File: ChangeLog

package info (click to toggle)
opencryptoki 3.6.1%2Bdfsg-1
  • links: PTS
  • area: main
  • in suites: stretch
  • size: 5,628 kB
  • ctags: 5,333
  • sloc: ansic: 75,819; perl: 1,513; makefile: 614; yacc: 370; sh: 148; lex: 124
file content (194 lines) | stat: -rw-r--r-- 8,459 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
 
* opencryptoki 3.6.1
- Fix SOFT token implementation of digest functions.
- Replace deprecated OpenSSL interfaces.

* opencryptoki 3.6
- Replace deprecated libica interfaces.
- Performance improvement for ICA.
- Improvement in documentation on system resources.
- Improvement in testcases.
- Added support for rc=8, reasoncode=2028 in icsf token.
- Fix for session handle not set in session issue.
- Multiple fixes for lock and log directories.
- Downgraded a syslog error to warning.
- Multiple fixes based on coverity scan results.
- Added pkcs11 mapping for icsf reason code 72 for return code 8.

* opencryptoki 3.5.1
- Fix Illegal Intruction on pkcscca tool.

* opencryptoki 3.5
- Full Coverity scan fixes.
- Fixes for compiler warnings.
- Added support for C_GetObjectSize in icsf token.
- Various bug fixes and memory leak fixes.
- Removed global read permissions from token files.
- Added missing PKCS#11v2.2 constants.
- Fix for symbol resolution issue seen in Fedora 22 and 23 for
  ep11 and cca tokens.
- Improvements in socket read operation when a token comes up.
- Replaced 32 bit CCA API declarations with latest header from
  version 5.0 libsculcca rpm.

* opencryptoki 3.4.1
- fix 32-bit compiler error for ep11 
- fix buffer overflow for cca token 
- fix a testcase

* opencryptoki 3.4
- CCA master key migration added to the pkcscca tool. When the masterkey on
  the CCA adapter changes, this allows the token key objects containing
  keys wrapped with the card's former masterkey to be wrapped under the
  card's new masterkey. And thus "migrated".
- AES GCM support added to ica token.
- Ability to generate generic secret keys for CKM_GENERIC_SECRET_KEY_GEN
  added to opencryptoki.
- The soft, cca, ep11, and icsf tokens support HMAC single and multipart for
  SHA1, SHA256, SHA384, and SHA512.
- CCA token, a secure key token, can now import AES, DES3 and
  Generic Secret keys.
- Add -Wall and fix various compiler warnings.
- Coverity scan cleanup.
- Additional test vectors and various testcase improvements made.
- Various bugfixes

* opencryptoki 3.3
- Dynamic tracing introduced via the new environment variable, 
  OPENCRYPTOKI_TRACE_LEVEL=<level>. The opencryptoki base as well as all
  tokens changed to use the new tracing.
- Allow root to run pkcs11 commands without being in pkcs11 group.
- EncryptUpdate, DecryptUpdate, DigestUpdate, SignUpdate, VerifyUpdate
  now allow zero length data.
- Refactored ICA token's SHA .
- Various testcase improvements.
- Various bugfixes.

* opencryptoki 3.2
- New pkcscca tool. Currently it assists in migrating cca private token
  objects from opencryptoki version 2 to the clear key encryption method 
  used in opencryptoki version 3. Includes a manpage for pkcscca tool.
  Changes to README.cca_stdll to assist in using the CCA token and
  migrating the private token objects.
- Support for CKM_RSA_PKCS_OAEP and CKM_RSA_PKCS_PSS algorithms.
- Various bugfixes.
- New testcases for various crypto algorithms.

* opencryptoki-3.1
- New ep11 token to support IBM Crypto Express adpaters (starting with 
  Crypto Express 4S adapters) configured with Enterprise PKCS#11(EP11)
  firmware.
- New pkcsep11_migrate utility (and manpage) to migrate token objects
  when card's masterkey changes.
- Various bugfixes.

* opencryptoki-3.0
- Aggregated source files in common, tpm, and cca directories.
- Re-factored shared memory functions in the stdlls.
- New opencryptoki.conf file to replace pk_config_data and pkcs11_starup.
  The opencryptoki.conf contains slot entry information for tokens.
- New manpage for opencryptoki.conf
- Removed pkcs_slot and pkcs11_startup shell scripts.
- New ICSF token to do remote crypto.
- New pkcsicsf utility to setup the ICSF token.
- New manpage for pkcsicsf utility.
- ICA token supports CKM_DES_OFB64, CKM_DES_CFB8, CKM_DES_CFB6 mechanisms
  using 3DES keys.
- ICA token supports CKM_DES3_MAC and CKM_DES3_MAC_GENERAL mechanisms.
- ICA token supports CKM_AES_OFB, CKM_AES_CFB8, CKM_AES_CFB64, CKM_AES_CFB128,
  CKM_AES_MAC, and CKM_AES_MAC_GENERAL mechanisms.
- Some code cleanup in pkcsslotd.
- pkcsslotd daemon uses a socket rather than shared memory to pass
  slot information to the opencryptoki library.
- New testcases added for various crypto algorithms and pkcs#11 api calls.
- Add README to docs directory for how to setup ICSF token.

