Releases: stefanberger/libtpms
Releases · stefanberger/libtpms
Release of v0.10.2
v0.10.2
This tag was signed with the committer’s verified signature.
stefanberger
Stefan Berger
version 0.10.2:
- tpm2: Fix memory leak by freeing KDF context
- tpm2: Fix retrieval of updated IV when using OpenSSL >= 3.0 (CVE-2026-21444)
Full Changelog: v0.10.1...v0.10.2
Release of v0.10.1
v0.10.1
This tag was signed with the committer’s verified signature.
stefanberger
Stefan Berger
version 0.10.1:
- tpm2: Fix potential out-of-bound access & abort due to HMAC signing issue (CVE-2025-49133)
- tpm2: fix build for LibreSSL 4.1.0
- tpm2: In CheckLockedOut replace TPM_RC_RETRY with TPM_RC_SUCCESS
- tpm2: Fix bugs in RuntimeProfileDedupStrItems
- tpm2 + test: Make it compilable on Debian GNU Hurd
- tpm2: Add asserts to silence compiler warning due to -Wstringop-overflow=
- tpm2: Add padding to OBJECT for 32bit targets
Full Changelog: v0.10.0...v0.10.1
Release of v0.9.7
v0.9.7
This tag was signed with the committer’s verified signature.
stefanberger
Stefan Berger
version 0.9.7:
- tpm2: Fix potential out-of-bound access & abort due to HMAC signing issue (CVE-2025-49133)
- tpm2: Remove assigned-to value to offset because it is unused (Coverity)
- tpm2: Insert assert ensuring *buflen != BUFLEN_EMPTY_BUFFER (Coverity)
- tpm2: Address Coverity Issue by casting '1' before shift (CID 1470813)
- tpm2: Filter bad input values to avoid underflow in FindNthSetBit (Coverity)
- tpm2: Address a possible unsigned integer underflow (Coverity)
- tpm2: Remove assigned to value to offset because it is unused (Coverity)
- tpm2: Initialize eccPublic before passing to TPMS_ECC_POINT_Unmarshal (Coverity)
- tpm2: Preserve more *target and restore them if needed (Coverity)
- tpm2: Return TPM_RC_VALUE upon decryption failure
- tpm12: Replace include of engine.h with err.h
- tpm2: Fix issue in CryptParameterEncryption() (TPM 2 errata v1.4)
- tpm2: Sync fix in TPM2_PolicyAuthorize() with upstream
- tpm2: Sync CryptParameterDecrypt implementation with upstream
- tpm2: Fix issue related to CryptGenerateKeyDes (TPM 2 errata v1.4)
- tpm2: Check size of TPM2B_NAME buffer before reading 2 bytes from it
Full Changelog: v0.9.6...v0.9.7
Release of v0.8.10
v0.8.10
This tag was signed with the committer’s verified signature.
stefanberger
Stefan Berger
version 0.8.10:
- tpm2: Fix potential out-of-bound access & abort due to HMAC signing issue (CVE-2025-49133)
- tpm2: Remove assigned-to value to offset because it is unused (Coverity)
- Insert assert ensuring *buflen != BUFLEN_EMPTY_BUFFER (Coverity)
- tpm2: Address Coverity Issue by casting '1' before shift (CID 1470813)
- tpm2: Return TPM_RC_VALUE upon decryption failure
- tpm12: Replace include of engine.h with err.h
Full Changelog: v0.8.9...v0.8.10
Release of v0.7.12
v0.7.12
This tag was signed with the committer’s verified signature.
stefanberger
Stefan Berger
version 0.7.12:
- tpm2: Fix potential out-of-bound access & abort due to HMAC signing issue (CVE-2025-49133)
- tpm2: Check size of buffer before accessing it (CVE-2023-1017 & -1018)
- tpm2: Do not call EVP_PKEY_CTX_set0_rsa_oaep_label() for label of size 0 (OSSL 3)
- tpm2: Return TPM_RC_VALUE upon decryption failure
- tpm2: Fix the returned number in the JSON
- tpm12: Replace include of engine.h with err.h
Full Changelog: v0.7.11...v0.7.12
Release of v0.10.0
v0.10.0
This tag was signed with the committer’s verified signature.
stefanberger
Stefan Berger
version 0.10.0:
- tpm2: Support for profiles: default-v1 & custom
- tpm2: Add new API call TPMLIB_SetProfile to enable user to set a profile
- tpm2: Extende TPMLIB_GetInfo to return profiles-related info
- tpm2: Implemented crypto tests and restrictions on crypto related to
FIPS-140-3; can be enabled with profiles - tpm2: Enable Camellia-192 and AES-192
- tpm2: Implement TPMLIB_WasManufactured API call
- tpm2: Fixes for issues detected by static analyzers
- tpm2: Use OpenSSL-based KDFe implementation if possible
- tpm2: Update to TPM 2 spec rev 183 (many changes)
- tpm2: Better support for OpenSSL 3.x
- tpm2: Use Carmichael function for RSA priv. exponent D (>= 2048 bits)
- tpm2: Fixes for CVE-2023-1017 and CVE-2023-1018
- tpm2: Fix of SignedCompareB().
NOTE: This fix may result in backwards compatibility issues with
PCR policies used by TPM2_PolicyCounterTimer and TPM2_PolicyNV
when upgrading from v0.9 to v0.10.
#367 (comment)
Full Changelog: v0.9.0...v0.10.0
Release of v0.9.6
v0.9.6
This tag was signed with the committer’s verified signature.
stefanberger
Stefan Berger
version 0.9.6:
- tpm2: Check size of buffer before accessing it (CVE-2023-1017 & CVE-2023-1018)
Release of v0.8.9
v0.8.9
This tag was signed with the committer’s verified signature.
stefanberger
Stefan Berger
version 0.8.9:
- tpm2: Check size of buffer before accessing it (CVE-2023-1017 & CVE-2023-1018)
Release of v0.7.11
v0.7.11
This tag was signed with the committer’s verified signature.
stefanberger
Stefan Berger
version 0.7.11:
- tpm2: Do not set RSA_FLAG_NO_BLINDING on RSA keys anymore
- tpm2: Fix a potential overflow expression (coverity)
- tpm2: Fix size check in CryptSecretDecrypt
- tpm2: Check return code of BN_div()
- tpm2: Do not write permanent state if only clock changed
Release of v0.8.8
v0.8.8
This tag was signed with the committer’s verified signature.
stefanberger
Stefan Berger
version 0.8.8:
- tpm2: Do not set RSA_FLAG_NO_BLINDING on RSA keys anymore
- tpm2: Fix a potential overflow expression (coverity)
- tpm2: Fix size check in CryptSecretDecrypt
- tpm2: Check return code of BN_div()
- tpm2: Do not call EVP_PKEY_CTX_set0_rsa_oaep_label() for label of size 0 (OSS
- tpm2: Do not write permanent state if only clock changed
- build-sys: Add probing for -fstack-protector