The following changes are included in the v1.2 (April 2023) release:
- Add support for digesting mechanisms that can sign over raw data instead of precomputed digests. See mechanism.cc for the full list.
- Add support for multi-part signing functions (
C_{Sign|Verify}Update, andC_{Sign|Verify}Final). See the user guide for more details about these functions. - Add support for
C_GenerateRandom, see the user guide for more details. - Add experimental support for interoperable AES symmetric encryption
mechanisms, such as
CKM_AES_CTR, and the related functions (eg.C_Encrypt,C_Decrypt, etc). See the user guide for the full list of mechanisms and functions. This feature is currently in private preview and can only be accessed by allowlisted preview customers. If you are interested, please fill out this form. - Add experimental support for HMAC symmetric signing mechanisms, such as
CKM_SHA256_HMAC. Some of these algorithms are in public preview but can be accessed without restrictions. See mechanism.cc for the full list of mechanisms. - Add integrity verification checks for crypto operations performed through the library.
- Support case #1 of
C_Initialize - Several internal dependencies were updated.
The following changes are included in the v1.1 (March 2022) release:
- The value for
CKA_EC_POINTwas corrected. - The configuration option
experimental_generate_certsis now fully supported, and has been renamed togenerate_certs. - Google now supplies a version of the library where the included BoringSSL has been built in FIPS mode.
- The configuration option
experimental_require_fips_modeis now fully supported, and has been renamed torequire_fips_mode. - For
CK_RSA_PKCS_OAEP_PARAMS.source, the value0is treated as meaning "no label" for compatibility purposes. - The library must now be built with Bazel v4.2.1.
- Several internal dependencies were updated.
Initial release of the library.
Initial release of the library.