forked from openca/libpki
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ChangeLog
678 lines (526 loc) · 30.4 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
* Mar 11 2024 Massimiliano Pala <[email protected]>
- Added a script to identify deprecated OpenSSL function calls and fixed a missing include in pki.h
- Added a list of OpenSSL's deprecated functions and a script to generate it from OpenSSL's includes.
* Mar 14 2023 Massimiliano Pala <[email protected]>
- Updated library version in configure.ac to 0.9.9
- Added Public Key Encryption/Decryption functions (RSA supported only)
- Added fix for 64bit compilation on MacOS with Apple silicon
* Feb 6 2023 Massimiliano Pala <[email protected]>
- Aligned OID usage with IETF/Hackathon repo (https://github.com/IETF-Hackathon/pqc-certificates/blob/master/docs/oid_mapping.md)
* Feb 3 2023 Massimiliano Pala <[email protected]>
- Fixed signature generation for Composite by removing the double hashing
- Added signature verify for Composite by completing the verify() in composite_pmeth.c
- Fixed pki-siginfo tool by restricting the self-signed checks when certificates are used as input for the signer.
* Feb 2 2023 Massimiliano Pala <[email protected]>
- Added new pki-oid tool for OIDs and NIDs lookup
- Fixed inverted digest/pkey ID retrieval in PKI_X509_ALGOR_VALUE_get_scheme()
- Fixed test3 by removing the DSA key generation
* Nov 23 2022 Massimiliano Pala <[email protected]>
- Refactored Composite CTX structure to better handling signing
- Fixed several memory leaks that affected the multi-key signatures
- Initial support for alternative keys together with composite ones
* Sep 28 2022 Massimiliano Pala <[email protected]>
- Full reorganization for library initialization (OID)
- Added PKI_TOKEN_set_hsm() function to update Token's HSM
- Updated TOKEN and HSM data structure to include login and creds status
- Ported support for Composite Crypto with dynamic ASN1 and PKEY method
- Updated support for LibOQS 0.7.2
* Aug 24 2022 Massimiliano Pala <[email protected]>
- Fixed EC key generation and encoding.
- Fix for correct support for when ENABLE_OQS is disabled.
- Updated PKI_KEYPARAMS_set_bits() to enable the use of 128/192/256 bits paradigm.
- Fix for signature OID set.
- Small fix for older application that use -1 as PKI_DATA_FORMAT instead of PKI_DATA_FORMAT_UNKNOWN when loading X509 objects without specifying the type.
- Fixed @path@ -> @rpath@ in src/global-vars.in.
- Fixed order of ldflags <libs> ldadd.
- Updated libpki-config file to correctly report the libxml2 include library too.
- Updated global vars file to better support libxml2 includes and linker options.
- Regenerated ./configure script after removing check for X509_verfiy function in openssl's libcrypto library.
- Removed the use of -fsanitize=address for compiler because it creates issues with nodejs integration (node_addon_api is missing -shared-libasan when compiling).
- Added better logging when URL (file) resources are not found.
- Improved handling of PKI TOKEN. Updated delayed key-loading procedure for the token interface to simplify applications' integration.
- Fix for CSR generation by using profiles.
- Fixed generation of Random Serial Number for Certificate Signing.
- Small fix for ECDSA detection support when using the 'prefix' option.
- Initial support for PQC via LibOQS
* May 31 2018 Massimiliano Pala <[email protected]>
- Updated build system by converting INCLUDES to AM_CPPFLAGS in Makefiles.
* May 26 2018 Massimiliano Pala <[email protected]>
- Added LIBPKI_VERSION_NUMBER symbol for versioning control (libpkiv.h).
- Fixed definitions for the different types of stacks.
- Fixed calculation of digest over public keys to align with X509_pubkey_digest().
- Fixed the generation of the ResponderID for OCSP responses when using byKey option.
- Small fixes backported from later versions of the library.
- Removed the use of PKI_STACK_TOKEN_new_null() from pki_init.c
- Backported fixes for pki_config.c
* May 24 2018 Massimiliano Pala <[email protected]>
- Small fixes for the HTTP message parsing.
- Added comments for processing X509 URLs in io/pki_x509_io.c.
- Fixed error meessages and code style for token.c
- Small fixes for stack definition.
- Removed the use of _new_null() in stack definitions.
