diff options
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 893 |
1 files changed, 893 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 0000000..4508d58 --- /dev/null +++ b/ChangeLog @@ -0,0 +1,893 @@ +* TROUSERS_0_3_8 + +- Fix ssl_ui.c overflow +- Handling of TPM_CERTIFY_INFO2 structure special case +- Fix possible obfuscation of obj_migdata.c errors. +- Make 1.2 keys respect the TPM_PCRIGNOREDONREAD flag. +- PCRInfo member allocation in Trspi_Unload_CERTIFY_INFO. +- Add functions for deserializing NVRAM related data structures +- Add NVRAM specific error messages +- Fix spec file so one can build an rpm +- Initialize the tcsd_config_file with NULL. +- support for -c <configfile> command line option +- Establish a .gitignore file +- ENDIAN_H and htole definition fix + +* TROUSERS_0_3_7 + +- __tspi_freeTable wrong call +- Owner Evict pubkey setup fix +- The "HAVE_ENDIAN_H" check is missing from configure.in, but it appears to be needed in a couple of the source files. +- tspi_context.c fix (memleak) +- Added the missing setup of a tcs handle for owner evict keys. +- No need to initialize the flock structure. +- flock to fcntl change +- Fixed cleanup code in svrside.c +- Avoid warning of missing return in tcsd_thread_run() +- printf() warning fix +- Moved hDAA debug message after initialization +- Additional length check +- Tspi_NV_DefineSpace secret check fix + +* TROUNSERS_0_3_6 + +- Fixed a number of warnings during a build with --debug regarding THREAD ID + definition +- Removed htole() dependency, which was included only in glibc 2.9 + +* TROUSERS_0_3_5 + +- Allowed TCD Daemon to run with reduced privileges In Solaris. +- Fixing previous kfreebsd build patch conflict with the current tree. +- TCSD error handling improvements. +- mutex init inclusion. +- pthread_t portability fix +- Owner Evict keys load fix. +- Big- endian issues. +- Memory leak fix. +- Adding missing #include <limits.h>. +- kfreebsd build fixes. +- Fixed usage of syslog(). +- 64bits clean +- Fixes the TCP UN and IN socket connection attempt handling +- Fixes logic on opening a hardware TPM. +- Added communication through TCP to software TPMs in TrouSerS. +- Fixed conflicting defines +- Adds missing free() +- Fixed fread() return value check. +- Made the previous fix cleaner and more robust. +- Added missing check in order to avoid freeing buffer that's out of Tspi_Data_Seal() scope. +- Fixed Tspi_TPM_GetRandom 4kb output limit. + +* TROUSERS_0_3_4 + +- Fixed TrouSerS mishandling of TPM auth sessions +- Enabled hosttable.c "_init" and "_fini" functions to work on Solaris +- Included Solaris in BSD_CONST definition conditional +- Made the init script LSB compliant +- make distcheck improved + +* TROUSERS_0_3_3_2 + +- Fixed logic when filling up RSA keys objects. + +* TROUSERS_0_3_3_1 + +- TCSD now runs as tss and has a better signal handling +- Fixed many memory handling issues + +* TROUSERS_0_3_3 + +- Tspi_ChangeAuth fixed for popup secret use case. +- Prefixed exported functions with common names. +- Fixed issues with accessing the utmp database. +- Migrated the bios parser file handler from open to fopen. + +* TROUSERS_0_3_2 + +- Added IMA log parser in conformance with format introduced in linux kernel 2.6.30 +- Fixed memory handling issues in src/tspi/tspi_quote2.c and tspi_tick.c +- Fixed memory handling issues in tcs/rpc/tcstp/rpc_tick.c +- Fixed logic when releasing auth handles, now the TPM won't become out of +resources due too many unreleased auth handles there. +- Fixed compilation problems when building trousers in Fedora with +-fstack-protector & gcc 4.4 +- Fixed the legacy usage of a deprecated 1.1 TPM command, now auth sessions +can be closed fine. +- Fixed key memory cache when evicting keys, invalid key handles were evicted +when shouldn't. +- Fixed authsess_xsap_init call with wrong handle +- Fixed authsess_callback_hmac return code +- Fixed validateReturnAuth return value +- Added consistency to avoid multiple double free() and bound checks to avoid +SEGV +- Moved from flock to fcntl since the first isn't supported in multi-thread +applications +- Added necessary free() and consistency necessary in tspi/tsp_delegate.c to avoid SEGV +- Typecast added in trousers.c in the UNICODE conversion functions +- Fixed wrong return code in Tspi_NV_ReleaseSpace +- Fixed digest computation in Tspi_NV_ReleaseSpace +- Fixed tpm_rsp_parse, it previously checked for an additional TPM_AUTH blob, +resulting in a incorrect data blog unload. +- Added new OpenSSL UI for TSS_SECRET_MODE_POPUP auth mode. +- Added workaround to fix namespace conflict with SELINUX +- Set SO_REUSEADDR socket option. +- Added TSS_SS_RSASSAPKCS1v15_INFO signature scheme definitions and support +- TDDL can now be compiled apart from the rest of TrouSerS. +- Added #include <limits.h> to remove INT_MAX undeclared error + during build. Files updated: trspi/crypto/openssl/symmetric.c, + tspi/tspi_aik.c