1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 /* 27 * Core KCF (Kernel Cryptographic Framework). This file implements 28 * the loadable module entry points and module verification routines. 29 */ 30 31 #include <sys/systm.h> 32 #include <sys/cmn_err.h> 33 #include <sys/ddi.h> 34 #include <sys/sunddi.h> 35 #include <sys/modctl.h> 36 #include <sys/errno.h> 37 #include <sys/rwlock.h> 38 #include <sys/kmem.h> 39 #include <sys/door.h> 40 #include <sys/kobj.h> 41 42 #include <sys/crypto/common.h> 43 #include <sys/crypto/api.h> 44 #include <sys/crypto/spi.h> 45 #include <sys/crypto/impl.h> 46 #include <sys/crypto/sched_impl.h> 47 #include <sys/crypto/elfsign.h> 48 #include <sys/crypto/ioctladmin.h> 49 50 #ifdef DEBUG 51 int kcf_frmwrk_debug = 0; 52 53 #define KCF_FRMWRK_DEBUG(l, x) if (kcf_frmwrk_debug >= l) printf x 54 #else /* DEBUG */ 55 #define KCF_FRMWRK_DEBUG(l, x) 56 #endif /* DEBUG */ 57 58 /* 59 * Door to make upcalls to kcfd. kcfd will send us this 60 * handle when it is coming up. 61 */ 62 kmutex_t kcf_dh_lock; 63 door_handle_t kcf_dh = NULL; 64 65 /* Setup FIPS 140 support variables */ 66 uint32_t global_fips140_mode = FIPS140_MODE_UNSET; 67 kmutex_t fips140_mode_lock; 68 kcondvar_t cv_fips140; 69 70 /* 71 * Kernel FIPS140 boundary module list 72 * NOTE: "swrand" must be the last entry. FIPS 140 shutdown functions stop 73 * before getting to swrand as it is used for non-FIPS 140 74 * operations to. The FIPS 140 random API separately controls access. 75 */ 76 #define FIPS140_MODULES_MAX 7 77 static char *fips140_module_list[FIPS140_MODULES_MAX] = { 78 "aes", "des", "ecc", "sha1", "sha2", "rsa", "swrand" 79 }; 80 81 static struct modlmisc modlmisc = { 82 &mod_miscops, "Kernel Crypto Framework" 83 }; 84 85 static struct modlinkage modlinkage = { 86 MODREV_1, (void *)&modlmisc, NULL 87 }; 88 89 static int rngtimer_started; 90 91 int 92 _init() 93 { 94 mutex_init(&fips140_mode_lock, NULL, MUTEX_DEFAULT, NULL); 95 cv_init(&cv_fips140, NULL, CV_DEFAULT, NULL); 96 97 /* initialize the mechanisms tables supported out-of-the-box */ 98 kcf_init_mech_tabs(); 99 100 /* initialize the providers tables */ 101 kcf_prov_tab_init(); 102 103 /* initialize the policy table */ 104 kcf_policy_tab_init(); 105 106 /* initialize soft_config_list */ 107 kcf_soft_config_init(); 108 109 /* 110 * Initialize scheduling structures. Note that this does NOT 111 * start any threads since it might not be safe to do so. 112 */ 113 kcf_sched_init(); 114 115 /* initialize the RNG support structures */ 116 rngtimer_started = 0; 117 kcf_rnd_init(); 118 119 return (mod_install(&modlinkage)); 120 } 121 122 int 123 _info(struct modinfo *modinfop) 124 { 125 return (mod_info(&modlinkage, modinfop)); 126 } 127 128 /* 129 * We do not allow kcf to unload. 130 */ 131 int 132 _fini(void) 133 { 134 return (EBUSY); 135 } 136 137 138 /* Returns the value of global_fips140_mode */ 139 int 140 kcf_get_fips140_mode(void) 141 { 142 return (global_fips140_mode); 143 } 144 145 /* 146 * If FIPS 140 has failed its tests. The providers must be disabled from the 147 * framework. 148 */ 149 void 150 kcf_fips140_shutdown() 151 { 152 kcf_provider_desc_t *pd; 153 int i; 154 155 cmn_err(CE_WARN, 156 "Shutting down FIPS 140 boundary as verification failed."); 157 158 /* Disable FIPS 140 modules, but leave swrand alone */ 159 for (i = 0; i < (FIPS140_MODULES_MAX - 1); i++) { 160 /* 161 * Remove the predefined entries from the soft_config_list 162 * so the framework does not report the providers. 163 */ 164 remove_soft_config(fips140_module_list[i]); 165 166 pd = kcf_prov_tab_lookup_by_name(fips140_module_list[i]); 167 if (pd == NULL) 168 continue; 169 170 /* Allow the unneeded providers to be unloaded */ 171 pd->pd_mctlp->mod_loadflags &= ~(MOD_NOAUTOUNLOAD); 172 173 /* Invalidate the FIPS 140 providers */ 174 mutex_enter(&pd->pd_lock); 175 pd->pd_state = KCF_PROV_VERIFICATION_FAILED; 176 mutex_exit(&pd->pd_lock); 177 KCF_PROV_REFRELE(pd); 178 undo_register_provider(pd, B_FALSE); 179 180 } 181 } 182 183 /* 184 * Activates the kernel providers 185 * 186 * If we are getting ready to enable FIPS 140 mode, then all providers should 187 * be loaded and ready. 188 * 189 * If FIPS 140 is disabled, then we can skip any errors because some crypto 190 * modules may not have been loaded. 191 */ 192 void 193 kcf_activate() 194 { 195 kcf_provider_desc_t *pd; 196 int i; 197 198 for (i = 0; i < (FIPS140_MODULES_MAX - 1); i++) { 199 pd = kcf_prov_tab_lookup_by_name(fips140_module_list[i]); 200 if (pd == NULL) { 201 if (global_fips140_mode == FIPS140_MODE_DISABLED) 202 continue; 203 204 /* There should never be a NULL value in FIPS 140 */ 205 cmn_err(CE_WARN, "FIPS 140 activation: %s not in " 206 "kernel provider table", fips140_module_list[i]); 207 kcf_fips140_shutdown(); 208 break; 209 } 210 211 /* 212 * Change the provider state so the verification functions 213 * can signature verify, if necessary, and ready it. 214 */ 215 if (pd->pd_state == KCF_PROV_UNVERIFIED_FIPS140) { 216 mutex_enter(&pd->pd_lock); 217 pd->pd_state = KCF_PROV_UNVERIFIED; 218 mutex_exit(&pd->pd_lock); 219 } 220 221 KCF_PROV_REFRELE(pd); 222 } 223 224 /* If we in the process of validating FIPS 140, enable it */ 225 if (global_fips140_mode != FIPS140_MODE_DISABLED) { 226 mutex_enter(&fips140_mode_lock); 227 global_fips140_mode = FIPS140_MODE_ENABLED; 228 cv_signal(&cv_fips140); 229 mutex_exit(&fips140_mode_lock); 230 } 231 232 verify_unverified_providers(); 233 } 234 235 236 /* 237 * Perform a door call to kcfd to have it check the integrity of the 238 * kernel boundary. Failure of the boundary will cause a FIPS 140 239 * configuration to fail 240 */ 241 int 242 kcf_fips140_integrity_check() 243 { 244 door_arg_t darg; 245 door_handle_t ldh; 246 kcf_door_arg_t *kda = { 0 }, *rkda; 247 int ret = 0; 248 249 KCF_FRMWRK_DEBUG(1, ("Starting IC check")); 250 251 mutex_enter(&kcf_dh_lock); 252 if (kcf_dh == NULL) { 253 mutex_exit(&kcf_dh_lock); 254 cmn_err(CE_WARN, "FIPS 140 Integrity Check failed, Door not " 255 "available\n"); 256 return (1); 257 } 258 259 ldh = kcf_dh; 260 door_ki_hold(ldh); 261 mutex_exit(&kcf_dh_lock); 262 263 kda = kmem_alloc(sizeof (kcf_door_arg_t), KM_SLEEP); 264 kda->da_version = KCFD_FIPS140_INTCHECK; 265 kda->da_iskernel = B_TRUE; 266 267 darg.data_ptr = (char *)kda; 268 darg.data_size = sizeof (kcf_door_arg_t); 269 darg.desc_ptr = NULL; 270 