1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 /* 27 * Core KCF (Kernel Cryptographic Framework). This file implements 28 * the loadable module entry points and module verification routines. 29 */ 30 31 #include <sys/systm.h> 32 #include <sys/cmn_err.h> 33 #include <sys/ddi.h> 34 #include <sys/sunddi.h> 35 #include <sys/modctl.h> 36 #include <sys/errno.h> 37 #include <sys/rwlock.h> 38 #include <sys/kmem.h> 39 #include <sys/door.h> 40 #include <sys/kobj.h> 41 42 #include <sys/crypto/common.h> 43 #include <sys/crypto/api.h> 44 #include <sys/crypto/spi.h> 45 #include <sys/crypto/impl.h> 46 #include <sys/crypto/sched_impl.h> 47 #include <sys/crypto/elfsign.h> 48 #include <sys/crypto/ioctladmin.h> 49 50 #ifdef DEBUG 51 int kcf_frmwrk_debug = 0; 52 53 #define KCF_FRMWRK_DEBUG(l, x) if (kcf_frmwrk_debug >= l) printf x 54 #else /* DEBUG */ 55 #define KCF_FRMWRK_DEBUG(l, x) 56 #endif /* DEBUG */ 57 58 /* 59 * Door to make upcalls to kcfd. kcfd will send us this 60 * handle when it is coming up. 61 */ 62 kmutex_t kcf_dh_lock; 63 door_handle_t kcf_dh = NULL; 64 65 /* Setup FIPS 140 support variables */ 66 uint32_t global_fips140_mode = FIPS140_MODE_UNSET; 67 kmutex_t fips140_mode_lock; 68 kcondvar_t cv_fips140; 69 70 /* 71 * Kernel FIPS140 boundary module list 72 * NOTE: "swrand" must be the last entry. FIPS 140 shutdown functions stop 73 * before getting to swrand as it is used for non-FIPS 140 74 * operations to. The FIPS 140 random API separately controls access. 75 */ 76 #define FIPS140_MODULES_MAX 7 77 static char *fips140_module_list[FIPS140_MODULES_MAX] = { 78 "aes", "des", "ecc", "sha1", "sha2", "rsa", "swrand" 79 }; 80 81 static struct modlmisc modlmisc = { 82 &mod_miscops, "Kernel Crypto Framework" 83 }; 84 85 static struct modlinkage modlinkage = { 86 MODREV_1, (void *)&modlmisc, NULL 87 }; 88 89 static int rngtimer_started; 90 91 int 92 _init() 93 { 94 mutex_init(&fips140_mode_lock, NULL, MUTEX_DEFAULT, NULL); 95 cv_init(&cv_fips140, NULL, CV_DEFAULT, NULL); 96 97 /* initialize the mechanisms tables supported out-of-the-box */ 98 kcf_init_mech_tabs(); 99 100 /* initialize the providers tables */ 101 kcf_prov_tab_init(); 102 103 /* initialize the policy table */ 104 kcf_policy_tab_init(); 105 106 /* initialize soft_config_list */ 107 kcf_soft_config_init(); 108 109 /* 110 * Initialize scheduling structures. Note that this does NOT 111 * start any threads since it might not be safe to do so. 112 */ 113 kcf_sched_init(); 114 115 /* initialize the RNG support structures */ 116 rngtimer_started = 0; 117 kcf_rnd_init(); 118 119 return (mod_install(&modlinkage)); 120 } 121 122 int 123 _info(struct modinfo *modinfop) 124 { 125 return (mod_info(&modlinkage, modinfop)); 126 } 127 128 /* 129 * We do not allow kcf to unload. 130 */ 131 int 132 _fini(void) 133 { 134 return (EBUSY); 135 } 136 137 138 /* Returns the value of global_fips140_mode */ 139 int 140 kcf_get_fips140_mode(void) 141 { 142 return (global_fips140_mode); 143 } 144 145 /* 146 * If FIPS 140 has failed its tests. The providers must be disabled from the 147 * framework. 