Releases: OpenSC/OpenSC
Releases · OpenSC/OpenSC
OpenSC 0.23.0
New in 0.23.0; 2022-11-29
General improvements
- Support signing of data with a length of more than 512 bytes (#2314)
- By default, disable support for old card drivers (#2391) and remove support for old drivers MioCOS and JCOP (#2374)
- Bump minimal required OpenSSL version to 1.1.1 and add support for OpenSSL 3.0 (#2438, #2506)
- Compatibility with LibreSSL (#2495, #2595)
- Remove support for DSA (#2503)
- Extend p11test to support symmetric keys (#2430)
- Notice detached reader on macOS (#2418)
- Support for OAEP padding (#2475, #2484)
- Fix for PSS salt length (#2478)
- Improve fuzzing by adding new tests (#2417, #2500, #2520, #2550, #2637)
- Fixed various issues reported by OSS-Fuzz and Coverity regarding card drivers, PKCS#11 and PKCS#15 init
- Fix issues with OpenPACE (#2472)
- Containers support for local testing
- Add support for encryption and decryption using symmetric keys (#2473, #2607)
- Stop building support for Gost algorithms with OpenSSL 3.0 as they require deprecated API (#2586)
- Fix detection of disconnected readers in PCSC (#2600)
- Add configuration option for on-disk caching of private data (#2588)
- Skip building empty binaries when dependencies are missing and remove needless linking (#2617)
- Define arm64 as a supported architecture in the Installer package (#2610)
PKCS#11
- Implement
C_CreateObjectfor EC keys and fix signature verification forCKM_ECDSA_SHAxcards (#2420)
pkcs11-tool
- Add more elliptic curves (#2301)
- Add support for symmetric encrypt and decrypt, wrap and unwrap operations, and initialization vector (#2268)
- Fix consistent handling of secret key attributes (#2497)
- Add support for signing and verifying with HMAC (#2385)
- Add support for SHA3 (#2467)
- Make object selectable via label (#2570)
- Do not require an R/W session for some operations and add
--session-rwoption (#2579) - Print more information: CKA_UNIQUE_ID attribute, SHA3 HMACs and serial number for certificates (#2644, #2643, #2641)
- Add new option --undestroyable to create keys with CKA_DESTROYABLE=FALSE (#2645)
sc-hsm-tool
- Add options for public key authentication (#2301)
Minidriver
- Fix reinit of the card (#2525)
- Add an entry for Italian CNS (e) (#2548)
- Fix detection of ECC mechanisms (#2523)
- Fix ATRs before adding them to the windows registry (#2628)
NQ-Applet
- Add support for the JCOP4 Cards with NQ-Applet (#2425)
ItaCNS
- Add support for ItaCMS v1.1 (key length 2048) (#2371)
Belpic
- Add support for applet v1.8 (#2455)
Starcos
ePass2003
- Fix PKCS#15 initialization (#2403)
- Add support for FIPS (#2543)
- Fix matching with newer versions and tokens initialized with OpenSC (#2575)
MyEID
GIDS
- Fix decipher for TPM (#1881)
OpenPGP
- Get the list of supported algorithms from algorithm information on the card (#2287)
- Support for 3 certificates with OpenPGP 3+ (#2103)
nPA
- Fix card detection (#2463)
Rutoken
- Fix formatting rtecp cards (#2599)
PIV
- Add new PIVKey ATRs for current cards (#2602)
0.23.0-rc2
New in 0.23.0; 2022-11-09
General improvements
- Support signing of data with a length of more than 512 bytes (#2314)
- By default, disable support for old card drivers (#2391) and remove support for old drivers MioCOS and JCOP (#2374)
- Bump minimal required OpenSSL version to 1.1.1 and add support for OpenSSL 3.0 (#2438, #2506)
- Compatibility with LibreSSL (#2495, #2595)
- Remove support for DSA (#2503)
- Extend p11test to support symmetric keys (#2430)
- Notice detached reader on macOS (#2418)
- Support for OAEP padding (#2475, #2484)
- Fix for PSS salt length (#2478)
- Improve fuzzing by adding new tests (#2417, #2500, #2520, #2550)
- Fixed various issues reported by OSS-Fuzz and Coverity regarding card drivers, PKCS#11 and PKCS#15 init
- Fix issues with OpenPACE (#2472)
- Containers support for local testing
- Add support for encryption using symmetric keys (#2473)
- Stop building support for Gost algorithms with OpenSSL 3.0 as they require deprecated API (#2586)
- Fix detection of disconnected readers in PCSC (#2600)
- Add configuration option for on-disk caching of private data (#2588)
- Skip building empty binaries when dependencies are missing and remove needless linking (#2617)
- Define arm64 as a supported architecture in the Installer package (#2610)
PKCS#11
- Implement
C_CreateObjectfor EC keys and fix signature verification forCKM_ECDSA_SHAxcards (#2420)
