[libtpms.git] / CHANGES

CHANGES - changes for libtpms

version 0.9.0:
  - NOTE: Downgrade to previous versions is not possible. See below.
  - The size of the context gap has been adjusted to 0xffff from 0xff.
    As a consequence of this the volatile state's format (STATE_RESET_DATA)
    has changed and cannot be downgraded.
  - Applied work-around for Win 2016 & 2019 server related to
    TPM2_ContextLoad (issue #217)
  - Check for several more compile-time constants

version 0.8.0
  - NOTE: Downgrade to previous versions is not possible. See below.
  - Update to TPM 2 code release 159
    - X509 support is enabled
      - SM2 signing of ceritificates is NOT supported
    - Authenticated timers are disabled
  - Due to fixes in the TPM 2 prime number generation code in rev155 it is not
    possible to downgrade from libtpms version 0.8.0 to some previous version.
    The seeds are now associated with an age so that older seeds use the old
    TPM 2 prime number generation code while newer seed use the newer code.
  - Update to TPM 2 code release 162
    - ECC encryption / decryption is disabled
  - Fix support for elliptic curve due to missing unmarshalling code
  - Runtime filter supported elliptic curves supported by OpenSSL
  - Fix output buffer parameter and size for RSA decryption that could cause
    stack corruption under certain circumstances
  - Set the RSA PSS salt length to the digest length rather than max. possible
  - Fixes to symmetric decryption related to input size check,
    defer padding to the user [EVP_CIPHER_CTX_set_padding(ctx, 0)] and
    to always use a temporary malloc'ed buffer for decryption
  - Fixed the set of PCRs belonging to the TCB group. This affects the
    pcrUpdateCounter in TPM2_Pcrread() responses, thus needs latest `swtpm`
    for test cases to succeed there.

version 0.7.0
  - use OpenSSL crypto for AES, TDES, EC, and RSA operations when possible

version 0.6.0
  - added TPM 2 support (revision 150)

  - New API calls:
    - TPMLIB_CancelCommand
    - TPMLIB_ChooseTPMVersion
    - TPMLIB_SetDebugFD
    - TPMLIB_SetDebugLevel
    - TPMLIB_SetDebugPrefix
    - TPMLIB_SetBufferSize
    - TPMLIB_ValidateState
    - TPMLIB_SetState
    - TPMLIB_GetState

version 0.5.1
  first public release

  - release 7 increased NVRAM area for being able to store more data in
    the TPM's NVRAM areas, i.e., X.509 certificates

  - release 9 added two more APIs:
    - TPM_Free
    - TPMLIB_DecodeBlob
Commit	Line	Data
a0098eda CB	1	CHANGES - changes for libtpms
a0098eda CB	2
db1fd594 SB	3	version 0.9.0:
	4	- NOTE: Downgrade to previous versions is not possible. See below.
	5	- The size of the context gap has been adjusted to 0xffff from 0xff.
	6	As a consequence of this the volatile state's format (STATE_RESET_DATA)
	7	has changed and cannot be downgraded.
be5fabf1 SB	8	- Applied work-around for Win 2016 & 2019 server related to
be5fabf1 SB	9	TPM2_ContextLoad (issue #217)
5e97c2e7	10	- Check for several more compile-time constants
db1fd594	11
b19d7f6a	12	version 0.8.0
c762ca4a SB	13	- NOTE: Downgrade to previous versions is not possible. See below.
c762ca4a SB	14	- Update to TPM 2 code release 159
b19d7f6a SB	15	- X509 support is enabled
	16	- SM2 signing of ceritificates is NOT supported
	17	- Authenticated timers are disabled
	18	- Due to fixes in the TPM 2 prime number generation code in rev155 it is not
	19	possible to downgrade from libtpms version 0.8.0 to some previous version.
	20	The seeds are now associated with an age so that older seeds use the old
	21	TPM 2 prime number generation code while newer seed use the newer code.
bbd7b75d	22	- Update to TPM 2 code release 162
c762ca4a SB	23	- ECC encryption / decryption is disabled
	24	- Fix support for elliptic curve due to missing unmarshalling code
	25	- Runtime filter supported elliptic curves supported by OpenSSL
	26	- Fix output buffer parameter and size for RSA decryption that could cause
	27	stack corruption under certain circumstances
f66a719e SB	28	- Set the RSA PSS salt length to the digest length rather than max. possible
f66a719e SB	29	- Fixes to symmetric decryption related to input size check,
c762ca4a SB	30	defer padding to the user [EVP_CIPHER_CTX_set_padding(ctx, 0)] and
c762ca4a SB	31	to always use a temporary malloc'ed buffer for decryption
f66a719e SB	32	- Fixed the set of PCRs belonging to the TCB group. This affects the
	33	pcrUpdateCounter in TPM2_Pcrread() responses, thus needs latest `swtpm`
	34	for test cases to succeed there.
b19d7f6a	35
39b1301d SB	36	version 0.7.0
	37	- use OpenSSL crypto for AES, TDES, EC, and RSA operations when possible
	38
0b60a447 SB	39	version 0.6.0
	40	- added TPM 2 support (revision 150)
	41
	42	- New API calls:
	43	- TPMLIB_CancelCommand
	44	- TPMLIB_ChooseTPMVersion
	45	- TPMLIB_SetDebugFD
	46	- TPMLIB_SetDebugLevel
	47	- TPMLIB_SetDebugPrefix
	48	- TPMLIB_SetBufferSize
	49	- TPMLIB_ValidateState
	50	- TPMLIB_SetState
	51	- TPMLIB_GetState
	52
a0098eda CB	53	version 0.5.1
	54	first public release
	55
	56	- release 7 increased NVRAM area for being able to store more data in
	57	the TPM's NVRAM areas, i.e., X.509 certificates
	58
	59	- release 9 added two more APIs:
	60	- TPM_Free
	61	- TPMLIB_DecodeBlob