Skip to content

Releases: lsh123/xmlsec

XMLSec 1.3.2

30 Oct 23:00
@lsh123 lsh123
xmlsec_1_3_2
641b8f4
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
XMLSec 1.3.2

The XML Security Library 1.3.2 release includes the following changes:

  • (xmlsec-openssl) Fixed padding for GOST 2001 and 2012 signatures.
  • (xmlsec-nss) Added support for reading PEM certificates.
  • (xmlsec-nss) Added a check to ensure that the key certificate matches the key.
  • (xmlsec-nss) Added support for xmlsec command line tool --verify-keys option.
  • (xmlsec-gnutls) Added support for GOST R 34.11-94, GOST R 34.11-2012 256 bit, and GOST R 34.11-2012 512 bit digest algorithms.
  • (xmlsec-gnutls) Added support for GOST R 34.10-2001, GOST R 34.11-2012 256 bit, and GOST R 34.11-2012 512 bit signature algorithms.
  • (xmlsec-gnutls) Added support for xmlsec command line tool --verify-keys option.
  • (xmlsec-gnutls) Added check to ensure that the key certificat matches the key.
  • (xmlsec-mscng) Added support for xmlsec command line tool --verify-keys option.
  • (xmlsec-mscng) Replaced windows.h includes with wincrypt.h includes where possible.
  • (xmlsec-mscrypto) Replaced windows.h includes with wincrypt.h includes where possible.
  • (xmlsec command line tool) Added --base64-line-size option to control the base64 encoding line size.
  • (MSVC build) Added 'ftp' and 'http' options to control FTP and HTTP support. FTP support is disabled by default.
  • (MinGW build) The xmlsec-mscrypto is moved down in the default crypto library selection list as it is now in maintanance mode (use --with-default-crypto option to force the selection).
  • (MinGW build) Fixed the static libraries build with --enable-static-linking option.
  • Several other small fixes (see more details).

Thanks to all who reported bugs or sent PRs!

Aleksey

Assets 5
Loading
0 Join discussion

XMLSec 1.3.2-rc1

22 Oct 15:32
@lsh123 lsh123
xmlsec_1_3_2_rc1
5bc62ae
Compare
Choose a tag to compare
XMLSec 1.3.2-rc1 Pre-release
Pre-release

The XML Security Library 1.3.2 release includes the following changes:

  • (xmlsec-openssl) Fixed padding for GOST 2001 and 2012 signatures.
  • (xmlsec-nss) Added support for reading PEM certificates.
  • (xmlsec-nss) Added a check to ensure that the key certificat matches the key.
  • (xmlsec-nss) Added support for xmlsec command line tool '--verify-keys' option.
  • (xmlsec-gnutls) Added support for GOST R 34.11-94, GOST R 34.11-2012 256 bit, and GOST R 34.11-2012 512 bit digest algorithms.
  • (xmlsec-gnutls) Added support for GOST R 34.10-2001, GOST R 34.11-2012 256 bit, and GOST R 34.11-2012 512 bit signature algorithms.
  • (xmlsec-gnutls) Added support for xmlsec command line tool '--verify-keys' option.
  • (xmlsec-gnutls) Added check to ensure that the key certificat matches the key.
  • (xmlsec-mscng) Added support for xmlsec command line tool '--verify-keys' option.
  • (xmlsec-mscng) Replaced windows.h includes with wincrypt.h includes where possible.
  • (xmlsec-mscrypto) Replaced windows.h includes with wincrypt.h includes where possible.
  • (xmlsec command line tool) Added --base64-line-size option to control the base64 encoding line size.
  • (MSVC build) Added 'ftp' and 'http' options to control FTP and HTTP support. FTP support is disabled by default.
  • (MinGW build) The xmlsec-mscrypto is moved down in the default crypto library selection list as it is now in maintanance mode (use "--with-default-crypto" option to force the selection).
  • (MinGW build) Fixed the static libraries build with "--enable-static-linking" option.
  • Several other small fixes (see more details).

Please test the release candidate (signature) and let me know if you see any issues!

Assets 4
Loading
2 Join discussion

XMLSec 1.2.38 (legacy)

04 Jul 21:07
@lsh123 lsh123
xmlsec-1_2_38
3eb3902
Compare
Choose a tag to compare
XMLSec 1.2.38 (legacy)

The XML Security Library 1.2.38 release includes the following changes:

  • Fixed static linking with MinGW.
  • (xmlsec-mscng) Fixed block ciphers key size.
  • Several other small fixes (more details).

This is a legacy backward compatible release. Please consider switching to the latest 1.3.1 release to get advantage of all the new features and improvements.

Aleksey

Assets 4
Loading
0 Join discussion

XMLSec 1.3.1

06 Jun 13:17
@lsh123 lsh123
xmlsec_1_3_1
3b67fdb
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
XMLSec 1.3.1

The XML Security Library 1.3.1 release includes the following changes:

  • Added "--with-libltdl" option for ./configure to allow custom libltdl installations and deprecated "--enable-crypto-dl" option.
  • Added support for cclang compiler on non-MacOSX platforms.
  • (xmlsec-openssl) Restored support for LibreSSL and bumped minimum required version to 3.5.0.
  • (xmlsec-nss) Restored minimum supported NSS version to 3.35.
  • Several other small fixes (more details).

Thanks to all who reported bugs or sent PRs!

Aleksey

Assets 4
Loading
4 Join discussion

XMLSec 1.3.1-rc1

31 May 14:17
@lsh123 lsh123
xmlsec_1_3_1_rc1
2b6c732
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
XMLSec 1.3.1-rc1 Pre-release
Pre-release

The XMLSec 1.3.1 release includes the following changes:

  • Added "--with-libltdl" option for ./configure to allow custom libltdl installations and deprecated "--enable-crypto-dl" option.
  • Added support for cclang compiler on non-MacOSX platforms.
  • (xmlsec-nss) Bumped minimum supported NSS version to 3.52.
  • Several other small fixes (more details).

Please test the release candidate (signature) and let me know if you see any issues!

Aleksey

Assets 4
Loading
14 Join discussion

XMLSec 1.3.0

12 Apr 16:56
@lsh123 lsh123
xmlsec_1_3_0
a2dcc19
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
XMLSec 1.3.0

The XMLSec 1.3.0 release includes a large number of changes including several API / ABI breaking changes (hence version bump).

Detailed information about supported algorithms can be found in the XMLDsig and the XMLEnc interoperability reports.

core xmlsec and all xmlsec-crypto libraries:

  • (ABI breaking change) Added support for the KeyInfoReference Element.
  • (ABI breaking change) Switched xmlSecSize to use size_t by default. Use "--enable-size-t=no" configure option ("size_t=no" on Windows) to restore the old behaviour (note that support for xmlSecSize being different from size_t will be removed in the future).
  • (API breaking change) Changed the key search to strict mode: only keys referenced by KeyInfo are used. To restore the old "lax" mode, set XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH flag on xmlSecKeyInfoCtx or use '--lax-key-search' option for XMLSec command line utility.
  • (API breaking change) The KeyName element content is now trimmed before key search is performed.
  • (API breaking change) Disabled FTP support by default. Use "--enable-ftp" configure option to restore it. Also added "--enable-http" and "--enable-files" configure options to control support for loading files over HTTP or locally.
  • (API/ABI breaking change) Disabled MD5 digest method by default. Use "--enable-md5" configure options ("legacy-crypto" option on Windows) to re-enable MD5.
  • (ABI breaking change) Added "failureReason" file to xmlSecDSigCtx and xmlEncCtx to provide more granular operation failure reason.
  • (ABI breaking change) Removed deprecated functions.
  • Added support for loading keys through ossl-store interface (e.g. for using keys from an HSM). Also see '--privkey-openssl-store' and '--pubkey-openssl-store ' command line options for XMLSec utility.
  • Added ability to control transforms binary chunk size to improve performance (see '--transform-binary-chunk-size' command line option for XMLSec utility).
  • Fixed all potentially unsafe integer conversions and all the other warnings.
  • Added XML Signature 1.1 interop (2012) and XML Encryption 1.1 interop (2012) tests.

xmlsec-openssl library:

xmlsec-nss library:

xmlsec-gnutls library:

xmlsec-mscng library:

xmlsec-mscrypto library:

  • In maintenance mode starting from this release.
  • Disabled by default support for NT4. Use "nt4=yes" configure option on Windows to re-enable it.

xmlsec-gcrypt library:

xmlsec command line utility:

  • (API breaking change) The XMLSec command line utility is using 'strict' key search mode by default. To restore the old 'lax' key search mode, use the new '--lax-key-search' option.
  • (API breaking change) The XMLSec command line utility is no longer prints detailed errors by default. To restore the detailed errors, use the new '--verbose' option.
  • Added '--transform-binary-chunk-size' option to control transforms binary chunk size (increasing the chunk size should improve performance at the expense of memory usage.
  • Added support for loading keys through ossl-store interface (e.g. for using keys from an HSM). Also see '--privkey-openssl-store' and '--pubkey-openssl-store ' command line options for XMLSec utility.
  • Added '--enabled-key-info-reference-uris' option to control processing of the the KeyInfoReference Element.
  • Added '--pbkdf2-key' option for loading PBKDF2 keys.
  • Added '--concatkdf-key' option for loading ConcatKDF keys.
  • Added '--hmac-min-out-len' option to control the min accepted HMAC Output length.
  • Added '--pubkey-openssl-engine' option to load public keys from OpenSSL engine.
  • Added '--crl-pem' and '--crl-der' options to load CRLs.
  • Added '--verify-keys' option to verify key's certificate before loading into Keys Manager (only supported for OpenSSL currently).
  • Enabled templatized output filenames to facilitate batch operations on multiple input files.
Assets 4
Loading
14 Join discussion