darg.desc_num = 0; 271 darg.rbuf = (char *)kda; 272 darg.rsize = sizeof (kcf_door_arg_t); 273 274 ret = door_ki_upcall_limited(ldh, &darg, NULL, SIZE_MAX, 0); 275 if (ret != 0) { 276 ret = 1; 277 goto exit; 278 } 279 280 KCF_FRMWRK_DEBUG(1, ("Integrity Check door returned = %d\n", ret)); 281 282 rkda = (kcf_door_arg_t *)darg.rbuf; 283 if (rkda->da_u.result.status != ELFSIGN_SUCCESS) { 284 ret = 1; 285 KCF_FRMWRK_DEBUG(1, ("Integrity Check failed = %d\n", 286 rkda->da_u.result.status)); 287 goto exit; 288 } 289 290 KCF_FRMWRK_DEBUG(1, ("Integrity Check succeeds.\n")); 291 292 exit: 293 if (rkda != kda) 294 kmem_free(rkda, darg.rsize); 295 296 kmem_free(kda, sizeof (kcf_door_arg_t)); 297 door_ki_rele(ldh); 298 if (ret) 299 cmn_err(CE_WARN, "FIPS 140 Integrity Check failed.\n"); 300 return (ret); 301 } 302 303 /* 304 * If FIPS 140 is configured to be enabled, before it can be turned on, the 305 * providers must run their Power On Self Test (POST) and we must wait to sure 306 * userland has performed its validation tests. 307 */ 308 void 309 kcf_fips140_validate() 310 { 311 kcf_provider_desc_t *pd; 312 kthread_t *post_thr; 313 int post_rv[FIPS140_MODULES_MAX]; 314 kt_did_t post_t_did[FIPS140_MODULES_MAX]; 315 int ret = 0; 316 int i; 317 318 /* 319 * Run POST tests for FIPS 140 modules, if they aren't loaded, load them 320 */ 321 for (i = 0; i < FIPS140_MODULES_MAX; i++) { 322 pd = kcf_prov_tab_lookup_by_name(fips140_module_list[i]); 323 if (pd == NULL) { 324 /* If the module isn't loaded, load it */ 325 ret = modload("crypto", fips140_module_list[i]); 326 if (ret == -1) { 327 cmn_err(CE_WARN, "FIPS 140 validation failed: " 328 "error modloading module %s.", 329 fips140_module_list[i]); 330 goto error; 331 } 332 333 /* Try again to get provider desc */ 334 pd = kcf_prov_tab_lookup_by_name( 335 fips140_module_list[i]); 336 if (pd == NULL) { 337 cmn_err(CE_WARN, "FIPS 140 validation failed: " 338 "Could not find module %s.", 339 fips140_module_list[i]); 340 goto error; 341 } 342 } 343 344 /* Make sure there are FIPS 140 entry points */ 345 if (KCF_PROV_FIPS140_OPS(pd) == NULL) { 346 cmn_err(CE_WARN, "FIPS 140 validation failed: " 347 "No POST function entry point in %s.", 348 fips140_module_list[i]); 349 goto error; 350 } 351 352 /* Make sure the module is not unloaded */ 353 pd->pd_mctlp->mod_loadflags |= MOD_NOAUTOUNLOAD; 354 355 /* 356 * With the FIPS 140 POST function provided by the module in 357 * SPI v4, start a thread to run the function. 358 */ 359 post_rv[i] = CRYPTO_OPERATION_NOT_INITIALIZED; 360 post_thr = thread_create(NULL, 0, 361 (*(KCF_PROV_FIPS140_OPS(pd)->fips140_post)), &post_rv[i], 362 0, &p0, TS_RUN, MAXCLSYSPRI); 363 post_thr->t_did = post_t_did[i]; 364 KCF_FRMWRK_DEBUG(1, ("kcf_fips140_validate: started POST " 365 "for %s\n", fips140_module_list[i])); 366 KCF_PROV_REFRELE(pd); 367 } 368 369 /* Do integrity check of kernel boundary */ 370 ret = kcf_fips140_integrity_check(); 371 if (ret == 1) 372 goto error; 373 374 /* Wait for POST threads to come back and verify results */ 375 for (i = 0; i < FIPS140_MODULES_MAX; i++) { 376 if (post_t_did[i] != NULL) 377 thread_join(post_t_did[i]); 378 379 if (post_rv[i] != 0) { 380 cmn_err(CE_WARN, "FIPS 140 POST failed for %s. " 381 "Error = %d", fips140_module_list[i], post_rv[i]); 382 goto error; 383 } 384 } 385 386 kcf_activate(); 387 return; 388 389 error: 390 mutex_enter(&fips140_mode_lock); 391 global_fips140_mode = FIPS140_MODE_SHUTDOWN; 392 kcf_fips140_shutdown(); 393 cv_signal(&cv_fips140); 394 mutex_exit(&fips140_mode_lock); 395 396 } 397 398 399 /* 400 * Return a pointer to the modctl structure of the 401 * provider's module. 