1 |
3a515b92
|
cagy
|
Forge ChangeLog
|
2 |
|
|
===============
|
3 |
|
|
|
4 |
|
|
## 0.9.0 - 2019-09-04
|
5 |
|
|
|
6 |
|
|
### Added
|
7 |
|
|
- Add ed25519.publicKeyFromAsn1 and ed25519.privateKeyFromAsn1 APIs.
|
8 |
|
|
- A few OIDs used in EV certs.
|
9 |
|
|
|
10 |
|
|
### Fixed
|
11 |
|
|
- Improve ed25519 NativeBuffer check.
|
12 |
|
|
|
13 |
|
|
## 0.8.5 - 2019-06-18
|
14 |
|
|
|
15 |
|
|
### Fixed
|
16 |
|
|
- Remove use of `const`.
|
17 |
|
|
|
18 |
|
|
## 0.8.4 - 2019-05-22
|
19 |
|
|
|
20 |
|
|
### Changed
|
21 |
|
|
- Replace all instances of Node.js `new Buffer` with `Buffer.from` and `Buffer.alloc`.
|
22 |
|
|
|
23 |
|
|
## 0.8.3 - 2019-05-15
|
24 |
|
|
|
25 |
|
|
### Fixed
|
26 |
|
|
- Use basic character set for code.
|
27 |
|
|
|
28 |
|
|
## 0.8.2 - 2019-03-18
|
29 |
|
|
|
30 |
|
|
### Fixed
|
31 |
|
|
- Fix tag calculation when continuing an AES-GCM block.
|
32 |
|
|
|
33 |
|
|
### Changed
|
34 |
|
|
- Switch to eslint.
|
35 |
|
|
|
36 |
|
|
## 0.8.1 - 2019-02-23
|
37 |
|
|
|
38 |
|
|
### Fixed
|
39 |
|
|
- Fix off-by-1 bug with kem random generation.
|
40 |
|
|
|
41 |
|
|
## 0.8.0 - 2019-01-31
|
42 |
|
|
|
43 |
|
|
### Fixed
|
44 |
|
|
- Handle creation of certificates with `notBefore` and `notAfter` dates less
|
45 |
|
|
than Jan 1, 1950 or greater than or equal to Jan 1, 2050.
|
46 |
|
|
|
47 |
|
|
### Added
|
48 |
|
|
- Add OID 2.5.4.13 "description".
|
49 |
|
|
- Add OID 2.16.840.1.113730.1.13 "nsComment".
|
50 |
|
|
- Also handle extension when creating a certificate.
|
51 |
|
|
- `pki.verifyCertificateChain`:
|
52 |
|
|
- Add `validityCheckDate` option to allow checking the certificate validity
|
53 |
|
|
period against an arbitrary `Date` or `null` for no check at all. The
|
54 |
|
|
current date is used by default.
|
55 |
|
|
- `tls.createConnection`:
|
56 |
|
|
- Add `verifyOptions` option that passes through to
|
57 |
|
|
`pki.verifyCertificateChain`. Can be used for the above `validityCheckDate`
|
58 |
|
|
option.
|
59 |
|
|
|
60 |
|
|
### Changed
|
61 |
|
|
- Support WebCrypto API in web workers.
|
62 |
|
|
- `rsa.generateKeyPair`:
|
63 |
|
|
- Use `crypto.generateKeyPair`/`crypto.generateKeyPairSync` on Node.js if
|
64 |
|
|
available (10.12.0+) and not in pure JS mode.
|
65 |
|
|
- Use JS fallback in `rsa.generateKeyPair` if `prng` option specified since
|
66 |
|
|
this isn't supported by current native APIs.
|
67 |
|
|
- Only run key generation comparison tests if keys will be deterministic.
|
68 |
|
|
- PhantomJS is deprecated, now using Headless Chrome with Karma.
|
69 |
|
|
- **Note**: Using Headless Chrome vs PhantomJS may cause newer JS features to
|
70 |
|
|
slip into releases without proper support for older runtimes and browsers.
|
71 |
|
|
Please report such issues and they will be addressed.
|
72 |
|
|
- `pki.verifyCertificateChain`:
|
73 |
|
|
- Signature changed to `(caStore, chain, options)`. Older `(caStore, chain,
|
74 |
|
|
verify)` signature is still supported. New style is to to pass in a
|
75 |
|
|
`verify` option.
