-
-
Notifications
You must be signed in to change notification settings - Fork 642
/
ChangeLog.txt
executable file
·2482 lines (2289 loc) · 89.7 KB
/
ChangeLog.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
ChangeLog for jsrsasign
restore KJUR.crypto.Cipher class without RSA/RSAOAEP support
* Changes from 11.0.0 to 11.1.0 (2024-Feb-01)
- src/crypto.js
- restore KJUR.crypto.Cipher class without RSA and RSAOAEP encryption/decryption support
remove RSA and RSAOAEP encryption for Marvin attack
* Changes from 10.9.0 to 11.0.0 (2024-Jan-16)
- remove RSA PKCS#1.5 end OAEP encryption/decryption for Marvin attack (#598)
- src/crypto.js
- remove KJUR.crypto.Cipher class for RSA and RSAOAEP encryption/decryption
- ext/{rsa,rsa2}.js
remove encrypt/decrypt/encryptOAEP/decryptOAEP for RSAKey class
enhanced support for encrypted PKCS8
* Changes from 10.8.6 to 10.9.0 (2023-Nov-27)
- KEYUTIL.getPEM is updated not to use weak ciphers (#599)
- default encryptionScheme is changed from des-EDE3-CBC to aes256-CBC
- default prf is changed from hmacWithSHA1 to hmacWithSHA256
- src/keyutil.js
- more encrypted PKCS#8 private key support
- KEYUTIL.getKey now supports encrypted PKCS#8 private key with
aes128-CBC, aes256-CBC encrypted and using hmacWithSHA224/256/384/512 as
psudorandom function.
- KEYUTIL.getPEM now supports such as above encrypted PKCS#8 PEM
priavte key.
- src/crypto.js
- Cipher.decrypt/encrypt now supports symmetric ciphers (des-EDE3-CBC,aes128-CBC,aes256-CBC)
- src/base64x.js
- function inttohex and twoscompl are added
- src/asn1.js
- ASN1Util.bigIntToMinTwosComplementsHex is now DEPRECATED. use twoscompl.
- src/asn1x509.js
- aes*-CBC and hmacWithSHA* OIDs are added
- test/qunit-do-{base64x,crypto-cipher,keyutil-eprv,keyutil,keyutil-p8egen}.html
- update and add some test cases for above
- stop bower support (bower.json removed)
X509.getExtSubjectDirectoryAttributes another bugfix
* Changes from 10.8.5 to 10.8.6 (2023-Apr-26)
- src/x509.js
- another bugfix X509.getExtSubjectDirectoryAttributes method
X509.getExtSubjectDirectoryAttributes bugfix
* Changes from 10.8.4 to 10.8.5 (2023-Apr-26)
- src/x509.js
- bugfix X509.getExtSubjectDirectoryAttributes method
more SubjectDirectoryExtension support
* Changes from 10.8.3 to 10.8.4 (2023-Apr-26)
- src/asn1x509.js
- SubjectDirectoryAttributes class
- add array of array support for arbitrary attribute value
- src/x509.js
- add X509.getExtSubjectDirectoryAttributes method for
ExtSubjectDirectoryAttributes extension
- update X509.getExtParam method
- support SubjectDirectoryAttributes
- parse unknown extension as ASN.1
- src/base64x.js
- bugfix foldnl function: when length of s is multiple of n,
result has unnecessary new line in the end of string.
- qunit-do-{asn1x509,x509-ext,base64x,x500-param}.html
- update and add some test cases for above
CABF SMIMEBR OID support
* Changes from 10.8.2 to 10.8.3 (2023-Apr-20)
- src/asn1x509.js
- Add OIDs for CABR S/MIME BR policy OIDs and GN givenName attribute type
RSA OAEP encryption fix
* Changes from 10.8.1 to 10.8.2 (2023-Apr-15)
- ext/rsa.js
- fix RSAEncryptOAEP for RSA OAEP encryption #582 #583
In rare cases, it have been generated ciphertext that
could not be decrpyted.