402 */ 403 struct modctl * 404 kcf_get_modctl(crypto_provider_info_t *pinfo) 405 { 406 struct modctl *mctlp; 407 408 /* Get the modctl struct for this module */ 409 if (pinfo->pi_provider_type == CRYPTO_SW_PROVIDER) 410 mctlp = mod_getctl(pinfo->pi_provider_dev.pd_sw); 411 else { 412 major_t major; 413 char *drvmod; 414 415 if ((major = 416 ddi_driver_major(pinfo->pi_provider_dev.pd_hw)) != -1) { 417 drvmod = ddi_major_to_name(major); 418 mctlp = mod_find_by_filename("drv", drvmod); 419 } else 420 return (NULL); 421 } 422 423 return (mctlp); 424 } 425 426 /* Check if this provider requires to be verified. */ 427 int 428 verifiable_provider(crypto_ops_t *prov_ops) 429 { 430 431 if (prov_ops->co_cipher_ops == NULL && prov_ops->co_dual_ops == NULL && 432 prov_ops->co_dual_cipher_mac_ops == NULL && 433 prov_ops->co_key_ops == NULL && prov_ops->co_sign_ops == NULL && 434 prov_ops->co_verify_ops == NULL) 435 return (0); 436 437 return (1); 438 } 439 440 /* 441 * With a given provider being registered, this looks through the FIPS 140 442 * modules list and returns a 1 if it's part of the FIPS 140 boundary and 443 * the framework registration must be delayed until we know the FIPS 140 mode 444 * status. A zero mean the provider does not need to wait for the FIPS 140 445 * boundary. 446 * 447 * If the provider in the boundary only provides random (like swrand), we 448 * can let it register as the random API will block operations. 449 */ 450 int 451 kcf_need_fips140_verification(kcf_provider_desc_t *pd) 452 { 453 int i, ret = 0; 454 455 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) 456 return (0); 457 458 mutex_enter(&fips140_mode_lock); 459 460 if (global_fips140_mode >= FIPS140_MODE_ENABLED) 461 goto exit; 462 463 for (i = 0; i < FIPS140_MODULES_MAX; i++) { 464 if (strcmp(fips140_module_list[i], pd->pd_name) != 0) 465 continue; 466 467 /* If this module is only random, we can let it register */ 468 if (KCF_PROV_RANDOM_OPS(pd) && 469 !verifiable_provider(pd->pd_ops_vector)) 470 break; 471 472 if (global_fips140_mode == FIPS140_MODE_SHUTDOWN) { 473 ret = -1; 474 break; 475 } 476 477 ret = 1; 478 break; 479 } 480 481 exit: 482 mutex_exit(&fips140_mode_lock); 483 return (ret); 484 } 485 486 487 /* 488 * Check if signature verification is needed for a provider. 489 * 490 * Returns 0, if no verification is needed. Returns 1, if 491 * verification is needed. Returns -1, if there is an 492 * error. 493 */ 494 int 495 kcf_need_signature_verification(kcf_provider_desc_t *pd) 496 { 497 struct module *mp; 498 struct modctl *mctlp = pd->pd_mctlp; 499 500 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) 501 return (0); 502 503 if (mctlp == NULL || mctlp->mod_mp == NULL) 504 return (-1); 505 506 mp = (struct module *)mctlp->mod_mp; 507 508 /* 509 * Check if we need to verify this provider signature and if so, 510 * make sure it has a signature section. 