-
Notifications
You must be signed in to change notification settings - Fork 44
/
ChangeLog
201 lines (125 loc) · 5.7 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
pkcs11-helper
Copyright (c) 2005-2022 Alon Bar-Lev <alon.barlev@gmail.com>
????-??-?? - Version 1.31.0
* threading: fix mutex handling for cond_wait, thanks to Gleb Popov.
* mbed: initialize certificate early using mbedtls_x509_crt_init.
2023-12-01 - Version 1.30.0
* core: add dynamic loader provider attribute, thanks to Marc Becker.
* openssl: support DSA in libressl-3.5.0, thanks to Fabrice Fontaine.
* openssl: fix openssl_ex_data_dup prototype, thanks to Sam James for
reporting.
2022-04-21 - Version 1.29.0
* build: do not fail if slot evnets are disabled, thanks to Fabrice Fontaine.
* core: do not assume standard objects supported by provider.
* openssl: set back key into EVP for openssl-3 to work, thanks to apollo13.
2021-12-31 - Version 1.28
* build: openssl: remove RSA_SSLV23_PADDING constant usage due to openssl-3
compatibility, thanks to t0b3.
* build: nss: use nss pkcs11.h, thanks to Fabrice Fontaine.
* build: windows: checksum in PE, thanks to Simon Rozman.
* build: windows: support openssl-1.1.1, thanks to Lev Stipakov.
* mbed: require >=mbedtls-2, mbed dropped polarssl compatibility,
thanks to Uipko Berghuis
* certificate: add methods accept full mechanism, thanks to Selva Nair.
* core: load provider library as private.
* core: add pkcs11h_getProperty, pkcs11h_setProperty to support adding
properties without breaking API.
* core: add pkcs11h_initializeProvider, pkcs11h_registerProvider,
pkcs11h_setProviderProperty, pkcs11h_setProviderPropertyByName to
support adding properties without breaking API thanks to Михалицын Петр.
* core: add initialization arguments property, thanks for Михалицын Петр.
* core: add PKCS11H_PROVIDER_PROPERTY_PROVIDER_DESTRUCT_HOOK.
* session: respect login required token flag.
* certificate: respect always authenticate flag.
2020-11-17 - Version 1.27
* core: handle PIN expiration after C_Login as C_Login may take a while
* core: return explicit success when plugin&play and no threading and no
safefork, thanks to Tunnelblick
2020-01-21 - Version 1.26
* openssl: build with openssl ec disabled
* openssl: support RSA_NO_PADDING padding, thanks to Selva Nair
* core: reduce mutex lock scope of add/remove provider, thanks to Frank Morgner
* core: improve the fork fixup sequence
2018-08-16 - Version 1.25.1
* core: build with threading disabled
2018-08-04 - Version 1.25
* core: do not attempt to initialize provider with fork mode is not safe. Too
many providers do not follow the PKCS#11 spec.
2018-06-15 - Version 1.24
* build: support libressl-2.7
2018-06-02 - Version 1.23
* build: cleanups.
* openssl: rework support 1.1.
2017-02-12 - Version 1.22
* spec: minor cleanups.
2017-01-06 - Version 1.21
* mbedtls: fix missing logic if issur certificate, thanks to Steffan Karger
2016-12-08 - Version 1.20
* polarssl: support polarssl-1.3, thanks to Steffan Karger.
* certificate: ignore certificate object without CKA_ID.
* openssl: fix memory leak, thanks to ASPj.
* openssl: support 1.1 and libressl, thanks to Daiki Ueno.
2013-10-11 - Version 1.11
* openssl: support generic pkey.
* openssl: add dsa support.
* openssl: add ecdsa support, thanks for Sanaullah for testing.
2012-02-29 - Version 1.10
* PolarSSL crypto engine by Adriaan de Jong
* build: --disable-crypto-engine-win32 renamed to --disable-crypto-engine-cryptoapi
* api: PKCS11H_FEATURE_MASK_ENGINE_CRYPTO_WIN32 renamed to
PKCS11H_FEATURE_MASK_ENGINE_CRYPTO_CRYPTOAPI.
* api: PKCS11H_ENGINE_CRYPTO_WIN32 renamed to
PKCS11H_ENGINE_CRYPTO_CRYPTOAPI
2011-08-16 - Version 1.09
* Do not retry if CKR_BUFFER_TOO_SMALL and none NULL target.
* Fixup OpenSSL engine's rsa_priv_enc to use RSA size output buffer.
2011-02-23 - Version 1.08
* Do not attempt to logout if uninitialized, thanks to Jan Just Keijser.
* Use OpenSSL engine's rsa_priv_enc instead of rsa_sign, thanks to Markus
Friedl.
2009-02-27 - Version 1.07
* Minor Win64 fixup.
2008-07-31 - Version 1.06
* Some MinGW build fixups.
* Some BSD build fixups.
* Fix some VC6 issues thanks to Justin Karneges.
* Add version resource for Windows.
2007-10-12 - Version 1.05
* Export pkcs11h_logout().
2007-10-05 - Version 1.04
* Added NSS crypto enigne.
* Added new slotevent mode (poll vs fetch).
* Add more invalid characters to serialization string.
* Fix openssl decrypt return code.
2007-06-13 - Version 1.03
* Autoconf fixups.
* RPM packaging is available, thank to Eddy Nigg.
* Debian packaging is available, thank to Sandro Wefel.
* size_t printf 64bit fixups (debug).
* Certificate session period fixup, thank to Leo Pohl for reporting.
* Block signals for own threads using pthread calls.
* Fixup compilation error when using GnuTLS only environment, thank to
Simon Josefsson.
* Allow several engines to co-exist, so application may select its
favorite.
* Add logout verb.
2007-10-05 - Version 1.02
* Switch to free implementation of PKCS#11 headers.
* First standalone version.
* Fix invalid certificate max size handling (Zeljko Vrba).
* Added object serialization.
* Added user data to hooks.
* Added a force login method.
* Added support for gnutls in addition to openssl.
* Fixup threading lock issues.
* Added support for duplicate serial tokens, based on label.
* Added workaround for OpenSC cards, OpenSC bug#108, thanks to Kaupo Arulo.
* Added a methods to lock session between two sign/decrypt operations.
* Modified openssl interface.
* Added engines for system and crypto to minimize dependencies.
* Added win32 crypto engine.
* Added decrypt option using C_UnwrapKey, thanks for Christoph Neerfeld.
2006-06-26 - Version 1.01
* Fix handling multiple providers.
2006-05-14 - Version 1.00
* First stable release.