and tspi/tsp_ps.c +- Added bounds checking in the data parsing routines of the TCSD's +tcstp RPC code, preventing attacks from malicious clients. +- Removed commented out code in src/tcs/rpc/tcstp/rpc.c +- Commented out old OSAP code, its now unused +- Fixed bug in tcsi_bind.c, one too few params were passed to +the function parsing the TPM blob. +- Fixed lots of erroneous TSPERR and TCSERR calls +- Added support for logging all error return codes when debug +is on +- Check that parent auth is loaded in the load key path outside +the mem_cache_lock, if a thread sleeps holding it, we deadlock +- Added support for dynamically growing the table that holds +sleeping threads inside the auth manager +- In tcs_auth_mgr.c, fixed the release handle path, which didn't +check if the handle was swapped out before calling to the TPM. +- Updates throughout the code supporting the modular build. + +* TROUSERS_0_3_1 + +- Added check of return code for ResetDALock call in tspi_admin +- Added missing ordinals in tcs_pbg.c as reported by Phil Carmon. +- Added support for DSAP sessions and delegating authorizations! +- Added support for DSAP sessions inside a transport session. +- Prevent Tspi_TPM_GetCapability from switching the endianess of +the data returned from a request for TSS_TPMCAP_NV_LIST when that +list happens to be sizeof(UINT32). +- Fixed trouble in owner_evict_init path for 1.1 TPMs +- Fixed multiple problems with changing auth on encrypted data +and keys. +- Fix for SF#1811120, Tspi_TPM_StirRandom01 test crashes TCSD. +- Fix for SF#1805829, ChangeAuth fails to return an error +- Fix for SF#1803767, TSS_TSPATTRIB_KEY_PCR_LONG key attribute +not implemented +- Fix for SF#1802804, Tspi_TPM_Delegate_UpdateVerificationCount +problem +- Fix for SF#1799935, Tspi_TPM_Delegate_ReadTables bug +- Fix for SF#1799912, policy lifetime counter doesn't reset with +SetSecret +- Fix for SF#1799901, policy lifetime timer doesn't reset with +SetSecret +- Fix for SF#1779282. Trspi_UnloadBlob_CERTIFY_INFO DNE. +- Fix for setting the right kind of PCR struct in the key object + +* TROUSERS_REDHAT_SUBMIT + +- Updated ps_inspect utility to more accurately guess if the file +you're inspecting is really a persistent storage file. +- Fixed endianess issue with certain TPM get caps +- Fixed bug in setting credential data in the TSP +- Moved secret hash mode code out from inside spec compliance +#defines since they're now part of the 1.2 spec. +- Better support for NULL parameters to blob manipulation +functions +- Fix for regression - blank the SRK pubkey copy stored in system +persistent storage +- Added RPC plumbing for DSAP sessions +- Added support for unmasking data on unseal :-) +- Implemented encdata PCR_INFO_LONG GetAttrib's +- Overhauled OSAP session handling. + +* TROUSERS_0_3_0 + +- Added TSS_TCSCAP_PLATFORM_CLASS cap support +- Added the Quote2 Commands +- Added new TSS 1.2 return codes to Trspi_Error_String. +- Added Tspi_Context_GetRegisteredKeysByUUID2 functions +to the persistent storage system +- Added Tspi_TPM_OwnerGetSRKPubKey and TCS OwnerReadInternalPub +code. +- Added support for operator auth and Tspi_TPM_SetOperatorAuth. +- Added support for Sealx. +- Added ordinal auditing support. +- Added initial transport session support. +- Rewrote TCSD key loading functions. +- Added support for UINT64 loading/unloading everywhere. +- Created an initial TCS parameter block generator in tcs_pbg.c. +- Added support to get_local_random to either allocate a new +buffer for the random number or write it to a given buffer. +- Removed TCS GetCredentials APIs -- the TSSWG verified that these +had accidentally been left in the spec. +- Added TCS GetCredential API. +- Added NVRAM APIs, donated by James Xu, and others from Intel. +- Added TCS GetCredentials functions +- Patched the TCS key loading infrastructure to return +TCS_E_INVALID_KEY when a handle is used by a context that doesn't +have a reference to the key in its keys_loaded list. +- Added ASN.1 blob encoding and decoding APIs. +- Added tick stamping APIs +- Added monotonic counter APIs +- Added the Tspi_PcrComposite APIs: GetPcrLocality, +SetPcrLocality, SelectPcrIndexEx and GetCompositeHash. +- Added new TSS 1.2 return codes for bad EK checksum and +invalid resource passed to Tspi_Context_FreeMemory. +- Added Christian Kummer's implementation of PCR reset +- In PcrExtend, set up the event struct fully before sending +to the TCS. +- Fixed bug in ActivateIdentity's use of rgbSymCAAttestation. +- updated policy handling to match the latest spec. +- Fixed bug when 2 TCSD's return the same context number. +- Added a check for the size of Tcsi_StirRandom's entropy data. +- Added support for TSS 1.2 style keys and PCR info long and + short structures. +- Added support for TPM_Save/LoadAuthContext. +- Grouped all threading functions in one header file, threads.h. +- Fix added in TCSD's event