Valerie, Thanks for your comments. My response inline.
Valerie Bubb Fenwick wrote: > On Wed, 19 Aug 2009, Hai-May Chao wrote: > >> Hi Valerie, >> >> Thanks for your comments - all were accepted. >> >> Updated webrev is at: >> http://cr.opensolaris.org/~haimay/fips-admin-policy-post-v2/ > > Thank you, Hai-May. Looks like you got them all! > > now for second round, again sorry for the delay > > usr/src/common/crypto/ecc/ec.c > VAB-01 line 1071: I believe this comment should be removed > (looks leftover from a previous version of the code :) > Removed my leftover note :-) . > usr/src/lib/pkcs11/pkcs11_softtoken/common/softKeysUtil.c > VAB-02 lines 515-516. Instead of calling again to see if you're > in FIPS-140 mode, can you save that to a global variable > during C_Initialize and just check it here? > Done. > VAB-03 line 524: shouldn't you exit out of soft_genkey_pair() here? > seems like it would be a bad idea to go on and attempt > to store the just deleted keys in the keystore. (though I > notice this follows the rest of the function's logic, so > this should probably be fixed throughout the function. ) > Good catch. Fixed, and others in the existing function. > usr/src/uts/common/sys/crypto/ioctladmin.h > VAB-04 line 123: some comments as to what this is (vs what the > enum is below) would be nice > Comments added. > usr/src/uts/intel/sha2/Makefile > VAB-05 the webrev lists this file as "executible". I don't know how > smart 'hg' is with not setting funny modes when you push, > but you should fix this before we find out :-) > I don't know why it has 755 mode at the first place in onnv gate. Changed it to be the same mode (644) as other Makefiles. Updated webrev: http://cr.opensolaris.org/~haimay/fips-admin-policy-post-v2/ Thanks, Hai-May
