forked from softhsm/SoftHSMv1
-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathNEWS
283 lines (203 loc) · 9.27 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
NEWS for SoftHSM -- History of user visible changes
SoftHSM develop
Bugfixes:
* SOFTHSM-101: softhsm-keyconv creates files with sensitive material
in insecure way. Also applies to softhsm when using --export or
--optimize.
* SOFTHSM-104: Inconsistencies between v1 and v2.
SoftHSM 1.3.7 - 2014-05-28
Bugfixes:
* SOFTHSM-94: umask affecting the calling application.
* SOFTHSM-96: Check if Botan has already been initialized.
SoftHSM 1.3.6 - 2014-02-24
* SOFTHSM-51: Call umask to restrict created files.
Bugfixes:
* Fix malloc(0) warning in clang.
SoftHSM 1.3.5 - 2013-09-30
Bugfixes:
* SOFTHSM-45: Improved handling of a busy database
* SUPPORT-76: Add -Wall -Werror flags and fix the warnings.
Fix more warnings on EPEL.
SoftHSM 1.3.4 - 2012-11-24
* SOFTHSM-28: Support RSASSA-PSS signature scheme. (Patch from
Aleksander Trofimowicz)
* SOFTHSM-29: The default location of the token database is
now $localstatedir/lib/softhsm/.
SoftHSM 1.3.3 - 2012-05-09
* Increased performance by adding more indexes to the database.
* Describe the usage of SO and user PIN in the README.
Bugfixes:
* Detect if a C++ compiler is missing.
SoftHSM 1.3.2 - 2012-03-07
* Update the README with information on moving the database
between different architectures.
Bugfixes:
* Fix the destruction order of the Singleton objects.
SoftHSM 1.3.1 - 2012-01-17
* The library is now installed in $libdir/softhsm/.
Bugfixes:
* Do not give a warning about the schema version if the token
has not been initialized yet.
* The tools now return the correct exit code.
SoftHSM 1.3.0 - 2011-08-12
* Can now read CKA_ALWAYS_AUTHENTICATE but does not use it.
* Encryption and decryption using CKM_RSA_PKCS.
* Support X.509 certificates. (Patch from Thomas Calderon)
* Updated backup instructions.
* Only a Security Officer can set CKA_TRUSTED to true.
* The softhsm tool can set the value of CKA_TRUSTED.
* Support Botan 1.10.0.
* Better signing performance with a single element cache for
the PK_Signer object.
* Document README.MinGW describes how to build on Windows.
(Text and patches contributed by Jaroslav Imrich)
Bugfixes:
* API changes in Botan created a namespace collision.
* API changes in Botan's state handling.
* BigInt::to_u32bit was accidently dropped in Botan. Adding it
as a compatibility function to SoftHSM.
* Better exception handling.
* CKF_USER_PIN_COUNT_LOW and CKF_SO_PIN_COUNT_LOW must be set
if an incorrect PIN has been entered at least once.
* Windows: Detect LoadLibrary.
* Windows: Set CRYPTOKI_EXPORTS.
* Windows: Load library correctly in softhsm.
* Windows: Compatibility function for getpass.
* Windows: Use _putenv and not setenv.
* Windows: Generate the DLL file.
* Windows: The softhsm tool will use the DLL file by default.
* Windows: Log to EventLog.
* Windows: Fix parsing of configuration file.
* Windows: The check program now links with a shared libgcc in order to
make the exceptions work.
Known issue:
* Firefox does improper setting of CKA_DERIVE attribute during PKCS#12
import. See https://bugzilla.mozilla.org/show_bug.cgi?id=515663
SoftHSM 1.2.1 - 2011-05-03
* Backport mutex handling from v2 for increased multithreaded
performance.
* Remove signature verification used for debugging purposes.
(was enabled with ./configure --enable-sigver)
* Added an index to the attribute table in the database.
* Optimization of the database handling.
SoftHSM 1.2.0 - 2010-09-30
* Added mechanism CKM_RSA_X_509 (use Botan 1.9.7 to fix a bug
when verifying these signatures)
* The softhsm command now have the option --module <path>
To use a PKCS#11 library other than SoftHSM.
* The softhsm command now import all parts of the RSA key.
CKA_EXPONENT_1, CKA_EXPONENT_2, and CKA_COEFFICIENT is not needed
by SoftHSM but might be needed by other HSM:s.
* Ticket #163: softhsm-keyconv now support BIND format v1.3
* Write message to stderr when the config file cannot be found
* CKA_WRAP_WITH_TRUSTED was not handled correctly. But it has not
been a problem since wrapping is not supported.
* Set CKA_KEY_GEN_MECHANISM to CK_UNAVAILABLE_INFORMATION when
importing objects.
* C_GetInfo now returns CKR_CRYPTOKI_NOT_INITIALIZED if library
is not initialized.
* Force clean up if the app does not do C_Finalize (using auto_ptr)
* Limit the scope of the session objects to the owner application
* softhsm --optimize will clean up leftovers (session objects)
from applications that haven't closed down properly.