pkcs11-tool
- Add more elliptic curves (#2301)
- Add support for symmetric encrypt and decrypt, wrap and unwrap operations, and initialization vector (#2268)
- Fix consistent handling of secret key attributes (#2497)
- Add support for signing and verifying with HMAC (#2385)
- Add support for SHA3 (#2467)
- Make object selectable via label (#2570)
- Do not require an R/W session for some operations and add
--session-rwoption (#2579)
sc-hsm-tool
- Add options for public key authentication (#2301)
Minidriver
- Fix reinit of the card (#2525)
- Add an entry for Italian CNS (e) (#2548)
- Fix detection of ECC mechanisms (#2523)
- Fix ATRs before adding them to the windows registry (#2628)
NQ-Applet
- Add support for the JCOP4 Cards with NQ-Applet (#2425)
ItaCNS
- Add support for ItaCMS v1.1 (key length 2048) (#2371)
Belpic
- Add support for applet v1.8 (#2455)
Starcos
ePass2003
- Fix PKCS#15 initialization (#2403)
- Add support for FIPS (#2543)
- Fix matching with newer versions and tokens initialized with OpenSC (#2575)
MyEID
- Support logout operation (#2557)
GIDS
- Fix decipher for TPM (#1881)
OpenPGP
- Get the list of supported algorithms from algorithm information on the card (#2287)
nPA
- Fix card detection (#2463)
Rutoken
- Fix formatting rtecp cards (#2599)
PIV
- Add new PIVKey ATRs for current cards (#2602)
0.23.0-rc1
New in 0.23.0; 2022-10-11
General improvements
- Support signing of data with a length of more than 512 bytes (#2314)
- By default, disable support for old card drivers (#2391) and remove support for old drivers MioCOS and JCOP (#2374)
- Bump minimal required OpenSSL version to 1.1.1 and add support for OpenSSL 3.0 (#2438, #2506)
- Compatibility with LibreSSL (#2495, #2595)
- Remove support for DSA (#2503)
- Extend p11test to support symmetric keys (#2430)
- Notice detached reader on macOS (#2418)
- Support for OAEP padding (#2475, #2484)
- Fix for PSS salt length (#2478)
- Improve fuzzing by adding new tests (#2417, #2500, #2520, #2550)
- Fixed various issues reported by OSS-Fuzz and Coverity regarding card drivers, PKCS#11 and PKCS#15 init
- Fix issues with OpenPACE (#2472)
- Containers support for local testing
- Add support for encryption using symmetric keys (#2473)
- Stop building support for Gost algorithms with OpenSSL 3.0 as they require deprecated API (#2586)
- Fix detection of disconnected readers in PCSC (#2600)
- Add configuration option for on-disk caching of private data (#2588)
PKCS#11
- Implement
C_CreateObjectfor EC keys and fix signature verification forCKM_ECDSA_SHAxcards (#2420)
pkcs11-tool
- Add more elliptic curves (#2301)
- Add support for symmetric encrypt and decrypt, wrap and unwrap operations, and initialization vector (#2268)
- Fix consistent handling of secret key attributes (#2497)
- Add support for signing and verifying with HMAC (#2385)
- Add support for SHA3 (#2467)
- Make object selectable via label (#2570)
- Do not require an R/W session for some operations and add
--session-rwoption (#2579)
sc-hsm-tool
- Add options for public key authentication (#2301)
Minidriver
- Fix reinit of the card (#2525)
- Add an entry for Italian CNS (e) (#2548)
- Fix detection of ECC mechanisms (#2523)
NQ-Applet
- Add support for the JCOP4 Cards with NQ-Applet (#2425)
ItaCNS
- Add support for ItaCMS v1.1 (key length 2048) (#2371)
Belpic
- Add support for applet v1.8 (#2455)
Starcos
ePass2003
- Fix PKCS#15 initialization (#2403)
- Add support for FIPS (#2543)
- Fix matching with newer versions and tokens initialized with OpenSC (#2575)
MyEID
- Support logout operation (#2557)
GIDS
- Fix decipher for TPM (#1881)
OpenPGP
- Get the list of supported algorithms from algorithm information on the card (#2287)
nPA
- Fix card detection (#2463)
Rutoken
- Fix formatting rtecp cards (#2599)
PIV
- Add new PIVKey ATRs for current cards (#2602)
OpenSC-0.22.0
General improvements
- Use standard paths for file cache on Linux (#2148) and OSX (#2214)
- Various issues of memory/buffer handling in legacy drivers mostly reported by oss-fuzz and coverity (tcos, oberthur, isoapplet, iasecc, westcos, gpk, flex, dnie, mcrd, authentic, belpic)
- Add threading test to
pkcs11-tool(#2067) - Add support to generate generic secret keys (#2140)
opensc-explorer: Print information about LCS (Life cycle status byte) (#2195)- Add support for Apple's arm64 (M1) binaries, removed TokenD. A seperate installer with TokenD (and without arm64 binaries) will be available (#2179).
