| * TROUSERS_0_3_3 |
| |
| - Tspi_ChangeAuth fixed for popup secret use case. |
| - Prefixed exported functions with common names. |
| - Fixed issues with accessing the utmp database. |
| - Migrated the bios parser file handler from open to fopen. |
| |
| * TROUSERS_0_3_2 |
| |
| - Added IMA log parser in conformance with format introduced in linux kernel 2.6.30 |
| - Fixed memory handling issues in src/tspi/tspi_quote2.c and tspi_tick.c |
| - Fixed memory handling issues in tcs/rpc/tcstp/rpc_tick.c |
| - Fixed logic when releasing auth handles, now the TPM won't become out of |
| resources due too many unreleased auth handles there. |
| - Fixed compilation problems when building trousers in Fedora with |
| -fstack-protector & gcc 4.4 |
| - Fixed the legacy usage of a deprecated 1.1 TPM command, now auth sessions |
| can be closed fine. |
| - Fixed key memory cache when evicting keys, invalid key handles were evicted |
| when shouldn't. |
| - Fixed authsess_xsap_init call with wrong handle |
| - Fixed authsess_callback_hmac return code |
| - Fixed validateReturnAuth return value |
| - Added consistency to avoid multiple double free() and bound checks to avoid |
| SEGV |
| - Moved from flock to fcntl since the first isn't supported in multi-thread |
| applications |
| - Added necessary free() and consistency necessary in tspi/tsp_delegate.c to avoid SEGV |
| - Typecast added in trousers.c in the UNICODE conversion functions |
| - Fixed wrong return code in Tspi_NV_ReleaseSpace |
| - Fixed digest computation in Tspi_NV_ReleaseSpace |
| - Fixed tpm_rsp_parse, it previously checked for an additional TPM_AUTH blob, |
| resulting in a incorrect data blog unload. |
| - Added new OpenSSL UI for TSS_SECRET_MODE_POPUP auth mode. |
| - Added workaround to fix namespace conflict with SELINUX |
| - Set SO_REUSEADDR socket option. |
| - Added TSS_SS_RSASSAPKCS1v15_INFO signature scheme definitions and support |
| - TDDL can now be compiled apart from the rest of TrouSerS. |
| - Added #include <limits.h> to remove INT_MAX undeclared error |
| during build. Files updated: trspi/crypto/openssl/symmetric.c, |
| tspi/tspi_aik.c and tspi/tsp_ps.c |
| - Added bounds checking in the data parsing routines of the TCSD's |
| tcstp RPC code, preventing attacks from malicious clients. |
| - Removed commented out code in src/tcs/rpc/tcstp/rpc.c |
| - Commented out old OSAP code, its now unused |
| - Fixed bug in tcsi_bind.c, one too few params were passed to |
| the function parsing the TPM blob. |
| - Fixed lots of erroneous TSPERR and TCSERR calls |
| - Added support for logging all error return codes when debug |
| is on |
| - Check that parent auth is loaded in the load key path outside |
| the mem_cache_lock, if a thread sleeps holding it, we deadlock |
| - Added support for dynamically growing the table that holds |
| sleeping threads inside the auth manager |
| - In tcs_auth_mgr.c, fixed the release handle path, which didn't |
| check if the handle was swapped out before calling to the TPM. |
| - Updates throughout the code supporting the modular build. |
| |
| * TROUSERS_0_3_1 |
| |
| - Added check of return code for ResetDALock call in tspi_admin |
| - Added missing ordinals in tcs_pbg.c as reported by Phil Carmon. |
| - Added support for DSAP sessions and delegating authorizations! |
| - Added support for DSAP sessions inside a transport session. |
| - Prevent Tspi_TPM_GetCapability from switching the endianess of |
| the data returned from a request for TSS_TPMCAP_NV_LIST when that |
| list happens to be sizeof(UINT32). |
| - Fixed trouble in owner_evict_init path for 1.1 TPMs |
| - Fixed multiple problems with changing auth on encrypted data |
| and keys. |
| - Fix for SF#1811120, Tspi_TPM_StirRandom01 test crashes TCSD. |
| - Fix for SF#1805829, ChangeAuth fails to return an error |
| - Fix for SF#1803767, TSS_TSPATTRIB_KEY_PCR_LONG key attribute |
| not implemented |
| - Fix for SF#1802804, Tspi_TPM_Delegate_UpdateVerificationCount |
| problem |
| - Fix for SF#1799935, Tspi_TPM_Delegate_ReadTables bug |
| - Fix for SF#1799912, policy lifetime counter doesn't reset with |
| SetSecret |
| - Fix for SF#1799901, policy lifetime timer doesn't reset with |
| SetSecret |
| - Fix for SF#1779282. Trspi_UnloadBlob_CERTIFY_INFO DNE. |
| - Fix for setting the right kind of PCR struct in the key object |
| |
| * TROUSERS_REDHAT_SUBMIT |
| |
| - Updated ps_inspect utility to more accurately guess if the file |
| you're inspecting is really a persistent storage file. |
| - Fixed endianess issue with certain TPM get caps |
| - Fixed bug in setting credential data in the TSP |
| - Moved secret hash mode code out from inside spec compliance |
| #defines since they're now part of the 1.2 spec. |
| - Better support for NULL parameters to blob manipulation |
| functions |
| - Fix for regression - blank the SRK pubkey copy stored in system |
| persistent storage |
| - Added RPC plumbing for DSAP sessions |
| - Added support for unmasking data on unseal :-) |
| - Implemented encdata PCR_INFO_LONG GetAttrib's |
| - Overhauled OSAP session handling. |
| |
| * TROUSERS_0_3_0 |
| |
