1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. 24 */ 25 26 /* 27 * Core KCF (Kernel Cryptographic Framework). This file implements 28 * the loadable module entry points and module verification routines. 29 */ 30 31 #include <sys/systm.h> 32 #include <sys/cmn_err.h> 33 #include <sys/ddi.h> 34 #include <sys/sunddi.h> 35 #include <sys/modctl.h> 36 #include <sys/errno.h> 37 #include <sys/rwlock.h> 38 #include <sys/kmem.h> 39 #include <sys/door.h> 40 #include <sys/kobj.h> 41 42 #include <sys/crypto/common.h> 43 #include <sys/crypto/api.h> 44 #include <sys/crypto/spi.h> 45 #include <sys/crypto/impl.h> 46 #include <sys/crypto/sched_impl.h> 47 #include <sys/crypto/elfsign.h> 48 #include <sys/crypto/ioctladmin.h> 49 50 #ifdef DEBUG 51 int kcf_frmwrk_debug = 0; 52 53 #define KCF_FRMWRK_DEBUG(l, x) if (kcf_frmwrk_debug >= l) printf x 54 #else /* DEBUG */ 55 #define KCF_FRMWRK_DEBUG(l, x) 56 #endif /* DEBUG */ 57 58 /* 59 * Door to make upcalls to kcfd. kcfd will send us this 60 * handle when it is coming up. 61 */ 62 kmutex_t kcf_dh_lock; 63 door_handle_t kcf_dh = NULL; 64 65 /* Setup FIPS 140 support variables */ 66 uint32_t global_fips140_mode = FIPS140_MODE_UNSET; 67 kmutex_t fips140_mode_lock; 68 kcondvar_t cv_fips140; 69 70 /* 71 * Kernel FIPS140 boundary module list 72 * NOTE: "swrand" must be the last entry. FIPS 140 shutdown functions stop 73 * before getting to swrand as it is used for non-FIPS 140 74 * operations to. The FIPS 140 random API separately controls access. 75 */ 76 #define FIPS140_MODULES_MAX 7 77 static char *fips140_module_list[FIPS140_MODULES_MAX] = { 78 "aes", "des", "ecc", "sha1", "sha2", "rsa", "swrand" 79 }; 80 81 static struct modlmisc modlmisc = { 82 &mod_miscops, "Kernel Crypto Framework" 83 }; 84 85 static struct modlinkage modlinkage = { 86 MODREV_1, (void *)&modlmisc, NULL 87 }; 88 89 static int rngtimer_started; 90 extern int sys_shutdown; 91 92 int 93 _init() 94 { 95 mutex_init(&fips140_mode_lock, NULL, MUTEX_DEFAULT, NULL); 96 cv_init(&cv_fips140, NULL, CV_DEFAULT, NULL); 97 98 /* initialize the mechanisms tables supported out-of-the-box */ 99 kcf_init_mech_tabs(); 100 101 /* initialize the providers tables */ 102 kcf_prov_tab_init(); 103 104 /* initialize the policy table */ 105 kcf_policy_tab_init(); 106 107 /* initialize soft_config_list */ 108 kcf_soft_config_init(); 109 110 /* 111 * Initialize scheduling structures. Note that this does NOT 112 * start any threads since it might not be safe to do so. 113 */ 114 kcf_sched_init(); 115 116 /* initialize the RNG support structures */ 117 rngtimer_started = 0; 118 kcf_rnd_init(); 119 120 return (mod_install(&modlinkage)); 121 } 122 123 int 124 _info(struct modinfo *modinfop) 125 { 126 return (mod_info(&modlinkage, modinfop)); 127 } 128 129 /* 130 * We do not allow kcf to unload. 131 */ 132 int 133 _fini(void) 134 { 135 return (EBUSY); 136 } 137 138 139 /* Returns the value of global_fips140_mode */ 140 int 141 kcf_get_fips140_mode(void) 142 { 143 return (global_fips140_mode); 144 } 145 146 /* 147 * If FIPS 140 has failed its tests. The providers must be disabled from the 148 * framework. 