- Update to 1.9.0
+ Fixed
* Fix autoconf invocation on a release tarball not being a git
repo for VERSION. VERSION file now generated and packaged as
part of the release tarball from the git version information.
* Fix TPM2_PKCS11_OWNER_AUTH not being used when a persistent SRK
is needed in the C_InitToken path.
* During an upgrade of the database to version 4, the config key
'persistent' is added instead of 'transient', causing KeyError
when using the upgraded database.
* Leave the original db on upgrade failure, a bug caused the
original db to be unlinked not the upgraded db.
* A bug prevented the use of CreateLoaded if the TPM supports the
command.
* A bug when creating keys through the PKCS11 interface (not
tpm2-ptool), the attributes for CKA_ALLOWED_MECHANISMS were
encoded as a hex string and not a sequence of ints within the
YAML. Correcting this will trigger a db upgrade to 8
+ Added
* Env varibale PKCS11_SQL_LOCK to allow setting a lock directory,
eg for temprary directory so lock files do not persist across
reboots.
OBS-URL: https://build.opensuse.org/request/show/1066387
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-pkcs11?expand=0&rev=13
- Update to 1.8.0
+ Fixed
* Fix GetRandom Memory Leak
* Fix some spelling mistakes
* Fix unit test test_parser
* Fix importing of RSA private key through pkcs11 interface should
fail.
* Fix ECDSA signature length calculation.
* Fix memory leak of tokens.
* Fix suspicious sizeof usage in _str_padded_copy
* Fix encoding errors when importing a certificate into the pkcs11
store.
* Fix try/finally scope issues in tpm2_ptool.
* Fix, an OOB access in db upgrade path.
* Fix ECDSA length calculation that was causing issues with Mutual
TLS in Firefox and Chrome.
+ Changed
* remove unused macro set_safe_rc
+ Added
* Add support for OpenSSL 3. Note that calls through engine are no
longer supported on OpenSSL3.
* Add tpm2_ptool export commandlet for exporting token keys into
PEM and TPM blob format.
- Add new dependencies to PyYAML, cryptography, pyasn1 and tpm2-pytss
OBS-URL: https://build.opensuse.org/request/show/988569
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-pkcs11?expand=0&rev=11
- Update to 1.7.0
+ DB Schema Change from 5 to 7.
* Backup your DB before upgrading
+ Fixed compilation issues with GCC11.
+ Fixed errors on releases due to newer compilers from failing by
only adding -Werror for non-release builds.
+ Fixed error message when the DB is too new in tpm2_ptool.
+ Added support for tpm2_ptool import with ssh-keygen format
keys. Note: Requires cryptography >= 3.0.
+ Changed default long level from error to warning.
+ Added better error message for FAPI backend errors along with
docs/FAPI.md document.
+ Changed tpm2_ptool make --algorithm optional.
+ Fixed error message of wrong attribute name on expected attribute
check to be false.
+ Added support for ECDSA 256, 384 and 512.
+ Fixed a bug in the Python code DB upgrade path from 4 to 5 where
it didn't add AES mode CTR to CKA_ALLOWED_MECHANISMS.
+ Added tpm2_ptool support for ECC key size 192.
+ Added support passwordless login for tokens, ie not setting
CKF_LOGIN_REQUIRED.
+ Fixed Running integration tests when Java version has the -ea,
like on Debian 11 and OpenJDK 17.
+ Added support for HMAC keys using tpm2_ptool and the C_Sign and
C_Verify interfaces. The following interfaces in ptool have
support:
* addkey: previous working versions of tpm2-tools will support
this.
* link: previous working versions of tpm2-tools will support this.
* import: requires tpm2-tools 5.2+ for support.
+ Fixed leaking of temp file descriptors in tpm2_ptool.
+ Fixed wrong free in tpm code, should use Esys_Free.
+ Fixed a space formatting issue in tpm2_ptool verify.
+ Fixed leaked file descriptor in tpm2_ptool.
+ Fixed a few suspicious sizeof usages in str_padded_copy
+ Fixed a memory leak of the token list on a failure condition in
initialization.
OBS-URL: https://build.opensuse.org/request/show/926517
OBS-URL: https://build.opensuse.org/package/show/security/tpm2-pkcs11?expand=0&rev=8
