wolfTPM Release 3.9.2 (July 30, 2025)

Summary

This release includes a security fix for possible buffer overflow in RSA key export functionality. It also adds new key wrapping API's to support exporting the encrypted private key along with crypto callback improvements. Fixes to support TPM2 signing/verification with smaller digest input sizes. Addition of a new HMAC example. Switch to GPLv3.

Vulnerabilities

[Medium CVE-2025-7844]: wolfTPM library wrapper function wolfTPM2_RsaKey_TpmToWolf copies external data to a fixed-size stack buffer without length validation potentially causing stack-based buffer overflow

Exporting a TPM based RSA key larger than 2048 bits from the TPM could overrun a stack buffer if the default MAX_RSA_KEY_BITS=2048 is used. If your TPM 2.0 module supports RSA key sizes larger than 2048 bit and your applications supports creating or importing an RSA private or public key larger than 2048 bits and your application calls wolfTPM2_RsaKey_TpmToWolf on that key, then a stack buffer could be overrun. If the MAX_RSA_KEY_BITS build-time macro is set correctly (RSA bits match what TPM hardware is capable of) for the hardware target, then a stack overrun is not possible.

Fixed in PR #427.

Detail

• Improvements for key creation and exporting encrypted private key (PR #428)
  • Added helpers for importing external private keys and creating encrypted key blobs (see wolfTPM2_CreateRsaKeyBlob and wolfTPM2_CreateEccKeyBlob)
  • Added support for crypto callback key generation that exports encrypted private portion (see TpmCryptoDevCtx.ecdsaKey)
  • Added a few missing FIPS unlock/lock on private key access (required with wolfCrypt FIPS)
  • Improved crypto callback key generation hash algorithm selection
  • Fixed WOLFTPM2_USE_SW_ECDHE build option and added CI tests
  • Cleaned up the user_settings.h logic between wolfTPM and wolfSSL.
• Fixed buffer overrun and security issues (PR #427)
  • Fixed possible buffer overrun issues with RSA key export where wolfCrypt max key size doesn't match TPM support (see CVE-2025-7844)
  • Fixed RSA encrypt/decrypt buffer size check logic
  • Fixed TPM2_GetWolfRng to ensure NULL is set on RNG init error
  • Added better defaults for SLB9672/SLB9673
  • Fixed LABEL_MAX_BUFFER and removed duplicate MAX_ECC_KEY_BYTES
  • Implemented address sanitizer CI test
• Improved the detection of maximum HASH_COUNT (PR #426 and #427)
• Enhanced HMAC support with persistent keys (PR #422)
  • Added example for HMAC with persistent key (see examples/wrap/hmac)
• Improved crypto callback functionality (PR #421)
  • Added support for crypto callback WC_PK_TYPE_RSA_GET_SIZE
  • Fixed crypto callback fallback to software when no TPM key is setup
  • Fixed for WC_RNG change to add pid_t and added detection of HAVE_GETPID
• Enhanced thread safety and CMake support (PR #417, #420)
  • Fixed missing TPM2_ReleaseLock in TPM2_GetProductInfo
  • Refactored TPM2_GetNonce to support non-locking version for internal use
  • Improved CMake support for single threading, mutex locking and active thread local storage
  • Fixed CMake logic for WOLFTPM_NO_ACTIVE_THREAD_LS
  • Improved gActiveTPM detection for needing thread local
• Improved TPM signing and verification (PR #418)
  • Fixed logic for signing with input digest smaller than key size
  • Improved input digest size logic for TPM2_Sign and TPM2_Verify
  • Added test case with interop for signing
  • Exposed TPM2_ASN_TrimZeros
• Enhanced parsing and testing (PR #419)
  • Fixed TPM2_ParsePublic size argument
• Improved documentation (PR #424, #425)
  • Added TCG TPM to the SWTPM documentation
• Fixed build system issues (PR #423)
  • Fixed bug in configure.ac which breaks in Alpine

wolfTPM Release 3.9.1 (May 21, 2025)

Post release fixes (PR #415)

• Fixed commercial release bundle (missing tpm2_asn.h).
• Fixed wolfTPM DLL revision (was not updated in v3.9.0).
• Added make distcheck to GitHub CI.

wolfTPM Release 3.9.0 (May 14, 2025)

Summary

Added Zephyr Project support, U-Boot bootloader support, improved thread safety with mutex protection, and various bug fixes. Added support for optional authentication password in keygen and improved ASN.1 certificate parsing.

