Version 3.21

2024-05-17 release(3.21.3087)

* IMPROVEMENT: OpenSSL 3 is supported for packaging.
* IMPROVEMENT: Functions deprecated in OpenSSL 3 replaced with new ones.
* IMPROVEMENT: Build warnings reduced.

2022-01-06 release(3.21.3075)

* FEATURE: Added SM-3 and SHA-3 family hash functions for OpenSSL (disabled by default).
* IMPROVEMENT: Code refactored in tlv_element.c to eliminate redundant addition to NULL pointer.
* IMPROVEMENT: Redundant code from fast_tlv.c removed.
* BUGFIX: Possibly uninitialized clean in KSI_SignatureBuilder_close fixed.
* BUGFIX: Memory leak in several KSI_TlvElement_* functions fixed.
* BUGFIX: Tests failing due to expired certificate fixed.
* BUGFIX: Test testUnimplementedHashAlgorithm fixed.
* BUGFIX: String comparison in test/include-test.sh fixed.
* BUGFIX: Potential memory leak in KSI_TreeLeafHandle_getAggregationChain fixed.
* BUGFIX: Possibly NULL passed to memcpy with byte count 0 in tlv.c fixed.
* BUGFIX: Unexpected behaviour fixed when dealing with SHA3-512 hash algorithm names.

Version 3.20

2019-10-07 release(3.20.3025)
* FEATURE: Added support for disabling network providers via compile time options.
* IMPROVEMENT: PDU V1 marked as deprecated.
* IMPROVEMENT: Return NA(GEN-02), instead of FAIL(KEY-01), when certificate is not found during key-based verification. Verification error code KEY-01 is deprecated.
* IMPROVEMENT: New verification rules for calendar hash chain reception from extending service (returning NA(GEN-2) in case of a service failure).
* IMPROVEMENT: KSI_RuleVerificationResult has additional fields with error information. Will be filled in case verification result is NA(GEN-2).
* IMPROVEMENT: Value returned by KSI_getHashAlgorithmByName must be verified with KSI_isHashAlgorithmSupported and KSI_isHashAlgorithmTrusted.
* IMPROVEMENT: KSI_CalendarTimeToUnixTime no longer depends on non-portable timegm.
* BUGFIX: Fixed TreeBuilder masking algorithm.
* BUGFIX: Metadata is now placed into the first link when using KSI_BlockSigner with blinding mask.
* BUGFIX: Constant variable KSI_HASHALG_INVALID is exported with DLL.
* BUGFIX: Resolved compilation warnings.

Version 3.19

2019-02-20 release(3.19.2939)
* BUGFIX: Fixed ABI version.
* BUGFIX: Enhanced backward compatibility with hash algorithm enum values.

2019-01-30 release(3.19.2919)
* FEATURE: Added new async handle state KSI_ASYNC_STATE_ERROR_NOTICE for returning errors that whould be otherwise resolved internally (eg. in case of high availability where one of the configured endpoint encounter connection issues).
* FEATURE: Added new option KSI_ASYNC_OPT_HMAC_ALGORITHM for overriding default HMAC algorithm set via KSI_CTX options KSI_OPT_AGGR_HMAC_ALGORITHM or KSI_OPT_EXT_HMAC_ALGORITHM.
* FEATURE: Added new option KSI_ASYNC_OPT_CONF_CONSOLIDATE_CALLBACK for overriding default consolidation handling.
* FEATURE: Added async service option KSI_ASYNC_OPT_CONNECTION_STATE_CALLBACK for setting connection state listener.
* FEATURE: Added prefix string format support to KSI_LOG_logBlob. Interface remains fully backwards compatible.
* FEATURE: Added find function to KSI_List interface.
* IMPROVEMENT: Helper interface for creating signing KSI_AsyncHandle.
* IMPROVEMENT: Added async request recycle handling for reducing memory allocations.
* IMPROVEMENT: Enhanced async client logging, by adding client and request id's. Provides more distinguishable log entries in case of high availability service.
* IMPROVEMENT: Added async TCP peer connection POLLHUP signal handling. Requests will return immediately with error state instead of waiting for timeout.
* IMPROVEMENT: Failing test TestPKICertificateToString fixed with corrections made to the expired certificates.
* BUGFIX: Made URI schemes case insensitive.
* BUGFIX: RPM build fixed when there is libksi already installed with different binary interface version.
* IMPROVEMENT: Function KSI_CTX_getLastFailedSignature is deprecated. See KSI_VERIFICATION_POLICY_EMPTY for replacement.
* BUGFIX: Fixed high availability server aggregation persion configuration consolodation.
* BUGFIX: Made URI schemes case insensitive.
* BUGFIX: Fixed possible crash when using multiple KSI_AsyncService instances with HTTP endpoints in different threads.
* BUGFIX: RPM build fixed when there is libksi already installed with different binary interface version.
* BUGFIX: Negative enum value is not ISO standard.

