1 Noteworthy changes in version 1.6.1 (2022-09-16) [C22/A14/R1]
2 ------------------------------------------------
4 * Allow an OCSP server not to return the sent nonce. [rK24992a4a7a]
6 Release-info: https://dev.gnupg.org/T6210
9 Noteworthy changes in version 1.6.0 (2021-06-10) [C22/A14/R0]
10 ------------------------------------------------
12 * Limited support for the Authenticated-Enveloped-Data content type.
15 * Support password based decryption. [cb7f2484a09c]
17 * Fix build problem on macOS. (#5440)
19 * Silence warnings from static analyzers. (#5395)
21 * Interface changes relative to the 1.5.0 release:
22 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
23 KSBA_CT_AUTHENVELOPED_DATA NEW.
25 Release-info: https://dev.gnupg.org/T5479
28 Noteworthy changes in version 1.5.1 (2021-04-06) [C21/A13/R1]
29 ------------------------------------------------
31 * Support Brainpool curves specified by ECDomainParameters.
33 Release-info: https://dev.gnupg.org/T5379
36 Noteworthy changes in version 1.5.0 (2020-11-18) [C21/A13/R0]
37 ------------------------------------------------
39 * ksba_cms_identify now identifies OpenPGP keyblock content.
41 * Supports TR-03111 plain format ECDSA signature verification.
43 * Fixes a CMS signed data parser bug exhibited by a somewhat strange
44 CMS message. [b6438e768c]
46 * Interface changes relative to the 1.4.0 release:
47 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
48 KSBA_CT_OPENPGP_KEYBLOCK NEW.
50 Release-info: https://dev.gnupg.org/T5146
53 Noteworthy changes in version 1.4.0 (2020-05-19) [C20/A12/R0]
54 ------------------------------------------------
56 * Supports ECDSA and EdDSA certificate creation and parsing. [#4896]
58 * Supports ECDH enveloped data. [#4920]
60 * Supports ECDSA and EdDSA signed data. [#4920]
62 * Supports rsaPSS signature verification. [#4538]
64 * Supports standard file descriptors in ksba_reader_read. [#3072]
66 * New configure flag --disable-doc.
68 * Improves supports for reproducible builds. [#4801]
70 * Allows for optional elements in keyinfo objects. [#4892]
72 * Updates the config and M4 scripts to the latest version.
74 * Fixes error detection in the CMS parser. [#4207]
76 * Fixes memory leak in ksba_cms_identify.
78 * Fixes build warnings on macOS. [#2910]
80 * Uses --disable-new-dtags if LD_LIBRARY_PATH is defined. [#4298]
82 * New constants KSBA_VERSION and KSBA_VERSION_NUMBER.
84 * New API to make creation of DER objects easy.
86 * Interface changes relative to the 1.3.5 release:
87 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
89 KSBA_VERSION_NUMBER NEW.
90 KSBA_CT_SPC_IND_DATA_CTX NEW.
95 ksba_der_builder_new NEW.
96 ksba_der_builder_reset NEW.
100 ksba_der_add_oid NEW.
101 ksba_der_add_bts NEW.
102 ksba_der_add_der NEW.
103 ksba_der_add_tag NEW.
104 ksba_der_add_end NEW.
105 ksba_der_builder_get NEW.
107 Release-info: https://dev.gnupg.org/T4943
110 Noteworthy changes in version 1.3.5 (2016-08-22) [C19/A11/R6]
111 ------------------------------------------------
113 * Limit the allowed size of complex ASN.1 objects (e.g. certificates)
116 * Avoid read access to unitialized memory.
118 * Improve detection of invalid RDNs.
120 * Encode the OCSP nonce value as an octet string as described by
124 Noteworthy changes in version 1.3.4 (2016-05-03) [C19/A11/R5]
125 ------------------------------------------------
127 * Fixed two OOB read access bugs which could be used to force a DoS.
129 * Fixed a crash due to faulty curve OID lookup code.
131 * Synced the list of supported curves with those of Libgcrypt.
133 * New configure option --enable-build-timestamp; a build timestamp is
134 not anymore used by default.
137 Noteworthy changes in version 1.3.3 (2015-04-10) [C19/A11/R4]
138 ------------------------------------------------
140 * Fixed an integer overflow in the DN decoder.
142 * Now returns an error instead of terminating the process for certain
145 * Improved the parsing of utf-8 strings in DNs.
147 * Allow building with newer versions of Bison.
149 * Improvement building on Windows with newer versions of Mingw.
