Skip to content

OpenSC 0.23.0
Compare
Choose a tag to compare
@Jakuje Jakuje released this 29 Nov 10:22
· 795 commits to master since this release
0.23.0
5497519

New in 0.23.0; 2022-11-29

General improvements

  • Support signing of data with a length of more than 512 bytes (#2314)
  • By default, disable support for old card drivers (#2391) and remove support for old drivers MioCOS and JCOP (#2374)
  • Bump minimal required OpenSSL version to 1.1.1 and add support for OpenSSL 3.0 (#2438, #2506)
  • Compatibility with LibreSSL (#2495, #2595)
  • Remove support for DSA (#2503)
  • Extend p11test to support symmetric keys (#2430)
  • Notice detached reader on macOS (#2418)
  • Support for OAEP padding (#2475, #2484)
  • Fix for PSS salt length (#2478)
  • Improve fuzzing by adding new tests (#2417, #2500, #2520, #2550, #2637)
  • Fixed various issues reported by OSS-Fuzz and Coverity regarding card drivers, PKCS#11 and PKCS#15 init
  • Fix issues with OpenPACE (#2472)
  • Containers support for local testing
  • Add support for encryption and decryption using symmetric keys (#2473, #2607)
  • Stop building support for Gost algorithms with OpenSSL 3.0 as they require deprecated API (#2586)
  • Fix detection of disconnected readers in PCSC (#2600)
  • Add configuration option for on-disk caching of private data (#2588)
  • Skip building empty binaries when dependencies are missing and remove needless linking (#2617)
  • Define arm64 as a supported architecture in the Installer package (#2610)

PKCS#11

  • Implement C_CreateObject for EC keys and fix signature verification for CKM_ECDSA_SHAx cards (#2420)

pkcs11-tool

  • Add more elliptic curves (#2301)
  • Add support for symmetric encrypt and decrypt, wrap and unwrap operations, and initialization vector (#2268)
  • Fix consistent handling of secret key attributes (#2497)
  • Add support for signing and verifying with HMAC (#2385)
  • Add support for SHA3 (#2467)
  • Make object selectable via label (#2570)
  • Do not require an R/W session for some operations and add --session-rw option (#2579)
  • Print more information: CKA_UNIQUE_ID attribute, SHA3 HMACs and serial number for certificates (#2644, #2643, #2641)
  • Add new option --undestroyable to create keys with CKA_DESTROYABLE=FALSE (#2645)

sc-hsm-tool

  • Add options for public key authentication (#2301)

Minidriver

  • Fix reinit of the card (#2525)
  • Add an entry for Italian CNS (e) (#2548)
  • Fix detection of ECC mechanisms (#2523)
  • Fix ATRs before adding them to the windows registry (#2628)

NQ-Applet

  • Add support for the JCOP4 Cards with NQ-Applet (#2425)

ItaCNS

  • Add support for ItaCMS v1.1 (key length 2048) (#2371)

Belpic

  • Add support for applet v1.8 (#2455)

Starcos

  • Add ATR for V3.4 (#2464)
  • Add PKCS#15 emulator for 3.x cards with eSign app (#2544)

ePass2003

  • Fix PKCS#15 initialization (#2403)
  • Add support for FIPS (#2543)
  • Fix matching with newer versions and tokens initialized with OpenSC (#2575)

MyEID

  • Support logout operation (#2557)
  • Support for symmetric encryption and decryption (#2473, #2607)

GIDS

  • Fix decipher for TPM (#1881)

OpenPGP

  • Get the list of supported algorithms from algorithm information on the card (#2287)
  • Support for 3 certificates with OpenPGP 3+ (#2103)

nPA

  • Fix card detection (#2463)

Rutoken

  • Fix formatting rtecp cards (#2599)

PIV

  • Add new PIVKey ATRs for current cards (#2602)
Assets 12