libp11-0.4.2

• Fixed a 0.4.0 regression bug causing the engine finish function to
  remove any configured engine parameters; fixes #104 (Michał Trojnara)

libp11-0.4.1

• Use enginesdir provided by libcrypto.pc if available (David Woodhouse)
• Certificate cache destroyed on login/logout (David Woodhouse)
• Fixed accessing certificates marked as CKA_PRIVATE (David Woodhouse)
• Directly included libp11 code into the engine (Matt Hauck)
• Fixed handling simultaneous make jobs (Derek Straka)
• Reverted an old hack that broke engine initialization (Michał Trojnara)
• Fixed loading of multiple keys due to unneeded re-logging (Matt Hauck)
• Makefile fixes and improvements (Nikos Mavrogiannopoulos)
• Fixed several certificate selection bugs (Michał Trojnara)
• The signed message digest is truncated if it is too long for the
  signing curve (David von Oheimb)
• Workaround for broken PKCS#11 modules not returning CKA_EC_POINT
  in the ASN1_OCTET_STRING format (Michał Trojnara)
• OpenSSL 1.1.0 build fixes (Michał Trojnara)

libp11-0.4.0

• Merged engine_pkcs11 (Michał Trojnara)
• Added ECDSA support for OpenSSL < 1.0.2 (Michał Trojnara)
• Added ECDH key derivation support (Doug Engert and Michał Trojnara)
• Added support for RSA_NO_PADDING RSA private key decryption, used
  by OpenSSL for various features including OAEP (Michał Trojnara)
• Added support for the ANSI X9.31 (RSA_X931_PADDING) RSA padding
  (Michał Trojnara)
• Added support for RSA encryption (not only signing) (Michał Trojnara)
• Added CKA_ALWAYS_AUTHENTICATE support (Michał Trojnara)
• Fixed double locking the global engine lock (Michał Trojnara)
• Fixed incorrect errors reported on signing/encryption/decryption
  (Michał Trojnara)
• Fixed deadlocks in keys and certificates listing (Brian Hinz)
• Use PKCS11_MODULE_PATH environment variable (Doug Engert)
• Added support for building against OpenSSL 1.1.0-dev (Doug Engert)
• Returned EVP_PKEY objects are no longer "const" (Michał Trojnara)
• Fixed building against OpenSSL 0.9.8 (Michał Trojnara)
• Removed support for OpenSSL 0.9.7 (Michał Trojnara)

libp11-0.3.1

New in 0.3.1; 2016-01-22; Michał Trojnara

• Added PKCS11_is_logged_in to the API (Mikhail Denisenko)
• Added PKCS11_enumerate_public_keys to the API (Michał Trojnara)
• Fixed EVP_PKEY handling of public keys (Michał Trojnara)
• Added thread safety based on OpenSSL dynamic locks (Michał Trojnara)
• A private index is allocated for ex_data access (RSA and ECDSA classes)
  instead of using the reserved index zero (app_data) (Michał Trojnara)
• Fixes in reinitialization after fork; addresses #39
  (Michał Trojnara)
• Improved searching for dlopen() (Christoph Moench-Tegeder)
• MSVC build fixes (Michał Trojnara)
• Fixed memory leaks in pkcs11_get_evp_key_rsa() (Michał Trojnara)

0.3.0

• Added small test suite based on softhsm (run on make check)
• Memory leak fixes (Christian Heimes)
• On module initialization tell the module that the OS locking primitives are OK to use (Mike Gerow)
• Transparently handle applications that fork. That is call C_Initialize() and reopen any handles if a fork is detected.
• Eliminated any hard coded limits for certificate size (Doug Engert)
• Added support for ECDSA (Doug Engert)
• Allow RSA_NO_PADDING padding mode in PKCS11_private_encrypt (Stephane Adenot)
• Eliminated several hard-coded limits in parameter sizes.