Version 3.18

2018-08-27 release(3.18.2836)
* FEATURE: High Availability add-on to the non-blocking network interface.
* FEATURE: Added max tree level to tree builder.
* IMPROVEMENT: KSI_DataHash and KSI_DataHasher accept NULL as KSI context.
* IMPROVEMENT: Added KSI_TlvElement_removeElement function.
* IMPROVEMENT: Changed the curl HTTP debug messages for return codes and internal error messages.
* IMPROVEMENT: KSI_DataHash and KSI_DataHasher accept NULL as KSI context.
* IMPROVEMENT: Updated example code in README.md.
* IMPROVEMENT: Added calendar hash chain consistency verification.
* BUGFIX: Corrected possible crash in list removeElement when configured without object free method.
* BUGFIX: Fixed typo in hash algorithm names.
* BUGFIX: Fixed internal logging mechanism.

Version 3.17

2018-02-12 release(3.17.2693)
* IMPROVEMENT: Added KSI_ATTRIB and KSI_UNUSED to annotate functions.
* FEATURE: Added CommonCrypto for hashing as an alternative to OpenSSL.
* IMPROVEMENT: Removed deprecated interface KSI_Signature_getSignerIdentity.
* IMPROVEMENT: Added consistency tests for public include files (make include-test).
* IMPROVEMENT: Moved all implementation h-files into src/ksi/impl directory.
* IMPROVEMENT: Added deprecated and obsolete times to hash functions.
* IMPROVEMENT: SHA-1 is deprecated as of 01.07.2016T00:00 UTC.
* BUGFIX: Removed double close of the KSI_DataHasher when calculating the calendar hash chain.
* IMPROVEMENT: Added double close guards and tests for KSI_DataHasher.
* BUGFIX: Script rebuild-deb.sh works on Ubuntu.
* IMPROVEMENT: Debian packaging refactored.
* FEATURE: Support for non-blocking HTTP connection (with WinINet and WinHTTP).
* FEATURE: Support for non-blocking HTTP connection (with libcurl).
* IMPROVEMENT: Added support for OpenSSL 1.1 api.
* FEATURE: Request server configuration using KSI_AsyncHandle.
* FEATURE: Return push configuration via KSI_AsyncHandle if KSI_CTX option KSI_OPT_AGGR_CONF_RECEIVED_CALLBACK is not set.
* FEATURE: KSI_CTX options KSI_OPT_PUBFILE_CACHE_TTL_SECONDS for setting the cached publications file timeout.

Version 3.16

2017-11-21 release(3.16.2482)
* BUGFIX: Fixed EINTR (signal) issues with TCP and cURL.

2017-10-12 release(3.16.2475)
* BUGFIX: Fixed logging in net_http_curl.c when using 32-bit OS.
* FEATURE: Support for non-blocking TCP connection.
* IMPROVEMENT: Added an example for non-bloking signing.
* IMPROVEMENT: Debian package name contains debian version.
* IMPROVEMENT: Debian packaaging dependecies fixed.
* IMPROVEMENT: Debian changelog is generated from the main changelog.
* IMPROVEMENT: Libksi Debian/Ubuntu dependencies changed to make it work on both Debian 9 and Ubuntu 16.

Version 3.15

2017-09-12 release(3.15.2306)
* BUGFIX: Fixed creating HmacHasher failure with unimplemented hash algorithm.
* BUGFIX: Unable to create KSI_DataHash from digest if algorithm is not implemented.
* IMPROVEMENT: KSI_FTLV_memRead will parse and return more information when there's an error during parsing.
* IMPROVEMENT: Simplified integration test configuration (see integrationtest.conf.sample)
* BUGFIX: Fixed KSIEP over TCP failing.
* BUGFIX: Fixed clang static analyze findings.
* BUGFIX: GNU makefile target 'dist' does not include any unnecessary files to the resulting tarball.
* IMPROVEMENT: Debian packaging refactored and fixed.
* IMPROVEMENT: ABI version moved from configure.ac to ABI_VERSION file.
* IMPROVEMENT: Added KSI_SignatureBuilder_createSignatureWithAggregationChain function.
* IMPROVEMENT: Removed calendar-based verification from the default verification policy.
* IMPROVEMENT: New verification rule for verifing document hash algorithm.
* IMPROVEMENT: Implemented verification of PKI certificate validity during aggregation time.
* IMPROVEMENT: Rpm packaging spec file moved from "redhat" to "packaging/redhat".
* IMPROVEMENT: Set default PDU version to 2.
* IMPROVEMENT: Removed deprecated verification functionality.

Version 3.14

2017-06-13 release(3.14.2207)
* IMPROVEMENT: Unified verifivation error codes. All error code values with single digit are padded with '0' (general error codes have been changed from GEN-* to GEN-0*).
* IMPROVEMENT: Refactored TCP client host information lookup by using getaddrinfo instead of gethostbyname.
* IMPROVEMENT: Support for integration tests test package.
* IMPROVEMENT: Refactored aggregation hash chain chain index continuation verification.
* IMPROVEMENT: Added mandatory comments to deprecation macro.
* IMPROVEMENT: Returning KSI_UNSUPPORTED_PDU_VERSION in case configured PDU version is not supported for given request.
* IMPROVEMENT: Verification of user-provided input hash level.
* IMPROVEMENT: Updated signature internal verification sequence.
* BUGFIX: Correct extender HMAC setting.
* BUGFIX: Added interface for KSI_Header KSI context getter.
* IMPROVEMENT: Added KSI_DataHash memory reuse.

Version 3.13

2017-04-17 release(3.13.2043)
* IMPROVEMENT: Functionality to request configurations from extender / aggregator.
* BUGFIX: Update publications file client pointer when changinh client.
* IMPROVEMENT: Set level correction when input hash level is greater than 0.
* IMPROVEMENT: Updated ksi_sign_aggr example.
* IMPROVEMENT: HMAC algorithm configuration support for outgoing and incomming messages.
* IMPROVEMENT: Functionality to request configurations from extender / aggregator.
* IMPROVEMENT: Updated verification tutorial.
* IMPROVEMENT: Verification context initial aggregation level member is deprecated (warning not shown under Windows). The initial aggregation level is adjusted into aggregation hash chain level correction value during signature creation.
* IMPROVEMENT: Set level correction when input hash level is greater than 0.
* IMPROVEMENT: Updated ksi_sign_aggr example.
* BUGFIX: Update publications file client pointer when changinh client.

Version 3.12

2017-03-02 release(3.12.2010)
* BUGFIX: Removed internal http pipeline feature.
* BUGFIX: The example of KSI_DataHash_create in tutorial/t1_signing.md was missing an argument.

2017-02-27 release(3.12.2000)
* IMPROVEMENT: Support for adding doxygen generated html files into rpm and debian package.
* IMPROVEMENT: Added flag --with-default-pdu-version=version to configure script.
* IMPROVEMENT: Improve test support for different PDU version.
* BUGFIX: Fixed KSI_TlvElement nested structure serialization issue.
* IMPROVEMENT: Updated signature verification procedure. Added new error codes.
* IMPROVEMENT: Provide identity information as a list.
* IMPROVEMENT: Function KSI_Signature_getSignerIdentity is deprecated. See KSI_Signature_getAggregationHashChainIdentity for replacement.
* BUGFIX: Corrected medadata request time parsing.
* BUGFIX: Validate list impl pointer before use.
* BUGFIX: Cryptoapi KSI_PKISignature_new fails if the input blob can not be parsed.
* BUGFIX: CryptoAPI uses PKCS7 signatures embedded intermediate certificates in verification process.
* IMPROVEMENT: Internally HTTP connections are reused and pipelined.
* IMPROVEMENT: Increased the size of the statically allocated KSI_Integer pool up to the value of 0xff.
* IMPROVEMENT: Removed experimental feature KSI_NetworkClient_performAll.
* IMPROVEMENT: Removed multi-signature support from the SDK.

Version 3.11

2016-11-03 release(3.11.1893)
* BUGFIX: Disabled cURL from using signals.
* IMPROVEMENT: Removed deprecated functions: KSI_TLV_setUintValue, KSI_TLV_fromUint, KSI_TLV_removeNestedTlv
* FEATURE: Added support for aggregation and extending PDU version 2.

Version 3.10

2016-10-18 release(3.10.1839)
* IMPROVEMENT: Refactored signature verification step attribute handling.
* IMPROVEMENT: Implemented KSI_BlockSigner getter for the hash value of the last leaf in the tree.
* BUGFIX: Fixed debian build.
* BUGFIX: Reference counting issues fixed.
* IMPROVEMENT: Removed support for Windows build combination DLL=dll and RTL=MT(d).
* IMPROVEMENT: List macros check for NULL pointers.
* BUGFIX: Error message for unknown OID properly reported.
* BUGFIX: Userinfo in URLs with unknown schema, incl. http://, is retained for http basic authentication and is not used for KSI authentication.
* IMPROVEMENT: Moved signature helper functions from signature.{h,c} into signature_helper.{h,c}
* FEATURE: Added signature builder.
* IMPROVEMENT: All functions except *List_new and *List_free are now type safe macros.
* IMPROVEMENT: Deprecated functions KSI_TLV_setUintValue, KSI_TLV_fromUint and KSI_TLV_removeNestedTlv.

