-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathchangelog
296 lines (257 loc) · 16.8 KB
/
changelog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
Version 3.21
2024-05-17 release(3.21.3087)
* IMPROVEMENT: OpenSSL 3 is supported for packaging.
* IMPROVEMENT: Functions deprecated in OpenSSL 3 replaced with new ones.
* IMPROVEMENT: Build warnings reduced.
2022-01-06 release(3.21.3075)
* FEATURE: Added SM-3 and SHA-3 family hash functions for OpenSSL (disabled by default).
* IMPROVEMENT: Code refactored in tlv_element.c to eliminate redundant addition to NULL pointer.
* IMPROVEMENT: Redundant code from fast_tlv.c removed.
* BUGFIX: Possibly uninitialized clean in KSI_SignatureBuilder_close fixed.
* BUGFIX: Memory leak in several KSI_TlvElement_* functions fixed.
* BUGFIX: Tests failing due to expired certificate fixed.
* BUGFIX: Test testUnimplementedHashAlgorithm fixed.
* BUGFIX: String comparison in test/include-test.sh fixed.
* BUGFIX: Potential memory leak in KSI_TreeLeafHandle_getAggregationChain fixed.
* BUGFIX: Possibly NULL passed to memcpy with byte count 0 in tlv.c fixed.
* BUGFIX: Unexpected behaviour fixed when dealing with SHA3-512 hash algorithm names.
Version 3.20
2019-10-07 release(3.20.3025)
* FEATURE: Added support for disabling network providers via compile time options.
* IMPROVEMENT: PDU V1 marked as deprecated.
* IMPROVEMENT: Return NA(GEN-02), instead of FAIL(KEY-01), when certificate is not found during key-based verification. Verification error code KEY-01 is deprecated.
* IMPROVEMENT: New verification rules for calendar hash chain reception from extending service (returning NA(GEN-2) in case of a service failure).
* IMPROVEMENT: KSI_RuleVerificationResult has additional fields with error information. Will be filled in case verification result is NA(GEN-2).
* IMPROVEMENT: Value returned by KSI_getHashAlgorithmByName must be verified with KSI_isHashAlgorithmSupported and KSI_isHashAlgorithmTrusted.
* IMPROVEMENT: KSI_CalendarTimeToUnixTime no longer depends on non-portable timegm.
* BUGFIX: Fixed TreeBuilder masking algorithm.
* BUGFIX: Metadata is now placed into the first link when using KSI_BlockSigner with blinding mask.
* BUGFIX: Constant variable KSI_HASHALG_INVALID is exported with DLL.
* BUGFIX: Resolved compilation warnings.
Version 3.19
2019-02-20 release(3.19.2939)
* BUGFIX: Fixed ABI version.
* BUGFIX: Enhanced backward compatibility with hash algorithm enum values.
2019-01-30 release(3.19.2919)
* FEATURE: Added new async handle state KSI_ASYNC_STATE_ERROR_NOTICE for returning errors that whould be otherwise resolved internally (eg. in case of high availability where one of the configured endpoint encounter connection issues).
* FEATURE: Added new option KSI_ASYNC_OPT_HMAC_ALGORITHM for overriding default HMAC algorithm set via KSI_CTX options KSI_OPT_AGGR_HMAC_ALGORITHM or KSI_OPT_EXT_HMAC_ALGORITHM.
* FEATURE: Added new option KSI_ASYNC_OPT_CONF_CONSOLIDATE_CALLBACK for overriding default consolidation handling.
* FEATURE: Added async service option KSI_ASYNC_OPT_CONNECTION_STATE_CALLBACK for setting connection state listener.
* FEATURE: Added prefix string format support to KSI_LOG_logBlob. Interface remains fully backwards compatible.
* FEATURE: Added find function to KSI_List interface.
* IMPROVEMENT: Helper interface for creating signing KSI_AsyncHandle.
* IMPROVEMENT: Added async request recycle handling for reducing memory allocations.
* IMPROVEMENT: Enhanced async client logging, by adding client and request id's. Provides more distinguishable log entries in case of high availability service.
* IMPROVEMENT: Added async TCP peer connection POLLHUP signal handling. Requests will return immediately with error state instead of waiting for timeout.
* IMPROVEMENT: Failing test TestPKICertificateToString fixed with corrections made to the expired certificates.
* BUGFIX: Made URI schemes case insensitive.
* BUGFIX: RPM build fixed when there is libksi already installed with different binary interface version.
* IMPROVEMENT: Function KSI_CTX_getLastFailedSignature is deprecated. See KSI_VERIFICATION_POLICY_EMPTY for replacement.
* BUGFIX: Fixed high availability server aggregation persion configuration consolodation.
* BUGFIX: Made URI schemes case insensitive.