Detail

• Added Zephyr Project Port support (PR #395)
  • Added support for Zephyr RTOS integration
  • Added example for Zephyr TPM usage
• Added U-Boot bootloader support (PR #398)
  • Added support for Das U-Boot bootloader integration
  • Added documentation for U-Boot usage
• Improved thread safety and mutex protection (PR #410)
  • Added global mutex for concurrent thread usage
  • Added support for pthread static mutex with older wolfSSL versions
  • Added build option WOLFTPM_NO_ACTIVE_THREAD_LS to remove thread local on gActiveTPM
• Added keygen optional authentication password support (PR #409)
  • Added -auth=<yourpassword> option to keygen
  • Added test cases for AIK and default key generation
• Improved ASN.1 certificate parsing (PR #404, #408)
  • Added WOLFTPM2_NO_ASN build option
  • Refactored ASN.1 parsing for RSA certificates
  • Fixed ASN.1 certificate parsing issues
• Added EK Certificate Verification with TPM only (PR #394)
  • Added support for verifying EK certificates without wolfCrypt
  • Added example for ST33KTPM2X
• Fixed various issues:
  • Fixed possible handle leak in bench example (PR #412)
  • Fixed issue with wolfTPM2_Init_ex handling of TPM_RC_INITIALIZE (PR #401)
  • Fixed CSR version handling (PR #406)
  • Fixed location for TPM simulator /tmp (PR #398)
  • Fixed spelling and debug issues (PR #398)
  • Fixed run_examples.sh run.out location variable (PR #401)
• Added new API TPM2_GetHierarchyDesc for getting hierarchy descriptions (PR #410)
• Added test case for TPM2_GetAlgId (PR #398)
• Added missing doxygen documentation for public APIs (PR #401)
• Cleanups for autogen.sh and build system improvements (PR #396)

wolfTPM Release 3.8.0 (Jan 7, 2025)

Summary

Fixes for session auth on key bind and password policy. Added NV extend example used with Bus_Protection_Guidance. New wolfTPM2_NVExtend wrapper and example. Added new NV policy write/read wrapper API's used with policy auth

Detail

• Fixed issue with auth session binding. (PR #389)
• Fixed possible missing wc_GetPkcs8TraditionalOffset. (PR #392)
• Fixed issue with wolfTPM2_PolicyHash where input digest could be too large. (PR #389)
• Added example for NV extend based on the TCG "bus protection guidance". (PR #389)
• Added support for building wolfTPM against older wolfCrypt (like v4.7.0) including CI test. (PR #390)
• Added HAL IO support for Microchip I2C bit-bang (PR #340)
• Created separate tool (./examples/management/tpmclear) for performing the TPM2_Clear (don't use args in wrap_test). (PR #391)
• Switched wolfTPM2_LoadSymmetricKey to default to the WOLFTPM2_WRAP_DIGEST for hash algorithm and not default to SHA1 for some sizes. (PR #388)
• Improved TPM NV write debug logging to show before. (PR #392)
• Cleanup the SensitiveToPrivate function stack variables. (PR #388)
• Cleanup comments on EK/SRK. (PR #388)
• Various spellings, tabs, execute bit on .c and formatting. (PR #386, #388, #392)

wolfTPM Release 3.6.0 (Nov 5, 2024)

Summary

Release includes minor bug fixes and new features such as TPM provisioning of IDevID/IAK, improved capabilities parsing, new TPM2_Certify example, new wolfTPM2_CreatePrimaryKey_ex API for creation ticket and tested support with Nations NS350 TPM.

