------------------------------------------------------------------- Wed Jan 29 18:09:54 UTC 2025 - Lucas Mulling - Update to 1.3.0: * Added support for RSA-OAEP decryption. * Added 'xof' and 'algid-absent' parameters to digests. * Added Parent to textual information printed by 'openssl pkey -text'. * Fixed multi-threaded operation, preventing the 'Esys called in bad sequence' errors (thanks to @Danigaralfo, @famez, and @AndreasFuchsTPM). * Fixed retrieval of OSSL_PKEY_PARAM_MAX_SIZE for RSA keys. The exact value is returned instead of a fixed TPM2_MAX_RSA_KEY_BYTES. * Fixed handling of absent emptyAuth value in the TSS2 PRIVATE KEY file. * Set authorization value of newly generated keys. This allows users of the C API to direcly use just generated EVP_PKEY. - Add tpm2-openssl.keyring - Don't install libtool archives ------------------------------------------------------------------- Tue Oct 17 23:58:21 UTC 2023 - William Brown ## Added * Added support for ECDH with a KDF, which is used by ECC-based CMS (S/MIME). * Added retrieval of OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY for EC keys and retrieval of TLS-GROUP provider capabilities to enable mTLS authentication (thanks to @rshearman). * Added mTLS example to documentation (thanks to @hoinmic). * Added missing RAND parameters: 'state' and 'strength' (thanks to @mccarey). * Added ability to run tests in a container (thanks to @afreof). * Added Visual Studio properties to simplify the Windows build (thanks to @philippun1). ## Changed * Symmetric operations are disabled by default. In most situations these are not needed and cause a huge performance penalty. To enable, configure with --enable-op-digest or --enable-op-cipher. ## Removed * Removed unofficial support for tpm2-tss < 3.2.0, which do not support the openssl 3.x. ## Fixed * Fixed key export: the private keys are not exportable, which shall fix some TPM-based sign operations (thanks to @fhars). * Fixed handle related operations on 32b machines (thanks to @dezgeg). * Fixed OSSL_FUNC_KEYMGMT_HAS operations with NULL keys. * Fixed a heap exception on some machines (thanks to @philippun1). * Fixed build warnings when building on the Fedora Linux. * In documentation and tests applied a correct order of providers (thanks to @hoinmic). * Modified documentation: the user-space resource manager (abrmd) is almost mandatory for complex scenarios such as SSL or X.509 operations. ------------------------------------------------------------------- Mon Jun 5 05:29:23 UTC 2023 - William Brown - Initial commit of tpm2-openssl