YuXMLSec: Version History

Update to XMLSec v1.3.9:

• Added pub/priv key type check for EC and DH keys; improved non-memory EVP keys detection.
• Added octet parser in X509 names.
• Several other small fixes.

Link against YuOpenSSL-3.6 and DIXml v8.2.0, both from https://yunqa.de.

Update to XMLSec v1.3.8:

• Added support for longer than expected DSA and ECDSA sigantures to support broken Java implementations.
• Added RSA MGF1 and digest template API.
• Added examples of signing / verifying signature by ID attribute (sign4.dpr / verify4.dpr).
• Several small fixes.

• Fix a YuOpenSSL version conflict by linking against OpenSSL 3.5 (YuOpenSSL-3.5 v1.1.2).

• Support Delphi 13 Florence Win32 and Win64.

Update to XMLSec v1.3.7:

• Added XMLSEC_TRANSFORM_FLAGS_USER_SPECIFIED flag to xmlSecTransform.Flags to differentiate transforms specified in the input XML file vs transforms automatically added by XMLSec library.
• Added signature result verification to the examples to demonstrate the need to ensure the correct data is actually signed.
• Disabled old crypto algorithms (MD5, RIPEMD160).
• Fixed excess padding in ECDSA signature generation.
• Several other small fixes

Link against OpenSSL 3.4 (YuOpenSSL-3.4 v1.0.1) and libxml2 v2.14.4 (DIXml v8.0.0).

Update to XMLSec v1.3.4:

• Support cert dates before unix epoch start.
• Fixed build for libxml2 v2.13.0 (DIXml 7.0.0).
• Several other small fixes.

Update to XMLSec v1.3.2:

• Fix GOST.
• Fix base64 for large files.
• Fix serializing non-UTF-8 encoded XML data.

• Support Delphi 12 Athens Win32 and Win64.

• Update to XMLSec v1.3.0:
  • core xmlsec and all xmlsec-crypto libraries:
    • Added support for the <KeyInfoReference> element (ABI breaking change).
    • Changed the key search to strict mode: only keys referenced by <KeyInfo> are used. To restore the old “lax” mode, set XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH flag on xmlSecKeyInfoCtx (API breaking change).
    • The <KeyName> element content is now trimmed before key search is performed (API breaking change).
    • Disabled FTP support (API breaking change).
    • Disabled MD5 digest method (API/ABI breaking change).
    • Added failureReason file to xmlSecDSigCtx and xmlSecEncCtx to provide more granular operation failure reason (ABI breaking change).
    • Removed deprecated functions (ABI breaking change).
    • Added support for loading keys through ossl-store interface (e.g. for using keys from an HSM).
    • Added ability to control transforms binary chunk size to improve performance.
  • xmlsec-openssl library:
    • Added support for SHA3 digests.
    • Added support for ECDSA-SHA3 signatures.
    • Added support for RSA PSS signatures (withtout parameters).
    • Added support for ConcatKDF key and PBKDF2 derivation algorithms.
    • Added support for ECDH-ES Key Agreement algorithm (ABI breaking change).
    • Added support for DH-ES Key Agreement algorithm with explicit KDF (ABI breaking change).
    • Added support for MGF1 algorithm to RSA OAEP key transport.
    • Added support for X509Digest element and ability to lookup keys using other X509Data elements.
    • Added support for DEREncodedKeyValue element.
    • Automatically set key name from PKCS12 key name.

• Migration to OpenSSL 3.0 API. Needs YuOpenSSL-3 v1.2.6 or later.
• Several smaller fixes.

• DIXml v6.0.0 compatability update.

• Update to XMLSec v1.2.34.

• Compiled against YuOpenSSL-3. The old YuOpenSSL no longer works. Please update if needed.
• Update to XMLSec v1.2.33:
  • Fix decrypting session key for multiple recipients.
  • Add the xmlSecKeyDataFormatEngine option to enhance OpenSSL engine support.

• Support Delphi 11 Alexandria Win32 and Win64.

• Update to XMLSec v1.2.32:
  • Add xmlSecX509DataGetNodeContent, with fixed return value.
  • Fix PKCS1 parsing error handling in xmlSecOpenSSLAppPkcs12LoadBIO. It now logs the real root error cause.
  • Fix decrypting XML with multiple recipients.

• Initial public release, based on XMLSec 1.2.31.