1* Version 1.11.0 (2022-05-03) 2 ** Experimental PCSC support; enable with -DUSE_PCSC. 3 ** Improved OpenSSL 3.0 compatibility. 4 ** Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs. 5 ** winhello: advertise "uv" instead of "clientPin". 6 ** winhello: support hmac-secret in fido_dev_get_assert(). 7 ** New API calls: 8 - fido_cbor_info_maxlargeblob. 9 ** Documentation and reliability fixes. 10 ** Separate build and regress targets. 11 12* Version 1.10.0 (2022-01-17) 13 ** hid_osx: handle devices with paths > 511 bytes; gh#462. 14 ** bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480. 15 ** winhello: fallback to GetTopWindow() if GetForegroundWindow() fails. 16 ** winhello: fallback to hid_win.c if webauthn.dll isn't available. 17 ** New API calls: 18 - fido_dev_info_set; 19 - fido_dev_io_handle; 20 - fido_dev_new_with_info; 21 - fido_dev_open_with_info. 22 ** Cygwin and NetBSD build fixes. 23 ** Documentation and reliability fixes. 24 ** Support for TPM 2.0 attestation of COSE_ES256 credentials. 25 26* Version 1.9.0 (2021-10-27) 27 ** Enabled NFC support on Linux. 28 ** Added OpenSSL 3.0 compatibility. 29 ** Removed OpenSSL 1.0 compatibility. 30 ** Support for FIDO 2.1 "minPinLength" extension. 31 ** Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation. 32 ** Support for TPM 2.0 attestation. 33 ** Support for device timeouts; see fido_dev_set_timeout(). 34 ** New API calls: 35 - es256_pk_from_EVP_PKEY; 36 - fido_cred_attstmt_len; 37 - fido_cred_attstmt_ptr; 38 - fido_cred_pin_minlen; 39 - fido_cred_set_attstmt; 40 - fido_cred_set_pin_minlen; 41 - fido_dev_set_pin_minlen_rpid; 42 - fido_dev_set_timeout; 43 - rs256_pk_from_EVP_PKEY. 44 ** Reliability and portability fixes. 45 ** Better handling of HID devices without identification strings; gh#381. 46 ** Fixed detection of Windows's native webauthn API; gh#382. 47 48* Version 1.8.0 (2021-07-22) 49 ** Dropped 'Requires.private' entry from pkg-config file. 50 ** Better support for FIDO 2.1 authenticators. 51 ** Support for Windows's native webauthn API. 52 ** Support for attestation format 'none'. 53 ** New API calls: 54 - fido_assert_set_clientdata; 55 - fido_cbor_info_algorithm_cose; 56 - fido_cbor_info_algorithm_count; 57 - fido_cbor_info_algorithm_type; 58 - fido_cbor_info_transports_len; 59 - fido_cbor_info_transports_ptr; 60 - fido_cred_set_clientdata; 61 - fido_cred_set_id; 62 - fido_credman_set_dev_rk; 63 - fido_dev_is_winhello. 64 ** fido2-token: new -Sc option to update a resident credential. 65 ** Documentation and reliability fixes. 66 ** HID access serialisation on Linux. 67 68* Version 1.7.0 (2021-03-29) 69 ** New dependency on zlib. 70 ** Fixed musl build; gh#259. 71 ** hid_win: detect devices with vendor or product IDs > 0x7fff; gh#264. 72 ** Support for FIDO 2.1 authenticator configuration. 73 ** Support for FIDO 2.1 UV token permissions. 74 ** Support for FIDO 2.1 "credBlobs" and "largeBlobs" extensions. 75 ** New API calls: 76 - fido_assert_blob_len; 77 - fido_assert_blob_ptr; 78 - fido_assert_largeblob_key_len; 79 - fido_assert_largeblob_key_ptr; 80 - fido_assert_set_hmac_secret; 81 - fido_cbor_info_maxcredbloblen; 82 - fido_cred_largeblob_key_len; 83 - fido_cred_largeblob_key_ptr; 84 - fido_cred_set_blob; 85 - fido_dev_enable_entattest; 86 - fido_dev_force_pin_change; 87 - fido_dev_has_uv; 88 - fido_dev_largeblob_get; 89 - fido_dev_largeblob_get_array; 90 - fido_dev_largeblob_remove; 91 - fido_dev_largeblob_set; 92 - fido_dev_largeblob_set_array; 93 - fido_dev_set_pin_minlen; 94 - fido_dev_set_sigmask; 95 - fido_dev_supports_credman; 96 - fido_dev_supports_permissions; 97 - fido_dev_supports_uv; 98 - fido_dev_toggle_always_uv. 99 ** New fido_init flag to disable fido_dev_open's U2F fallback; gh#282. 100 ** Experimental NFC support on Linux; enable with -DNFC_LINUX. 101 102* Version 1.6.0 (2020-12-22) 103 ** Fix OpenSSL 1.0 and Cygwin builds. 104 ** hid_linux: fix build on 32-bit systems. 105 ** hid_osx: allow reads from spawned threads. 106 ** Documentation and reliability fixes. 107 ** New API calls: 108 - fido_cred_authdata_raw_len; 109 - fido_cred_authdata_raw_ptr; 110 - fido_cred_sigcount; 111 - fido_dev_get_uv_retry_count; 112 - fido_dev_supports_credman. 113 ** Hardened Windows build. 114 ** Native FreeBSD and NetBSD support. 