511 */ 512 if (verifiable_provider(pd->pd_ops_vector) == 0) 513 return (0); 514 515 /* See if this module has its required signature section. */ 516 if (mp->sigdata == NULL) 517 return (-1); 518 519 return (1); 520 } 521 522 /* 523 * Do the signature verification on the given module. This function can 524 * be called from user context or kernel context. 525 * 526 * We call kcfd with the full pathname of the module to be 527 * verified. kcfd will return success/restricted/fail, signature length 528 * and the actual signature in the ELF section of the module. If kcfd 529 * returns success or restricted, we compare the signature and the length 530 * with the values that krtld stored in the module structure. We log an 531 * error message in case of a failure. 532 * 533 * The provider state is changed to KCF_PROV_READY on success. 534 */ 535 void 536 kcf_verify_signature(void *arg) 537 { 538 int rv; 539 int error = CRYPTO_MODVERIFICATION_FAILED; 540 door_arg_t darg; 541 door_handle_t ldh; 542 kcf_door_arg_t *kda; 543 char *filename; 544 kcf_provider_desc_t *pd = arg; 545 struct module *mp; 546 boolean_t do_notify = B_FALSE; 547 boolean_t modhold_done = B_FALSE; 548 struct modctl *mctlp = pd->pd_mctlp; 549 550 ASSERT(pd->pd_prov_type != CRYPTO_LOGICAL_PROVIDER); 551 ASSERT(mctlp != NULL); 552 553 /* 554 * Because of FIPS 140 delays module loading, we may be running through 555 * this code with a non-crypto signed module; therefore, another 556 * check is necessary 557 */ 558 if (verifiable_provider(pd->pd_ops_vector) == 0) { 559 error = 0; 560 goto setverify; 561 } 562 563 for (;;) { 564 mutex_enter(&pd->pd_lock); 565 /* No need to do verification */ 566 if (pd->pd_state != KCF_PROV_UNVERIFIED) { 567 mutex_exit(&pd->pd_lock); 568 goto out; 569 } 570 mutex_exit(&pd->pd_lock); 571 572 mutex_enter(&mod_lock); 573 if (mctlp->mod_mp == NULL) { 574 mutex_exit(&mod_lock); 575 goto out; 576 } 577 578 /* 579 * This check is needed since a software provider can call 580 * us directly from the _init->crypto_register_provider path. 581 */ 582 if (pd->pd_prov_type == CRYPTO_SW_PROVIDER && 583 mctlp->mod_inprogress_thread == curthread) { 584 mutex_exit(&mod_lock); 585 modhold_done = B_FALSE; 586 break; 587 } 588 589 /* 590 * We could be in a race with the register thread or 591 * the unregister thread. So, retry if register or 592 * unregister is in progress. Note that we can't do 593 * mod_hold_by_modctl without this check since that 594 * could result in a deadlock with the other threads. 595 */ 596 if (mctlp->mod_busy) { 597 mutex_exit(&mod_lock); 598 /* delay for 10ms and try again */ 599 delay(drv_usectohz(10000)); 600 continue; 601 } 602 603 (void) mod_hold_by_modctl(mctlp, 604 MOD_WAIT_FOREVER | MOD_LOCK_HELD); 605 mutex_exit(&mod_lock); 606 modhold_done = B_TRUE; 607 break; 608 } 609 610 /* 611 * Check if the door is set up yet. This will be set when kcfd 612 * comes up. If not, we return and leave the provider state unchanged 613 * at KCF_PROV_UNVERIFIED. This will trigger the verification