Prepare for release 0.23.0 #2426
Description
As proposed in note from OpenSC developers, release 0.23.0 will follow a security release 0.22.1.
The intent is to add to master, current PRs and address issues long before a release is created. By adding these early they will get additional testing by developers and users. In the past we have waited until a release candidate was announced to add last minute changes
The initial list of ToDo's include those that appear to be ready to add or need to be addressed.
Please, let me know if we missed something or if there is something which should go in before release.
@OpenSC/opensc-maintainers, @OpenSC/core, @OpenSC/maintainers,
Draft release notes (thanks Veronika!):
General improvements
- Support signing of data with a length of more than 512 bytes (Allow signing more than 512 bytes of data #2314)
- By default, disable support for old card drivers (Disable old card drivers and PKCS#15 emulators #2391) and remove support for old drivers MioCOS and JCOP (Remove old card drivers for MioCOS and JCOP #2374)
- Bump minimal required OpenSSL version to 1.1.1 and add support for OpenSSL 3.0 (Migration to OpenSSL 3.0 API #2438, sc-ossl-compat.h cleanup for OpenSSL and LibreSSL #2506)
- Compatibility with LibreSSL (Libressl integration and CI #2495, Fix build with libressl >= 3.5.0 #2595)
- Remove support for DSA (Remove DSA support #2503)
- Extend p11test to support symmetric keys (Symmetric keys support in p11test + rough edges of symmetric keys support in OpenSC #2430)
- Notice detached reader on macOS (Detached reader macOS #2418)
- Support for OAEP padding (OAEP (RFC8017) padding check/removal #2475, Oaep label #2484)
- Fix for PSS salt length (Pss salt len fix #2478)
- Improve fuzzing by adding new tests (Fuzzer for configuration file #2417, Add fuzzer for testing pkcs15init functionality #2500, Fuzzing of encoding/decoding functions #2520, Fuzz target for PKCS#11 API #2550)
- Fixed various issues reported by OSS-Fuzz and Coverity regarding card drivers, PKCS#11 and PKCS#15 init
- Fix issues with OpenPACE (Fix issues with uninitialized object identifiiers with OpenPACE #2472)
- Containers support for local testing
- Add support for encryption using symmetric keys (Sym crypt hw #2473)
- Stop building support for Gost algorithms with OpenSSL 3.0 as they require deprecated API (master - build on Ubuntu 22.04 and Openssl 3.0 #2586)
PKCS#11
- Implement
C_CreateObjectfor EC keys and fix signature verification forCKM_ECDSA_SHAxcards (Implement C_CreateObject for EC keys #2420)
pkcs11-tool
- Add more elliptic curves (sc-hsm-tool: Add options to initialize with public key authentication #2301)
- Add support for symmetric encrypt and decrypt, wrap and unwrap operations, and initialization vector (pkcs11-tool: symmetric encrypt/decrypt #2268)
- Fix consistent handling of secret key attributes (pkcs11-tool: consistent handling of secret key attributes #2497)
- Add support for signing and verifying with HMAC (Support HMAC signatures and verification #2385)
- Add support for SHA3 (Add support for SHA3* in pkcs11-tool. #2467)
- Make object selectable via label (pkcs11-tool: Make it selectable as a label when set-id #2570)
- Do not require an R/W session for some operations and add
--session-rwoption (Do not require a R/W session for --login, ... #2579)
sc-hsm-tool
- Add options for public key authentication (sc-hsm-tool: Add options to initialize with public key authentication #2301)
Minidriver
- Fix reinit of the card (Windows changed readers (alternative) #2525)
- Add an entry for Italian CNS (e) (Add a new entry to the Windows minidriver. #2548)
NQ-Applet
- Add support for the JCOP4 Cards with NQ-Applet (Jcop4 NQ-Applet #2425)
ItaCNS
- Add support for ItaCMS v1.1 (key length 2048) (Support for itacns key length 2048 #2371)
Belpic
- Add support for applet v1.8 (Driver matching for belpic v1.8 applet #2455)
Starcos
- Add ATR for V3.4 (starcos: added one more ATR of eGK #2464)
- Add PKCS#15 emulator for 3.x cards with eSign app (PKCS15 Emulator for Starcos 3.x Cards with eSign app #2544)
ePass2003
- Fix PKCS#15 initialization (Epass2003 init #2403)
- Add support for FIPS (To support feitian epass2003 keys with cos of fips. #2543)
- Fix matching with newer versions and tokens initialized with OpenSC (Fix matching of Epass2003 tokens #2575)
MyEID
- Support logout operation (myeid: support logout operation #2557)
GIDS
- Fix decipher for TPM (GIDS Decipher fix for TPM #1881)
OpenPGP
- Get the list of supported algorithms from algorithm information on the card (OpenPGP 3.4+: Get list of supported algorithms from Algorithm Information #2287)
nPA
- Fix card detection (Unbreak nPA detection #2463)