Hi all, I'd like to ask for a review of CR 6786946 which addresses the first part of SCF's sub-optimality in terms of handling operations with keys (or key attributes) longer than what a provider is capable of.
Fix for CR 6786946 checks the key length for all reasonable operations against mechanism information for given provider and signals CRYPTO_KEY_SIZE_RANGE up so metaslot can fall back to softtoken (this worked previously but possibly with different error code which came from the driver of given provider) or the error is returned to the caller (in case of direct access). The main thing is that the check is now done in KcF instead of the driver for particular provider. This also contains the fix for 3DES key boundaries in multiple providers. webrev is here: http://cr.opensolaris.org/~vkotal/kcf-keylen_check-6786946.onnv/ I'd like to get a reply by the end of this week (04/24/09). v.