|
76 |
|
|
|
77 |
|
|
## 0.7.6 - 2018-08-14
|
78 |
|
|
|
79 |
|
|
### Added
|
80 |
|
|
- Test on Node.js 10.x.
|
81 |
|
|
- Support for PKCS#7 detached signatures.
|
82 |
|
|
|
83 |
|
|
### Changed
|
84 |
|
|
- Improve webpack/browser detection.
|
85 |
|
|
|
86 |
|
|
## 0.7.5 - 2018-03-30
|
87 |
|
|
|
88 |
|
|
### Fixed
|
89 |
|
|
- Remove use of `const`.
|
90 |
|
|
|
91 |
|
|
## 0.7.4 - 2018-03-07
|
92 |
|
|
|
93 |
|
|
### Fixed
|
94 |
|
|
- Potential regex denial of service in form.js.
|
95 |
|
|
|
96 |
|
|
### Added
|
97 |
|
|
- Support for ED25519.
|
98 |
|
|
- Support for baseN/base58.
|
99 |
|
|
|
100 |
|
|
## 0.7.3 - 2018-03-05
|
101 |
|
|
|
102 |
|
|
- Re-publish with npm 5.6.0 due to file timestamp issues.
|
103 |
|
|
|
104 |
|
|
## 0.7.2 - 2018-02-27
|
105 |
|
|
|
106 |
|
|
### Added
|
107 |
|
|
- Support verification of SHA-384 certificates.
|
108 |
|
|
- `1.2.840.10040.4.3'`/`dsa-with-sha1` OID.
|
109 |
|
|
|
110 |
|
|
### Fixed
|
111 |
|
|
- Support importing PKCS#7 data with no certificates. RFC 2315 sec 9.1 states
|
112 |
|
|
certificates are optional.
|
113 |
|
|
- `asn1.equals` loop bug.
|
114 |
|
|
- Fortuna implementation bugs.
|
115 |
|
|
|
116 |
|
|
## 0.7.1 - 2017-03-27
|
117 |
|
|
|
118 |
|
|
### Fixed
|
119 |
|
|
|
120 |
|
|
- Fix digestLength for hashes based on SHA-512.
|
121 |
|
|
|
122 |
|
|
## 0.7.0 - 2017-02-07
|
123 |
|
|
|
124 |
|
|
### Fixed
|
125 |
|
|
|
126 |
|
|
- Fix test looping bugs so all tests are run.
|
127 |
|
|
- Improved ASN.1 parsing. Many failure cases eliminated. More sanity checks.
|
128 |
|
|
Better behavior in default mode of parsing BIT STRINGs. Better handling of
|
129 |
|
|
parsed BIT STRINGs in `toDer()`. More tests.
|
130 |
|
|
- Improve X.509 BIT STRING handling by using new capture modes.
|
131 |
|
|
|
132 |
|
|
### Changed
|
133 |
|
|
|
134 |
|
|
- Major refactor to use CommonJS plus a browser build system.
|
135 |
|
|
- Updated tests, examples, docs.
|
136 |
|
|
- Updated dependencies.
|
137 |
|
|
- Updated flash build system.
|
138 |
|
|
- Improve OID mapping code.
|
139 |
|
|
- Change test servers from Python to JavaScript.
|
140 |
|
|
- Improve PhantomJS support.
|
141 |
|
|
- Move Bower/bundle support to
|
142 |
|
|
[forge-dist](https://github.com/digitalbazaar/forge-dist).
|
143 |
|
|
- **BREAKING**: Require minimal digest algorithm dependencies from individual
|
144 |
|
|
modules.
|
145 |
|
|
- Enforce currently supported bit param values for byte buffer access. May be
|
146 |
|
|
**BREAKING** for code that depended on unspecified and/or incorrect behavior.
|
147 |
|
|
- Improve `asn1.prettyPrint()` BIT STRING display.
|
148 |
|
|
|
149 |
|
|
### Added
|
150 |
|
|
|
151 |
|
|
- webpack bundler support via `npm run build`:
|
152 |
|
|
- Builds `.js`, `.min.js`, and basic sourcemaps.
|
153 |
|
|
- Basic build: `forge.js`.
|
154 |
|
|
- Build with extra utils and networking support: `forge.all.js`.
|
155 |
|
|
- Build WebWorker support: `prime.worker.js`.
|
156 |
|
|
- Browserify support in package.json.