parsing code for a segfault when only + the number of events is requested. +- Several bugs fixed in the Tspi_Context_GetRegisteredKeysByUUID + code path in the TSP lib. +- Added a lock around all TCSP functions; removed auth_mgr_lock + since the TCSP lock now suffices. This fixed some TCSD multi- + threaded errors. +- hosttable.c: Fixed bug in host table entry removal, thanks + to Thomas Winkler for the testcase that helped in finding this. +- In the TCS GetPcrEventsByPcr, fixed a bug in calculating + the number of events to return. Thanks to Seiji Munetoh. +- Added functions to do incremental hashing, removing most + large stack allocations in trousers. +- Updated blob utility functions to use UINT64's instead of + UINT16, which had caused some arbitrary limits in parts of + trousers. +- Merged in TSS 1.2 header files. +- Merged in build changes for embedded. + +* TROUSERS_0_2 branch created + +- In obj_policy.c and obj_tpm.c, if NULL is passed in when trying + to set a 1.2 style callback, clear the callback address. +- Fix in Tspi_TPM_ActivateIdentity: Only validate over the out + parameters from the TPM, not the TCS (size of data). +- obj_encdata.c: fixed reference of pcrSelect, which caused + bad data to be returned as the PCR selection. +- added TSS_TSPATTRIB_ENCDATAPCR_DIGEST_ATRELEASE, which was + type-o'd in the 1.1 header files. +- Fix for SF1570380: Algorithm ID not compliant with TSS spec. +- Corrected off by 1 errors in PCR index bounds checking. +- Changed logging in the TCSD so that FILE:LINE isn't printed + unless debugging is on. +- Changed build/code so that the system PS dir is mode 0700, not + 1777. It used to be 1777 when user PS was not in ~/.trousers. +- Fix for SF1565726: Segfault when connecting from remote host. +- Fix for SF1565208: User PS load key by UUID failed. + +* TROUSERS_0_2_8 + +- Fixed bug in mc_add_entry, where the PCRInfo data was not being + copied into the mem cache with the other fields of the key. +- Fixed 2 bugs in spi_getset.c where setting the secret hash mode + was passing subFlag to the internal set function instead of + ulAttrib. +- Added patch to retry the libtspi's recv() call to the TCSD + if the call was interrupted before completion. +- Made the popup string appear as a label on the popup, not the + title. Also, got rid of annoying mouse-over texts. +- Added a flag to pass to the get_secret function internally to + indicate whether a popup should contain the confirm box. +- Added support for callbacks in the identity creation code. +- Updated the identity creation code in the TSP/TCS to support + AES, DES, 3DES during identity creation. +- Added symmetric encryption interfaces for openssl, Trspi. +- In Tspi_Hash_Sign, fixed memory leak. +- Added SetAttribData functions for RSA modulus/exponent per + the upcoming additions to the TSS 1.2 errata 1 spec. +- Fixed bug in TCS key cache where if 2 keys had the same public + modulus, they could confuse the key cache manager. +- Bind/Seal functions now return more descriptive errors codes + and won't do the encryption if the data to use is larger than + the RSA pubkey. +- Made updates to the code/headers for the TSS_VALIDATION struct + change to be issued as TSS 1.1 header file errata 1. +- Bug fix: In LoadManuMaintPub's wrapping function in the TSP, + we incorrectly passed a reference to the pubkey in loading the + blob. +- Fixed bugs in the maintenance commands, owner auth'd commands + were using no auth tags in their commands sent to the TPM. +- Fixed SF1546344: Track the release of auth handles by TCS + context and take the fContinueAuthSession variable into account + when calling the TPM to release a handle. +- Fixed SF1545614: deadlock due to auth_mgr_osap taking the + auth_mgr_lock before calling ensureKeyIsLoaded, which took the + mem_cache_lock. +- Added checks to ensure corrupt packets don't crash the tcsd. +- Added configure option --with-gui=gtk/none to enable building + with no popup support for embedded apps. The default secret + mode becomes TSS_SECRET_MODE_NONE for all policies and the + default context mode becomes TSS_TSPATTRIB_CONTEXT_SILENT to + supress all popups. +- Changed the Tspi_GetAttribData function to return a TCPA_PUBKEY + blob as is specified in the portable data section. +- Added a debugging #define in req_mgr.c to print all data passed + to/from the TPM. +- Updated Tspi_Context_LoadKeyByUUID to check in-memory keys by + UUID when the TCS returns a filled-out loadkey info struct. +- Removed the free of all context related memory when the context + closes. Allows an app more flexibility in choosing what to free. +- Removed check for secret mode None in establishing an OSAP + session. Now, a secret of all 0's is used if no secret exists. +- Added checks for 2 return codes in secret_TakeOwnership. +- Fixed TSS_VERSION problem. There are no specific getcaps for + software version vs. TSS spec version. Instead, the