Developer's Guide
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
Release Notes
==========================================================================
RELEASE NOTES FOR
The SKC Toolkit (Version 2015.1.14795)
Copyright 2004-2015 P6R Inc.
==========================================================================
==========================================================================
Contact Information
==========================================================================
* Sales 1.888.452.2580 (USA)
* Fax 1.831.476.7490
* Web https://www.p6r.com
* Technical Support https://support.p6r.com
* Blog https://www.p6r.com/articles/
==========================================================================
Known Issues
==========================================================================
Openssl
~~~~~~~~~~~~~~~~~
This software has been compiled against OpenSSL 1.x.x releases.
If you require compatability with a different version of OpenSSL
please let us know. Also depending on how your version of OpenSSL
was compiled, it may not contain all the symbols used by this
software. If you run into undefined symbol errors, please let us
know and we can provide you a build that will be compatible with
your specific options.
==========================================================================
Change Log
==========================================================================
- bugfix
+ feature addition
* improved/changed feature
! removed/depricated feature
2015.1.14795
- (linux) Fixed a problem in the example makefiles that caused the
wrong calling convention to be used on 32bit platforms resulting in
the example crashing.
- (UEFI) Fixed Release UEFI build is throwing warnings about /Ob21s
being an invalid compiler option
- (UEFI) Fixed UEFI unit test fails testing KMIP decoder with "UNIQUE
ID NOT FOUND"
+ Added flag to ensure interoperation with KMIP servers that have a
bug properly reading out of a network socket.
+ Added TTLV logging before only had XML, JSON or just a simple dump
of the entire binary message with no parsing.
* Updated documentation for building examples to include 64bit.
2015.1.14630
- Added missing file SkcPkg.dec for UEFI platforms.
- Updated the file comment to be correct for KMIP example 14
- Corrected the link order of libraries in some example Makefiles
- Removed support for SSLv2 since it is vulnerable and many platforms
are now shipping with openSSL versions that have this support
compiled out. Specify P6SSF_METHOD_SSLV2 for a connection is
synonymous with P6SSF_METHOD_NEGOTIATE.
! Removed Solaris makefiles from the examples.
2015.1.14544
- Supports PKCS 11 reset token allowing easy linking of KMIP
credentials via the use of the keystore link capability
- KMIP server side Notify and Put responses needs an empty payload
rather than return no payload.
- Fixed an issue where the loader would needlessly read from
/dev/random on startup causing large delays on low entropy systems
(VMs).
+ Added support for Attestation to the API which was added fully in
KMIP 1.2.
+ Added support allowing KMIP client to get any Key or certificate as
a binary blob format.
+ Added SuiteB support.
+ Added limited UEFI platform support. A library providing support
for accessing the low-level KMIP TTLV encoder/decoder interfaces is
provided and linkable with native PE format UEFI drivers and
applications. byte-code format is not supported.
+ Added support for Elliptical Curve Private Keys to support SuiteB
crypto.
+ Added full support for KMIP 1.3 streaming Encryption and Hashing.
+ Add support for importing PEM encoded SSL credentials into the
keystore. Keys and certs are automatically placed in the correct
namespaces, using the correct keys so that the SSL network layer
will automatically find them. Import from file and buffer is
supported. The new interface is named p6IKeystoreSSL.
1.2.0.13950
- Fixed interface leak in the p6IMempool component.
- Fixed minor issue in key store that prevented updating a Key's meta
data.
- Simple memory leak error in database layer fixed.
- Fixed the "deprecated conversion from string constant" compiler
warning in the ex-kmip1-1.cpp example.
- Passing back more Sqlite error codes from database layer.
- Fixed small bug in database component where an error code was being
over ridden by another function.
- KMIP Server properly generates a response with unique batch id from
the request if present.
- KMIP 1.3: KMIP server missing HTTP status line for HTTPS response,
now returns HTTP/1.0 200 OK as is required by the protocol.
- EC keys not being loaded properly from file or keystore.
