pkcs11-helper
Copyright (c) 2005-2022 Alon Bar-Lev <alon.barlev@gmail.com>

????-??-?? - Version 1.31.0
* threading: fix mutex handling for cond_wait, thanks to Gleb Popov.
* mbed: initialize certificate early using mbedtls_x509_crt_init.

2023-12-01 - Version 1.30.0
* core: add dynamic loader provider attribute, thanks to Marc Becker.
* openssl: support DSA in libressl-3.5.0, thanks to Fabrice Fontaine.
* openssl: fix openssl_ex_data_dup prototype, thanks to Sam James for
  reporting.

2022-04-21 - Version 1.29.0

* build: do not fail if slot evnets are disabled, thanks to Fabrice Fontaine.
* core: do not assume standard objects supported by provider.
* openssl: set back key into EVP for openssl-3 to work, thanks to apollo13.

2021-12-31 - Version 1.28

 * build: openssl: remove RSA_SSLV23_PADDING constant usage due to openssl-3
   compatibility, thanks to t0b3.
 * build: nss: use nss pkcs11.h, thanks to Fabrice Fontaine.
 * build: windows: checksum in PE, thanks to Simon Rozman.
 * build: windows: support openssl-1.1.1, thanks to Lev Stipakov.
 * mbed: require >=mbedtls-2, mbed dropped polarssl compatibility,
   thanks to Uipko Berghuis
 * certificate: add methods accept full mechanism, thanks to Selva Nair.
 * core: load provider library as private.
 * core: add pkcs11h_getProperty, pkcs11h_setProperty to support adding
   properties without breaking API.
 * core: add pkcs11h_initializeProvider, pkcs11h_registerProvider,
   pkcs11h_setProviderProperty, pkcs11h_setProviderPropertyByName to
   support adding properties without breaking API thanks to Михалицын Петр.
 * core: add initialization arguments property, thanks for Михалицын Петр.
 * core: add PKCS11H_PROVIDER_PROPERTY_PROVIDER_DESTRUCT_HOOK.
 * session: respect login required token flag.
 * certificate: respect always authenticate flag.

2020-11-17 - Version 1.27

 * core: handle PIN expiration after C_Login as C_Login may take a while
 * core: return explicit success when plugin&play and no threading and no
   safefork, thanks to Tunnelblick

2020-01-21 - Version 1.26

 * openssl: build with openssl ec disabled
 * openssl: support RSA_NO_PADDING padding, thanks to Selva Nair
 * core: reduce mutex lock scope of add/remove provider, thanks to Frank Morgner
 * core: improve the fork fixup sequence

2018-08-16 - Version 1.25.1

 * core: build with threading disabled

2018-08-04 - Version 1.25

 * core: do not attempt to initialize provider with fork mode is not safe. Too
   many providers do not follow the PKCS#11 spec.

2018-06-15 - Version 1.24

 * build: support libressl-2.7

2018-06-02 - Version 1.23

 * build: cleanups.
 * openssl: rework support 1.1.

2017-02-12 - Version 1.22

 * spec: minor cleanups.

2017-01-06 - Version 1.21

 * mbedtls: fix missing logic if issur certificate, thanks to Steffan Karger

2016-12-08 - Version 1.20

 * polarssl: support polarssl-1.3, thanks to Steffan Karger.
 * certificate: ignore certificate object without CKA_ID.
 * openssl: fix memory leak, thanks to ASPj.
 * openssl: support 1.1 and libressl, thanks to Daiki Ueno.

2013-10-11 - Version 1.11

 * openssl: support generic pkey.
 * openssl: add dsa support.
 * openssl: add ecdsa support, thanks for Sanaullah for testing.

2012-02-29 - Version 1.10

 * PolarSSL crypto engine by Adriaan de Jong
 * build: --disable-crypto-engine-win32 renamed to --disable-crypto-engine-cryptoapi 
 * api: PKCS11H_FEATURE_MASK_ENGINE_CRYPTO_WIN32 renamed to
   PKCS11H_FEATURE_MASK_ENGINE_CRYPTO_CRYPTOAPI.
 * api: PKCS11H_ENGINE_CRYPTO_WIN32 renamed to
   PKCS11H_ENGINE_CRYPTO_CRYPTOAPI

2011-08-16 - Version 1.09

 * Do not retry if CKR_BUFFER_TOO_SMALL and none NULL target.
 * Fixup OpenSSL engine's rsa_priv_enc to use RSA size output buffer.

2011-02-23 - Version 1.08

 * Do not attempt to logout if uninitialized, thanks to Jan Just Keijser.
 * Use OpenSSL engine's rsa_priv_enc instead of rsa_sign, thanks to Markus
   Friedl.

2009-02-27 - Version 1.07

 * Minor Win64 fixup.

2008-07-31 - Version 1.06

 * Some MinGW build fixups.

 * Some BSD build fixups.

 * Fix some VC6 issues thanks to Justin Karneges.

 * Add version resource for Windows.

2007-10-12 - Version 1.05

 * Export pkcs11h_logout().

2007-10-05 - Version 1.04

 * Added NSS crypto enigne.

 * Added new slotevent mode (poll vs fetch).

 * Add more invalid characters to serialization string.

 * Fix openssl decrypt return code.

2007-06-13 - Version 1.03

 * Autoconf fixups.

 * RPM packaging is available, thank to Eddy Nigg.

 * Debian packaging is available, thank to Sandro Wefel.

 * size_t printf 64bit fixups (debug).

 * Certificate session period fixup, thank to Leo Pohl for reporting.

 * Block signals for own threads using pthread calls.

 * Fixup compilation error when using GnuTLS only environment, thank to
   Simon Josefsson.

 * Allow several engines to co-exist, so application may select its
   favorite.

 * Add logout verb.

2007-10-05 - Version 1.02

 * Switch to free implementation of PKCS#11 headers.

 * First standalone version.

 * Fix invalid certificate max size handling (Zeljko Vrba).

 * Added object serialization.

 * Added user data to hooks.

 * Added a force login method.

 * Added support for gnutls in addition to openssl.

 * Fixup threading lock issues.

 * Added support for duplicate serial tokens, based on label.

 * Added workaround for OpenSC cards, OpenSC bug#108, thanks to Kaupo Arulo.

 * Added a methods to lock session between two sign/decrypt operations.

 * Modified openssl interface.

 * Added engines for system and crypto to minimize dependencies.

 * Added win32 crypto engine.

 * Added decrypt option using C_UnwrapKey, thanks for Christoph Neerfeld.

2006-06-26 - Version 1.01

 * Fix handling multiple providers.

2006-05-14 - Version 1.00

 * First stable release.