149 */ 150 void 151 kcf_fips140_shutdown() 152 { 153 kcf_provider_desc_t *pd; 154 int i; 155 156 cmn_err(CE_WARN, 157 "Shutting down FIPS 140 boundary as verification failed."); 158 159 /* Disable FIPS 140 modules, but leave swrand alone */ 160 for (i = 0; i < (FIPS140_MODULES_MAX - 1); i++) { 161 /* 162 * Remove the predefined entries from the soft_config_list 163 * so the framework does not report the providers. 164 */ 165 remove_soft_config(fips140_module_list[i]); 166 167 pd = kcf_prov_tab_lookup_by_name(fips140_module_list[i]); 168 if (pd == NULL) 169 continue; 170 171 /* Allow the unneeded providers to be unloaded */ 172 pd->pd_mctlp->mod_loadflags &= ~(MOD_NOAUTOUNLOAD); 173 174 /* Invalidate the FIPS 140 providers */ 175 mutex_enter(&pd->pd_lock); 176 pd->pd_state = KCF_PROV_VERIFICATION_FAILED; 177 mutex_exit(&pd->pd_lock); 178 KCF_PROV_REFRELE(pd); 179 undo_register_provider(pd, B_FALSE); 180 181 } 182 } 183 184 /* 185 * Activates the kernel providers 186 * 187 * If we are getting ready to enable FIPS 140 mode, then all providers should 188 * be loaded and ready. 189 * 190 * If FIPS 140 is disabled, then we can skip any errors because some crypto 191 * modules may not have been loaded. 192 */ 193 void 194 kcf_activate() 195 { 196 kcf_provider_desc_t *pd; 197 int i; 198 199 for (i = 0; i < (FIPS140_MODULES_MAX - 1); i++) { 200 pd = kcf_prov_tab_lookup_by_name(fips140_module_list[i]); 201 if (pd == NULL) { 202 if (global_fips140_mode == FIPS140_MODE_DISABLED) 203 continue; 204 205 /* There should never be a NULL value in FIPS 140 */ 206 cmn_err(CE_WARN, "FIPS 140 activation: %s not in " 207 "kernel provider table", fips140_module_list[i]); 208 kcf_fips140_shutdown(); 209 break; 210 } 211 212 /* 213 * Change the provider state so the verification functions 214 * can signature verify, if necessary, and ready it. 215 */ 216 if (pd->pd_state == KCF_PROV_UNVERIFIED_FIPS140) { 217 mutex_enter(&pd->pd_lock); 218 pd->pd_state = KCF_PROV_UNVERIFIED; 219 mutex_exit(&pd->pd_lock); 220 } 221 222 KCF_PROV_REFRELE(pd); 223 } 224 225 /* If we are not in FIPS 140 mode, then exit */ 226 if (global_fips140_mode == FIPS140_MODE_DISABLED) 227 return; 228 229 /* If we in the process of validating FIPS 140, enable it */ 230 mutex_enter(&fips140_mode_lock); 231 global_fips140_mode = FIPS140_MODE_ENABLED; 232 cv_signal(&cv_fips140); 233 mutex_exit(&fips140_mode_lock); 234 cmn_err(CE_CONT, "?FIPS 140 enabled. Boundary check complete."); 235 236 verify_unverified_providers(); 237 } 238 239 240 /* 241 * Perform a door call to kcfd to have it check the integrity of the 242 * kernel boundary. Failure of the boundary will cause a FIPS 140 243 * configuration to fail 244 */ 245 int 246 kcf_fips140_integrity_check() 247 { 248 door_arg_t darg; 249 door_handle_t ldh; 250 kcf_door_arg_t *kda = { 0 }, *rkda; 251 int ret = 0; 252 253 KCF_FRMWRK_DEBUG(1, ("Starting IC check")); 254 255 mutex_enter(&kcf_dh_lock); 256 if (kcf_dh == NULL) { 257 mutex_exit(&kcf_dh_lock); 258 cmn_err(CE_WARN, "FIPS 140 Integrity Check failed, Door not " 259 "available\n"); 260 return (1); 261 } 262 263 ldh = kcf_dh; 264 door_ki_hold(ldh); 265 mutex_exit(&kcf_dh_lock); 266 267 kda = kmem_alloc(sizeof (kcf_door_arg_t), KM_SLEEP); 268 kda->da_version = KCFD_FIPS140_INTCHECK; 269 kda->da_iskernel = B_TRUE; 270 271 darg.data_ptr = (char *)kda; 272 darg.data_size = sizeof (kcf_door_arg_t); 273 darg.desc_ptr = NULL; 274 darg.desc_num = 0; 275 darg.rbuf = (char *)kda; 276 darg.rsize = sizeof (kcf_door_arg_t); 277 278 ret = door_ki_upcall_limited(ldh, &darg, NULL, SIZE_MAX, 0); 279 if (ret != 0) { 280 ret = 1; 281 goto exit; 282 } 283 284 KCF_FRMWRK_DEBUG(1, ("Integrity Check door returned = %d\n", ret)); 285 286 rkda = (kcf_door_arg_t *)(void *)darg.rbuf; 287 if (rkda->da_u.result.status != ELFSIGN_SUCCESS) { 288 ret = 1; 289 KCF_FRMWRK_DEBUG(1, ("Integrity Check failed = %d\n", 290 rkda->da_u.result.status)); 291 goto exit; 292 } 293 294 KCF_FRMWRK_DEBUG(1, ("Integrity Check succeeds.\n")); 295 296 exit: 297 if (rkda != kda) 298 kmem_free(rkda, darg.rsize); 299 300 kmem_free(kda, sizeof (kcf_door_arg_t)); 301 door_ki_rele(ldh); 302 if (ret) 303 cmn_err(CE_WARN, "FIPS 140 Integrity Check failed.\n"); 304 return (ret); 305 } 306 307 /* 308 * If FIPS 140 is configured to be enabled, before it can be turned on, the 309 * providers must run their Power On Self Test (POST) and we must wait to sure 310 * userland has performed its validation tests. 311 */ 312 void 313 kcf_fips140_validate() 314 { 315 kcf_provider_desc_t *pd; 316 kthread_t *post_thr; 317 int post_rv[FIPS140_MODULES_MAX]; 318 kt_did_t post_t_did[FIPS140_MODULES_MAX]; 319 int ret = 0; 320 int i; 321 322 /* 323 * Run POST tests for FIPS 140 modules, if they aren't loaded, load them 324 */ 325 for (i = 0; i < FIPS140_MODULES_MAX; i++) { 326 pd = kcf_prov_tab_lookup_by_name(fips140_module_list[i]); 327 if (pd == NULL) { 328 /* If the module isn't loaded, load it */ 329 ret = modload("crypto", fips140_module_list[i]); 330 if (ret == -1) { 331 cmn_err(CE_WARN, "FIPS 140 validation failed: " 332 "error modloading module %s.", 333 fips140_module_list[i]); 334 goto error; 335 } 336 337 /* Try again to get provider desc */ 338 pd = kcf_prov_tab_lookup_by_name( 339 fips140_module_list[i]); 340 if (pd == NULL) { 341 cmn_err(CE_WARN, "FIPS 140 validation failed: " 342 "Could not find module %s.", 343 fips140_module_list[i]); 344 goto error; 345 } 346 } 347 348 /* Make sure there are FIPS 140 entry points */ 349 if (KCF_PROV_FIPS140_OPS(pd) == NULL) { 350 cmn_err(CE_WARN, "FIPS 140 validation failed: " 351 "No POST function entry point in %s.", 352 fips140_module_list[i]); 353 goto error; 354 } 355 356 /* Make sure the module is not unloaded */ 357 pd->pd_mctlp->mod_loadflags |= MOD_NOAUTOUNLOAD; 358 359 /* 360 * With the FIPS 140 POST function provided by the module in 361 * SPI v4, start a thread to run the function. 362 */ 363 post_rv[i] = CRYPTO_OPERATION_NOT_INITIALIZED; 364 post_thr = thread_create(NULL, 0, 365 (*(KCF_PROV_FIPS140_OPS(pd)->fips140_post)), &post_rv[i], 366 0, &p0, TS_RUN, MAXCLSYSPRI); 367 post_t_did[i] = post_thr->t_did; 368 KCF_FRMWRK_DEBUG(1, ("kcf_fips140_validate: started POST " 369 "for %s\n", fips140_module_list[i])); 370 KCF_PROV_REFRELE(pd); 371 } 372 373 /* Do integrity check of kernel boundary */ 374 ret = kcf_fips140_integrity_check(); 375 if (ret == 1) 376 goto error; 377 378 /* Wait for POST threads to come back and verify results */ 379 for (i = 0; i < FIPS140_MODULES_MAX; i++) { 380 /* If the POST has already returned a success, we can move on */ 381 if (post_rv[i] == CRYPTO_SUCCESS) 382 continue; 383 384 /* POST test is taking more time, need to wait for thread */ 385 if (post_rv[i] == CRYPTO_OPERATION_NOT_INITIALIZED && 386 post_t_did[i] != NULL) 387 thread_join(post_t_did[i]); 388 389 if (post_rv[i] != CRYPTO_SUCCESS) { 390 cmn_err(CE_WARN, "FIPS 140 POST failed for %s. " 391 "Error = 0x%x", fips140_module_list[i], post_rv[i]); 392 goto error; 393 } 394 } 395 396 kcf_activate(); 397 return; 398 399 error: 400 mutex_enter(&fips140_mode_lock); 401 global_fips140_mode = FIPS140_MODE_SHUTDOWN; 402 kcf_fips140_shutdown(); 403 cv_signal(&cv_fips140); 404 mutex_exit(&fips140_mode_lock); 405 406 } 407 408 409 /* 410 * Return a pointer to the modctl structure of the 411 * provider's module. 412 */ 413 struct modctl * 414 kcf_get_modctl(crypto_provider_info_t *pinfo) 415 { 416 struct modctl *mctlp; 417 418 /* Get the modctl struct for this module */ 419 if (pinfo->pi_provider_type == CRYPTO_SW_PROVIDER) 420 mctlp = mod_getctl(pinfo->pi_provider_dev.pd_sw); 421 else { 422 major_t major; 423 char *drvmod; 424 425 if ((major = ddi_driver_major(pinfo->pi_provider_dev.pd_hw)) 426 != DDI_MAJOR_T_NONE) { 427 drvmod = ddi_major_to_name(major); 428 mctlp = mod_find_by_filename("drv", drvmod); 429 } else 430 return (NULL); 431 } 432 433 return (mctlp); 434 } 435 436 /* Check if this provider requires to be verified. */ 437 int 438 verifiable_provider(crypto_ops_t *prov_ops) 439 { 440 441 if (prov_ops->co_cipher_ops == NULL && prov_ops->co_dual_ops == NULL && 442 prov_ops->co_dual_cipher_mac_ops == NULL && 443 prov_ops->co_key_ops == NULL && prov_ops->co_sign_ops == NULL && 444 prov_ops->co_verify_ops == NULL) 445 return (0); 446 447 return (1); 448 } 449 450 /* 451 * With a given provider being registered, this looks through the FIPS 140 452 * modules list and returns a 1 if it's part of the FIPS 140 boundary and 453 * the framework registration must be delayed until we know the FIPS 140 mode 454 * status. A zero mean the provider does not need to wait for the FIPS 140 455 * boundary. 456 * 457 * If the provider in the boundary only provides random (like swrand), we 458 * can let it register as the random API will block operations. 459 */ 460 int 461 kcf_need_fips140_verification(kcf_provider_desc_t *pd) 462 { 463 int i, ret = 0; 464 465 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) 466 return (0); 467 468 mutex_enter(&fips140_mode_lock); 469 470 if (global_fips140_mode >= FIPS140_MODE_ENABLED) 471 goto exit; 472 473 for (i = 0; i < FIPS140_MODULES_MAX; i++) { 474 if (strcmp(fips140_module_list[i], pd->pd_name) != 0) 475 continue; 476 477 /* If this module is only random, we can let it register */ 478 if (KCF_PROV_RANDOM_OPS(pd) && 479 !verifiable_provider(pd->pd_ops_vector)) 480 break; 481 482 if (global_fips140_mode == FIPS140_MODE_SHUTDOWN) { 483 ret = -1; 484 break; 485 } 486 487 ret = 1; 488 break; 489 } 490 491 exit: 492 mutex_exit(&fips140_mode_lock); 493 return (ret); 494 } 495 496 497 /* 498 * Check if signature verification is needed for a provider. 499 * 500 * Returns 0, if no verification is needed. Returns 1, if 501 * verification is needed. Returns -1, if there is an 502 * error. 