NEWS for Libp11 -- History of user visible changes New in 0.4.10; 2019-04-03; Michał Trojnara * Added EC signing through EVP API (Bryan Hunt) * Added an empty EC private key required by OpenSSL 1.1.1 (Doug Engert) * Stored additional certificate attributes (FdLSifu, Michał Trojnara) * Engine allowed to use private keys without a PIN (Michał Trojnara) * Lazy binding used as a workaround for buggy modules (Michał Trojnara) * MinGW build fixes and documentation (Michał Trojnara) * LibreSSL 2.8.3 build fixes (patchMonkey156) * Error handling fixes (Michał Trojnara) New in 0.4.9; 2018-09-03; Michał Trojnara * Fixed EVP_PKEY ENGINE reference count with the EC EVP_PKEY_METHOD (Michał Trojnara, Anderson Sasaki) * Fixed a leak of RSA object in pkcs11_store_key() (lbonn) * Added atfork checks for RSA and EC_KEY methods (Michał Trojnara) New in 0.4.8; 2018-08-05; Michał Trojnara * RSA key generation on the token (n3wtron) * PSS signature support (Doug Engert, Michał Trojnara) * RSA-OAEP and RSA-PKCS encryption support (Mouse, Michał Trojnara) * Engine no longer set as default for all methods (Anderson Sasaki) * Added PKCS11_remove_key and PKCS11_remove_certificate (n3wtron) * Added PKCS11_find_next_token interface (Frank Morgner) * Added support for OpenSSL 1.1.1 beta (Michał Trojnara) * Removed support for OpenSSL 0.9.8 (Michał Trojnara) * Case insensitive PKCS#11 URI scheme (Anderson Sasaki) * Testing framework improvements (Anderson Sasaki) * Coverity scanning and defect fixes (Frank Morgner) * Backward compatibility for new error handling introduced in libp11 0.4.7 (Michał Trojnara) * Memory leak fixes (Frank Morgner, Doug Engert) * Added an integer overflow protection (Eric Sesterhenn, Michał Trojnara) * Several bugfixes (Michał Trojnara, Emmanuel Deloget, Anderson Sasaki) New in 0.4.7; 2017-07-03; Michał Trojnara * Added OpenSSL-style engine error reporting (Michał Trojnara) * Added the FORCE_LOGIN engine ctrl command (Michał Trojnara) * Implemented the QUIET engine ctrl command (Michał Trojnara) * Modified CKU_CONTEXT_SPECIFIC PIN requests to be based on the CKA_ALWAYS_AUTHENTICATE attribute rather than the CKR_USER_NOT_LOGGED_IN error (Michał Trojnara) * Fixed printing hex values (Michał Trojnara) * Fixed build error with OPENSSL_NO_EC (Kai Kang) New in 0.4.6; 2017-04-23; Michał Trojnara * Updated ex_data on EVP_PKEYs after enumerating keys (Matt Hauck) * Token/key labels added into PIN prompts (Matt Hauck) New in 0.4.5; 2017-03-29; Michał Trojnara * Prevented destroying existing keys/certs at login (Michał Trojnara) * Fixed synchronization of PKCS#11 module calls (Matt Hauck) * Added LibreSSL compatibility (Bernard Spil) * Added SET_USER_INTERFACE and SET_CALLBACK_DATA engine ctrl commands for certificate and CKU_CONTEXT_SPECIFIC PINs (Michał Trojnara) * Fixed error handling in RSA key generation (Michał Trojnara) New in 0.4.4; 2017-01-26; Michał Trojnara * Fixed a state reset caused by re-login on LOAD_CERT_CTRL engine ctrl; fixes #141 (Michał Trojnara) * "?" and "&" allowed as URI separators; fixes #142 (Michał Trojnara) * engine: Unified private/public key and certificate enumeration to be performed without login if possible (Michał Trojnara) New in 0.4.3; 2016-12-04; Michał Trojnara * Use UI to get CKU_CONTEXT_SPECIFIC PINs (Michał Trojnara) * Added graceful handling of alien (non-PKCS#11) keys (Michał Trojnara) * Added symbol versioning (Nikos Mavrogiannopoulos) * Soname tied with with the OpenSSL soname (Nikos Mavrogiannopoulos) * Added MSYS2, Cygwin, and MinGW/MSYS support (Paweł Witas) * Workaround implemented for a deadlock in PKCS#11 modules that internally use OpenSSL engines (Michał Trojnara, Paweł Witas) * Fixed an EVP_PKEY reference count leak (David Woodhouse) * Fixed OpenSSL 1.1.x crash in public RSA methods (Doug Engert, Michał Trojnara) * Fixed OpenSSL 1.1.x builds (Nikos Mavrogiannopoulos, Michał Trojnara) * Fixed retrieving PIN values from certificate URIs (Andrei Korikov) * Fixed symlink installation (Alon Bar-Lev) New in 0.4.2; 2016-09-25; Michał Trojnara * Fixed a 0.4.0 regression bug causing the engine finish function to remove any configured engine parameters; fixes #104 (Michał Trojnara) New in 0.4.1; 2016-09-17; Michał Trojnara * Use enginesdir provided by libcrypto.pc if available (David Woodhouse) * Certificate cache destroyed on login/logout (David Woodhouse) * Fixed accessing certificates marked as CKA_PRIVATE (David Woodhouse) * Directly included libp11 code into the engine (Matt Hauck) * Fixed handling simultaneous make jobs (Derek Straka) * Reverted