TSP's + version structure contains spec version and software major/minor. +- Removed obj_regdkey list references. + +* TROUSERS_0_2_7 + +- Added 3 new TCSD config options to allow admins to set paths + to the 3 types of credentials returned on Make Identity calls. +- Added an implementation for returning the MANUFACTURER TCS + caps. +- Added translation of TSS caps that are destined for the TPM. +- Updated DirWrite to work correctly (thanks Kylie). +- Updated the Tspi_TPM_DirWrite manpage with more info, removed + a confusing statement. +- Changed the number of loops in TCSP_GetRandom_Internal to 50, + which should allow TPMs that return few bytes per request to + fullfill up to 4K bytes. +- Removed the TCS's getSomeMemory() function, which was really + dumb. +- Changed the way user PS operates. User PS is now really + persistent, its kept in ~/.trousers/users.data, which is + created if it doesn't exist. Also, the environment variable + TSS_USER_PS_FILE can be set to a path that will override the + default location for as long as the TSP context is open. +- Lots of memory leaks found in error paths by Coverity, mostly + in tcsd_wrap.c. +- Fix for SF #1501811, setting some SetAttribUint32 flags not + supported. +- Lots of updates to the fedora specific RPM specfile. +- Fix for SF #1490845, 'make install' overwrites old tcsd.conf +- Added code to return TSS_E_POLICY_NO_SECRET when setting up + an OIAP or OSAP session. +- Added fix for SF #1490745, trousers demands too much from + /dev/random. Default random device is now /dev/urandom. +- Changed severity of the ioctl fallback print stmts to + warning and info. +- Added implementation of the maintenance functions. +- Added fix for SF #1487664, Offset in PS cache is not + updated correctly. +- Removed some Atmel specific code and commented out code. +- Added some missing auth_mgr_check calls in tcspbg.c. +- Fixed some unchecked mallocs in the TSP. +- Added build variables to automatically update the TSP + library version and TCSD version getcap variables. +- Added call to return the modulus of an RSA key on a + GetAttribData call. +- Added implementation of the migration functions. +- Fix for SF 1477178, random numbers get hosed by the tcsd. + +* TROUSERS_0_2_6 + +- Removed unnecessary call to obj_encdata_get_data in + Tspi_Data_Seal. +- Added support for using the trousers.h APIs in C++. +- Fixed Tspi_PcrComposite_GetPcrValue's man page, which had + left out *'s in two parameters. +- Fix for SF 1414817, Quote's PCR object doesn't get set on + return. +- Lots of function renaming to make code reading clearer. +- Return TSS_E_INVALID_OBJ_ACCESS when trying to retrieve data + from an encrypted data object that hasn't been set. +- Added contact info to the README. +- Fix for ordering of params in call to set callback by + Tspi_SetAttribUint32. Thanks to Thomas Winkler for the fix. +- Fix for SF 1410948, get random numbers from /dev/urandom + unless Tspi_TPM_GetRandom is called explicitly. +- Fix for SF 1342026, print TPM error codes during bring-up. +- Added support for a TCS_LOADKEY_INFO structure returned from + a TCSP_LoadKeyByUUID call. +- Fixed 2 free_tspi's that should have been plain free's + +* TROUSERS_0_2_5 + +- Changed all prints of size_t to %z (matters on 64bit platforms). +- Backport of the context and policy object's + TSS_TSPATTRIB_SECRET_HASH_MODE attribute from the TSS 1.2 spec. + This will allow 1.1 apps to decide whether they want to + include the 2 bytes of NULL in the hashes of their secrets. + This will in turn allow various TSS's to interoperate better. +- SF#1397265 'getpubek' to 'readpubek' in tcsd.conf. +- Added an implementation of TSS 1.2 style callbacks. +- Added Emily's patch to explain the TSS_DEBUG_OFF flag, added + blurb to README. +- Fixed bug that only manifested on PPC64: if errno is not set +to 0 explicitly before making a call to iconv, iconv will not +set it on failure. + +* TROUSERS_0_2_4 + + - Updated README with how to use new system.data files. + - Added sample system.data files for users who've taken + ownership of their TPMs under other OS's. + - Updated unicode routines to NULL terminate their strings + with the same number of bytes as is the width of the + encoding. + - Fixed bug in TCS_EnumRegisteredKeys_TP, returned data should + be alloc'd on the TSP heap. + - Added a logging statement when tcsd_startup fails due to an + error returned by the TPM itself. + - Fixed validation data in Tspi_TPM_Quote and + Tspi_TPM_GetPubEndorsementKey. + - Implemented Tspi_TPM_CollateIdentityRequest and + Tspi_TPM_ActivateIdentity. + - Bug fix in TCSP_Sign_TP, signature should be alloc'd using + the TSP heap. + - Fix for SF#1351593, authdata was always 0 for the SRK. This + was due to the defaults set in Tspi_Context_CreateObject for + the SRK key flag. The default SRK key is now set to require + auth. If you want an authless SRK, you need to either set + the authdatausage attribute directly or pass in your own + SRK initFlags to the create object call. + - Return bad parameter when no the pcr object is not + initialized instead of internal error. + - Several fixes added for list locking in the obj_*.c files. + - Added initial support for Tspi_TPM_CollateIdentityRequest + and its supporting functions (symmetric encryption). + - Fix for SF#1338785: Support TSS_TSPATTRIB_HASH_IDENTIFIER. + - Changed default kernel and firmware controlled PCRs to + none, which should have happened a long time ago. :-/ + - Fix for SF#1324108: Tspi_TPM_GetEvents should return a + number of events + - Fix for RFE#1301441: Fallback support for the device + node. ioctl is tried first, if that fails, r/w is tried, + if that fails, error is returned. + - Fixes for SF#1332479: HMAC and XOR callbacks were being + passed wrong params. + - Fix for SF#1334235, uuid data wasn't being set correctly + when keys were registered or loaded by uuid. + - Fix for SF#1332316, Tspi_GetAttribData doesn't always + return data alloc'd by TSP. Unicode data returned from the + function was being allocated off the TSP heap. + - Changed default return value for Tspi_GetAttribUint32 to + success. + - Corrected Tspi_TPM_PcrExtend manpage to state that the + application should fill out the TSS_PCR_EVENT structure. + -Fixes for SF BUG#1312194, and SF BUG#1312196. Get + Attribs for key usage and size were not being returned + correctly. Imported values for size from the TSS 1.2 + header files and translated TPM <-> TSP values for + key usage in the get attrib calls. + - Accepted Halcrow's patch to add a TSP key object + removal function, invoked at object close time. + This was SF BUG#1276133. + - increased the size of the return buffer from TCS to + TSP to 8K, so that larger requests won't fail. + - added a loop to TCSP_GetRandom_Internal to try several + (currently 5) times to get the number of requested bytes + from the TPM. Since the TSP has no way to tell an + application that a single request failed, this will help + improve the odds of a large request succeeding. + +* TROUSERS_0_2_3 + + - SF#1291256 bugs fixed. A UINT16 was being passed instead + of a UINT32 to TCS_LoadKeyByBlob_Internal. + - Removed test in spi_context.c's call to TCS_LoadKeyByUUID, + which would always fail, since there was no TCS layer bit + set. This kept us in a success path. + - Added debug logging functions that print the function + name at the beginning of the statement. + - Added GetPubKey as an option for TCSD's remote ops. + - SF#1249767 bug fixed. UTF16 strings are now hashed when + passwords are passed in through the popups. + - SF#1286333 bug fixed. New unicode functions added that + convert to UTF-16 and from the nl_langinfo(CODESET) + encoding. + - SF#1285428 bug fixed. obj_context_get_machine_name copied + too many bytes out. Code added to Tspi_GetAttribData to + convert to UTF16 before returning. + +* TROUSERS_0_2_2 + + - deleted section on ssh-askpass in README + - Modified popup code to hash UTF16 instead of UTF8. + - Restructured TCS calls to the TPM so that all auth sessions + are released correctly. + - Removed TSP contexts from all Trspi functions and modified + all trousers code to free its own memory instead. + - Fixed the TSP seal command to allow Sealing with a no-auth + key by using null auth data. Also changes the TCS seal + to return bad parameter if it gets null auth data. + - Removed lots of unused code and made formatting changes. + - Don't require Tspi_Key_WrapKey to be connected to succeed + and return a default value (or from the environment) if + we're doing PCR operations on an unconnected context. + - Fixed bug where a tcsd created system.data file was not + getting the right version info put into it. + - SF BUG#1269290 Fixed: Protect the SRK pub key. Upon taking + ownership, the unaltered SRK blob is passed back to the TSP + to create a valid key object with the SRK pub key intact. + The copies of the SRK pub key data that do into the TCSd's + mem cache and PS are zeroed out. From then on, the only way + to get the SRK pub key is through Tspi_Key_GetPubKey. + - tcspbg.c: deleted unused code and always release auth session + on an Unbind call. + - Bugfix for SF#1274308, Tspi_Key_CreateKey doesn't add PCRs + correctly. Ordering of calls in obj_rsakey_set_pcr_data + and calculation of PCRInfo size were incorrect. + - Close auth sessions in TCS_GetCapabilityOwner + - Removed volatile flag from the SRK key handle at key object + create time. This was keeping National TPM's from having the + ability to be owned! + - Moved calcCompositeHash to obj_pcrs.c and renamed it. + - Check returns everywhere for addKeyHandle calls. + - Call pthread_mutex_init on the host table's mutex. + - Modified TSSWG headers so that code w/o BSD types compiles + (such as the PKCS#11 TPM STDLL). + - Removed ssh_askpass, since UNICODE must be hashed