similar to: 6349906 libelfsign verification should not link to pkcs11_softtoken dynamically

Author: izick Repository: /hg/zfs-crypto/gate Revision: f7c96af91f148327ba792c8fbcb9e49897664f9c Log message: PSARC 2005/572 PKCS#11 v2.20 4920408 PKCS#11 v2.20 support for the Crypto Framework 6287425 residual bzero''s in hmac part of sha2 6287428 add sha2 to the i.kcfconfbase upgrade script Files: create: usr/src/common/crypto/blowfish/blowfish_cbc_crypt.c create:

Author: mcpowers Repository: /hg/zfs-crypto/gate Revision: 96cccf53906cb9bb5a733b8ca426f5f511392252 Log message: PSARC 2006/214 Crypto Framework random number API/SPI update 6374503 C_SeedRandom is too slow causing poor performance with Apache/OpenSSL when using pkcs11 Files: update: usr/src/lib/pkcs11/libpkcs11/common/metaGeneral.c update: usr/src/lib/pkcs11/libpkcs11/common/metaGlobal.h

Author: Darren Moffat <darrenm at opensolaris.org> Repository: /hg/zfs-crypto/gate Latest revision: 9bb308a0778101fcef9ff65336bcec8e68a7bd06 Total changesets: 40 Log message: resynv onnv-gate Files: .hgtags deleted_files/usr/src/cmd/fps/Makefile.inc deleted_files/usr/src/cmd/fps/Makefile.subdirs deleted_files/usr/src/common/crypto/aes/aes_cbc_crypt.c

There is a bug in Swat package samba-swat-3.0.2a-3mdk The password functions are not working: add user, change password, enable user. If you add or enable a user, the user will be disabled. You can check this by opening /etc/samba/smbpasswd file. Entry will look like: johnz:500:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX [DU?????????]:LCT-00000000: The 32 X indicates that

Author: pwernau Repository: /hg/zfs-crypto/gate Revision: ba16e4a9c5255b467f2d29663976000f863c3b71 Log message: PSARC 2005/501 ikecert PKCS#11 object migration and linkage 6219636 ikecert(1m) needs to tie IKE certificate slots to existing PKCS#11 objects 6220119 ikecert certlocal migrate disk key to PKCS#11 token 6232671 Can''t add a certificate to a keystore with ikecert(1m) 6303764 IKE

Author: Anthony Scarpino <Anthony.Scarpino at Sun.COM> Repository: /hg/zfs-crypto/zfs-crypto-gate Latest revision: 9a17248d7cc3087d39ca752bff184ae5a7831cf6 Total changesets: 1 Log message: passphrase & keymgr load/unload Files: update: usr/src/cmd/zfs/zfs_main.c update: usr/src/cmd/zpool/zpool_main.c update: usr/src/common/zfs/zfs_prop.c update:

Author: darrenm Repository: /hg/zfs-crypto/gate Revision: 14d7bfad76ad917e7df568c6739d34eba6b60a33 Log message: 6368332 libpkcs11 should report that it is v2.20 not v2.11 Files: update: usr/src/lib/pkcs11/libpkcs11/common/pkcs11Conf.c update: usr/src/lib/pkcs11/libpkcs11/common/pkcs11Global.h

Author: Darren Moffat <darrenm at opensolaris.org> Repository: /hg/zfs-crypto/zfs-crypto-gate Latest revision: ec659b717bdb149af4dc7a2ac1bc1c152d859b02 Total changesets: 1 Log message: Fix mismerge for libcryptoutil & libpkcs11 Files: update: usr/src/lib/libcryptoutil/common/cryptoutil.h update: usr/src/lib/libcryptoutil/common/mapfile-vers update:

Author: mcpowers Repository: /hg/zfs-crypto/gate Revision: a89079c72c5d3408f62bb8beabbb7fc76cfcd569 Log message: PSARC 2005/576 Support for complex cryptographic mechanisms PSARC 2005/630 session, object, and key management kernel crypto API PSARC 2005/656 AES CTR mode for KCF PSARC 2005/659 Hiding members of KCF logical providers 4721729 Support AES Counter mode for encryption 6243992 dprov

how could i install pkcs11 on 64 cent os 5.4 :S it always asking me for pkcs11-helper but i've already installing [root at vpn VpnSetup]# rpmbuild -tb openvpn-2.1.1.tar.gz hata: Failed build dependencies: pkcs11-helper-devel is needed by openvpn-2.1.1-1.x86_64 [root at vpn VpnSetup]# rpm -ivh pkcs11-helper-devel-1.06-2.1.x86_64.rpm uyar??: pkcs11-helper-devel-1.06-2.1.x86_64.rpm:

Hello, The version 0.07 of "PKCS#11 support in OpenSSH" is published. Changes: 1. Updated against OpenSSH 4.3p1. 2. Ignore '\r' at password prompt, cygwin/win32 password prompt support. 3. Workaround for iKey PKCS#11 provider bug. 4. Some minor cleanups. 5. Allow clean merge of Roumen Petrov's X.509 patch (version 5.3) after this one. [[[ The patch-set is too large for

https://bugzilla.mindrot.org/show_bug.cgi?id=2635 Bug ID: 2635 Summary: Unable to use SSH Agent and user level PKCS11Provider configuration directive Product: Portable OpenSSH Version: 7.3p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5

Hello, The version 0.11 of "PKCS#11 support in OpenSSH" is published. Changes: 1. Updated against OpenSSH 4.3p2. 2. Modified against Roumen Petrov's X.509 patch (version 5.4), so self-signed certificates are treated by the X.509 patch now. 3. Added --pkcs11-x509-force-ssh if X.509 patch applied, until some issues with the X.509 patch are resolved. 4. Fixed issues with gcc-2. You

Hi All, The version of "PKCS#11 support in OpenSSH" is ready for download. On download page http://alon.barlev.googlepages.com/openssh-pkcs11 you can find a patch for OpenSSH 4.5p1. Most of PKCS#11 code is now moved to a standalone library which I call pkcs11-helper, this library is used by all projects that I added PKCS#11 support into. The library can be downloaded from:

I find this approach very bad in general.? PKCS#11 standard says that *private* keys should not be accessible without authentication. *Public* keys and certificates of course can and should be accessible with no authentication. SoftHSM misinterpreted this originally (older pkcs11 documents were less clear :), but they rectified this mistake. We should not repeat it.?

https://bugzilla.mindrot.org/show_bug.cgi?id=2682 Bug ID: 2682 Summary: ssh-agent is unable to remove smartcard after introducing whitelist Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Keywords: patch Severity: enhancement Priority:

Some HSM's such as Safenet Network HSM do not allow searching for keys unauthenticated. To support such devices provide a mechanism for users to provide a pin code that is always used to automatically log in to the HSM when using PKCS11. The pin code is read from a file specified by the environment variable SSH_PKCS11_PINFILE if it is set. Tested against Safenet Network HSM. ---

Hello All, As I promised, I've completed and initial patch for openssh PKCS#11 support. The same framework is used also by openvpn. I want to help everyone who assisted during development. This patch is based on the X.509 patch from http://roumenpetrov.info/openssh/ written by Rumen Petrov, supporting PKCS#11 without X.509 looks like a bad idea. *So the first question is: What is the

https://bugzilla.mindrot.org/show_bug.cgi?id=3635 Bug ID: 3635 Summary: ssh-add -s always asks for PKCS#11 PIN Product: Portable OpenSSH Version: 9.0p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh-add Assignee: unassigned-bugs at

Hi all, Thanks for all your hard work! I was particularly excited to see FIDO/U2F support in the latest release. I'd like to make the following bug report in ssh-agent's PKCS#11 support: Steps to reproduce: 1. Configure a smart card (e.g. Yubikey in PIV mode) as an SSH key. 2. Add that key to ssh-agent. 3. Remove that key from ssh-agent. 4. Add that key to ssh-agent. Expected results: