Dan,
> Here's a review for:
> 6414175 kcf.conf's supportedlist not providing much usefulness
>
> http://dan.drydog.com/reviews/6414175-kcfconf/
>
I reviewed only the kcf changes and the packaging changes.
I have the following comments -
KY-1
Have you tested with bfu? It is good to end up with an
empty kcf.conf after a bfu (assuming no kcf.conf changes).
usr/src/uts/common/crypto/core/kcf_prov_tabs.c
KY-2 lines 56-61
These comments are not accurate for a hardware provider
which registers with kcf from its attach routine. A single driver
module can do multiple attaches. Recommend changing this to -
"
Prov_tab is an array of providers which is updated when
a crypto provider registers with kcf. The provider calls the
SPI routine, crypto_register_provider(), which in turn calls
kcf_prov_tab_add_provider().
A provider unregisters by calling crypto_unregister_provider()
which triggers the removal of the prov_tab entry.
It also calls kcf_remove_mech_provider().
"
KY-3 line 832
s/mechannism/mechanism/
usr/src/uts/common/crypto/core/kcf_cryptoadm.c
KY-4 lines 45-56, 100-102
Recommend adding a comment to the effect that
new crypto providers/mechanisms in kernel must update these
constants and add an entry in the appropriate table.
KY-5 line 187
Is there ever a case where an entry in the soft_config_list
can be removed from cryptoadm (1M)? If so, how is that
handled given that we lost the information constructed
in this routine.
usr/src/pkgdefs/*
Looks good.
Regards,
-Krishna
**
