libp11-0.4.12

New in 0.4.12; 2022-07-15; Michał Trojnara

• Fixed using an explicitly provided PIN regardless of the secure login flag (Alon Bar-Lev)
• Fixed RSA_PKCS1_PADDING handling (Michał Trojnara)
• Fixed a crash on LLP64, including 64-bit Windows (Małgorzata Olszówka)
• Fixed searching objects when both ID and label are specified (minfrin)
• Fixed the OAEP "source" parameter (S-P Chan)
• Fixed object searching by label (Michał Trojnara)
• Fixed thread safety in slot enumeration (Michał Trojnara)
• Fixed storing certificates on tokens (Mateusz Kwiatkowski)
• Fixed several memory leaks (Michał Trojnara, Jakub Jelen, Timo Teräs)
• Fixed OpenSSL 3.0 compatibility (Jakub Jelen)
• Fixed LibreSSL compatibility (orbea, patchMonkey156)
• Major concurrency improvements and refactoring (Timo Teräs)
• Added re-numeration of slots as an engine control command (Markus Koetter)
• Added the PKCS11_update_slots() API function (Timo Teräs)
• Added support for the SHA3 hash function (alegon01)
• Added a self-test for engine RSA operations (Uri Blumenthal)

libp11-0.4.11

New in 0.4.11; 2020-10-11; Michał Trojnara

• Fixed "EVP_PKEY_derive:buffer too small" EC errors (Luka Logar)
• Fixed various memory leaks (Mateusz Kwiatkowski)
• Fixed Windows VERSIONINFO (Pavol Misik)
• Fixed builds with OpenSSL older than 1.0.2 (Michał Trojnara)
• Fixed a double free in EVP_PKEY_meth_free() (Mikhail Durnev)
• Added CKA_VALUE_LEN to EC key derivation template (Michał Trojnara)
• Fixed handling keys without label attribute (efternavn)
• Updated the tests (Anderson Toshiyuki Sasaki)
• Made ECDH-derived keys extractable (Bent Bisballe Nyeng)
• Added support for pin-source within PKCS#11 URI (Stanislav Levin)
• Improved LibreSSL compatibility (patchMonkey156)
• Fixed handling RSA private keys in BIND (Stanislav Levin)
• Added macOS testing support (Stanislav Levin)
• Fixed engine object search algorithm (Anderson Toshiyuki Sasaki)

libp11-0.4.10

New in 0.4.10; 2019-04-03; Michał Trojnara

• Added EC signing through EVP API (Bryan Hunt)
• Added an empty EC private key required by OpenSSL 1.1.1 (Doug Engert)
• Stored additional certificate attributes (FdLSifu, Michał Trojnara)
• Engine allowed to use private keys without a PIN (Michał Trojnara)
• Lazy binding used as a workaround for buggy modules (Michał Trojnara)
• MinGW build fixes and documentation (Michał Trojnara)
• LibreSSL 2.8.3 build fixes (patchMonkey156)
• Error handling fixes (Michał Trojnara)

libp11-0.4.9

New in 0.4.9; 2018-09-03; Michał Trojnara

• Fixed EVP_PKEY ENGINE reference count with the EC EVP_PKEY_METHOD
  (Michał Trojnara, Anderson Sasaki)
• Fixed a leak of RSA object in pkcs11_store_key() (lbonn)
• Added atfork checks for RSA and EC_KEY methods (Michał Trojnara)

libp11-0.4.8

New in 0.4.8; 2018-08-05; Michał Trojnara

• RSA key generation on the token (n3wtron)
• PSS signature support (Doug Engert, Michał Trojnara)
• RSA-OAEP and RSA-PKCS encryption support (Mouse, Michał Trojnara)
• Engine no longer set as default for all methods (Anderson Sasaki)
• Added PKCS11_remove_key and PKCS11_remove_certificate (n3wtron)
• Added PKCS11_find_next_token interface (Frank Morgner)
• Added support for OpenSSL 1.1.1 beta (Michał Trojnara)
• Removed support for OpenSSL 0.9.8 (Michał Trojnara)
• Case insensitive PKCS#11 URI scheme (Anderson Sasaki)
• Testing framework improvements (Anderson Sasaki)
• Coverity scanning and defect fixes (Frank Morgner)
• Backward compatibility for new error handling introduced in libp11 0.4.7 (Michał Trojnara)
• Memory leak fixes (Frank Morgner, Doug Engert)
• Added an integer overflow protection (Eric Sesterhenn, Michał Trojnara)
• Several bugfixes (Michał Trojnara, Emmanuel Deloget, Anderson Sasaki)

libp11-0.4.7

New in 0.4.7; 2017-07-03; Michał Trojnara

• Added OpenSSL-style engine error reporting (Michał Trojnara)
• Added the FORCE_LOGIN engine ctrl command (Michał Trojnara)
• Implemented the QUIET engine ctrl command (Michał Trojnara)
• Modified CKU_CONTEXT_SPECIFIC PIN requests to be based
  on the CKA_ALWAYS_AUTHENTICATE attribute rather than the
  CKR_USER_NOT_LOGGED_IN error (Michał Trojnara)
• Fixed printing hex values (Michał Trojnara)
• Fixed build error with OPENSSL_NO_EC (Kai Kang)

libp11-0.4.6

• Updated ex_data on EVP_PKEYs after enumerating keys (Matt Hauck)
• Token/key labels added into PIN prompts (Matt Hauck)

libp11-0.4.5

• Prevented destroying existing keys/certs at login (Michał Trojnara)
• Fixed synchronization of PKCS#11 module calls (Matt Hauck)
• Added LibreSSL compatibility (Bernard Spil)
• Added SET_USER_INTERFACE and SET_CALLBACK_DATA engine ctrl commands
  for certificate and CKU_CONTEXT_SPECIFIC PINs (Michał Trojnara)
• Fixed error handling in RSA key generation (Michał Trojnara)

libp11-0.4.4

• Fixed a state reset caused by re-login on LOAD_CERT_CTRL engine ctrl;
  fixes #141 (Michał Trojnara)
• "?" and "&" allowed as URI separators; fixes #142 (Michał Trojnara)
• engine: Unified private/public key and certificate enumeration
  to be performed without login if possible (Michał Trojnara)

libp11-0.4.3

• Use UI to get CKU_CONTEXT_SPECIFIC PINs (Michał Trojnara)
• Added graceful handling of alien (non-PKCS#11) keys (Michał Trojnara)
• Added symbol versioning (Nikos Mavrogiannopoulos)
• Soname tied with with the OpenSSL soname (Nikos Mavrogiannopoulos)
• Added MSYS2, Cygwin, and MinGW/MSYS support (Paweł Witas)
• Workaround implemented for a deadlock in PKCS#11 modules that
  internally use OpenSSL engines (Michał Trojnara, Paweł Witas)
• Fixed an EVP_PKEY reference count leak (David Woodhouse)
• Fixed OpenSSL 1.1.x crash in public RSA methods (Doug Engert,
  Michał Trojnara)
• Fixed OpenSSL 1.1.x builds (Nikos Mavrogiannopoulos, Michał Trojnara)
• Fixed retrieving PIN values from certificate URIs (Andrei Korikov)
• Fixed symlink installation (Alon Bar-Lev)