- Fixed memory management for URL data retrieval.
- Added better debugging info for __get_data_callback() for URL retrieving.
- Fixed stack behavior for _free_all() functions.
* Jan 30 2018 Massimiliano Pala <[email protected]>
- Added management functions for KEYPARAMS.
* Jan 29 2018 Massimiliano Pala <[email protected]>
- Added PKI_DIGEST_get_size_by_name()
- Added PKI_DIGEST_get_value()
- PKI_DIGEST_get_value_size()
* Jan 28 2018 Massimiliano Pala <[email protected]>
- Fix for SNAP package building.
- Removed un-used variables in KEYPAIR dup function.
- Fixed compilation for OSSL < 1.1.0x.
* Jan 28 2018 Massimiliano Pala <[email protected]>
- Fixed OpenSSL's HSM Key Duplication.
- Fixed PKI_X509_CERT_is_ca() and PKI_X509_CERT_is_selfsigned() to correctly report the right value.
- Fixed defaults for build on MacOS X.
- Fixed missing automake, autoconf, and libtool files.
- Updated autoconf options to remove requirements for pkgconfig(openldap).
- Fixed Log closing and removed initial defaults for the logging facitily.
- Small optimization for FIPS switching..
* Jan 9 2018 Massimiliano Pala <[email protected]>
- Fixed certificate generation for OpenSSL 1.0.x branches.
- Fixed profile load priority and parsing.
- Fixed pki-tool certificate generation procedures and default output (now stdout).
- Fixed pre-processor directives (OSSLV numbers).
- Fixed missing #endif for PKCS#11 driver.
- Initial fix for ECDSA PKCS#11 compatibilty for OpenSSL 1.0.x branches.
- Fixed typo in PKCS#11 RSA signing method.
- Fixed C99 int variable declaration.
* Jan 3 2018 Massimiliano Pala <[email protected]>
- Initial update to PKCS#11 v2.40 to support new algorithms
- Updated the list of supported algorithms
- Inital fix for key generation process for PKCS#11 devices
- Fixed signature algorithm checks and setup for PKCS#11 devices
- Added support for multiple RSA Key Gen (X9_31 default)
* Oct 18 2017 Massimiliano Pala <[email protected]>
- Small memory leak fix for logging on stderr and stdout
- Fixed small memory leak in PKI_X509_NAME_get_parsed()
- Simplified PKI_X509_CERT_check_pubkey() internals
- Fixed memory leak for HTTP messages retrieving
- Fixed memory leak for SNI servername
- Fixed setting SNI server name to operate with virtual servers
* Sep 25 2017 Massimiliano Pala <[email protected]>
- Fixed an error for default HSM callbacks for OpenSSL tokens that prevented signature generation
- Fixed an error for OpenSSL's key generation (wrong return code)
* Jun 5 2017 Massimiliano Pala <[email protected]>
- Fixed backward compatibility with OpenSSL v1.0.x
* May 28 2017 Massimiliano Pala <[email protected]>
- Initiated port to OpenSSL v1.1.x
* Dec 26 2016 Massimiliano Pala <[email protected]>
- Fixed distclean target to remove test and docs directories
- Fixed some memory issues w/ PKCS11 module
- Fixed some tests details (min key sizes updated)
* Mar 25 2015 Massimiliano Pala <[email protected]>
- Added responderId type parameter in OCSP response signing
* Jan 4 2015 Massimiliano Pala <[email protected]>
- Fixed PKI_TOKEN_load_cert() when setting the token's algor
- Fixed I/O return type for PKI_X509_get()
* Aug 14 2014 Massimiliano Pala <[email protected]>
- Fixed two bugs in PKI_RWLOCK_write_lock() that caoused deadlock if no RWLOCK support for pthread is available.