- Support for gcc11 and its new strict aliasing rules (#2241, #2260)
- Initial support for building with OpenSSL 3.0 (#2343)
- pkcs15-tool: Write data objects in binary mode (#2324)
- Avoid limited size of log messages (#2352)
PKCS#11
- Support for ECDSA verification (#2211)
- Support for ECDSA with different SHA hashes (#2190)
- Prevent issues in p11-kit by not returning unexpected return codes (#2207)
- Add support for PKCS#11 3.0: The new interfaces, profile objects and functions (#2096, #2293)
- Standardize the version 2 on 2.20 in the code (#2096)
- Fix CKA_MODIFIABLE and CKA_EXTRACTABLE (#2176)
- Copy arguments of C_Initialize (#2350)
Minidriver
- Fix RSA-PSS signing (#2234)
OpenPGP
IDPrime
- Add support for applet version 3 and fix RSA-PSS mechanisms (#2205)
- Add support for applet version 4 (#2332)
MyEID
- New configuration option for opensc.conf to disable pkcs1_padding (#2193)
- Add support for ECDSA with different hashes (#2190)
- Enable more mechanisms (#2178)
- Fixed asking for a user pin when formatting a card (#1737)
IAS/ECC
- Added support for French CPx Healthcare cards (#2217)
CardOS
- Added ATR for new CardOS 5.4 version (#2296)
OpenSC-0.22.0-rc2
OpenSC-0.22.0-rc1
OpenSC-0.21.0
General Improvements
- fixed security problems
- Bump minimal required OpenSSL version to 1.0.1 (#1658)
- Implement basic unit tests for asn1 library, compression and simpletlv parser (#1830)
- Allow generating code coverage
- Improve fuzzing by providing corpus from real cards (#1830)
- Implement support for OAEP encryption
- New separate debug level for PIN commands (d06f23e)
- Fix handling of card/reader insertion/removal events in pcscd
- Many bugfixes reported by oss-fuzz, coverity and lgtm.com
- Fixes of removed readers handling (#1970)
- Fix Firefox crash because of invalid pcsc context (#2077)
PKCS#11
- Return CKR_TOKEN_NOT_RECOGNIZED for not recognized cards (#2030)
- Propagate ignore_user_content to PKCS#11 layer not to confuse applications (#2040)
Minidriver
- Fix check of ATR length (2-to 33 characters inclusive) (#2146)
MacOS
- Add installer signing for PR and master
- Avoid app bundle relocations after installation
- Move OpenSC to MacOS Utilities folder (#2063)
OpenSC tools
pkcs11-tool
- Make SHA256 default for OAEP encryption
- pkcs11-tool: allow using SW tokens (#2113)
opensc-explorer
OpenPGP
- Add new ec curves supported by GNUK (#1853)
- First steps supporting OpenPGP 3.4
- Add support for EC key import (#1821)
Rutoken
- Add ATR for Rutoken ECP SC NFC (#2122)
CardOS
- Improve detection of various CardOS 5 configurations (#1987)
DNIe
- Add new DNIe CA structure for the secure channel (#2109)
ePass2003
IAS-ECC (#2070):
- Fixed support for Idemia Cosmo cards with AWP middleware interoperability (previously broken).