148 */ 149 void 150 kcf_fips140_shutdown() 151 { 152 kcf_provider_desc_t *pd; 153 int i; 154 155 cmn_err(CE_WARN, 156 "Shutting down FIPS 140 boundary as verification failed."); 157 158 /* Disable FIPS 140 modules, but leave swrand alone */ 159 for (i = 0; i < (FIPS140_MODULES_MAX - 1); i++) { 160 /* 161 * Remove the predefined entries from the soft_config_list 162 * so the framework does not report the providers. 163 */ 164 remove_soft_config(fips140_module_list[i]); 165 166 pd = kcf_prov_tab_lookup_by_name(fips140_module_list[i]); 167 if (pd == NULL) 168 continue; 169 170 /* Allow the unneeded providers to be unloaded */ 171 pd->pd_mctlp->mod_loadflags &= ~(MOD_NOAUTOUNLOAD); 172 173 /* Invalidate the FIPS 140 providers */ 174 mutex_enter(&pd->pd_lock); 175 pd->pd_state = KCF_PROV_VERIFICATION_FAILED; 176 mutex_exit(&pd->pd_lock); 177 KCF_PROV_REFRELE(pd); 178 undo_register_provider(pd, B_FALSE); 179 180 } 181 } 182 183 /* 184 * Activates the kernel providers 185 * 186 * If we are getting ready to enable FIPS 140 mode, then all providers should 187 * be loaded and ready. 188 * 189 * If FIPS 140 is disabled, then we can skip any errors because some crypto 190 * modules may not have been loaded. 191 */ 192 void 193 kcf_activate() 194 { 195 kcf_provider_desc_t *pd; 196 int i; 197 198 for (i = 0; i < (FIPS140_MODULES_MAX - 1); i++) { 199 pd = kcf_prov_tab_lookup_by_name(fips140_module_list[i]); 200 if (pd == NULL) { 201 if (global_fips140_mode == FIPS140_MODE_DISABLED) 202 continue; 203 204 /* There should never be a NULL value in FIPS 140 */ 205 cmn_err(CE_WARN, "FIPS 140 activation: %s not in " 206 "kernel provider table", fips140_module_list[i]); 207 kcf_fips140_shutdown(); 208 break; 209 } 210 211 /* 212 * Change the provider state so the verification functions 213 * can signature verify, if necessary, and ready it. 214 */ 215 if (pd->pd_state == KCF_PROV_UNVERIFIED_FIPS140) { 216 mutex_enter(&pd->pd_lock); 217 pd->pd_state = KCF_PROV_UNVERIFIED; 218 mutex_exit(&pd->pd_lock); 219 } 220 221 KCF_PROV_REFRELE(pd); 222 } 223 224 /* If we are not in FIPS 140 mode exit */ 225 if (global_fips140_mode == FIPS140_MODE_DISABLED) 226 return; 227 228 /* If we in the process of validating FIPS 140, enable it */ 229 mutex_enter(&fips140_mode_lock); 230 global_fips140_mode = FIPS140_MODE_ENABLED; 231 cv_signal(&cv_fips140); 232 mutex_exit(&fips140_mode_lock); 233 234 verify_unverified_providers(); 235 } 236 237 238 /* 239 * Perform a door call to kcfd to have it check the integrity of the 240 * kernel boundary. Failure of the boundary will cause a FIPS 140 241 * configuration to fail 242 */ 243 int 244 kcf_fips140_integrity_check() 245 { 246 door_arg_t darg; 247 door_handle_t ldh; 248 kcf_door_arg_t *kda = { 0 }, *rkda; 249 int ret = 0; 250 251 KCF_FRMWRK_DEBUG(1, ("Starting IC check")); 252 253 mutex_enter(&kcf_dh_lock); 254 if (kcf_dh == NULL) { 255 mutex_exit(&kcf_dh_lock); 256 cmn_err(CE_WARN, "FIPS 140 Integrity Check failed, Door not " 257 "available\n"); 258 return (1); 259 } 260 261 ldh = kcf_dh; 262 door_ki_hold(ldh); 263 mutex_exit(&kcf_dh_lock); 264 265 kda = kmem_alloc(sizeof (kcf_door_arg_t), KM_SLEEP); 266 kda->da_version = KCFD_FIPS140_INTCHECK; 267 kda->da_iskernel = B_TRUE; 268 269 darg.data_ptr = (char *)kda; 270 darg.data_size = sizeof (kcf_door_arg_t); 