| - Added TSS_TCSCAP_PLATFORM_CLASS cap support |
| - Added the Quote2 Commands |
| - Added new TSS 1.2 return codes to Trspi_Error_String. |
| - Added Tspi_Context_GetRegisteredKeysByUUID2 functions |
| to the persistent storage system |
| - Added Tspi_TPM_OwnerGetSRKPubKey and TCS OwnerReadInternalPub |
| code. |
| - Added support for operator auth and Tspi_TPM_SetOperatorAuth. |
| - Added support for Sealx. |
| - Added ordinal auditing support. |
| - Added initial transport session support. |
| - Rewrote TCSD key loading functions. |
| - Added support for UINT64 loading/unloading everywhere. |
| - Created an initial TCS parameter block generator in tcs_pbg.c. |
| - Added support to get_local_random to either allocate a new |
| buffer for the random number or write it to a given buffer. |
| - Removed TCS GetCredentials APIs -- the TSSWG verified that these |
| had accidentally been left in the spec. |
| - Added TCS GetCredential API. |
| - Added NVRAM APIs, donated by James Xu, and others from Intel. |
| - Added TCS GetCredentials functions |
| - Patched the TCS key loading infrastructure to return |
| TCS_E_INVALID_KEY when a handle is used by a context that doesn't |
| have a reference to the key in its keys_loaded list. |
| - Added ASN.1 blob encoding and decoding APIs. |
| - Added tick stamping APIs |
| - Added monotonic counter APIs |
| - Added the Tspi_PcrComposite APIs: GetPcrLocality, |
| SetPcrLocality, SelectPcrIndexEx and GetCompositeHash. |
| - Added new TSS 1.2 return codes for bad EK checksum and |
| invalid resource passed to Tspi_Context_FreeMemory. |
| - Added Christian Kummer's implementation of PCR reset |
| - In PcrExtend, set up the event struct fully before sending |
| to the TCS. |
| - Fixed bug in ActivateIdentity's use of rgbSymCAAttestation. |
| - updated policy handling to match the latest spec. |
| - Fixed bug when 2 TCSD's return the same context number. |
| - Added a check for the size of Tcsi_StirRandom's entropy data. |
| - Added support for TSS 1.2 style keys and PCR info long and |
| short structures. |
| - Added support for TPM_Save/LoadAuthContext. |
| - Grouped all threading functions in one header file, threads.h. |
| - Fix added in TCSD's event parsing code for a segfault when only |
| the number of events is requested. |
| - Several bugs fixed in the Tspi_Context_GetRegisteredKeysByUUID |
| code path in the TSP lib. |
| - Added a lock around all TCSP functions; removed auth_mgr_lock |
| since the TCSP lock now suffices. This fixed some TCSD multi- |
| threaded errors. |
| - hosttable.c: Fixed bug in host table entry removal, thanks |
| to Thomas Winkler for the testcase that helped in finding this. |
| - In the TCS GetPcrEventsByPcr, fixed a bug in calculating |
| the number of events to return. Thanks to Seiji Munetoh. |
| - Added functions to do incremental hashing, removing most |
| large stack allocations in trousers. |
| - Updated blob utility functions to use UINT64's instead of |
| UINT16, which had caused some arbitrary limits in parts of |
| trousers. |
| - Merged in TSS 1.2 header files. |
| - Merged in build changes for embedded. |
| |
| * TROUSERS_0_2 branch created |
| |
| - In obj_policy.c and obj_tpm.c, if NULL is passed in when trying |
| to set a 1.2 style callback, clear the callback address. |
| - Fix in Tspi_TPM_ActivateIdentity: Only validate over the out |
| parameters from the TPM, not the TCS (size of data). |
| - obj_encdata.c: fixed reference of pcrSelect, which caused |
| bad data to be returned as the PCR selection. |
| - added TSS_TSPATTRIB_ENCDATAPCR_DIGEST_ATRELEASE, which was |
| type-o'd in the 1.1 header files. |
| - Fix for SF1570380: Algorithm ID not compliant with TSS spec. |
| - Corrected off by 1 errors in PCR index bounds checking. |
| - Changed logging in the TCSD so that FILE:LINE isn't printed |
| unless debugging is on. |
| - Changed build/code so that the system PS dir is mode 0700, not |
| 1777. It used to be 1777 when user PS was not in ~/.trousers. |
| - Fix for SF1565726: Segfault when connecting from remote host. |
| - Fix for SF1565208: User PS load key by UUID failed. |
| |
| * TROUSERS_0_2_8 |
| |
| - Fixed bug in mc_add_entry, where the PCRInfo data was not being |
| copied into the mem cache with the other fields of the key. |
| - Fixed 2 bugs in spi_getset.c where setting the secret hash mode |
| was passing subFlag to the internal set function instead of |
| ulAttrib. |
| - Added patch to retry the libtspi's recv() call to the TCSD |
| if the call was interrupted before completion. |
| - Made the popup string appear as a label on the popup, not the |
| title. Also, got rid of annoying mouse-over texts. |
| - Added a flag to pass to the get_secret function internally to |
| indicate whether a popup should contain the confirm box. |
| - Added support for callbacks in the identity creation code. |
| - Updated the identity creation code in the TSP/TCS to support |
| AES, DES, 3DES during identity creation. |
| - Added symmetric encryption interfaces for openssl, Trspi. |
| - In Tspi_Hash_Sign, fixed memory leak. |
| - Added SetAttribData functions for RSA modulus/exponent per |
