1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 /* 27 * Core KCF (Kernel Cryptographic Framework). This file implements 28 * the loadable module entry points and module verification routines. 29 */ 30 31 #include <sys/systm.h> 32 #include <sys/cmn_err.h> 33 #include <sys/ddi.h> 34 #include <sys/sunddi.h> 35 #include <sys/modctl.h> 36 #include <sys/errno.h> 37 #include <sys/rwlock.h> 38 #include <sys/kmem.h> 39 #include <sys/door.h> 40 #include <sys/kobj.h> 41 42 #include <sys/crypto/common.h> 43 #include <sys/crypto/api.h> 44 #include <sys/crypto/spi.h> 45 #include <sys/crypto/impl.h> 46 #include <sys/crypto/sched_impl.h> 47 #include <sys/crypto/elfsign.h> 48 #include <sys/crypto/ioctladmin.h> 49 50 #ifdef DEBUG 51 int kcf_frmwrk_debug = 0; 52 53 #define KCF_FRMWRK_DEBUG(l, x) if (kcf_frmwrk_debug >= l) printf x 54 #else /* DEBUG */ 55 #define KCF_FRMWRK_DEBUG(l, x) 56 #endif /* DEBUG */ 57 58 /* 59 * Door to make upcalls to kcfd. kcfd will send us this 60 * handle when it is coming up. 61 */ 62 kmutex_t kcf_dh_lock; 63 door_handle_t kcf_dh = NULL; 64 65 /* Setup FIPS 140 support variables */ 66 uint32_t global_fips140_mode = FIPS140_MODE_UNSET; 67 kmutex_t fips140_mode_lock; 68 kcondvar_t cv_fips140; 69 70 /* 71 * Kernel FIPS140 boundary module list 72 * NOTE: "swrand" must be the last entry. FIPS 140 shutdown functions stop 73 * before getting to swrand as it is used for non-FIPS 140 74 * operations to. The FIPS 140 random API separately controls access. 75 */ 76 #define FIPS140_MODULES_MAX 7 77 static char *fips140_module_list[FIPS140_MODULES_MAX] = { 78 "aes", "des", "ecc", "sha1", "sha2", "rsa", "swrand" 79 }; 80 81 static struct modlmisc modlmisc = { 82 &mod_miscops, "Kernel Crypto Framework" 83 }; 84 85 static struct modlinkage modlinkage = { 86 MODREV_1, (void *)&modlmisc, NULL 87 }; 88 89 static int rngtimer_started; 90 91 int 92 _init() 93 { 94 mutex_init(&fips140_mode_lock, NULL, MUTEX_DEFAULT, NULL); 95 cv_init(&cv_fips140, NULL, CV_DEFAULT, NULL); 96 97 /* initialize the mechanisms tables supported out-of-the-box */ 98 kcf_init_mech_tabs(); 99 100 /* initialize the providers tables */ 101 kcf_prov_tab_init(); 102 103 /* initialize the policy table */ 104 kcf_policy_tab_init(); 105 106 /* initialize soft_config_list */ 107 kcf_soft_config_init(); 108 109 /* 110 * Initialize scheduling structures. Note that this does NOT 111 * start any threads since it might not be safe to do so. 112 */ 113 kcf_sched_init(); 114 115 /* initialize the RNG support structures */ 116 rngtimer_started = 0; 117 kcf_rnd_init(); 118 119 return (mod_install(&modlinkage)); 120 } 121 122 int 123 _info(struct modinfo *modinfop) 124 { 125 return (mod_info(&modlinkage, modinfop)); 126 } 127 128 /* 129 * We do not allow kcf to unload. 130 */ 131 int 132 _fini(void) 133 { 134 return (EBUSY); 135 } 136 137 138 /* Returns the value of global_fips140_mode */ 139 int 140 kcf_get_fips140_mode(void) 141 { 142 return (global_fips140_mode); 143 } 144 145 /* 146 * If FIPS 140 has failed its tests. The providers must be disabled from the 147 * framework. 148 */ 149 void 150 kcf_fips140_shutdown() 151 { 152 kcf_provider_desc_t *pd; 153 int i; 154 155 cmn_err(CE_WARN, 156 "Shutting down FIPS 140 boundary as verification failed."); 157 158 /* Disable FIPS 140 modules, but leave swrand alone */ 159 for (i = 0; i < (FIPS140_MODULES_MAX - 1); i++) { 160 /* 161 * Remove the predefined entries from the soft_config_list 162 * so the framework does not report the providers. 163 */ 164 remove_soft_config(fips140_module_list[i]); 165 166 pd = kcf_prov_tab_lookup_by_name(fips140_module_list[i]); 167 if (pd == NULL) 168 continue; 169 170 /* Allow the unneeded providers to be unloaded */ 171 pd->pd_mctlp->mod_loadflags &= ~(MOD_NOAUTOUNLOAD); 172 173 /* Invalidate the FIPS 140 providers */ 174 mutex_enter(&pd->pd_lock); 175 pd->pd_state = KCF_PROV_VERIFICATION_FAILED; 176 mutex_exit(&pd->pd_lock); 177 KCF_PROV_REFRELE(pd); 178 undo_register_provider(pd, B_FALSE); 179 180 } 181 } 182 183 /* 184 * Activates the kernel providers 185 * 186 * If we are getting ready to enable FIPS 140 mode, then all providers should 187 * be loaded and ready. 188 * 189 * If FIPS 140 is disabled, then we can skip any errors because some crypto 190 * modules may not have been loaded. 191 */ 192 void 193 kcf_activate() 194 { 195 kcf_provider_desc_t *pd; 196 int i; 197 198 for (i = 0; i < (FIPS140_MODULES_MAX - 1); i++) { 199 pd = kcf_prov_tab_lookup_by_name(fips140_module_list[i]); 200 if (pd == NULL) { 201 if (global_fips140_mode == FIPS140_MODE_DISABLED) 202 continue; 203 204 /* There should never be a NULL value in FIPS 140 */ 205 cmn_err(CE_WARN, "FIPS 140 activation: %s not in " 206 "kernel provider table", fips140_module_list[i]); 207 kcf_fips140_shutdown(); 208 break; 209 } 210 211 /* 212 * Change the provider state so the verification functions 213 * can signature verify, if necessary, and ready it. 214 */ 215 if (pd->pd_state == KCF_PROV_UNVERIFIED_FIPS140) { 216 mutex_enter(&pd->pd_lock); 217 pd->pd_state = KCF_PROV_UNVERIFIED; 218 mutex_exit(&pd->pd_lock); 219 } 220 221 KCF_PROV_REFRELE(pd); 222 } 223 224 /* If we are not in FIPS 140 mode, then exit */ 225 if (global_fips140_mode == FIPS140_MODE_DISABLED) 226 return; 227 228 /* If we in the process of validating FIPS 140, enable it */ 229 mutex_enter(&fips140_mode_lock); 230 global_fips140_mode = FIPS140_MODE_ENABLED; 231 cv_signal(&cv_fips140); 232 mutex_exit(&fips140_mode_lock); 233 cmn_err(CE_CONT, "?FIPS 140 enabled. Boundary check complete."); 234 235 verify_unverified_providers(); 236 } 237 238 239 /* 240 * Perform a door call to kcfd to have it check the integrity of the 241 * kernel boundary. Failure of the boundary will cause a FIPS 140 242 * configuration to fail 243 */ 244 int 245 kcf_fips140_integrity_check() 246 { 247 door_arg_t darg; 248 door_handle_t ldh; 249 kcf_door_arg_t *kda = { 0 }, *rkda; 250 int ret = 0; 251 252 KCF_FRMWRK_DEBUG(1, ("Starting IC check")); 253 254 mutex_enter(&kcf_dh_lock); 255 if (kcf_dh == NULL) { 256 mutex_exit(&kcf_dh_lock); 257 cmn_err(CE_WARN, "FIPS 140 Integrity Check failed, Door not " 258 "available\n"); 259 return (1); 260 } 261 262 ldh = kcf_dh; 263 door_ki_hold(ldh); 264 mutex_exit(&kcf_dh_lock); 265 266 kda = kmem_alloc(sizeof (kcf_door_arg_t), KM_SLEEP); 267 kda->da_version = KCFD_FIPS140_INTCHECK; 268 kda->da_iskernel = B_TRUE; 269 270 darg.data_ptr = (char *)kda; 271 darg.data_size = sizeof (kcf_door_arg_t); 272 darg.desc_ptr = NULL; 273 