[libtpms.git] / CHANGES

CHANGES - changes for libtpms

version 0.9.0:
  - NOTE: Downgrade to previous versions is not possible. See below.
  - The size of the context gap has been adjusted to 0xffff from 0xff.
    As a consequence of this the volatile state's format (STATE_RESET_DATA)
    has changed and cannot be downgraded.
  - Applied work-around for Win 2016 & 2019 server related to
    TPM2_ContextLoad (issue #217)

version 0.8.0
  - NOTE: Downgrade to previous versions is not possible. See below.
  - Update to TPM 2 code release 159
    - X509 support is enabled
      - SM2 signing of ceritificates is NOT supported
    - Authenticated timers are disabled
  - Due to fixes in the TPM 2 prime number generation code in rev155 it is not
    possible to downgrade from libtpms version 0.8.0 to some previous version.
    The seeds are now associated with an age so that older seeds use the old
    TPM 2 prime number generation code while newer seed use the newer code.
  - Update to TPM 2 code release 162
    - ECC encryption / decryption is disabled
  - Fix support for elliptic curve due to missing unmarshalling code
  - Runtime filter supported elliptic curves supported by OpenSSL
  - Fix output buffer parameter and size for RSA decryption that could cause
    stack corruption under certain circumstances
  - Set the RSA PSS salt length to the digest length rather than max. possible
  - Fixes to symmetric decryption related to input size check,
    defer padding to the user [EVP_CIPHER_CTX_set_padding(ctx, 0)] and
    to always use a temporary malloc'ed buffer for decryption
  - Fixed the set of PCRs belonging to the TCB group. This affects the
    pcrUpdateCounter in TPM2_Pcrread() responses, thus needs latest `swtpm`
    for test cases to succeed there.

version 0.7.0
  - use OpenSSL crypto for AES, TDES, EC, and RSA operations when possible

version 0.6.0
  - added TPM 2 support (revision 150)

  - New API calls:
    - TPMLIB_CancelCommand
    - TPMLIB_ChooseTPMVersion
    - TPMLIB_SetDebugFD
    - TPMLIB_SetDebugLevel
    - TPMLIB_SetDebugPrefix
    - TPMLIB_SetBufferSize
    - TPMLIB_ValidateState
    - TPMLIB_SetState
    - TPMLIB_GetState

version 0.5.1
  first public release

  - release 7 increased NVRAM area for being able to store more data in
    the TPM's NVRAM areas, i.e., X.509 certificates

  - release 9 added two more APIs:
    - TPM_Free
    - TPMLIB_DecodeBlob
Commit	Line	Data
a0098eda CB	1	CHANGES - changes for libtpms
a0098eda CB	2
db1fd594 SB	3	version 0.9.0:
	4	- NOTE: Downgrade to previous versions is not possible. See below.
	5	- The size of the context gap has been adjusted to 0xffff from 0xff.
	6	As a consequence of this the volatile state's format (STATE_RESET_DATA)
	7	has changed and cannot be downgraded.
be5fabf1 SB	8	- Applied work-around for Win 2016 & 2019 server related to
be5fabf1 SB	9	TPM2_ContextLoad (issue #217)
db1fd594	10
b19d7f6a	11	version 0.8.0
c762ca4a SB	12	- NOTE: Downgrade to previous versions is not possible. See below.
c762ca4a SB	13	- Update to TPM 2 code release 159
b19d7f6a SB	14	- X509 support is enabled
	15	- SM2 signing of ceritificates is NOT supported
	16	- Authenticated timers are disabled
	17	- Due to fixes in the TPM 2 prime number generation code in rev155 it is not
	18	possible to downgrade from libtpms version 0.8.0 to some previous version.
	19	The seeds are now associated with an age so that older seeds use the old
	20	TPM 2 prime number generation code while newer seed use the newer code.
bbd7b75d	21	- Update to TPM 2 code release 162
c762ca4a SB	22	- ECC encryption / decryption is disabled
	23	- Fix support for elliptic curve due to missing unmarshalling code
	24	- Runtime filter supported elliptic curves supported by OpenSSL
	25	- Fix output buffer parameter and size for RSA decryption that could cause
	26	stack corruption under certain circumstances
f66a719e SB	27	- Set the RSA PSS salt length to the digest length rather than max. possible
f66a719e SB	28	- Fixes to symmetric decryption related to input size check,
c762ca4a SB	29	defer padding to the user [EVP_CIPHER_CTX_set_padding(ctx, 0)] and
c762ca4a SB	30	to always use a temporary malloc'ed buffer for decryption
f66a719e SB	31	- Fixed the set of PCRs belonging to the TCB group. This affects the
	32	pcrUpdateCounter in TPM2_Pcrread() responses, thus needs latest `swtpm`
	33	for test cases to succeed there.
b19d7f6a	34
39b1301d SB	35	version 0.7.0
	36	- use OpenSSL crypto for AES, TDES, EC, and RSA operations when possible
	37
0b60a447 SB	38	version 0.6.0
	39	- added TPM 2 support (revision 150)
	40
	41	- New API calls:
	42	- TPMLIB_CancelCommand
	43	- TPMLIB_ChooseTPMVersion
	44	- TPMLIB_SetDebugFD
	45	- TPMLIB_SetDebugLevel
	46	- TPMLIB_SetDebugPrefix
	47	- TPMLIB_SetBufferSize
	48	- TPMLIB_ValidateState
	49	- TPMLIB_SetState
	50	- TPMLIB_GetState
	51
a0098eda CB	52	version 0.5.1
	53	first public release
	54
	55	- release 7 increased NVRAM area for being able to store more data in
	56	the TPM's NVRAM areas, i.e., X.509 certificates
	57
	58	- release 9 added two more APIs:
	59	- TPM_Free
	60	- TPMLIB_DecodeBlob