Hai-May Chao wrote:
> ...
> http://cr.opensolaris.org/~haimay/CR6703956-v2/
> ...
>>
>> usr/src/uts/common/crypto/io/swrand.c
>>
>> KY-3 T3 line 387
>> Why not use digest directly and get rid of digest32
>> since they are of the same size? You can then
>> remove the bcopy() here.
>>
>
> Originally I coded just like you indicated and got lint warning
> due to pointer cast. So I changed it to as it is now.
You can over ride the lint warning with a directive. This is OK
to do since we know the cast is safe to do.
>> KY-5 T3 lines 406-407
>> I assume FIPS compliance would require you to stop using
>> the provider in this case (or fail all the requests from then on).
>> I see that n2rng unregisters from the framework
>> in error cases.
>>
>> We can have the default behavior as now ("log a warning")
>> and add an option (a kernel tunable) to stop using swrand when we hit
>> this error.
>>
>
> If we have swrand and one or more hardware random number providers,
> then I think it'd be okay to disable the provider that fails. If we
> only have swrand, i.e. disabling the last remaining provider doesn't
> seem like a good idea.
>
> The kernel tunable option could be added later as part of FIPS 140-2
> Self-Tests work. I'd like to suggest we provide logging a warning at
> this putback as we're getting the FIPS 186-2 RNG into the framework.
Sounds fine.
> ..
>>
>> KY-7 T3 lines 667-668
>> I believe it is much more secure to have a different XSEED for
>> every call.
>>
>> I would recommend XOR'ing the seed value with a high
>> resolution timer output (gethrtime()) for this call.
>>
>
> Fixed.
line 676 -
I see a problem with the XOR code. src is only 8 bytes long while
dst is 20 bytes. You can fix this by making this src[i % sizeof
(timestamp)].
-Krishna
