Krishna, Thanks for your review. I incorporated your comments.
http://cr.opensolaris.org/~haimay/CR6703956-v2/ Krishna Yenduri wrote: > Hai-May Chao wrote: >> ... >> http://cr.opensolaris.org/~haimay/CR6703956-v2/ > >> ... >>> usr/src/uts/common/crypto/io/swrand.c >>> >>> KY-3 T3 line 387 >>> Why not use digest directly and get rid of digest32 >>> since they are of the same size? You can then >>> remove the bcopy() here. >>> >> Originally I coded just like you indicated and got lint warning >> due to pointer cast. So I changed it to as it is now. > > You can over ride the lint warning with a directive. This is OK > to do since we know the cast is safe to do. > Ok. Done. >>> KY-5 T3 lines 406-407 >>> I assume FIPS compliance would require you to stop using >>> the provider in this case (or fail all the requests from then on). >>> I see that n2rng unregisters from the framework >>> in error cases. >>> >>> We can have the default behavior as now ("log a warning") >>> and add an option (a kernel tunable) to stop using swrand when we hit >>> this error. >>> >> If we have swrand and one or more hardware random number providers, >> then I think it'd be okay to disable the provider that fails. If we >> only have swrand, i.e. disabling the last remaining provider doesn't >> seem like a good idea. >> >> The kernel tunable option could be added later as part of FIPS 140-2 >> Self-Tests work. I'd like to suggest we provide logging a warning at >> this putback as we're getting the FIPS 186-2 RNG into the framework. > > Sounds fine. > >> .. >>> KY-7 T3 lines 667-668 >>> I believe it is much more secure to have a different XSEED for >>> every call. >>> >>> I would recommend XOR'ing the seed value with a high >>> resolution timer output (gethrtime()) for this call. >>> >> Fixed. > > line 676 - > I see a problem with the XOR code. src is only 8 bytes long while > dst is 20 bytes. You can fix this by making this src[i % sizeof > (timestamp)]. > Fixed. Thanks, Hai-May
