Releases: OpenSC/OpenSC
Releases · OpenSC/OpenSC
OpenSC-0.19.0
New in 0.19.0; 2018-09-13
General Improvements
- fixed multiple security problems (out of bound writes/reads, #1447):
- Improved documentation:
- New manual page for opensc.conf(5)
- Added several missing switches in manual pages and fixed formatting
- Win32 installer:
- automatically start SCardSvr
- added newer OpenPGP ATRs
- macOS installer: use HFS+ for backward compatibility
- Remove outdated solaris files
- PC/SC driver:
- Workaround OMNIKEY 3x21 and 6121 Smart Card Readers wrongly identified as pinpad readers in macOS
- Workaround cards returning short signatures without leading zeroes
- bash completion
- make location directory configurable
- Use a new correct path by default
- build: support for libressl-2.7+
- Configuration
- Distribute minimal opensc.conf
pkcs11_enable_InitToken made
global configuration option- Modify behavior of
OPENSC_DRIVER
environment variable to restrict driver list instead of forcing one driver and skipping vital parts of configuration - Removed configuration options
zero_ckaid_for_ca_certs
,force_card_driver
,reopen_debug_file
,paranoid-memory
- Generalized configuration option
ignored_readers
- If card initialization fails, continue card detection with other card drivers (#1251)
- Fixed long term card operations on Windows 8 and later (#1043)
- reader-pcsc: allow fixing the length of a PIN
- fixed multithreading issue on Window with OpenPACE OIDs
PKCS#11
- fixed crash during
C_WaitForSlotEvent
(#1335)
Minidriver
- Allow cancelling the PIN pad prompt before starting the reader transaction. Whether to start the transaction immediately or not is user-configurable for each application
OpenSC tools
opensc-notify
- add Exit button to tray icon
- User better description (GenericName) and a generic application icon
- Do not display in the application list
pkcs15-tool
- added support for reading ECDSA ssh keys
p11test
- Filter certificates other than
CKC_X_509
- Filter certificates other than
opengpg-tool
- allow calling -d multiple times
- clarify usage text
sc-hsm
- Implement RSA PSS
- Add support for SmartCard-HSM 4K (V3.0)
CAC
- Remove support for CAC1 cards
- Ignore unknown tags in properties buffer
- Use GET PROPERTIES to recognize buffer formats
- Unbreak encoding last tag-len-value in the data objects
- Support HID Alt tokens without CCC
- They present certificates in OIDs of first AID and use other undocumented applets
- Inspect the tokens through the ACA applet and GET ACR APDU
Coolkey
- Unbreak Get Challenge functionality
- Make uninitialized cards working as expected with ESC
OpenPGP
- add serial number to card name
- include detailed version into card name
- define & set LCS (lifecycle support) as extended capability
- extend manufacturer list in pkcs15-openpgp.c
- correctly parse hist_bytes
- Make deciphering with AUT-key possible for OpenPGP Card >v3.2 (fixes #1352)
- Add supported algorithms for OpenPGP Card (Fixes #1432)
Starcos
- added support for 2nd generation eGK (#1451)
CardOS
- create PIN in MF (
pkcs15init
)
German ID card
- fixed identifying unknown card as German ID card (#1360)
PIV
- Context Specific Login Using Pin Pad Reader Fix
- Better Handling of Reset using Discovery Object
OpenSC-0.19.0-rc1
prepare 0.19.0
OpenSC-0.18.0
General Improvements
- PKCS#15
- fixed parsing ECC parameters from TokenInfo (#1134)
- Added PKCS#15 emulator for DIN 66291 profile
- Cope with empty serial number in TokenInfo
- Build Environment
- Treat compiler warnings as errors (use
--disable-strict
to avoid) - MacOS
- optionally use CTK in package builder
- fixed detection of OpenPACE package
- macOS High Sierra: fixed dmg creation
- fixed DNIe UI compatibility
- Treat compiler warnings as errors (use
- Windows: Use Dedicated md/pkcs11 installation folders instead of installing to System32/SysWOW64
- fixed (possible) memory leaks for PIV, JPKI, PKCS#11, Minidriver
- fixed many issues reported via compiler warnings, coverity scan and clang's static analyzer
- beautify printed ASN.1 data, add support for ASN.1 time types