| the upcoming additions to the TSS 1.2 errata 1 spec. |
| - Fixed bug in TCS key cache where if 2 keys had the same public |
| modulus, they could confuse the key cache manager. |
| - Bind/Seal functions now return more descriptive errors codes |
| and won't do the encryption if the data to use is larger than |
| the RSA pubkey. |
| - Made updates to the code/headers for the TSS_VALIDATION struct |
| change to be issued as TSS 1.1 header file errata 1. |
| - Bug fix: In LoadManuMaintPub's wrapping function in the TSP, |
| we incorrectly passed a reference to the pubkey in loading the |
| blob. |
| - Fixed bugs in the maintenance commands, owner auth'd commands |
| were using no auth tags in their commands sent to the TPM. |
| - Fixed SF1546344: Track the release of auth handles by TCS |
| context and take the fContinueAuthSession variable into account |
| when calling the TPM to release a handle. |
| - Fixed SF1545614: deadlock due to auth_mgr_osap taking the |
| auth_mgr_lock before calling ensureKeyIsLoaded, which took the |
| mem_cache_lock. |
| - Added checks to ensure corrupt packets don't crash the tcsd. |
| - Added configure option --with-gui=gtk/none to enable building |
| with no popup support for embedded apps. The default secret |
| mode becomes TSS_SECRET_MODE_NONE for all policies and the |
| default context mode becomes TSS_TSPATTRIB_CONTEXT_SILENT to |
| supress all popups. |
| - Changed the Tspi_GetAttribData function to return a TCPA_PUBKEY |
| blob as is specified in the portable data section. |
| - Added a debugging #define in req_mgr.c to print all data passed |
| to/from the TPM. |
| - Updated Tspi_Context_LoadKeyByUUID to check in-memory keys by |
| UUID when the TCS returns a filled-out loadkey info struct. |
| - Removed the free of all context related memory when the context |
| closes. Allows an app more flexibility in choosing what to free. |
| - Removed check for secret mode None in establishing an OSAP |
| session. Now, a secret of all 0's is used if no secret exists. |
| - Added checks for 2 return codes in secret_TakeOwnership. |
| - Fixed TSS_VERSION problem. There are no specific getcaps for |
| software version vs. TSS spec version. Instead, the TSP's |
| version structure contains spec version and software major/minor. |
| - Removed obj_regdkey list references. |
| |
| * TROUSERS_0_2_7 |
| |
| - Added 3 new TCSD config options to allow admins to set paths |
| to the 3 types of credentials returned on Make Identity calls. |
| - Added an implementation for returning the MANUFACTURER TCS |
| caps. |
| - Added translation of TSS caps that are destined for the TPM. |
| - Updated DirWrite to work correctly (thanks Kylie). |
| - Updated the Tspi_TPM_DirWrite manpage with more info, removed |
| a confusing statement. |
| - Changed the number of loops in TCSP_GetRandom_Internal to 50, |
| which should allow TPMs that return few bytes per request to |
| fullfill up to 4K bytes. |
| - Removed the TCS's getSomeMemory() function, which was really |
| dumb. |
| - Changed the way user PS operates. User PS is now really |
| persistent, its kept in ~/.trousers/users.data, which is |
| created if it doesn't exist. Also, the environment variable |
| TSS_USER_PS_FILE can be set to a path that will override the |
| default location for as long as the TSP context is open. |
| - Lots of memory leaks found in error paths by Coverity, mostly |
| in tcsd_wrap.c. |
| - Fix for SF #1501811, setting some SetAttribUint32 flags not |
| supported. |
| - Lots of updates to the fedora specific RPM specfile. |
| - Fix for SF #1490845, 'make install' overwrites old tcsd.conf |
| - Added code to return TSS_E_POLICY_NO_SECRET when setting up |
| an OIAP or OSAP session. |
| - Added fix for SF #1490745, trousers demands too much from |
| /dev/random. Default random device is now /dev/urandom. |
| - Changed severity of the ioctl fallback print stmts to |
| warning and info. |
| - Added implementation of the maintenance functions. |
| - Added fix for SF #1487664, Offset in PS cache is not |
| updated correctly. |
| - Removed some Atmel specific code and commented out code. |
| - Added some missing auth_mgr_check calls in tcspbg.c. |
| - Fixed some unchecked mallocs in the TSP. |
| - Added build variables to automatically update the TSP |
| library version and TCSD version getcap variables. |
| - Added call to return the modulus of an RSA key on a |
| GetAttribData call. |
| - Added implementation of the migration functions. |
| - Fix for SF 1477178, random numbers get hosed by the tcsd. |
| |
| * TROUSERS_0_2_6 |
| |
| - Removed unnecessary call to obj_encdata_get_data in |
| Tspi_Data_Seal. |
| - Added support for using the trousers.h APIs in C++. |
| - Fixed Tspi_PcrComposite_GetPcrValue's man page, which had |
| left out *'s in two parameters. |
| - Fix for SF 1414817, Quote's PCR object doesn't get set on |
| return. |
| - Lots of function renaming to make code reading clearer. |
| - Return TSS_E_INVALID_OBJ_ACCESS when trying to retrieve data |
| from an encrypted data object that hasn't been set. |
| - Added contact info to the README. |
| - Fix for ordering of params in call to set callback by |
| Tspi_SetAttribUint32. Thanks to Thomas Winkler for the fix. |
| - Fix for SF 1410948, get random numbers from /dev/urandom |
| unless Tspi_TPM_GetRandom is called explicitly. |
| - Fix for SF 1342026, print TPM error codes during bring-up. |
| - Added support for a TCS_LOADKEY_INFO structure returned from |
| a TCSP_LoadKeyByUUID call. |
| - Fixed 2 free_tspi's that should have been plain free's |
| |
| * TROUSERS_0_2_5 |
| |
| - Changed all prints of size_t to %z (matters on 64bit platforms). |
| - Backport of the context and policy object's |
| TSS_TSPATTRIB_SECRET_HASH_MODE attribute from the TSS 1.2 spec. |
| This will allow 1.1 apps to decide whether they want to |
| include the 2 bytes of NULL in the hashes of their secrets. |
| This will in turn allow various TSS's to interoperate better. |
| - SF#1397265 'getpubek' to 'readpubek' in tcsd.conf. |
| - Added an implementation of TSS 1.2 style callbacks. |
| - Added Emily's patch to explain the TSS_DEBUG_OFF flag, added |
| blurb to README. |
| - Fixed bug that only manifested on PPC64: if errno is not set |
| to 0 explicitly before making a call to iconv, iconv will not |
| set it on failure. |
| |
| * TROUSERS_0_2_4 |
| |
| - Updated README with how to use new system.data files. |
| - Added sample system.data files for users who've taken |
| ownership of their TPMs under other OS's. |
| - Updated unicode routines to NULL terminate their strings |
| with the same number of bytes as is the width of the |
| encoding. |
| - Fixed bug in TCS_EnumRegisteredKeys_TP, returned data should |
| be alloc'd on the TSP heap. |
| - Added a logging statement when tcsd_startup fails due to an |
| error returned by the TPM itself. |
| - Fixed validation data in Tspi_TPM_Quote and |
| Tspi_TPM_GetPubEndorsementKey. |
| - Implemented Tspi_TPM_CollateIdentityRequest and |
| Tspi_TPM_ActivateIdentity. |
| - Bug fix in TCSP_Sign_TP, signature should be alloc'd using |
| the TSP heap. |
| - Fix for SF#1351593, authdata was always 0 for the SRK. This |
| was due to the defaults set in Tspi_Context_CreateObject for |
| the SRK key flag. The default SRK key is now set to require |
| auth. If you want an authless SRK, you need to either set |
| the authdatausage attribute directly or pass in your own |
| SRK initFlags to the create object call. |
| - Return bad parameter when no the pcr object is not |
| initialized instead of internal error. |
| - Several fixes added for list locking in the obj_*.c files. |
| - Added initial support for Tspi_TPM_CollateIdentityRequest |
| and its supporting functions (symmetric encryption). |
| - Fix for SF#1338785: Support TSS_TSPATTRIB_HASH_IDENTIFIER. |
| - Changed default kernel and firmware controlled PCRs to |
| none, which should have happened a long time ago. :-/ |
| - Fix for SF#1324108: Tspi_TPM_GetEvents should return a |
| number of events |
| - Fix for RFE#1301441: Fallback support for the device |
| node. ioctl is tried first, if that fails, r/w is tried, |
| if that fails, error is returned. |
| - Fixes for SF#1332479: HMAC and XOR callbacks were being |
| passed wrong params. |
| - Fix for SF#1334235, uuid data wasn't being set correctly |
| when keys were registered or loaded by uuid. |
| - Fix for SF#1332316, Tspi_GetAttribData doesn't always |
| return data alloc'd by TSP. Unicode data returned from the |
| function was being allocated off the TSP heap. |
| - Changed default return value for Tspi_GetAttribUint32 to |
| success. |
| - Corrected Tspi_TPM_PcrExtend manpage to state that the |
| application should fill out the TSS_PCR_EVENT structure. |
| -Fixes for SF BUG#1312194, and SF BUG#1312196. Get |
| Attribs for key usage and size were not being returned |
| correctly. Imported values for size from the TSS 1.2 |
| header files and translated TPM <-> TSP values for |
| key usage in the get attrib calls. |
| - Accepted Halcrow's patch to add a TSP key object |
| removal function, invoked at object close time. |
| This was SF BUG#1276133. |
| - increased the size of the return buffer from TCS to |
| TSP to 8K, so that larger requests won't fail. |
| - added a loop to TCSP_GetRandom_Internal to try several |
| (currently 5) times to get the number of requested bytes |
| from the TPM. Since the TSP has no way to tell an |
| application that a single request failed, this will help |
| improve the odds of a large request succeeding. |
| |
| * TROUSERS_0_2_3 |
| |
| - SF#1291256 bugs fixed. A UINT16 was being passed instead |
| of a UINT32 to TCS_LoadKeyByBlob_Internal. |
| - Removed test in spi_context.c's call to TCS_LoadKeyByUUID, |
| which would always fail, since there was no TCS layer bit |
| set. This kept us in a success path. |
| - Added debug logging functions that print the function |
| name at the beginning of the statement. |
| - Added GetPubKey as an option for TCSD's remote ops. |
| - SF#1249767 bug fixed. UTF16 strings are now hashed when |
| passwords are passed in through the popups. |
| - SF#1286333 bug fixed. New unicode functions added that |
| convert to UTF-16 and from the nl_langinfo(CODESET) |
| encoding. |