from the GUI + input source. + - Updated all manpages to include the TSSWG header file names + instead of trousers specific files. + - Don't log debug data when TSS_DEBUG_OFF env var is available. + - Converted UNICODE to unsigned short and modified code accordingly. + - Only allow INADDR_LOCALHOST connections when no remote_ops are + defined in the tcsd.conf file. + - Bugfix in obj_pcrs.c, setting pcr indices and values was buggy. + - Moved macros from trousers_types.h (internal) to trousers.h + (external), since new header files make them virtually a + requirement + - Bugfix for SF#1249780, PCR selection structure was incomplete. + - Bugfix for SF#1249769, addKeyHandle now returns a TSS_RESULT. + +* TROUSERS_0_2_1 + + - return invalid handle int Tspi_ChangeAuth when hParentObject + is not of the right type. + - Fixed bug in TCS ps, write_key_init returned the wrong offset. + - Fixed mem leak in spi_getset.c:791, found by Coverity. + - Fixed mem leak in calltcsapi.c:70, found by Coverity. + - Fixed mem leak in tcskcm.c:531, found by Coverity. + - Fixed type-o mem leak in tspps.c:319/tcsps.c:349, found by Coverity. + - Fixed mem leak bug in memmgr.c:173, found by Coverity. + - Fixed bounds error bugs in tcstp.c:38/98, found by Coverity. + - Fixed bounds error bug in tcsd_wrap.c:154, found by Coverity. + - Fixed unchecked return bug in spi_utils.c:430, found by Coverity. + - Fixed unchecked return bug in calltcsapi.c:1159, found by Coverity. + - Fixed negative return value bug tcs/ps/ps_utils.c:365, found by Coverity. + - Fixed negative array index bug readpass.c:65, found by Coverity. + - Fixed null deref bugs spi_tpm.c:1292/1309/1302, and uninitialized + variable 1272, found by Coverity. + - Fixed null deref bugs spi_context.c:358/378, found by Coverity. + - Fixed null deref bug tcspbg.c:1413, found by Coverity. + - Fixed null deref bug tcspbg.c:745, found by Coverity. + - Fixed null deref bug imaem.c:356, found by Coverity. + - changed config file defaults for kernel/firmware pcrs. + - added better logging for when user/group "tss" doesn't exist + - in sendTCSDPacket: set transmitBuffer to 0 to prevent sending + bogus data. + - added some sanity checking in getTCSDPacket to prevent segfaults. + - added TCSERR where needed in tcs/ps files. + - BUG 1233031 fixed, TSP now stores PACKAGE_STRING as the vendor + data when registering a key. + - Added better debugging of auth mapping table, also closed two + auth handles that were getting left opened in CreateWrapKey and + Seal/Unseal. + - fixed ps_inspect's printing function. + - added SELinux files and README.selinux. + - updated ps_inspect tool to recognize non-PS files, + print out version 1 PS files and added a license + statement. Also added ps_convert tool to convert + version 0 PS files to version 1. + - updated ps_inspect tool to print out blobs and keys. + - change assert to DBG_ASSERT in tcs/ps files, also + assert that data sizes are > 0 when read off disk. + - Lots of malloc error logging changes where %d should + have been %u in the print statment. + - auth_mgr.c: allow a TSP to open a max of max_auths/2 + sessions before its denied any more, for TPMs that + can handle a lot of auth sessions. + - Big-endian fixes for the persistent store functions. + Trousers now runs fine on ppc64, for example. + - BUG 1226617: Audit of code for auth handle termination. + - Use @PACKAGE_BUGREPORT@ instead of a static email addr in + manpages. + - Added man page for tcsd.conf in section 5. + - Bugfix in remove_table_entry. Host table head was left + pointing at free'd memory. + - corrected comment in spi_context.c. + - added 64bit stuff to configure.in + - fixed bug in Tspi_ChangeAuth where parent object was + assumed to be an rsakey. + - fixed debug logging of data. + - modified calcCompositeHash for accepting incomplete pcr + select structures & to fill out the structure correctly. + +* TROUSERS_0_2_0 + + - removed unused code and added debugging in clearUnusedKeys(). + - Updated README with info on the 2.6.12 kernel device driver. + - fixed bug in calculating pcr select size + - fixed bug in init'ing PCRS, spi_utils.c:431 + - Changed TCPA sig schemes to TSS sig schemes in + Hash_VerifySignature. + - Implemented Tspi_Context_GetKeyByPublicInfo on the TCS side. + - Fixed PS bug in storing the pub key data. + - Implemented Tspi_Key_UnloadKey + - Implemented the guts of Tspi_Key_CertifyKey, which now works + in at least the case where both keys passed in are authless. + - in obj_rsakey_set_es/ss, added mapping from TCPA numbers + to TSS numbers and vice versa. + - added #includes in readpass.c to get rid of compile errors. + (thanks Emily). + - Fixed popup secret handling. Bug #1194607 closed. + - Fixed up the LogBlobData functions, no more strcat. Bug #1221974 + closed. + - changed sprintf's to snprintf. Bug #1221932 closed. + - Changed the TCPA_RSA_KEY_PARMS management at key creation