1 NEWS for SoftHSM -- History of user visible changes
3 SoftHSM 2.4.0 - 2017-02-27
5 * Issue #135: Support PKCS#8 for GOST.
6 * Issue #140: Support for CKA_ALLOWED_MECHANISMS.
8 * Issue #141: Support CKA_ALWAYS_AUTHENTICATE for private key objects.
9 * Issue #220: Support for CKM_DES3_CMAC and CKM_AES_CMAC.
10 * Issue #226: Configuration option for Windows build to enable build with
12 * Issue #325: Support for CKM_AES_GCM.
13 * Issue #334: Document that initialized tokens will be reassigned to another
14 slot (based on the token serial number).
15 * Issue #335: Support for CKM_RSA_PKCS_PSS.
16 (Patch from Nikos Mavrogiannopoulos)
17 * Issue #341: Import AES keys with softhsm2-util.
18 (Patch from Pavel Cherezov)
19 * Issue #348: Document that OSX needs pkg-config to detect cppunit.
20 * Issue #349: softhsm2-util will check the configuration and report any
21 issues before loading the PKCS#11 library.
24 * Issue #345: Private objects are presented to security officer in search
26 * Issue #358: Race condition when multiple applications are creating and
30 SoftHSM 2.3.0 - 2017-07-03
32 * Issue #130: Upgraded to PKCS#11 v2.40.
33 * Minor changes to some return values.
34 * Added CKA_DESTROYABLE to all objects. Used by C_DestroyObject().
35 * Added CKA_PUBLIC_KEY_INFO to certificates, private, and public key
36 objects. Will be accepted from application, but SoftHSM will
37 currently not calculate it.
38 * Issue #142: Support for CKM_AES_CTR.
39 * Issue #155: Add unit tests for SessionManager.
40 * Issue #189: C_DigestKey returns CKR_KEY_INDIGESTIBLE when key
41 attribute CKA_EXTRACTABLE = false. Whitelist SHA algorithms to allow
42 C_DigestKey in this case.
43 * Issue #225: Show slot id after initialization.
44 * Issue #247: Run AppVeyor (Windows CI) for each PR and merge.
45 * Issue #257: Set CKA_DECRYPT/CKA_ENCRYPT flags on key import to true.
46 (Patch from Martin Domke)
47 * Issue #261: Add support for libeaycompat lib for FIPS on Windows.
48 (Patch from Matt Hauck)
49 * Issue #262: Support importing ECDSA P-521 in softhsm-util.
50 * Issue #276: Support for Botan 2.0.
51 * Issue #279: Editorial changes from Mountain Lion to Sierra.
52 (Patch from Mike Neumann)
53 * Issue #283: More detailed error messages when initializing SoftHSM.
54 * Issue #285: Support for LibreSSL.
55 (Patch from Alon Bar-Lev)
56 * Issue #286: Update .gitignore.
57 (Patch from Alon Bar-Lev)
58 * Issue #291: Change to enable builds and reports on new Jenkinks
60 * Issue #293: Detect cppunit in autoconf.
61 (Patch from Alon Bar-Lev)
62 * Issue #309: CKO_CERTIFICATE and CKO_PUBLIC_KEY now defaults to
64 * Issue #314: Update README with information about logging.
65 * Issue #330: Adjust log levels for failing to enumerate object store.
66 (Patch from Nikos Mavrogiannopoulos)
69 * Issue #216: Better handling of CRYPTO_set_locking_callback() for OpenSSL.
70 * Issue #265: Fix deriving shared secret with ECC.
71 * Issue #280: HMAC with sizes less than L bytes is strongly discouraged.
72 Set a lower bound equal to L bytes in ulMinKeySize and check it when
73 initializing the operation.
74 * Issue #281: Fix test of p11 shared library.
75 (Patch from Lars Silvén)
76 * Issue #289: Minor fix of 'EVP_CipherFinal_ex'.
77 (Patch from Viktor Tarasov)
78 * Issue #297: Fix build with cppunit.
79 (Patch from Ludovic Rousseau)
80 * Issue #302: Export PKCS#11 symbols from the library.
81 (Patch from Ludovic Rousseau)
82 * Issue #305: Zero pad key to fit the block in CKM_AES_KEY_WRAP.
83 * Issue #313: Detecting CppUnit when using Macports.
84 (Patch from mouse07410)
87 SoftHSM 2.2.0 - 2016-12-05
89 * Issue #143: Delete a token using softhsm2-util.
90 * Issue #185: Change access mode bits for /var/lib/softhsm/tokens/
91 to 1777. All users can now create tokens, but only access their own.
92 (Patch from Rick van Rein)
93 * Issue #186: Reinitializing a token will now keep the token, but all
94 token objects are deleted, the user PIN is removed and the token
96 * Issue #190: Support for OpenSSL 1.1.0.
