Here's a review for: 6414175 kcf.conf's supportedlist not providing much usefulness
http://dan.drydog.com/reviews/6414175-kcfconf/ This removes initial /etc/crypto/kcf.conf entries for kernel software providers. This eliminates a need to modify kcf.conf when these providers are installed/removed. Removing this need is motivated by the fact that OpenSolaris IPS packages have no easy method of editing configuration files. The kcf.conf entries can still be present if cryptoadm(1M) disabled a software provider or mechanism. Requirements: R-1. Initial (default) entries in kcf.conf should be pre-populated in KCF when the module is loaded. R-2. Adding new crypto modules to KCF will require no upgrade to kcf.conf R-3. The initial kcf.conf file should be empty (except for comments) R-4. User modifications to kcf.conf shall continue to be only via cryptoadm enable/cryptoadm disable. R-5. Third-party crypto modules will still be able to add KCF modules by adding a supportedlist line to kcf.conf. Implementation: In the kcf kernel module, soft_config_list is a linked list of crypto provider/mechanism entries. Currently it is initialized from kcf.conf when the cryptosvc service started via the CRYPTO_LOAD_SOFT_CONFIG ioctl(). Change kcf_cryptoadm.c so when the kcf module is loaded, kcf_soft_init() will initialize the soft_config_list linked list with the list of default kernel modules and their respective mechanism names. Remove all non-comment entries in the initial default kcf.conf file and from the postinstall/preremove package files. -- This message posted from opensolaris.org