of 614 * the module later when kcfd is up. This is safe as we NEVER use 615 * a provider that has not been verified yet. 616 */ 617 mutex_enter(&kcf_dh_lock); 618 if (kcf_dh == NULL) { 619 mutex_exit(&kcf_dh_lock); 620 goto out; 621 } 622 623 ldh = kcf_dh; 624 door_ki_hold(ldh); 625 mutex_exit(&kcf_dh_lock); 626 627 mp = (struct module *)mctlp->mod_mp; 628 filename = mp->filename; 629 KCF_FRMWRK_DEBUG(2, ("Verifying module: %s\n", filename)); 630 631 kda = kmem_alloc(sizeof (kcf_door_arg_t) + mp->sigsize, KM_SLEEP); 632 kda->da_version = KCF_KCFD_VERSION1; 633 kda->da_iskernel = B_TRUE; 634 bcopy(filename, kda->da_u.filename, strlen(filename) + 1); 635 636 darg.data_ptr = (char *)kda; 637 darg.data_size = sizeof (kcf_door_arg_t) + mp->sigsize; 638 darg.desc_ptr = NULL; 639 darg.desc_num = 0; 640 darg.rbuf = (char *)kda; 641 darg.rsize = sizeof (kcf_door_arg_t); 642 643 /* 644 * Make door upcall. door_ki_upcall() checks for validity of the handle. 645 */ 646 rv = door_ki_upcall_limited(ldh, &darg, NULL, SIZE_MAX, 0); 647 648 if (rv == 0) { 649 kcf_door_arg_t *rkda = (kcf_door_arg_t *)darg.rbuf; 650 651 KCF_FRMWRK_DEBUG(2, 652 ("passed: %d\n", rkda->da_u.result.status)); 653 KCF_FRMWRK_DEBUG(2, 654 ("signature length: %d\n", rkda->da_u.result.siglen)); 655 KCF_FRMWRK_DEBUG(2, 656 ("signature: %p\n", (void*)rkda->da_u.result.signature)); 657 658 659 /* Check kcfd result and compare against module struct fields */ 660 if (((rkda->da_u.result.status != ELFSIGN_SUCCESS) && 661 (rkda->da_u.result.status != ELFSIGN_RESTRICTED)) || 662 !(rkda->da_u.result.siglen == mp->sigsize) || 663 (bcmp(rkda->da_u.result.signature, mp->sigdata, 664 mp->sigsize))) { 665 cmn_err(CE_WARN, "Module verification failed for %s.", 666 filename); 667 } else { 668 error = 0; 669 } 670 671 if (rkda->da_u.result.status == ELFSIGN_RESTRICTED) { 672 pd->pd_flags |= KCF_PROV_RESTRICTED; 673 KCF_FRMWRK_DEBUG(2, ("provider is restricted\n")); 674 } 675 676 if (rkda != kda) 677 kmem_free(rkda, darg.rsize); 678 679 } else { 680 cmn_err(CE_WARN, "Module verification door upcall failed " 681 "for %s. errno = %d", filename, rv); 682 } 683 684 kmem_free(kda, sizeof (kcf_door_arg_t) + mp->sigsize); 685 door_ki_rele(ldh); 686 687 setverify: 688 mutex_enter(&pd->pd_lock); 689 /* change state only if the original state is unchanged */ 690 if (pd->pd_state == KCF_PROV_UNVERIFIED) { 691 if (error == 0) { 692 pd->pd_state = KCF_PROV_READY; 693 do_notify = B_TRUE; 694 } else { 695 pd->pd_state = KCF_PROV_VERIFICATION_FAILED; 696 } 697 } 698 mutex_exit(&pd->pd_lock); 699 700 if (do_notify) { 701 /* Dispatch events for this new provider */ 702 kcf_do_notify(pd, B_TRUE); 703 } 704 705 out: 706 if (modhold_done) 707 mod_release_mod(mctlp); 708 KCF_PROV_REFRELE(pd); 709 } 710 711 /* called from the CRYPTO_LOAD_DOOR ioctl */ 712 int 713 crypto_load_door(uint_t did) 714 { 715 mutex_enter(&kcf_dh_lock); 716 kcf_dh = door_ki_lookup(did); 717 mutex_exit(&kcf_dh_lock); 718 719 verify_unverified_providers(); 720 721 /* Start the timeout handler to get random numbers */ 722 if (rngtimer_started == 0) { 723 kcf_rnd_schedule_timeout(B_TRUE); 724 rngtimer_started = 1; 725 } 726 return (0); 727 } 728