time. + - Re-implemented TSP object management. + - Integrated TSSWG header files. + - Added valid_keys variable for the debugging build of + tcs/ps/ps_utils.c. + - Changed >= to > in openssl/crypto.c to correct off by one in + checking the size of the input data. + - added cvs commit logging to CVSROOT/loginfo file. + +* TROUSERS_0_1_11 + + - Changed TCSD logging to only log on remote connection attempts, + local connections will be left silent. + - mended compiled time warnings + - updated src/tspi/Makefile.am to respect libtool. + - added x86_64 case to configure.in + - added args to print stmt tcsd_wrap.c:3640 (thanks Kylie). + - commited fix for detecting past runlevel states (thanks Kylie). + - committed fix for RNG problem: a TPM's RNG is disabled when + the TPM is in the disabled state, yet needs a random number + to open an OSAP session to call the owner auth'd TPM enable + command. + - added code for CreatePubEK plumbing (thanks Kylie). + - fixed a couple signed/unsigned comparison warnings + - fixed endianess stuff in TPM GetCap spi_tpm.c. + - added Trspi_Error functions to manipulate TSS_RESULTs. + - Fixed order of receiving for the TCS_OwnerReadPubek call + (thanks Kylie). + - Added defns for volatile and non-volatile flags (thanks Kylie). + - Added Trspi_Error, which converts a TSS_RESULT to a string. + (thanks Kylie). + - In tcsd_wrap.c, added function bodies for tcs_wrap_OwnerClear, + tcs_wrap_DisablePubekRead, tcs_wrap_OwnerReadPubek, + tcs_wrap_DisableForceClear and tcs_wrap_DisableOwnerClear. + (thanks Kylie). + - Added an unload of the auth returned from the TPM in + TCSP_OwnerReadPubek_Internal. (thanks Kylie). + - Corrected the TAG for the TPM command in + TCSP_OwnerReadPubek_Internal. (thanks Kylie). + +* TROUSERS_0_1_10 + + - Updated implementation of Tspi_Key_WrapKey. + - Added missing goto in ReadPubEK in tcstp.c. (thanks Kylie). + - Added function guts for various functions in tcstp.c. (thanks + Kylie). + - In Tspi_TPM_SetStatus, do the right in the physical presence + path based on boolean. (thanks Kylie). + - Actually pass in the bool flag on TCSP_PhysicalPresence_Internal + (thanks Kylie). + - corrected force clear logic in spi_tpm.c:818 (thanks Kylie). + - fixed error return code check to socket() syscall clntside.c:52. + - added comment about TDDL reries and added log statement when a + physical presence command is denied because of runlevel. + - Fixed Tspi_Hash_VerifySignature to check signatures based on the + signature scheme of the key in use. Also, crypto.c was changed + to do a verify based on TSS_HASH_OTHER. + - Added 2 new highlevel Unbind testcases to test PKCS1.5 vs OAEP. + - In Tspi_Context_LoadKeyByUUID, the uninitialized keyBlob variable + was causing an invalid free on exit. Corrected that. + - changed return value from internal error to invalid handle when a + bad object handle is passed to Tspi_Hash_Sign and the Tspi_Data + functions. + - added Tspi_TPM_CertifySelfTest functionality + - corrected iptables string in the tcsd manpage. + - Corrected return code in Tspi_Key_UnloadKey02.c testcase. + - enabled Tspi_TPM_GetTestResult functionality + - added selftest as an option to the list of remote ops for the access + control + - added compatibility with openssh-askpass for the popup dialog box. + Now either gtk2-devel OR openssh-askpass must be installed to build + trousers. Using openssh-askpass reduces the size of libtspi.so by + about 40K and reduces the number of dependencies from 26 to 6! + - Bugfixes + - The entityType field was being passed between the TCSD and + TSP as a UINT32 instead of UINT16. This was keeping Tspi_ChangeAuth + from working as advertised. + - Secrets were being hashed incorrectly when secret mode was PLAIN + and the secret data length was 0. Now, when secret mode is plain, the + passed in data is always hashed, even if its 0 length. + - Popups are hopefully being handled more correctly now. Previously + the dialog popped up at the time SetSecret was called, but now its + just when the secret is actually needed. + - sf.net Bug #118026: memory allocations and free's fixed in almost + all paths from app to tcstp.c wrt correctly returning calloc_tspi'd + memory vs. malloc'd memory. Only problem remaining is the PCR event + functions, which have dangling malloc'd references, which is an + architectural problem which should be solved in the 1.2 rewrite. + +* TROUSERS_0_1_9 + + - added tcsd manpage + - added access control functionality so that sets of ordinals + cannot be executed by non-local hosts. This is now a + configurable option in tcsd.conf as "remote_ops". + - Set Physical Presence now works from the TSP when the TCSD + detects that it is running in single user mode. When not + running in single user mode, the TCS_PhysicalPresence + command returns TSS_E_NOTIMPL. + - Changed an fprintf to LogError in gtk/support.c + - TCP/IP server-side fixes in svrside.c + - various