97 * Issue #198: Calling C_GetSlotList with NULL_PTR will make sure that
98 there is always a slot with an uninitialized token available.
99 * Issue #199: The token serial number will be used when setting the slot
100 number. The serial number is set after the token has been initialized.
101 (Patch from Lars Silvén)
102 * Issue #203: Update the command utils to use the token label or serial
103 to find the token and its slot number.
104 * Issue #209: Possibility to test other PKCS#11 implementations with the
106 (Patch from Lars Silvén)
107 * Issue #223: Mark public key as non private by default.
108 (Patch from Nikos Mavrogiannopoulos)
109 * Issue #230: Install p11-kit module, to disable use --disable-p11-kit.
110 (Patch from David Woodhouse)
111 * Issue #237: Add windows continuous integration build.
112 (Patch from Peter Polačko)
115 * Issue #201: Missing new source file and test configuration in the
116 Windows build project.
117 * Issue #205: ECDSA P-521 support for OpenSSL and better test coverage.
118 * Issue #207: Fix segmentation faults in loadLibrary function.
119 (Patch from Jaroslav Imrich)
120 * Issue #215: Update the Homebrew install notes for OSX.
121 * Issue #218: Fix build warnings.
122 * Issue #235: Add the libtool install command for OSX.
123 (Patch from Mark Wylde)
124 * Issue #236: Use GetEnvironmentVariable instead of getenv on Windows.
125 (Patch from Jaroslav Imrich)
126 * Issue #239: Crash on module unload with OpenSSL.
127 (Patch from David Woodhouse)
128 * Issue #241: Added EXTRALIBS to Windows utils project.
129 (Patch from Peter Polačko)
130 * Issue #250: C++11 not detected.
131 * Issue #255: API changes in Botan 1.11.27.
132 * Issue #260: Fix include guard to check WITH_FIPS.
133 (Patch from Matt Hauck)
134 * Issue #268: p11test fails on 32-bit systems.
135 * Issue #270: Build warning about "converting a string constant".
136 * Issue #272: Fix C++11 check to look for unique_ptr.
137 (Patch from Matt Hauck)
140 SoftHSM 2.1.0 - 2016-03-14
142 * Issue #136: Improved guide and build scripts for Windows.
143 (Thanks to Jaroslav Imrich)
144 * Issue #144: The password prompt in softhsm2-util can now be
145 interrupted (ctrl-c).
146 * Issue #166: Add slots.removable config option.
147 (Patch from Sumit Bose)
148 * Issue #180: Windows configure script improvements.
149 (Patch from Arnaud Grandville)
152 * Issue #128: Prioritize the return values in C_GetAttributeValue.
153 (Patch from Nicholas Wilson)
154 * Issue #129: Fix errors reported by Visual Studio 2015.
155 (Patch from Jaroslav Imrich)
156 * Issue #132: Handle the CKA_CHECK_VALUE correctly for certificates
157 and symmetric key objects.
158 * Issue #154: Fix the Windows build and destruction order of objects.
159 (Patch from Arnaud Grandville)
160 * Issue #162: Not possible to create certificate objects containing
161 CKA_CERTIFICATE_CATEGORY, CKA_NAME_HASH_ALGORITHM, or
162 CKA_JAVA_MIDP_SECURITY_DOMAIN.
163 * Issue #163: Do not attempt decryption of empty byte strings.
164 (Patch from Michal Kepien)
165 * Issue #165: Minor changes after a PVS-Studio code analysis, and
166 C_EncryptUpdate crash if no ciphered data is produced.
167 (Patch from Arnaud Grandville)
168 * Issue #169: One-byte buffer overflow in call to EVP_DecryptUpdate.
169 * Issue #171: Problem while closing library that is initialized but
170 improperly finalized.
171 * Issue #173: Adjust return values for the template parsing.
172 * Issue #174: C_DeriveKey() error with leading zero bytes.
173 * Issue #177: CKA_NEVER_EXTRACTABLE set to CK_FALSE on objects
174 created with C_CreateObject.
175 * Issue #182: Resolve compiler warning.
176 (Patch from Josh Datko)
177 * Issue #184: Stop discarding the global OpenSSL libcrypto state.
178 (Patch from Michal Trojnara)
179 * SOFTHSM-123: Fix library cleanup on BSD.
182 SoftHSM 2.0.0 - 2015-07-17
184 * SOFTHSM-121: Test cases for C_DecryptUpdate/C_DecryptFinal.
185 * Support C_DecryptUpdate/C_DecryptFinal for symmetric algorithms.
186 (Patch from Thomas Calderon)
189 * SOFTHSM-120: Segfault after renaming variables.
192 SoftHSM 2.0.0b3 - 2015-04-17
194 * SOFTHSM-113: Support for Botan 1.11.15
195 * SOFTHSM-119: softhsm2-util: Support ECDSA key import
196 (Patch from Magnus Ahltorp)
197 * SUPPORT-139: Support deriving generic secrets, DES, DES2, DES3, and AES.