Detail

• Fixed issue with TPM2_SetupPCRSel and added test cases. (PR #372)
• Fixed RC_WARN error codes (broken in commit f983525). (PR #378)
• Fixed issue with RSA/ECC symmetric field (should only be populated with restricted/decrypt) (PR #375)
• Fixed examples/keygen/keygen -sym= argument. (PR #372)
• Fixed building wolfCrypt/wolfTPM without ECC or RSA and added tests. (PR #371)
• Fixed file descriptor check for /dev/tpm0 (PR #366)
• Fixed STM32 GPIO SPI CS control to use pin number as bit offset, not direct value (PR #380)
• Fixed issues building with no filesystem. (PR #374)
• Added support for parsing all capabilities from (TPM2_GetCapability) (PR #383)
• Added support for creation of IDevID or IAK with examples/keygen/create_primary. (PR #369)
• Added support for Nations NS350. (PR #382)
• Added example for TPM2_Certify (see examples/attestation/certify) (PR #369)
• Added new wolfTPM2_CreatePrimaryKey_ex and WOLFTPM2_PKEY that supports returning creation ticket/hash. (PR #369)
• Added key templates for initial device (IDevID) and attestation keys (IAK). (PR #369)
• Added new build option for TPM provisioning (--enable-provisioning on by default). (PR #369)
• Added simple capabilities example (examples/wrap/caps) (PR #382)
• Added example to manual verify quote with ECC signature. (PR #379)
• Added tests for policy seal/unseal with multiple PCR's. (PR #377)
• Added -alg argument for PCR extend (PR #383)
• Added helper to get wolfCrypt hash type TPM2_GetTpmHashType (PR #384)
• Added new policy hash helper API wolfTPM2_PolicyHash (PR #369)
• Added documentation for /dev/tpm0 permissions (PR #366)
• Improved the TPM TLS examples for use with WOLFTPM_MFG_IDENTITY (PR #376)
• Moved PTHREAD definition from options.h to config.h (avoids possible re-declaration issue) PR (#381)
• Switched handle/nvIndex string parsing to use strtoul. (PR #369)
• Various spelling and documentation cleanups. (PR #366 / PR #373)

wolfTPM Release 3.4.0 (July 30, 2024)

Summary

Added Endorsement Key Certificate support. Added support for NV read/write with policy. Added policy password support. Refactor of the session authentication structures.

Detail

• Added EK Certificate Support (PR #360)
  • Added new API's wolfTPM2_GetKeyTemplate_EK and wolfTPM2_GetKeyTemplate_EK for getting EK public templates used for generating the EK primary key.
  • Added examples/endorsement/get_ek_certs for showing how to retrieve and validate the manufacturers endorsement key certificates.
• Improvements to auth handling to support Policy Password and Policy Auth Value (PR #350)
  • Refactor to eliminate confusing cast between TPMS_AUTH_COMMAND and TPM2_AUTH_SESSION.
  • Support for policy auth value and policy password.
  • Add new NV policy write/read API's wolfTPM2_NVWriteAuthPolicy and wolfTPM2_NVReadAuthPolicy.
• Fixed ST33KTPM IAK/IDevID provisioning NV indexes. (PR #361)
• Fixed TLS example build issues with wolfSSL not having crypto callback or PK callback enabled. (PR #360)
• Fixed CSR version (use version 0) (PR #359)
• Fixed issue with Doxygen generation of wolfTPM due to doxybook2 crashing on unnamed enum. (PR #357)
• Fixed HMAC session save last (not typically used) (PR #355)
• Fixed Infineon I2C HAL gating logic (PR #347)
• Added documentation for IAK/IDevID build options. (PR #361)
• Added support for Espressif IDE (see IDE/Espressif) (PR #321)
• Added tests for create_primary (PR #345)
• Improved software TPM (docs/SWTPM.md) documentation (PR #348)

wolfTPM Release 3.2.0 (Apr 24, 2024)

Summary

Added TPM Firmware update support (Infineon SLB9672/SLB9673). Added support for pre-provisioned device identity keys/certificates (STMicro ST33). Fixed issue with sealing secret to prevent userWithAuth by default. Expanded the TPM get capabilities support.