* BUGFIX: Fixed possible crash when using multiple KSI_AsyncService instances with HTTP endpoints in different threads.
* BUGFIX: RPM build fixed when there is libksi already installed with different binary interface version.
* BUGFIX: Negative enum value is not ISO standard.
Version 3.18
2018-08-27 release(3.18.2836)
* FEATURE: High Availability add-on to the non-blocking network interface.
* FEATURE: Added max tree level to tree builder.
* IMPROVEMENT: KSI_DataHash and KSI_DataHasher accept NULL as KSI context.
* IMPROVEMENT: Added KSI_TlvElement_removeElement function.
* IMPROVEMENT: Changed the curl HTTP debug messages for return codes and internal error messages.
* IMPROVEMENT: KSI_DataHash and KSI_DataHasher accept NULL as KSI context.
* IMPROVEMENT: Updated example code in README.md.
* IMPROVEMENT: Added calendar hash chain consistency verification.
* BUGFIX: Corrected possible crash in list removeElement when configured without object free method.
* BUGFIX: Fixed typo in hash algorithm names.
* BUGFIX: Fixed internal logging mechanism.
Version 3.17
2018-02-12 release(3.17.2693)
* IMPROVEMENT: Added KSI_ATTRIB and KSI_UNUSED to annotate functions.
* FEATURE: Added CommonCrypto for hashing as an alternative to OpenSSL.
* IMPROVEMENT: Removed deprecated interface KSI_Signature_getSignerIdentity.
* IMPROVEMENT: Added consistency tests for public include files (make include-test).
* IMPROVEMENT: Moved all implementation h-files into src/ksi/impl directory.
* IMPROVEMENT: Added deprecated and obsolete times to hash functions.
* IMPROVEMENT: SHA-1 is deprecated as of 01.07.2016T00:00 UTC.
* BUGFIX: Removed double close of the KSI_DataHasher when calculating the calendar hash chain.
* IMPROVEMENT: Added double close guards and tests for KSI_DataHasher.
* BUGFIX: Script rebuild-deb.sh works on Ubuntu.
* IMPROVEMENT: Debian packaging refactored.
* FEATURE: Support for non-blocking HTTP connection (with WinINet and WinHTTP).
* FEATURE: Support for non-blocking HTTP connection (with libcurl).
* IMPROVEMENT: Added support for OpenSSL 1.1 api.
* FEATURE: Request server configuration using KSI_AsyncHandle.
* FEATURE: Return push configuration via KSI_AsyncHandle if KSI_CTX option KSI_OPT_AGGR_CONF_RECEIVED_CALLBACK is not set.
* FEATURE: KSI_CTX options KSI_OPT_PUBFILE_CACHE_TTL_SECONDS for setting the cached publications file timeout.
Version 3.16
2017-11-21 release(3.16.2482)
* BUGFIX: Fixed EINTR (signal) issues with TCP and cURL.
2017-10-12 release(3.16.2475)
* BUGFIX: Fixed logging in net_http_curl.c when using 32-bit OS.
* FEATURE: Support for non-blocking TCP connection.
* IMPROVEMENT: Added an example for non-bloking signing.
* IMPROVEMENT: Debian package name contains debian version.
* IMPROVEMENT: Debian packaaging dependecies fixed.
* IMPROVEMENT: Debian changelog is generated from the main changelog.
* IMPROVEMENT: Libksi Debian/Ubuntu dependencies changed to make it work on both Debian 9 and Ubuntu 16.
Version 3.15
2017-09-12 release(3.15.2306)
* BUGFIX: Fixed creating HmacHasher failure with unimplemented hash algorithm.
* BUGFIX: Unable to create KSI_DataHash from digest if algorithm is not implemented.
* IMPROVEMENT: KSI_FTLV_memRead will parse and return more information when there's an error during parsing.
* IMPROVEMENT: Simplified integration test configuration (see integrationtest.conf.sample)
* BUGFIX: Fixed KSIEP over TCP failing.
* BUGFIX: Fixed clang static analyze findings.
* BUGFIX: GNU makefile target 'dist' does not include any unnecessary files to the resulting tarball.
* IMPROVEMENT: Debian packaging refactored and fixed.
* IMPROVEMENT: ABI version moved from configure.ac to ABI_VERSION file.
* IMPROVEMENT: Added KSI_SignatureBuilder_createSignatureWithAggregationChain function.
* IMPROVEMENT: Removed calendar-based verification from the default verification policy.
* IMPROVEMENT: New verification rule for verifing document hash algorithm.
* IMPROVEMENT: Implemented verification of PKI certificate validity during aggregation time.
* IMPROVEMENT: Rpm packaging spec file moved from "redhat" to "packaging/redhat".
* IMPROVEMENT: Set default PDU version to 2.
* IMPROVEMENT: Removed deprecated verification functionality.
