* opencryptoki 3.4.1
- fix 32-bit compiler error for ep11 
- fix buffer overflow for cca token 
- fix a testcase

* opencryptoki 3.4
- CCA master key migration added to the pkcscca tool. When the masterkey on
  the CCA adapter changes, this allows the token key objects containing
  keys wrapped with the card's former masterkey to be wrapped under the
  card's new masterkey. And thus "migrated".
- AES GCM support added to ica token.
- Ability to generate generic secret keys for CKM_GENERIC_SECRET_KEY_GEN
  added to opencryptoki.
- The soft, cca, ep11, and icsf tokens support HMAC single and multipart for
  SHA1, SHA256, SHA384, and SHA512.
- CCA token, a secure key token, can now import AES, DES3 and
  Genric Secret keys.
- Add -Wall and fix various compiler warnings.
- Coverity scan cleanup.
- Additional test vectors and various testcase improvements made.
- Various bugfixes

* opencryptoki 3.3
- Dynamic tracing introduced via the new environment variable, 
  OPENCRYPTOKI_TRACE_LEVEL=<level>. The opencryptoki base as well as all
  tokens changed to use the new tracing.
- Allow root to run pkcs11 commands without being in pkcs11 group.
- EncryptUpdate, DecryptUpdate, DigestUpdate, SignUpdate, VerifyUpdate
  now allow zero length data.
- Refactored ICA token's SHA .
- Various testcase improvements.
- Various bugfixes.

* opencryptoki 3.2
- New pkcscca tool. Currently it assists in migrating cca private token
  objects from opencryptoki version 2 to the clear key encryption method 
  used in opencryptoki version 3. Includes a manpage for pkcscca tool.
  Changes to README.cca_stdll to assist in using the CCA token and
  migrating the private token objects.
- Support for CKM_RSA_PKCS_OAEP and CKM_RSA_PKCS_PSS algorithms.
- Various bugfixes.
- New testcases for various crypto algorithms.

* opencryptoki-3.1
- New ep11 token to support IBM Crypto Express adpaters (starting with 
  Crypto Express 4S adapters) configured with Enterprise PKCS#11(EP11)
  firmware.
- New pkcsep11_migrate utility (and manpage) to migrate token objects
  when card's masterkey changes.
- Various bugfixes.

* opencryptoki-3.0
- Aggregated source files in common, tpm, and cca directories.
- Re-factored shared memory functions in the stdlls.
- New opencryptoki.conf file to replace pk_config_data and pkcs11_starup.
  The opencryptoki.conf contains slot entry information for tokens.
- New manpage for opencryptoki.conf
- Removed pkcs_slot and pkcs11_startup shell scripts.
- New ICSF token to do remote crypto.
- New pkcsicsf utility to setup the ICSF token.
- New manpage for pkcsicsf utility.
- ICA token supports CKM_DES_OFB64, CKM_DES_CFB8, CKM_DES_CFB6 mechanisms
  using 3DES keys.
- ICA token supports CKM_DES3_MAC and CKM_DES3_MAC_GENERAL mechanisms.
- ICA token supports CKM_AES_OFB, CKM_AES_CFB8, CKM_AES_CFB64, CKM_AES_CFB128,
  CKM_AES_MAC, and CKM_AES_MAC_GENERAL mechanisms.
- Some code cleanup in pkcsslotd.
- pkcsslotd daemon uses a socket rather than shared memory to pass
  slot information to the opencryptoki library.
- New testcases added for various crypto algorithms and pkcs#11 api calls.
- Add README to docs directory for how to setup ICSF token.

* opencryptoki-2.4.3.1 (May 17, 2013)
- Allow imported rsa private keys in cca to also decrypt.

* opencryptoki-2.4.3 (April 29, 2013)
- CKM_SHA256_RSA_PKCS,CKM_SHA384_RSA_PKCS,CKM_SHA512_RSA_PKCS support
  for ICA token.
- Allow import of RSA public and private keys into CCA token.
- Systemd support added.
- Various bugfixes and additional testcases.

