All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog
- Added support for RSA-OAEP decryption
- Added Parent to textual information printed by 'openssl pkey -text'
- Fixed handling of absent emptyAuth value in the TSS2 PRIVATE KEY file.
- Set authorization value of newly generated keys. This allows users of the C API to direcly use just generated EVP_PKEY.
- Added support for ECDH with a KDF, which is used by ECC-based CMS (S/MIME).
- Added retrieval of OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY for EC keys and retrieval of TLS-GROUP provider capabilities to enable mTLS authentication (thanks to @rshearman).
- Added mTLS example to documentation (thanks to @hoinmic).
- Added missing RAND parameters: 'state' and 'strength' (thanks to @mccarey).
- Added ability to run tests in a container (thanks to @afreof).
- Added Visual Studio properties to simplify the Windows build (thanks to @philippun1).
- Symmetric operations are disabled by default. In most situations these
are not needed and cause a huge performance penalty.
To enable, configure with
--enable-op-digest
or--enable-op-cipher
.
- Removed unofficial support for tpm2-tss < 3.2.0, which do not support the openssl 3.x.
- Fixed key export: the private keys are not exportable, which shall fix some TPM-based sign operations (thanks to @fhars).
- Fixed handle related operations on 32b machines (thanks to @dezgeg).
- Fixed OSSL_FUNC_KEYMGMT_HAS operations with NULL keys.
- Fixed a heap exception on some machines (thanks to @philippun1).
- Fixed build warnings when building on the Fedora Linux.
- In documentation and tests applied a correct order of providers (thanks to @hoinmic).
- Modified documentation: the user-space resource manager (abrmd) is almost mandatory for complex scenarios such as SSL or X.509 operations.
- Support older TPM chips that do not support the CreateLoaded operation.
- Loading of NV index objects larger than TPM2_PT_NV_BUFFER_MAX.
- Loading of PEM certificates from the NV index.
- Support for the 'openssl cms' command for RSA keys.
- Support for PKCS1 padding in some parameters (thanks to @wxleong).
- Building of tpm2-openssl on Windows (thanks to @mhummels).
- Ability to run autoreconf on the release tarball.
- Fixed segmentation fault when a signature algorithm is beging initialized without a private key.
- Added support for the
TPM2OPENSSL_PARENT_AUTH
environment variable. - Added the Code of Conduct and Contributing guidelines.
- Fixed RSA/EC key equality checks. Works with OpenSSL 3.0.1.
- Modified documentation to recommend the user-space resource manager.
- Initial release of the provider.