libtpms v0.8.0 and v0.7.5 released
8 views
Skip to first unread message
Stefan Berger
Feb 24, 2021, 4:38:35 PM2/24/21
to libtpms-...@googlegroups.com
Hi!
I just released libtpms v0.8.0 and v0.7.5 last week. Upgrading from
0.7.x to 0.8 is possible but downgrading is *not* possible.
version 0.8.0
- NOTE: Downgrade to previous versions is not possible. See below.
- Update to TPM 2 code release 159
- X509 support is enabled
- SM2 signing of ceritificates is NOT supported
- Authenticated timers are disabled
- Due to fixes in the TPM 2 prime number generation code in rev155 it
is not
possible to downgrade from libtpms version 0.8.0 to some previous
version.
The seeds are now associated with an age so that older seeds use
the old
TPM 2 prime number generation code while newer seed use the newer code.
- Update to TPM 2 code relase 162
- ECC encryption / decryption is disabled
- Fix support for elliptic curve due to missing unmarshalling code
- Runtime filter supported elliptic curves supported by OpenSSL
- Fix output buffer parameter and size for RSA decryption that could
cause
stack corruption under certain circumstances
- Set the RSA PSS salt length to the digest length rather than max.
possible
- Fixes to symmetric decryption related to input size check,
defer padding to the user [EVP_CIPHER_CTX_set_padding(ctx, 0)] and
to always use a temporary malloc'ed buffer for decryption
- Fixed the set of PCRs belonging to the TCB group. This affects the
pcrUpdateCounter in TPM2_Pcrread() responses, thus needs latest `swtpm`
for test cases to succeed there.
version 0.7.5
- Note: The TPM 2 implementation returns 2048 bit keys with ~1984 bit
strength due to a bug in the TPM 2 key creation algo that cannot
easily be fixed. The bug is in RsaAjustPrimeCandidate, which is
called before the prime number check.
- tpm2: Return properly sized array for b parameter for NIST P521 (HLK)
- tpm2: Addressed issues detected by UBSAN
- tpm2: Addressed issues detected by cppcheck (false positives)
Regards,
Stefan
I just released libtpms v0.8.0 and v0.7.5 last week. Upgrading from
0.7.x to 0.8 is possible but downgrading is *not* possible.
version 0.8.0
- NOTE: Downgrade to previous versions is not possible. See below.
- Update to TPM 2 code release 159
- X509 support is enabled
- SM2 signing of ceritificates is NOT supported
- Authenticated timers are disabled
- Due to fixes in the TPM 2 prime number generation code in rev155 it
is not
possible to downgrade from libtpms version 0.8.0 to some previous
version.
The seeds are now associated with an age so that older seeds use
the old
TPM 2 prime number generation code while newer seed use the newer code.
- Update to TPM 2 code relase 162
- ECC encryption / decryption is disabled
- Fix support for elliptic curve due to missing unmarshalling code
- Runtime filter supported elliptic curves supported by OpenSSL
- Fix output buffer parameter and size for RSA decryption that could
cause
stack corruption under certain circumstances
- Set the RSA PSS salt length to the digest length rather than max.
possible
- Fixes to symmetric decryption related to input size check,
defer padding to the user [EVP_CIPHER_CTX_set_padding(ctx, 0)] and
to always use a temporary malloc'ed buffer for decryption
- Fixed the set of PCRs belonging to the TCB group. This affects the
pcrUpdateCounter in TPM2_Pcrread() responses, thus needs latest `swtpm`
for test cases to succeed there.
version 0.7.5
- Note: The TPM 2 implementation returns 2048 bit keys with ~1984 bit
strength due to a bug in the TPM 2 key creation algo that cannot
easily be fixed. The bug is in RsaAjustPrimeCandidate, which is
called before the prime number check.
- tpm2: Return properly sized array for b parameter for NIST P521 (HLK)
- tpm2: Addressed issues detected by UBSAN
- tpm2: Addressed issues detected by cppcheck (false positives)
Regards,
Stefan
Reply all
Reply to author
Forward
0 new messages