Towards new release 0.25.0

[xhanulik]

Here is the draft release notes for the upcoming release, feel free to adjust or let me know what is missing. Some of the project cards in https://github.com/OpenSC/OpenSC/projects/13 are still in progress, so I will adjust the draft eventually.

---

Security

• CVE-2023-5992: Side-channel leaks while stripping encryption PKCS#1.5 padding in OpenSC (Constant time RSA PKCS#1 v1.5 depadding #2948)
• CVE-2024-1454: Potential use-after-free in AuthentIC driver during card enrollment in pkcs15init (Fix recent findings from oss-fuzz #2962)

General improvements

• Update OpenSSL 1.1.1 to 3.0 in MacOS build (OpenSSL 1.1.1 is deprecated #2930)
• Remove support for old card drivers Akis, GPK, Incrypto34 and Westcos, disable Cyberflex driver (Removal of old card drivers #2885)
• Fix 64b to 32b conversions (Fix 64 to 32 conversions #2993)
• Improvements for the p11test (Various improvements for the p11test #2991)
• Fix reader initialization without SCardControl (Fix reader initialization without SCardControl #3007)
• Make RSA PKCS#1 v1.5 depadding constant-time (Constant time RSA PKCS#1 v1.5 depadding #2948)
• Add option for disabling PKCS#1 v1.5 depadding (type 01 and 02) on the card (Add option for disabling HW PKCS#1 v1.5 padding #2975)
• Enable MSI signing via Signpath CI integration for Windows (Windows: Enable MSI signing via Signpath CI integration #2799)
• Fixed various issues reported by OSS-Fuzz and Coverity in drivers, PKCS#11 and PKCS#15 layer

minidriver

• Fix wrong hash selection (minidriver: Fix wrong hash selection in CardSignData if pszAlgId is NULL #2932)

pkcs11-tool

• Simplify printing EC keys parameters (Fixes mostly in pkcs11 layer and pkcs11-tool #2960)
• Add option to import GENERIC key (pkcs11-tool: add option to import GENERIC key #2955)
• Add support for importing Ed25518/448 keys (pkcs11-tool: add support for importing Ed25518/448 keys #2985)

IDPrime

• Support uncompressed certificates on IDPrime 940 (Support uncompressed certificates on IDPrime 940 #2958)
• Enhance IDPrime logging (idprime: Print some more logs from index file parsing #3003)

D-Trust Signature Cards

• Add support for RSA D-Trust Signature Card 4.1 and 4.4 (Add support for RSA D-Trust Card 4.1 & 4.4 #2943)

EstEID

• Remove expired EstEID 3.* card support (Remove expired EstEID 3.* card support #2950)

ePass2003

• Allow SW implementation with more SHA2 hashes and ECDSA (ePass2003: Allow software implementation with more SHA2 hashes and ECDSA #3012)

SmartCard-HSM

• Fix SELECT APDU command (sc-hsm: Force use of Le = 0x00 for SELECT #2978)

MyEID

• Update for PKCS#15 profile (myeid.profile update, added AID for file 5015 #2965)

Rutoken

• Support for RSA 4096 key algorithm (rutoken_ecp: add support for RSA 4096 key algorithm #3011)

[xhanulik]

Regarding the security relevant bugs reported by OSS-Fuzz, there are two issues

• https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65684
  • fixed with c354501
• https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64898
  • fixed with 5835f0d

but they are both fixing previously reported and fixed fuzzing issues .

From Coverity high impact issues, there are only problems connected to unit tests for PKCS#1 v1.5 depadding, fixed by #3016.

[frankmorgner]

Thanks for the summary, looks good so far!

Regarding the security relevant bugs reported by OSS-Fuzz, there are two issues

* https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65684
  
  * fixed with [c354501](https://github.com/OpenSC/OpenSC/commit/c3545018d059b4debde33b9f34de719dd41e5531)

If I understand correctly, then the original issue was a loss of memory. Since the use after free was not part of any release version, I'd rather fall back to the severity of the old issue (loss of memory, not security relevant)

* https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64898
  
  * fixed with [5835f0d](https://github.com/OpenSC/OpenSC/commit/5835f0d4f6c033bd58806d33fa546908d39825c9)

This one seems noteworthy for the upcoming release, because the 6d1fcd9 was part of 0.24.0. However, it can only be triggered by a malicious card and during modification of the card. If we want to allocate a CVE for this, we could use the description of CVE-2023-40661 as template.

[alt3r-3go]

I'd like to contribute to this release (and hopefully future ones!) by testing it with my Nitrokey Start and Pro tokens and updating the Release Testing wiki page accordingly. Hopefully that's useful :)

I have a quick question though - I don't see any tags for 0.25 yet, should I wait for one, or just go ahead with a build off of master? Both tokens are OpenPGP, so based on the list above all the changes potentially touching that part are already in (as far as I understand, anyway - please let me know if I'm missing anything), but I wonder if I'd better wait for the "official" tag so that the test is more relevant.

[frankmorgner]

Hi, @alt3r-3go , great to hear! We will update the table once we have created a release candidate. When that is done, you can extend the wiki (and the test result page) by making a pull request here https://github.com/OpenSC/Wiki

[Jakuje]

• https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64898

This one seems noteworthy for the upcoming release, because the 6d1fcd9 was part of 0.24.0.

The UAF could happen only, when the sc_get_challenge() would return value 0 / SC_SUCCESS, which would get through the condition if (!rv) {, but not through the condition if (_ret < 0) { to return.

So I agree that it would make sense to get the CVE for this (with low priority as it only affects the enrollment).

[xhanulik]

This one seems noteworthy for the upcoming release, because the 6d1fcd9 was part of 0.24.0. However, it can only be triggered by a malicious card and during modification of the card. If we want to allocate a CVE for this, we could use the description of CVE-2023-40661 as template.

Here is the draft of the CVE:

Memory use after free in AuthentIC driver when updating token info

The Use After Free vulnerability was identified within the AuthentIC driver in OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls or modifies cards. An attacker must have physical access to the computer system to take advantage of this flaw. The attack requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can potentially allow for compromising card management operations during enrollment.

References

• https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64898
  • fixed with 5835f0d

[frankmorgner]

please also pick up the code signing of the Windows installer in the changelog (#2799)

[xhanulik]

The release candidate 1 is out now https://github.com/OpenSC/OpenSC/releases/tag/0.25.0-rc1.

We would appreciate further testing of rc1 (https://github.com/OpenSC/OpenSC/wiki/Smart-Card-Release-Testing); results can be added as PR to https://github.com/OpenSC/Wiki or shared as a comment on this issue.