* opencryptoki-2.4.3.1 (May 17, 2013)
- Allow imported rsa private keys in cca to also decrypt.

* opencryptoki-2.4.3 (April 29, 2013)
- CKM_SHA256_RSA_PKCS,CKM_SHA384_RSA_PKCS,CKM_SHA512_RSA_PKCS support
  for ICA token.
- Allow import of RSA public and private keys into CCA token.
- Systemd support added.
- Various bugfixes and additional testcases.

* opencryptoki-2.4.2 (April 27, 2012)
- Re-factored spinlocks, such that each token has its own spinlock
  in its own directory relative to /var/locks/opencryptoki.

* opencryptoki-2.4.1 (February 21, 2012)
- SHA256 support added for CCA token
- Several crypto algorithm testcases refactored to include published
  test vectors. 
- Testcase directory restructured for future improvements.
- Allow tpm stdll to get SRK passwd and mode from new env variables.
  See [1] for info on how to use this feature and please report any bugs.
- Renamed spinlocks for shared memory to /var/lock dir and did 
  some cleanup of unused locking schemes.
- Various bugfixes and cleanup.

[1] http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki;a=blob;f=doc/README.tpm_stdll;h=dda0d2263cfbb3df8c65ebc64b8006e3242f6321;hb=HEAD#l58


* opencryptoki-2.4 
- Support for Elliptic Curve Support in CCA token.
- Support for AES CTR in ICA token.
- Session handling refactored from using a reference to memory to
  using a handle that references a binray tree node.
- Cleanup logging. Debug messages now go to a file referenced in 
  OPENCRYPTOKI_DEBUG_FILE env variable.
- Various bugfixes and cleanup.

* opencryptoki-2.3.3 (Jan 13 2011)
- Moderate fixes and clean-ups to key unwrapping mechanisms
- several pkcsconf fixes, some minor changes
- Important fix to CCA library name in pkcs11_startup
- PKCS padding length fix for symmetric ciphers
- Better RSA public exponent validations in all supported tokens
- Huge testsuite refactor
- Several other minor fixes and cleanups

* opencryptoki-2.3.2 (Jul 29 2010)
- Significant clean-ups to the building and packaging systems and many
  small fixes by Klaus Heinrich Kiwi <klausk@linux.vnet.ibm.com>
- Various minor fixes to slot daemon and init script by Dan HorĂ¡k
  <dan@danny.cz>
- Some RSA PKCS#1 v1.5 padding clean-ups by Ramon de Carvalho Valle
  <rcvalle@linux.vnet.ibm.com>
- Human-readable flags output to pkcsconf, some minor soft-token
  fixes by Kent Yoder <key@linux.vnet.ibm.com>
- Improved overall session/object look-up performance. Note that this
  change might crash buggy callers with badly-written session/object
  handle tracking - Klaus Heinrich Kiwi <klausk@linux.vnet.ibm.com>

* openCryptoki-2.3.1
- Moved ICA token to use libica-2.0, supporting newer hardware and 4K
  RSA modulus. Libica-2.x is now *required* to build the ICA token.
- Moved CCA token to use CCA-4.0, supporting AES, SHA-2 and 4K RSA
  keys in newer hardware. Although not required for building, CCA-4.0
  is *required* for running the CCA token.

* openCryptoki-2.2.5

- Fixed bug in comparison of PINs in pkcsconf.
- Added code to set the encryption and signature schemes of keys imported
into the TPM token.
- Added tpm token message to warn when only owner can read the pub SRK.
- Fixed return code of function failed when it should be buffer too small in
various mech_des.c mech_des3.c and mech_aes.c files.
- Moved doc/*.txt to manpage format and integrated them into the build/install
- Updated testcases to query env vars for PINs and call a set of common
routines for common operations
- Added SHA256 support for all tokens
- Fixed object cleanup when max number of token objects is hit
- Fixed fd exhaustion bug with spin lock fd
- Updated TPM stdll for TSS policy handling changes. Trousers 0.2.9+ now
required with openCryptoki 2.2.5
- Updated TPM stdll to use TSS_TSPATTRIB_KEYINFO_RSA_MODULUS when retrieving
the public modulus
- pkcs11_startup fix for use with s/w fallback support in libica on s390
- Added the CCA secure key token and migration utility
- Replaced bcopy/bzero with memcpy/memset throughout the code
- Removed unused variables throughout the code

* openCryptoki-2.2.4