[Opendnssec-announce] SoftHSM 1.2.0

Rickard Bellgrim rickard.bellgrim at iis.se
Thu Sep 30 09:41:52 UTC 2010


Hi

SoftHSM v1.2.0 has now been released

Changes in this release:

* Added mechanism CKM_RSA_X_509 (use Botan 1.9.7 to fix a bug when verifying these signatures). The softhsm command now have the option --module. To use a PKCS#11 library other than SoftHSM.
* The softhsm command now import all parts of the RSA key. CKA_EXPONENT_1, CKA_EXPONENT_2, and CKA_COEFFICIENT is not needed by SoftHSM but might be needed by other HSM:s.
* Ticket #163: softhsm-keyconv now support BIND format v1.3
* Write message to stderr when the config file cannot be found
* CKA_WRAP_WITH_TRUSTED was not handled correctly. But it has not been a problem since wrapping is not supported.
*  Set CKA_KEY_GEN_MECHANISM to CK_UNAVAILABLE_INFORMATION when importing objects.
* C_GetInfo now returns CKR_CRYPTOKI_NOT_INITIALIZED if library is not initialized.
* Force clean up if the app does not do C_Finalize (using auto_ptr)
* Limit the scope of the session objects to the owner application
* softhsm --optimize will clean up leftovers (session objects) from applications that haven’t closed down properly.
* Do not use CKF_HW, the mechanisms are not performed by a device.
* The ulMinKeySize and ulMaxKeySize are not used for the digesting mechanisms, but we set them to zero for applications that forget this.
* Used wrong buffer size for signatures. This was only a problem for keys where (key size % 8 == 1), e.g. 1025 bit keys.
* C_Login now returns CKR_USER_ANOTHER_ALREADY_LOGGED_IN instead of CKR_USER_TOO_MANY_TYPES

Download the tarball from: http://www.opendnssec.org/files/source/softhsm-1.2.0.tar.gz

(We are also working on SoftHSM v2.0 and should have a test version in the near future)

// OpenDNSSEC team




More information about the Opendnssec-announce mailing list