Detail

• Added new API wolfTPM2_NVCreateAuthPolicy for allowing NV creation with policy (PR #344)
• Added Infineon firmware update recovery support (PR #342)
• Added support for Infineon Firmware upgrade (PR #339)
  • Added support for Infineon SLB9672/SLB9673 Firmware upgrade (see examples/firmware/README.md)
  • Added Infineon Modus Toolbox support. See wolfssl/IDE/Infineon/README.md for setup instructions.
  • Added support for Infineon CyHal I2C support.
  • Added Firmware extraction tool
  • Added Firmware update example application examples/firmware/ifx_fw_update.
  • Added support for vendor capabilities TPM_CAP_VENDOR_PROPERTY.
  • Added XSLEEP_MS macro for firmware update delay.
  • Added support for getting key group id, operational mode and update counts.
  • Added support for abandoning an update.
  • Added support for firmware update done, but not finalized
  • Added Infineon CyHal SPI support.
  • Fixed auto-detect to not define SLB9672/SLB9673.
• Fixed TLS examples to not use openssl compatibility macros (PR #341)
• Added ST33 support for pre-provisioned device identity key and certificate (PR #336)
  • Added support for pre-provisioned TPM using the "TPM 2.0 Keys for Device Identity and Attestation" specification. See build macro: WOLFTPM_MFG_IDENTITY.
  • Added example for using TPM pre-provisioned device identity to TLS client example.
  • Fixed ST33 vendor command to enable command codes (TPM2_SetCommandSet) (it requires platform auth to be set).
  • Added benchmarks for new ST33KTPM2XI2C.
  • Fixed 0x1XX error code parsing.
  • Fixed ST33 part descriptions.
  • Updated example certificates.
• Fixes for building wolfTPM examples with NO_FILESYSTEM (PR #338)
• Fixed crypto callback hashing return code initialization (PR #334)
• Updated documentation for Infineon SLB9673 (I2C) (PR #337)
• Fixed Documentation references for generated user manual (PR #335)
• Fixed netdb.h include (PR #333)
• Fixes for building with "-Wpedantic" (PR #332)
• Added new API wolfTPM2_GetHandles to get list of handles from the TPM capabilities. (PR #328)
• Fixed config.h, which should only be included from .c files, not headers. (PR #330/#331)
• Fixed CMake tests (PR #329)
• Fixed and improved secret sealing/unsealing (PR #327)
  • Do not set userWithAuth by default when creating sealed objects. That flag allows password auth for the sealed object. Without the flag it only allows policy auth.
  • Allow setting policy auth with flags.
  • Fix secret_unseal to use policy session and valid sealed name.
  • Added expected failure test cases for seal/unseal with policy.
  • Improve the run_examples.sh script
• Improved types for htons and byte swap (PR #326)
  • Match byte swap logic with wolfSSL (use WOLF_ALLOW_BUILTIN).
  • Remove unused XHTONS and arpa/inet.h.
• Improved STMicro product naming (PR #325)
• Improved the STM32Cube template (PR #324)
  • Setup so next pack can add small stack and transport options: WOLFTPM_CONF_SMALL_STACK and WOLFTPM_CONF_TRANSPORT (0=SPI, 1=I2C).
• Fixed build error with missing wc_RsaKeyToPublicDer_ex (PR #323)
• Improved the ECC macro checks for wc_EccPublicKeyToDer (PR #323)
• Added PKCS7 ECC support to example (PR #322)
  • Added wrapper function to export TPM public key as DER/ASN.1 or PEM.
  • Fixed for crypto callback ECC sign to handle getting keySz for unknown cases (like PKCS7 without privateKey set).
• Added expanded key template and cleanups (PR #321)
  • Fixed mixed variable declaration.
  • Added _ex version for GetKeyTemplate RSA/ECC to allow setting all template parameters.

