[Opendnssec-maintainers] SoftHSM 2.3.0rc1

Rickard Bellgrim rickard at opendnssec.org
Mon Jun 26 16:45:34 UTC 2017


Hi

Version 2.3.0rc1 of SoftHSM has now been released. Any issues with this
release before we make the final release?

* Issue #130: Upgraded to PKCS#11 v2.40.
  * Minor changes to some return values.
  * Added CKA_DESTROYABLE to all objects. Used by C_DestroyObject().
  * Added CKA_PUBLIC_KEY_INFO to certificates, private, and public key
    objects. Will be accepted from application, but SoftHSM will
    currently not calculate it.
* Issue #142: Support for CKM_AES_CTR.
* Issue #155: Add unit tests for SessionManager.
* Issue #189: C_DigestKey returns CKR_KEY_INDIGESTIBLE when key
  attribute CKA_EXTRACTABLE = false. Whitelist SHA algorithms to allow
  C_DigestKey in this case.
* Issue #225: Show slot id after initialization.
* Issue #257: Set CKA_DECRYPT/CKA_ENCRYPT flags on key import to true.
  (Patch from Martin Domke)
* Issue #261: Add support for libeaycompat lib for FIPS on Windows.
  (Patch from Matt Hauck)
* Issue #262: Support importing ECDSA P-521 in softhsm-util.
* Issue #276: Support for Botan 2.0.
* Issue #279: Editorial changes from Mountain Lion to Sierra.
  (Patch from Mike Neumann)
* Issue #283: More detailed error messages when initializing SoftHSM.
* Issue #285: Support for LibreSSL.
  (Patch from Alon Bar-Lev)
* Issue #286: Update .gitignore.
  (Patch from Alon Bar-Lev)
* Issue #291: Change to enable builds and reports on new Jenkinks
  environment.
* Issue #293: Detect cppunit in autoconf.
  (Patch from Alon Bar-Lev)
* Issue #309: CKO_CERTIFICATE and CKO_PUBLIC_KEY now defaults to
  CKA_PRIVATE=false.
* Issue #314: Update README with information about logging.

Bugfixes:
* Issue #216: Better handling of CRYPTO_set_locking_callback() for OpenSSL.
* Issue #265: Fix deriving shared secret with ECC.
* Issue #280: HMAC with sizes less than L bytes is strongly discouraged.
  Set a lower bound equal to L bytes in ulMinKeySize and check it when
  initializing the operation.
* Issue #281: Fix test of p11 shared library.
  (Patch from Lars Silvén)
* Issue #289: Minor fix of 'EVP_CipherFinal_ex'.
  (Patch from Viktor Tarasov)
* Issue #297: Fix build with cppunit.
  (Patch from Ludovic Rousseau)
* Issue #302: Export PKCS#11 symbols from the library.
  (Patch from Ludovic Rousseau)
* Issue #305: Zero pad key to fit the block in CKM_AES_KEY_WRAP.
* Issue #313: Detecting CppUnit when using Macports.
  (Patch from mouse07410)

Download:
* https://dist.opendnssec.org/source/testing/softhsm-2.3.0rc1.tar.gz
* https://dist.opendnssec.org/source/testing/softhsm-2.3.0rc1.tar.gz.sig
* Checksum SHA1: c54e3b61929aa1374271ca6a1c6aa4fc9ea735d2
* Checksum SHA256:
58dfb3cf52dd4011918cfcb2a6a1334af91cc17dc4ff0c9363804daf63468377

// Rickard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-maintainers/attachments/20170626/e5469d7a/attachment.htm>


More information about the Opendnssec-maintainers mailing list