* Aug 9 2014 Massimiliano Pala <[email protected]>
- Optimized OCSP req and resp internal handling functions
- Added PKI_X509_CERT_check_key() to verify that the same pubkey is in cert and key
* Aug 6 2014 Massimiliano Pala <[email protected]>
- Added additional checks for OCSP response signing
- Added PKI_X509_OCSP_REQ_has_nonce() to easily detect NONCEs in OCSP requests
- Moved to use calloc() to provide better cross-processes memory protection
- Removed old commented code
* Aug 1 2014 Massimiliano Pala <[email protected]>
- Fixed inconsistency in PKI_MEM_url_decode / PKI_MEM_url_encode functions
- Added PKI_MEM_url_get_encoded and PKI_MEM_url_get_decoded functions
- Fixed buffer size utilization in PKI_MSG_REQ and TOKEN to avoid possible buffer overflow
- Fixed make 'distclean' target
* May 10 2014 Massimiliano Pala <[email protected]>
- Fixed building library on AIX operating systems
- Fixed building library on Solaris (pre open-solaris) with old pthread
- Fixed signature generation error when setting the signing algorithm
- Fixed issues with X509_get_parsed() function and signature algorithm retrieval
* Mar 09 2014 Massimiliano Pala <[email protected]>
- Added possibility to remove DNS URLs support (buggy in old Solaris)
- Added checks for availability of pthreads' RWLOCK
- Added mutex-based implementation if RWLOCK is not supported
* Oct 20 2013 Massimiliano Pala <[email protected]>
- Fixed support for GCC pragma diagnostics 'pop' to accomodate older gcc versions
- Fixed support for 32 bits builds
- Fixed setting the right protocol when 'pki-tool genreq' is used without a config token
* Oct 19 2013 Massimiliano Pala <[email protected]>
- Fixed options parsing for pki-tool and pki-crl command-line tools
* Oct 18 2013 Massimiliano Pala <[email protected]>
- Added PKI_HMAC_* interface to handle HMACs more easily
* Oct 04 2013 Massimiliano Pala <[email protected]>
- Added example for generating PKCS#12 files
- Fixed generation of HTTP_MSG from POST messages with no body
- Fixed parsing file-based (with no protocol) URIs
- Fixed several bugs and memory leaks throughout the code base
- Enhanced --enable-extra-checks configure option by adding -Wall
- Fixed URL building for HTTP messages
- Added FIPS mode set/check (requires the underlying crypto provider to support FIPS mode)
- Added fips-mode example in the examples/ directory
- Added README.FIPS_140-2
* Aug 09 2013 Massimiliano Pala <[email protected]>
- Fixed a memory error in PKI_DIGEST_ functions
* Aug 07 2013 Massimiliano Pala <[email protected]>
- Fixed some errors introduced by previous patches (OCSP response signing)
* Aug 03 2013 Massimiliano Pala <[email protected]>
- Fixed various memory leaks in BIO handling
- Fixed a memory leak in signing OCSP responses
* Jun 13 2013 Massimiliano Pala <[email protected]>
- Added new errors for better logging Token issues
* Sep 13 2012 Massimiliano Pala <[email protected]>
- Fixed PKI_TOKEN error when generating new keys (SCHEME vs ALGOR_ID)
* Aug 06 2012 Massimiliano Pala <[email protected]>
- Added SOCK_DGRAM possibilities
- Fixed OCSP interface for response building
* Feb 17 2012 Massimiliano Pala <[email protected]>
-Fixed generation of OCSP responses (uninitialized field was causing OCSP responses to be invalid
-Added support for DNS queries via the URL interface (dns://<domain>?<record_type>
-Added initial support for sperimental Lightweight Internet Revokation Tokens (LIRTs)
* Jul 21 2011 Massimiliano Pala <[email protected]>
-Fixed library versioning system
-Updated libtool and aclocal scripts to the latest available version
* Mar 27 2011 Massimiliano Pala <[email protected]>
-Fixed a key-encoding error in OpenSSL (version "0" vs version "1" bug)
* Mar 22 2011 Massimiliano Pala <[email protected]>
-Added new pki-siginfo tool to ease signature info gathering for X509 objs
-Added PKI_X509_KEYPAIR_get_curve() to get curve related to an EC key