152 Noteworthy changes in version 1.3.2 (2014-11-25) [C19/A11/R3]
153 ------------------------------------------------
155 * Fixed a buffer overflow in ksba_oid_to_str. [CVE-2014-9087]
158 Noteworthy changes in version 1.3.1 (2014-09-18)
159 ------------------------------------------------
161 * Fixed memory leak in CRL parsing.
163 * Build fixes for Windows, Android, and ppc64el.
166 Noteworthy changes in version 1.3.0 (2012-09-27)
167 ------------------------------------------------
169 * Changed the license of the library from GPLv3 to LGPLv3/GPLv2; see
170 the file AUTHORS for details.
175 Noteworthy changes in version 1.2.0 (2011-03-01)
176 ------------------------------------------------
178 * New functions to allow the creation of X.509 certificates.
180 * Interface changes relative to the 1.1.0 release:
181 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
182 ksba_certreq_set_serial NEW.
183 ksba_certreq_set_issuer NEW.
184 ksba_certreq_set_validity NEW.
185 ksba_certreq_set_siginfo NEW.
188 Noteworthy changes in version 1.1.0 (2010-10-26)
189 ------------------------------------------------
191 * New functions to fix a leak in dirmngr.
193 * Interface changes relative to the 1.0.0 release:
194 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
195 ksba_reader_set_release_notify NEW
196 ksba_writer_set_release_notify NEW
199 Noteworthy changes in version 1.0.8 (2010-07-15)
200 ------------------------------------------------
202 * Support for WindowsCE.
204 * Builds cleanly from SVN even when cross-compiling.
206 * Fixed a CMS parsing bug exhibited by Lotus Notes.
209 Noteworthy changes in version 1.0.7 (2009-07-03)
210 ------------------------------------------------
212 * Detect overflow while parsing OIDs. Map BER encoded OIDs to well
215 * Allow mixed case names in DNs.
218 Noteworthy changes in version 1.0.6 (2009-06-05)
219 ------------------------------------------------
221 * Support SHA-{384,512} based signature generation.
223 * The RSA algorithmIdentifier ASN.1 sequence is now emitted with an
224 explicit NULL parameter. Despite the interop testing we did in the
225 past, some software still requires this and thus we better follow
226 the best current practise.
229 Noteworthy changes in version 1.0.5 (2009-01-09)
230 ------------------------------------------------
235 Noteworthy changes in version 1.0.4 (2008-09-22)
236 ------------------------------------------------
238 * Write smimeCapabilities according to RFC3851 to help Mozilla.
242 * The visibility attribute is now used if supported by the toolchain.
245 Noteworthy changes in version 1.0.3 (2008-02-12)
246 ------------------------------------------------
250 * Include the used hash algorithm in sig-val structures.
252 * Fix for unknown tags in issuerAltName and subjectAltName.
255 Noteworthy changes in version 1.0.2 (2007-07-04)
256 ------------------------------------------------
260 * Fixed a couple of memory leaks.
262 * Experimental support for ECDSA.
264 * Minor portability fixes.
269 Noteworthy changes in version 1.0.1 (2006-11-29)
270 ------------------------------------------------
272 * Fixes for certificates lacking certain objects.
274 * Fixes to allow building on systems with a broken ar.
277 Noteworthy changes in version 1.0.0 (2006-08-31)
278 ------------------------------------------------
280 * OCSP nonces are now checked to detect replay attacks.
282 * OCSP extensions may no be retrieved.
284 * Implemented ksba_ocsp_get_responder_id which used to always return
285 an error code not_implemented. Thus we can assume that the
286 function has never been used and we don't need to see this as an
289 * Interface changes relative to the 0.9.16 release:
290 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
291 ksba_ocsp_get_extension NEW
292 ksba_ocsp_get_responder_id CHANGED: No ABI break.
295 Noteworthy changes in version 0.9.16 (2006-08-01)
296 -------------------------------------------------
298 * Fixed a character set conversion bug in BMPStrings.
300 * New function for better error reporting of DNs.
302 * Interface changes relative to the 0.9.13 release:
303 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
309 Noteworthy changes in version 0.9.15 (2006-06-20)
310 -------------------------------------------------
312 * Fixed BER parser which was broken in the last release.
315 Noteworthy changes in version 0.9.14 (2006-05-16)
316 -------------------------------------------------
318 * Fixed broken OCSP requests.
320 * Ignore invalid bytes appended to a certificate.
323 Noteworthy changes in version 0.9.13 (2005-11-24)
324 -------------------------------------------------
326 * New functions to associate user data with a certificate object.