wolfTPM Release 3.1.0 (Dec 29, 2023)

Summary

Support for using TLS PK callbacks with TPM for ECC and RSA. Improved the crypto callback support and added RSA Key generation. Fixed issues with endorsement hierarchy. Added Windows Visual Studio solution and project for wolfTPM. Improved the STM32 HAL IO callback options and logging.

Detail

• Removed use of error-ssl.h in library proper. (PR #308)
• Fixed CSR crypto callback to use a different (not default) devId to avoid conflict. (PR #310)
• Added TPM crypto callback support for RSA key generation (PR #311)
• Fixed and improved for ECC crypto callbacks (PR #311)
  • Allow import of wolf ECC marked as private only (ECC_PRIVATEKEY_ONLY).
  • Improve the ECC key import scheme for signing.
  • Improve logic for finding TPM curve in ECC key generation. A call to wc_ecc_make_key can use curve_id 0 (to detect), but we can get it from the "dp".
  • Properly translate a TPM ECC signature verify error for compatibility.
  • Support ECC KeyGen for signing or derive based on callback context eccKey or ecdhKey population.
  • Fix to make sure leading ECC sign leading zeros are removed when not required.
  • Fix leading zero issue on ECC verify.
• Cleanup KDF function return code checking to avoid scan-build warning. (PR #311)
• Fixed ECC encrypt secret integrity check failed due to zero pad issue. (PR #311)
• Fixed wolfTPM2_GetRng possibly not returning an initialized WC_RNG. (PR #311)
• Fixed TLS bidirectional shutdown socket issue to to port collision with SWTPM. (PR #311)
• Fixed policy_sign issue when r or s is less than key size (needs zero padding). (PR #311)
• Fixed building wolfCrypt without PEM to DER support. (PR #311)
• Added support for TLS PK callbacks with ECC and RSA Sign using PKCSv1.5 and PSS padding (PR #312)
  • Fixed building wolfTPM without crypto callbacks.
  • Fixed building/running with FIPS.
  • Cleanup TLS PK callback RSA PSS padding.
  • Cleanup TLS server/client.
  • Added server -i option to keep running unless failure.
  • Added TLS server option -self to use the self signed certs.
  • Added tests for the TLS PK with TPM.
• Added CMakeList.txt to autoconf, so its in the "make dist" commercial bundles. (PR #313)
• Fixed HAL IO prototype to match (TPM2HalIoCb and TPM2_IoCb) and cast warnings. (PR #313)
• Added support for getting the keyblob sizes if buffer is NULL. (PR #315)
• Added tests for keyblob buffer export/import. (PR #315)
• Added Windows Visual Studio project for wolfTPM. Added GitHub Actions to test it. (PR #316)
• Added support for overriding the PORT/PIN for the STM32 Cube HAL. (PR #314)
• Fixed ECC sign with key that is marked for sign and decrypt detect the ECDSA hash algorithm. (PR #317)
• Fixes for compiler type warnings. (PR #318)
• Added WOLFTPM_NO_LOCK. (PR #318)
• Improved STM IO options/logging. (PR #318)
• Fixed attestation with endorsement key (PR #320)
  • Enabled the broken endorsement tests.
  • Improved TPM2_GetRCString error rendering to correctly resolve RC_WARN.
    • Added error debug for parameter, session and handle number.
    • Refactor line length / alignment.
    • Removed duplicate "success".
  • Removed the WOLFTPM2_KEYBLOB.name (deprecated). It is/has been moved to handle.name.
  • Fixed native test TPM2_PolicyPCR.
  • Fixed CMake build broken, since cryptocb refactor in PR #304.
  • Added CI tests for CMake.

wolfTPM Release 3.0.0 (Oct 30, 2023)

Summary

Refactor of command authentication. Support for ECC sessions and secrets. Support for policy sealing/unsealing. Examples for secure boot.

Detail

• Refactor of the command authentication. If command does not require auth do not supply it (PR #305)
• Refactor HAL and added Microchip Harmony SPI HAL support (PR #251)
• Relocate crypto callback code to its own code file (PR #304)
• Fixed using a custom wolfTPM CSR sigType (PR #307)
• Fixed support for ECC 384-bit only support (PR #307)
• Fixed issue with using struct assignment (switched to memcpy) (PR #303)
• Fixed various issues building with C++ compiler (PR #303)
• Fixed issues with STM32 I2C build and improved performance (PR #302)
• Fixed seal with RSA and PCR extend auth. (PR #296)
• Fixed issue including user_settings.h when --disable-wolfcrypt set (PR #285)
• Fixed TPM private key import with custom seed (PR #281)
• Fixed autogen.sh (autoconf) to generate without warnings (PR #279)
• Fixed TPM2 create with decrypt or restricted flag set (PR #275)
• Fixed and improved low resource build options (PR #269)
• Fixed the TPM_E_COMMAND_BLOCKED macro to have the correct value (PR #257)
• Fixed casting and unused variable problems on windows (PR #255)
• Fixed Linux usage of cs_change and added config overrides (PR #268)
• Fixed and improved the NV auth and session auth set/unset (PR #299)
• Fixed capability to handle unknown TPM2_GetCapability type and fix bad printf (PR #293)
• Fixed macros for file IO XFEOF and XREWIND to make sure they are available (PR #277)
• Fixed seal/unseal example (PR #306)
• Fixed TLS examples with param enc enabled (PR #306)
• Fixed signed_timestamp with ECC (PR #306)
• Added CI tests for CSharp wrappers (PR #307)
• Added support for sealing/unsealing based on a PCR that is signed externally (PR #294)
• Added examples for Secure Boot solution to store root of trust in NV (PR's #276, #289, #291 and #292)
• Added support for importing and loading public ECC/RSA keys formatted as PEM or DER (PR #290)
• Added new policy_nv example (PR #298)
• Added -nvhandle argument to nvram examples (PR #296)
• Added code to test external import between two TPM's (PR #288)
• Added support for STM32 Cube Expansion Pack (PR #287)
• Added support memory mapped (MMIO) TPM's (PR #271)
• Added wc_SetSeed_Cb call for FIPS ecc (PR #270)
• Added wrapper support for setting key usage (not just extended key usage) (PR #307)
• Added RSA key import methods to handle PEM and DER encoding directly (PR #252)
• Added thread local storage macro and make gActiveTPM local to the thread (PR #253)
• Added Microchip macro names and Support for bench with MPLABX Harmony (PR #256)
• Added support for encrypting secret using ECC key. Allows using ECC for parameter encryption and importing ECC keys with custom seed. (PR #276)
• Added wolfTPM2_ChangePlatformAuth wrapper to help set the platform auth. This is useful from the bootloader to make sure no one can use the platform hierarchy from application (PR #276)
• Improvements to cmake build (PR's #280, #283 and #284)

wolfTPM Release 2.7.0 (Dec 27, 2022)

Summary

Added Infineon TriCore HAL support and examples for Keyed Hash / NV counter increment. Minor fixes for NV auth and Keyed Hash.

Detail

• Support for Infineon TriCore (TC2XX/TC3XX) using macro WOLFTPM_INFINEON_TRICORE (PR #229)
• Added NV counter increment example (PR #243)
• Added Key Generation example for Keyed Hash. (PR #245)
• Fixed for Keyed Hash with HMAC (PR #243)
• Fixed for NV auth handling (PR #243)
• Fixed missing call to Close(), since Windows won't flush unless its called (PR #242)
• Fixed tpm2.c issue with variable declarations not being at top of function (PR #246)