Version 3.9

2016-06-21 release(3.9.1701)
* IMPROVEMENT: Added block signature sample application.
* IMPROVEMENT: Removed dead code from http_parser.{c,h}
* IMPROVEMENT: Added KSI_verifyDataHash.
* IMPROVEMENT: Custom meta-data sepparated from the low-level implementation. Adds padding automatically.
* IMPROVEMENT: Metadata hardening verification.
* IMPROVEMENT: Removed SHA-224 support.
* IMPROVEMENT: Removed Unused function KSI_RDR_verifyEnd.
* IMPROVEMENT: PKI truststore initialization is performed on the need basis.
* IMPROVEMENT: Added signature verification according to policies.
* IMPROVEMENT: Created KSI_HmacHasher interface for incremental HMAC computation.
* IMPROVEMENT: Certificate constraints can be set and verified per publications file.
* IMPROVEMENT: Add preprocessor parseable version no.
* IMPROVEMENT: KSI_receivePublicationsFile must not verify publications file automatically.
* BUGFIX: Invalid and misleading exception message on response publication time check.
* BUGFIX: Correcting memory leaks when using Windows Crypt32 library.
* IMPROVEMENT: Added support for local aggregation.
* IMPROVEMENT: Functions KSI_Signature_create* are deprecated and KSI_Signature_sign will replace them.
* IMPROVEMENT: Added function KSI_Signature_appendAggregationChain.
* IMPROVEMENT: Added function KSI_AggregationHashChain_calculateShape.
* IMPROVEMENT: KSI_HashChain_aggregate and KSI_HashChain_aggregateCalendar no longer require not NULL output parameters.
* IMPROVEMENT: Added KSI_AggregationHashChain_aggregate function.
* BUGFIX: Correcting usage of isForward and isNonCritical flags in KSI_TlvTemplate_serializeObject and KSI_TlvTemplate_writeBytes. Added tests to cover this bug.
* IMPROVEMENT: KSI_LIST may contain NULL values.
* BUGFIX: Certificate and publication records are not mandatory for publications file.
* IMPROVEMENT: Integration tests configuration file error handling improved.
* IMPROVEMENT: Handling for reading server responses from tlv files.
* BUGFIX: Removed unused function.
* BUGFIX: Fixed macro redefinition issue.
* BUGFIX: Fixed KSI_Signature_getSigningTime() when signature does not containa calendar chain.
* IMPROVEMENT: Created KSI_HmacHasher interface for incremental HMAC computation.
* IMPROVEMENT: Added detailed coverage report in html format.
* IMPROVEMENT: In case of no errors KSI_ERR_getBaseErrorMessag returns string indicating that there are no errors.
* BUGFIX: KSI_ERR_getBaseErrorMessage error code returned by the output parameter fixed when error count is zero.
* BUGFIX: KSI_DataHasher memory leak on immediate reset after open.
* IMPROVEMENT: Added detailed coverage report in html format.
* BUGFIX: Fixed HMAC for hash functions with other than 512 bit internal block size.
* IMPROVEMENT: Removed build warnings on OSX.
* IMPROVEMENT: Added mechanism to disable deprecation warnings.

Version 3.7

2016-01-26 release(3.7.1037)
* BUGFIX: Fixed building from SRPM
  Thanks to Peter Portante
* BUGFIX: Compilation issues under Fedora 21
  Thanks to Peter Portante
* IMPROVEMENT: Versioning includes
* BUGFIX: KSI_Signature_getDocumentHash fixed when applied to legacy signature.
* BUGFIX: KSI_MultiSignature_get fixed when extracting legacy signature.
* BUGFIX: KSI_MultiSignature_remove fixed when removing legacy signature.

Version 3.4

2015-12-09 release(3.4.0.6)
* Added mime-type to http requests.
* Protection against demoting meta_hash and metadata to sibling_hash

2015-09-14 release(3.4.0.1)
* Removed all default endpoints.
* Added multi signature container.
* Publications file parsing and verification are now more strict.
* Publications file verification customizable.
* Added fast tlv parser.
* Fixed getLatestPublication and getNearestPublication.
* Restructured logging (new log levels).
* All size variables changed to size_t.
* Hash algorithm id changed from int to KSI_HashAlgorithm.
* Debian packaging.
* Publications file creation and signing support.
* Hashing algorithm RIPEMD-256 removed.
* Local aggregation support.
* Fixed calendar hash chain calculation.

Version 3.2
Version 3.2

2015-05-14 release (3.2.2.0)
* Added functions for signing locally aggregated root hashes.
* Added convenience functions for verifying a signature with user provided
publication.

2015-04-01 release (3.2.1.0)
* First public release
