1.4.0

1.4.0 - 2020-08-24

• Fix superflous error message when falling back from TPM2_EncryptDecrypt2 interface.

• Support importing EC keys via tpm2_ptool import.

• C_InitToken: Fix improper SRK handle of 0x81000000, it should be 0x81000001.

• Fix a leak in in tpm.c of an EVP_PKEY object.

• C_GenerateKeyPair: was not adding PSS signatures as supported by RSA objects, add it.

• Fix PSS signatures. Non-FIPS mode TPMs produce PSS signatures with a
  max salt len that poses interoperability issues with verifying clients,
  notably TLS in OpenSSL.

• Fix Java PKCS11 Provider Signature Verification: #401

• VerifyRecover support, known working with Public Key RSA objects and
  mechanism CKM_RSA_PKCS.

• db: Modfiy search and create behavior. See
  docs/INITIALIZING.md
  for details.

• Fix printf(3) format specifier errors.

• ci: increase CI coverage to: Fedora 30, Ubuntu 16.04, Ubuntu 18.04.

• configure: check for Python version >= 3.7 and pass to Automake. No
  need to set PYTHON_INTERPRETER anymore.

• Fix segfault/memory corruption bugs in C_Destroy().

• Fix segfault when no user pin is provisioned.

• Support C_SetAttributeValue.

• Support for selectable backend using TPM2_PKCS11_BACKEND=esysdb being current version.

• Support for backend fapi that uses the tss2-fapi keystore instead of an sqlite db.

  • This is auto-detected based on tss2-fapi being installed at configure time, and can be controlled
    via --enable/disable-fapi.

• C_CreateObject: Support for CKO_DATA objects only with CKA_PRIVATE set to CK_TRUE. Token
  defaults to CK_TRUE.

• Fix: src/lib/ssl_util.c:555:54: error: passing argument 3 of ‘EVP_PKEY_verify_recover’ from incompatible pointer type

• Added tpm2_ptool link commandlet for linking existing tpm2 objects into a compatible token. For details see
  this document.

  Supported tpm2 objects are:

  • serialized TPM2B_PUBLIC and TPM2B_PRIVATE data structures, as produced by
    tpm2_create -u and -r outputs
    respectively.
  • PEM encoded keys produced by
    tpm2tss-genkey