Blob Blame History Raw
NEWS for Libp11 -- History of user visible changes

New in 0.4.10; 2019-04-03; Michał Trojnara
* Added EC signing through EVP API (Bryan Hunt)
* Added an empty EC private key required by OpenSSL 1.1.1 (Doug Engert)
* Stored additional certificate attributes (FdLSifu, Michał Trojnara)
* Engine allowed to use private keys without a PIN (Michał Trojnara)
* Lazy binding used as a workaround for buggy modules (Michał Trojnara)
* MinGW build fixes and documentation (Michał Trojnara)
* LibreSSL 2.8.3 build fixes (patchMonkey156)
* Error handling fixes (Michał Trojnara)

New in 0.4.9; 2018-09-03; Michał Trojnara
* Fixed EVP_PKEY ENGINE reference count with the EC EVP_PKEY_METHOD
  (Michał Trojnara, Anderson Sasaki)
* Fixed a leak of RSA object in pkcs11_store_key() (lbonn)
* Added atfork checks for RSA and EC_KEY methods (Michał Trojnara)

New in 0.4.8; 2018-08-05; Michał Trojnara
* RSA key generation on the token (n3wtron)
* PSS signature support (Doug Engert, Michał Trojnara)
* RSA-OAEP and RSA-PKCS encryption support (Mouse, Michał Trojnara)
* Engine no longer set as default for all methods (Anderson Sasaki)
* Added PKCS11_remove_key and PKCS11_remove_certificate (n3wtron)
* Added PKCS11_find_next_token interface (Frank Morgner)
* Added support for OpenSSL 1.1.1 beta (Michał Trojnara)
* Removed support for OpenSSL 0.9.8 (Michał Trojnara)
* Case insensitive PKCS#11 URI scheme (Anderson Sasaki)
* Testing framework improvements (Anderson Sasaki)
* Coverity scanning and defect fixes (Frank Morgner)
* Backward compatibility for new error handling introduced
  in libp11 0.4.7 (Michał Trojnara)
* Memory leak fixes (Frank Morgner, Doug Engert)
* Added an integer overflow protection (Eric Sesterhenn, Michał Trojnara)
* Several bugfixes (Michał Trojnara, Emmanuel Deloget, Anderson Sasaki)

New in 0.4.7; 2017-07-03; Michał Trojnara
* Added OpenSSL-style engine error reporting (Michał Trojnara)
* Added the FORCE_LOGIN engine ctrl command (Michał Trojnara)
* Implemented the QUIET engine ctrl command (Michał Trojnara)
* Modified CKU_CONTEXT_SPECIFIC PIN requests to be based
  on the CKA_ALWAYS_AUTHENTICATE attribute rather than the
  CKR_USER_NOT_LOGGED_IN error (Michał Trojnara)
* Fixed printing hex values (Michał Trojnara)
* Fixed build error with OPENSSL_NO_EC (Kai Kang)

New in 0.4.6; 2017-04-23; Michał Trojnara
* Updated ex_data on EVP_PKEYs after enumerating keys (Matt Hauck)
* Token/key labels added into PIN prompts (Matt Hauck)

New in 0.4.5; 2017-03-29; Michał Trojnara
* Prevented destroying existing keys/certs at login (Michał Trojnara)
* Fixed synchronization of PKCS#11 module calls (Matt Hauck)
* Added LibreSSL compatibility (Bernard Spil)
* Added SET_USER_INTERFACE and SET_CALLBACK_DATA engine ctrl commands
  for certificate and CKU_CONTEXT_SPECIFIC PINs (Michał Trojnara)
* Fixed error handling in RSA key generation (Michał Trojnara)

New in 0.4.4; 2017-01-26; Michał Trojnara
* Fixed a state reset caused by re-login on LOAD_CERT_CTRL engine ctrl;
  fixes #141 (Michał Trojnara)
* "?" and "&" allowed as URI separators; fixes #142 (Michał Trojnara)
* engine: Unified private/public key and certificate enumeration
  to be performed without login if possible (Michał Trojnara)

New in 0.4.3; 2016-12-04; Michał Trojnara
* Use UI to get CKU_CONTEXT_SPECIFIC PINs (Michał Trojnara)
* Added graceful handling of alien (non-PKCS#11) keys (Michał Trojnara)
* Added symbol versioning (Nikos Mavrogiannopoulos)
* Soname tied with with the OpenSSL soname (Nikos Mavrogiannopoulos)
* Added MSYS2, Cygwin, and MinGW/MSYS support (Paweł Witas)
* Workaround implemented for a deadlock in PKCS#11 modules that
  internally use OpenSSL engines (Michał Trojnara, Paweł Witas)
* Fixed an EVP_PKEY reference count leak (David Woodhouse)
* Fixed OpenSSL 1.1.x crash in public RSA methods (Doug Engert,
  Michał Trojnara)
* Fixed OpenSSL 1.1.x builds (Nikos Mavrogiannopoulos, Michał Trojnara)
* Fixed retrieving PIN values from certificate URIs (Andrei Korikov)
* Fixed symlink installation (Alon Bar-Lev)

New in 0.4.2; 2016-09-25; Michał Trojnara
* Fixed a 0.4.0 regression bug causing the engine finish function to
  remove any configured engine parameters; fixes #104 (Michał Trojnara)