darg.desc_num = 0; 274 darg.rbuf = (char *)kda; 275 darg.rsize = sizeof (kcf_door_arg_t); 276 277 ret = door_ki_upcall_limited(ldh, &darg, NULL, SIZE_MAX, 0); 278 if (ret != 0) { 279 ret = 1; 280 goto exit; 281 } 282 283 KCF_FRMWRK_DEBUG(1, ("Integrity Check door returned = %d\n", ret)); 284 285 rkda = (kcf_door_arg_t *)darg.rbuf; 286 if (rkda->da_u.result.status != ELFSIGN_SUCCESS) { 287 ret = 1; 288 KCF_FRMWRK_DEBUG(1, ("Integrity Check failed = %d\n", 289 rkda->da_u.result.status)); 290 goto exit; 291 } 292 293 KCF_FRMWRK_DEBUG(1, ("Integrity Check succeeds.\n")); 294 295 exit: 296 if (rkda != kda) 297 kmem_free(rkda, darg.rsize); 298 299 kmem_free(kda, sizeof (kcf_door_arg_t)); 300 door_ki_rele(ldh); 301 if (ret) 302 cmn_err(CE_WARN, "FIPS 140 Integrity Check failed.\n"); 303 return (ret); 304 } 305 306 /* 307 * If FIPS 140 is configured to be enabled, before it can be turned on, the 308 * providers must run their Power On Self Test (POST) and we must wait to sure 309 * userland has performed its validation tests. 310 */ 311 void 312 kcf_fips140_validate() 313 { 314 kcf_provider_desc_t *pd; 315 kthread_t *post_thr; 316 int post_rv[FIPS140_MODULES_MAX]; 317 kt_did_t post_t_did[FIPS140_MODULES_MAX]; 318 int ret = 0; 319 int i; 320 321 /* 322 * Run POST tests for FIPS 140 modules, if they aren't loaded, load them 323 */ 324 for (i = 0; i < FIPS140_MODULES_MAX; i++) { 325 pd = kcf_prov_tab_lookup_by_name(fips140_module_list[i]); 326 if (pd == NULL) { 327 /* If the module isn't loaded, load it */ 328 ret = modload("crypto", fips140_module_list[i]); 329 if (ret == -1) { 330 cmn_err(CE_WARN, "FIPS 140 validation failed: " 331 "error modloading module %s.", 332 fips140_module_list[i]); 333 goto error; 334 } 335 336 /* Try again to get provider desc */ 337 pd = kcf_prov_tab_lookup_by_name( 338 fips140_module_list[i]); 339 if (pd == NULL) { 340 cmn_err(CE_WARN, "FIPS 140 validation failed: " 341 "Could not find module %s.", 342 fips140_module_list[i]); 343 goto error; 344 } 345 } 346 347 /* Make sure there are FIPS 140 entry points */ 348 if (KCF_PROV_FIPS140_OPS(pd) == NULL) { 349 cmn_err(CE_WARN, "FIPS 140 validation failed: " 350 "No POST function entry point in %s.", 351 fips140_module_list[i]); 352 goto error; 353 } 354 355 /* Make sure the module is not unloaded */ 356 pd->pd_mctlp->mod_loadflags |= MOD_NOAUTOUNLOAD; 357 358 /* 359 * With the FIPS 140 POST function provided by the module in 360 * SPI v4, start a thread to run the function. 361 */ 362 post_rv[i] = CRYPTO_OPERATION_NOT_INITIALIZED; 363 post_thr = thread_create(NULL, 0, 364 (*(KCF_PROV_FIPS140_OPS(pd)->fips140_post)), &post_rv[i], 365 0, &p0, TS_RUN, MAXCLSYSPRI); 366 post_t_did[i] = post_thr->t_did; 367 KCF_FRMWRK_DEBUG(1, ("kcf_fips140_validate: started POST " 368 "for %s\n", fips140_module_list[i])); 369 KCF_PROV_REFRELE(pd); 370 } 371 372 /* Do integrity check of kernel boundary */ 373 ret = kcf_fips140_integrity_check(); 374 if (ret == 1) 375 goto error; 376 377 /* Wait for POST threads to come back and verify results */ 378 for (i = 0; i < FIPS140_MODULES_MAX; i++) { 379 /* If the POST has already returned a success, we can move on */ 380 if (post_rv[i] == CRYPTO_SUCCESS) 381 continue; 382 383 /* POST test is taking more time, need to wait for thread */ 384 if (post_rv[i] == CRYPTO_OPERATION_NOT_INITIALIZED && 385 post_t_did[i] != NULL) 386 thread_join(post_t_did[i]); 387 388 if (post_rv[i] != CRYPTO_SUCCESS) { 389 cmn_err(CE_WARN, "FIPS 140 POST failed for %s. " 390 "Error = 0x%x", fips140_module_list[i], post_rv[i]); 391 goto error; 392 } 393 } 394 395 kcf_activate(); 396 return; 397 398 error: 399 mutex_enter(&fips140_mode_lock); 400 global_fips140_mode = FIPS140_MODE_SHUTDOWN; 401 kcf_fips140_shutdown(); 402 cv_signal(&cv_fips140); 403 mutex_exit(&fips140_mode_lock); 404 405 } 406 407 408 /* 409 * Return a pointer to the modctl structure of the 410 * provider's module. 411 */ 412 struct modctl * 413 kcf_get_modctl(crypto_provider_info_t *pinfo) 414 { 415 struct modctl *mctlp; 416 417 /* Get the modctl struct for this module */ 418 if (pinfo->pi_provider_type == CRYPTO_SW_PROVIDER) 419 mctlp = mod_getctl(pinfo->pi_provider_dev.pd_sw); 420 else { 421 major_t major; 422 char *drvmod; 423 424 if ((major = 425 ddi_driver_major(pinfo->pi_provider_dev.pd_hw)) != -1) { 426 drvmod = ddi_major_to_name(major); 427 mctlp = mod_find_by_filename("drv", drvmod); 428 } else 429 return (NULL); 430 } 431 432 return (mctlp); 433 } 434 435 /* Check if this provider requires to be verified. */ 436 int 437 verifiable_provider(crypto_ops_t *prov_ops) 438 { 439 440 if (prov_ops->co_cipher_ops == NULL && prov_ops->co_dual_ops == NULL && 441 prov_ops->co_dual_cipher_mac_ops == NULL && 442 prov_ops->co_key_ops == NULL && prov_ops->co_sign_ops == NULL && 443 prov_ops->co_verify_ops == NULL) 444 return (0); 445 446 return (1); 447 } 448 449 /* 450 * With a given provider being registered, this looks through the FIPS 140 451 * modules list and returns a 1 if it's part of the FIPS 140 boundary and 452 * the framework registration must be delayed until we know the FIPS 140 mode 453 * status. A zero mean the provider does not need to wait for the FIPS 140 454 * boundary. 455 * 456 * If the provider in the boundary only provides random (like swrand), we 457 * can let it register as the random API will block operations. 458 */ 459 int 460 kcf_need_fips140_verification(kcf_provider_desc_t *pd) 461 { 462 int i, ret = 0; 463 464 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) 465 return (0); 466 467 mutex_enter(&fips140_mode_lock); 468 469 if (global_fips140_mode >= FIPS140_MODE_ENABLED) 470 goto exit; 471 472 for (i = 0; i < FIPS140_MODULES_MAX; i++) { 473 if (strcmp(fips140_module_list[i], pd->pd_name) != 0) 474 continue; 475 476 /* If this module is only random, we can let it register */ 477 if (KCF_PROV_RANDOM_OPS(pd) && 478 !verifiable_provider(pd->pd_ops_vector)) 479 break; 480 481 if (global_fips140_mode == FIPS140_MODE_SHUTDOWN) { 482 ret = -1; 483 break; 484 } 485 486 ret = 1; 487 break; 488 } 489 490 exit: 491 mutex_exit(&fips140_mode_lock); 492 return (ret); 493 } 494 495 496 /* 497 * Check if signature verification is needed for a provider. 498 * 499 * Returns 0, if no verification is needed. Returns 1, if 500 * verification is needed. Returns -1, if there is an 501 * error. 