[Softhsm-develop] SoftHSM 2.6.0rc1

Wed Mar 4 14:16:47 UTC 2020

Dear all,

I've compiled a release candidate for SoftHSM 2.6.0 (RC1).  I'd
like to known any issues that are blocking promoting this to
a proper release.

SoftHSM 2.6.0 is a continuation of the 2.5.x branch, and when
released willreplace the 2.5 branch for any patches for bug
fixes, discontinuing support for that branch.  Since this is
a continuation of the development containing mostly fixes
and improvements.

However one thing to be aware of is the switch to Botan version 2.
SoftHSM is build with either a back-end of OpenSSL or Botan and
cannot support both at the same time and Botan 1 was declared end
of life some time ago, so a switch to Botan 2 was really needed.
Windows build are only partial supported at this time.

No migration, configuration changes or path changes are necessary
and the build configuration should not need changing.

Download:
* https://dist.opendnssec.org/source/testing/softhsm-2.6.0rc1.tar.gz
* https://dist.opendnssec.org/source/testing/softhsm-2.6.0rc1.tar.gz.sig
* Checksum
SHA256: 30f666f6ba59a345af9f97b0efc4d81e1576d72131c2be7df9564c38a8ace0ba

\Berry

* Issue #493: Upgrade to Botan 2.
* Issue #530: Update appveyor build.
* Issue #438: Detect crypto algorithms by default.
  (Patch from Alon Bar-Lev)
* Issue #455: Provide a new configuration option to allow enabling and
  disabling various mechanisms (slots.mechanisms in the softhsm2.conf).
  (Thanks to Jakub Jelen)
* Issue #479: Increase SQLite busy timeout from 15 seconds to 3 minutes.
  (Patch from Jan Luebbe)
* Issue #513: Add configuration option to reset state on fork closing all
  sessions rather than keeping all sessions open in duplicate process.
  (Thanks to Anderson Toshiyuki Sasaki)
* Issue #500: C_WaitForSlotEvent implementation.
  (Patch from massey101)
* Issue #445: Add wrap support with CKM_AES_CBC.

Bugfixes:
* Issue #418: Set fields to NULL to avoid double free.
  (Patch from Brian J Murray)
* Issue #423: ENGINE_load_rdrand is not supported with older openssl.
  (Patch from Alon Bar-Lev)
* Issue #429: Updated prerequisite to build from repository.
  (Patch from Dharmesh Khandelwal)
* Issue #434: Fix build issues with CMake.
  (Patch from Peter Wu)
* Issue #435: Fix botan build without EDDSA.
  (Patch from Peter Wu)
* Issue #442: Release resources from OSSLEVPSymmetricAlgorithm.
  (Patch from Petr Menšík)
* Issue #449/#502: Do not copy zero sized buffer avoid null pointer
reference.
  (Patch from space88man)
* Issue #464: Race condition with multiple threads closing last session and
  opening a newer sessions.
  (Patch from Takarth)
* Issue #452: Fixes to automake build fir undefined macros.
* Issue #462: User PIN count wrongly calculated.
  (Patch from Ondřej Hlavatý)
* Issue #516: Fix memory leak in OSSLCryptoFactory.
  (Patch from Anderson Sasaki)
* Issue #494: Allow null pointers as arguments when count is zero.
  (Patch from Yunjong Jeong)
* Issue #518: Sporadic problem in closing sessions because of lookup of
  object without prior locking.
* Issue #506: Check key type for C_EncryptInit and C_DecryptInit.
  (Patch from Yunjong Jeong)
* Issue #526: Adjust EDDSA code to return valid EC_PARAMS.
  (Patch from Jakub Jelen)
* Issue #452: Autogen failure on undefined macro AC_MSG_ERROR.
* Issue #527: Fixed some build errors for GCC 10.
* Issue #470: Null pointer arguments validation for C_EncryptFinal, etc.