diff options
Diffstat (limited to 'CHANGES')
| -rw-r--r-- | CHANGES | 79 |
1 files changed, 79 insertions, 0 deletions
@@ -0,0 +1,79 @@ +CHANGES - changes for libtpms + +version 0.9.2: + - tpm2: When writing state initialize s_ContextSlotMask if not set + +version 0.9.1: + - tpm2: Do not write permanent state if only clock changed + - tpm2: Fix "maybe-uninitialized" warning + +version 0.9.0: + - NOTE: Downgrade to previous versions is not possible. See below. + - The size of the context gap has been adjusted to 0xffff from 0xff. + As a consequence of this the volatile state's format (STATE_RESET_DATA) + has changed and cannot be downgraded. + - Applied work-around for Win 2016 & 2019 server related to + TPM2_ContextLoad (issue #217) + - Check for several more compile-time constants + - Enabled Camellia symmetric key encryption algorithm + - tpm2: CryptSym: fix AES output IV + - tpm2: Added a cache for private exponent D and prime Q + - tpm2: bug fixes related to state marshalling + - tpm2: Consume padding bytes in TPM2_ContextLoad() (Win2k19, issue #217) + - tests: Improvements on the fuzzer + - tpm2: Switch to UINT16 for CONTEXT_SLOT and 64k context gap + - tpm2: Update to TPM 2 spec rev 164 + - build-sys: Enable building --without-tpm1 + - tpm2: Marshal event sequence objects' hash state + - tpm2: Fixes for build and runtime when using OpenSSL 3.0 + +version 0.8.0 + - NOTE: Downgrade to previous versions is not possible. See below. + - Update to TPM 2 code release 159 + - X509 support is enabled + - SM2 signing of ceritificates is NOT supported + - Authenticated timers are disabled + - Due to fixes in the TPM 2 prime number generation code in rev155 it is not + possible to downgrade from libtpms version 0.8.0 to some previous version. + The seeds are now associated with an age so that older seeds use the old + TPM 2 prime number generation code while newer seed use the newer code. + - Update to TPM 2 code release 162 + - ECC encryption / decryption is disabled + - Fix support for elliptic curve due to missing unmarshalling code + - Runtime filter supported elliptic curves supported by OpenSSL + - Fix output buffer parameter and size for RSA decryption that could cause + stack corruption under certain circumstances + - Set the RSA PSS salt length to the digest length rather than max. possible + - Fixes to symmetric decryption related to input size check, + defer padding to the user [EVP_CIPHER_CTX_set_padding(ctx, 0)] and + to always use a temporary malloc'ed buffer for decryption + - Fixed the set of PCRs belonging to the TCB group. This affects the + pcrUpdateCounter in TPM2_Pcrread() responses, thus needs latest `swtpm` + for test cases to succeed there. + +version 0.7.0 + - use OpenSSL crypto for AES, TDES, EC, and RSA operations when possible + +version 0.6.0 + - added TPM 2 support (revision 150) + + - New API calls: + - TPMLIB_CancelCommand + - TPMLIB_ChooseTPMVersion + - TPMLIB_SetDebugFD + - TPMLIB_SetDebugLevel + - TPMLIB_SetDebugPrefix + - TPMLIB_SetBufferSize + - TPMLIB_ValidateState + - TPMLIB_SetState + - TPMLIB_GetState + +version 0.5.1 + first public release + + - release 7 increased NVRAM area for being able to store more data in + the TPM's NVRAM areas, i.e., X.509 certificates + + - release 9 added two more APIs: + - TPM_Free + - TPMLIB_DecodeBlob |