npm export missing fix
* Changes from 10.8.0 to 10.8.1 (2023-Apr-09)
- npm/{package.json, lib/footer.js}
UserNotice of CertificatePolicies support and more
* Changes from 10.7.0 to 10.8.0 (2023-Apr-08)
- x509.js
- X509.getUserNotice supports NoticeReference
- add asn1ToDisplayText method
- base64x.js
- add function msectozulu
- add aryval for nested JSON value access
- asn1.js
- DERInteger refactoring
- test/qunit-do-{asn1,asn1x509,base64x,x509-ext}.html
- update and add some test cases for above
custom X.509 extension support and utility functions
* Changes from 10.6.1 to 10.7.0 (2023-Mar-12)
- x509.js
- add X509.registExtParser(): register custom extension parser
- base64x.js
- add utility functions
- b64topem() Base64 string to PEM
- pemtob64() PEM to Base64 string
- foldnl() wrap string to fit in specified width
- timetogen() align to UTCTime to GeneralizedTime
- test/qunit-do-{x509-ext,base64x}.html
- update and add some test cases for above
Add PolicyMappings, PolicyConstraints and InhibitAnyPolicy extension support
* Changes from 10.6.0 to 10.6.1 (2022-Nov-20)
- asn1x509.js
- KJUR.asn1.x509.{PolicyMappings,PolicyConstraints,InhibitAnyPolicy} class added
- KJUR.asn1.x509.Extension updated to support
PolicyMappings, PolicyConstraints and InhibitAnyPolicy
- x509.js
- X509.getExt{PolicyMappings,PolicyConstraints,InhibitAnyPolicy} method added
- X509.getCriticalExtV utility method added
- X509.getExtParam updated to support
{PolicyMappings,PolicyConstraints,InhibitAnyPolicy}
- X509.getInfo updated to support
{PolicyMappings,PolicyConstraints,InhibitAnyPolicy}
- test/qunit-do-{asn1x509-tbscert,x509-ext,x509-getinfo,x509-param}.html
- update and add some test cases for above
StringPrep DN canonicalization support and some fix
* Changes from 10.5.27 to 10.6.0 (2022-Nov-04)
- x509.js
- X509.getParam
- add support for optional parameter "dncanon" and "dnhex"
- X509.getInfo
- update representation for AltName
- X509.{getIssuer,getSubect}
- add support for optional argument flagCanon, flagHex
- X509.c14RDNArray added to convert from RDN array to canonicalized
DN name (a.k.a. StringPrep).
- X509.getX500Name
- API document updated
- X509.getOtherName
- member name changed from "other" to "value" for
consistency with KJUR.asn1.x509.OtherName class constructor.
- Also oid member value in return object will be an oid name if defined.
- X509.setCanonicalizedDN added to set "canon" member value
- asn1x509.js
- smtpUTF8Mailbox oid added to OID class
- API document fix
- asn1.js
- DERTaggedObject API document update
- test/qunit-do-{asn1x509,x509-ext,x509-getinfo,x509-param,x509}.html
- update some test cases for above
CSRUtil class enhancement
* Changes from 10.5.25 to 10.5.26 (2022-Jul-14)
- src/asn1csr.js
- CSRUtil.verifySignature method added
- CSRUtil.getParam enhanced to support optional argument flagTBS
- test/qunit-do-asn1csr.html
- update some test cases for above
CVE-2022-25898 Security fix in JWS and JWT validation
* Changes from 10.5.24 to 10.5.25 (2022-Jun-23)
- src/jws.js
- JWS.verify and JWS.verifyJWT
- CVE-2022-25898 SECURITY FIX:
verify and verifyJWT may accept signature with special characters
or \number characters by mistake.
Please see security advisory:
https://github.com/kjur/jsrsasign/security/advisories/GHSA-3fvg-4v2m-98jf
- src/base64x.js
- function isBase64URLDot added
- test/qunit-do-jwt-veri.html
X509.getParam bugfix for v1 certificate
* Changes from 10.5.23 to 10.5.24 (2022-Jun-04)
- src/x509.js
- X509.getParam bugfix for X.509v1 certificate without extension
BitString parsing bug fix
* Changes from 10.5.22 to 10.5.23 (2022-May-27)
- src/base64x.js
- bitstrtobinstr bugfix fix
- src/asn1hex.js
- ASN1HEX.parse change for bin string range
- npm/lib/footers.js
- add missed exports (bitstrtobinstr, binstrtobitstr,
namearraytobinstr, extendClass)
- test/qunit-do-{asn1hex-parse,base64x}.html
- add and fix some test cases for above
DERBitString, KeyUsage and tsp PKIFailureInfo critical bug fix
* Changes from 10.5.21 to 10.5.22 (2022-May-24)
- src/asn1.js
- DERBitString critical bugfix
- src/asn1tsp.js
- PKIFailureInfo critical bugfix
- src/asn1x509.js
- KeyUsage critical bugfix
- src/base64.x
- namearraytobinstr critical bugfix
- test/qunit-do-{asn1,asn1tsp,asn1x509,base64x}.html
- add and fix some test cases for above
DERBitString, KeyUsage and tsp PKIFailureInfo fix
* Changes from 10.5.20 to 10.5.21 (2022-May-23) *RELEASE RESIGNED*
- src/asn1x509.js
- KeyUsage bugfix, refactoring
- src/asn1tsp.js
- PKIFailureInfo bugfix, refactoring
- src/asn1.js
- DERBitString refactoring
- src/base64x.js
- new function namearraytobinstr added
- src/asn1ocsp.js
- ResponderID API document fix
- test/qunit-do-{asn1,asn1tsp,asn1x509,base64x,x509-ext}.html
- add and fix some test cases for above
OCSP ResponderID object udpate
* Changes from 10.5.19 to 10.5.20 (2022-Apr-25)
- src/asn1ocsp.js
- ResponderID class now also supports PEM certificate or
X509 object for key and name field.
- test/qunit-do-asn1ocsp.html
- add some test cases and fix for above
- remove silver sponsor
Time stamp package update
* Changes from 10.5.18 to 10.5.19 (2022-Apr-23)
- src/asn1tsp.js
- TimeStampResp class update to statusinfo member
will be optional. If omitted, it will be "granted" by default.