271 darg.desc_ptr = NULL; 272 darg.desc_num = 0; 273 darg.rbuf = (char *)kda; 274 darg.rsize = sizeof (kcf_door_arg_t); 275 276 ret = door_ki_upcall_limited(ldh, &darg, NULL, SIZE_MAX, 0); 277 if (ret != 0) { 278 ret = 1; 279 goto exit; 280 } 281 282 KCF_FRMWRK_DEBUG(1, ("Integrity Check door returned = %d\n", ret)); 283 284 rkda = (kcf_door_arg_t *)darg.rbuf; 285 if (rkda->da_u.result.status != ELFSIGN_SUCCESS) { 286 ret = 1; 287 KCF_FRMWRK_DEBUG(1, ("Integrity Check failed = %d\n", 288 rkda->da_u.result.status)); 289 goto exit; 290 } 291 292 KCF_FRMWRK_DEBUG(1, ("Integrity Check succeeds.\n")); 293 294 exit: 295 if (rkda != kda) 296 kmem_free(rkda, darg.rsize); 297 298 kmem_free(kda, sizeof (kcf_door_arg_t)); 299 door_ki_rele(ldh); 300 if (ret) 301 cmn_err(CE_WARN, "FIPS 140 Integrity Check failed.\n"); 302 return (ret); 303 } 304 305 /* 306 * If FIPS 140 is configured to be enabled, before it can be turned on, the 307 * providers must run their Power On Self Test (POST) and we must wait to sure 308 * userland has performed its validation tests. 309 */ 310 void 311 kcf_fips140_validate() 312 { 313 kcf_provider_desc_t *pd; 314 kthread_t *post_thr; 315 int post_rv[FIPS140_MODULES_MAX]; 316 kt_did_t post_t_did[FIPS140_MODULES_MAX]; 317 int ret = 0; 318 int i; 319 320 /* 321 * Run POST tests for FIPS 140 modules, if they aren't loaded, load them 322 */ 323 for (i = 0; i < FIPS140_MODULES_MAX; i++) { 324 pd = kcf_prov_tab_lookup_by_name(fips140_module_list[i]); 325 if (pd == NULL) { 326 /* If the module isn't loaded, load it */ 327 ret = modload("crypto", fips140_module_list[i]); 328 if (ret == -1) { 329 cmn_err(CE_WARN, "FIPS 140 validation failed: " 330 "error modloading module %s.", 331 fips140_module_list[i]); 332 goto error; 333 } 334 335 /* Try again to get provider desc */ 336 pd = kcf_prov_tab_lookup_by_name( 337 fips140_module_list[i]); 338 if (pd == NULL) { 339 cmn_err(CE_WARN, "FIPS 140 validation failed: " 340 "Could not find module %s.", 341 fips140_module_list[i]); 342 goto error; 343 } 344 } 345 346 /* Make sure there are FIPS 140 entry points */ 347 if (KCF_PROV_FIPS140_OPS(pd) == NULL) { 348 cmn_err(CE_WARN, "FIPS 140 validation failed: " 349 "No POST function entry point in %s.", 350 fips140_module_list[i]); 351 goto error; 352 } 353 354 /* Make sure the module is not unloaded */ 355 pd->pd_mctlp->mod_loadflags |= MOD_NOAUTOUNLOAD; 356 357 /* 358 * With the FIPS 140 POST function provided by the module in 359 * SPI v4, start a thread to run the function. 360 */ 361 post_rv[i] = CRYPTO_OPERATION_NOT_INITIALIZED; 362 post_thr = thread_create(NULL, 0, 363 (*(KCF_PROV_FIPS140_OPS(pd)->fips140_post)), &post_rv[i], 364 0, &p0, TS_RUN, MAXCLSYSPRI); 365 post_thr->t_did = post_t_did[i]; 366 KCF_FRMWRK_DEBUG(1, ("kcf_fips140_validate: started POST " 367 "for %s\n", fips140_module_list[i])); 368 KCF_PROV_REFRELE(pd); 369 } 370 371 /* Do integrity check of kernel boundary */ 372 ret = kcf_fips140_integrity_check(); 373 if (ret == 1) 374 goto error; 375 376 /* Wait for POST threads to come back and verify results */ 377 for (i = 0; i < FIPS140_MODULES_MAX; i++) { 378 if (post_t_did[i] != NULL) 379 thread_join(post_t_did[i]); 380 381 if (post_rv[i] != 0) { 382 cmn_err(CE_WARN, "FIPS 140 POST failed for %s. " 383 "Error = %d", fips140_module_list[i], post_rv[i]); 384 goto error; 385 } 386 } 387 388 kcf_activate(); 389 return; 390 391 error: 392 mutex_enter(&fips140_mode_lock); 393 global_fips140_mode = FIPS140_MODE_SHUTDOWN; 394 kcf_fips140_shutdown(); 395 cv_signal(&cv_fips140); 396 mutex_exit(&fips140_mode_lock); 397 398 } 399 400 401 /* 402 * Return a pointer to the modctl structure of the 403 * provider's module. 404 */ 405 struct modctl * 406 kcf_get_modctl(crypto_provider_info_t *pinfo) 407 { 408 struct modctl *mctlp; 409 410 /* Get the modctl struct for this module */ 411 if (pinfo->pi_provider_type == CRYPTO_SW_PROVIDER) 412 mctlp = mod_getctl(pinfo->pi_provider_dev.pd_sw); 413 else { 414 major_t major; 415 char *drvmod; 416 417 if ((major = 418 ddi_driver_major(pinfo->pi_provider_dev.pd_hw)) != -1) { 419 drvmod = ddi_major_to_name(major); 420 mctlp = mod_find_by_filename("drv", drvmod); 421 } else 422 return (NULL); 423 } 424 425 return (mctlp); 426 } 427 428 /* Check if this provider requires to be verified. */ 429 int 430 verifiable_provider(crypto_ops_t *prov_ops) 431 { 432 433 if (prov_ops->co_cipher_ops == NULL && prov_ops->co_dual_ops == NULL && 434 prov_ops->co_dual_cipher_mac_ops == NULL && 435 prov_ops->co_key_ops == NULL && prov_ops->co_sign_ops == NULL && 436 prov_ops->co_verify_ops == NULL) 437 return (0); 438 439 return (1); 440 } 441 442 /* 443 * With a given provider being registered, this looks through the FIPS 140 444 * modules list and returns a 1 if it's part of the FIPS 140 boundary and 445 * the framework registration must be delayed until we know the FIPS 140 mode 446 * status. A zero mean the provider does not need to wait for the FIPS 140 447 * boundary. 448 * 449 * If the provider in the boundary only provides random (like swrand), we 450 * can let it register as the random API will block operations. 451 */ 452 int 453 kcf_need_fips140_verification(kcf_provider_desc_t *pd) 454 { 455 int i, ret = 0; 456 457 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) 458 return (0); 459 460 mutex_enter(&fips140_mode_lock); 461 462 if (global_fips140_mode >= FIPS140_MODE_ENABLED) 463 goto exit; 464 465 for (i = 0; i < FIPS140_MODULES_MAX; i++) { 466 if (strcmp(fips140_module_list[i], pd->pd_name) != 0) 467 continue; 468 469 /* If this module is only random, we can let it register */ 470 if (KCF_PROV_RANDOM_OPS(pd) && 471 !verifiable_provider(pd->pd_ops_vector)) 472 break; 473 474 if (global_fips140_mode == FIPS140_MODE_SHUTDOWN) { 475 ret = -1; 476 break; 477 } 478 479 ret = 1; 480 break; 481 } 482 483 exit: 484 mutex_exit(&fips140_mode_lock); 485 return (ret); 486 } 487 488 489 /* 490 * Check if signature verification is needed for a provider. 491 * 492 * Returns 0, if no verification is needed. Returns 1, if 493 * verification is needed. Returns -1, if there is an 494 * error. 495 */ 496 int 497 kcf_need_signature_verification(kcf_provider_desc_t *pd) 498 { 499 struct module *mp; 500 struct modctl *mctlp = pd->pd_mctlp; 501 502 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) 503 return (0); 504 505 if (mctlp == NULL || mctlp->mod_mp == NULL) 506 return (-1); 507 508 mp = (struct module *)mctlp->mod_mp; 509 510 /* 511 * Check if we need to verify this provider signature and if so, 512 * make sure it has a signature section. 