XMLSec 1.3.0-rc3

21 Mar 15:19
@lsh123 lsh123
xmlsec_1_3_0_rc3
f432bb7
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
XMLSec 1.3.0-rc3 Pre-release
Pre-release

Changes from 1.3.0-RC2

  • xmlsec-core: Added failure reason to xmlSecDSigCtx and xmlSecEncCtx;
  • all xmlsec-crypto libraries: Ensured that only a single copy of each certificate is added to the key;
  • xmlsec-nss: Improved certificates search and allowed self-signed certificates (if certificate verification is not required).
Assets 4
Loading

XMLSec 1.3.0-rc2

07 Mar 17:23
@lsh123 lsh123
xmlsec_1_3_0_rc2
697deec
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
XMLSec 1.3.0-rc2 Pre-release
Pre-release

Soruce tar file:

Changes from 1.3.0-RC1

  • Added missed include/xmlsec/x509.h (thanks @vmiklos for bug report)
  • Updated README file to new version LibGnuTLS

Contributors

vmiklos
Assets 5
Loading
25 Join discussion

XMLSec 1.3.0-rc1

07 Mar 14:31
@lsh123 lsh123
xmlsec_1_3_0_rc1
fb0b516
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
XMLSec 1.3.0-rc1 Pre-release
Pre-release

The XMLSec 1.3.0 release includes a large number of changes including several API / ABI breaking changes (hence version bump). Please test the release candidate and let me know if you run into any issues! I plan to have at least one more release candidate in 2-3 weeks before the release mid-April.

core xmlsec and all xmlsec-crypto libraries:

  • (ABI breaking change) Added support for the KeyInfoReference Element.
  • (ABI breaking change) Switched xmlSecSize to use size_t by default. Use "--enable-size-t=no" configure option ("size_t=no" on Windows) to restore the old behaviour (note that support for xmlSecSize being different from size_t will be removed in the future).
  • (API breaking change) Changed the key search to strict mode: only keys referenced by KeyInfo are used. To restore the old "lax" mode, set XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH flag on xmlSecKeyInfoCtx or use '--lax-key-search' option for XMLSec command line utility.
  • (API breaking change) The KeyName element content is now trimmed before key search is performed.
  • (API breaking change) Disabled FTP support by default. Use "--enable-ftp" configure option to restore it. Also added "--enable-http" and "--enable-files" configure options to control support for loading files over HTTP or locally.
  • (API/ABI breaking change) Disabled MD5 digest method by default. Use "--enable-md5" configure options ("legacy-crypto" option on Windows) to re-enable MD5.
  • (ABI breaking change) Removed deprecated functions.
  • Added support for loading keys through ossl-store interface (e.g. for using keys from an HSM). Also see '--privkey-openssl-store' and '--pubkey-openssl-store ' command line options for XMLSec utility.
  • Added ability to control transforms binary chunk size to improve performance (see '--transform-binary-chunk-size' command line option for XMLSec utility).
  • Fixed all potentially unsafe integer conversions and all the other warnings.
  • Added XML Signature 1.1 interop (2012) and XML Encryption 1.1 interop (2012) tests.

xmlsec-openssl library:

xmlsec-nss library:

xmlsec-gnutls library:

xmlsec-mscng library:

xmlsec-mscrypto library:

  • In maintenance mode starting from this release.
  • Disabled by default support for NT4. Use "nt4=yes" configure option on Windows to re-enable it.

xmlsec-gcrypt library:

xmlsec command line utility:

  • (API breaking change) The XMLSec command line utility is using 'strict' key search mode by default. To restore the old 'lax' key search mode, use the new '--lax-key-search' option.
  • Added '--transform-binary-chunk-size' option to control transforms binary chunk size (increasing the chunk size should improve performance at the expense of memory usage.
  • Added support for loading keys through ossl-store interface (e.g. for using keys from an HSM). Also see '--privkey-openssl-store' and '--pubkey-openssl-store ' command line options for XMLSec utility.
  • Added '--enabled-key-info-reference-uris' option to control processing of the the KeyInfoReference Element.
  • Added '--pbkdf2-key' option for loading PBKDF2 keys.
  • Added '--concatkdf-key' option for loading ConcatKDF keys.
  • Added '--hmac-min-out-len' option to control the min accepted HMAC Output length.
  • Added '--pubkey-openssl-engine' option to load public keys from OpenSSL engine.
  • Added '--crl-pem' and '--crl-der' options to load CRLs.
  • Added '--verify-keys' option to verify key's certificate before loading into Keys Manager (only supported for OpenSSL currently).
  • Enabled templatized output filenames to facilitate batch operations on multiple input files.
Assets 4
Loading
5 Join discussion

XMLSec 1.2.37

28 Nov 21:55
@lsh123 lsh123
xmlsec-1_2_37
68f1e08
Compare
Choose a tag to compare
XMLSec 1.2.37

The XML Security Library 1.2.37 release includes the following changes:

Thanks to @hendrikdonner and @scaro-axway for reporting these issues!

Contributors

scaro-axway and hendrikdonner
Assets 3
Loading