1.4.0
1.4.0 - 2020-08-24
-
Fix superflous error message when falling back from TPM2_EncryptDecrypt2 interface.
-
Support importing EC keys via tpm2_ptool import.
-
C_InitToken: Fix improper SRK handle of 0x81000000, it should be 0x81000001.
-
Fix a leak in in tpm.c of an EVP_PKEY object.
-
C_GenerateKeyPair: was not adding PSS signatures as supported by RSA objects, add it.
-
Fix PSS signatures. Non-FIPS mode TPMs produce PSS signatures with a
max salt len that poses interoperability issues with verifying clients,
notably TLS in OpenSSL. -
Fix Java PKCS11 Provider Signature Verification: #401
-
VerifyRecover support, known working with Public Key RSA objects and
mechanism CKM_RSA_PKCS. -
db: Modfiy search and create behavior. See
docs/INITIALIZING.md
for details. -
Fix printf(3) format specifier errors.
-
ci: increase CI coverage to: Fedora 30, Ubuntu 16.04, Ubuntu 18.04.
-
configure: check for Python version >= 3.7 and pass to Automake. No
need to set PYTHON_INTERPRETER anymore. -
Fix segfault/memory corruption bugs in C_Destroy().
-
Fix segfault when no user pin is provisioned.
-
Support C_SetAttributeValue.
-
Support for selectable backend using TPM2_PKCS11_BACKEND=esysdb being current version.
-
Support for backend fapi that uses the tss2-fapi keystore instead of an sqlite db.
- This is auto-detected based on tss2-fapi being installed at configure time, and can be controlled
via --enable/disable-fapi.
- This is auto-detected based on tss2-fapi being installed at configure time, and can be controlled
-
C_CreateObject: Support for CKO_DATA objects only with CKA_PRIVATE set to CK_TRUE. Token
defaults to CK_TRUE. -
Fix: src/lib/ssl_util.c:555:54: error: passing argument 3 of ‘EVP_PKEY_verify_recover’ from incompatible pointer type
-
Added tpm2_ptool link commandlet for linking existing tpm2 objects into a compatible token. For details see
this document.Supported tpm2 objects are:
- serialized TPM2B_PUBLIC and TPM2B_PRIVATE data structures, as produced by
tpm2_create -u and -r outputs
respectively. - PEM encoded keys produced by
tpm2tss-genkey
- serialized TPM2B_PUBLIC and TPM2B_PRIVATE data structures, as produced by