-Added possibility to load any type of X509 objects by using PKI_X509_get()
with PKI_DATATYPE_ANY as a type
* Mar 21 2011 Massimiliano Pala <[email protected]>
-Fixed an error when setting the signature algorithm in PKI_X509_CERT_new()
* Feb 22 2011 Massimiliano Pala <[email protected]>
-Added identifier for IPv6 subjectAltName addresses
-Added pki-derenc to the pki-tool (txt to der encoder)
* Feb 21 2011 Massimiliano Pala <[email protected]>
-Fixed debug information in PKI_MSG_REQ generation
-Added the possibility to specify sign digest algor in
PKI_X509_SCEP_MSG_new_certreq() function
* Feb 15 2011 Massimiliano Pala <[email protected]>
-Fixed ASN1 encoding refresh when PKI_X509 data structures are modified
-Added PKI_X509_set_modified() function to force data encoding when storing PKI_X509 objects
-Enhanced the pki-cert tool by adding a -verfiy (signature) option
* Feb 14 2011 Massimilinao Pala <[email protected]>
-Fixed memory allocation error for PKI_HTTP_get_message()
-Fixed param parsing error for pki-crl tool
-Fixed CRL reason code
* Feb 9 2011 Massimiliano Pala <[email protected]>
-Added pki-cert tool to view/manipulate certificates
-Added pki-crl tool to view/generate CRLs
-Added PKI_ALGORITHM data structures for initializing X509 algorithm identifiers
* Feb 3 2011 Massimiliano Pala <[email protected]>
-Fixed name comparison for certificate profile loading
* Feb 2 2011 Massimiliano Pala <[email protected]>
-Fixed URL input management for stdin, stdout, stderr file stream
-Added pki-cert tool to manage certificate format conversion (pem,der,txt,xml)
-Fixed rpath config on Solaris/OpenSolaris
* Jan 17 2011 Massimiliano Pala <[email protected]>
-Added PKI_KEYPARAMS structure to pass key generation parameters to HSMs
-Added compressed/uncompressed encoding options for EC keys
-Fixed default validity in pki-tool
* Jan 16 2011 Massimiliano Pala <[email protected]>
-Added profile/keyParams section parsing in profiles configuration files (PKI_TOKEN)
-Updated default key min/suggested sizes
-Improved pki-tool command line tool (added params for EC key generation, better -batch handling)
* Jan 14 2011 Massimiliano Pala <[email protected]>
-Extended no-case keyUsage and extendedKeyUsage extension parsing in profiles
-Fixed return code in PKI_NET_Listen(). Now it returns PKI_ERR in case of errors or the socket number (e.g., int > 2 ).
* Jan 13 2011 Massimiliano Pala <[email protected]>
-Fix in PKI_X509_OCSP_RESP_STATUS definition
-Fix in token.c (load config)
* Dec 8 2010 Massimiliano Pala <[email protected]>
-Fixed linker script error (-rpath issue)
-Fixed ECDSA configuration option
-Fixed ECDSA get Algorithm by Name (now working with ECDSA-SHA1,
ECDSA-SHA256,...)
-Fixed library versioning
* Nov 19 2010 Massimiliano Pala <[email protected]>
-Fixed incompatibility with Firefox OCSP stack
* Nov 17 2010 Massimiliano Pala <[email protected]>
-Fixed SSL verify routine (allowing for PKI_SSL_VERIFY_NONE)
-Fixed IPv6 Hex addresses (eg., [2001::b]) parsing
* Nov 16 2010 Massimiliano Pala <[email protected]>
-Added support for IPv6 to PKI_NET_* functions
* Nov 8 2010 Massimiliano Pala <[email protected]>
-Updated error messages and error handling (addedd PKI_ERROR())
* Nov 6 2010 Massimiliano Pala <[email protected]>
-Fixed extension management
-Enhanced pki-tool support for non-token PKI operations
-Fixed OID file management
* Sep 7 2010 Massimiliano Pala <[email protected]>
-Added support for URL retrieval from connected PKI_SOCKETs
* Sep 2 2010 Massimiliano Pala <[email protected]>
-Added support for cross platform thread creation (PKI_THREAD)
-Added support for cross platform mutexes (PKI_MUTEX)
-Added support for cross platform locks (PKI_RWLOCK)
-Added support for cross platform condition variables (PKI_COND)
-Added timeout support to LDAP connections
* Aug 30 2010 Massimiliano Pala <[email protected]>