503 */ 504 int 505 kcf_need_signature_verification(kcf_provider_desc_t *pd) 506 { 507 struct module *mp; 508 struct modctl *mctlp = pd->pd_mctlp; 509 510 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) 511 return (0); 512 513 if (mctlp == NULL || mctlp->mod_mp == NULL) 514 return (-1); 515 516 mp = (struct module *)mctlp->mod_mp; 517 518 /* 519 * Check if we need to verify this provider signature and if so, 520 * make sure it has a signature section. 521 */ 522 if (verifiable_provider(pd->pd_ops_vector) == 0) 523 return (0); 524 525 /* See if this module has its required signature section. */ 526 if (mp->sigdata == NULL) 527 return (-1); 528 529 return (1); 530 } 531 532 /* 533 * Do the signature verification on the given module. This function can 534 * be called from user context or kernel context. 535 * 536 * We call kcfd with the full pathname of the module to be 537 * verified. kcfd will return success/fail, signature length 538 * and the actual signature in the ELF section of the module. If 539 * kcfd returns success, we compare the signature and the length 540 * with the values that krtld stored in the module structure. We 541 * log an error message in case of a failure. 542 * 543 * The provider state is changed to KCF_PROV_READY on success. 544 */ 545 void 546 kcf_verify_signature(void *arg) 547 { 548 int rv; 549 int error = CRYPTO_MODVERIFICATION_FAILED; 550 door_arg_t darg; 551 door_handle_t ldh; 552 kcf_door_arg_t *kda; 553 char *filename; 554 kcf_provider_desc_t *pd = arg; 555 struct module *mp; 556 boolean_t do_notify = B_FALSE; 557 boolean_t modhold_done = B_FALSE; 558 struct modctl *mctlp = pd->pd_mctlp; 559 560 ASSERT(pd->pd_prov_type != CRYPTO_LOGICAL_PROVIDER); 561 ASSERT(mctlp != NULL); 562 563 /* 564 * Because of FIPS 140 delays module loading, we may be running through 565 * this code with a non-crypto signed module; therefore, another 566 * check is necessary 567 */ 568 if (verifiable_provider(pd->pd_ops_vector) == 0) { 569 error = 0; 570 goto setverify; 571 } 572 573 for (;;) { 574 mutex_enter(&pd->pd_lock); 575 /* No need to do verification */ 576 if (pd->pd_state != KCF_PROV_UNVERIFIED) { 577 mutex_exit(&pd->pd_lock); 578 goto out; 579 } 580 mutex_exit(&pd->pd_lock); 581 582 mutex_enter(&mod_lock); 583 if (mctlp->mod_mp == NULL) { 584 mutex_exit(&mod_lock); 585 goto out; 586 } 587 588 /* 589 * This check is needed since a software provider can call 590 * us directly from the _init->crypto_register_provider path. 591 */ 592 if (pd->pd_prov_type == CRYPTO_SW_PROVIDER && 593 mctlp->mod_inprogress_thread == curthread) { 594 mutex_exit(&mod_lock); 595 modhold_done = B_FALSE; 596 break; 597 } 598 599 /* 600 * We could be in a race with the register thread or 601 * the unregister thread. So, retry if register or 602 * unregister is in progress. Note that we can't do 603 * mod_hold_by_modctl without this check since that 604 * could result in a deadlock with the other threads. 