[Opendnssec-maintainers] SoftHSM 2.6.0rc1
Berry A.W. van Halderen
berry at nlnetlabs.nl
Wed Mar 4 14:16:47 UTC 2020
Dear all,
I've compiled a release candidate for SoftHSM 2.6.0 (RC1). I'd
like to known any issues that are blocking promoting this to
a proper release.
SoftHSM 2.6.0 is a continuation of the 2.5.x branch, and when
released willreplace the 2.5 branch for any patches for bug
fixes, discontinuing support for that branch. Since this is
a continuation of the development containing mostly fixes
and improvements.
However one thing to be aware of is the switch to Botan version 2.
SoftHSM is build with either a back-end of OpenSSL or Botan and
cannot support both at the same time and Botan 1 was declared end
of life some time ago, so a switch to Botan 2 was really needed.
Windows build are only partial supported at this time.
No migration, configuration changes or path changes are necessary
and the build configuration should not need changing.
Download:
* https://dist.opendnssec.org/source/testing/softhsm-2.6.0rc1.tar.gz
* https://dist.opendnssec.org/source/testing/softhsm-2.6.0rc1.tar.gz.sig
* Checksum
SHA256: 30f666f6ba59a345af9f97b0efc4d81e1576d72131c2be7df9564c38a8ace0ba
\Berry
* Issue #493: Upgrade to Botan 2.
* Issue #530: Update appveyor build.
* Issue #438: Detect crypto algorithms by default.
(Patch from Alon Bar-Lev)
* Issue #455: Provide a new configuration option to allow enabling and
disabling various mechanisms (slots.mechanisms in the softhsm2.conf).
(Thanks to Jakub Jelen)
* Issue #479: Increase SQLite busy timeout from 15 seconds to 3 minutes.
(Patch from Jan Luebbe)
* Issue #513: Add configuration option to reset state on fork closing all
sessions rather than keeping all sessions open in duplicate process.
(Thanks to Anderson Toshiyuki Sasaki)
* Issue #500: C_WaitForSlotEvent implementation.
(Patch from massey101)
* Issue #445: Add wrap support with CKM_AES_CBC.
Bugfixes:
* Issue #418: Set fields to NULL to avoid double free.
(Patch from Brian J Murray)
* Issue #423: ENGINE_load_rdrand is not supported with older openssl.
(Patch from Alon Bar-Lev)
* Issue #429: Updated prerequisite to build from repository.
(Patch from Dharmesh Khandelwal)
* Issue #434: Fix build issues with CMake.
(Patch from Peter Wu)
* Issue #435: Fix botan build without EDDSA.
(Patch from Peter Wu)
* Issue #442: Release resources from OSSLEVPSymmetricAlgorithm.
(Patch from Petr Menšík)
* Issue #449/#502: Do not copy zero sized buffer avoid null pointer
reference.
(Patch from space88man)
* Issue #464: Race condition with multiple threads closing last session and
opening a newer sessions.
(Patch from Takarth)
* Issue #452: Fixes to automake build fir undefined macros.
* Issue #462: User PIN count wrongly calculated.
(Patch from Ondřej Hlavatý)
* Issue #516: Fix memory leak in OSSLCryptoFactory.
(Patch from Anderson Sasaki)
* Issue #494: Allow null pointers as arguments when count is zero.
(Patch from Yunjong Jeong)
* Issue #518: Sporadic problem in closing sessions because of lookup of
object without prior locking.
* Issue #506: Check key type for C_EncryptInit and C_DecryptInit.
(Patch from Yunjong Jeong)
* Issue #526: Adjust EDDSA code to return valid EC_PARAMS.
(Patch from Jakub Jelen)
* Issue #452: Autogen failure on undefined macro AC_MSG_ERROR.
* Issue #527: Fixed some build errors for GCC 10.
* Issue #470: Null pointer arguments validation for C_EncryptFinal, etc.
More information about the Opendnssec-maintainers
mailing list