- API manual update for more detail
Time stamp package update
* Changes from 10.5.17 to 10.5.18 (2022-Apr-22)
- src/asn1tsp.js
- TSPParser.getTimeStampReq added
- TSPUtil.parse{TimeStampReq,MessageImprint} now *DEPRECATED*. Please use TSPParser.
- test/qunit-do-asn1tsp.html
- add some test cases and fix for above
CIDR subnet mask support in iptohex and hextoip
* Changes from 10.5.16 to 10.5.17 (2022-Apr-14)
- src/asn1x509.js
- add IP address support in NameConstraints class
- bugfix in NameConstraints ip address
- wrong ASN.1 encoder in NameConstraints class bug fix (wrong explicit tag)
- src/base64x.js
- add CIDR subnet mask support in iptohex and hextoip
- iptohex, hextoip refactoring
- test/qunit-do-{x509-ext,base64x,asn1x509-tbscert,asn1x509}.html
- add some test cases and fix for above
Add NameConstraints extension and modify getEncodedHex to tohex
* Changes from 10.5.15 to 10.5.16 (2022-Apr-08)
- src/asn1x509.js
- NameConstraints and GeneralSubtree class added
- add support for nameConstraints in Extensions class
- remove old GeneralName code
- src/x509.js
- getExtNameConstraints and getGeneralSubbtree method added
- add support for nameConstraints in getParam method
- X509.getParam supports optional arguments:
- tbshex: to return hexadecimal tbsCertificate value
- nodnarray: delete array member of subject and issuer
in the result.
- src/x509crl.js
- X509CRL.getParam supports optional arguments:
- tbshex: to return hexadecimal tbsCertList value
- nodnarray: delete array member of subject and issuer
in the result.
- src/asn1.js
- ASN1Object.tohex() method added
- ASN1Object.getEncodedHex() method is now DEPRECATED.
Please use ASN1Object.tohex() instead.
- clean up some codes
- src/*.js
- update for ASN1Object.tohex()
- test/qunit-do-x509-ext.html
- getExtNameConstraints and getGeneralSubtree method test added
- test/qunit-do-asn1x509.html
- NameConstraints and GeneralSubtree class test added
- test/qunit-do-asn1-newobj.html
- int and tag test refactoring
- bugfix
X509.getExtCRLDistributionPointsURI small fix
* Changes from 10.5.14 to 10.5.15 (2022-Apr-06)
- src/x509.js
- fix X509.getExtCRLDistributionPointsURI. This returns
undefined when no CDP extension as specified in document
even though it is deprecated method.
KEYUTIL.getPEM small fix
* Changes from 10.5.13 to 10.5.14 (2022-Mar-28)
- src/keyutil.js
- fix KEYUTIL.getPEM when public key is not specified for ECDSA object.
optional public key field will be omitted in such case. (#549)
- test/qunit-do-*.html
- test case added for above updates.
RSA key private generation fix
* Changes from 10.5.12 to 10.5.13 (2022-Mar-18)
- ext/rsa2.js
- fix RSAGenerate for checking |p - q| (#546)
support ISO 8859-1 TeletexString and BMPString for X500Name
* Changes from 10.5.11 to 10.5.12 (2022-Mar-13)
- src/asn1hex.js
- ASN1HEX.parse fixed for TeletexString and BMPString
- ASN1HEX.parse TeletexString supports non-ASCII
ISO 8859-1 Latin1 characters. Before this version,
only supports ASCII characters.
- hextoipv6 bug fix raised in some of enviroment
- src/base64x.js
- iso88591hextoutf8/utf8toiso88591hex added
- iso88591hextoutf8hex/utf8hextoiso88591hex added
- hextoipv6 fixed
- src/x509.js
- refactoring for X509.get{X500NameArray,RDN,AttrTypeAndValue}.
Add support for Teletex/BMPString and more attrTypes
- test/qunit-do-*.html
- test case added for above updates.
- qunit-do-base64x: add iso8859-1 / utf-8 converter tests
- qunit-do-asn1hex-parse: add TeletexString parse tests
- qunit-do-x509-ext: add NumericString/TeletexString X500Name tests
asn1hex update
* Changes from 10.5.10 to 10.5.11 (2022-Mar-12)
- src/ash1hex.js
- ASN1HEX.parse add NumericStiring(x12) support
- ASN1HEX.parse fix for "8x" tag (non structured tag)
- test/qunit-do-asn1hex.html
- test case added for above updates.
hextoipv6 fix
* Changes from 10.5.9 to 10.5.10 (2022-Mar-10)
- src/base64x.js
- fix hextoipv6 for shrinking leading zeros (#536)
- test/qunit-do-base64x.html
- test case added for above updates.
small fix
* Changes from 10.5.8 to 10.5.9 (2022-Mar-10)
- src/base64x.js
- fix zulutosec (#538)
- src/asn1csr.js
- fix CSRUtil.getParam (#544)
- test/qunit-do-{base64x,asn1csr}.html
- test case update for above updates.
