| 1 | CHANGES - changes for libtpms
|
|---|
| 2 |
|
|---|
| 3 | version 0.10.0:
|
|---|
| 4 | - tpm2: Support for profiles: default-v1 & custom
|
|---|
| 5 | - tpm2: Add new API call TPMLIB_SetProfile to enable user to set a profile
|
|---|
| 6 | - tpm2: Extende TPMLIB_GetInfo to return profiles-related info
|
|---|
| 7 | - tpm2: Implemented crypto tests and restrictions on crypto related to
|
|---|
| 8 | FIPS-140-3; can be enabled with profiles
|
|---|
| 9 | - tpm2: Enable Camellia-192 and AES-192
|
|---|
| 10 | - tpm2: Implement TPMLIB_WasManufactured API call
|
|---|
| 11 | - tpm2: Fixes for issues detected by static analyzers
|
|---|
| 12 | - tpm2: Use OpenSSL-based KDFe implementation if possible
|
|---|
| 13 | - tpm2: Update to TPM 2 spec rev 183 (many changes)
|
|---|
| 14 | - tpm2: Better support for OpenSSL 3.x
|
|---|
| 15 | - tpm2: Use Carmichael function for RSA priv. exponent D (>= 2048 bits)
|
|---|
| 16 | - tpm2: Fixes for CVE-2023-1017 and CVE-2023-1018
|
|---|
| 17 | - tpm2: Fix of SignedCompareB().
|
|---|
| 18 | NOTE: This fix *may* result in backwards compatibility issues with
|
|---|
| 19 | PCR policies used by TPM2_PolicyCounterTimer and TPM2_PolicyNV
|
|---|
| 20 | when upgrading from v0.9 to v0.10.
|
|---|
| 21 | https://github.com/stefanberger/libtpms/pull/367#issuecomment-1498353831
|
|---|
| 22 |
|
|---|
| 23 | version 0.9.0:
|
|---|
| 24 | - NOTE: Downgrade to previous versions is not possible. See below.
|
|---|
| 25 | - The size of the context gap has been adjusted to 0xffff from 0xff.
|
|---|
| 26 | As a consequence of this the volatile state's format (STATE_RESET_DATA)
|
|---|
| 27 | has changed and cannot be downgraded.
|
|---|
| 28 | - Applied work-around for Win 2016 & 2019 server related to
|
|---|
| 29 | TPM2_ContextLoad (issue #217)
|
|---|
| 30 | - Check for several more compile-time constants
|
|---|
| 31 | - Enabled Camellia symmetric key encryption algorithm
|
|---|
| 32 | - tpm2: CryptSym: fix AES output IV
|
|---|
| 33 | - tpm2: Added a cache for private exponent D and prime Q
|
|---|
| 34 | - tpm2: bug fixes related to state marshalling
|
|---|
| 35 | - tpm2: Consume padding bytes in TPM2_ContextLoad() (Win2k19, issue #217)
|
|---|
| 36 | - tests: Improvements on the fuzzer
|
|---|
| 37 | - tpm2: Switch to UINT16 for CONTEXT_SLOT and 64k context gap
|
|---|
| 38 | - tpm2: Update to TPM 2 spec rev 164
|
|---|
| 39 | - build-sys: Enable building --without-tpm1
|
|---|
| 40 | - tpm2: Marshal event sequence objects' hash state
|
|---|
| 41 | - tpm2: Fixes for build and runtime when using OpenSSL 3.0
|
|---|
| 42 |
|
|---|
| 43 | version 0.8.0
|
|---|
| 44 | - NOTE: Downgrade to previous versions is not possible. See below.
|
|---|
| 45 | - Update to TPM 2 code release 159
|
|---|
| 46 | - X509 support is enabled
|
|---|
| 47 | - SM2 signing of ceritificates is NOT supported
|
|---|
| 48 | - Authenticated timers are disabled
|
|---|
| 49 | - Due to fixes in the TPM 2 prime number generation code in rev155 it is not
|
|---|
| 50 | possible to downgrade from libtpms version 0.8.0 to some previous version.
|
|---|
| 51 | The seeds are now associated with an age so that older seeds use the old
|
|---|
| 52 | TPM 2 prime number generation code while newer seed use the newer code.
|
|---|
| 53 | - Update to TPM 2 code release 162
|
|---|
| 54 | - ECC encryption / decryption is disabled
|
|---|
| 55 | - Fix support for elliptic curve due to missing unmarshalling code
|
|---|
| 56 | - Runtime filter supported elliptic curves supported by OpenSSL
|
|---|
| 57 | - Fix output buffer parameter and size for RSA decryption that could cause
|
|---|
| 58 | stack corruption under certain circumstances
|
|---|
| 59 | - Set the RSA PSS salt length to the digest length rather than max. possible
|
|---|
| 60 | - Fixes to symmetric decryption related to input size check,
|
|---|
| 61 | defer padding to the user [EVP_CIPHER_CTX_set_padding(ctx, 0)] and
|
|---|
| 62 | to always use a temporary malloc'ed buffer for decryption
|
|---|
| 63 | - Fixed the set of PCRs belonging to the TCB group. This affects the
|
|---|
| 64 | pcrUpdateCounter in TPM2_Pcrread() responses, thus needs latest `swtpm`
|
|---|
| 65 | for test cases to succeed there.
|
|---|
| 66 |
|
|---|
| 67 | version 0.7.0
|
|---|
| 68 | - use OpenSSL crypto for AES, TDES, EC, and RSA operations when possible
|
|---|
| 69 |
|
|---|
| 70 | version 0.6.0
|
|---|
| 71 | - added TPM 2 support (revision 150)
|
|---|
| 72 |
|
|---|
| 73 | - New API calls:
|
|---|
| 74 | - TPMLIB_CancelCommand
|
|---|
| 75 | - TPMLIB_ChooseTPMVersion
|
|---|
| 76 | - TPMLIB_SetDebugFD
|
|---|
| 77 | - TPMLIB_SetDebugLevel
|
|---|
| 78 | - TPMLIB_SetDebugPrefix
|
|---|
| 79 | - TPMLIB_SetBufferSize
|
|---|
| 80 | - TPMLIB_ValidateState
|
|---|
| 81 | - TPMLIB_SetState
|
|---|
| 82 | - TPMLIB_GetState
|
|---|
| 83 |
|
|---|
| 84 | version 0.5.1
|
|---|
| 85 | first public release
|
|---|
| 86 |
|
|---|
| 87 | - release 7 increased NVRAM area for being able to store more data in
|
|---|
| 88 | the TPM's NVRAM areas, i.e., X.509 certificates
|
|---|
| 89 |
|
|---|
| 90 | - release 9 added two more APIs:
|
|---|
| 91 | - TPM_Free
|
|---|
| 92 | - TPMLIB_DecodeBlob
|
|---|
