- Support changes in tpm2-tss-engine using TPM2_RH_OWNER instead of 0.
- Since upstream commit tpm2-software/tpm2-tss-engine@06f57a3.
- C_Decrypt: Fix CKM_RSA_PKCS11 scheme not removing PKCS v1.5 block padding from returned plaintext.
- C_Digest/C_DigestFinal: Fix Section 5.2 style returns.
- C_OpenSession: fix valid session handles starting at 0, 0 is invalid per the spec.
- C_OpenSession: fix handle issuance bug where handles could be exhausted at out of bounds.
- Support swtpm in testing infrastructure.
- Fix C_Encrypt/C_Decrypt interface not setting size when output buffer in NULL.
- Fix warning ../configure: line 14383: ]: command not found
- Fix CKM_RSA_PKCS_PSS mechanism.
- C_GetMechanismList: Fix index 0 of the returned list being invalid.
- C_GetMechanismInfo: Fix errors like ERROR: Unknown mechanism, got: 0xd.
- Docs: use full paths from project root to help fix 404 errors.
- tpm2_ptool init to attempt to persistent created primary object at 0x81000001 and fallback to first available address on failure.
-
Fix superflous error message when falling back from TPM2_EncryptDecrypt2 interface.
-
Support importing EC keys via tpm2_ptool import.
-
C_InitToken: Fix improper SRK handle of 0x81000000, it should be 0x81000001.
-
Fix a leak in in tpm.c of an EVP_PKEY object.
-
C_GenerateKeyPair: was not adding PSS signatures as supported by RSA objects, add it.
-
Fix PSS signatures. Non-FIPS mode TPMs produce PSS signatures with a max salt len that poses interoperability issues with verifying clients, notably TLS in OpenSSL.
-
Fix Java PKCS11 Provider Signature Verification: #401
-
VerifyRecover support, known working with Public Key RSA objects and mechanism CKM_RSA_PKCS.
-
db: Modfiy search and create behavior. See docs/INITIALIZING.md for details.
-
Fix printf(3) format specifier errors.
-
ci: increase CI coverage to: Fedora 30, Ubuntu 16.04, Ubuntu 18.04.
-
configure: check for Python version >= 3.7 and pass to Automake. No need to set PYTHON_INTERPRETER anymore.
-
Fix segfault/memory corruption bugs in C_Destroy().
-
Fix segfault when no user pin is provisioned.
-
Support C_SetAttributeValue.
-
Support for selectable backend using TPM2_PKCS11_BACKEND=esysdb being current version.
-
Support for backend fapi that uses the tss2-fapi keystore instead of an sqlite db.
- This is auto-detected based on tss2-fapi being installed at configure time, and can be controlled via --enable/disable-fapi.
-
C_CreateObject: Support for CKO_DATA objects only with CKA_PRIVATE set to CK_TRUE. Token defaults to CK_TRUE.
-
Fix: src/lib/ssl_util.c:555:54: error: passing argument 3 of ‘EVP_PKEY_verify_recover’ from incompatible pointer type
-
Added tpm2_ptool link commandlet for linking existing tpm2 objects into a compatible token. For details see this document.
Supported tpm2 objects are:
- serialized TPM2B_PUBLIC and TPM2B_PRIVATE data structures, as produced by tpm2_create -u and -r outputs respectively.
- PEM encoded keys produced by tpm2tss-genkey
- Fix C_InitToken, ensure no embedded nul byte.
- Fix free of mutex being held in C_InitToken failures: #573
- Fix C_Login CKU_USER login attempt before pin is setup: #563
- Fix C_InitToken double init issues #577
- Fix double free.
- C_CreateObject: Support for CKO_DATA objects only with CKA_PRIVATE set to CK_TRUE. Token defaults to CK_TRUE.
- Fix Tests against simulator that support RSA 3072 keys
- Fix PSS signatures. Non-FIPS mode TPMs produce PSS signatures with a max salt len that poses interoperability issues with verifying clients, notably TLS in OpenSSL.
- Handle Esys_LoadExternal() API change where the hierarchy handle switches to an ESYS_TR rather than a TPM2_RH_.
- test/pkcs-get-mechanism: allow a maximum key size of 3072 bits.
- DB Schema Change from 1 to 3.
- Backup your DB before upgrading
- Support C_InitToken interface.
- Add Java PKCS11 Keystore support for RSA/ECB/RSAPKCS1.5 via public encrypt and private decrypt.
- Decouple handles from db primary keys. Key handles are no longer stable between runs.
- tpm2_ptool objmod:
- Support adding an attribute.
- Fix bug in variable name vtype over type.
- C_Sign: support mechanism CKM_RSA_X_509.
- C_GetTokenInfo: add missing mechanism CKM_SHA512_RSA_PKCS.
- Fix store search logic to fail when TPM2_PKCS11_STORE cannot be accessed.
- Fix potential double free in token_free() logic.
- Fix -Werror=format-truncation with GCC >= 7 #415
- Fix unitialized variable warnings #416
- test: use release tarball vs source code.
- build: clean leftover file in make clean.
- release: add missing tests to tarball no matter configure options.
- test: fix invalid flags on CKM_SHA512_RSA_PKCS causing test failures.
- Switch OASIS pkcs11 headers to FSF Unlimited License Headers.
- test/pkcs-get-mechanism: allow a maximum key size of 3072 bits.
- Fix build issue about unused variable config. Notably fixes gcc10 builds.
- stop linking against libdl
- add missing test integration scripts to dist tarball.
- Initial Release