-Added PKI_TOKEN_login() function
-Added PKI_TOKEN_check() to retrieve the status of a loaded token
-Fixed error in parsing algorithm name for key and token generation
* Aug 24 2010 Massimiliano Pala <[email protected]>
-Fixed support for library versioning
* Aug 22 2010 Massimiliano Pala <[email protected]>
-Fixed -rpath issue for custom OpenSSL installation (when using non-standard openssl installation path - e.g., for EC/ECDSA support)
-Added support for cross-platform threads management (src/pki_threads.c)
* Aug 21 2010 Massimiliano Pala <[email protected]>
-Improved OS detection and defines
-Added specific support for 64 bits architectures
-Added support for non deprecated functions in LDAP (OPENLDAP)
-Added support for Windows LDAP API
* Jun 29 2010 Massimiliano Pala <[email protected]>
-Fixed a bug in the PKCS#11 object delete
-Fixed a bug in the PKCS#11 attribute retrieval
-Added possibility to import a keypair in PKCS#11 (RSA)
* Jun 27 2010 Massimiliano Pala <[email protected]>
-Added support for OS details within pki.h (LIBPKI_OS_DETAILS)
-Added support for endianness recognition
* Jun 25 2010 Massimiliano Pala <[email protected]>
-Fixed warnings with -Wall -Werrors
-Fixed 64bit problem (int vs size_t)
* Jun 22 2010 Massimiliano Pala <[email protected]>
-Fixed correct usage of username and password in HTTP user authentication
-Fixed debugging information for PKI_SSL connections
-Fixed usage of PKI_SSL in PKI_X509_get(), and PKI_X509_put()
-Updated url-tool to support trust settings for SSL-enabled connections
* Jun 15 2010 Massimiliano Pala <[email protected]>
-Fixed PKI_SSL trust settings
-Fixed redirection support for HTTP/HTTPs code
* May 25 2010 Massimiliano Pala <[email protected]>
-Added PKI_SSL to the URL interface
-Simplified HTTP/HTTPS code
* May 23 2010 Massimiliano Pala <[email protected]>
-Added support for PKI_SSL to manage SSL/TLS connections
* May 19 2010 Massimiliano Pala <[email protected]>
- Added safe URL deconding/encoding of PKI_MEM data
- Enhanced HTTP support via the new PKI_HTTP data structure and help
functions
* Mar 25 2010 Massimiliano Pala <[email protected]>
- Fixed RPM generation on Ubuntu
- Added HSM_get_errno() and HSM_get_errdesc() functions to manage error
messages from the crypto layer
* Mar 22 2010 Massimiliano Pala <[email protected]>
- Fixed PRQP Request/Responses signatures (via the general PKI_X509 cbs)
- Added easy functions for adding services to PRQP_RESP objects
- Fixed usage of PKI_STRING_OCTET instead of PKI_STRING_BIT in CERT_IDENTIFIER
* Jan 18 2010 Massimiliano Pala <[email protected]>
- Fixed RPM building script
* Nov 14 2009 Massimiliano Pala <[email protected]>
- Fixed Signature verification for OCSP and PRQP messages
- Fixed parsing OCSP responses (on load)
- Added simple OCSP REQ single request handling functions
- Fixed build system for all platforms and libtool 2.2.6+
* Nov 02 2009 Massimiliano Pala <[email protected]>
- Simplified configure.in script
- Fixed some libtool problems
* Oct 31 2009 Massimiliano Pala <[email protected]>
- Fixed algorithm setting in PKI_sign()
- Fixed debugging messages for PKI_X509_PROFILE and PKI_CONFIG
* Oct 27 2009 Massimiliano Pala <[email protected]>
- Added the possibility to specify Certificate Template and Level of Assurance
in PKI_MSG_REQ interface (working with SCEP messages (tested with OpenCA))
- Fixed PKI_X509_PROFILE and PKI_CONFIG parsing functions (update is now
working correctly
- Finished PKI_X509 object container for all the principal objects (REQ, CRL,
CERT, SCEP_MSG, PKCS#7, PKCS#12)
* Oct 9 2009 Massimilaino Pala <[email protected]>
- Added the new PKI_X509 object container to simplify PKI_X509_XXX management
* Sep 30 2009 Massimiliano Pala <[email protected]>
- Added the possibility to get a PKI_PKCS12 from a PKI_TOKEN
- Added public PKI_NET_* functions for managing network connections both for client and server applications
