]>
Commit | Line | Data |
---|---|---|
a0098eda CB |
1 | CHANGES - changes for libtpms |
2 | ||
c4d875e7 SB |
3 | version 0.9.6: |
4 | - tpm2: Check size of buffer before accessing it (CVE-2023-1017 & -1018) | |
5 | ||
e93c0082 SB |
6 | version 0.9.5: |
7 | - tpm2: Do not set RSA_FLAG_NO_BLINDING on RSA keys anymore | |
8 | - tpm2: Fix a potential overflow expression (coverity) | |
9 | - tpm2: Fix size check in CryptSecretDecrypt | |
10 | ||
b6dc4fa9 SB |
11 | version 0.9.4: |
12 | - tpm: #undef printf in case it is #define'd (OSS-Fuzz) | |
13 | - tpm2: Check return code of BN_div() | |
14 | - tpm2: Initialize variables due to gcc complaint (s390x, false positive) | |
15 | - tpm12: Initialize variables due to gcc complaint (s390x, false positive) | |
16 | - build-sys: Fix configure script to support _FORTIFY_SOURCE=3 | |
17 | ||
472bc355 SB |
18 | version 0.9.3: |
19 | - build-sys: Add probing for -fstack-protector | |
20 | - tpm2: Do not call EVP_PKEY_CTX_set0_rsa_oaep_label() for label of size | |
21 | (OSSL 3) | |
22 | ||
259c1310 SB |
23 | version 0.9.2: |
24 | - tpm2: When writing state initialize s_ContextSlotMask if not set | |
25 | ||
1ff6fe1f SB |
26 | version 0.9.1: |
27 | - tpm2: Do not write permanent state if only clock changed | |
28 | - tpm2: Fix "maybe-uninitialized" warning | |
29 | ||
db1fd594 SB |
30 | version 0.9.0: |
31 | - NOTE: Downgrade to previous versions is not possible. See below. | |
32 | - The size of the context gap has been adjusted to 0xffff from 0xff. | |
33 | As a consequence of this the volatile state's format (STATE_RESET_DATA) | |
34 | has changed and cannot be downgraded. | |
be5fabf1 SB |
35 | - Applied work-around for Win 2016 & 2019 server related to |
36 | TPM2_ContextLoad (issue #217) | |
5e97c2e7 | 37 | - Check for several more compile-time constants |
d78e6e38 | 38 | - Enabled Camellia symmetric key encryption algorithm |
ab25f924 SB |
39 | - tpm2: CryptSym: fix AES output IV |
40 | - tpm2: Added a cache for private exponent D and prime Q | |
41 | - tpm2: bug fixes related to state marshalling | |
42 | - tpm2: Consume padding bytes in TPM2_ContextLoad() (Win2k19, issue #217) | |
43 | - tests: Improvements on the fuzzer | |
44 | - tpm2: Switch to UINT16 for CONTEXT_SLOT and 64k context gap | |
45 | - tpm2: Update to TPM 2 spec rev 164 | |
46 | - build-sys: Enable building --without-tpm1 | |
47 | - tpm2: Marshal event sequence objects' hash state | |
48 | - tpm2: Fixes for build and runtime when using OpenSSL 3.0 | |
db1fd594 | 49 | |
b19d7f6a | 50 | version 0.8.0 |
c762ca4a SB |
51 | - NOTE: Downgrade to previous versions is not possible. See below. |
52 | - Update to TPM 2 code release 159 | |
b19d7f6a SB |
53 | - X509 support is enabled |
54 | - SM2 signing of ceritificates is NOT supported | |
55 | - Authenticated timers are disabled | |
56 | - Due to fixes in the TPM 2 prime number generation code in rev155 it is not | |
57 | possible to downgrade from libtpms version 0.8.0 to some previous version. | |
58 | The seeds are now associated with an age so that older seeds use the old | |
59 | TPM 2 prime number generation code while newer seed use the newer code. | |
bbd7b75d | 60 | - Update to TPM 2 code release 162 |
c762ca4a SB |
61 | - ECC encryption / decryption is disabled |
62 | - Fix support for elliptic curve due to missing unmarshalling code | |
63 | - Runtime filter supported elliptic curves supported by OpenSSL | |
64 | - Fix output buffer parameter and size for RSA decryption that could cause | |
65 | stack corruption under certain circumstances | |
f66a719e SB |
66 | - Set the RSA PSS salt length to the digest length rather than max. possible |
67 | - Fixes to symmetric decryption related to input size check, | |
c762ca4a SB |
68 | defer padding to the user [EVP_CIPHER_CTX_set_padding(ctx, 0)] and |
69 | to always use a temporary malloc'ed buffer for decryption | |
f66a719e SB |
70 | - Fixed the set of PCRs belonging to the TCB group. This affects the |
71 | pcrUpdateCounter in TPM2_Pcrread() responses, thus needs latest `swtpm` | |
72 | for test cases to succeed there. | |
b19d7f6a | 73 | |
39b1301d SB |
74 | version 0.7.0 |
75 | - use OpenSSL crypto for AES, TDES, EC, and RSA operations when possible | |
76 | ||
0b60a447 SB |
77 | version 0.6.0 |
78 | - added TPM 2 support (revision 150) | |
79 | ||
80 | - New API calls: | |
81 | - TPMLIB_CancelCommand | |
82 | - TPMLIB_ChooseTPMVersion | |
83 | - TPMLIB_SetDebugFD | |
84 | - TPMLIB_SetDebugLevel | |
85 | - TPMLIB_SetDebugPrefix | |
86 | - TPMLIB_SetBufferSize | |
87 | - TPMLIB_ValidateState | |
88 | - TPMLIB_SetState | |
89 | - TPMLIB_GetState | |
90 | ||
a0098eda CB |
91 | version 0.5.1 |
92 | first public release | |
93 | ||
94 | - release 7 increased NVRAM area for being able to store more data in | |
95 | the TPM's NVRAM areas, i.e., X.509 certificates | |
96 | ||
97 | - release 9 added two more APIs: | |
98 | - TPM_Free | |
99 | - TPMLIB_DecodeBlob |