wolfPKCS11 Release 1.3 (Mar 22, 2024)

Summary

Added Visual Studio support for wolfPKCS11. Fixes for cast warnings and portability.

Detail

• Fixed C_GetAttributeValue incorrectly erroring with CKR_ATTRIBUTE_VALUE_INVALID when data == NULL. The C_GetAttributeValue should set length if data field is NULL. (PR #27)
• Fixed several cast warnings and possible use of uninitialized. (PR #28)
• Fixed portability issues with WOLFPKCS11_USER_SETTINGS. (PR #28)
• Added Visual Studio support for wolfPKCS11. (PR #28)
  • This includes wolfTPM support with Windows TBS interface
• Reworked shared library versioning. (PR #29)

wolfPKCS11 Release 1.2 (Dec 26, 2023)

Summary

Adds backend support for TPM 2.0 using wolfTPM. Adds AES CBC key wrap / unwrap support. Portability improvements. Improved testing with GitHub Actions.

Detail

• Cleanups for minor cast warning, spelling and ignore for generated test files (PR #14)
• Added support for wrap/unwrap RSA with aes_cbc_pad. (PR #15)
• Fixed setting of label for public key after creation (init ECC objects before decoding) (PR #16)
• Flush writes in key store. (PR #17)
• Added build options for embedded use (PR #18)
  • WOLFSSL_USER_SETTINGS to avoid including wolfssl/options.h
  • WOLFPKCS11_USER_SETTINGS to avoid including wolfPKCS11/options.h
  • WOLFPKCS11_NO_TIME to make wc_GetTime() optional (it disables brute-force protections on token login)
• Reset failed login counter only with WOLFPKCS11_NO_TIME (PR #18)
• Fixed argument passing in SetMPI/GetMPIData (PR #19)
• Fixed NO_DH ifdef gate when freeing PKCS11 object (PR #20)
• Added GitHub CI action (PR #21)
• Fixed warnings from ./autogen.sh. Updated m4 macros. (PR #21)
• Added additional GitHub CI action tests. (PR #22)
• Added wolfPKCS11 support for using TPM 2.0 module as backend. Uses wolfTPM and supports RSA and ECC. Requires wolfSSL/wolfTPM#311 (PR #23)
• Added CI testing for wolfPKCS11 with wolfTPM backend and single threaded. (PR #23)
• Added PKCS11 TPM NV store (enabled with WOLFPKCS11_TPM_STORE). Allow WOLFPKCS11_NO_STORE for TPM use case. (PR #23)
• Fixed compiler warnings from mingw. (PR #23)
• Added portability macro WOLFPKCS11_NO_ENV when setenv/getenv are not available. (PR #23)
• Fix to only require -ldl for non-static builds. (PR #23)
• Portability fixes. Added NO_MAIN_DRIVER. Support for SINGLE_THREADED. Add static to some globals. (PR #24)
• Fixes for portability where XREALLOC is not available. (PR #25)
• Added support for custom setenv/get env using WOLFPKCS11_USER_ENV. (PR #25)
• Fix for final not being called after init in edge case pin failure. (PR #25)
• Added support for hashing PIN with SHA2-256.
  • PKS11 uses scrypt, which uses multiple MB of memory and is not practical for embedded systems. (PR #25)

wolfPKCS11 Release 1.1 (May 6, 2022)

• Added support for CKM_AES_CBC_PAD
• Added support for storage of token data.
• Added support encrypted private keys.
• Added CKF_LOGIN_REQUIRED to the slot flags.
• Added RSA X_509 support for signing/verifying
• Added missing CK_INVALID_SESSION.
• Added some missing PKCS11 types.
• Fixed building with FIPS 140-2 (fipsv2).
• Fixed WP11_API visibility.
• Fixed test pin to be at least 14-characters as required by FIPS HMAC.
• Fixed getting a boolean for the operations flags.
• Fixed misleading indentation fixes.
• Improve the curve_oid lookup with FIPS.
• Removed config.h from the public pkcs11.h header.
• Convert repository to GPLv3.