New in 0.4.1; 2016-09-17; Michał Trojnara
* Use enginesdir provided by libcrypto.pc if available (David Woodhouse)
* Certificate cache destroyed on login/logout (David Woodhouse)
* Fixed accessing certificates marked as CKA_PRIVATE (David Woodhouse)
* Directly included libp11 code into the engine (Matt Hauck)
* Fixed handling simultaneous make jobs (Derek Straka)
* Reverted an old hack that broke engine initialization (Michał Trojnara)
* Fixed loading of multiple keys due to unneeded re-logging (Matt Hauck)
* Makefile fixes and improvements (Nikos Mavrogiannopoulos)
* Fixed several certificate selection bugs (Michał Trojnara)
* The signed message digest is truncated if it is too long for the
  signing curve (David von Oheimb)
* Workaround for broken PKCS#11 modules not returning CKA_EC_POINT
  in the ASN1_OCTET_STRING format (Michał Trojnara)
* OpenSSL 1.1.0 build fixes (Michał Trojnara)

New in 0.4.0; 2016-03-28; Michał Trojnara
* Merged engine_pkcs11 (Michał Trojnara)
* Added ECDSA support for OpenSSL < 1.0.2 (Michał Trojnara)
* Added ECDH key derivation support (Doug Engert and Michał Trojnara)
* Added support for RSA_NO_PADDING RSA private key decryption, used
  by OpenSSL for various features including OAEP (Michał Trojnara)
* Added support for the ANSI X9.31 (RSA_X931_PADDING) RSA padding
  (Michał Trojnara)
* Added support for RSA encryption (not only signing) (Michał Trojnara)
* Added CKA_ALWAYS_AUTHENTICATE support (Michał Trojnara)
* Fixed double locking the global engine lock (Michał Trojnara)
* Fixed incorrect errors reported on signing/encryption/decryption
  (Michał Trojnara)
* Fixed deadlocks in keys and certificates listing (Brian Hinz)
* Use PKCS11_MODULE_PATH environment variable (Doug Engert)
* Added support for building against OpenSSL 1.1.0-dev (Doug Engert)
* Returned EVP_PKEY objects are no longer "const" (Michał Trojnara)
* Fixed building against OpenSSL 0.9.8 (Michał Trojnara)
* Removed support for OpenSSL 0.9.7 (Michał Trojnara)

New in 0.3.1; 2016-01-22; Michał Trojnara
* Added PKCS11_is_logged_in to the API (Mikhail Denisenko)
* Added PKCS11_enumerate_public_keys to the API (Michał Trojnara)
* Fixed EVP_PKEY handling of public keys (Michał Trojnara)
* Added thread safety based on OpenSSL dynamic locks (Michał Trojnara)
* A private index is allocated for ex_data access (RSA and ECDSA classes)
  instead of using the reserved index zero (app_data) (Michał Trojnara)
* Fixes in reinitialization after fork; addresses #39
  (Michał Trojnara)
* Improved searching for dlopen() (Christoph Moench-Tegeder)
* MSVC build fixes (Michał Trojnara)
* Fixed memory leaks in pkcs11_get_evp_key_rsa() (Michał Trojnara)

New in 0.3.0; 2015-10-09; Nikos Mavrogiannopoulos
* Added small test suite based on softhsm (run on make check)
* Memory leak fixes (Christian Heimes)
* On module initialization tell the module to that the OS locking
  primitives are OK to use (Mike Gerow)
* Transparently handle applications that fork. That is call C_Initialize()
  and reopen any handles if a fork is detected.
* Eliminated any hard coded limits for certificate size (Doug Engert)
* Added support for ECDSA (Doug Engert)
* Allow RSA_NO_PADDING padding mode in PKCS11_private_encrypt
  (Stephane Adenot)
* Eliminated several hard-coded limits in parameter sizes.

New in 0.2.8; 2011-04-15; Martin Paljak
* Bumped soname for PKCS11_token struct size changes (Martin Paljak).
* Display the number of available slots (Ludovic Rousseau).
* Add openssl libcrypto to pkg-config private libs list (Kalev Lember).
* Fix building examples with --no-add-needed which is the default in Fedora
  (Kalev Lember).
* Expose more token flags in PKCS11_token structure (Kalev Lember).
* Check that private data is not NULL in pkcs11_release_slot (Robin Bryce,
  ticket #137).

New in 0.2.7; 2009-10-20; Andreas Jellinghaus
* If CKR_CRYPTOKI_ALREADY_INITIALIZED is returned from C_Initialize(): ignore. 
  (Needed for unloaded/reloaded engines e.g. in wpa_supplicant.) By David Smith.

New in 0.2.6; 2009-07-22; Andreas Jellinghaus
* Fix new version: add new symbol to export file
* fix building on MSVC plattform

New in 0.2.5; 2009-06-15; Andreas Jellinghaus
* Add function to export the slot id (Douglas E. Engert).
* Increase library version because of the new function.

New in 0.2.4; 2008-07-31; Andreas Jellinghaus
* Build system rewritten (NOTICE: configure options was modified). 
  The build system can produce outputs for *NIX, cygwin and native
  windows (using mingw).
* added PKCS11_CTX_init_args (David Smith).
* fix segfault in init_args code.
* implemented PKCS11_private_encrypt (with PKCS11_sign now based on it)
  (Arnaud Ebalard)

New in 0.2.3; 2007-07-11; Andreas Jellinghaus
* update wiki export script (add images, fix links).
* replaced rsa header files from rsalabs (official) with scute (open source).
* mark internal functions as static.
* add code to store public keys and generate keys.