|
157 |
|
|
- Karma browser testing.
|
158 |
|
|
- `forge.options` field.
|
159 |
|
|
- `forge.options.usePureJavaScript` flag.
|
160 |
|
|
- `forge.util.isNodejs` flag (used to select "native" APIs).
|
161 |
|
|
- Run PhantomJS tests in Travis-CI.
|
162 |
|
|
- Add "Donations" section to README.
|
163 |
|
|
- Add IRC to "Contact" section of README.
|
164 |
|
|
- Add "Security Considerations" section to README.
|
165 |
|
|
- Add pbkdf2 usePureJavaScript test.
|
166 |
|
|
- Add rsa.generateKeyPair async and usePureJavaScript tests.
|
167 |
|
|
- Add .editorconfig support.
|
168 |
|
|
- Add `md.all.js` which includes all digest algorithms.
|
169 |
|
|
- Add asn1 `equals()` and `copy()`.
|
170 |
|
|
- Add asn1 `validate()` capture options for BIT STRING contents and value.
|
171 |
|
|
|
172 |
|
|
### Removed
|
173 |
|
|
|
174 |
|
|
- **BREAKING**: Can no longer call `forge({...})` to create new instances.
|
175 |
|
|
- Remove a large amount of old cruft.
|
176 |
|
|
|
177 |
|
|
### Migration from 0.6.x to 0.7.x
|
178 |
|
|
|
179 |
|
|
- (all) If you used the feature to create a new forge instance with new
|
180 |
|
|
configuration options you will need to rework your code. That ability has
|
181 |
|
|
been removed due to implementation complexity. The main rare use was to set
|
182 |
|
|
the option to use pure JavaScript. That is now available as a library global
|
183 |
|
|
flag `forge.options.usePureJavaScript`.
|
184 |
|
|
- (npm,bower) If you used the default main file there is little to nothing to
|
185 |
|
|
change.
|
186 |
|
|
- (npm) If you accessed a sub-resource like `forge/js/pki` you should either
|
187 |
|
|
switch to just using the main `forge` and access `forge.pki` or update to
|
188 |
|
|
`forge/lib/pki`.
|
189 |
|
|
- (bower) If you used a sub-resource like `forge/js/pki` you should switch to
|
190 |
|
|
just using `forge` and access `forge.pki`. The bower release bundles
|
191 |
|
|
everything in one minified file.
|
192 |
|
|
- (bower) A configured workerScript like
|
193 |
|
|
`/bower_components/forge/js/prime.worker.js` will need to change to
|
194 |
|
|
`/bower_components/forge/dist/prime.worker.min.js`.
|
195 |
|
|
- (all) If you used the networking support or flash socket support, you will
|
196 |
|
|
need to use a custom build and/or adjust where files are loaded from. This
|
197 |
|
|
functionality is not included in the bower distribution by default and is
|
198 |
|
|
also now in a different directory.
|
199 |
|
|
- (all) The library should now directly support building custom bundles with
|
200 |
|
|
webpack, browserify, or similar.
|
201 |
|
|
- (all) If building a custom bundle ensure the correct dependencies are
|
202 |
|
|
included. In particular, note there is now a `md.all.js` file to include all
|
203 |
|
|
digest algorithms. Individual files limit what they include by default to
|
204 |
|
|
allow smaller custom builds. For instance, `pbdkf2.js` has a `sha1` default
|
205 |
|
|
but does not include any algorithm files by default. This allows the
|
206 |
|
|
possibility to include only `sha256` without the overhead of `sha1` and
|
207 |
|
|
`sha512`.
|
208 |
|
|
|
209 |
|
|
### Notes
|
210 |
|
|
|
211 |
|
|
- This major update requires updating the version to 0.7.x. The existing
|
212 |
|
|
work-in-progress "0.7.x" branch will be painfully rebased on top of this new
|
213 |
|
|
0.7.x and moved forward to 0.8.x or later as needed.
|
214 |
|
|
- 0.7.x is a start of simplifying forge based on common issues and what has
|
215 |
|
|
appeared to be the most common usage. Please file issues with feedback if the
|
216 |
|
|
changes are problematic for your use cases.
|
217 |
|
|
|
218 |
|
|
## 0.6.x - 2016 and earlier
|
219 |
|
|
|
220 |
|
|
- See Git commit log or https://github.com/digitalbazaar/forge.
|