an old hack that broke engine initialization (Michał Trojnara) * Fixed loading of multiple keys due to unneeded re-logging (Matt Hauck) * Makefile fixes and improvements (Nikos Mavrogiannopoulos) * Fixed several certificate selection bugs (Michał Trojnara) * The signed message digest is truncated if it is too long for the signing curve (David von Oheimb) * Workaround for broken PKCS#11 modules not returning CKA_EC_POINT in the ASN1_OCTET_STRING format (Michał Trojnara) * OpenSSL 1.1.0 build fixes (Michał Trojnara) New in 0.4.0; 2016-03-28; Michał Trojnara * Merged engine_pkcs11 (Michał Trojnara) * Added ECDSA support for OpenSSL < 1.0.2 (Michał Trojnara) * Added ECDH key derivation support (Doug Engert and Michał Trojnara) * Added support for RSA_NO_PADDING RSA private key decryption, used by OpenSSL for various features including OAEP (Michał Trojnara) * Added support for the ANSI X9.31 (RSA_X931_PADDING) RSA padding (Michał Trojnara) * Added support for RSA encryption (not only signing) (Michał Trojnara) * Added CKA_ALWAYS_AUTHENTICATE support (Michał Trojnara) * Fixed double locking the global engine lock (Michał Trojnara) * Fixed incorrect errors reported on signing/encryption/decryption (Michał Trojnara) * Fixed deadlocks in keys and certificates listing (Brian Hinz) * Use PKCS11_MODULE_PATH environment variable (Doug Engert) * Added support for building against OpenSSL 1.1.0-dev (Doug Engert) * Returned EVP_PKEY objects are no longer "const" (Michał Trojnara) * Fixed building against OpenSSL 0.9.8 (Michał Trojnara) * Removed support for OpenSSL 0.9.7 (Michał Trojnara) New in 0.3.1; 2016-01-22; Michał Trojnara * Added PKCS11_is_logged_in to the API (Mikhail Denisenko) * Added PKCS11_enumerate_public_keys to the API (Michał Trojnara) * Fixed EVP_PKEY handling of public keys (Michał Trojnara) * Added thread safety based on OpenSSL dynamic locks (Michał Trojnara) * A private index is allocated for ex_data access (RSA and ECDSA classes) instead of using the reserved index zero (app_data) (Michał Trojnara) * Fixes in reinitialization after fork; addresses #39 (Michał Trojnara) * Improved searching for dlopen() (Christoph Moench-Tegeder) * MSVC build fixes (Michał Trojnara) * Fixed memory leaks in pkcs11_get_evp_key_rsa() (Michał Trojnara) New in 0.3.0; 2015-10-09; Nikos Mavrogiannopoulos * Added small test suite based on softhsm (run on make check) * Memory leak fixes (Christian Heimes) * On module initialization tell the module to that the OS locking primitives are OK to use (Mike Gerow) * Transparently handle applications that fork. That is call C_Initialize() and reopen any handles if a fork is detected. * Eliminated any hard coded limits for certificate size (Doug Engert) * Added support for ECDSA (Doug Engert) * Allow RSA_NO_PADDING padding mode in PKCS11_private_encrypt (Stephane Adenot) * Eliminated several hard-coded limits in parameter sizes. New in 0.2.8; 2011-04-15; Martin Paljak * Bumped soname for PKCS11_token struct size changes (Martin Paljak). * Display the number of available slots (Ludovic Rousseau). * Add openssl libcrypto to pkg-config private libs list (Kalev Lember). * Fix building examples with --no-add-needed which is the default in Fedora (Kalev Lember). * Expose more token flags in PKCS11_token structure (Kalev Lember). * Check that private data is not NULL in pkcs11_release_slot (Robin Bryce, ticket #137). New in 0.2.7; 2009-10-20; Andreas Jellinghaus * If CKR_CRYPTOKI_ALREADY_INITIALIZED is returned from C_Initialize(): ignore. (Needed for unloaded/reloaded engines e.g. in wpa_supplicant.) By David Smith. New in 0.2.6; 2009-07-22; Andreas Jellinghaus * Fix new version: add new symbol to export file * fix building on MSVC plattform New in 0.2.5; 2009-06-15; Andreas Jellinghaus * Add function to export the slot id (Douglas E. Engert). * Increase library version because of the new function. New in 0.2.4; 2008-07-31; Andreas Jellinghaus * Build system rewritten (NOTICE: configure options was modified). The build system can produce outputs for *NIX, cygwin and native windows (using mingw). * added PKCS11_CTX_init_args (David Smith). * fix segfault in init_args code. * implemented PKCS11_private_encrypt (with PKCS11_sign now based on it) (Arnaud Ebalard) New in 0.2.3; 2007-07-11; Andreas Jellinghaus * update wiki export script (add images, fix links). * replaced rsa header files from rsalabs (official) with scute (open source). * allow CKR_USER_ALREADY_LOGGED_IN on C_Login. * mark internal functions as static. * add code to store public keys and generate keys.