softhsm/SoftHSMv2 2.7.0-rc1

2.7.0 release candidate 1

on GitHub

What's Changed

• Issue #548: Don't clean up engines after OpenSSL has already shut down by @dwmw2 in #550
• Fix OPENSSL_cleanup() detection without using our own atexit() handler by @dwmw2 in #551
• Fix advertised min and max mechanism sizes according to final PKCS#11 3.0 specification by @Jakuje in #522
• Fix race condition between C_FindObjects and object creation (issue 573) by @rijswijk in #576
• Fixing tests of other PKCS#11 implementations. by @larssilven in #593
• Add "objectstore.umask" configuration option for file/directory creation by @nomis in #566
• Unbreak negative mechanism lists in slots.mechanisms + testcase by @Jakuje in #561
• Add misc derivations by @realmfoo in #571
• Reduce the level of the log message when SoftHSM is already initialized by @nomis in #577
• doc: Fix category title to reflect the actual option name by @Jakuje in #580
• Flush files before unlocking by @nomis in #578
• implement wrapping and unwrapping of Edwards curve-based private keys by @keldonin in #594
• InfoTests::testGetMechanismNegativeListConfig() not working when testing by @larssilven in #606
• Fix CMake build by adding DEFAULT_UMASK by @rgerganov in #617
• Implement CKM_XXX_CBC_PAD wrapping and unwrapping mechanisms by @keldonin in #600
• fix check minimal Botan version by @agrandville in #629
• softhsm2-util: add --show-config parameter by @alonbl in #611
• Fix "Transaction in database is already active." bug by @ondergormez in #646
• AES GCM without additional authenticated data crashes SoftHSM by @saper in #664
• Fix broken if statement (fixes #673) by @rijswijk in #674
• Amend PR 644 resolving conflicts and improvements by @halderen in #717
• CMake for windows platform refactored by @agrandville in #644
• Fix issue 585 by resetting en/decrypt op on input validation by @rijswijk in #592
• Enforce attributes becoming read-only once set to CK_TRUE on CKA_WRAP… by @rijswijk in #591
• Fix memory leak in SoftHSM::UnwrapKeySym. by @dcoombs in #677
• avoid unnecessary check for sqlite3 binary by @jluebbe in #694
• Minor README.md fixes by @sarroutbi in #744
• Add GitHub Actions CI by @bjosv in #733
• Update Github actions by @jschlyter in #766
• Upgrade github actions to macos-14 by @jschlyter in #769
• Add code owners by @jschlyter in #770
• fix: Use CMAKE_SHARED_LIBRARY_SUFFIX instead of hardcode .so by @middagj in #762
• Fix Botan build and test failures by @bjosv in #771
• Fix a typo in Mecahnisms by @wiktor-k in #760
• Fix typo in Github actions by @jschlyter in #772
• Replace obsolete macros in autoconf by @bjosv in #743
• Fixes AES secret key import failing on newline characters by @ijsf in #747
• README: Minor update by @oej in #774
• Correct build warnings on Linux and macOS by @bjosv in #775
• Fix severe peformance issue accessing keys by @nomis in #681
• Support import certificate using softhsm2-util by @alonbl in #612
• Add configure option and code to disable OpenSSL engines by @bukka in #781
• Replace CKR_GENERAL_ERROR with CKR_ENCRYPTED_DATA_INVALID or CKR_ENCRYPTED_DATA_LEN_RANGE upon decryption failure by @hansonchar in #690
• Add -D_FILE_OFFSET_BITS=64 by @LawrenceHunter in #799
• No memory allocation for each C_DecryptUpdate. by @larssilven in #643
• Replace deprecated Github runner ubuntu-20.04 by @bjosv in #802
• Update tests to use OpenSSL legacy provider if OpenSSL 3.0 used by @bukka in #806
• Implement CKM_RSA_AES_KEY_WRAP mechanism for key wrap/unwrap by @ruiliio in #794
• Support for ECDSA with hashing by @MatthiasValvekens in #683
• Use CPPUNIT_ASSERT_EQUAL instead of CPPUNIT_ASSERT by @bukka in #807
• Fix ECC OpenSSL cmake check on Windows by @bukka in #828
• Allow OBJECT_OP_UNWRAP to modify attributes by @antoinelochet in #728
• Update pkcs.h to 3.2.0 version and fix CK_RSA_AES_KEY_WRAP_PARAMS by @bukka in #827
• Fix C_GetMechanismInfo to fail on non-allowed mechanisms by @Jakuje in #648
• Change CI branches as new default branch is main by @bukka in #830
• Fixed PKCS#11 3.2 C_Decapsulate definition by @antoinelochet in #831
• Support RSA PSS for import in softhsm2-util by @bukka in #816
• Check RSA-OAEP mechanims when decrypting by @Jakuje in #671
• Fix incorrect call to isMechanismPermitted by @bukka in #835
• Prepare for release 2.7.0 by @bukka in #836

New Contributors

• @nomis made their first contribution in #566
• @realmfoo made their first contribution in #571
• @keldonin made their first contribution in #594
• @rgerganov made their first contribution in #617
• @ondergormez made their first contribution in #646
• @saper made their first contribution in #664
• @dcoombs made their first contribution in #677
• @sarroutbi made their first contribution in #744
• @bjosv made their first contribution in #733
• @middagj made their first contribution in #762
• @wiktor-k made their first contribution in #760
• @ijsf made their first contribution in #747
• @oej made their first contribution in #774
• @bukka made their first contribution in #781
• @hansonchar made their first contribution in #690
• @LawrenceHunter made their first contribution in #799
• @ruiliio made their first contribution in #794
• @MatthiasValvekens made their first contribution in #683
• @antoinelochet made their first contribution in #728

Full Changelog: 2.6.1...2.7.0-rc1