SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for softhsm-2.4.0-20.1.i586.rpm :
Tue Feb 27 13:00:00 2018 mardnhAATTgmx.de
- Update to version 2.4.0

* Support PKCS#8 for GOST.

* Support for CKA_ALLOWED_MECHANISMS.

* Support CKA_ALWAYS_AUTHENTICATE for private key objects.

* Support for CKM_DES3_CMAC and CKM_AES_CMAC.

* Support for CKM_AES_GCM.

* Document that initialized tokens will be reassigned to another
slot (based on the token serial number).

* Support for CKM_RSA_PKCS_PSS.

* Import AES keys with softhsm2-util.

* softhsm2-util will check the configuration and report any
issues before loading the PKCS#11 library.

Sun Dec 17 13:00:00 2017 mardnhAATTgmx.de
- Update to version 2.3.0

* Upgraded to PKCS#11 v2.40.

* Minor changes to some return values.

* Added CKA_DESTROYABLE to all objects. Used by C_DestroyObject().

* Added CKA_PUBLIC_KEY_INFO to certificates, private, and public key
objects. Will be accepted from application, but SoftHSM will
currently not calculate it.

* Support for CKM_AES_CTR.

* Add unit tests for SessionManager.

* C_DigestKey returns CKR_KEY_INDIGESTIBLE when key
attribute CKA_EXTRACTABLE = false. Whitelist SHA algorithms to allow
C_DigestKey in this case.

* Show slot id after initialization.

* Run AppVeyor (Windows CI) for each PR and merge.

* Set CKA_DECRYPT/CKA_ENCRYPT flags on key import to true.

* Add support for libeaycompat lib for FIPS on Windows.

* Support importing ECDSA P-521 in softhsm-util.

* Support for Botan 2.0.

* Editorial changes from Mountain Lion to Sierra.

* More detailed error messages when initializing SoftHSM.

* Support for LibreSSL.

* Change to enable builds and reports on new Jenkinks environment.

* Detect cppunit in autoconf.

* CKO_CERTIFICATE and CKO_PUBLIC_KEY now defaults to CKA_PRIVATE=false.

* Update README with information about logging.

* Adjust log levels for failing to enumerate object store.

* Better handling of CRYPTO_set_locking_callback() for OpenSSL.

* Fix deriving shared secret with ECC.

* HMAC with sizes less than L bytes is strongly discouraged.
Set a lower bound equal to L bytes in ulMinKeySize and check it when
initializing the operation.

* Fix test of p11 shared library.

* Minor fix of \'EVP_CipherFinal_ex\'.

* Fix build with cppunit.

* Export PKCS#11 symbols from the library.

* Zero pad key to fit the block in CKM_AES_KEY_WRAP.

* Detecting CppUnit when using Macports.
- Update to version 2.2.0

* Delete a token using softhsm2-util.

* Change access mode bits for /var/lib/softhsm/tokens/
to 1777. All users can now create tokens, but only access their own.

* Reinitializing a token will now keep the token, but all
token objects are deleted, the user PIN is removed and the token
label is updated.

* Support for OpenSSL 1.1.0.

* Calling C_GetSlotList with NULL_PTR will make sure that
there is always a slot with an uninitialized token available.

* The token serial number will be used when setting the slot
number. The serial number is set after the token has been initialized.

* Update the command utils to use the token label or serial
to find the token and its slot number.

* Possibility to test other PKCS#11 implementations with the CppUnit test.

* Mark public key as non private by default.

* Install p11-kit module, to disable use --disable-p11-kit.

* Add windows continuous integration build.

* Missing new source file and test configuration in the
Windows build project.

* ECDSA P-521 support for OpenSSL and better test coverage.

* Fix segmentation faults in loadLibrary function.

* Crash on module unload with OpenSSL.

* C++11 not detected.

* API changes in Botan 1.11.27.

* Fix include guard to check WITH_FIPS.

* p11test fails on 32-bit systems.

* Build warning about \"converting a string constant\".