| - SF#1285428 bug fixed. obj_context_get_machine_name copied |
| too many bytes out. Code added to Tspi_GetAttribData to |
| convert to UTF16 before returning. |
| |
| * TROUSERS_0_2_2 |
| |
| - deleted section on ssh-askpass in README |
| - Modified popup code to hash UTF16 instead of UTF8. |
| - Restructured TCS calls to the TPM so that all auth sessions |
| are released correctly. |
| - Removed TSP contexts from all Trspi functions and modified |
| all trousers code to free its own memory instead. |
| - Fixed the TSP seal command to allow Sealing with a no-auth |
| key by using null auth data. Also changes the TCS seal |
| to return bad parameter if it gets null auth data. |
| - Removed lots of unused code and made formatting changes. |
| - Don't require Tspi_Key_WrapKey to be connected to succeed |
| and return a default value (or from the environment) if |
| we're doing PCR operations on an unconnected context. |
| - Fixed bug where a tcsd created system.data file was not |
| getting the right version info put into it. |
| - SF BUG#1269290 Fixed: Protect the SRK pub key. Upon taking |
| ownership, the unaltered SRK blob is passed back to the TSP |
| to create a valid key object with the SRK pub key intact. |
| The copies of the SRK pub key data that do into the TCSd's |
| mem cache and PS are zeroed out. From then on, the only way |
| to get the SRK pub key is through Tspi_Key_GetPubKey. |
| - tcspbg.c: deleted unused code and always release auth session |
| on an Unbind call. |
| - Bugfix for SF#1274308, Tspi_Key_CreateKey doesn't add PCRs |
| correctly. Ordering of calls in obj_rsakey_set_pcr_data |
| and calculation of PCRInfo size were incorrect. |
| - Close auth sessions in TCS_GetCapabilityOwner |
| - Removed volatile flag from the SRK key handle at key object |
| create time. This was keeping National TPM's from having the |
| ability to be owned! |
| - Moved calcCompositeHash to obj_pcrs.c and renamed it. |
| - Check returns everywhere for addKeyHandle calls. |
| - Call pthread_mutex_init on the host table's mutex. |
| - Modified TSSWG headers so that code w/o BSD types compiles |
| (such as the PKCS#11 TPM STDLL). |
| - Removed ssh_askpass, since UNICODE must be hashed from the GUI |
| input source. |
| - Updated all manpages to include the TSSWG header file names |
| instead of trousers specific files. |
| - Don't log debug data when TSS_DEBUG_OFF env var is available. |
| - Converted UNICODE to unsigned short and modified code accordingly. |
| - Only allow INADDR_LOCALHOST connections when no remote_ops are |
| defined in the tcsd.conf file. |
| - Bugfix in obj_pcrs.c, setting pcr indices and values was buggy. |
| - Moved macros from trousers_types.h (internal) to trousers.h |
| (external), since new header files make them virtually a |
| requirement |
| - Bugfix for SF#1249780, PCR selection structure was incomplete. |
| - Bugfix for SF#1249769, addKeyHandle now returns a TSS_RESULT. |
| |
| * TROUSERS_0_2_1 |
| |
| - return invalid handle int Tspi_ChangeAuth when hParentObject |
| is not of the right type. |
| - Fixed bug in TCS ps, write_key_init returned the wrong offset. |
| - Fixed mem leak in spi_getset.c:791, found by Coverity. |
| - Fixed mem leak in calltcsapi.c:70, found by Coverity. |
| - Fixed mem leak in tcskcm.c:531, found by Coverity. |
| - Fixed type-o mem leak in tspps.c:319/tcsps.c:349, found by Coverity. |
| - Fixed mem leak bug in memmgr.c:173, found by Coverity. |
| - Fixed bounds error bugs in tcstp.c:38/98, found by Coverity. |
| - Fixed bounds error bug in tcsd_wrap.c:154, found by Coverity. |
| - Fixed unchecked return bug in spi_utils.c:430, found by Coverity. |
| - Fixed unchecked return bug in calltcsapi.c:1159, found by Coverity. |
| - Fixed negative return value bug tcs/ps/ps_utils.c:365, found by Coverity. |
| - Fixed negative array index bug readpass.c:65, found by Coverity. |
| - Fixed null deref bugs spi_tpm.c:1292/1309/1302, and uninitialized |
| variable 1272, found by Coverity. |
| - Fixed null deref bugs spi_context.c:358/378, found by Coverity. |
| - Fixed null deref bug tcspbg.c:1413, found by Coverity. |
| - Fixed null deref bug tcspbg.c:745, found by Coverity. |
| - Fixed null deref bug imaem.c:356, found by Coverity. |
| - changed config file defaults for kernel/firmware pcrs. |
| - added better logging for when user/group "tss" doesn't exist |
| - in sendTCSDPacket: set transmitBuffer to 0 to prevent sending |
| bogus data. |
| - added some sanity checking in getTCSDPacket to prevent segfaults. |
| - added TCSERR where needed in tcs/ps files. |
| - BUG 1233031 fixed, TSP now stores PACKAGE_STRING as the vendor |
| data when registering a key. |
| - Added better debugging of auth mapping table, also closed two |
| auth handles that were getting left opened in CreateWrapKey and |
| Seal/Unseal. |
| - fixed ps_inspect's printing function. |
| - added SELinux files and README.selinux. |
| - updated ps_inspect tool to recognize non-PS files, |
| print out version 1 PS files and added a license |
| statement. Also added ps_convert tool to convert |
| version 0 PS files to version 1. |