- Several XML value equivalent of TTLV constants where done
improperly. All XML values have been verified.
- Fix an issue where the timeout value in conditional variables was
not calculated correctly on non-windows platforms.
- Fixed a problem with timeout not being calculated correct on
Solaris in the waitTimed() method of p6ICondvar
- Fixed interface leak in p6IKeystore::setKey()
? replaceChildAt XML node function was not in use and incorrectly
implemented has been depreciated and now does nothing.
+ New methods added to p6ITcpSecureSocket that allow the peer
certificate and certificate chain for the current SSL connection to
be retrieved. As well as method to provision
a keystore with the current connection remote root certificate.
+ Added support for Elliptic Curve keys and Suite B via customer
provided OpenSSL.
+ (KMIP 1.3) Provide experimental KMIP 1.3 functionality: streaming
crypto operations, Query extensions, Server to client Query
operation, and extension to the locate operation.
+ Allow an application to modify the KMIP protocol version in effect
after initialization. This way a client can default to a low
protocol version then execute discoverVersions() getting the
server's supported versions. Then the client can reset the KMIP
protocol to use on the existing TLS session.
+ KMIP users may want to cache symmetric keys obtained from KMIP into
our keystore. To be able to do this we need to be able to load a
key without a pre-defined IV.
+ Added a new runtime function named getCryptoProviderVersion() to
retrieve a string describing the version of underlying crypto
provider (eg. "OpenSSL 1.0.1g 7 Apr 2014"). Documenation can be
found in p6runtimeapi.h.
+ (KMIP 1.3) Added KMIP 1.3 streaming to all crypto functions
including Hash.
+ OpenSSL is not longer provided as part of the SKC Toolkit.
Customers must have OpenSSL pre-installed and functional in order
to use SKC. If OpenSSL is installed in a non-standard location on
*nix machines, then the LD_LIBRARY_PATH environment variable must
be set and include the path where the OpenSSL DLLs are located.
This version of SKC is compatible with all OpenSSL versions 1.0.x.
* Renamed the P6SSF_METHOD_SSLV23 flag to P6SSF_METHOD_NEGOTIATE to
make it's intended action more obvious.
1.1.0.13094
- Fixed conditional variables incorrectly calculating the timeout value.
- Fixed an exception in the reuglar expression engine.
- Fixed a reference counting issue in p6IDir relating to directory
enumeration.
- Fixed and issue on windows platforms where network code could
return incorrent errors.
- Updated copyright in documentation.
- Fix release notes not displaying properly in html documentation.
- Fix broken knowledgebase link in documentation.
- Fix for JSON parsing not properly un-escaping "\\".
- Fix reference counting issue with p6IDOMXML::replaceChildAt().
- Fix issue with public and private keys using the same GUID in
p6ICryptoKey component.
- Fixed p6ISocketOptions::soLinger() not correctly setting linger time.
- Fixed memory leak in several KMIP enumerators
- Fixed signature sealing the key material to meta data did not include
the assigned UUID.
+ Updated sqlite to 3.8.4.1.
+ Updated openSSL to 1.0.1g.
+ Updated postgresql client library to 9.3.4
+ Updated zlib to 1.2.8
+ Improved binary logging of KMIP messages.
+ Added ability to link items in the keystore together, and query for linked item.
+ Added 64bit support.
+ Added experimental support for KMIP put and notify.
+ Added 6 new KMIP examples.
1.0.2.12459
- Change registry file layout to per DLL, allowing
components to be added without having to edit
the component registry file.
- Fixed a crash in the kmip example code.
- Added threading support to p6loader.
- Added multi-threaded priority queue to the p6loader.
1.0.1.12003
- Fixed a crash when calling loader function prior to call p6InitializeLoader().
1.0.0.11921
Initial Public Release.
==========================================================================
Notices
==========================================================================
SKC, P6R and "Project 6 Research" are trademarks of P6R Inc. All other
products, brands and company names referred to here are used for
identification purposes and are the property of their respective
trademark holders.