NEWS

NEWS for Libp11 -- History of user visible changes

New in 0.4.4; unreleased

New in 0.4.3; 2016-12-04; Michał Trojnara
* Use UI to get CKU_CONTEXT_SPECIFIC PINs (Michał Trojnara)
* Added graceful handling of alien (non-PKCS#11) keys (Michał Trojnara)
* Added symbol versioning (Nikos Mavrogiannopoulos)
* Soname tied with with the OpenSSL soname (Nikos Mavrogiannopoulos)
* Added MSYS2, Cygwin, and MinGW/MSYS support (Paweł Witas)
* Workaround implemented for a deadlock in PKCS#11 modules that
  internally use OpenSSL engines (Michał Trojnara, Paweł Witas)
* Fixed an EVP_PKEY reference count leak (David Woodhouse)
* Fixed OpenSSL 1.1.x crash in public RSA methods (Doug Engert,
  Michał Trojnara)
* Fixed OpenSSL 1.1.x builds (Nikos Mavrogiannopoulos, Michał Trojnara)
* Fixed retrieving PIN values from certificate URIs (Andrei Korikov)
* Fixed symlink installation (Alon Bar-Lev)

New in 0.4.2; 2016-09-25; Michał Trojnara
* Fixed a 0.4.0 regression bug causing the engine finish function to
  remove any configured engine parameters; fixes #104 (Michał Trojnara)

New in 0.4.1; 2016-09-17; Michał Trojnara
* Use enginesdir provided by libcrypto.pc if available (David Woodhouse)
* Certificate cache destroyed on login/logout (David Woodhouse)
* Fixed accessing certificates marked as CKA_PRIVATE (David Woodhouse)
* Directly included libp11 code into the engine (Matt Hauck)
* Fixed handling simultaneous make jobs (Derek Straka)
* Reverted an old hack that broke engine initialization (Michał Trojnara)
* Fixed loading of multiple keys due to unneeded re-logging (Matt Hauck)
* Makefile fixes and improvements (Nikos Mavrogiannopoulos)
* Fixed several certificate selection bugs (Michał Trojnara)
* The signed message digest is truncated if it is too long for the
  signing curve (David von Oheimb)
* Workaround for broken PKCS#11 modules not returning CKA_EC_POINT
  in the ASN1_OCTET_STRING format (Michał Trojnara)
* OpenSSL 1.1.0 build fixes (Michał Trojnara)

New in 0.4.0; 2016-03-28; Michał Trojnara
* Merged engine_pkcs11 (Michał Trojnara)
* Added ECDSA support for OpenSSL < 1.0.2 (Michał Trojnara)
* Added ECDH key derivation support (Doug Engert and Michał Trojnara)
* Added support for RSA_NO_PADDING RSA private key decryption, used
  by OpenSSL for various features including OAEP (Michał Trojnara)
* Added support for the ANSI X9.31 (RSA_X931_PADDING) RSA padding
  (Michał Trojnara)
* Added support for RSA encryption (not only signing) (Michał Trojnara)
* Added CKA_ALWAYS_AUTHENTICATE support (Michał Trojnara)
* Fixed double locking the global engine lock (Michał Trojnara)
* Fixed incorrect errors reported on signing/encryption/decryption
  (Michał Trojnara)
* Fixed deadlocks in keys and certificates listing (Brian Hinz)
* Use PKCS11_MODULE_PATH environment variable (Doug Engert)
* Added support for building against OpenSSL 1.1.0-dev (Doug Engert)
* Returned EVP_PKEY objects are no longer "const" (Michał Trojnara)
* Fixed building against OpenSSL 0.9.8 (Michał Trojnara)
* Removed support for OpenSSL 0.9.7 (Michał Trojnara)

New in 0.3.1; 2016-01-22; Michał Trojnara
* Added PKCS11_is_logged_in to the API (Mikhail Denisenko)
* Added PKCS11_enumerate_public_keys to the API (Michał Trojnara)
* Fixed EVP_PKEY handling of public keys (Michał Trojnara)
* Added thread safety based on OpenSSL dynamic locks (Michał Trojnara)
* A private index is allocated for ex_data access (RSA and ECDSA classes)
  instead of using the reserved index zero (app_data) (Michał Trojnara)
* Fixes in reinitialization after fork; addresses #39
  (Michał Trojnara)
* Improved searching for dlopen() (Christoph Moench-Tegeder)
* MSVC build fixes (Michał Trojnara)
* Fixed memory leaks in pkcs11_get_evp_key_rsa() (Michał Trojnara)

New in 0.3.0; 2015-10-09; Nikos Mavrogiannopoulos
* Added small test suite based on softhsm (run on make check)
* Memory leak fixes (Christian Heimes)
* On module initialization tell the module to that the OS locking
  primitives are OK to use (Mike Gerow)
* Transparently handle applications that fork. That is call C_Initialize()
  and reopen any handles if a fork is detected.
* Eliminated any hard coded limits for certificate size (Doug Engert)
* Added support for ECDSA (Doug Engert)
* Allow RSA_NO_PADDING padding mode in PKCS11_private_encrypt
  (Stephane Adenot)
* Eliminated several hard-coded limits in parameter sizes.

New in 0.2.8; 2011-04-15; Martin Paljak
* Bumped soname for PKCS11_token struct size changes (Martin Paljak).
* Display the number of available slots (Ludovic Rousseau).
* Add openssl libcrypto to pkg-config private libs list (Kalev Lember).
* Fix building examples with --no-add-needed which is the default in Fedora
  (Kalev Lember).
* Expose more token flags in PKCS11_token structure (Kalev Lember).
* Check that private data is not NULL in pkcs11_release_slot (Robin Bryce,
  ticket #137).

New in 0.2.7; 2009-10-20; Andreas Jellinghaus
* If CKR_CRYPTOKI_ALREADY_INITIALIZED is returned from C_Initialize(): ignore. 
  (Needed for unloaded/reloaded engines e.g. in wpa_supplicant.) By David Smith.

New in 0.2.6; 2009-07-22; Andreas Jellinghaus
* Fix new version: add new symbol to export file
* fix building on MSVC plattform

New in 0.2.5; 2009-06-15; Andreas Jellinghaus
* Add function to export the slot id (Douglas E. Engert).
* Increase library version because of the new function.

New in 0.2.4; 2008-07-31; Andreas Jellinghaus
* Build system rewritten (NOTICE: configure options was modified). 
  The build system can produce outputs for *NIX, cygwin and native
  windows (using mingw).
* added PKCS11_CTX_init_args (David Smith).
* fix segfault in init_args code.
* implemented PKCS11_private_encrypt (with PKCS11_sign now based on it)
  (Arnaud Ebalard)

New in 0.2.3; 2007-07-11; Andreas Jellinghaus
* update wiki export script (add images, fix links).
* replaced rsa header files from rsalabs (official) with scute (open source).
* allow CKR_USER_ALREADY_LOGGED_IN on C_Login.
* mark internal functions as static.
* add code to store public keys and generate keys.