OCSP CertID and X509 class update
* Changes from 10.5.7 to 10.5.8 (2022-Feb-25)
- src/asn1ocsp.js
- CertID class refactoring
- CertID.getParamByCerts method added
- src/x509.js
- DEPRECATED getPublicKeyHex method (use getSPKI instead)
- getSPKI, getSPKIValue method added
- getExtCRLDistributionPointsURI bugfix
- API document fix
- test/qunit-do-{asn1ocsp,x509-ext,x509,x509-v1}.html
- test case update and bugfix for above updates.
X509CRL.findRevCert bugfix for empty revCerts
* Changes from 10.5.6 to 10.5.7 (2022-Feb-19)
- src/x509crl.js
- X509CRL.{findRevCert,findRevCertBySN} method fix for empty revCerts
X509CRL.findRevCert bugfix
* Changes from 10.5.5 to 10.5.6 (2022-Feb-17)
- src/x509crl.js X509CRL class
- fix sn error in findRevCert
CRL parser update
* Changes from 10.5.4 to 10.5.5 (2022-Feb-17)
- src/x509crl.js X509CRL class
- add getIssuerHex method
- add findRevCert method
- add findRevCertBySN method
- test/x509crl.html update
ASN.1 parser update and fix
* Changes from 10.5.3 to 10.5.4 (2022-Feb-15)
- src/asn1.js
- DERTaggedObject
- refactoring
- add {tag: xx, str:"aaa"} parameter support
- add {tag: xx, hex:"616161"} parameter support
- setASN1Object method now *deprecated*. Please use setByParam
- src/asn1hex.js
- ASN1HEX.parse
- add encapsulated OctetString, BitString support
- add encapsulated structured TaggedObject support
- changed to return binary string for 3byte or less BitString value
- ObjectIdentifier fix when undefined OID name
- src/base64x.js
- added bitstrtobinstr/binstrtobitstr
- utf8tohex fix for lower case hexadecimal string
- hextoutf8 fix for improper hexadecimal string for UTF-8
- bitstrtoint/inttobitstr fix for error case return
- test/qunit-do-asn1.html
- TaggedObject test case update
- test/qunit-do-asn1hex-parse.html
- BitString, TaggedObject test case update
- test/qunit-do-base64x.html
- hextoutf8/utf8tohex testcase update
- bitstrtobinstr/binstrtobitstr testcase added
add OtherName support in GeneralName
* Changes from 10.5.2 to 10.5.3 (2022-Feb-10)
- add otherName support in GeneralName by PR
with small update (#535)
- src/asn1x509.js
- add otherName of GeneralName support (#535)
- GeneralName class refactoring
- add OtherName class
- src/x509.js
- add otherName of GeneralName support
- src/asn1hex.js
- add ASN1HEX.parse method
- src/asn1.js
- API doc and error exception fix
- test/qunit-do-{asn1x509,x509-ext}.html
- test case added
- test/qunit-do-asn1hex-parse.html added
small update for OID and JWK
* Changes from 10.5.1 to 10.5.2 (2022-Feb-08)
- src/asn1x509.js
- add OID.{registerOIDs,checkOIDs} method
- src/keyutil.js
- getJWK, getJWKFromKey API doc update
- test/qunit-do-asn1x509.html updated
- test case added
add KEYUTIL.getJWK, fix EC P-521 concat signature value and add support for P-521 JWS JWK
* Changes from 10.5.0 to 10.5.1 (2021-Dec-01)
- fix ECC P-521 curve issues (#528)
- src/ecdsa-modified.js
- asn1SigToConcatSig fix P-521 issue
- concatSigToASN1Sig fix P-521 issue
- src/jws.js
- add ES512 support
- src/keyutil.js
- fix P-521 issue in getKey,getJWKFromKey,
- tool/tool_jwt.html
- add ES512 support
- test/qunit-do-ecdsamod-s.html
- add P-521 asn1SigToConcatSig tests
- add P-521 concatSigToASN1Sig tests
- test/qunit-do-ecdsamod.html
- add sha512 tests
- test/qunit-do-jws-sign.html
- add signing and verification ES512 test
- test/qunit-do-keyutil-ec.html
- add P-521 key test
- test/qunit-do-keyutil-jwk.html
- add P-521 private key test
- test/qunit-do-x509-key.html
- add P-521 certificate test
- JWK from X509 certificate (#529)
- this PR was merged but
- X509.getPublicKeyJWK was moved to KEYUTIL.getJWK
- some tests in qunit-do-x509-jwk was moved to
qunit-do-keyutil-jwk
- readCertJWK was removed
- src/keyutil
- KEYUTIL.getJWK added and x5c/x5t/x5t#S256/kid member support
- KEYUTIL.getJWKFromKey now deprecated
- src/ecdsa-modified.js
- missing variable definition fix (#527)
- test/qunit-do-x509.html test error fix
- Great appreciate for @cplussharp 's contribution.
Add EC support for secp521r1 secp224r1 secp192r1
* Changes from 10.4.1 to 10.5.0 (2021-Nov-21)
- Add EC support for secp521r1 secp224r1 secp192r1 (#521 #519)
Thank you indeed for @cplussharp 's great work.
- EC key length bugs for newly supported curves are fixed.
