Releases: stefanberger/libtpms
Releases · stefanberger/libtpms
Release of v0.10.0
version 0.10.0:
- tpm2: Support for profiles: default-v1 & custom
- tpm2: Add new API call TPMLIB_SetProfile to enable user to set a profile
- tpm2: Extende TPMLIB_GetInfo to return profiles-related info
- tpm2: Implemented crypto tests and restrictions on crypto related to
FIPS-140-3; can be enabled with profiles - tpm2: Enable Camellia-192 and AES-192
- tpm2: Implement TPMLIB_WasManufactured API call
- tpm2: Fixes for issues detected by static analyzers
- tpm2: Use OpenSSL-based KDFe implementation if possible
- tpm2: Update to TPM 2 spec rev 183 (many changes)
- tpm2: Better support for OpenSSL 3.x
- tpm2: Use Carmichael function for RSA priv. exponent D (>= 2048 bits)
- tpm2: Fixes for CVE-2023-1017 and CVE-2023-1018
- tpm2: Fix of SignedCompareB().
NOTE: This fix may result in backwards compatibility issues with
PCR policies used by TPM2_PolicyCounterTimer and TPM2_PolicyNV
when upgrading from v0.9 to v0.10.
#367 (comment)
Full Changelog: v0.9.0...v0.10.0
Release of v0.9.6
version 0.9.6:
- tpm2: Check size of buffer before accessing it (CVE-2023-1017 & CVE-2023-1018)
Release of v0.8.9
version 0.8.9:
- tpm2: Check size of buffer before accessing it (CVE-2023-1017 & CVE-2023-1018)
Release of v0.7.11
version 0.7.11:
- tpm2: Do not set RSA_FLAG_NO_BLINDING on RSA keys anymore
- tpm2: Fix a potential overflow expression (coverity)
- tpm2: Fix size check in CryptSecretDecrypt
- tpm2: Check return code of BN_div()
- tpm2: Do not write permanent state if only clock changed
Release of v0.8.8
version 0.8.8:
- tpm2: Do not set RSA_FLAG_NO_BLINDING on RSA keys anymore
- tpm2: Fix a potential overflow expression (coverity)
- tpm2: Fix size check in CryptSecretDecrypt
- tpm2: Check return code of BN_div()
- tpm2: Do not call EVP_PKEY_CTX_set0_rsa_oaep_label() for label of size 0 (OSS
- tpm2: Do not write permanent state if only clock changed
- build-sys: Add probing for -fstack-protector
Release of v0.9.5
version 0.9.5:
- tpm2: Do not set RSA_FLAG_NO_BLINDING on RSA keys anymore
- tpm2: Fix a potential overflow expression (coverity)
- tpm2: Fix size check in CryptSecretDecrypt
Release of v0.9.4
version 0.9.4:
- tpm: #undef printf in case it is #define'd (OSS-Fuzz)
- tpm2: Check return code of BN_div()
- tpm2: Initialize variables due to gcc complaint (s390x, false positive)
- tpm12: Initialize variables due to gcc complaint (s390x, false positive)
- build-sys: Fix configure script to support _FORTIFY_SOURCE=3
Release of v0.9.3
version 0.9.3:
- build-sys: Add probing for -fstack-protector
- tpm2: Do not call EVP_PKEY_CTX_set0_rsa_oaep_label() for label of size
(OSSL 3)
Release of v0.9.2
Version 0.9.2:
- tpm2: When writing state initialize s_ContextSlotMask if not set
Release of v0.9.1
version 0.9.1:
- tpm2: Do not write permanent state if only clock changed
- tpm2: Fix "maybe-uninitialized" warning