summaryrefslogtreecommitdiff
path: root/security/softhsm/distinfo
AgeCommit message (Collapse)AuthorFilesLines
2021-10-26security: Replace RMD160 checksums with BLAKE2s checksumsnia1-2/+2
All checksums have been double-checked against existing RMD160 and SHA512 hashes Unfetchable distfiles (fetched conditionally?): ./security/cyrus-sasl/distinfo cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
2021-10-07security: Remove SHA1 hashes for distfilesnia1-2/+1
2015-11-04Add SHA512 digests for distfiles for security categoryagc1-1/+2
Problems found locating distfiles: Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz Package libidea: missing distfile libidea-0.8.2b.tar.gz Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2 Package uvscan: missing distfile vlp4510e.tar.Z Otherwise, existing SHA1 digests verified and found to be the same on the machine holding the existing distfiles (morden). All existing SHA1 digests retained for now as an audit trail.
2014-11-18Adapt a fix for SA59651, similar to CVE-2014-3209 from thehe1-2/+3
code branch fro SoftHSMv2: ensure created pkcs8 file is not group- or world-readable. Rename patch-aa to patch-Makefile.in, and add a comment. Bump PKGREVISION.
2014-06-07SoftHSM 1.3.7 - 2014-05-28pettai1-4/+4
Bugfixes: * SOFTHSM-94: umask affecting the calling application. * SOFTHSM-96: Check if Botan has already been initialized.
2014-02-28SoftHSM 1.3.6pettai1-4/+4
* SOFTHSM-51: Call umask to restrict created files. Bugfixes: * Fix malloc(0) warning in clang.
2013-10-15SoftHSM 1.3.5pettai1-4/+4
Bugfixes: * SOFTHSM-45: Improved handling of a busy database * SUPPORT-76: Add -Wall -Werror flags and fix the warnings. Fix more warnings on EPEL.
2012-11-26SoftHSM 1.3.4 - 2012-11-24pettai1-4/+4
* SOFTHSM-28: Support RSASSA-PSS signature scheme. * SOFTHSM-29: The default location of the token database is now $localstatedir/lib/softhsm/.
2012-05-23SoftHSM 1.3.3pettai1-5/+5
* Increased performance by adding more indexes to the database. * Describe the usage of SO and user PIN in the README. Bugfixes: * Detect if a C++ compiler is missing.
2012-03-18SoftHSM 1.3.2pettai1-4/+4
* Update the README with information on moving the database between different architectures. Bugfixes: * Fix the destruction order of the Singleton objects.
2012-01-23SoftHSM 1.3.1pettai1-4/+4
* The library is now installed in $libdir/softhsm/. Bugfixes: * Do not give a warning about the schema version if the token has not been initialized yet. * The tools now return the correct exit code.
2011-09-17SoftHSM 1.3.0pettai1-4/+4
* Can now read CKA_ALWAYS_AUTHENTICATE but does not use it. * Encryption and decryption using CKM_RSA_PKCS. * Support X.509 certificates. (Patch from Thomas Calderon) * Updated backup instructions. * Only a Security Officer can set CKA_TRUSTED to true. * The softhsm tool can set the value of CKA_TRUSTED. * Support Botan 1.10.0. * Better signing performance with a single element cache for the PK_Signer object. * Document README.MinGW describes how to build on Windows. (Text and patches contributed by Jaroslav Imrich) Bugfixes: * API changes in Botan created a namespace collision. * API changes in Botan's state handling. * BigInt::to_u32bit was accidently dropped in Botan. Adding it as a compatibility function to SoftHSM. * Better exception handling. * CKF_USER_PIN_COUNT_LOW and CKF_SO_PIN_COUNT_LOW must be set if an incorrect PIN has been entered at least once. * Windows: Detect LoadLibrary. * Windows: Set CRYPTOKI_EXPORTS. * Windows: Load library correctly in softhsm. * Windows: Compatibility function for getpass. * Windows: Use _putenv and not setenv. * Windows: Generate the DLL file. * Windows: The softhsm tool will use the DLL file by default. * Windows: Log to EventLog. * Windows: Fix parsing of configuration file. * Windows: The check program now links with a shared libgcc in order to make the exceptions work. Known issue: * Firefox does improper setting of CKA_DERIVE attribute during PKCS#12 import. See https://bugzilla.mozilla.org/show_bug.cgi?id=515663
2011-05-04SoftHSM 1.2.1 - 2011-05-03pettai1-4/+4
* Backport mutex handling from v2 for increased multithreaded performance. * Remove signature verification used for debugging purposes. (was enabled with ./configure --enable-sigver) * Added an index to the attribute table in the database. * Optimization of the database handling.
2010-10-18SoftHSM 1.2.0 - 2010-09-30pettai1-4/+4
* Added mechanism CKM_RSA_X_509 (use Botan 1.9.7 to fix a bug when verifying these signatures) * The softhsm command now have the option --module <path> To use a PKCS#11 library other than SoftHSM. * The softhsm command now import all parts of the RSA key. CKA_EXPONENT_1, CKA_EXPONENT_2, and CKA_COEFFICIENT is not needed by SoftHSM but might be needed by other HSM:s. * Ticket #163: softhsm-keyconv now support BIND format v1.3 * Write message to stderr when the config file cannot be found * CKA_WRAP_WITH_TRUSTED was not handled correctly. But it has not been a problem since wrapping is not supported. * Set CKA_KEY_GEN_MECHANISM to CK_UNAVAILABLE_INFORMATION when importing objects. * C_GetInfo now returns CKR_CRYPTOKI_NOT_INITIALIZED if library is not initialized. * Force clean up if the app does not do C_Finalize (using auto_ptr) * Limit the scope of the session objects to the owner application * softhsm --optimize will clean up leftovers (session objects) from applications that haven't closed down properly. * Do not use CKF_HW, the mechanisms are not performed by a device. * The ulMinKeySize and ulMaxKeySize are not used for the digesting mechanisms, but we set them to zero for applications that forget this. * Used wrong buffer size for signatures. This was only a problem for keys where (key size % 8 == 1), e.g. 1025 bit keys. * C_Login now returns CKR_USER_ANOTHER_ALREADY_LOGGED_IN instead of CKR_USER_TOO_MANY_TYPES
2010-05-09SoftHSM 1.1.4 - 2010-04-06pettai1-5/+5
* Respect --disable-64bit * Respect $DESTDIR for config files * The binaries can now show the version number * softhsm-keyconv could not handle --ttl properly * Link softhsm static with libsofthsm * Build libsofthsm.so without version number * libsofthsm.so is now a loadable module
2010-03-13SoftHSM is an implementation of a cryptographic store accessible through apettai1-0/+6
PKCS#11 interface. You can use it to explore PKCS#11 without having a Hardware Security Module. It is being developed as a part of the OpenDNSSEC project. SoftHSM uses Botan for its cryptographic operations.