* opencryptoki-2.4.2 (April 27, 2012)
- Re-factored spinlocks, such that each token has its own spinlock
  in its own directory relative to /var/locks/opencryptoki.

* opencryptoki-2.4.1 (February 21, 2012)
- SHA256 support added for CCA token
- Several crypto algorithm testcases refactored to include published
  test vectors. 
- Testcase directory restructured for future improvements.
- Allow tpm stdll to get SRK passwd and mode from new env variables.
  See [1] for info on how to use this feature and please report any bugs.
- Renamed spinlocks for shared memory to /var/lock dir and did 
  some cleanup of unused locking schemes.
- Various bugfixes and cleanup.

[1] http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki;a=blob;f=doc/README.tpm_stdll;h=dda0d2263cfbb3df8c65ebc64b8006e3242f6321;hb=HEAD#l58


* opencryptoki-2.4 
- Support for Elliptic Curve Support in CCA token.
- Support for AES CTR in ICA token.
- Session handling refactored from using a reference to memory to
  using a handle that references a binray tree node.
- Cleanup logging. Debug messages now go to a file referenced in 
  OPENCRYPTOKI_DEBUG_FILE env variable.
- Various bugfixes and cleanup.

* opencryptoki-2.3.3 (Jan 13 2011)
- Moderate fixes and clean-ups to key unwrapping mechanisms
- several pkcsconf fixes, some minor changes
- Important fix to CCA library name in pkcs11_startup
- PKCS padding length fix for symmetric ciphers
- Better RSA public exponent validations in all supported tokens
- Huge testsuite refactor
- Several other minor fixes and cleanups

* opencryptoki-2.3.2 (Jul 29 2010)
- Significant clean-ups to the building and packaging systems and many
  small fixes by Klaus Heinrich Kiwi <klausk@linux.vnet.ibm.com>
- Various minor fixes to slot daemon and init script by Dan Horák
  <dan@danny.cz>
- Some RSA PKCS#1 v1.5 padding clean-ups by Ramon de Carvalho Valle
  <rcvalle@linux.vnet.ibm.com>
- Human-readable flags output to pkcsconf, some minor soft-token
  fixes by Kent Yoder <key@linux.vnet.ibm.com>
- Improved overall session/object look-up performance. Note that this
  change might crash buggy callers with badly-written session/object
  handle tracking - Klaus Heinrich Kiwi <klausk@linux.vnet.ibm.com>

* openCryptoki-2.3.1
- Moved ICA token to use libica-2.0, supporting newer hardware and 4K
  RSA modulus. Libica-2.x is now *required* to build the ICA token.
- Moved CCA token to use CCA-4.0, supporting AES, SHA-2 and 4K RSA
  keys in newer hardware. Although not required for building, CCA-4.0
  is *required* for running the CCA token.

* openCryptoki-2.2.5

- Fixed bug in comparison of PINs in pkcsconf.
- Added code to set the encryption and signature schemes of keys imported
into the TPM token.
- Added tpm token message to warn when only owner can read the pub SRK.
- Fixed return code of function failed when it should be buffer too small in
various mech_des.c mech_des3.c and mech_aes.c files.
- Moved doc/*.txt to manpage format and integrated them into the build/install
- Updated testcases to query env vars for PINs and call a set of common
routines for common operations
- Added SHA256 support for all tokens
- Fixed object cleanup when max number of token objects is hit
- Fixed fd exhaustion bug with spin lock fd
- Updated TPM stdll for TSS policy handling changes. Trousers 0.2.9+ now
required with openCryptoki 2.2.5
- Updated TPM stdll to use TSS_TSPATTRIB_KEYINFO_RSA_MODULUS when retrieving
the public modulus
- pkcs11_startup fix for use with s/w fallback support in libica on s390
- Added the CCA secure key token and migration utility
- Replaced bcopy/bzero with memcpy/memset throughout the code
- Removed unused variables throughout the code

* openCryptoki-2.2.4
