Change History

This is a list of changes between the different verions of the PKCS#11 wrapper.

Changes introduced in 1.2.18

• Fix: check attribute length in GetAttributeValue to prevent OutOfMemoryException if PKCS#11 module doesn't return correct return code although attribute length is -1
• Fix: adapt code to handle null objects under AIX if allocating memory of size 0
• Added PKCS11 v2.20 object types WTLSCertificate, UserInterface and Mechanism
• Added X9.42 DH primitives
• Added EC primitives
• Refactored demos to be more readable

Changes introduced in 1.2.17

• Added 64-bit version for Windows.
• Added new parameter classes for CBC key derivation, iaik.pkcs.pkcs11.parameters.DesCbcEncryptDataParameters, iaik.pkcs.pkcs11.parameters.AesCbcEncryptDataParameters, iaik.pkcs.pkcs11.parameters.CbcEncryptDataParameters, iaik.pkcs.pkcs11.wrapper.CK_DES_CBC_ENCRYPT_DATA_PARAMS and iaik.pkcs.pkcs11.wrapper.CK_AES_CBC_ENCRYPT_DATA_PARAMS.
• Added classes for in PKCS#11 v2.20 newly invented attributes, eg. CKA_WRAP_TEMPLATE.
• Fixed incorrect time handling for clock on token, time was in UTC although specified as local time.
• Invented new method iaik.pkcs.pkcs11.objects.Object.getAttributeValues, which reads the attributes in a similar way as iaik.pkcs.pkcs11.objects.Object.getAttributeValue, but a complete array at once. This can lead to performance improvements.
• Added new method iaik.pkcs.pkcs11.Module.getInstance(String pkcs11ModuleName, String pkcs11WrapperPath), which enables to specify the absolute path to the IAIK PKCS#11 Wrapper library when instantiating the PKCS#11 module.

Changes introduced in 1.2.16

• added a Mac OS X version. special thanks to Marc Nelson from Nelson Brothers Racing.
• fixed a bug in the equals method of the Attribute class which may cause a NullPointerException for objects with sensitive attributes.
• improved error handling in native code in case the system runs out of memrory, i.e. if malloc returns NULL. the wrapper now tries to throw an java.lang.OutOfMemoryError.
• improved handling or allocated structures to avoid memory leaks with complex mechanism parameters.

Changes introduced in 1.2.15

• added 64-bit versions for Linux (x86-64) and Solaris (SPARC v9)
• compiled native library for Solaris with SUN C compiler. the wrapper will now run on a Solaris system without libgcc.
• set object class attribute in constructor of DomainParameters object.

Changes introduced in 1.2.14

• added constants for mask generation functions based on SHA-256/384/512

Changes introduced in 1.2.13

• fixed an issue in the native part of Linux and Solaris. this issue regarding handling or error messages may crash or halt th Java VM if the application tries to load a module which does not exist. it was cause by calling free() on the result of dlerror().
• removed GNU Makefiles, use the ANT scripts instead.
• adapted applet demo to use extension installation feature of Java plugin.
• added constants from version 2.20 of PKCS#11.
• added blowfish and twofish key classes

Changes introduced in 1.2.12

• fixed toString() method of the GenericTemplate object class to provide a better readable output.
• removed some unused local variables in classes of package iaik.pkcs.pkcs11.objects.
• extended JavaDoc in Module class
• fixed toString() of Version class to display all version numbers as positiv integers
• fixed a bug in the ReadDataObject demo
• added demo for creating self-signed certificate

Changes introduced in 1.2.11

• fixed a bug in a date conversion used for start date and end date attributes of keys.

Changes introduced in 1.2.10

• modified some object classes to be more robust against missing attributes

Changes introduced in 1.2.9

• changed toString() methods of certain objects to be more robust agains missing attributes
• some minor improvments in native code

Changes introduced in 1.2.8

• fixed bug in C_Sign which was introduced in version 1.2.8 workaround

Changes introduced in 1.2.7

• added workaround in native part to avoid bug in sign operation of certain PKCS#11 modules (e.g. iButton)
• more sample code in the usage documentation

Changes introduced in 1.2.6

• fixed method getMessage() in PKCS11Exception to provide error name reliably even in multithreaded applications
• small improvement in native implementation of C_GetSlotList which also avoids a bug in iKey 2032 drivers to occur

Changes introduced in 1.2.5

• added methods to MechanismInfo for logic combinations (and, or, not)
• fixed bug in native part to handle attributes correctly that are new in PKCS#11 v2.11
• changed license to a more liberal Apache style license
• moved some simple helper classes for demos from demo/test to demo/src/demo/pkcs/pkcs11.

Changes introduced in 1.2.4

• fixed method supports(MechanismInfo) in MechanismInfo

Changes introduced in 1.2.3

• additional constructor in iaik.pkcs.pkcs11.MechanismInfo and made constructors public

Changes introduced in 1.2.2

• implemented equals and hashCode in iaik.pkcs.pkcs11.Module and in iaik.pkcs.pkcs11.wrapper.PKCS11Implementation

Changes introduced in 1.2.1

• a littel performance improvement in the native part
• included an applet demo

Changes introduced in 1.2

• all PKCS#11 objects and parameters are now deep cloneable
• improved attribute handling of objects
• fixed a bug in the X942DHParams class
• improved demo samples
• renamed isLocal() to getLocal() in Key class to be consistent
• fixed some typos

Changes introduced in 1.1

• support for PKCS#11 v2.11 including new key and parameters classes
• improved demo samples
• fixed a bug in the native part for CK_SSL3_KEY_MAT_OUT conversion

Changes introduced in 1.0

• fixed problems and bugs in some parameter classes for certain mechanisms.
• added some more demos: decrypting PKCS#7 enveloped data, signing a certificate request, signing a CRL and signing an OCSP request.

Changes introduced in 1.0Beta1

• improved the wrapper to pass back data in the parameters of SSL and other mechanisms.
• added some more demos. among others, one that shows how to sign data using a PKCS#7 signed data object and another that signs a certificate.
• added a generic search template to enable more advanced search operations.
• put a simple example in the Usage document.
• reorganized native part into platform dependent and portable code. eases porting to new platforms.
• improved synchronization in native part.
• added methods to Functions class the check the type of a mechanism.
• implemented hashCode() and equals() method of most classes.

Changes introduced in 1.0Alpha8

• introduced simple default implementations for InitializeArgs and MutexHandler.
• improved some demos.
• fixed a mojor bug in the native part which may cause the program to hang upon closing a session.
• fixed some cosmetic bugs in code and docu.

Changes introduced in 1.0Alpha7

• introduced this changes list.
• fixed a mojor bug in the native part of C_GenerateKeyPair.
• fixed some cosmetic bugs in code and docu.

Changes introduced in 1.0Alpha6

• rework project structure to make structure clearer and more intuitive.
• improved initialization arguments handling.
• added support for parameter objects that return values from certain mechanisms; e.g. some special SSL mechanisms for generating key material.

Changes introduced in 1.0Alpha5

• introduced parameters package to make handling of parameters for certain mechanisms easier.
• added solaris support out-of-the box and included precompiled shard library.