NEWS for SoftHSM -- History of user visible changes

SoftHSM 2.1.0 - 2016-03-14

* Issue #136: Improved guide and build scripts for Windows.
  (Thanks to Jaroslav Imrich)
* Issue #144: The password prompt in softhsm2-util can now be
  interrupted (ctrl-c).
* Issue #166: Add slots.removable config option.
  (Patch from Sumit Bose)
* Issue #180: Windows configure script improvements.
  (Patch from Arnaud Grandville)

Bugfixes:
* Issue #128: Prioritize the return values in C_GetAttributeValue.
  (Patch from Nicholas Wilson)
* Issue #129: Fix errors reported by Visual Studio 2015.
  (Patch from Jaroslav Imrich)
* Issue #132: Handle the CKA_CHECK_VALUE correctly for certificates
  and symmetric key objects.
* Issue #154: Fix the Windows build and destruction order of objects.
  (Patch from Arnaud Grandville)
* Issue #162: Not possible to create certificate objects containing
  CKA_CERTIFICATE_CATEGORY, CKA_NAME_HASH_ALGORITHM, or
  CKA_JAVA_MIDP_SECURITY_DOMAIN.
* Issue #163: Do not attempt decryption of empty byte strings.
  (Patch from Michal Kepien)
* Issue #165: Minor changes after a PVS-Studio code analysis, and
  C_EncryptUpdate crash if no ciphered data is produced.
  (Patch from Arnaud Grandville)
* Issue #169: One-byte buffer overflow in call to EVP_DecryptUpdate.
* Issue #171: Problem while closing library that is initialized but
  improperly finalized.
* Issue #173: Adjust return values for the template parsing.
* Issue #174: C_DeriveKey() error with leading zero bytes.
* Issue #177: CKA_NEVER_EXTRACTABLE set to CK_FALSE on objects
  created with C_CreateObject.
* Issue #182: Resolve compiler warning.
  (Patch from Josh Datko)
* Issue #184: Stop discarding the global OpenSSL libcrypto state.
  (Patch from Michal Trojnara)
* SOFTHSM-123: Fix library cleanup on BSD.


SoftHSM 2.0.0 - 2015-07-17

* SOFTHSM-121: Test cases for C_DecryptUpdate/C_DecryptFinal.
* Support C_DecryptUpdate/C_DecryptFinal for symmetric algorithms.
  (Patch from Thomas Calderon)

Bugfixes:
* SOFTHSM-120: Segfault after renaming variables.


SoftHSM 2.0.0b3 - 2015-04-17

* SOFTHSM-113: Support for Botan 1.11.15
* SOFTHSM-119: softhsm2-util: Support ECDSA key import
  (Patch from Magnus Ahltorp)
* SUPPORT-139: Support deriving generic secrets, DES, DES2, DES3, and AES.
  Using DH, ECDH or symmetric encryption.

Bugfixes:
* SOFTHSM-108: A marked as trusted certificate cannot be imported.
* SOFTHSM-109: Unused parameter and variable warnings.
* SOFTHSM-110: subdir-objects warnings from autoreconf.
* SOFTHSM-111: Include FIPS-NOTES.md in dist.
* SOFTHSM-112: CKM_AES_KEY_WRAP* conflict in pkcs11.h.
* SOFTHSM-114: Fix memory leak in a test script.
* SOFTHSM-115: Fix static analysis warnings.
* SUPPORT-154: A marked as non-modifiable object cannot be generated.
* SUPPORT-155: auto_ptr is deprecated in C++11, use unique_ptr.
* SUPPORT-157: Derived secrets were truncated after encryption and
  could thus not be decrypted.
* Mutex should call MutexFactory wrapper functions.
  (Patch from Jerry Lundström)
* Return detailed error message to loadLibrary().
  (Patch from Petr Spacek)


SoftHSM 2.0.0b2 - 2014-12-28

* SOFTHSM-50: OpenSSL FIPS support.
* SOFTHSM-64: Updated build script for Windows.
* SOFTHSM-100: Use --free with softhsm2-util to initialize the first
  free token.
* SOFTHSM-103: Allow runtime configuration of log level.
* SOFTHSM-107: Support for CKM_<symcipher>_CBC_PAD.
* Add support for CKM_RSA_PKCS_OAEP key un/wrapping.
  (Patch from Petr Spacek)
* Use OpenSSL EVP interface for AES key wrapping.
  (Patch from Petr Spacek)
* Allow reading configuration file from user's home directory.
  (Patch from Nikos Mavrogiannopoulos)

Bugfixes:
* SOFTHSM-102: C_DeriveKey() uses OBJECT_OP_GENERATE.
* Coverity found a number of issues.


SoftHSM 2.0.0b1 - 2014-09-10

* SOFTHSM-84: Check that all mandatory attributes are given during
  the creation process.
* SOFTHSM-92: Enable -fvisibility=hidden on per default
* SUPPORT-137: Implement C_EncryptUpdate and C_EncryptFinal
  (Patch from Martin Paljak)
* Add support for CKM_RSA_PKCS key un/wrapping
  (Patch from Petr Spacek)

Bugfixes:
* SOFTHSM-66: Attribute handling when using multiple threads
* SOFTHSM-93: Invalid C++ object recycling.
* SOFTHSM-95: umask affecting the calling application.
* SOFTHSM-97: Check if Botan has already been initialized.
* SOFTHSM-98: Handle mandatory attributes for DSA, DH, and ECDSA
  correctly.
* SOFTHSM-99: Binary encoding of GOST values.
* SUPPORT-136: softhsm2-keyconv creates files with sensitive material
  in insecure way.


SoftHSM 2.0.0a2 - 2014-03-25

* SOFTHSM-68: Display a better configure message when there is a 
  version of Botan with a broken ECC/GOST/OID implementation.
* SOFTHSM-70: Improved handling of the database backend.
* SOFTHSM-71: Supporting Botan 1.11.
* SOFTHSM-76: Do not generate RSA keys smaller than 1024 bit when 
  using the Botan crypto backend.
* SOFTHSM-83: Support CKA_VALUE_BITS for CKK_DH private key object.
* SOFTHSM-85: Rename libsofthsm.so to libsofthsm2.so and prefix the
  command line utilties with softhsm2-.
* SOFTHSM-89: Use constants and not strings for signaling algorithms.
* SUPPORT-129: Possible to use an empty template in C_GenerateKey.
  The class and key type are inherited from the generation mechanism.
  Some mechanisms do however require a length attribute. [SOFTHSM-88]
* SUPPORT-131: Support RSA-PSS using SHA1, SHA224, SHA256, SHA384,
  or SHA512. [SOFTHSM-87]

Bugfixes:
* SOFTHSM-39: Fix 64 bit build on sparc sun4v.
* SOFTHSM-69: GOST did not work when you disabled ECC.
* SOFTHSM-78: Correct the attribute checks for a number of objects.
* SOFTHSM-80: Prevent segfault in OpenSSL GOST HMAC code.
* SOFTHSM-91: Fix a warning from static code analysis.
* Fixed a number of memory leaks.


SoftHSM 2.0.0a1 - 2014-02-10

This is the first alpha release of SoftHSMv2. It focuses on a higher 
level of security by encrypting sensitive information and using 
unswappable memory. There is also a more generalized crypto backend,
where you can use Botan or OpenSSL.