Version 3.14
2017-06-13 release(3.14.2207)
* IMPROVEMENT: Unified verifivation error codes. All error code values with single digit are padded with '0' (general error codes have been changed from GEN-* to GEN-0*).
* IMPROVEMENT: Refactored TCP client host information lookup by using getaddrinfo instead of gethostbyname.
* IMPROVEMENT: Support for integration tests test package.
* IMPROVEMENT: Refactored aggregation hash chain chain index continuation verification.
* IMPROVEMENT: Added mandatory comments to deprecation macro.
* IMPROVEMENT: Returning KSI_UNSUPPORTED_PDU_VERSION in case configured PDU version is not supported for given request.
* IMPROVEMENT: Verification of user-provided input hash level.
* IMPROVEMENT: Updated signature internal verification sequence.
* BUGFIX: Correct extender HMAC setting.
* BUGFIX: Added interface for KSI_Header KSI context getter.
* IMPROVEMENT: Added KSI_DataHash memory reuse.
Version 3.13
2017-04-17 release(3.13.2043)
* IMPROVEMENT: Functionality to request configurations from extender / aggregator.
* BUGFIX: Update publications file client pointer when changinh client.
* IMPROVEMENT: Set level correction when input hash level is greater than 0.
* IMPROVEMENT: Updated ksi_sign_aggr example.
* IMPROVEMENT: HMAC algorithm configuration support for outgoing and incomming messages.
* IMPROVEMENT: Functionality to request configurations from extender / aggregator.
* IMPROVEMENT: Updated verification tutorial.
* IMPROVEMENT: Verification context initial aggregation level member is deprecated (warning not shown under Windows). The initial aggregation level is adjusted into aggregation hash chain level correction value during signature creation.
* IMPROVEMENT: Set level correction when input hash level is greater than 0.
* IMPROVEMENT: Updated ksi_sign_aggr example.
* BUGFIX: Update publications file client pointer when changinh client.
Version 3.12
2017-03-02 release(3.12.2010)
* BUGFIX: Removed internal http pipeline feature.
* BUGFIX: The example of KSI_DataHash_create in tutorial/t1_signing.md was missing an argument.
2017-02-27 release(3.12.2000)
* IMPROVEMENT: Support for adding doxygen generated html files into rpm and debian package.
* IMPROVEMENT: Added flag --with-default-pdu-version=version to configure script.
* IMPROVEMENT: Improve test support for different PDU version.
* BUGFIX: Fixed KSI_TlvElement nested structure serialization issue.
* IMPROVEMENT: Updated signature verification procedure. Added new error codes.
* IMPROVEMENT: Provide identity information as a list.
* IMPROVEMENT: Function KSI_Signature_getSignerIdentity is deprecated. See KSI_Signature_getAggregationHashChainIdentity for replacement.
* BUGFIX: Corrected medadata request time parsing.
* BUGFIX: Validate list impl pointer before use.
* BUGFIX: Cryptoapi KSI_PKISignature_new fails if the input blob can not be parsed.
* BUGFIX: CryptoAPI uses PKCS7 signatures embedded intermediate certificates in verification process.
* IMPROVEMENT: Internally HTTP connections are reused and pipelined.
* IMPROVEMENT: Increased the size of the statically allocated KSI_Integer pool up to the value of 0xff.
* IMPROVEMENT: Removed experimental feature KSI_NetworkClient_performAll.
* IMPROVEMENT: Removed multi-signature support from the SDK.
Version 3.11
2016-11-03 release(3.11.1893)
* BUGFIX: Disabled cURL from using signals.
* IMPROVEMENT: Removed deprecated functions: KSI_TLV_setUintValue, KSI_TLV_fromUint, KSI_TLV_removeNestedTlv
* FEATURE: Added support for aggregation and extending PDU version 2.
Version 3.10
2016-10-18 release(3.10.1839)
* IMPROVEMENT: Refactored signature verification step attribute handling.
* IMPROVEMENT: Implemented KSI_BlockSigner getter for the hash value of the last leaf in the tree.
* BUGFIX: Fixed debian build.
* BUGFIX: Reference counting issues fixed.
* IMPROVEMENT: Removed support for Windows build combination DLL=dll and RTL=MT(d).
* IMPROVEMENT: List macros check for NULL pointers.
* BUGFIX: Error message for unknown OID properly reported.
* BUGFIX: Userinfo in URLs with unknown schema, incl. http://, is retained for http basic authentication and is not used for KSI authentication.
* IMPROVEMENT: Moved signature helper functions from signature.{h,c} into signature_helper.{h,c}
* FEATURE: Added signature builder.
* IMPROVEMENT: All functions except *List_new and *List_free are now type safe macros.