502 */ 503 int 504 kcf_need_signature_verification(kcf_provider_desc_t *pd) 505 { 506 struct module *mp; 507 struct modctl *mctlp = pd->pd_mctlp; 508 509 if (pd->pd_prov_type == CRYPTO_LOGICAL_PROVIDER) 510 return (0); 511 512 if (mctlp == NULL || mctlp->mod_mp == NULL) 513 return (-1); 514 515 mp = (struct module *)mctlp->mod_mp; 516 517 /* 518 * Check if we need to verify this provider signature and if so, 519 * make sure it has a signature section. 520 */ 521 if (verifiable_provider(pd->pd_ops_vector) == 0) 522 return (0); 523 524 /* See if this module has its required signature section. */ 525 if (mp->sigdata == NULL) 526 return (-1); 527 528 return (1); 529 } 530 531 /* 532 * Do the signature verification on the given module. This function can 533 * be called from user context or kernel context. 534 * 535 * We call kcfd with the full pathname of the module to be 536 * verified. kcfd will return success/restricted/fail, signature length 537 * and the actual signature in the ELF section of the module. If kcfd 538 * returns success or restricted, we compare the signature and the length 539 * with the values that krtld stored in the module structure. We log an 540 * error message in case of a failure. 541 * 542 * The provider state is changed to KCF_PROV_READY on success. 543 */ 544 void 545 kcf_verify_signature(void *arg) 546 { 547 int rv; 548 int error = CRYPTO_MODVERIFICATION_FAILED; 549 door_arg_t darg; 550 door_handle_t ldh; 551 kcf_door_arg_t *kda; 552 char *filename; 553 kcf_provider_desc_t *pd = arg; 554 struct module *mp; 555 boolean_t do_notify = B_FALSE; 556 boolean_t modhold_done = B_FALSE; 557 struct modctl *mctlp = pd->pd_mctlp; 558 559 ASSERT(pd->pd_prov_type != CRYPTO_LOGICAL_PROVIDER); 560 ASSERT(mctlp != NULL); 561 562 /* 563 * Because of FIPS 140 delays module loading, we may be running through 564 * this code with a non-crypto signed module; therefore, another 565 * check is necessary 566 */ 567 if (verifiable_provider(pd->pd_ops_vector) == 0) { 568 error = 0; 569 goto setverify; 570 } 571 572 for (;;) { 573 mutex_enter(&pd->pd_lock); 574 /* No need to do verification */ 575 if (pd->pd_state != KCF_PROV_UNVERIFIED) { 576 mutex_exit(&pd->pd_lock); 577 goto out; 578 } 579 mutex_exit(&pd->pd_lock); 580 581 mutex_enter(&mod_lock); 582 if (mctlp->mod_mp == NULL) { 583 mutex_exit(&mod_lock); 584 goto out; 585 } 586 587 /* 588 * This check is needed since a software provider can call 589 * us directly from the _init->crypto_register_provider path. 590 */ 591 if (pd->pd_prov_type == CRYPTO_SW_PROVIDER && 592 mctlp->mod_inprogress_thread == curthread) { 593 mutex_exit(&mod_lock); 594 modhold_done = B_FALSE; 595 break; 596 } 597 598 /* 599 * We could be in a race with the register thread or 600 * the unregister thread. So, retry if register or 601 * unregister is in progress. Note that we can't do 602 * mod_hold_by_modctl without this check since that 603 * could result in a deadlock with the other threads. 