#
# Configuration file to allow the SunPKCS11 provider to utilize
# the Solaris Cryptographic Framework, if it is available
#

name = Solaris

description = SunPKCS11 accessing Solaris Cryptographic Framework

library = /usr/lib/$ISA/libpkcs11.so

handleStartupErrors = ignoreAll

# Use the X9.63 encoding for EC points (do not wrap in an ASN.1 OctetString).
useEcX963Encoding = true

attributes = compatibility

disabledMechanisms = {
  CKM_DSA_KEY_PAIR_GEN
# the following mechanisms are disabled due to CKR_SAVED_STATE_INVALID bug
# (Solaris bug 7058108)
  CKM_MD2
  CKM_MD5
  CKM_SHA_1
# the following mechanisms are disabled due to no cloning support
# (Solaris bug 7050617)
  CKM_SHA256
  CKM_SHA384
  CKM_SHA512
# the following mechanisms are disabled due to performance issues
# (Solaris bug 6337157)
  CKM_DSA_SHA1
  CKM_MD5_RSA_PKCS
  CKM_SHA1_RSA_PKCS
  CKM_SHA256_RSA_PKCS
  CKM_SHA384_RSA_PKCS
  CKM_SHA512_RSA_PKCS
# the following mechanisms are disabled to ensure backward compatibility
# (Solaris bug 6545046)
  CKM_DES_CBC_PAD
  CKM_DES3_CBC_PAD
  CKM_AES_CBC_PAD
}