* Sep 28 2009 Massimiliano Pala <[email protected]>
- Added support for RDN (retrieving a list of RDN from a PKI_X509_NAME)
* Sep 7 2009 Massimiliano Pala <[email protected]>
- Added support for OCSP request and response easy generation
* Jun 26 2009 Massimiliano Pala <[email protected]>
- Passed compilation with -Wall -Wextra in GCC
* Jun 23 2009 Massimiliano Pala <[email protected]>
- Finished PKCS#12 full support for PKI_TOKEN import/export functions
- Fixed a bug in PKI_NAME_get_parsed() function (Memory)
- Added support for creating in-memory PKI_X509_PROFILE configs
- Added support for Proxy Certificates (RFC 3820) issuing via PKI_TOKEN
* Jun 7 2009 Massimiliano Pala <[email protected]>
- Added PKCS#12 get support (from a URL)
- Added creation of a new PKI_TOKEN from a PKCS#12 object
* May 14 2009 Massimiliano Pala <[email protected]>
- Updated PRQP support to draft-ietf-pkix-prqp-03.txt (referrals support)
- Fixed initialization error when setting the default password CB
* May 4 2009 Massimiliano Pala <[email protected]>
- Added PKI_MSG_RESP type of messages
- Fixed sending PKI_MSG_REQ (SCEP) type of messages over HTTP
* May 2 2009 Massimiliano Pala <[email protected]>
- Started simplifying the SCEP interface
- Integrating SCEP message support in PKI_MSG system
- Fixed PKI_X509_ATTRIBUTE management for PKCS#7
* Apr 27 2009 Massimiliano Pala <[email protected]>
- Started the PKI_MSG_* subsystem to handle communication between a client/CA
- Added support for PKCS#7 handling
* Apr 24 2009 Massimiliano Pala <[email protected]>
- Added support for OID optional field in PRQP requests/responses
- Fixed a mispelled OID (htmlRequest)
* Apr 23 2009 Massimiliano Pala <[email protected]>
- Added pki-query tool (PRQP client)
- Added color to pki-query output
- Fixed a URL parsing error (URI_PROTO_SOCK was not selected in socket:// URI)
* Apr 22 2009 Massimiliano Pala <[email protected]>
- Fixed a bug in releasing xml resources after parsing a config file
* Apr 20 2009 Massimiliano Pala <[email protected]>
- Fixed an error in PRQP OID initialization
- Changed PRQP_REQ and PRQP_RESP to PKI_PRQP_REQ and PKI_PRQP_RESP
- Aligned URL interface for PRQP to the rest of the library URL system
* Apr 7 2009 Massimiliano Pala <[email protected]>
- Added full support for crossCertificatePair (PKI_X509_XPAIR)
* Apr 1 2009 Massimiliano Pala <[email protected]>
- Fixed conflict in header files (PKCS11) for C++ reserved `template' word
* Mar 29 2009 Massimiliano Pala <[email protected]>
- Added `https' to the list of valid URI types for the URL interface
- Fixed some bugs in the http URI handling
- Added support for HTTP redirect for both `http' and `https' URIs
* Feb 25 2009 Massimiliano Pala <[email protected]>
- Fixed concurrent threads accessing non-atomic operation on PKCS#11 HSMs
- NOTE: Never initialize a PKCS#11 token before a fork() - it won't work!
* Feb 14 2009 Massimiliano Pala <[email protected]>
- Added import of certificates in PKCS#11 devices
* Feb 12 2009 Massimiliano Pala <[email protected]>
- Added Callbacks for TOKEN credential
* Feb 11 2009 Massimiliano Pala <[email protected]>
- Fixed certificate issuing via TOKEN interface
- Added validity period (secs) to the TOKEN certificate issuing interface
- Added certificate issuing (self-sing and normal) to pki-tool command
* Feb 9 2009 Massimiliano Pala <[email protected]>
- Completed refactoring of the HSM interface for better extensibility and code
readability
* Feb 4 2009 Massimiliano Pala <[email protected]>
- Fixed export/load keys password protected (software/PEM).
* Feb 3 2009 Massimiliano Pala <[email protected]>
- Fixed portability problems on Solaris 11
- Fixed small memory leaks
* Feb 2 2009 Massimiliano Pala <[email protected]>
- Completely rewritten the KEYPAIR/CERT/REQ/CRL get/import/export functions to better match the hardware devices management.