- src/ecdsa-modified: key length fixes
- src/ecparam.js: add keycharlen property
- src/asn1x509.js: add secp521r1 OID
- test/qunit-do-ecdsamod.html: all test code passed
- test/qunit-do-ecdsamod-unsupport.html: all test code passed
- test/qunit-do-ecdsamod-s.html: all test code passed
- test/qunit-do-ecdsamod-nisttv.html: added for NIST EC keygen test
- sample/sample-ecdsa.html: add P-521
- sample/sample-rsasign.html
- fix to trim non hexadecimal strings (#517)
GeneralizedTime, UTCTime refactoring and some bug fix
* Changes from 10.4.0 to 10.4.1 release (2021-Sep-30)
- src/asn1.js
- refactoring of DERUTCTime, DERGeneralizedTime and DERAbstractTime
- now DERUTCTime support fraction of second
- src/asn1x509.js
- update Time class to follow DER{UTC,Generalized}Time update
- tool/tool_tsreq.html
- messageImprint bug fix (#504)
- tool/tool_tsres.html
- serialNumber bug fix (#505)
- jsrsasign-*-min.js
- header URL fix to kjur.github.io (#503)
(will be fixed in next release while rebuild)
- test/qunit-do-{asn1,asn1x509}.html updated
- KJUR.asn1.DER{UTC,Generalized}Time, KJUR.asn1.x509.Time class
test case added and updated.
Full support for parsing OCSP response
* Changes from 10.3.2 to 10.4.0 (2021-08-17)
- asn1ocsp.js
- add OCSP response parser support in OCSPParser class (request #501)
- OCSPParser.get{OCSPResponse,ResponseBytes,BasicOCSPResponse,ResponseData,ResponderID,SingleResponseList,SingleResponse,CertStatus} methods added
- DEPRECATED: OCSPUtil.getOCSPResponseInfo
- test/qunit-do-asn1ocsp.html updated
- add test for OCSP response parser
fix wrong OCSPRequest for EC public key certificate
* Changes from 10.3.1 to 10.3.2 (2021-08-15)
- asn1ocsp.js
- CertID.setByCert fixed for issuer EC public key (issue #500)
document fix for deprecated kjur.github.com domain
* Changes from 10.3.0 to 10.3.1
- kjur.github.com domain is deprecated after Apr 15, 2021. So all kjur.github.com domain shall be updated to kjur.github.io. (#490)
- There is no bundled library (-all-min.js) nor npm update on this. license URL will be fixed in next release.
remove all YUI dependency
* Changes from 10.2.0 to 10.3.0 (2021-07-04)
- remove YUI library dependency
- LICENSE.txt
- remove YUI license
- src/base64x.js
- add extendClass function to replace YUI class extend
- src/*.js
- replace YAHOO.lang.extend to extendClass all
- src/keyutil.js
- change to raise exception in KEYUTIL class with Error class
- src/asn1x509.js
- API document update for Extesions and CRLReason class
- npm_util/package.json
- fix dependencies (#482)
- test/qunit-do-*.html
- updated to follow above
- test/qunit-do-base64x-class.html added
- test for extendClass function
CVE-2021-30246 RSAKey.verify issue fix
* Changes from 10.1.13 to 10.2.0 (2021-04-14)
- src/rsasign.js
- CVE-2021-30246 RSAKey.verify issue was fixed (#478)
- src/asn1cms.js
- IssuerSerial, IsseruAndSerialNumber API document update
- sample_node/asn1extract2
- change to "/usr/bin/env node"
add non-ascii BMPString support
* Changes from 10.1.12 to 10.1.13 (2021-03-08)
- src/base64x.js
- add ucs2hextoutf8 function
- src/x509.js
- X509.getAttrTypeAndValue supports non-ascii BMPString (#474)
- src/asn1hex.js
- ASN1HEX.dump supports non-ascii BMPString
- test/qunit-do-{asn1hex-dump,x509-ext,base64x}.html
- updated to follow above
fix for wrong UTF-8 encoding in distinguished name parser
* Changes from 10.1.11 to 10.1.12 (2021-02-25)
- src/x509.js
- fix X509.getAttrTypeValue (#473)
- attribute value is converted by hextoutf8 not hextorstr
- X509.getIssuerString update to use getIssuer
- X509.getSubjectString update to use getSubject
- X509.dnarraytostr fix to escape "+" and "/"
- X509.hex2dn update to use getX500Name
- test/qunit-do-x509-ext.html
- updated to follow above
update X509.getVersion and add jsrsasign-util saveFileJSON
* Changes from 10.1.10 to 10.1.11 (2021-02-19)
- src/x509.js
- X509.getVersion supports other than
empty(DEFAULT =v1) and [0] {INTEGER 2} (=v3).
