On Wed, 22 Oct 2008, Krishna Yenduri wrote: > Dan, > I reviewed only the kcf changes and the packaging changes. > I have the following comments -
> KY-1 > Have you tested with bfu? It is good to end up with an > empty kcf.conf after a bfu (assuming no kcf.conf changes). Yes. BFU replaced kcf.conf with the new version. > usr/src/uts/common/crypto/core/kcf_prov_tabs.c > KY-2 lines 56-61 > These comments are not accurate for a hardware provider > which registers with kcf from its attach routine. A single driver > module can do multiple attaches. Recommend changing this to - > " > Prov_tab is an array of providers which is updated when > a crypto provider registers with kcf. The provider calls the > SPI routine, crypto_register_provider(), which in turn calls > kcf_prov_tab_add_provider(). > A provider unregisters by calling crypto_unregister_provider() > which triggers the removal of the prov_tab entry. > It also calls kcf_remove_mech_provider(). > " FIXED. > KY-3 line 832 > s/mechannism/mechanism/ FIXED. > usr/src/uts/common/crypto/core/kcf_cryptoadm.c > KY-4 lines 45-56, 100-102 > Recommend adding a comment to the effect that > new crypto providers/mechanisms in kernel must update these > constants and add an entry in the appropriate table. FIXED > KY-5 line 187 > Is there ever a case where an entry in the soft_config_list > can be removed from cryptoadm (1M)? If so, how is that > handled given that we lost the information constructed > in this routine. Yes. With "cryptoadm uninstall" calling: do_uninstall -> uninstall_kef() -> CRYPTO_LOAD_SOFT_CONFIG ioctl(). Cryptoadm will have to specify the kcf provider and mechanism(s) to reinstall. "cryptoadm disable" or "cryptoadm unload" does not remove the soft_config_list entries. -- This message posted from opensolaris.org