* Jan 29 2009 Massimiliano Pala <[email protected]>
- Added key loading from PKCS#11 device via id:// url
- Added generation of PKCS#11 request in pki-tool (both with keygen or without)
* Jan 29 2009 Massimiliano Pala <[email protected]>
- Fixed key generation code for PKCS#11 devices
- Added pki-tool command line util as part of standard distro of libpki
- Fixed key ID and label setting on PKCS#11 devices
* Jan 26 2009 Massimiliano Pala <[email protected]>
- Added PKCS11 Object and PKCS11 Object Attributes (Templates) management functions
* Jan 21 2009 Massimiliano Pala <[email protected]>
- Added KEYPAIR generation for PKCS#11 driver
* Jan 20 2009 Massimiliano Pala <[email protected]>
- Added management for selecting slot on PKCS11 devices via the
PKI_TOKEN_use_slot() function (<pki:slot /> in the config file).
* Jan 13 2009 Massimiliano Pala <[email protected]>
- Added graphical installer for different distributions (Linux/Fedora,
Linux/Ubuntu, MacOS X/Darwin, etc.)
- Updated the PRQP module to the last specs from IETF
(draft-ietf-pkix-prqp-02.txt)
- Fixed support for multi threaded applications (dynamic and static threads
initialization for OpenSSL/ENGINE)
- Fixed support for nChipher devices
- Updated PKCS11 driver (added Slot Interface and Slot info retrieval
functionalities)
* Nov 8 2008 Massimiliano Pala <[email protected]>
- Fixed PRQP ASN.1 of CERT_IDENTIFIER
* Oct 31 2008 Massimiliano Pala <[email protected]>
- Fixed PRQP response generation and CERT_IDENTIFIER_dup function
* Oct 21 2008 Massimiliano Pala <[email protected]>
- Updated PRQP module with OIDs from IETF PRQP PKIX draft
* Oct 15 2008 Massimiliano Pala <[email protected]>
- Fixed MySQL and PG QUERY building functions (stack checking now
works properly)
* Sep 9 2008 Massimiliano Pala <[email protected]>
- Fixes a PKCS11_Malloc() wrong reference in PKCS11 pkey code
* Jul 17 2008 Massimiliano Pala <[email protected]>
- Added revocation code management for each entry in CRLs
* Jul 10 2008 Massimiliano Pala <[email protected]>
- Finished CRL generation code
* Jul 02 2008 Massimiliano Pala <[email protected]>
- Fixed autoconf replacement malloc with rpl_malloc because it won't
work when cross compiling
- Fixed PRQP definitions to match the current I-D from IETF
(draft-ietf-pkix-prqp-00.txt)
- First successful build of a LibPKI application on iPhone
* Jun 29 2008 Massimiliano Pala <[email protected]>
- Fixed PKCS#11 headers, now using updated pkcs11t.h from RSA
* Jun 20 2008 Massimiliano Pala <[email protected]>
- Fixed PKCS#7 Bug (Memory)
- Added first support for PKCS#11 devices
* Mar 20 2008 Massimiliano Pala <[email protected]>
-Added support for DSA-224 and DSA-256 algorithms
-Added support for ECDSA with SHA2 suite (ECDSA-SHA224, ECDSA-SHA256,
ECDSA-SHA384, ECDSA-SHA512)
-Fixed EC key generation (selected curves only by using bit sizes). Named
curves for 256, 384 and 512 bit sizes are aligned with NIST specs
* Mar 18 2008 Massimiliano Pala <[email protected]>
-Added support for OpenSSL 0.9.9 version
-Fixed support for static library linking (linux)
* Mar 4 2008 Massimiliano Pala <[email protected]>
-Added better support for PKI_ALGOR and PKI_DIGEST_ALG managing
-Initial support for PKCS#7 object management
* Feb 6 2008 Massimiliano Pala <[email protected]>
-Fixed a memory bug in URL_new()
-Added functions to easily calculate hash() values
* Dec 2 2007 Massimiliano Pala <[email protected]>
-Fixed a small error in OID definition list
* Oct 15 2007 Massimiliano Pala <[email protected]>
-Fixed signature problem for PRQP request/responses
-Fixed PRQP ASN1 encoding/decoding error
* Sep 30 2007 Massimiliano Pala <[email protected]>
-Finished PKI_log subsystem API - PKI_log_init(), PKI_log(), PKI_log_end() and PKI_log_debug() provide the logging system interface. The signature capabilities are still to be implemented.