328 * Interface changes relative to the 0.9.12 release:
329 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
330 ksba_cert_set_user_data NEW
331 ksba_cert_get_user_data NEW
334 Noteworthy changes in version 0.9.12 (2005-08-01)
335 -------------------------------------------------
337 * GeneralNames types dNSName and Uri are now supported.
339 * Minor changes to some function declarations. This should not
340 affect any compilation.
342 * Interface changes relative to the 0.9.7 release:
343 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
344 ksba_certreq_add_extension CHANGED: Argument DER is now a void*.
345 ksba_cms_set_content_enc_algo CHANGED: Argument IV is now void*.
346 ksba_cms_get_content_enc_iv CHANGED: Argument IV is now void*.
347 ksba_cms_set_message_digest CHANGED: Argument DIGEST is now
351 Noteworthy changes in version 0.9.11 (2005-04-20)
352 -------------------------------------------------
354 * New convenience API function for the subjectKeyIdentifier.
356 * Implemented the keyIdentifier part for authorityKeyIdentifier of
357 CRLs and certificates.
359 * Reason codes for CRL items are now returned.
361 * Interface changes relative to the 0.9.7 release:
362 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
363 ksba_cert_get_subj_key_id NEW.
366 Noteworthy changes in version 0.9.10 (2004-12-03)
367 -------------------------------------------------
369 * Fixed a CMS parsing bug.
372 Noteworthy changes in version 0.9.9 (2004-09-27)
373 ------------------------------------------------
375 * Fixed a couple of bugs which caused parsing errors with some
379 Noteworthy changes in version 0.9.8 (2004-07-22)
380 ------------------------------------------------
382 * Fixed a bug in the OCSP request generation.
385 Noteworthy changes in version 0.9.7 (2004-06-08)
386 ------------------------------------------------
388 * New API function to add arbitrary extensions to pkcs#10 requests.
390 * Interface changes relative to the 0.9.6 release:
391 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
392 ksba_certreq_add_extension NEW.
395 Noteworthy changes in version 0.9.6 (2004-04-29)
396 ------------------------------------------------
398 * New API functions to support v2 CRLs.
400 * Interface changes relative to the 0.9.5 release:
401 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
402 ksba_crl_get_extension NEW.
403 ksba_crl_get_auth_key_id NEW.
404 ksba_crl_get_crl_number NEW.
406 Noteworthy changes in version 0.9.5 (2004-04-06)
407 ------------------------------------------------
409 * New APIs to get hands on some more information.
411 * Interface changes relative to the 0.9.4 release:
412 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
413 ksba_ocsp_get_responder_id NEW.
414 ksba_ocsp_get_cert NEW.
415 ksba_cert_get_authority_info_access NEW.
416 ksba_cert_get_subject_info_access NEW.
417 ksba_cms_add_smime_capability NEW.
420 Noteworthy changes in version 0.9.4 (2004-02-20)
421 ------------------------------------------------
423 * Support for Extended Key Usage.
425 * ksba_cms_identify may no return a pseudo content type for pkcs#12
428 * Interface changes relative to the 0.9.3 release:
429 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
430 ksba_reader_clear NEW.
431 ksba_cert_get_ext_key_usages NEW.
435 Noteworthy changes in version 0.9.3 (2004-01-30)
436 ------------------------------------------------
438 * Fixed a serious bug shortly after the last release :-(.
441 Noteworthy changes in version 0.9.2 (2004-01-29)
442 ------------------------------------------------
444 * Cleaned up the DN label table.
446 * Fixed a bug in creating CMS signed data.
449 Noteworthy changes in version 0.9.1 (2003-12-19)
450 ------------------------------------------------
452 * Support for OCSP (rfc2560).
454 * The new function ksba_set_hash_buffer_function may be used during
455 intialization to register a simple hash fucntion for internal use
458 * Changed the license of the manual to GPL.
460 * Interface changes relative to the 0.9.0 release:
461 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
464 ksba_ocsp_response_status_t NEW.
466 void ksba_ocsp_release NEW.
467 ksba_ocsp_set_digest_algo NEW.
468 ksba_ocsp_set_requestor NEW.
469 ksba_ocsp_add_target NEW.
470 ksba_ocsp_set_nonce NEW.
471 ksba_ocsp_prepare_request NEW.
472 ksba_ocsp_hash_request NEW.
473 ksba_ocsp_set_sig_val NEW.
474 ksba_ocsp_add_cert NEW.
475 ksba_ocsp_build_request NEW.
476 ksba_ocsp_parse_response NEW.
477 ksba_ocsp_get_digest_algo NEW.
478 ksba_ocsp_hash_respons NEW.