513 */ 514 if (verifiable_provider(pd->pd_ops_vector) == 0) 515 return (0); 516 517 /* See if this module has its required signature section. */ 518 if (mp->sigdata == NULL) 519 return (-1); 520 521 return (1); 522 } 523 524 /* 525 * Do the signature verification on the given module. This function can 526 * be called from user context or kernel context. 527 * 528 * We call kcfd with the full pathname of the module to be 529 * verified. kcfd will return success/restricted/fail, signature length 530 * and the actual signature in the ELF section of the module. If kcfd 531 * returns success or restricted, we compare the signature and the length 532 * with the values that krtld stored in the module structure. We log an 533 * error message in case of a failure. 534 * 535 * The provider state is changed to KCF_PROV_READY on success. 536 */ 537 void 538 kcf_verify_signature(void *arg) 539 { 540 int rv; 541 int error = CRYPTO_MODVERIFICATION_FAILED; 542 door_arg_t darg; 543 door_handle_t ldh; 544 kcf_door_arg_t *kda; 545 char *filename; 546 kcf_provider_desc_t *pd = arg; 547 struct module *mp; 548 boolean_t do_notify = B_FALSE; 549 boolean_t modhold_done = B_FALSE; 550 struct modctl *mctlp = pd->pd_mctlp; 551 552 ASSERT(pd->pd_prov_type != CRYPTO_LOGICAL_PROVIDER); 553 ASSERT(mctlp != NULL); 554 555 /* 556 * Because of FIPS 140 delays module loading, we may be running through 557 * this code with a non-crypto signed module; therefore, another 558 * check is necessary 559 */ 560 if (verifiable_provider(pd->pd_ops_vector) == 0) { 561 error = 0; 562 goto setverify; 563 } 564 565 for (;;) { 566 mutex_enter(&pd->pd_lock); 567 /* No need to do verification */ 568 if (pd->pd_state != KCF_PROV_UNVERIFIED) { 569 mutex_exit(&pd->pd_lock); 570 goto out; 571 } 572 mutex_exit(&pd->pd_lock); 573 574 mutex_enter(&mod_lock); 575 if (mctlp->mod_mp == NULL) { 576 mutex_exit(&mod_lock); 577 goto out; 578 } 579 580 /* 581 * This check is needed since a software provider can call 582 * us directly from the _init->crypto_register_provider path. 583 */ 584 if (pd->pd_prov_type == CRYPTO_SW_PROVIDER && 585 mctlp->mod_inprogress_thread == curthread) { 586 mutex_exit(&mod_lock); 587 modhold_done = B_FALSE; 588 break; 589 } 590 591 /* 592 * We could be in a race with the register thread or 593 * the unregister thread. So, retry if register or 594 * unregister is in progress. Note that we can't do 595 * mod_hold_by_modctl without this check since that 596 * could result in a deadlock with the other threads. 597 */ 598 if (mctlp->mod_busy) { 599 mutex_exit(&mod_lock); 600 /* delay for 10ms and try again */ 601 delay(drv_usectohz(10000)); 602 continue; 603 } 604 605 (void) mod_hold_by_modctl(mctlp, 606 MOD_WAIT_FOREVER | MOD_LOCK_HELD); 607 mutex_exit(&mod_lock); 608 modhold_done = B_TRUE; 609 break; 610 } 611 612 /* 613 * Check if the door is set up yet. This will be set when kcfd 614 * comes up. If not, we return and leave the provider state unchanged 615 * at KCF_PROV_UNVERIFIED. This will trigger the