XML Security Library

XML Security Library is a C library based on LibXML2. The library supports major XML security standards:

• XML Signature
• XML Encryption
• Canonical XML (part of the LibXML2)
• Exclusive Canonical XML (part of the LibXML2)

XML Security Library is released under the MIT Licence see the Copyright file in the distribution for details.

News

• October 23 2018
  The XML Security Library 1.2.27 release includes the following changes:
  • Added AES-GCM support for OpenSSL and MSCNG (snargit).
  • Added DSA-SHA256 and ECDSA-SHA384 support for NSS (vmiklos).
  • Added RSA-OAEP support for MSCNG (vmiklos).
  • Continuous build integration in Travis and Appveyor.
  • Several other small fixes (more details).


• June 5 2018
  The XML Security Library 1.2.26 release includes the following changes:
  • Added xmlsec-mscng module based on Microsoft Cryptography API: Next Generation (vmiklos).
  • Added support for GOST 2012 and fixed CryptoPro CSP provider for GOST R 34.10-2001 in xmlsec-mscrypto (ipechorin).
  • Added LibreSSL 2.7 support (vishwin).
  • Upgraded documentation build process to support the latest gtk-doc.
  • Several other small fixes (more details).


• September 12 2017
  The XML Security Library 1.2.25 release includes the following changes:
  • Removed OpenSSL 0.9.8 support and several previously deprecated functions.
  • Added SHA224 support for xmlsec-nss (vmiklos).
  • Added configurable default linefeed for xmltree module (pablogallardo).
  • Several other small fixes (more details).


• April 20 2017
  The XML Security Library 1.2.24 release includes the following changes:
  • Added ECDSA-SHA1, ECDSA-SHA256, ECDSA-SHA512 support for xmlsec-nss (vmiklos).
  • Fixed XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS handling (vmiklos).
  • Disabled external entities loading by xmlsec utility app by default to prevent XXE attacks (d-hat).
  • Improved OpenSSL version and features detection.
  • Cleaned up, simplified, and standardized internal error reporting.
  • Fixed a few Coverity-discovered bugs (report).
  • Marked as deprecated all the functions in xmlsec/soap.h file and a couple other functions no longer required by xmlsec. These functions will be removed in the future releases.
  • Several other small fixes (more details).
  Please note that OpenSSL 0.9.8 support will be removed in the next release of XMLSec library.


• October 16 2016
  The XML Security Library 1.2.23 release includes the following changes:
  • Full support for OpenSSL 1.1.0.
  • Several other small fixes (more details).