604 */ 605 if (mctlp->mod_busy) { 606 mutex_exit(&mod_lock); 607 /* delay for 10ms and try again */ 608 delay(drv_usectohz(10000)); 609 continue; 610 } 611 612 (void) mod_hold_by_modctl(mctlp, 613 MOD_WAIT_FOREVER | MOD_LOCK_HELD); 614 mutex_exit(&mod_lock); 615 modhold_done = B_TRUE; 616 break; 617 } 618 619 /* 620 * Check if the door is set up yet. This will be set when kcfd 621 * comes up. If not, we return and leave the provider state unchanged 622 * at KCF_PROV_UNVERIFIED. This will trigger the verification of 623 * the module later when kcfd is up. This is safe as we NEVER use 624 * a provider that has not been verified yet. 625 */ 626 mutex_enter(&kcf_dh_lock); 627 if (kcf_dh == NULL) { 628 mutex_exit(&kcf_dh_lock); 629 goto out; 630 } 631 632 ldh = kcf_dh; 633 door_ki_hold(ldh); 634 mutex_exit(&kcf_dh_lock); 635 636 mp = (struct module *)mctlp->mod_mp; 637 filename = mp->filename; 638 KCF_FRMWRK_DEBUG(2, ("Verifying module: %s\n", filename)); 639 640 kda = kmem_alloc(sizeof (kcf_door_arg_t) + mp->sigsize, KM_SLEEP); 641 kda->da_version = KCF_KCFD_VERSION1; 642 kda->da_iskernel = B_TRUE; 643 bcopy(filename, kda->da_u.filename, strlen(filename) + 1); 644 645 darg.data_ptr = (char *)kda; 646 darg.data_size = sizeof (kcf_door_arg_t) + mp->sigsize; 647 darg.desc_ptr = NULL; 648 darg.desc_num = 0; 649 darg.rbuf = (char *)kda; 650 darg.rsize = sizeof (kcf_door_arg_t); 651 652 /* 653 * Make door upcall. door_ki_upcall() checks for validity of the handle. 654 */ 655 rv = door_ki_upcall_limited(ldh, &darg, NULL, SIZE_MAX, 0); 656 657 if (rv == 0) { 658 kcf_door_arg_t *rkda = (kcf_door_arg_t *)darg.rbuf; 659 660 KCF_FRMWRK_DEBUG(2, 661 ("passed: %d\n", rkda->da_u.result.status)); 662 KCF_FRMWRK_DEBUG(2, 663 ("signature length: %d\n", rkda->da_u.result.siglen)); 664 KCF_FRMWRK_DEBUG(2, 665 ("signature: %p\n", (void*)rkda->da_u.result.signature)); 666 667 668 /* Check kcfd result and compare against module struct fields */ 669 if (((rkda->da_u.result.status != ELFSIGN_SUCCESS) && 670 (rkda->da_u.result.status != ELFSIGN_RESTRICTED)) || 671 !(rkda->da_u.result.siglen == mp->sigsize) || 672 (bcmp(rkda->da_u.result.signature, mp->sigdata, 673 mp->sigsize))) { 674 cmn_err(CE_WARN, "Module verification failed for %s.", 675 filename); 676 } else { 677 error = 0; 678 } 679 680 if (rkda->da_u.result.status == ELFSIGN_RESTRICTED) { 681 pd->pd_flags |= KCF_PROV_RESTRICTED; 682 KCF_FRMWRK_DEBUG(2, ("provider is restricted\n")); 683 } 684 685 if (rkda != kda) 686 kmem_free(rkda, darg.rsize); 687 688 } else { 689 cmn_err(CE_WARN, "Module verification door upcall failed " 690 "for %s. errno = %d", filename, rv); 691 } 692 693 kmem_free(kda, sizeof (kcf_door_arg_t) + mp->sigsize); 694 door_ki_rele(ldh); 695 696 setverify: 697 mutex_enter(&pd->pd_lock); 698 /* change state only if the original state is unchanged */ 699 if (pd->pd_state == KCF_PROV_UNVERIFIED) { 700 if (error == 0) { 701 pd->pd_state = KCF_PROV_READY; 702 do_notify = B_TRUE; 703 } else { 704 pd->pd_state = KCF_PROV_VERIFICATION_FAILED; 705 } 706 } 707 mutex_exit(&pd->pd_lock); 708 709 if (do_notify) { 710 /* Dispatch events for this new provider */ 711 kcf_do_notify(pd, B_TRUE); 712 } 713 714 out: 715 if (modhold_done) 716 mod_release_mod(mctlp); 717 KCF_PROV_REFRELE(pd); 718 } 719 720 /* called from the CRYPTO_LOAD_DOOR ioctl */ 721 int 722 crypto_load_door(uint_t did) 723 { 724 mutex_enter(&kcf_dh_lock); 725 kcf_dh = door_ki_lookup(did); 726 mutex_exit(&kcf_dh_lock); 727 728 verify_unverified_providers(); 729 730 /* Start the timeout handler to get random numbers */ 731 if (rngtimer_started == 0) { 732 kcf_rnd_schedule_timeout(B_TRUE); 733 rngtimer_started = 1; 734 } 735 return (0); 736 } 737