$Id$ NEWS for SoftHSM -- History of user visible changes SoftHSM 1.3.1 * The library is now installed in $libdir/softhsm/. Bugfixes: * Do not give a warning about the schema version if the token has not been initialized yet. * The tools now return the correct exit code. SoftHSM 1.3.0 - 2011-08-12 * Can now read CKA_ALWAYS_AUTHENTICATE but does not use it. * Encryption and decryption using CKM_RSA_PKCS. * Support X.509 certificates. (Patch from Thomas Calderon) * Updated backup instructions. * Only a Security Officer can set CKA_TRUSTED to true. * The softhsm tool can set the value of CKA_TRUSTED. * Support Botan 1.10.0. * Better signing performance with a single element cache for the PK_Signer object. * Document README.MinGW describes how to build on Windows. (Text and patches contributed by Jaroslav Imrich) Bugfixes: * API changes in Botan created a namespace collision. * API changes in Botan's state handling. * BigInt::to_u32bit was accidently dropped in Botan. Adding it as a compatibility function to SoftHSM. * Better exception handling. * CKF_USER_PIN_COUNT_LOW and CKF_SO_PIN_COUNT_LOW must be set if an incorrect PIN has been entered at least once. * Windows: Detect LoadLibrary. * Windows: Set CRYPTOKI_EXPORTS. * Windows: Load library correctly in softhsm. * Windows: Compatibility function for getpass. * Windows: Use _putenv and not setenv. * Windows: Generate the DLL file. * Windows: The softhsm tool will use the DLL file by default. * Windows: Log to EventLog. * Windows: Fix parsing of configuration file. * Windows: The check program now links with a shared libgcc in order to make the exceptions work. Known issue: * Firefox does improper setting of CKA_DERIVE attribute during PKCS#12 import. See https://bugzilla.mozilla.org/show_bug.cgi?id=515663 SoftHSM 1.2.1 - 2011-05-03 * Backport mutex handling from v2 for increased multithreaded performance. * Remove signature verification used for debugging purposes. (was enabled with ./configure --enable-sigver) * Added an index to the attribute table in the database. * Optimization of the database handling. SoftHSM 1.2.0 - 2010-09-30 * Added mechanism CKM_RSA_X_509 (use Botan 1.9.7 to fix a bug when verifying these signatures) * The softhsm command now have the option --module To use a PKCS#11 library other than SoftHSM. * The softhsm command now import all parts of the RSA key. CKA_EXPONENT_1, CKA_EXPONENT_2, and CKA_COEFFICIENT is not needed by SoftHSM but might be needed by other HSM:s. * Ticket #163: softhsm-keyconv now support BIND format v1.3 * Write message to stderr when the config file cannot be found * CKA_WRAP_WITH_TRUSTED was not handled correctly. But it has not been a problem since wrapping is not supported. * Set CKA_KEY_GEN_MECHANISM to CK_UNAVAILABLE_INFORMATION when importing objects. * C_GetInfo now returns CKR_CRYPTOKI_NOT_INITIALIZED if library is not initialized. * Force clean up if the app does not do C_Finalize (using auto_ptr) * Limit the scope of the session objects to the owner application * softhsm --optimize will clean up leftovers (session objects) from applications that haven't closed down properly. * Do not use CKF_HW, the mechanisms are not performed by a device. * The ulMinKeySize and ulMaxKeySize are not used for the digesting mechanisms, but we set them to zero for applications that forget this. * Used wrong buffer size for signatures. This was only a problem for keys where (key size % 8 == 1), e.g. 1025 bit keys. * C_Login now returns CKR_USER_ANOTHER_ALREADY_LOGGED_IN instead of CKR_USER_TOO_MANY_TYPES SoftHSM 1.1.4 - 2010-04-06 * Respect --disable-64bit * Respect $DESTDIR for config files * The binaries can now show the version number * softhsm-keyconv could not handle --ttl properly * Link softhsm static with libsofthsm * Build libsofthsm.so without version number * libsofthsm.so is now a loadable module SoftHSM 1.1.3 - 2010-01-25 * Only check for the SQLite3 library. The binary is not needed. * Switch to PKCS#11 header file from the Scute project. * KNOWN BUG: A bug in Botan made some of the checks to fail on Debian unstable. The bug may appear on other platforms. Please upgrade to Botan 1.8.9 when it is available. SoftHSM 1.1.2 - 2009-12-21 * Documentation on how to do backup. * Limiting the number of concurrent sessions to 256, because SQLite has a limit on the number of database connections. * Install a sample of the configuration file. * Manual pages are now available for softhsm, softhsm-keyconv, and softhsm.conf * Bugfix: --enable-64bit configure option did not work correctly. * KNOWN BUG: A version of Botan available in some OS has a problem with the entropy. This causes SoftHSM to freeze in some operations. Please upgrade to the Botan 1.8.5 or greater. SoftHSM 1.1.1 - 2009-12-04 * Bugfix: Signing could not be done when another application had a lock on the database. * Bugfix: Check if a session were able to create a connection to the database. * KNOWN BUG: A version of Botan available in some OS has a problem with the entropy. This causes SoftHSM to freeze in some operations. Please upgrade to the Botan 1.8.5 or greater. SoftHSM 1.1.0 - 2009-11-02 * The tool softhsm-keyconv can convert keys between BIND key file format and PKCS#8 file format. So it can be imported to SoftHSM. It can also convert back to BIND format. * C_FindObjectsInit is now up to 80 % faster. * KNOWN BUG: A version of Botan available in some OS has a problem with the entropy. This causes SoftHSM to freeze in some operations. Please upgrade to the Botan 1.8.5 or greater. SoftHSM 1.0.0 - 2009-09-30 * Using /usr/local, /etc, and /var as default * Improved the performance of creating keys * Log error message if database cannot be opened * KNOWN BUG: A version of Botan available in some OS has a problem with the entropy. This causes SoftHSM to freeze in some operations. Please upgrade to the Botan 1.8.5 or greater. SoftHSM 1.0.0-RC3 - 2009-08-26 * Vacuum the empty space in the database when initializing it * Minor speed improvment when searching for objects * Fixed build problem with GCC >= 4.3 * Fixed some linking problem * KNOWN BUG: A version of Botan available in some OS has a problem with the entropy. This causes SoftHSM to freeze in some operations. Please upgrade to the Botan 1.8.5 or greater. SoftHSM 1.0.0-RC2 - 2009-07-08 * Added a check for the Botan library in config script * SoftHSM will not add a default label/ID to a key pair when the key pair is generated, as were the case in the previous versions. * Improved database handling * New database schema. Is not compliant with previous versions. * Comments can be added to the config file by using # * The default location of the config file is $sysconfdir/softhsm.conf * Simplified the configure options * The softhsm tool initialize the tokens by using the library. * Import keys via PKCS#11 and the softhsm tool. * Export keys via the softhsm tool SoftHSM 1.0.0-RC1 - 2009-03-10 * Versioning moved to the configure script * This is release candidate 1 SoftHSM 0.5 - 2009-02-20 * Admin tool for creating tokens. * Config file in /etc/softhsm.conf * All session objects are removed when the session creating them are closed. * User credentials as specified in PKCS#11 SoftHSM 0.4 - 2009-02-10 * Only one library is compiled (libsofthsm.so). The log level is defined by using the flag --with-loglevel SoftHSM 0.3 - 2009-02-03 * A better mutex handling. Each PKCS#11 function call is treated as atomic functions. The mutex handling is activated when given correct parameters to the init function. SoftHSM 0.2 - 2009-01-23 * Two libraries are compiled. One normal (libsofthsm.so) and one for debugging (libsofthsm.d.so). The debug info is saved in the syslog. SoftHSM 0.1 - 2009-01-21 * Starting point of the NEWS file. * Have an interface to the user in accordance with PKCS#11. * This file will be properly maintained when we start releasing the source code.