[1.9.1-rc0] - 2024-09-09

Fixed:

• configure:
  • Change mistaken += to =.
  • use user supplied --prefix even when p11kit is detected.
• Remove warning about unable to find FAPI when it's is not-compiled in and not chosen as the beckend.
• Fix memory leaks in tpm_create_transient_primary_from_template.
• Fix NULL pointer dereference in db.c on uses of CKA_ALLOWED_MECHANISMS.
• Fix offset miscalculation in FAPI backend that was corrupting data.
• Support CKM_ECDH1_DERIVE via C_DeriveKey.
• Fix usages of tpm2-ptool for its wrapped tpm2_ptool in tests.
• Fix failing db upgrades on double conversion to int.
• Fix db lock file due to missing parenthesis and order of operations.
• documentation:
  • Fix use of objects where tokens was meant.

Changed

• --enable-fapi to --with-fapi. Note this is not a major version bump as its internal to builders only. However --enable-fapi left in place for backwards compat.

[1.9.0-rc0] - 2023-01-23

Fixed

• Fix autoconf invocation on a release tarball not being a git repo for VERSION. VERSION file now generated and packaged as part of the release tarball from the git version information.
• Fix TPM2_PKCS11_OWNER_AUTH not being used when a persistent SRK is needed in the C_InitToken path.
• During an upgrade of the database to version 4, the config key 'persistent' is added instead of 'transient', causing KeyError when using the upgraded database.
• Leave the original db on upgrade failure, a bug caused the original db to be unlinked not the upgraded db.
• A bug prevented the use of CreateLoaded if the TPM supports the command.
• A bug when creating keys through the PKCS11 interface (not tpm2-ptool), the attributes for CKA_ALLOWED_MECHANISMS were encoded as a hex string and not a sequence of ints within the YAML. Correcting this will trigger a db upgrade to 8

Added

• Env varibale PKCS11_SQL_LOCK to allow setting a lock directory, eg for temprary directory so lock files do not persist across reboots.

[1.8.0 ] - 2022-03-21

Fixed

• Fix GetRandom Memory Leak
• Fix some spelling mistakes
• Fix unit test test_parser
• Fix importing of RSA private key through pkcs11 interface should fail.
• Fix ECDSA signature length calculation.
• Fix memory leak of tokens.
• Fix suspicious sizeof usage in _str_padded_copy
• Fix encoding errors when importing a certificate into the pkcs11 store.
• Fix try/finally scope issues in tpm2_ptool.
• Fix, an OOB access in db upgrade path.
• Fix ECDSA length calculation that was causing issues with Mutual TLS in Firefox and Chrome.

Changed

• remove unused macro set_safe_rc

Added

• Add support for OpenSSL 3. Note that calls through engine are no longer supported on OpenSSL3.
• Add tpm2_ptool export commandlet for exporting token keys into PEM and TPM blob format.

1.5.0-rc0 - 2020-11-04

• C_Decrypt: Fix CKM_RSA_PKCS11 scheme not removing PKCS v1.5 block padding from returned plaintext.
• C_Digest/C_DigestFinal: Fix Section 5.2 style returns.
• C_OpenSession: fix valid session handles starting at 0, 0 is invalid per the spec.
• C_OpenSession: fix handle issuance bug where handles could be exhausted at out of bounds.
• Support swtpm in testing infrastructure.
• Fix C_Encrypt/C_Decrypt interface not setting size when output buffer in NULL.
• Fix warning ../configure: line 14383: ]: command not found
• Fix CKM_RSA_PKCS_PSS mechanism.
• C_GetMechanismList: Fix index 0 of the returned list being invalid.
• C_GetMechanismInfo: Fix errors like ERROR: Unknown mechanism, got: 0xd.
• Docs: use full paths from project root to help fix 404 errors.
• tpm2_ptool init to attempt to persistent created primary object at 0x81000001 and fallback to
  first available address on failure.