The PKCS11 constants are most useful when creating attributes with
NewAttribute() in all kinds of different PKCS11 calls. The function
is using generic type handling to decide attribute length.
The CK_TRUE/CK_FALSE constants should evaluate to direct Golang
bool values in order for these to be handled properly by the
NewAttribute() calls, which interprets bool values as
[]byte{0}, []byte{1} for false, true respectively. If these stay
integers, NewAttribtue() considers them 8-byte long byte slices.
Some PKCS11 module implementations actually validate constant-length
arguments size. https://github.com/opendnssec/SoftHSMv2/ is an example
of a commonly used PKCS11-testing module that does that. Without this
change, the module fails to perform certain actions as it errors out
on unexpected attribute size.
The PKCS11 constants are most useful when creating attributes with
NewAttribute()
in all kinds of different PKCS11 calls. The function is using generic type handling to decide attribute length.The CK_TRUE/CK_FALSE constants should evaluate to direct Golang bool values in order for these to be handled properly by the
NewAttribute()
calls, which interprets bool values as []byte{0}, []byte{1} for false, true respectively. If these stay integers,NewAttribtue()
considers them 8-byte long byte slices.Some PKCS11 module implementations actually validate constant-length arguments size. https://github.com/opendnssec/SoftHSMv2/ is an example of a commonly used PKCS11-testing module that does that. Without this change, the module fails to perform certain actions as it errors out on unexpected attribute size.