| - updated ps_inspect tool to print out blobs and keys. |
| - change assert to DBG_ASSERT in tcs/ps files, also |
| assert that data sizes are > 0 when read off disk. |
| - Lots of malloc error logging changes where %d should |
| have been %u in the print statment. |
| - auth_mgr.c: allow a TSP to open a max of max_auths/2 |
| sessions before its denied any more, for TPMs that |
| can handle a lot of auth sessions. |
| - Big-endian fixes for the persistent store functions. |
| Trousers now runs fine on ppc64, for example. |
| - BUG 1226617: Audit of code for auth handle termination. |
| - Use @PACKAGE_BUGREPORT@ instead of a static email addr in |
| manpages. |
| - Added man page for tcsd.conf in section 5. |
| - Bugfix in remove_table_entry. Host table head was left |
| pointing at free'd memory. |
| - corrected comment in spi_context.c. |
| - added 64bit stuff to configure.in |
| - fixed bug in Tspi_ChangeAuth where parent object was |
| assumed to be an rsakey. |
| - fixed debug logging of data. |
| - modified calcCompositeHash for accepting incomplete pcr |
| select structures & to fill out the structure correctly. |
| |
| * TROUSERS_0_2_0 |
| |
| - removed unused code and added debugging in clearUnusedKeys(). |
| - Updated README with info on the 2.6.12 kernel device driver. |
| - fixed bug in calculating pcr select size |
| - fixed bug in init'ing PCRS, spi_utils.c:431 |
| - Changed TCPA sig schemes to TSS sig schemes in |
| Hash_VerifySignature. |
| - Implemented Tspi_Context_GetKeyByPublicInfo on the TCS side. |
| - Fixed PS bug in storing the pub key data. |
| - Implemented Tspi_Key_UnloadKey |
| - Implemented the guts of Tspi_Key_CertifyKey, which now works |
| in at least the case where both keys passed in are authless. |
| - in obj_rsakey_set_es/ss, added mapping from TCPA numbers |
| to TSS numbers and vice versa. |
| - added #includes in readpass.c to get rid of compile errors. |
| (thanks Emily). |
| - Fixed popup secret handling. Bug #1194607 closed. |
| - Fixed up the LogBlobData functions, no more strcat. Bug #1221974 |
| closed. |
| - changed sprintf's to snprintf. Bug #1221932 closed. |
| - Changed the TCPA_RSA_KEY_PARMS management at key creation time. |
| - Re-implemented TSP object management. |
| - Integrated TSSWG header files. |
| - Added valid_keys variable for the debugging build of |
| tcs/ps/ps_utils.c. |
| - Changed >= to > in openssl/crypto.c to correct off by one in |
| checking the size of the input data. |
| - added cvs commit logging to CVSROOT/loginfo file. |
| |
| * TROUSERS_0_1_11 |
| |
| - Changed TCSD logging to only log on remote connection attempts, |
| local connections will be left silent. |
| - mended compiled time warnings |
| - updated src/tspi/Makefile.am to respect libtool. |
| - added x86_64 case to configure.in |
| - added args to print stmt tcsd_wrap.c:3640 (thanks Kylie). |
| - commited fix for detecting past runlevel states (thanks Kylie). |
| - committed fix for RNG problem: a TPM's RNG is disabled when |
| the TPM is in the disabled state, yet needs a random number |
| to open an OSAP session to call the owner auth'd TPM enable |
| command. |
| - added code for CreatePubEK plumbing (thanks Kylie). |
| - fixed a couple signed/unsigned comparison warnings |
| - fixed endianess stuff in TPM GetCap spi_tpm.c. |
| - added Trspi_Error functions to manipulate TSS_RESULTs. |
| - Fixed order of receiving for the TCS_OwnerReadPubek call |
| (thanks Kylie). |
| - Added defns for volatile and non-volatile flags (thanks Kylie). |
| - Added Trspi_Error, which converts a TSS_RESULT to a string. |
| (thanks Kylie). |
| - In tcsd_wrap.c, added function bodies for tcs_wrap_OwnerClear, |
| tcs_wrap_DisablePubekRead, tcs_wrap_OwnerReadPubek, |
| tcs_wrap_DisableForceClear and tcs_wrap_DisableOwnerClear. |
| (thanks Kylie). |
| - Added an unload of the auth returned from the TPM in |
| TCSP_OwnerReadPubek_Internal. (thanks Kylie). |
| - Corrected the TAG for the TPM command in |
| TCSP_OwnerReadPubek_Internal. (thanks Kylie). |
| |
| * TROUSERS_0_1_10 |
| |
| - Updated implementation of Tspi_Key_WrapKey. |
| - Added missing goto in ReadPubEK in tcstp.c. (thanks Kylie). |
| - Added function guts for various functions in tcstp.c. (thanks |
| Kylie). |
| - In Tspi_TPM_SetStatus, do the right in the physical presence |
| path based on boolean. (thanks Kylie). |
| - Actually pass in the bool flag on TCSP_PhysicalPresence_Internal |
| (thanks Kylie). |
| - corrected force clear logic in spi_tpm.c:818 (thanks Kylie). |
| - fixed error return code check to socket() syscall clntside.c:52. |
| - added comment about TDDL reries and added log statement when a |
| physical presence command is denied because of runlevel. |
| - Fixed Tspi_Hash_VerifySignature to check signatures based on the |
| signature scheme of the key in use. Also, crypto.c was changed |
| to do a verify based on TSS_HASH_OTHER. |
| - Added 2 new highlevel Unbind testcases to test PKCS1.5 vs OAEP. |
| - In Tspi_Context_LoadKeyByUUID, the uninitialized keyBlob variable |
| was causing an invalid free on exit. Corrected that. |
| - changed return value from internal error to invalid handle when a |
