Performing substitutions during post-patch breaks tools such as mkpatches,
making it very difficult to regenerate correct patches after making changes,
and often leading to substituted string replacements being committed.
code branch fro SoftHSMv2: ensure created pkcs8 file is not
group- or world-readable.
Rename patch-aa to patch-Makefile.in, and add a comment.
Bump PKGREVISION.
* Increased performance by adding more indexes to the database.
* Describe the usage of SO and user PIN in the README.
Bugfixes:
* Detect if a C++ compiler is missing.
* Update the README with information on moving the database
between different architectures.
Bugfixes:
* Fix the destruction order of the Singleton objects.
* The library is now installed in $libdir/softhsm/.
Bugfixes:
* Do not give a warning about the schema version if the token
has not been initialized yet.
* The tools now return the correct exit code.
* Can now read CKA_ALWAYS_AUTHENTICATE but does not use it.
* Encryption and decryption using CKM_RSA_PKCS.
* Support X.509 certificates. (Patch from Thomas Calderon)
* Updated backup instructions.
* Only a Security Officer can set CKA_TRUSTED to true.
* The softhsm tool can set the value of CKA_TRUSTED.
* Support Botan 1.10.0.
* Better signing performance with a single element cache for
the PK_Signer object.
* Document README.MinGW describes how to build on Windows.
(Text and patches contributed by Jaroslav Imrich)
Bugfixes:
* API changes in Botan created a namespace collision.
* API changes in Botan's state handling.
* BigInt::to_u32bit was accidently dropped in Botan. Adding it
as a compatibility function to SoftHSM.
* Better exception handling.
* CKF_USER_PIN_COUNT_LOW and CKF_SO_PIN_COUNT_LOW must be set
if an incorrect PIN has been entered at least once.
* Windows: Detect LoadLibrary.
* Windows: Set CRYPTOKI_EXPORTS.
* Windows: Load library correctly in softhsm.
* Windows: Compatibility function for getpass.
* Windows: Use _putenv and not setenv.
* Windows: Generate the DLL file.
* Windows: The softhsm tool will use the DLL file by default.
* Windows: Log to EventLog.
* Windows: Fix parsing of configuration file.
* Windows: The check program now links with a shared libgcc in order to
make the exceptions work.
Known issue:
* Firefox does improper setting of CKA_DERIVE attribute during PKCS#12
import. See https://bugzilla.mozilla.org/show_bug.cgi?id=515663
* Backport mutex handling from v2 for increased multithreaded
performance.
* Remove signature verification used for debugging purposes.
(was enabled with ./configure --enable-sigver)
* Added an index to the attribute table in the database.
* Optimization of the database handling.
so that we don't have any '#' chars in it.
Avoids the following:
% grep COMMENT Makefile
COMMENT= Cryptographic store accessible through a PKCS#11 interface
% pkg_info softhsm
Information for softhsm-1.2.0:
Comment:
Cryptographic store accessible through a PKCS
* Added mechanism CKM_RSA_X_509 (use Botan 1.9.7 to fix a bug
when verifying these signatures)
* The softhsm command now have the option --module <path>
To use a PKCS#11 library other than SoftHSM.
* The softhsm command now import all parts of the RSA key.
CKA_EXPONENT_1, CKA_EXPONENT_2, and CKA_COEFFICIENT is not needed
by SoftHSM but might be needed by other HSM:s.
* Ticket #163: softhsm-keyconv now support BIND format v1.3
* Write message to stderr when the config file cannot be found
* CKA_WRAP_WITH_TRUSTED was not handled correctly. But it has not
been a problem since wrapping is not supported.
* Set CKA_KEY_GEN_MECHANISM to CK_UNAVAILABLE_INFORMATION when
importing objects.
* C_GetInfo now returns CKR_CRYPTOKI_NOT_INITIALIZED if library
is not initialized.
* Force clean up if the app does not do C_Finalize (using auto_ptr)
* Limit the scope of the session objects to the owner application
* softhsm --optimize will clean up leftovers (session objects)
from applications that haven't closed down properly.
* Do not use CKF_HW, the mechanisms are not performed by a device.
* The ulMinKeySize and ulMaxKeySize are not used for the digesting
mechanisms, but we set them to zero for applications that forget
this.
* Used wrong buffer size for signatures. This was only a problem
for keys where (key size % 8 == 1), e.g. 1025 bit keys.
* C_Login now returns CKR_USER_ANOTHER_ALREADY_LOGGED_IN instead of
CKR_USER_TOO_MANY_TYPES
* Respect --disable-64bit
* Respect $DESTDIR for config files
* The binaries can now show the version number
* softhsm-keyconv could not handle --ttl properly
* Link softhsm static with libsofthsm
* Build libsofthsm.so without version number
* libsofthsm.so is now a loadable module
PKCS#11 interface. You can use it to explore PKCS#11 without having a
Hardware Security Module. It is being developed as a part of the OpenDNSSEC
project. SoftHSM uses Botan for its cryptographic operations.