Thus version checking is relaxed. (#471)
- src/nodeutil.js (jsrsasign-util 1.0.4)
- add saveFileUTF8
- saveFileJSON API document fix
extend support for distinguished name
* Changes from 10.1.9 to 10.1.10 release (2021-02-14)
- src/asn1x509.js
- AttributeTypeAndValue
- add support for OID and oid name constructor
AttributeTypeAndValue({str: "/streetAddress=foo"})
AttributeTypeAndValue({str: "/2.5.4.9=foo"})
- OID.name2oidList
- add givenName
- test/qunit-do-asn1x509.html
- updated to follow above
Add SubjectDirectoryAttributes extension support
* Changes from 10.1.8 to 10.1.9 release (2021-02-12)
- src/asn1x509.js
- SubjectDirectoryAttributes class added
- Extensions class updated to support
SubjectDirectoryAttributes
- OID class update to support OIDs
such as gender, placeOfBirth et.al. for
SubjectDirectoryAttributes.
- SubjectDirectoryAttributes parser is
needed to be implemented in X509.js future.
- test/qunit-do-asn1x509.html
- updated to follow above
KEYUTIL supports PKCS8 private key with extension
* Changes from 10.1.5 to 10.1.8 release (2021-02-08)
- src/keyutil.js
- KEYUTIL.parsePlainPrivatePKCS8Hex now supports
private key extsion and and issue #454 fixed.
- test/qunit-do-keyutil-eprv.html
- updated to follow above
CAdES-T support update and fix
* Changes from 10.1.4 to 10.1.5 release (2021-01-17)
- tool/tool_cades.html fix (#465)
- now works fine again for CAdES-T demo
- src/asn1cms.js
- SignerInfo class
- unsigned attribute support again
- Attribute class
- add signaturePolicyIdentifier support
- add signatureTimeStamp support
- CMSParser class
- add signaturePolicyIdentifier support
- add setSignaturePolicyIdentifier method
- src/asn1cades.js
- CAdESUtil class
- parseSignedDataForAddingUnsigned modified to use CMSParser
- addSigTS removed since it was empty method
- parseSignerInfoForAddingUnsigned is deprecated since
parseSignedDataForAddingUnsigned will not call it.
- src/crypto.js
- Mac API document fix (#466)
getPKIStatusInfo bugfix
* Changes from 10.1.3 to 10.1.4 release (2020-11-23)
- asn1tsp.js
- TSPParser class
- getPKIStatusInfo out parameter name bugfix
- test/qunit-do-asn1hex.html
- updated to follow above
TSPParser.getPKIStatusInfo update
* Changes from 10.1.2 to 10.1.3 release (2020-11-22)
- asn1tsp.js
- TSPParser class
- getPKIStatusInfo updated to
supports PKIFreeText and PKIFailureInfo
- getPKIFreeText added
- getPKIFailureInfo added
- asn1hex.js
- ASN1HEX class
- getString added
- getInt method updated to supports ASN.1 BitString
- base64x.js
- function bitstrtoint, inttobitstr added
- test/qunit-do-{asn1hex,asn1tsp,base64x}.html
- updated to follow above
add SigningCertificateV2 for CMSParser and issue fix
* Changes from 10.1.1 to 10.1.2 release (2020-11-21)
- src/asn1cms.js
- CMSParser
- getAttribute updated to support
SigningCertificateV2
- add setSigningCertificateV2 method
- add getESSCertIDv2 method
- change sortflag of result parameter to true in
CMSParser.getCertificateSet
- test/qunit-do-asn1cms.html
- updated to follow above
CMSSignedData and TimeStamp parser bugfix
* Changes from 10.1.0 to 10.1.1 release (2020-11-20)
- src/asn1tsp.js
- "serialNumber" parameter was changed to
"serial" in TSTInfo class and TSPParser.getTSTInfo
method.
- src/asn1cms.js
- change method name CMSParser.getAttributeArray to
CMSParser.getAttributeList to align to the name
AttributeList class.
- getAttributeList returns JSON parameter which
can be accepted by AttributeList constructor.
- wrong sighex value for signature value
by getSignerInfo method was fixed.
- test/qunit-do-asn1tsp.html
- updated to follow above
add new CMSSignedData and TimeStamp parser and X500Name update
* Changes from 10.0.5 to 10.1.0 release (2020-11-19)
- add new CMSSignedData and TimeStamp parser
- X500.get{X500Name,GeneralName,GeneralNames} result change
- src/asn1cms.js
- new CMSParser class for CMS SignedData
- get{CMSSignedData,SignedData,HashAlgArray,
EContent,SignerInfos,SignerInfo,SignerIdentifier,
IssuerAndSerialNumber,AttributeArray,
Attribute,ESSCertID,IssuerSerial,CertificateSet}
- set{ContentType,SigningTime,MessageDigest,
SigningCertificate}
- src/asn1tsp.js
- new TSPParser class to parser RFC 3161 TSP protocol
- get{Response,Token,TSTInfo,Accuracy,MessageImprint,
PKIStatusInfo}
- setTSTInfo
- src/asn1.js
- DERObjectIdentifier class update to use new oidtohex
- src/asn1hex.js
- add ASN1HEX.{getInt,getOID,getOIDName}
- src/asn1csr.js
- CSRUtil.getParam result "subject" parameter result is changed
because of X509.getX500Name update.
- src/asn1x509.js
- small update for Time class
- small update for Certificate.sign method
- document fix (issue #463)
- src/base64x.js
- function "oidtohex" and "hextooid" added.
- function "ishex" added
- KJUR.lang.String.isHex now *DEPRECATED*. Please use "ishex".
- src/x509.js
- X509.getX500Name update
- X509.get{Issuer,Subject,GeneralNames,GeneralName}
- add X509.{getX500NameArray,dnarraytostr}
- src/x509crl.js
- X509CRL.getIssuer update for X509.getX500Name update
- test/qunit-do-{asn1tsp,asn1cms,asn1hex,asn1x509-newcert-veri,
base64x,x509-ext,x509crl}.html
- updated to follow above
small issue fixes and updates
* Changes from 10.0.4 to 10.0.5 release
- src/base64x.js
- utf8tob64u, b64utoutf8
replace new Buffer() to Buffer.from() for
Node.JS deprecation (issue #460)
- src/asn1x509.js
- P-256 oid added in OID class (PR #461 #333)
- src/x509.js
- document fix
- tool/tool_csr.html
- update to show ASN.1 dump of CSR
- test/qunit-do-base64x.html, npm/test/t_base64x.js
- update test code to follow above
add methods to modify some extension parameters
* Changes from 10.0.3 to 10.0.4 (2020-Oct-23)
- src/x509.js
- add X509.updateExt{CDPFullURI,AIAOCSP,AIACAIssuer} method
- src/nodeutil.js
- add read{JSON,JSONC},saveJSON,printJSON method added
- jrsasign-util npm package updated
- test/qunit-do-x509-param.html
- updated to follow above
add findExt method in X509 class
* Changes from 10.0.2 to 10.0.3 (2020-Oct-21)
- src/x509.js
- add X509.findExt method
- test/qunit-do-x509-param.html
- updated to follow above
AdobeTimeStamp X.509v3 extension parser bugfix
* Changes from 10.0.1 to 10.0.2 (2020-Oct-14)
- src/x509.js
- X509.getExtAdobeTimeStamp method bugfix
AdobeTimeStamp X.509v3 certificate extension added
* Changes from 10.0.0 to 10.0.1 (2020-Oct-13)
- src/asn1x509.js
- AdobeTimeStamp class added
- add AdobeTimeStamp support in Extension class
- add "adobeTimeStamp" OID in OID class
- src/x509.js
- add getExtAdobeTimeStamp method to X509 class
- add "adobeTimeStamp" support in getExtParam
- src/asn1.js
- DERBoolean add support for "false" value.
- test/qunit-do-{asn1,asn1x509,x509}.html
- updated to follow above
Major update for CMS SigneData TimeStamp and CAdES
* Changes from 9.1.9 to 10.0.0 (2020-Sep-24)
- major update for CMS SignedData related classes
to allow more simple ASN.1 generation
- src/asn1cms.js
- new architecture updates in
SignedData, Attribute
- all implemented Attributes such as
ContentType, SigningTime are also
updated.
- new class added
- ESSCertID
- ESSCertIDv2
- SignerIdentifier
- SubjectKeyIdentifier
- CertificateSet
- RevocationInfoChoices
- RevocationInfoChoice
- OtherRevocationFormat
- following class/methods are now *deprecated*
- CMSUtil.newSignedData
- src/asn1tsp.js
- aligned to new architecture:
- TSTInfo, Accuracy, PKIStatusInfo,
PKIStatus, PKIFreeText, PKIFailureInfo,
- new class added
- TimeStampToken
- following class/methods are now *deprecated*
- SimpleTSAAdapter, FixedTSAAdapter,
TSPUtil.newTimeStampToken
- src/asn1cades.js
- aligned to new architecture
- SignaturePolicyIdentifier, OtherHashAlgAndValue,
SignatureTimeStamp, CompleteCertificateRefs,
OtherCertID, OtherHash
- new class added
- SignaturePolicyId, OtherHashValue
- src/asn1.js
- DERTaggedObject add support for simple
argument for explicit "tage" and implicit "tagi"
- newObject add support for "asn1" property
- DERObjectIdentifier constructor argument
now accepts name and OID. method
setValueNameOrOid added.
- src/x509.js
- X509(certPemOrHex)
X509 class constructor add support for
PEM or hex string of certificate as
argument.
- src/asn1x509.js
- OID class: signaturePolicyIdentifier attribute
OID added.