- SimpleTLV: Skip correctly two bytes after reading 2b size (#1231)
- added support for
keep_alive
commands for cards with multiple applets to be enabled viaopensc.conf
- added support for bash completion for arguments that expect filenames
- added keyword
old
for selectingcard_drivers
viaopensc.conf
- improved documentation manuals for OpenSC tools
- use
leave
as default fordisconnect_action
for PC/SC readers
PKCS#11
- Make OpenSC PKCS#11 Vendor Defined attributes, mechanisms etc unique
Minidriver
- added CNS ATR (#1153)
- Add multiple PINs support to minidriver
- protect MD entry points with
CriticalSection
Tokend
- Configuration value for not propagating certificates that require user authentication (
ignore_private_certificate
)
CryptoTokenKit
- Added support for PIN pad
- fixed codesigning of opensc tools
- Added complete support for system integration with https://github.com/frankmorgner/OpenSCToken
OpenSC Tools
cardos-tool
- List human-readable version for CardOS 5.3
pkcs11-tool
- fixed overwriting digestinfo + hash for RSA-PKCS Signature
- Enable support for RSA-PSS signatures in pkcs11-tool
- Add support for RSA-OAEP
- Fixed #1286
- Add missing pkcs11-tool options to man page
- allow mechanism to be specified in hexadecimal
- fixed default module path on Windows to use opensc-pkcs11.dll
pkcs11-spy
- Add support for RSA-OAEP
- Add support for RSA-PSS
pkcs15init
- Fix rutokenS FCP parsing (#1259)
egk-tool
- Read data from German Health Care Card (Elektronische Gesundheitskarte, eGK)
opensc-asn1
- Parse ASN.1 from files
opensc-tool
/opensc-explorer
- Allow extended APDUs
Authentic
- Correctly handle APDUs with more than 256 bytes (#1205)
Coolkey
- Copy labels from certificate objects to the keys
Common Access Card
- Fixed infinite reading of certificate
- Added support for Alt token card
MyEID
- support for RAW RSA signature for 2048 bit keys
IAS/ECC
- Support for new MinInt agent card
PIV
- Get cardholder name from the first certificate if token label not specified
- implemented keep alive command (#1256)
- fixed signature creation with
CKA_ALWAYS_AUTHENTICATE
(i.e. PKCS#11C_Login(CKU_CONTEXT_SPECIFIC)
)
CardOS
- fixed card name for CardOS 5
- added ATR
"3b:d2:18:00:81:31:fe:58:c9:02:17"
- Try forcing
max_send_size
for PSO:DEC
DNIe
- DNIe: card also supports 1920 bits (#1247)
GIDS
- Fix GIDS admin authentication
epass 3000
Starcos
- added serial number for 3.4
- fixed setting key reference for 3.4
- added support for PIN status queries for 3.4
EstEID
- ECDSA/ECDH token support
- Fix crash when certificate read failed (#1176)
- Cleanup expired EstEID card ATR-s
- Fix reading EstEID certificates with T=0 (#1193)
OpenPGP
- Added support for PIN logout and status
- factory reset is possible if LCS is supported
- Added support for OpenPGP card V3
- fixed selecting Applet
- implemented keep alive command
- Retrieve OpenPGP applet version from OpenPGP applet on YubiKey token (#1262)
German ID card
- fixed recognition of newer cards
SC-HSM
- Don't block generic contactless ATR
- changed default labels of GoID
- added PIN commands for GoID 1.0
Starcos
- Added Support for Starcos 3.4 and 3.5
MioCOS
- disabled by default, use
card_drivers = old;
to enable; driver will be removed soon.
BlueZ PKCS#15 applet
- disabled by default, use
card_drivers = old;
to enable; driver will be removed soon.
OpenSC-0.18.0-rc2
macOS: disable notifications only in PKCS#11 module basically reverts https://github.com/OpenSC/OpenSC/commit/c35eb1c9bc74e284723ffd726478720b69aed970 by applying a more selective fix for https://github.com/OpenSC/OpenSC/issues/1174
OpenSC-0.18.0-rc1
prepare 0.18.0
OpenSC 0.17.0
New in 0.17.0; 2017-07-18
Support for new Cards
- CAC (Common Access Card)
- GoID (SC-HSM with built-in PIN pad and fingerprint sensor)
- Coolkey
- JPKI (Japanese Individual Number Card)
- nPA (German ID card, eSign Application)
General Improvements
- PKCS#15
- Implemented file caching based on card's contact-less UID
- Cache EF.ODF and EF.TokenInfo
- File caching is done transparently when the user sets the config option.
