File: CHANGES

package info (click to toggle)
libtpms 0.10.2-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 13,208 kB
  • sloc: ansic: 120,341; makefile: 829; sh: 336; cpp: 125
file content (105 lines) | stat: -rw-r--r-- 4,697 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
 
CHANGES - changes for libtpms

version 0.10.2:
  - tpm2: Fix memory leak by freeing KDF context
  - tpm2: Fix retrieval of updated IV when using OpenSSL >= 3.0 (CVE-2026-21444)

version 0.10.1:
  - tpm2: Fix potential out-of-bound access & abort due to HMAC signing issue (CVE-2025-49133)
  - tpm2: fix build for LibreSSL 4.1.0
  - tpm2: In CheckLockedOut replace TPM_RC_RETRY with TPM_RC_SUCCESS
  - tpm2: Fix bugs in RuntimeProfileDedupStrItems
  - tpm2 + test: Make it compilable on Debian GNU Hurd
  - tpm2: Add asserts to silence compiler warning due to -Wstringop-overflow=
  - tpm2: Add padding to OBJECT for 32bit targets

version 0.10.0:
  - tpm2: Support for profiles: default-v1 & custom
  - tpm2: Add new API call TPMLIB_SetProfile to enable user to set a profile
  - tpm2: Extende TPMLIB_GetInfo to return profiles-related info
  - tpm2: Implemented crypto tests and restrictions on crypto related to
          FIPS-140-3; can be enabled with profiles
  - tpm2: Enable Camellia-192 and AES-192
  - tpm2: Implement TPMLIB_WasManufactured API call
  - tpm2: Fixes for issues detected by static analyzers
  - tpm2: Use OpenSSL-based KDFe implementation if possible
  - tpm2: Update to TPM 2 spec rev 183 (many changes)
  - tpm2: Better support for OpenSSL 3.x
  - tpm2: Use Carmichael function for RSA priv. exponent D (>= 2048 bits)
  - tpm2: Fixes for CVE-2023-1017 and CVE-2023-1018
  - tpm2: Fix of SignedCompareB().
    NOTE: This fix *may* result in backwards compatibility issues with
          PCR policies used by TPM2_PolicyCounterTimer and TPM2_PolicyNV
          when upgrading from v0.9 to v0.10.
          https://github.com/stefanberger/libtpms/pull/367#issuecomment-1498353831

version 0.9.0:
  - NOTE: Downgrade to previous versions is not possible. See below.
  - The size of the context gap has been adjusted to 0xffff from 0xff.
    As a consequence of this the volatile state's format (STATE_RESET_DATA)
    has changed and cannot be downgraded.
  - Applied work-around for Win 2016 & 2019 server related to
    TPM2_ContextLoad (issue #217)
  - Check for several more compile-time constants
  - Enabled Camellia symmetric key encryption algorithm
  - tpm2: CryptSym: fix AES output IV
  - tpm2: Added a cache for private exponent D and prime Q
  - tpm2: bug fixes related to state marshalling
  - tpm2: Consume padding bytes in TPM2_ContextLoad() (Win2k19, issue #217)
  - tests: Improvements on the fuzzer
  - tpm2: Switch to UINT16 for CONTEXT_SLOT and 64k context gap
  - tpm2: Update to TPM 2 spec rev 164
  - build-sys: Enable building --without-tpm1
  - tpm2: Marshal event sequence objects' hash state
  - tpm2: Fixes for build and runtime when using OpenSSL 3.0

version 0.8.0
  - NOTE: Downgrade to previous versions is not possible. See below.
  - Update to TPM 2 code release 159
    - X509 support is enabled
      - SM2 signing of ceritificates is NOT supported
    - Authenticated timers are disabled
  - Due to fixes in the TPM 2 prime number generation code in rev155 it is not
    possible to downgrade from libtpms version 0.8.0 to some previous version.
    The seeds are now associated with an age so that older seeds use the old
    TPM 2 prime number generation code while newer seed use the newer code.
  - Update to TPM 2 code release 162
    - ECC encryption / decryption is disabled
  - Fix support for elliptic curve due to missing unmarshalling code
  - Runtime filter supported elliptic curves supported by OpenSSL
  - Fix output buffer parameter and size for RSA decryption that could cause
    stack corruption under certain circumstances
  - Set the RSA PSS salt length to the digest length rather than max. possible
  - Fixes to symmetric decryption related to input size check,
    defer padding to the user [EVP_CIPHER_CTX_set_padding(ctx, 0)] and
    to always use a temporary malloc'ed buffer for decryption
  - Fixed the set of PCRs belonging to the TCB group. This affects the
    pcrUpdateCounter in TPM2_Pcrread() responses, thus needs latest `swtpm`
    for test cases to succeed there.

version 0.7.0
  - use OpenSSL crypto for AES, TDES, EC, and RSA operations when possible

version 0.6.0
  - added TPM 2 support (revision 150)

  - New API calls:
    - TPMLIB_CancelCommand
    - TPMLIB_ChooseTPMVersion
    - TPMLIB_SetDebugFD
    - TPMLIB_SetDebugLevel
    - TPMLIB_SetDebugPrefix
    - TPMLIB_SetBufferSize
    - TPMLIB_ValidateState
    - TPMLIB_SetState
    - TPMLIB_GetState

version 0.5.1
  first public release

  - release 7 increased NVRAM area for being able to store more data in
    the TPM's NVRAM areas, i.e., X.509 certificates

  - release 9 added two more APIs:
    - TPM_Free
    - TPMLIB_DecodeBlob