The pkcs11-provider team is proud to announce version 1.0
This version adequately handle asymmetric operations offloaded from openssl application to hardware or software tokens for RSA, ECC and Edwards curves.
This version does not yet support symmetric operations, the support for properly offloading symmetric operation is being worked on in OpenSSL and will be the target for version 2.0
Notable Changes
- Improved compatibility with PKCS#11 spec and historical module behavior in interpreting CKA_EC_POINT, thie handled incompatibilities in ECDSA/ECDH keys.
- Added full RSA-PSS support
- Fixed several issues with using keypairs after generation and loading of related public keys, espcially with the way OpenSSL handles ECDH peer key creation.
- Fixed issues with EdDSA signatures
- Expanded CI/testsuite with tlsfuzzer and more teting for Ed448 and other key types/operations
- We test three different software tokens with 4 different test configurations
What's Changed
- ci: Fix macOS CI by @neverpanic in #476
- Add a SBOM template in CycloneDX format by @hughsie in #477
- Add support for CKA_EC_POINT as not DER encoded by @simo5 in #483
- Test kryoptic with NSS DB by @Jakuje in #487
- CI: Simplify kryoptic build by @Jakuje in #473
- Extend tlsfuzzer coverage by @Jakuje in #488
- tests: Create separate self-signed EC key for tlsfuzzer testing by @Jakuje in #490
- Fix pkgconfig location in BUILD.md by @bukka in #496
- Add meson option to disable explicit EC keys tests by @Mulling in #492
- Some fixes for EdDSA signatures + test coverage by @Jakuje in #497
- Add support for running pkcs11 provider in FIPS Mode by @Jakuje in #498
- Fixes #502 Explicitly request EcDH derive return key as a session object by @tmorlando in #505
- Enable RSA-PSS with ALLOWED_MECHANISMS tests for kryoptic by @Jakuje in #499
- Run missing Ed448 tests + fixup OpenSC version detection by @Jakuje in #507
- meson: add option to allow override default default_pkcs11_module by @embetrix in #511
- Add support for RSA-PSS Keys by @Jakuje in #514
- Improve handling of public keys by @simo5 in #516
- Try to avoid requesting a PIN just to load a cert by @simo5 in #517
- Drop SoftHSM from the matrix for now by @simo5 in #518
New Contributors
- @hughsie made their first contribution in #477
- @bukka made their first contribution in #496
- @Mulling made their first contribution in #492
- @tmorlando made their first contribution in #505
- @embetrix made their first contribution in #511
Full Changelog: v0.6...v1.0
Contributors
bukka, hughsie, and 6 other contributors