* Sep 29 2007 Massimiliano Pala <[email protected]>
-Added the PKI_LOG subsystem. Currently supported logging devices are SYSLOG, stderr, or a general file. Plans to support XML file as well.
-Added support for $HOME/.libpki/ configuration directory (if NULL config_dir is passed when initializing the PKI_TOKEN structure with PKI_TOKEN_init())
* Sep 18 2007 Massimiliano Pala <[email protected]>
-Updated PRQP ASN1 to the new specifications of the new I-D (still to be published on IETF)
* Sep 16 2007 Massimiliano Pala <[email protected]>
-Fixed problems in BIO macros for reading/writing PRQP messages (due to differences between openssl v0.9.7 and v0.9.8+)
* Sep 15 2007 Massimiliano Pala <[email protected]>
-Integrated new version of PRQP that is aligned with I-D <draft-pala-prqp-00.txt> available from IETF
* Sep 14 2007 Massimiliano Pala <[email protected]>
-Added support for OpenSSL ENGINE usage. Currently tested with Alladine eToken, libp11 and openssl-libp11 engine.
* Aug 29 2007 Massimiliano Pala <[email protected]>
-Added first support for PKCS11 URL retrieval (pkcs11://), parameters parsing and other datatype retrieving (key/data) are still missing
* Aug 22 2007 Massimiliano Pala <[email protected]>
-Fixed a memory leakage
-Fixed configure script for selectively disable support for optional libs (mysql, postgresql)
-First support for PostgreSQL URL retrieval (pg://)
* Aug 21 2007 Massimiliano Pala <[email protected]>
-Added MySQL support for URL retrieval (needs mysql.h include file)
* Aug 19 2007 Massimiliano Pala <[email protected]>
-Fixed support for LDAP URL retrieval
-Fixed compile-time warnings on Solaris (cc)
* Aug 8 2007 Massimiliano Pala <[email protected]>
-Added support for SCEP messages to the library (directly integrated from OpenCA tools), it requires additional code cleanup
-Initial CMS support added. Much work is needed to support all ASN.1 data structures and message generation tools
* Jul 27 2007 Massimiliano Pala <[email protected]>, Scott Rea <[email protected]>
-The Pittsburgh Hack, save the token in a PKCS12 bag and use an attribute to store where (if any) the HSM config file is (maybe use the PKCS12_add_CSPName_asc() from OpenSSL src/crypto/pkcs12/p12_attr.c. Use another attribute if that one is used for other purposes.
* Jul 10 2007 Massimiliano Pala <[email protected]>
-Finished restructuring the library to use KMF only for token operations. Now OpenSSL is required also when libkmf is present on the system
* May 18 2007 Massimiliano Pala <[email protected]>
-Finished support for extensions management into libpki by using ceritficate profiles and oid configuration file (xml based)
-Addedd support for certificate, request and certificate chain writing through PKI_TOKEN interface (currently only file:// protocol is supported)
* May 14 2007 Massimiliano Pala <[email protected]>
-Added support for config file (definition of ObjectIdentifiers)
* May 8 2007 Massimiliano Pala <[email protected]>
-Initial support for PKI_PROFILE xml parsing
* Apr 7 2007 Massimiliano Pala <[email protected]>
-Added new/get functions to the PKI_TOKEN interface
-Fixed documentation for the PKI_TOKEN
-Added support for different signature schemes (RSA/DSA/ECDSA
withRC2/RC5/SHA1)
* Apr 6 2007 Massimiliano Pala <[email protected]>
-Added PKI_CRED_new() and PKI_CRED_free() functions
-Fixed linking problems on Solaris 9- (static openssl)
-Changed the PKI_TOKEN_add* function to PKI_TOKEN_set*
* Apr 2 2007 Massimiliano Pala <[email protected]>
-Enhanced documentation creation (doxygen)
* Mar 22 2007 Massimiliano Pala <[email protected]>
-Addedd inital support for Sun's KMF library (OpenSolaris only)
-Fixed errors in key generation
-Updated HTTP code (we now rely on libxml2 nanoHttp implementation
* Jan 10 2007 Massimiliano Pala <[email protected]>
-Fixed LDAP differences with OpenLDAP and Sun's LDAP LD options