605 */ 606 if (mctlp->mod_busy) { 607 mutex_exit(&mod_lock); 608 /* delay for 10ms and try again */ 609 delay(drv_usectohz(10000)); 610 continue; 611 } 612 613 (void) mod_hold_by_modctl(mctlp, 614 MOD_WAIT_FOREVER | MOD_LOCK_HELD); 615 mutex_exit(&mod_lock); 616 modhold_done = B_TRUE; 617 break; 618 } 619 620 /* 621 * Check if the door is set up yet. This will be set when kcfd 622 * comes up. If not, we return and leave the provider state unchanged 623 * at KCF_PROV_UNVERIFIED. This will trigger the verification of 624 * the module later when kcfd is up. This is safe as we NEVER use 625 * a provider that has not been verified yet. 626 */ 627 mutex_enter(&kcf_dh_lock); 628 if (kcf_dh == NULL) { 629 mutex_exit(&kcf_dh_lock); 630 goto out; 631 } 632 633 ldh = kcf_dh; 634 door_ki_hold(ldh); 635 mutex_exit(&kcf_dh_lock); 636 637 mp = (struct module *)mctlp->mod_mp; 638 filename = mp->filename; 639 KCF_FRMWRK_DEBUG(2, ("Verifying module: %s\n", filename)); 640 641 kda = kmem_alloc(sizeof (kcf_door_arg_t) + mp->sigsize, KM_SLEEP); 642 kda->da_version = KCF_KCFD_VERSION1; 643 kda->da_iskernel = B_TRUE; 644 bcopy(filename, kda->da_u.filename, strlen(filename) + 1); 645 646 darg.data_ptr = (char *)kda; 647 darg.data_size = sizeof (kcf_door_arg_t) + mp->sigsize; 648 darg.desc_ptr = NULL; 649 darg.desc_num = 0; 650 darg.rbuf = (char *)kda; 651 darg.rsize = sizeof (kcf_door_arg_t); 652 653 /* 654 * Make door upcall. door_ki_upcall() checks for validity of the handle. 655 */ 656 rv = door_ki_upcall_limited(ldh, &darg, NULL, SIZE_MAX, 0); 657 658 if (rv == 0) { 659 kcf_door_arg_t *rkda = (kcf_door_arg_t *)(void *)darg.rbuf; 660 661 KCF_FRMWRK_DEBUG(2, 662 ("passed: %d\n", rkda->da_u.result.status)); 663 KCF_FRMWRK_DEBUG(2, 664 ("signature length: %d\n", rkda->da_u.result.siglen)); 665 KCF_FRMWRK_DEBUG(2, 666 ("signature: %p\n", (void*)rkda->da_u.result.signature)); 667 668 669 /* Check kcfd result and compare against module struct fields */ 670 if ((rkda->da_u.result.status != ELFSIGN_SUCCESS) || 671 !(rkda->da_u.result.siglen == mp->sigsize) || 672 (bcmp(rkda->da_u.result.signature, mp->sigdata, 673 mp->sigsize))) { 674 cmn_err(CE_WARN, "Module verification failed for %s.", 675 filename); 676 } else { 677 error = 0; 678 } 679 680 if (rkda != kda) 681 kmem_free(rkda, darg.rsize); 682 683 } else if (sys_shutdown == 0) { 684 cmn_err(CE_WARN, "Unable to use door to kcfd during module " 685 "verification of %s. (errno: 0x%x)", filename, rv); 686 } 687 688 kmem_free(kda, sizeof (kcf_door_arg_t) + mp->sigsize); 689 door_ki_rele(ldh); 690 691 setverify: 692 mutex_enter(&pd->pd_lock); 693 /* change state only if the original state is unchanged */ 694 if (pd->pd_state == KCF_PROV_UNVERIFIED) { 695 if (error == 0) { 696 pd->pd_state = KCF_PROV_READY; 697 do_notify = B_TRUE; 698 } else { 699 pd->pd_state = KCF_PROV_VERIFICATION_FAILED; 700 } 701 } 702 mutex_exit(&pd->pd_lock); 703 704 if (do_notify) { 705 /* Dispatch events for this new provider */ 706 kcf_do_notify(pd, B_TRUE); 707 } 708 709 out: 710 if (modhold_done) 711 mod_release_mod(mctlp); 712 KCF_PROV_REFRELE(pd); 713 } 714 715 /* called from the CRYPTO_LOAD_DOOR ioctl */ 716 int 717 crypto_load_door(uint_t did) 718 { 719 door_handle_t dh; 720 721 mutex_enter(&kcf_dh_lock); 722 dh = door_ki_lookup(did); 723 if (dh != NULL) 724 kcf_dh = dh; 725 mutex_exit(&kcf_dh_lock); 726 727 verify_unverified_providers(); 728 729 /* Start the timeout handler to get random numbers */ 730 if (rngtimer_started == 0) { 731 kcf_rnd_schedule_timeout(B_TRUE); 732 rngtimer_started = 1; 733 } 734 return (0); 735 } 736