NEWS for SoftHSM -- History of user visible changes

SoftHSM 2.0.0 - 2015-07-17

* SOFTHSM-121: Test cases for C_DecryptUpdate/C_DecryptFinal.
* Support C_DecryptUpdate/C_DecryptFinal for symmetric algorithms.
  (Patch from Thomas Calderon)

Bugfixes:
* SOFTHSM-120: Segfault after renaming variables.


SoftHSM 2.0.0b3 - 2015-04-17

* SOFTHSM-113: Support for Botan 1.11.15
* SOFTHSM-119: softhsm2-util: Support ECDSA key import
  (Patch from Magnus Ahltorp)
* SUPPORT-139: Support deriving generic secrets, DES, DES2, DES3, and AES.
  Using DH, ECDH or symmetric encryption.

Bugfixes:
* SOFTHSM-108: A marked as trusted certificate cannot be imported.
* SOFTHSM-109: Unused parameter and variable warnings.
* SOFTHSM-110: subdir-objects warnings from autoreconf.
* SOFTHSM-111: Include FIPS-NOTES.md in dist.
* SOFTHSM-112: CKM_AES_KEY_WRAP* conflict in pkcs11.h.
* SOFTHSM-114: Fix memory leak in a test script.
* SOFTHSM-115: Fix static analysis warnings.
* SUPPORT-154: A marked as non-modifiable object cannot be generated.
* SUPPORT-155: auto_ptr is deprecated in C++11, use unique_ptr.
* SUPPORT-157: Derived secrets were truncated after encryption and
  could thus not be decrypted.
* Mutex should call MutexFactory wrapper functions.
  (Patch from Jerry Lundström)
* Return detailed error message to loadLibrary().
  (Patch from Petr Spacek)


SoftHSM 2.0.0b2 - 2014-12-28

* SOFTHSM-50: OpenSSL FIPS support.
* SOFTHSM-64: Updated build script for Windows.
* SOFTHSM-100: Use --free with softhsm2-util to initialize the first
  free token.
* SOFTHSM-103: Allow runtime configuration of log level.
* SOFTHSM-107: Support for CKM_<symcipher>_CBC_PAD.
* Add support for CKM_RSA_PKCS_OAEP key un/wrapping.
  (Patch from Petr Spacek)
* Use OpenSSL EVP interface for AES key wrapping.
  (Patch from Petr Spacek)
* Allow reading configuration file from user's home directory.
  (Patch from Nikos Mavrogiannopoulos)

Bugfixes:
* SOFTHSM-102: C_DeriveKey() uses OBJECT_OP_GENERATE.
* Coverity found a number of issues.


SoftHSM 2.0.0b1 - 2014-09-10

* SOFTHSM-84: Check that all mandatory attributes are given during
  the creation process.
* SOFTHSM-92: Enable -fvisibility=hidden on per default
* SUPPORT-137: Implement C_EncryptUpdate and C_EncryptFinal
  (Patch from Martin Paljak)
* Add support for CKM_RSA_PKCS key un/wrapping
  (Patch from Petr Spacek)

Bugfixes:
* SOFTHSM-66: Attribute handling when using multiple threads
* SOFTHSM-93: Invalid C++ object recycling.
* SOFTHSM-95: umask affecting the calling application.
* SOFTHSM-97: Check if Botan has already been initialized.
* SOFTHSM-98: Handle mandatory attributes for DSA, DH, and ECDSA
  correctly.
* SOFTHSM-99: Binary encoding of GOST values.
* SUPPORT-136: softhsm2-keyconv creates files with sensitive material
  in insecure way.


SoftHSM 2.0.0a2 - 2014-03-25

* SOFTHSM-68: Display a better configure message when there is a 
  version of Botan with a broken ECC/GOST/OID implementation.
* SOFTHSM-70: Improved handling of the database backend.
* SOFTHSM-71: Supporting Botan 1.11.
* SOFTHSM-76: Do not generate RSA keys smaller than 1024 bit when 
  using the Botan crypto backend.
* SOFTHSM-83: Support CKA_VALUE_BITS for CKK_DH private key object.
* SOFTHSM-85: Rename libsofthsm.so to libsofthsm2.so and prefix the
  command line utilties with softhsm2-.
* SOFTHSM-89: Use constants and not strings for signaling algorithms.
* SUPPORT-129: Possible to use an empty template in C_GenerateKey.
  The class and key type are inherited from the generation mechanism.
  Some mechanisms do however require a length attribute. [SOFTHSM-88]
* SUPPORT-131: Support RSA-PSS using SHA1, SHA224, SHA256, SHA384,
  or SHA512. [SOFTHSM-87]

Bugfixes:
* SOFTHSM-39: Fix 64 bit build on sparc sun4v.
* SOFTHSM-69: GOST did not work when you disabled ECC.
* SOFTHSM-78: Correct the attribute checks for a number of objects.
* SOFTHSM-80: Prevent segfault in OpenSSL GOST HMAC code.
* SOFTHSM-91: Fix a warning from static code analysis.
* Fixed a number of memory leaks.


SoftHSM 2.0.0a1 - 2014-02-10

This is the first alpha release of SoftHSMv2. It focuses on a higher 
level of security by encrypting sensitive information and using 
unswappable memory. There is also a more generalized crypto backend,
where you can use Botan or OpenSSL.
