VirtualBox

source: vbox/trunk/src/libs/libtpms-0.9.6/CHANGES

Last change on this file was 98878, checked in by vboxsync, 21 months ago

libs/libtpms-0.9.6: Applied and adjusted our libtpms changes to 0.9.6, bugref:10378

File size: 3.9 KB
Line 
1CHANGES - changes for libtpms
2
3version 0.9.6:
4 - tpm2: Check size of buffer before accessing it (CVE-2023-1017 & -1018)
5
6version 0.9.5:
7 - tpm2: Do not set RSA_FLAG_NO_BLINDING on RSA keys anymore
8 - tpm2: Fix a potential overflow expression (coverity)
9 - tpm2: Fix size check in CryptSecretDecrypt
10
11version 0.9.4:
12 - tpm: #undef printf in case it is #define'd (OSS-Fuzz)
13 - tpm2: Check return code of BN_div()
14 - tpm2: Initialize variables due to gcc complaint (s390x, false positive)
15 - tpm12: Initialize variables due to gcc complaint (s390x, false positive)
16 - build-sys: Fix configure script to support _FORTIFY_SOURCE=3
17
18version 0.9.3:
19 - build-sys: Add probing for -fstack-protector
20 - tpm2: Do not call EVP_PKEY_CTX_set0_rsa_oaep_label() for label of size
21 (OSSL 3)
22
23version 0.9.2:
24 - tpm2: When writing state initialize s_ContextSlotMask if not set
25
26version 0.9.1:
27 - tpm2: Do not write permanent state if only clock changed
28 - tpm2: Fix "maybe-uninitialized" warning
29
30version 0.9.0:
31 - NOTE: Downgrade to previous versions is not possible. See below.
32 - The size of the context gap has been adjusted to 0xffff from 0xff.
33 As a consequence of this the volatile state's format (STATE_RESET_DATA)
34 has changed and cannot be downgraded.
35 - Applied work-around for Win 2016 & 2019 server related to
36 TPM2_ContextLoad (issue #217)
37 - Check for several more compile-time constants
38 - Enabled Camellia symmetric key encryption algorithm
39 - tpm2: CryptSym: fix AES output IV
40 - tpm2: Added a cache for private exponent D and prime Q
41 - tpm2: bug fixes related to state marshalling
42 - tpm2: Consume padding bytes in TPM2_ContextLoad() (Win2k19, issue #217)
43 - tests: Improvements on the fuzzer
44 - tpm2: Switch to UINT16 for CONTEXT_SLOT and 64k context gap
45 - tpm2: Update to TPM 2 spec rev 164
46 - build-sys: Enable building --without-tpm1
47 - tpm2: Marshal event sequence objects' hash state
48 - tpm2: Fixes for build and runtime when using OpenSSL 3.0
49
50version 0.8.0
51 - NOTE: Downgrade to previous versions is not possible. See below.
52 - Update to TPM 2 code release 159
53 - X509 support is enabled
54 - SM2 signing of ceritificates is NOT supported
55 - Authenticated timers are disabled
56 - Due to fixes in the TPM 2 prime number generation code in rev155 it is not
57 possible to downgrade from libtpms version 0.8.0 to some previous version.
58 The seeds are now associated with an age so that older seeds use the old
59 TPM 2 prime number generation code while newer seed use the newer code.
60 - Update to TPM 2 code release 162
61 - ECC encryption / decryption is disabled
62 - Fix support for elliptic curve due to missing unmarshalling code
63 - Runtime filter supported elliptic curves supported by OpenSSL
64 - Fix output buffer parameter and size for RSA decryption that could cause
65 stack corruption under certain circumstances
66 - Set the RSA PSS salt length to the digest length rather than max. possible
67 - Fixes to symmetric decryption related to input size check,
68 defer padding to the user [EVP_CIPHER_CTX_set_padding(ctx, 0)] and
69 to always use a temporary malloc'ed buffer for decryption
70 - Fixed the set of PCRs belonging to the TCB group. This affects the
71 pcrUpdateCounter in TPM2_Pcrread() responses, thus needs latest `swtpm`
72 for test cases to succeed there.
73
74version 0.7.0
75 - use OpenSSL crypto for AES, TDES, EC, and RSA operations when possible
76
77version 0.6.0
78 - added TPM 2 support (revision 150)
79
80 - New API calls:
81 - TPMLIB_CancelCommand
82 - TPMLIB_ChooseTPMVersion
83 - TPMLIB_SetDebugFD
84 - TPMLIB_SetDebugLevel
85 - TPMLIB_SetDebugPrefix
86 - TPMLIB_SetBufferSize
87 - TPMLIB_ValidateState
88 - TPMLIB_SetState
89 - TPMLIB_GetState
90
91version 0.5.1
92 first public release
93
94 - release 7 increased NVRAM area for being able to store more data in
95 the TPM's NVRAM areas, i.e., X.509 certificates
96
97 - release 9 added two more APIs:
98 - TPM_Free
99 - TPMLIB_DecodeBlob
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette