.rbuf;
660
661 KCF_FRMWRK_DEBUG(2,
662 ("passed: %d\n", rkda->da_u.result.status));
663 KCF_FRMWRK_DEBUG(2,
664 ("signature length: %d\n", rkda->da_u.result.siglen));
665 KCF_FRMWRK_DEBUG(2,
666 ("signature: %p\n", (void*)rkda->da_u.result.signature));
667
668
669 /* Check kcfd result and compare against module struct fields */
670 if ((rkda->da_u.result.status != ELFSIGN_SUCCESS) ||
671 !(rkda->da_u.result.siglen == mp->sigsize) ||
672 (bcmp(rkda->da_u.result.signature, mp->sigdata,
673 mp->sigsize))) {
674 cmn_err(CE_WARN, "Module verification failed for %s.",
675 filename);
676 } else {
677 error = 0;
678 }
679
680 if (rkda != kda)
681 kmem_free(rkda, darg.rsize);
682
683 } else if (sys_shutdown == 0) {
684 cmn_err(CE_WARN, "Unable to use door to kcfd during module "
685 "verification of %s. (errno: 0x%x)", filename, rv);
686 }
687
688 kmem_free(kda, sizeof (kcf_door_arg_t) + mp->sigsize);
689 door_ki_rele(ldh);
690
691 setverify:
692 mutex_enter(&pd->pd_lock);
693 /* change state only if the original state is unchanged */
694 if (pd->pd_state == KCF_PROV_UNVERIFIED) {
695 if (error == 0) {
696 pd->pd_state = KCF_PROV_READY;
697 do_notify = B_TRUE;
698 } else {
699 pd->pd_state = KCF_PROV_VERIFICATION_FAILED;
700 }
701 }
702 mutex_exit(&pd->pd_lock);
703
704 if (do_notify) {
705 /* Dispatch events for this new provider */
706 kcf_do_notify(pd, B_TRUE);
707 }
708
709 out:
710 if (modhold_done)
711 mod_release_mod(mctlp);
712 KCF_PROV_REFRELE(pd);
713 }
714
715 /* called from the CRYPTO_LOAD_DOOR ioctl */
716 int
crypto_load_door(uint_t did)717 crypto_load_door(uint_t did)
718 {
719 door_handle_t dh;
720
721 mutex_enter(&kcf_dh_lock);
722 dh = door_ki_lookup(did);
723 if (dh != NULL)
724 kcf_dh = dh;
725 mutex_exit(&kcf_dh_lock);
726
727 verify_unverified_providers();
728
729 /* Start the timeout handler to get random numbers */
730 if (rngtimer_started == 0) {
731 kcf_rnd_schedule_timeout(B_TRUE);
732 rngtimer_started = 1;
733 }
734 return (0);
735 }
736