Skip to content

Releases: OpenSC/libp11


15 Jul 21:47
Choose a tag to compare

New in 0.4.12; 2022-07-15; Michał Trojnara

  • Fixed using an explicitly provided PIN regardless of the secure login flag (Alon Bar-Lev)
  • Fixed RSA_PKCS1_PADDING handling (Michał Trojnara)
  • Fixed a crash on LLP64, including 64-bit Windows (Małgorzata Olszówka)
  • Fixed searching objects when both ID and label are specified (minfrin)
  • Fixed the OAEP "source" parameter (S-P Chan)
  • Fixed object searching by label (Michał Trojnara)
  • Fixed thread safety in slot enumeration (Michał Trojnara)
  • Fixed storing certificates on tokens (Mateusz Kwiatkowski)
  • Fixed several memory leaks (Michał Trojnara, Jakub Jelen, Timo Teräs)
  • Fixed OpenSSL 3.0 compatibility (Jakub Jelen)
  • Fixed LibreSSL compatibility (orbea, patchMonkey156)
  • Major concurrency improvements and refactoring (Timo Teräs)
  • Added re-numeration of slots as an engine control command (Markus Koetter)
  • Added the PKCS11_update_slots() API function (Timo Teräs)
  • Added support for the SHA3 hash function (alegon01)
  • Added a self-test for engine RSA operations (Uri Blumenthal)


11 Oct 15:35
Choose a tag to compare

New in 0.4.11; 2020-10-11; Michał Trojnara

  • Fixed "EVP_PKEY_derive:buffer too small" EC errors (Luka Logar)
  • Fixed various memory leaks (Mateusz Kwiatkowski)
  • Fixed Windows VERSIONINFO (Pavol Misik)
  • Fixed builds with OpenSSL older than 1.0.2 (Michał Trojnara)
  • Fixed a double free in EVP_PKEY_meth_free() (Mikhail Durnev)
  • Added CKA_VALUE_LEN to EC key derivation template (Michał Trojnara)
  • Fixed handling keys without label attribute (efternavn)
  • Updated the tests (Anderson Toshiyuki Sasaki)
  • Made ECDH-derived keys extractable (Bent Bisballe Nyeng)
  • Added support for pin-source within PKCS#11 URI (Stanislav Levin)
  • Improved LibreSSL compatibility (patchMonkey156)
  • Fixed handling RSA private keys in BIND (Stanislav Levin)
  • Added macOS testing support (Stanislav Levin)
  • Fixed engine object search algorithm (Anderson Toshiyuki Sasaki)


03 Apr 20:35
Choose a tag to compare

New in 0.4.10; 2019-04-03; Michał Trojnara

  • Added EC signing through EVP API (Bryan Hunt)
  • Added an empty EC private key required by OpenSSL 1.1.1 (Doug Engert)
  • Stored additional certificate attributes (FdLSifu, Michał Trojnara)
  • Engine allowed to use private keys without a PIN (Michał Trojnara)
  • Lazy binding used as a workaround for buggy modules (Michał Trojnara)
  • MinGW build fixes and documentation (Michał Trojnara)
  • LibreSSL 2.8.3 build fixes (patchMonkey156)
  • Error handling fixes (Michał Trojnara)


03 Sep 18:11
Choose a tag to compare

New in 0.4.9; 2018-09-03; Michał Trojnara

  • Fixed EVP_PKEY ENGINE reference count with the EC EVP_PKEY_METHOD
    (Michał Trojnara, Anderson Sasaki)
  • Fixed a leak of RSA object in pkcs11_store_key() (lbonn)
  • Added atfork checks for RSA and EC_KEY methods (Michał Trojnara)


