All checksums have been double-checked against existing RMD160 and
SHA512 hashes
Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
Problems found locating distfiles:
Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
Package libidea: missing distfile libidea-0.8.2b.tar.gz
Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
Package uvscan: missing distfile vlp4510e.tar.Z
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
code branch fro SoftHSMv2: ensure created pkcs8 file is not
group- or world-readable.
Rename patch-aa to patch-Makefile.in, and add a comment.
Bump PKGREVISION.
* Increased performance by adding more indexes to the database.
* Describe the usage of SO and user PIN in the README.
Bugfixes:
* Detect if a C++ compiler is missing.
* Update the README with information on moving the database
between different architectures.
Bugfixes:
* Fix the destruction order of the Singleton objects.
* The library is now installed in $libdir/softhsm/.
Bugfixes:
* Do not give a warning about the schema version if the token
has not been initialized yet.
* The tools now return the correct exit code.
* Can now read CKA_ALWAYS_AUTHENTICATE but does not use it.
* Encryption and decryption using CKM_RSA_PKCS.
* Support X.509 certificates. (Patch from Thomas Calderon)
* Updated backup instructions.
* Only a Security Officer can set CKA_TRUSTED to true.
* The softhsm tool can set the value of CKA_TRUSTED.
* Support Botan 1.10.0.
* Better signing performance with a single element cache for
the PK_Signer object.
* Document README.MinGW describes how to build on Windows.
(Text and patches contributed by Jaroslav Imrich)
Bugfixes:
* API changes in Botan created a namespace collision.
* API changes in Botan's state handling.
* BigInt::to_u32bit was accidently dropped in Botan. Adding it
as a compatibility function to SoftHSM.
* Better exception handling.
* CKF_USER_PIN_COUNT_LOW and CKF_SO_PIN_COUNT_LOW must be set
if an incorrect PIN has been entered at least once.
* Windows: Detect LoadLibrary.
* Windows: Set CRYPTOKI_EXPORTS.
* Windows: Load library correctly in softhsm.
* Windows: Compatibility function for getpass.
* Windows: Use _putenv and not setenv.
* Windows: Generate the DLL file.
* Windows: The softhsm tool will use the DLL file by default.
* Windows: Log to EventLog.
* Windows: Fix parsing of configuration file.
* Windows: The check program now links with a shared libgcc in order to
make the exceptions work.
Known issue:
* Firefox does improper setting of CKA_DERIVE attribute during PKCS#12
import. See https://bugzilla.mozilla.org/show_bug.cgi?id=515663
* Backport mutex handling from v2 for increased multithreaded
performance.
* Remove signature verification used for debugging purposes.
(was enabled with ./configure --enable-sigver)
* Added an index to the attribute table in the database.
* Optimization of the database handling.
* Added mechanism CKM_RSA_X_509 (use Botan 1.9.7 to fix a bug
when verifying these signatures)
* The softhsm command now have the option --module <path>
To use a PKCS#11 library other than SoftHSM.
* The softhsm command now import all parts of the RSA key.
CKA_EXPONENT_1, CKA_EXPONENT_2, and CKA_COEFFICIENT is not needed
by SoftHSM but might be needed by other HSM:s.
* Ticket #163: softhsm-keyconv now support BIND format v1.3
* Write message to stderr when the config file cannot be found
* CKA_WRAP_WITH_TRUSTED was not handled correctly. But it has not
been a problem since wrapping is not supported.
* Set CKA_KEY_GEN_MECHANISM to CK_UNAVAILABLE_INFORMATION when
importing objects.
* C_GetInfo now returns CKR_CRYPTOKI_NOT_INITIALIZED if library
is not initialized.
* Force clean up if the app does not do C_Finalize (using auto_ptr)
* Limit the scope of the session objects to the owner application
* softhsm --optimize will clean up leftovers (session objects)
from applications that haven't closed down properly.
* Do not use CKF_HW, the mechanisms are not performed by a device.
* The ulMinKeySize and ulMaxKeySize are not used for the digesting
mechanisms, but we set them to zero for applications that forget
this.
* Used wrong buffer size for signatures. This was only a problem
for keys where (key size % 8 == 1), e.g. 1025 bit keys.
* C_Login now returns CKR_USER_ANOTHER_ALREADY_LOGGED_IN instead of
CKR_USER_TOO_MANY_TYPES
* Respect --disable-64bit
* Respect $DESTDIR for config files
* The binaries can now show the version number
* softhsm-keyconv could not handle --ttl properly
* Link softhsm static with libsofthsm
* Build libsofthsm.so without version number
* libsofthsm.so is now a loadable module
PKCS#11 interface. You can use it to explore PKCS#11 without having a
Hardware Security Module. It is being developed as a part of the OpenDNSSEC
project. SoftHSM uses Botan for its cryptographic operations.
