OpenSC 0.25.0

New in 0.25.0; 2024-03-06

Security

• CVE-2023-5992: Side-channel leaks while stripping encryption PKCS#1.5 padding in OpenSC (#2948)
• CVE-2024-1454: Potential use-after-free in AuthentIC driver during card enrollment in pkcs15init (#2962)

General improvements

• Update OpenSSL 1.1.1 to 3.0 in MacOS build (#2930)
• Remove support for old card drivers Akis, GPK, Incrypto34 and Westcos, disable Cyberflex driver (#2885)
• Fix 64b to 32b conversions (#2993)
• Improvements for the p11test (#2991)
• Fix reader initialization without SCardControl (#3007)
• Make RSA PKCS#1 v1.5 depadding constant-time (#2948)
• Add option for disabling PKCS#1 v1.5 depadding (type 01 and 02) on the card (#2975)
• Enable MSI signing via Signpath CI integration for Windows (#2799)
• Fixed various issues reported by OSS-Fuzz and Coverity in drivers, PKCS#11 and PKCS#15 layer

minidriver

• Fix wrong hash selection (#2932)

pkcs11-tool

• Simplify printing EC keys parameters (#2960)
• Add option to import GENERIC key (#2955)
• Add support for importing Ed25518/448 keys (#2985)

drust-tool

• Add tool for D-Trust cards (#3026, #3051)

IDPrime

• Support uncompressed certificates on IDPrime 940 (#2958)
• Enhance IDPrime logging (#3003)
• Add SafeNet 5110+ FIPS token support (#3048)

D-Trust Signature Cards

• Add support for RSA D-Trust Signature Card 4.1 and 4.4 (#2943)

EstEID

• Remove expired EstEID 3.* card support (#2950)

ePass2003

• Allow SW implementation with more SHA2 hashes and ECDSA (#3012)
• Fix EC key generation (#3045)

SmartCard-HSM

• Fix SELECT APDU command (#2978)

MyEID

• Update for PKCS#15 profile (#2965)

Rutoken

• Support for RSA 4096 key algorithm (#3011)

OpenPGP

• Fix decryption requiting Manage Security Environment for authentication key (#3042)