| bad object handle is passed to Tspi_Hash_Sign and the Tspi_Data |
| functions. |
| - added Tspi_TPM_CertifySelfTest functionality |
| - corrected iptables string in the tcsd manpage. |
| - Corrected return code in Tspi_Key_UnloadKey02.c testcase. |
| - enabled Tspi_TPM_GetTestResult functionality |
| - added selftest as an option to the list of remote ops for the access |
| control |
| - added compatibility with openssh-askpass for the popup dialog box. |
| Now either gtk2-devel OR openssh-askpass must be installed to build |
| trousers. Using openssh-askpass reduces the size of libtspi.so by |
| about 40K and reduces the number of dependencies from 26 to 6! |
| - Bugfixes |
| - The entityType field was being passed between the TCSD and |
| TSP as a UINT32 instead of UINT16. This was keeping Tspi_ChangeAuth |
| from working as advertised. |
| - Secrets were being hashed incorrectly when secret mode was PLAIN |
| and the secret data length was 0. Now, when secret mode is plain, the |
| passed in data is always hashed, even if its 0 length. |
| - Popups are hopefully being handled more correctly now. Previously |
| the dialog popped up at the time SetSecret was called, but now its |
| just when the secret is actually needed. |
| - sf.net Bug #118026: memory allocations and free's fixed in almost |
| all paths from app to tcstp.c wrt correctly returning calloc_tspi'd |
| memory vs. malloc'd memory. Only problem remaining is the PCR event |
| functions, which have dangling malloc'd references, which is an |
| architectural problem which should be solved in the 1.2 rewrite. |
| |
| * TROUSERS_0_1_9 |
| |
| - added tcsd manpage |
| - added access control functionality so that sets of ordinals |
| cannot be executed by non-local hosts. This is now a |
| configurable option in tcsd.conf as "remote_ops". |
| - Set Physical Presence now works from the TSP when the TCSD |
| detects that it is running in single user mode. When not |
| running in single user mode, the TCS_PhysicalPresence |
| command returns TSS_E_NOTIMPL. |
| - Changed an fprintf to LogError in gtk/support.c |
| - TCP/IP server-side fixes in svrside.c |
| - various compile warnings fixed |
| - moved commonly used utility functions to trspi/trousers.c and |
| exported these functions in the header file tss/trousers.h. |
| - added new testcases for ChangeAuth of the TPM owner and SRK in |
| tcg/highlevel/tspi. |
| - added test tcg/highlevel/tpm/Tspi_TPM_PcrRead04.c |
| - updated Tspi_TPM_GetCapability manpage. |
| - added code to detect a 1.2 TPM and get auth sessions the 1.2 way. |
| - added manpage for Tspi_TPM_GetPubEndorsementKey |
| - Bugfixes |
| - in crypto.c, encrypted data area should be RSA_size(rsa) bytes |
| large, not always 256. This was keeping non-2048 bit keys from |
| working with the TPM keyring app. |
| - Fixed detection of an already closed Tddl. |
| - Allow validating the entire TCPA_PUBKEY structure in |
| Tspi_TPM_GetPubEndorsementKey, as National chips do this. |
| - Added support for TSS_TPMCAP_ORD and TSS_TPMCAP_FLAG in |
| Tspi_TPM_GetCapability, which required a call to |
| TCSP_GetCapabilityOwner to fetch the TPM's internal flags. Added |
| tcg/highlevel/tpm/Tspi_TPM_GetCapability0{4,5}.c to test. |
| - When loading the SRK from TCS PS, the TCS key handle should now |
| be 0x40000000 (TSS_SRK_KEY_HANDLE). There were checks for this in |
| the ChangeAuth code paths, which caused failing of various sorts. |
| - Bug fixed in roll over of TCS key handle generation. Previously we |
| would have smashed the SRK's fixed value and we would have thought |
| there were 2 SRK's loaded. |
| - sf.net bug #1154611, old SRK was not being removed from mem cache, |
| though disk cache was being deleted. This means that after re-taking |
| ownership the mem cache was corrupted until a restart of the TCSD. |
| - Feature Requests |
| - sf.net RFE #1122608 completed. Several different device locations |
| are now supported by default. If /dev/tpm is created its assumed that |
| the IBM Research device driver is being used and therefore ioctl's are |
| sent to the driver, all others get read/write's. Updated README. |
| |
| * TROUSERS_0_1_8 |
| |
| - added a manpage for Tspi_TPM_PcrExtend |
| - added SHA1_HASH_SIZE #define tied to openssl/sha.h |
| - Corrected typo in tcpa_types.h of pValdationData -> pValidationData |
| - updated README with info on device file stuff |
| - added a usage function and long options to tcsd |
| - added an error message when incorrect params are passed to tcsd on |
| the command line. |
| - added -lcrypto and -lpthread to the build of libtspi.so, so that app |
| writers will avoid having to include those when they don't have to. |
| - Connected up Tspi_TPM_SetStatus and Tspi_TPM_SelfTestFull to |
| TCSP_SetTempDeactivated, TCSP_SelfTestFull, TCSP_SetOwnerInstall, |
| TCSP_OwnerSetDisable and TCSP_PhysicalDisable. |
| - Bugfixes |
| - tcsem.c:507, error in calculating number of PCR events to copy out. |
| - sf.net bug #1151183 fixed. Tspi_TPM_GetPubEndorsementKey now takes |
| the correct number of params, and all testcases/TSS calls are changed. |