* Fix C++11 check to look for unique_ptr.
- Update to version 2.1.0

* Improved guide and build scripts for Windows.

* The password prompt in softhsm2-util can now be
interrupted (ctrl-c).

* Add slots.removable config option.

* Prioritize the return values in C_GetAttributeValue.

* Handle the CKA_CHECK_VALUE correctly for certificates
and symmetric key objects.

* Not possible to create certificate objects containing
CKA_CERTIFICATE_CATEGORY, CKA_NAME_HASH_ALGORITHM, or
CKA_JAVA_MIDP_SECURITY_DOMAIN.

* Do not attempt decryption of empty byte strings.

* Minor changes after a PVS-Studio code analysis, and
C_EncryptUpdate crash if no ciphered data is produced.

* One-byte buffer overflow in call to EVP_DecryptUpdate.

* Problem while closing library that is initialized but
improperly finalized.

* Adjust return values for the template parsing.

* C_DeriveKey() error with leading zero bytes.

* CKA_NEVER_EXTRACTABLE set to CK_FALSE on objects
created with C_CreateObject.

* Stop discarding the global OpenSSL libcrypto state.
- Drop not longer needed patches (fixed upstream):

* softhsm-v2.0.0b1-aes-key-wrap.patch

* softhsm-v2.0.0b1-ckm-rsa-pkcs-oaep-key-wrap.patch

* softhsm-newcppunit.patch
- Rebase patches:

* softhsm-rsakeys.patch
- Fix URL

Sun May 7 14:00:00 2017 meissnerAATTsuse.com
- softhsm-newcppunit.patch: new cppunit uses pkg-config now, not
cppunit-config

Thu Oct 8 14:00:00 2015 meissnerAATTsuse.com
- softhsm-rsakeys.patch: do not test odd bit RSA keys, this breaks
with the FIPS enabled openssl from leap/sle12, as thats rounds
up the keylength to the next even number. bsc#949492

Fri May 8 14:00:00 2015 hguoAATTsuse.com
- Source extracted from Fedora 21 release SRPM with minor modifications.

Tue Sep 30 14:00:00 2014 pwoutersAATTredhat.com
- Add support for CKM_RSA_PKCS_OAEP key un/wrapping [Petr Spacek]
- Use OpenSSL EVP interface for AES key wrapping [Petr Spacek]
- Fix softhsm2-pk11install buid and post call
- Do not use --with-objectstore-backend-db (causes issues on i686)
- Change install directory to /usr/lib
*/pkcs11/
- Install pkcs11 module file
- Use official upstream tar ball
- Create ods user to own softhsm/token files
- Enable migration tools (for softhsm-v1 installs)
- Add softlink for softhsm-v1 .so (needed for opendnssec\'s conf.xml)
- Require p11-kit, nss-tools, for SoftHSM PKCS #11 Module file
- Copy pk11install.c from coolkey package
- Enable hardened build
- Add upstream official source url

Fri Apr 18 14:00:00 2014 pwoutersAATTredhat.com
- Updated to 1.3.6 (rhbz#1070196)
- Provide a p11-kit module file (rhbz#1085327)

Sun Nov 3 13:00:00 2013 pwoutersAATTredhat.com
- Updated to 1.3.5 (rhbz#987721)

Mon Jun 4 14:00:00 2012 pwoutersAATTredhat.com
- Updated to 1.3.3

Tue Apr 3 14:00:00 2012 pwoutersAATTredhat.com
- Updated to 1.3.2.
- Changed user from opendnssec to ods, as used in the opendnssec package

Thu Oct 27 14:00:00 2011 paulAATTxelerance.com
- Initial Fedora package
- Do not install the .a file
- Use a separate \"opendnssec\" user to own /var/sofhsm

Tue Oct 25 14:00:00 2011 paulAATTxelerance.com
- Fix description texts w.r.t. include files

Wed Oct 5 14:00:00 2011 paulAATTxelerance.com
- Upgraded to 1.3.0

Thu Mar 3 13:00:00 2011 paulAATTxelerance.com
- Initial package for Fedora


  
ICM