05 Aug 19:06
Choose a tag to compare

New in 0.4.8; 2018-08-05; Michał Trojnara

  • RSA key generation on the token (n3wtron)
  • PSS signature support (Doug Engert, Michał Trojnara)
  • RSA-OAEP and RSA-PKCS encryption support (Mouse, Michał Trojnara)
  • Engine no longer set as default for all methods (Anderson Sasaki)
  • Added PKCS11_remove_key and PKCS11_remove_certificate (n3wtron)
  • Added PKCS11_find_next_token interface (Frank Morgner)
  • Added support for OpenSSL 1.1.1 beta (Michał Trojnara)
  • Removed support for OpenSSL 0.9.8 (Michał Trojnara)
  • Case insensitive PKCS#11 URI scheme (Anderson Sasaki)
  • Testing framework improvements (Anderson Sasaki)
  • Coverity scanning and defect fixes (Frank Morgner)
  • Backward compatibility for new error handling introduced in libp11 0.4.7 (Michał Trojnara)
  • Memory leak fixes (Frank Morgner, Doug Engert)
  • Added an integer overflow protection (Eric Sesterhenn, Michał Trojnara)
  • Several bugfixes (Michał Trojnara, Emmanuel Deloget, Anderson Sasaki)


03 Jul 21:17
Choose a tag to compare

New in 0.4.7; 2017-07-03; Michał Trojnara

  • Added OpenSSL-style engine error reporting (Michał Trojnara)
  • Added the FORCE_LOGIN engine ctrl command (Michał Trojnara)
  • Implemented the QUIET engine ctrl command (Michał Trojnara)
  • Modified CKU_CONTEXT_SPECIFIC PIN requests to be based
    on the CKA_ALWAYS_AUTHENTICATE attribute rather than the
    CKR_USER_NOT_LOGGED_IN error (Michał Trojnara)
  • Fixed printing hex values (Michał Trojnara)
  • Fixed build error with OPENSSL_NO_EC (Kai Kang)


23 Apr 20:33
Choose a tag to compare
  • Updated ex_data on EVP_PKEYs after enumerating keys (Matt Hauck)
  • Token/key labels added into PIN prompts (Matt Hauck)


29 Mar 20:35
Choose a tag to compare
  • Prevented destroying existing keys/certs at login (Michał Trojnara)
  • Fixed synchronization of PKCS#11 module calls (Matt Hauck)
  • Added LibreSSL compatibility (Bernard Spil)
  • Added SET_USER_INTERFACE and SET_CALLBACK_DATA engine ctrl commands
    for certificate and CKU_CONTEXT_SPECIFIC PINs (Michał Trojnara)
  • Fixed error handling in RSA key generation (Michał Trojnara)


26 Jan 21:54
Choose a tag to compare
  • Fixed a state reset caused by re-login on LOAD_CERT_CTRL engine ctrl;
    fixes #141 (Michał Trojnara)
  • "?" and "&" allowed as URI separators; fixes #142 (Michał Trojnara)
  • engine: Unified private/public key and certificate enumeration
    to be performed without login if possible (Michał Trojnara)


04 Dec 21:36
Choose a tag to compare
  • Use UI to get CKU_CONTEXT_SPECIFIC PINs (Michał Trojnara)
  • Added graceful handling of alien (non-PKCS#11) keys (Michał Trojnara)
  • Added symbol versioning (Nikos Mavrogiannopoulos)
  • Soname tied with with the OpenSSL soname (Nikos Mavrogiannopoulos)
  • Added MSYS2, Cygwin, and MinGW/MSYS support (Paweł Witas)
  • Workaround implemented for a deadlock in PKCS#11 modules that
    internally use OpenSSL engines (Michał Trojnara, Paweł Witas)
  • Fixed an EVP_PKEY reference count leak (David Woodhouse)
  • Fixed OpenSSL 1.1.x crash in public RSA methods (Doug Engert,
    Michał Trojnara)
  • Fixed OpenSSL 1.1.x builds (Nikos Mavrogiannopoulos, Michał Trojnara)
  • Fixed retrieving PIN values from certificate URIs (Andrei Korikov)
  • Fixed symlink installation (Alon Bar-Lev)