115 ** Use CTAP2 canonical CBOR when combining hmac-secret and credProtect. 116 117* Version 1.5.0 (2020-09-01) 118 ** hid_linux: return FIDO_OK if no devices are found. 119 ** hid_osx: 120 - repair communication with U2F tokens, gh#166; 121 - reliability fixes. 122 ** fido2-{assert,cred}: new options to explicitly toggle UP, UV. 123 ** Support for configurable report lengths. 124 ** New API calls: 125 - fido_cbor_info_maxcredcntlst; 126 - fido_cbor_info_maxcredidlen; 127 - fido_cred_aaguid_len; 128 - fido_cred_aaguid_ptr; 129 - fido_dev_get_touch_begin; 130 - fido_dev_get_touch_status. 131 ** Use COSE_ECDH_ES256 with CTAP_CBOR_CLIENT_PIN; gh#154. 132 ** Allow CTAP messages up to 2048 bytes; gh#171. 133 ** Ensure we only list USB devices by default. 134 135* Version 1.4.0 (2020-04-15) 136 ** hid_hidapi: hidapi backend; enable with -DUSE_HIDAPI=1. 137 ** Fall back to U2F if the key claims to, but does not support FIDO2. 138 ** FIDO2 credential protection (credprot) support. 139 ** New API calls: 140 - fido_cbor_info_fwversion; 141 - fido_cred_prot; 142 - fido_cred_set_prot; 143 - fido_dev_set_transport_functions; 144 - fido_set_log_handler. 145 ** Support for FreeBSD. 146 ** Support for C++. 147 ** Support for MSYS. 148 ** Fixed EdDSA and RSA self-attestation. 149 150* Version 1.3.1 (2020-02-19) 151 ** fix zero-ing of le1 and le2 when talking to a U2F device. 152 ** dropping sk-libfido2 middleware, please find it in the openssh tree. 153 154* Version 1.3.0 (2019-11-28) 155 ** assert/hmac: encode public key as per spec, gh#60. 156 ** fido2-cred: fix creation of resident keys. 157 ** fido2-{assert,cred}: support for hmac-secret extension. 158 ** hid_osx: detect device removal, gh#56. 159 ** hid_osx: fix device detection in MacOS Catalina. 160 ** New API calls: 161 - fido_assert_set_authdata_raw; 162 - fido_assert_sigcount; 163 - fido_cred_set_authdata_raw; 164 - fido_dev_cancel. 165 ** Middleware library for use by OpenSSH. 166 ** Support for biometric enrollment. 167 ** Support for OpenBSD. 168 ** Support for self-attestation. 169 170* Version 1.2.0 (released 2019-07-26) 171 ** Credential management support. 172 ** New API reflecting FIDO's 3-state booleans (true, false, absent): 173 - fido_assert_set_up; 174 - fido_assert_set_uv; 175 - fido_cred_set_rk; 176 - fido_cred_set_uv. 177 ** Command-line tools for Windows. 178 ** Documentation and reliability fixes. 179 ** fido_{assert,cred}_set_options() are now marked as deprecated. 180 181* Version 1.1.0 (released 2019-05-08) 182 ** MacOS: fix IOKit crash on HID read. 183 ** Windows: fix contents of release file. 184 ** EdDSA (Ed25519) support. 185 ** fido_dev_make_cred: fix order of CBOR map keys. 186 ** fido_dev_get_assert: plug memory leak when operating on U2F devices. 187 188* Version 1.0.0 (released 2019-03-21) 189 ** Native HID support on Linux, MacOS, and Windows. 190 ** fido2-{assert,cred}: new -u option to force U2F on dual authenticators. 191 ** fido2-assert: support for multiple resident keys with the same RP. 192 ** Strict checks for CTAP2 compliance on received CBOR payloads. 193 ** Better fuzzing harnesses. 194 ** Documentation and reliability fixes. 195 196* Version 0.4.0 (released 2019-01-07) 197 ** fido2-assert: print the user id for resident credentials. 198 ** Fix encoding of COSE algorithms when making a credential. 199 ** Rework purpose of fido_cred_set_type; no ABI change. 200 ** Minor documentation and code fixes. 201 202* Version 0.3.0 (released 2018-09-11) 203 ** Various reliability fixes. 204 ** Merged fuzzing instrumentation. 205 ** Added regress tests. 206 ** Added support for FIDO 2's hmac-secret extension. 207 ** New API calls: 208 - fido_assert_hmac_secret_len; 209 - fido_assert_hmac_secret_ptr; 210 - fido_assert_set_extensions; 211 - fido_assert_set_hmac_salt; 212 - fido_cred_set_extensions; 213 - fido_dev_force_fido2. 214 ** Support for native builds with Microsoft Visual Studio 17. 215 216* Version 0.2.0 (released 2018-06-20) 217 ** Added command-line tools. 218 ** Added a couple of missing get functions. 219 220* Version 0.1.1 (released 2018-06-05) 221 ** Added documentation. 222 ** Added OpenSSL 1.0 support. 223 ** Minor fixes. 224 225* Version 0.1.0 (released 2018-05-18) 226 ** First beta release. 227