opensc.conf
- Added
disable_popups
for disabling internal UI - All Windows specific reader configuration is handled by the pcsc driver (cardmod driver was removed)
- Added
- Build Environment
- Allow setting
PKG_CONFIG_PATH
for macOS build - Added compatibility with Visual Studio 2015
- Allow building against LibreSSL
- Allow building against OpenSSL 1.1.0
- Allow building against WiX 3.11
- Allow building minidriver with MinGW
- Include OpenPACE library by default
- Removed
BUILD_ON
/BUILD_FOR
variable
- Allow setting
- Simplified installer on macOS and Windows
- Added support for PIN commands via PC/SC escape commands
- Added support for card reader access via CryptoTokenKit
- Added support for PIN entry on card for verification/unblock/change
- Recognize T=0 limitation of sending 255 bytes
- Force T=1 for contactless cards
- Allow setting driver via
OPENSC_DRIVER
environment variable - Fixed many bugs
- Fixed many compiler warnings
- Fixed possible issues (memory corruptions, memory leaks, double free, ...)
- Internal refactoring and cleanup
PKCS#11
- Move PIN type label front of description
C_GetTokenInfo
read the login status from the card if possible- Don't use ':' in the token name (#849)
- Install
opensc-pkcs11.pc
for usage withpkg-config
- Don't shrink the number of slots (#629)
- Add session handle uniqueness check to PKCS#11
C_OpenSession()
- Activate functionality of
C_WaitForSlot()
for pcsc-lite >= 1.8.22
Minidriver
- Support PIN unblocking in minidriver via PUK as response
- Added support for Session PIN
Tokend
- Allow usage of readers PIN pad by entering an empty PIN
OpenSC Tools
- Fixed Bash completion (#782)
opensc-tool
- Added
--reset
option
- Added
opensc-explorer
- Show tag 0x82 for unknown files
pkcs15-tool
- Fixed
--read-ssh-key
crash (#788) - Added
--clear-cache
- Fixed locking the card on Windows (#868)
- Add
--list-info
option - Make
--list-...
messages consistent - Add
--short
option --read-data-object
: Do not print data to terminal when output file is given- Reword
--no-prompt
to--use-pinpad
, old option still available as alias - Added
--test-session-pin
option
- Fixed
pkcs15-init
pkcs11-tool
- Added
keygen
for secret key generation - Better handling of PIN (re-) validation
- Fixed --id for
C_GenerateKey
, DES and DES3 keygen mechanism (#857) - Added
--derive-pass-der
option - Added
--generate-random
option - Add GOSTR3410 keypair generation
- Added
npa-tool
(new)- Allows read/write access to EAC tokens
- Allows PIN management for EAC tokens
gids-tool
- Fixed entering SN via command line
sc-hsm-tool
- Added
--print-dkek-share
(hidden from the user) - Fixed locking the card on Windows (#868)
- Added
CardOS
- Better support for CardOS 5.3
DNIe
- Fixed interaction with DNIe UI
- Added support for DNIe 3.0
ePass2003
- Add new ATR for entersafe PKI card
- Solved Incorrect PIN raise wrong CKR error
GemsafeV1
- PTeid: add objects (SOD, TRACe, CA) and fix flags
- PTeid: Support PIN max tries and tries left report
- PTeid: Properly report cards with 2048b keys.
MyEID
- Fix to ECDH implementation (#756)
- Added support for symmetric keys
OpenPGP
- Improve handling of OpenPGP card PIN change and unblock commands
PIV
- Some workarounds for PIV-alike cards (e.g. Yubikey)
- Change driver's short name to 'PIV-II'
- Use certificate's keyUsage to set PKCS#11 key attributes
SC-HSM
- Use PKCS#15 file cache
- Prevent unnecessary applet selection and state resets
- Added support for session pin
- Fixed forcing a card driver via opensc.conf
STARCOS
- Read the maximum transceive size from the card's ATR (#765)
OpenSC-0.17.0-rc2
Simplify differences between CardOS 5 versions and unbreak 5.3 signat… …ures (#1080) * Simplify CardOS 5.0 support (removing explicit 5.3 marker since the behavior should be the same) * Restore RSA_PKCS signatures functionality Closes https://github.com/OpenSC/OpenSC/pull/1079
OpenSC-0.17.0-rc1
0.17.0 version bump
OpenSC 0.16.0
OpenSC 0.16.0
OpenSC-0.16.0-rc2
release OpenSC 0.16.0-rc2