479 ksba_ocsp_get_sig_val NEW.
480 ksba_ocsp_get_status NEW.
481 ksba_set_hash_buffer_function NEW.
484 Noteworthy changes in version 0.9.0 (2003-11-17)
485 ------------------------------------------------
487 * The time is not any longer described by time_t but through the new
488 type ksba_isotime_t which is string of excactly 15 characters in
489 ISO 8601 format (e.g. "19611107T152010") and always stored as
490 UTC. This is to allow representation of dates beyond the year 2038.
491 Comparing is a mere strcmp.
493 * All type names are nom conforming to the GNU coding standards, the
494 old names are still available as aliases but flagged as deprecated.
496 * All error codes have been replaced by libgpg-error ones. Libksba
497 now depends on this package. Remember to use the gpg_err_code
498 function when testing for error values other than success.
500 * Interface changes relative to the 0.4.7 release:
501 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
502 ksba_cert_get_validity CHANGED: Uses ksba_isotime_t instead of time_t.
503 ksba_crl_get_update_times CHANGED: Uses ksba_isotime_t instead of time_t.
504 ksba_crl_get_item CHANGED: Uses ksba_isotime_t instead of time_t.
505 ksba_cms_get_signing_time CHANGED: Uses ksba_isotime_t instead of time_t.
506 ksba_cms_set_signing_time CHANGED: Uses ksba_isotime_t instead of time_t.
507 ksba_cert_new CHANGED: Returns an error code now.
508 ksba_cms_new CHANGED: Returns an error code now.
509 ksba_name_new CHANGED: Returns an error code now.
510 ksba_writer_new CHANGED: Returns an error code now.
511 ksba_reader_new CHANGED: Returns an error code now.
512 ksba_certreq_new CHANGED: Returns an error code now.
513 ksba_crl_new CHANGED: Returns an error code now.
515 ksba_error_t NEW: Should be used instead of KsbaError.
516 ksba_cert_t NEW: Should be used instead of KsbaCert.
517 ksba_certreq_t NEW: Should be used instead of KsbaCertreq.
518 ksba_cms_t NEW: Should be used instead of KsbaCMS.
519 ksba_crl_t NEW: Should be used instead of KsbaCRL.
520 ksba_name_t NEW: Should be used instead of KsbaName.
521 ksba_sexp_t NEW: Should be used instead of KsbaSexp.
522 ksba_reader_t NEW: Should be used instead of KsbaReader.
523 ksba_writer_t NEW: Should be used instead of KsbaWriter.
524 ksba_strerror REMOVED: use gpg_strerror instead.
526 Noteworthy changes in version 0.4.7 (2003-03-17)
527 ------------------------------------------------
529 * Fixed type detection in creating DNs.
532 Noteworthy changes in version 0.4.6 (2002-12-04)
533 ------------------------------------------------
535 * DNs in pkcs#10 request are now created in reversed order as
536 specified by rfc2253.
538 * The content-type signed attribute is created.
540 * Fixed a parser bug with a id-aa-encrypKeyPref attribute.
542 * Interface changes relative to the 0.4.3 release:
543 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
544 ksba_cms_get_sigattr_oids NEW
545 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
547 Noteworthy changes in version 0.4.5 (2002-08-23)
548 ------------------------------------------------
550 * Removed some debugging output.
552 * Added an autoconf macro.
555 Noteworthy changes in version 0.4.4 (2002-08-09)
556 ------------------------------------------------
558 * Multiple signatures can now be created and parsed.
561 Noteworthy changes in version 0.4.3 (2002-06-25)
562 ------------------------------------------------
566 * Interface changes relative to the 0.4.2 release:
567 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
568 ksba_writer_write_octet_string NEW
569 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
571 Noteworthy changes in version 0.4.2 (2002-06-04)
572 ------------------------------------------------
574 * Some bug fixes and a new function.
576 * Interface changes relative to the 0.4.1 release:
577 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
578 ksba_cms_identify NEW
579 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
581 Noteworthy changes in version 0.4.1 (2002-05-03)
582 ------------------------------------------------
586 Noteworthy changes in version 0.4.0 (2002-04-15)
587 ------------------------------------------------
589 * Nearly all stuff needed for the Aegypten project is now in place.
592 Copyright 2002, 2003, 2004, 2005, 2006, 2007, 2008,
595 This file is free software; as a special exception the author gives
596 unlimited permission to copy and/or distribute it, with or without
597 modifications, as long as this notice is preserved.
599 This file is distributed in the hope that it will be useful, but
600 WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
601 implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.