* Added support for RSA-OAEP decryption.
* Added 'xof' and 'algid-absent' parameters to digests.
* Added Parent to textual information printed by 'openssl pkey -text'.
* Fixed multi-threaded operation, preventing the 'Esys called in bad
sequence' errors (thanks to @Danigaralfo, @famez, and @AndreasFuchsTPM).
* Fixed retrieval of OSSL_PKEY_PARAM_MAX_SIZE for RSA keys. The exact value
is returned instead of a fixed TPM2_MAX_RSA_KEY_BYTES.
* Fixed handling of absent emptyAuth value in the TSS2 PRIVATE KEY file.
* Set authorization value of newly generated keys. This allows users of the C
API to direcly use just generated EVP_PKEY.
- Add tpm2-openssl.keyring
- Don't install libtool archives
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-openssl?expand=0&rev=5
## Added
* Added support for ECDH with a KDF, which is used by ECC-based CMS (S/MIME).
* Added retrieval of OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY for EC keys and retrieval
of TLS-GROUP provider capabilities to enable mTLS authentication (thanks to @rshearman).
* Added mTLS example to documentation (thanks to @hoinmic).
* Added missing RAND parameters: 'state' and 'strength' (thanks to @mccarey).
* Added ability to run tests in a container (thanks to @afreof).
* Added Visual Studio properties to simplify the Windows build (thanks to @philippun1).
## Changed
* Symmetric operations are disabled by default. In most situations these are not needed and
cause a huge performance penalty. To enable, configure with --enable-op-digest or
--enable-op-cipher.
## Removed
* Removed unofficial support for tpm2-tss < 3.2.0, which do not support the openssl 3.x.
## Fixed
* Fixed key export: the private keys are not exportable, which shall fix some TPM-based sign
operations (thanks to @fhars).
* Fixed handle related operations on 32b machines (thanks to @dezgeg).
* Fixed OSSL_FUNC_KEYMGMT_HAS operations with NULL keys.
* Fixed a heap exception on some machines (thanks to @philippun1).
* Fixed build warnings when building on the Fedora Linux.
* In documentation and tests applied a correct order of providers (thanks to @hoinmic).
* Modified documentation: the user-space resource manager (abrmd) is almost mandatory for complex
scenarios such as SSL or X.509 operations.
OBS-URL: https://build.opensuse.org/request/show/1118389
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-openssl?expand=0&rev=3