| - sf.net bug #1113313 fixed. Tspi_TPM_TakeOwnership now allows a NULL |
| pub endorsement key handle and a testcase, |
| tcg/highlevel/tpm/Tspi_TPM_TakeOwnership03.c, exists to test this. |
| - In Tspi_SetAttribData, set the TCPA_KEY's privkey, not the wrapper |
| object on a TSS_TSPATTRIB_KEYBLOB_PRIVATE_KEY. |
| |
| * TROUSERS_0_1_7 |
| |
| - Fixed the logging up so that if tcsd -f is specified, all logs go the |
| foreground, else all logs go to syslog. |
| - Moved the TPM_IOCTL #define into the tddl.h file. Now, if you're |
| using the IBM research device driver, compiling with #define TPM_IOCTL |
| will use ioctl's to open /dev/tpm and #undef TPM_IOCTL will use |
| read/write calls to /dev/tpm0. |
| - Revert accidental change in tddl.c |
| - Lots of 0's replaced with non-magic #define's in the TSP code |
| - In spi_getset.c: removed unimportant debugging stmts; make |
| Tspi_{Get|Set}AttribData set the correct public and private key data |
| when asked to. |
| - Lots of manpage verbage changes. |
| - added new manpages for: Tspi_TPM_TakeOwnership, Tspi_Key_LoadKey, |
| Tspi_Context_Create and Tspi_TPM_ClearOwner. |
| - Bugfixes |
| - cxt.c: when destroying a context object, release the tcs_ctx_lock before |
| calling ctx_ref_count_keys(). This prevents a deadlock. |
| - added a mutex unlock call for an error path that would have caused a |
| deadlock |
| |
| * TROUSERS_0_1_6 |
| |
| - Logging functionality changes only, for bug #1106301 |
| - TCSD: |
| - Logs now go to stdout/stderr until a successful startup |
| - After a successful startup, cmdline args are parsed |
| - if -f is specified, logging continues to stdout/stderr and daemon runs |
| in the foreground, killable by ctrl-c. |
| - If -f is not specified, logs go to syslog and the tcsd forks into the |
| background |
| - TSP library |
| - If compiled w/o debugging, there is no logging of any kind |
| - If compiled w/ debugging, all logs go to stdout/stderr, unless the |
| environment variable TSS_DEBUG_OFF is set, then, there is no logging of |
| any kind |
| - There is no longer a --enable-stderrlog option to the configure script |
| |
| * TROUSERS_0_1_5 |
| |
| - Complete memory management overhaul. calloc_tspi is now used to clean up |
| memory allocated by Tspi functions. TCS blob functions have been changed |
| to not require a context, since there's no need w/o calloc_tspi. Its |
| now necessary to call free explicitly everywhere in the TCS. In the TSP, |
| calloc_tspi is now always called with the TSP context of the session, which |
| would will ensure all memory allocated by the session is accounted for. |
| - Unused #defines and variables removed from spi_utils.h |
| - Commented out code removed throughout the source. |
| - Removed log.o on a 'make clean'. |
| - commented out unnecessary logging, added more descriptive logging |
| - renamed variables named 'hContext' to specifiy whether they represent TSP |
| of TCS context handles. |
| - got rid of a few magic numbers |
| - Bugfixes |
| - in tcs/cache.c, getNextTimeStamp() was unlocking the mutex twice. |
| - removed destroy_key_refs() in TSP, which caused double free errors |
| - added call to event_log_final() in tcsd_shutdown() to clean up the event log |
| - added an intermediate copy stage of data in getTCSDPacket() to avoid |
| memcpy() calls with overlapping source and dest fields. |
| |
| * TROUSERS_0_1_4 |
| |
| - added ChangeLog :-) |
| - TSP object management overhaul. All API's should be correct for contexts |
| whether they're connected to a TCS or not. |
| - testsuite changes based on object mgmt overhaul |
| - various internal fixes and simplifications of the code due to object mgmt |
| overhaul |
| |
| * TROUSERS_0_1_3 |
| |
| - added helpful message when package gtk2-devel is not found in configure.in |
| - chown changes in dist/Makefile for new syntax |
| - added detailed flags to various manpages |
| - TSP memory management overhaul |
| - added more complete destroy_key_refs() function |
| - Bugfixes |
| - quashed memory leaks in TSP found by valgrind |
| - return TRUE/FALSE from getAttribData |
| - added TSS_TSPATTRIB_KEYINFO_SIZE to Tspi_GetAttribData |
| - call free() not Tspi_Context_FreeMemory() in spi_utils.c |
| |
| * TROUSERS_0_1_2 |
| |
| - added bug report mailing list to configure.in |
| - added --enable-stderrlog feature to configure.in |
| - Marked Tspi_TPM_GetCapabilitySigned as not implemented (per TSS v1.1b spec) |
| - Bugfixes |
| - Removed common.h from Tspi_Context_RegisterKey manpage |
| - added endianess macros to spi_utils.h |
| - made all endianess fixes to the TSP and testsuite |
| - logging improvements tcspbg.c |
| - tcs_utils.c compile time warning quashed |
| |
| * TROUSERS_0_1_1 |
| |
| - Updated design doc |
| - Updated README |
| - More sensible function naming (no addNewObject, just addObject) |
| - Bugfixes |
| - return data correctly in Tspi_GetAttribData |
| - malloc space for returned UUID correctly in tspps.c |
| - log errors in tddl.c |
| - follow a failure path in auth_mgr.c |
| - don't always return success in req_mgr.c |
| |
| * TROUSERS_0_1_0 |
| |
| - Initial code drop |