wrong encoding in CRLReason in OCSP CertStatus fixed
* Changes from 9.1.8 to 9.1.9 (2020-Sep-08)
- src/asn1ocsp.js
- BUGFIX: wrong encoding in CRLeason in OCSP CertStatus fixed
- test/qunit-do-asn1ocsp.html
- follow to above update
wrong encoding in byKey of OCSP ResponderID fixed
* Changes from 9.1.7 to 9.1.8 (2020-Sep-08)
- src/asn1ocsp.js
- BUGFIX: wrong encoding in byKey of OCSP ResponderID fixed
- test/qunit-do-asn1ocsp.html
- follow to above update
nextUpdate encoding bugfix in ocsp SingleResponse
* Changes from 9.1.6 to 9.1.7 (2020-Sep-08)
- src/asn1ocsp.js
- BUGFIX: nextUpdate encoding fix in SingleResponse
- CertStatus document fix
- test/qunit-do-asn1ocsp.html
- follow to above update
add OCSP response and request encoder
* Changes from 9.1.5 to 9.1.6 (2020-Sep-05)
- src/asn1ocsp.js
- OCSPResponse class added
- ResponseBytes class added
- BasicOCSPResponse class added
- ResponseData class added
- ResponderID class added
- SingleResponseList class added
- SingleResponse class added
- CertID class updated
- changed properties to specify
isserNameHash, issuerKeyHash and serialNumber
without backward compatibility
- CertStatus class added
- OCSPParser class added
- only OCSP request parser methods are available
- src/asn1x509.js
- OCSPNonce class OCSP extension added
- OCSPNoCheck class certificate extension added
- Extensios class supports OCSPNonce and OCSPNoCheck
- OID clas supports ocspNonce, ocspNoCheck and ocspBasic
- src/x509.js
- X509.getExtParam supports OCSPNonce and OCSPNoCheck
- X509.getExtOCSPNoCheck added
- X509.getExtOCSPNonce added
- src/asn1.js
- ASN1Object class: add tlv parameter support
- src/asn1hex.js
- ASN1HEX.dump: enable to show tagged primitive
ASN1HEX getChildIdx bug for too many children
* Changes from 9.1.4 to 9.1.5 (2020-Aug-29)
- src/asn1hex.js
- BUGFIX: ASN1HEX.getChildIdx didn't returns
proper result when too many child items
such as over 200 children.
- add ASN1HEX.getTLVblen method
- DEPRECATED: getNextSiblingIdx. Please
use getTLVblen instead.
X509CRL parser revokedCertificate bugfix
* Changes from 9.1.3 to 9.1.4 (2020-Aug-28)
- src/asn1hex.js
- get{Idx,V,TLV}byList return value aligned to
get{Idx,V,TLV}byListEx.
- src/x509crl.js
- BUGFIX: error when nextUpdate exists and
no revokedCertificates
missed to export X509CRL in npm package
* Changes from 9.1.2 to 9.1.3 (2020-Aug-28)
- npm/lib/footer.js
- export X509CRL
- NOTE: only npm package released
add private extension support for Cert CRL and CSR
* Changes from 9.1.1 to 9.1.2 (2020-Aug-27)
- undefined extension regarded as private extesion
in extension parser X509.getExtParam.
Thus certificate, CRL and CSR parser will
not raise error when undefined extension
is parsed.
- src/x509.js
- unknown extension is parsed as
private extension.
- test/qunit-do-{x509-param}.html
- add test case to follow above update
new CRL parser and private extension encoder support
* Changes from 9.1.0 to 9.1.1 (2020-Aug-27)
- add new X509CRL class for CRL parser
- add Certificate, CSR and CRL private extension support
- src/x509crl.js (new)
- X509CRL class
- src/x509.js
- new X509.getExtCRLNumber method for extension parser
- new X509.getExtCRLReason method for extension parser
- new X509.getExtParam method for parsing one extension
- NOTE: not yet support for private extension
- src/asn1x509.js
- Extensions class: add support for private extension
- PrivateExtension class added
- OID.name2oid: add support OID (ex. "1.2.3.4") as argument
- src/asn1csr.js
- CSRUtil.getParam update to support X509.getExtParamArray and
not using X509.parseExt
- src/asn1.js
- getLengthHexFromValue small update for exception
- test/qunit-do-{asn1x509,asn1x509-tbscert,x509}.html
- update to follow above updates
- test/x509csr.html (new)
new CRL APIs and other updates
* Changes from 9.0.3 to 9.1.0 (2020-Aug-24)
- CRL constructor update to align Certificate
class without backward compatibility.
- BUGFIX: SigningCertificate{,V2} encoding bugifx
- src/asn1cms.js
- BUGFIX: SigningCertificate{,V2} encoding have been
missign SEQUENCE. (#448)
- src/asn1csr.js
- CertificationRequestInfo class updated to
new KJUR.asn1.x509.Extension class.
- src/asn1x509.js
- CRL and TBSCertList class constructor have
been updated to align Certificate and
CertificationRequestInfo style in 9.0.0
without backward compatibility.
- this update makes more extension and
entry extension support in the future.
- CRLEntry class is *deprecated* since
no more used in updated TBSCertList.
- new CRLNumber extension class added
- new CRLReason entry extension class added
- OID class updated to support
cRLNumber and cRLReason oids
- TBSCertificate.getExtDERSequence method
was moved to new Extensions class.
- ASN1HEX.dump updated to support ENUMERATED
- test/qunit-do-{asn1cms,asn1tsp,asn1x509-tbscert,
asn1x509} updated to follow above updates.
TimeStampToken ASN.1 encoding error fix
* Changes from 9.0.2 to 9.0.3 (2020-Aug-22)
- BUGFIX: tsa field of TSTInfo was not encoded properly. (#450)
- BUGFIX: CMSSignedData version of TimestampToken was not 3. (#448)
- src/asn1tsp.js
- TSTInfo tsa field fix
- TSTUtil.newTimeStampToken method to set
CMSVersion 3.