illumos gate

Currently, the pkcs11_softtoken C_MechanismList() implementation uses two arrays: the first array(soft_mechanisms[]) is a list of all the mechanism (CKM_xx) types. The second (soft_mechanism_info[]) is an array of CK_MECHANISM_INFO entries that contain the details (key sizes, operations supported) for the given mechanism. Maintaining these is tedious -- one must take care to ensure the indexes of both arrays match. That is the for a given index i in soft_mechanisms[], the mechanism info in soft_mechanism_info[I] should match the mechanism type in soft_mechanisms[I].

Given the size of both arrays, maintaining this is rather tedious (speaking from past experience). It would be far easier and simpler to just have a single table that includes the mechanism type and the corresponding mechanism info in a single entry.