- Added support for Idemia Cosmo v8 cards.
- PIN padding settings are now used from PKCS#15 info when available.
- Added PIN-pad support for PIN unblock.
IDPrime
- New driver for Gemalto IDPrime (only some types) (#1772)
eDo
- New driver with initial support for Polish eID card (e-dowód, eDO) (#2023)
MCRD
- Remove unused and broken RSA EstEID support (#2095)
TCOS
- Add missing encryption certificates (#2083)
PIV
CAC1
- Support changing PIN with CAC Alt tokens (#2129)
OpenSC-0.21.0-rc2
RC 2 of 0.21.0
OpenSC-0.21.0-rc1
RC 1 of 0.21.0
OpenSC-0.20.0
General Improvements
- fixed security problems
- Support RSA-PSS signature mechanisms using RSA-RAW (#1435)
- Added memory locking for secrets (#1491)
- added support for terminal colors (#1534)
- PC/SC driver: Fixed error handling in case of changing (#1537) or removing the card reader (#1615)
- macOS installer
- Configuration
- Build Environment
- Bump openssl requirement to 0.9.8 (##1459)
- Added support for fuzzing with AFL (#1580) and libFuzzer/OSS-Fuzz (#1697)
- Added CI tests for simulating GIDS, OpenPGP, PIV, IsoApplet (#1568) and MyEID (#1677) and CAC (#1757)
- Integrate clang-tidy with
make check(#1673) - Added support for reproducible builds (#1839)
PKCS#11
- Implement write protection (CKF_WRITE_PROTECTED) based on the card profile (#1467)
- Added C_WrapKey and C_UnwrapKey implementations (#1393)
- Handle CKA_ALWAYS_AUTHENTICATE when creating key objects. (#1539)
- Truncate long PKCS#11 labels with ... (#1629)
- Fixed recognition of a token when being unplugged and reinserted (#1875)
Minidriver
OpenSC tools
- Harmonize the use of option
-r/--reader(#1548) goid-tool: GoID personalization with fingerprintopenpgp-toolopensc-exploreropensc-minidriver-test.exe: Tests for Microsoft CryptoAPI (#1510)opensc-notify: Autostart on Windowspkcs11-register:opensc-tool: Show ATR also for cards not recognized by OpenSC (#1625)pkcs11-spy:- parse CKM_AES_GCM
- Add support for CKA_OTP_* and CKM_*_PSS values
- parse EC Derive parameters (#1677)
pkcs11-tool- Support for signature verification via
--verify(#1435) - Add object type
secrkeyfor--typeoption (#1575) - Implement Secret Key write object (#1648)
- Add GOSTR3410-2012 support (#1654)
- Add support for testing CKM_RSA_PKCS_OAEP (#1600)
- Add extractable option to key import (#1674)
- list more key access flags when listing keys (#1653)
- Add support for
CKA_ALLOWED_MECHANISMSwhen creating new objects and listing keys (#1628)
- Support for signature verification via
pkcs15-crypt: * Handle keys with user consent (#1529)
CAC1
New separate CAC1 driver using the old CAC specification (#1502).
CardOS
Coolkey
- Enable CoolKey driver to handle 2048-bit keys. (#1532)
EstEID
- adds support for a minimalistic, small and fast card profile based on IAS-ECC issued since December 2018 (#1635)
GIDS
MICARDO
- Remove long expired EstEID 1.0/1.1 card support (#1470)
MyEID
- Add support for unwrapping a secret key with an RSA key or secret key (#1393)
- Add support for wrapping a secret key with a secret key (#1393)
- Support for MyEID 4K RSA (#1657)
- Support for OsEID (#1677).
Gemalto GemSafe
OpenPGP
- OpenPGP Card v3 ECC support (#1506)
Rutoken
SC-HSM
Starcos
- Fixed decipher with 2.3 (#1496)
- Added ATR for 2nd gen. eGK (#1668)
- Added new ATR for 3.5 (#1882)
- Detect and allow Globalplatform PIN encoding (#1882)
TCOS
Infocamere, Postecert, Cnipa
- Removed profiles (#1584)
ACS ACOS5
- Remove incomplete acos5 driver (#1622).