Review for 6414175 kcf.conf (due Oct. 23)

Thu, 23 Oct 2008 15:56:57 -0600 

adm_kef.c
---------
mcp-0   lines 434-436           Since this is duplicated here and
                                elsewhere, why not 'goto out' and
                                free entries whose pointers are non-null?

adm_kef_util.c
--------------
mcp-1                           Thanks for adding the extra comments!

kcf_cryptoadm.c
---------------
mcp-2   lines 85-210            What happens if a provider mentioned in
                                this static table doesn't exit because the
                                administrator removed the corresponding 
loadable module?

Dan Anderson wrote:
> Here's a review for:
> 6414175 kcf.conf's supportedlist not providing much usefulness
>
> http://dan.drydog.com/reviews/6414175-kcfconf/
>
> This removes initial /etc/crypto/kcf.conf entries for kernel software 
> providers.  This eliminates a need to modify kcf.conf when these providers 
> are installed/removed.  Removing this need is motivated by the fact that 
> OpenSolaris IPS packages have no easy method of editing configuration files.
>
> The kcf.conf entries can still be present if cryptoadm(1M) disabled a 
> software provider or mechanism.
>
> Requirements:
> R-1. Initial (default) entries in kcf.conf should be pre-populated in KCF 
> when the module is loaded.
> R-2. Adding new crypto modules to KCF will require no upgrade to kcf.conf
>
> R-3. The initial kcf.conf file should be empty (except for comments)
> R-4. User modifications to kcf.conf shall continue to be only via cryptoadm 
> enable/cryptoadm disable.
> R-5. Third-party crypto modules will still be able to add KCF modules by 
> adding a supportedlist line to kcf.conf.
>
> Implementation:
> In the kcf kernel module, soft_config_list is a linked list of crypto 
> provider/mechanism entries.  Currently it is initialized from kcf.conf when 
> the cryptosvc service started via the CRYPTO_LOAD_SOFT_CONFIG ioctl().
>
> Change kcf_cryptoadm.c so when the kcf module is loaded, kcf_soft_init() will 
> initialize the soft_config_list linked list with the list of default kernel 
> modules and their respective mechanism names.  
>
> Remove all non-comment entries in the initial default kcf.conf file and from 
> the postinstall/preremove package files.
> --
> This message posted from opensolaris.org
> _______________________________________________
> crypto-discuss mailing list
> crypto-discuss at opensolaris.org
> http://mail.opensolaris.org/mailman/listinfo/crypto-discuss
>

Reply via email to