* IMPROVEMENT: Deprecated functions KSI_TLV_setUintValue, KSI_TLV_fromUint and KSI_TLV_removeNestedTlv.
Version 3.9
2016-06-21 release(3.9.1701)
* IMPROVEMENT: Added block signature sample application.
* IMPROVEMENT: Removed dead code from http_parser.{c,h}
* IMPROVEMENT: Added KSI_verifyDataHash.
* IMPROVEMENT: Custom meta-data sepparated from the low-level implementation. Adds padding automatically.
* IMPROVEMENT: Metadata hardening verification.
* IMPROVEMENT: Removed SHA-224 support.
* IMPROVEMENT: Removed Unused function KSI_RDR_verifyEnd.
* IMPROVEMENT: PKI truststore initialization is performed on the need basis.
* IMPROVEMENT: Added signature verification according to policies.
* IMPROVEMENT: Created KSI_HmacHasher interface for incremental HMAC computation.
* IMPROVEMENT: Certificate constraints can be set and verified per publications file.
* IMPROVEMENT: Add preprocessor parseable version no.
* IMPROVEMENT: KSI_receivePublicationsFile must not verify publications file automatically.
* BUGFIX: Invalid and misleading exception message on response publication time check.
* BUGFIX: Correcting memory leaks when using Windows Crypt32 library.
* IMPROVEMENT: Added support for local aggregation.
* IMPROVEMENT: Functions KSI_Signature_create* are deprecated and KSI_Signature_sign will replace them.
* IMPROVEMENT: Added function KSI_Signature_appendAggregationChain.
* IMPROVEMENT: Added function KSI_AggregationHashChain_calculateShape.
* IMPROVEMENT: KSI_HashChain_aggregate and KSI_HashChain_aggregateCalendar no longer require not NULL output parameters.
* IMPROVEMENT: Added KSI_AggregationHashChain_aggregate function.
* BUGFIX: Correcting usage of isForward and isNonCritical flags in KSI_TlvTemplate_serializeObject and KSI_TlvTemplate_writeBytes. Added tests to cover this bug.
* IMPROVEMENT: KSI_LIST may contain NULL values.
* BUGFIX: Certificate and publication records are not mandatory for publications file.
* IMPROVEMENT: Integration tests configuration file error handling improved.
* IMPROVEMENT: Handling for reading server responses from tlv files.
* BUGFIX: Removed unused function.
* BUGFIX: Fixed macro redefinition issue.
* BUGFIX: Fixed KSI_Signature_getSigningTime() when signature does not containa calendar chain.
* IMPROVEMENT: Created KSI_HmacHasher interface for incremental HMAC computation.
* IMPROVEMENT: Added detailed coverage report in html format.
* IMPROVEMENT: In case of no errors KSI_ERR_getBaseErrorMessag returns string indicating that there are no errors.
* BUGFIX: KSI_ERR_getBaseErrorMessage error code returned by the output parameter fixed when error count is zero.
* BUGFIX: KSI_DataHasher memory leak on immediate reset after open.
* IMPROVEMENT: Added detailed coverage report in html format.
* BUGFIX: Fixed HMAC for hash functions with other than 512 bit internal block size.
* IMPROVEMENT: Removed build warnings on OSX.
* IMPROVEMENT: Added mechanism to disable deprecation warnings.
Version 3.7
2016-01-26 release(3.7.1037)
* BUGFIX: Fixed building from SRPM
Thanks to Peter Portante
* BUGFIX: Compilation issues under Fedora 21
Thanks to Peter Portante
* IMPROVEMENT: Versioning includes
* BUGFIX: KSI_Signature_getDocumentHash fixed when applied to legacy signature.
* BUGFIX: KSI_MultiSignature_get fixed when extracting legacy signature.
* BUGFIX: KSI_MultiSignature_remove fixed when removing legacy signature.
Version 3.4
2015-12-09 release(3.4.0.6)
* Added mime-type to http requests.
* Protection against demoting meta_hash and metadata to sibling_hash
2015-09-14 release(3.4.0.1)
* Removed all default endpoints.
* Added multi signature container.
* Publications file parsing and verification are now more strict.
* Publications file verification customizable.
* Added fast tlv parser.
* Fixed getLatestPublication and getNearestPublication.
* Restructured logging (new log levels).
* All size variables changed to size_t.
* Hash algorithm id changed from int to KSI_HashAlgorithm.
* Debian packaging.
* Publications file creation and signing support.
* Hashing algorithm RIPEMD-256 removed.
* Local aggregation support.
* Fixed calendar hash chain calculation.
Version 3.2
Version 3.2
2015-05-14 release (3.2.2.0)
* Added functions for signing locally aggregated root hashes.
* Added convenience functions for verifying a signature with user provided
publication.
2015-04-01 release (3.2.1.0)
* First public release