198 Using DH, ECDH or symmetric encryption.
201 * SOFTHSM-108: A marked as trusted certificate cannot be imported.
202 * SOFTHSM-109: Unused parameter and variable warnings.
203 * SOFTHSM-110: subdir-objects warnings from autoreconf.
204 * SOFTHSM-111: Include FIPS-NOTES.md in dist.
205 * SOFTHSM-112: CKM_AES_KEY_WRAP* conflict in pkcs11.h.
206 * SOFTHSM-114: Fix memory leak in a test script.
207 * SOFTHSM-115: Fix static analysis warnings.
208 * SUPPORT-154: A marked as non-modifiable object cannot be generated.
209 * SUPPORT-155: auto_ptr is deprecated in C++11, use unique_ptr.
210 * SUPPORT-157: Derived secrets were truncated after encryption and
211 could thus not be decrypted.
212 * Mutex should call MutexFactory wrapper functions.
213 (Patch from Jerry Lundström)
214 * Return detailed error message to loadLibrary().
215 (Patch from Petr Spacek)
218 SoftHSM 2.0.0b2 - 2014-12-28
220 * SOFTHSM-50: OpenSSL FIPS support.
221 * SOFTHSM-64: Updated build script for Windows.
222 * SOFTHSM-100: Use --free with softhsm2-util to initialize the first
224 * SOFTHSM-103: Allow runtime configuration of log level.
225 * SOFTHSM-107: Support for CKM_<symcipher>_CBC_PAD.
226 * Add support for CKM_RSA_PKCS_OAEP key un/wrapping.
227 (Patch from Petr Spacek)
228 * Use OpenSSL EVP interface for AES key wrapping.
229 (Patch from Petr Spacek)
230 * Allow reading configuration file from user's home directory.
231 (Patch from Nikos Mavrogiannopoulos)
234 * SOFTHSM-102: C_DeriveKey() uses OBJECT_OP_GENERATE.
235 * Coverity found a number of issues.
238 SoftHSM 2.0.0b1 - 2014-09-10
240 * SOFTHSM-84: Check that all mandatory attributes are given during
241 the creation process.
242 * SOFTHSM-92: Enable -fvisibility=hidden on per default
243 * SUPPORT-137: Implement C_EncryptUpdate and C_EncryptFinal
244 (Patch from Martin Paljak)
245 * Add support for CKM_RSA_PKCS key un/wrapping
246 (Patch from Petr Spacek)
249 * SOFTHSM-66: Attribute handling when using multiple threads
250 * SOFTHSM-93: Invalid C++ object recycling.
251 * SOFTHSM-95: umask affecting the calling application.
252 * SOFTHSM-97: Check if Botan has already been initialized.
253 * SOFTHSM-98: Handle mandatory attributes for DSA, DH, and ECDSA
255 * SOFTHSM-99: Binary encoding of GOST values.
256 * SUPPORT-136: softhsm2-keyconv creates files with sensitive material
260 SoftHSM 2.0.0a2 - 2014-03-25
262 * SOFTHSM-68: Display a better configure message when there is a
263 version of Botan with a broken ECC/GOST/OID implementation.
264 * SOFTHSM-70: Improved handling of the database backend.
265 * SOFTHSM-71: Supporting Botan 1.11.
266 * SOFTHSM-76: Do not generate RSA keys smaller than 1024 bit when
267 using the Botan crypto backend.
268 * SOFTHSM-83: Support CKA_VALUE_BITS for CKK_DH private key object.
269 * SOFTHSM-85: Rename libsofthsm.so to libsofthsm2.so and prefix the
270 command line utilties with softhsm2-.
271 * SOFTHSM-89: Use constants and not strings for signaling algorithms.
272 * SUPPORT-129: Possible to use an empty template in C_GenerateKey.
273 The class and key type are inherited from the generation mechanism.
274 Some mechanisms do however require a length attribute. [SOFTHSM-88]
275 * SUPPORT-131: Support RSA-PSS using SHA1, SHA224, SHA256, SHA384,
276 or SHA512. [SOFTHSM-87]
279 * SOFTHSM-39: Fix 64 bit build on sparc sun4v.
280 * SOFTHSM-69: GOST did not work when you disabled ECC.
281 * SOFTHSM-78: Correct the attribute checks for a number of objects.
282 * SOFTHSM-80: Prevent segfault in OpenSSL GOST HMAC code.
283 * SOFTHSM-91: Fix a warning from static code analysis.
284 * Fixed a number of memory leaks.
287 SoftHSM 2.0.0a1 - 2014-02-10
289 This is the first alpha release of SoftHSMv2. It focuses on a higher
290 level of security by encrypting sensitive information and using
291 unswappable memory. There is also a more generalized crypto backend,
292 where you can use Botan or OpenSSL.