* Do not use CKF_HW, the mechanisms are not performed by a device.
* The ulMinKeySize and ulMaxKeySize are not used for the digesting
mechanisms, but we set them to zero for applications that forget
this.
* Used wrong buffer size for signatures. This was only a problem
for keys where (key size % 8 == 1), e.g. 1025 bit keys.
* C_Login now returns CKR_USER_ANOTHER_ALREADY_LOGGED_IN instead of
CKR_USER_TOO_MANY_TYPES
SoftHSM 1.1.4 - 2010-04-06
* Respect --disable-64bit
* Respect $DESTDIR for config files
* The binaries can now show the version number
* softhsm-keyconv could not handle --ttl properly
* Link softhsm static with libsofthsm
* Build libsofthsm.so without version number
* libsofthsm.so is now a loadable module
SoftHSM 1.1.3 - 2010-01-25
* Only check for the SQLite3 library. The binary is not needed.
* Switch to PKCS#11 header file from the Scute project.
* KNOWN BUG: A bug in Botan made some of the checks to fail on Debian
unstable. The bug may appear on other platforms.
Please upgrade to Botan 1.8.9 when it is available.
SoftHSM 1.1.2 - 2009-12-21
* Documentation on how to do backup.
* Limiting the number of concurrent sessions to 256, because SQLite has a
limit on the number of database connections.
* Install a sample of the configuration file.
* Manual pages are now available for softhsm, softhsm-keyconv, and
softhsm.conf
* Bugfix: --enable-64bit configure option did not work correctly.
* KNOWN BUG: A version of Botan available in some OS has a problem with
the entropy. This causes SoftHSM to freeze in some operations.
Please upgrade to the Botan 1.8.5 or greater.
SoftHSM 1.1.1 - 2009-12-04
* Bugfix: Signing could not be done when another application had a lock
on the database.
* Bugfix: Check if a session were able to create a connection to the database.
* KNOWN BUG: A version of Botan available in some OS has a problem with
the entropy. This causes SoftHSM to freeze in some operations.
Please upgrade to the Botan 1.8.5 or greater.
SoftHSM 1.1.0 - 2009-11-02
* The tool softhsm-keyconv can convert keys between BIND key file format
and PKCS#8 file format. So it can be imported to SoftHSM.
It can also convert back to BIND format.
* C_FindObjectsInit is now up to 80 % faster.
* KNOWN BUG: A version of Botan available in some OS has a problem with
the entropy. This causes SoftHSM to freeze in some operations.
Please upgrade to the Botan 1.8.5 or greater.
SoftHSM 1.0.0 - 2009-09-30
* Using /usr/local, /etc, and /var as default
* Improved the performance of creating keys
* Log error message if database cannot be opened
* KNOWN BUG: A version of Botan available in some OS has a problem with
the entropy. This causes SoftHSM to freeze in some operations.
Please upgrade to the Botan 1.8.5 or greater.
SoftHSM 1.0.0-RC3 - 2009-08-26
* Vacuum the empty space in the database when initializing it
* Minor speed improvment when searching for objects
* Fixed build problem with GCC >= 4.3
* Fixed some linking problem
* KNOWN BUG: A version of Botan available in some OS has a problem with
the entropy. This causes SoftHSM to freeze in some operations.
Please upgrade to the Botan 1.8.5 or greater.
SoftHSM 1.0.0-RC2 - 2009-07-08
* Added a check for the Botan library in config script
* SoftHSM will not add a default label/ID to a key pair when the
key pair is generated, as were the case in the previous
versions.
* Improved database handling
* New database schema. Is not compliant with previous versions.
* Comments can be added to the config file by using #
* The default location of the config file is $sysconfdir/softhsm.conf
* Simplified the configure options
* The softhsm tool initialize the tokens by using the library.
* Import keys via PKCS#11 and the softhsm tool.
* Export keys via the softhsm tool
SoftHSM 1.0.0-RC1 - 2009-03-10
* Versioning moved to the configure script
* This is release candidate 1
SoftHSM 0.5 - 2009-02-20
* Admin tool for creating tokens.
* Config file in /etc/softhsm.conf
* All session objects are removed when the session creating
them are closed.
* User credentials as specified in PKCS#11
SoftHSM 0.4 - 2009-02-10
* Only one library is compiled (libsofthsm.so). The log level
is defined by using the flag --with-loglevel
SoftHSM 0.3 - 2009-02-03
* A better mutex handling. Each PKCS#11 function call is treated
as atomic functions. The mutex handling is activated when given
correct parameters to the init function.
SoftHSM 0.2 - 2009-01-23
* Two libraries are compiled. One normal (libsofthsm.so) and
one for debugging (libsofthsm.d.so). The debug info is saved
in the syslog.
SoftHSM 0.1 - 2009-01-21
* Starting point of the NEWS file.
* Have an interface to the user in accordance with PKCS#11.
* This file will be properly maintained when we start releasing
the source code.