SSCG 4.0.0 Release Announcement

We are excited to announce the release of SSCG 4.0.0! This major release brings significant new features, modernization improvements, and important breaking changes.

🎉 Highlights

Post-Quantum Cryptography Support

SSCG now supports ML-DSA (Module-Lattice-Based Digital Signature Algorithm) key generation, bringing post-quantum cryptography capabilities to the tool. This ensures future-readiness against quantum computing threats.

ECDSA Key Support

In addition, SSCG now supports ECDSA (Elliptic Curve Digital Signature Algorithm) key generation, providing modern cryptographic options with smaller key sizes and improved performance.

Enhanced Command-Line Interface

The help output has been completely reorganized into logical groups, making it significantly easier to discover and use the various options available.

✨ New Features

• ML-DSA Key Generation: Generate post-quantum cryptographic keys with OpenSSL 3.5+
• New command-line arguments for ML-DSA configuration

• Proper handling of ML-DSA signing semantics (digest-less operation)

• ECDSA Key Generation: Generate elliptic curve keys

• Support for various EC curves

• Enhanced CLI arguments for EC-DSA configuration

• Enhanced Security: Minimum RSA key strength for private CA raised to 4096 bits (matches service certificate if set higher)

🔧 Internal Improvements

• Refactored Key Creation: Separated key creation logic from certificate creation for better modularity and multi-algorithm support
• Enhanced Testing:
• Separate validity tests for RSA, ECDSA, and ML-DSA certificates
• Extended test coverage for CA and certificate creation with new key types
• Improved Code Organization: Logging functionality split into its own header and implementation files
• Better Code Formatting: Updated clang-format configuration for improved consistency

🚨 Breaking Changes

DH Parameters Changes

• No longer generates DH parameters file by default (Fixes #91)
• DH parameters were always generated by default for backwards compatibility, but this was never the desired behavior
• Use the --dhparams-file argument if you explicitly need DH parameters
• Custom DH parameter generation deprecated (Fixes #88)
• --dhparams-prime-len argument still works for now but it is hidden from the documentation
• This option will be removed in SSCG 5.0

Removed Options

• Dropped --package argument: This option was deprecated in SSCG 3.0 and has been completely removed in 4.0 as it has been meaningless for years

Build Requirements

• Minimum OpenSSL version: 3.x: Dropped compatibility with OpenSSL 1.1 and 2.x
• Updated C standard: Now requires C standard support of C17 + GNU extensions (gcc 11+, clang 6+)
• Removed pkgconfig dependency: Unused dependency has been dropped

🔍 Bug Fixes

• Fixed NULL pointer dereference issues in tests (Coverity #1648023)
• Fixed formatting issues throughout the codebase
• Various code quality improvements

🏗️ Infrastructure

• CI now tests on Fedora ELN in addition to other platforms
• CI runs are no longer restricted to the main branch
• Updated GitHub Actions checkout action to v5
• Build and test processes improved for container environments

📝 Requirements

• OpenSSL 3.x or later
• C compiler with C17 + GNU extensions standard support
• Meson build system

📥 Getting SSCG 4.0.0

Source tarballs and additional information are available at: - GitHub: https://github.com/sgallagher/sscg - Releases: https://github.com/sgallagher/sscg/releases/tag/sscg-4.0.0

For bug reports and feature requests, please visit our issue tracker.

For information on contributing to SSCG, please see our CONTRIBUTING.md guide.

Full Changelog: https://github.com/sgallagher/sscg/compare/sscg-3.0.8...sscg-4.0.0