verification of 616 * the module later when kcfd is up. This is safe as we NEVER use 617 * a provider that has not been verified yet. 618 */ 619 mutex_enter(&kcf_dh_lock); 620 if (kcf_dh == NULL) { 621 mutex_exit(&kcf_dh_lock); 622 goto out; 623 } 624 625 ldh = kcf_dh; 626 door_ki_hold(ldh); 627 mutex_exit(&kcf_dh_lock); 628 629 mp = (struct module *)mctlp->mod_mp; 630 filename = mp->filename; 631 KCF_FRMWRK_DEBUG(2, ("Verifying module: %s\n", filename)); 632 633 kda = kmem_alloc(sizeof (kcf_door_arg_t) + mp->sigsize, KM_SLEEP); 634 kda->da_version = KCF_KCFD_VERSION1; 635 kda->da_iskernel = B_TRUE; 636 bcopy(filename, kda->da_u.filename, strlen(filename) + 1); 637 638 darg.data_ptr = (char *)kda; 639 darg.data_size = sizeof (kcf_door_arg_t) + mp->sigsize; 640 darg.desc_ptr = NULL; 641 darg.desc_num = 0; 642 darg.rbuf = (char *)kda; 643 darg.rsize = sizeof (kcf_door_arg_t); 644 645 /* 646 * Make door upcall. door_ki_upcall() checks for validity of the handle. 647 */ 648 rv = door_ki_upcall_limited(ldh, &darg, NULL, SIZE_MAX, 0); 649 650 if (rv == 0) { 651 kcf_door_arg_t *rkda = (kcf_door_arg_t *)darg.rbuf; 652 653 KCF_FRMWRK_DEBUG(2, 654 ("passed: %d\n", rkda->da_u.result.status)); 655 KCF_FRMWRK_DEBUG(2, 656 ("signature length: %d\n", rkda->da_u.result.siglen)); 657 KCF_FRMWRK_DEBUG(2, 658 ("signature: %p\n", (void*)rkda->da_u.result.signature)); 659 660 661 /* Check kcfd result and compare against module struct fields */ 662 if (((rkda->da_u.result.status != ELFSIGN_SUCCESS) && 663 (rkda->da_u.result.status != ELFSIGN_RESTRICTED)) || 664 !(rkda->da_u.result.siglen == mp->sigsize) || 665 (bcmp(rkda->da_u.result.signature, mp->sigdata, 666 mp->sigsize))) { 667 cmn_err(CE_WARN, "Module verification failed for %s.", 668 filename); 669 } else { 670 error = 0; 671 } 672 673 if (rkda->da_u.result.status == ELFSIGN_RESTRICTED) { 674 pd->pd_flags |= KCF_PROV_RESTRICTED; 675 KCF_FRMWRK_DEBUG(2, ("provider is restricted\n")); 676 } 677 678 if (rkda != kda) 679 kmem_free(rkda, darg.rsize); 680 681 } else { 682 cmn_err(CE_WARN, "Module verification door upcall failed " 683 "for %s. errno = %d", filename, rv); 684 } 685 686 kmem_free(kda, sizeof (kcf_door_arg_t) + mp->sigsize); 687 door_ki_rele(ldh); 688 689 setverify: 690 mutex_enter(&pd->pd_lock); 691 /* change state only if the original state is unchanged */ 692 if (pd->pd_state == KCF_PROV_UNVERIFIED) { 693 if (error == 0) { 694 pd->pd_state = KCF_PROV_READY; 695 do_notify = B_TRUE; 696 } else { 697 pd->pd_state = KCF_PROV_VERIFICATION_FAILED; 698 } 699 } 700 mutex_exit(&pd->pd_lock); 701 702 if (do_notify) { 703 /* Dispatch events for this new provider */ 704 kcf_do_notify(pd, B_TRUE); 705 } 706 707 out: 708 if (modhold_done) 709 mod_release_mod(mctlp); 710 KCF_PROV_REFRELE(pd); 711 } 712 713 /* called from the CRYPTO_LOAD_DOOR ioctl */ 714 int 715 crypto_load_door(uint_t did) 716 { 717 mutex_enter(&kcf_dh_lock); 718 kcf_dh = door_ki_lookup(did); 719 mutex_exit(&kcf_dh_lock); 720 721 verify_unverified_providers(); 722 723 /* Start the timeout handler to get random numbers */ 724 if (rngtimer_started == 0) { 725 kcf_rnd_schedule_timeout(B_TRUE); 726 rngtimer_started = 1; 727 } 728 return (0); 729 } 730