v0.9.9-rc2

Welcome to the new release candidate two (RC2) for the next release of LibPKI (v0.9.9). This new release comes with lots of changes that include, but are not limited to, the following:

• Support for Quantum-Safe cryptography via the OQS library (see README.md for more details)
• Support for Hybrid certificates via Composite Crypto (see README.md for more details)
• Refactoring of test scripts to be more informative (more work is needed)
• Refactoring of the generic signing code to accommodate for new algorithms
• Added support for new classic algorithms such as ED25519, ED448, and RSAPSS
• Simplified OCSP interface by removing unused functions and added new tests for response signing.
• Added (Initial) support for OpenSSL 3.x branches (not extensively tested, expect issues)
• (Initial) Refactoring for the CMS interface to simplify its use

What's Changed (RC1 to RC2)

• 78 port libpki to openssl 3x by @opencrypto in #79

Full Changelog: v0.9.9-rc1...v0.9.9-rc2

LibPKI v0.9.9-rc1 (Exp)

This new pre-release of LibPKI with lots of changes that include, but are not limited to, the following areas:

• Support for Quantum-Safe cryptography via the OQS library (see README.md for more details)
• Support for Hybrid certificates via Composite Crypto (see README.md for more details)
• Refactoring of test scripts to be more informative (more work is needed)
• Refactoring of the generic signing code to accommodate for new algorithms
• Added support for new classic algorithms such as ED25519, ED448, and RSAPSS
• Simplified OCSP interface: added new tests for response signing and removed un-used functions.
• (Initial) support for OpenSSL 3.x branches (not extensively tested, expect issues)
• (Initial) refactoring for the CMS interface to simplify its use

Full Changelog: v0.9.2...v0.9.9-rc1

What's Changed

• Fix compilation on FreeBSD by @ruomad in #54
• Fix include cms_cert_req.h in libpki/cmc.h by @crynsane in #44
• Initial support for LibOQS 0.7.2 by @opencrypto in #55
• Added function for public key encryption and decryption. by @opencrypto in #61
• Adding Support for Post-Quantum and Composite Algorithms. by @opencrypto in #69
• 66 add support for composite cryptography fix recover by @opencrypto in #70
• 71 add support for oqs 080 by @opencrypto in #72
• Align OID with the OID mapping file in PQC certificates repo by @opencrypto in #73
• Add support for arm/powerpc and allow compiling with OpenSSL 3+ by @ruomad in #74
• 75 update test infrastructure and openssl 3 by @opencrypto in #77
• 75 update test infrastructure by @opencrypto in #76

New Contributors

• @ruomad made their first contribution in #54
• @crynsane made their first contribution in #44

LibPKI v0.9.2 (Snacky)

The new version of LibPKI (v0.9.2/Snacky) is available. The new version includes some fixes and enhancements such as:

• Improved handling of PKI_TOKEN
• Fix for setting the right OID in X509/ASN signatures
• Initial support for OQS library (Open Quantum Safe)
• Initial support for Composite Crypto
• Updated/Fixed CMS interface
• Added aarch64 support
• Fixed compatibility with OpenSSL 1.0.x+ versions
• Refactoring of PKI_ALGOR_ usage - the PKI_ALGOR_ID_* identifiers are preferred for algorithm ids while the PKI_X509_ALGO_VALUE_* prefix is used for all operations related to X509_ALGOR structures.
• Introduced two new functions to handle the issuerNameHash and issuerKeyHash retrieval from OCSP responses (needed for abstracting access to the OCSP responses internals when using OpenSSL v1.1.x+.