compile warnings fixed + - moved commonly used utility functions to trspi/trousers.c and + exported these functions in the header file tss/trousers.h. + - added new testcases for ChangeAuth of the TPM owner and SRK in + tcg/highlevel/tspi. + - added test tcg/highlevel/tpm/Tspi_TPM_PcrRead04.c + - updated Tspi_TPM_GetCapability manpage. + - added code to detect a 1.2 TPM and get auth sessions the 1.2 way. + - added manpage for Tspi_TPM_GetPubEndorsementKey + - Bugfixes + - in crypto.c, encrypted data area should be RSA_size(rsa) bytes + large, not always 256. This was keeping non-2048 bit keys from + working with the TPM keyring app. + - Fixed detection of an already closed Tddl. + - Allow validating the entire TCPA_PUBKEY structure in + Tspi_TPM_GetPubEndorsementKey, as National chips do this. + - Added support for TSS_TPMCAP_ORD and TSS_TPMCAP_FLAG in + Tspi_TPM_GetCapability, which required a call to + TCSP_GetCapabilityOwner to fetch the TPM's internal flags. Added + tcg/highlevel/tpm/Tspi_TPM_GetCapability0{4,5}.c to test. + - When loading the SRK from TCS PS, the TCS key handle should now + be 0x40000000 (TSS_SRK_KEY_HANDLE). There were checks for this in + the ChangeAuth code paths, which caused failing of various sorts. + - Bug fixed in roll over of TCS key handle generation. Previously we + would have smashed the SRK's fixed value and we would have thought + there were 2 SRK's loaded. + - sf.net bug #1154611, old SRK was not being removed from mem cache, + though disk cache was being deleted. This means that after re-taking + ownership the mem cache was corrupted until a restart of the TCSD. + - Feature Requests + - sf.net RFE #1122608 completed. Several different device locations + are now supported by default. If /dev/tpm is created its assumed that + the IBM Research device driver is being used and therefore ioctl's are + sent to the driver, all others get read/write's. Updated README. + +* TROUSERS_0_1_8 + + - added a manpage for Tspi_TPM_PcrExtend + - added SHA1_HASH_SIZE #define tied to openssl/sha.h + - Corrected typo in tcpa_types.h of pValdationData -> pValidationData + - updated README with info on device file stuff + - added a usage function and long options to tcsd + - added an error message when incorrect params are passed to tcsd on + the command line. + - added -lcrypto and -lpthread to the build of libtspi.so, so that app + writers will avoid having to include those when they don't have to. + - Connected up Tspi_TPM_SetStatus and Tspi_TPM_SelfTestFull to + TCSP_SetTempDeactivated, TCSP_SelfTestFull, TCSP_SetOwnerInstall, + TCSP_OwnerSetDisable and TCSP_PhysicalDisable. + - Bugfixes + - tcsem.c:507, error in calculating number of PCR events to copy out. + - sf.net bug #1151183 fixed. Tspi_TPM_GetPubEndorsementKey now takes + the correct number of params, and all testcases/TSS calls are changed. + - sf.net bug #1113313 fixed. Tspi_TPM_TakeOwnership now allows a NULL + pub endorsement key handle and a testcase, + tcg/highlevel/tpm/Tspi_TPM_TakeOwnership03.c, exists to test this. + - In Tspi_SetAttribData, set the TCPA_KEY's privkey, not the wrapper + object on a TSS_TSPATTRIB_KEYBLOB_PRIVATE_KEY. + +* TROUSERS_0_1_7 + + - Fixed the logging up so that if tcsd -f is specified, all logs go the + foreground, else all logs go to syslog. + - Moved the TPM_IOCTL #define into the tddl.h file. Now, if you're + using the IBM research device driver, compiling with #define TPM_IOCTL + will use ioctl's to open /dev/tpm and #undef TPM_IOCTL will use + read/write calls to /dev/tpm0. + - Revert accidental change in tddl.c + - Lots of 0's replaced with non-magic #define's in the TSP code + - In spi_getset.c: removed unimportant debugging stmts; make + Tspi_{Get|Set}AttribData set the correct public and private key data + when asked to. + - Lots of manpage verbage changes. + - added new manpages for: Tspi_TPM_TakeOwnership, Tspi_Key_LoadKey, + Tspi_Context_Create and Tspi_TPM_ClearOwner. + - Bugfixes + - cxt.c: when destroying a context object, release the tcs_ctx_lock before + calling ctx_ref_count_keys(). This prevents a deadlock. + - added a mutex unlock call for an error path that would have caused a + deadlock + +* TROUSERS_0_1_6 + + - Logging functionality changes only, for bug #1106301 + - TCSD: + - Logs now go to stdout/stderr until a successful startup + - After a successful startup, cmdline args are parsed + - if -f is specified, logging continues to stdout/stderr and daemon runs + in the foreground, killable by ctrl-c. + - If -f is not specified, logs go to syslog and the tcsd forks into the + background + - TSP library + - If compiled w/o debugging, there is no logging of any kind + - If compiled w/ debugging, all logs go to stdout/stderr, unless the + environment variable TSS_DEBUG_OFF is set, then, there is no logging of + any kind + - There is no longer a --enable-stderrlog option to the configure script + +* TROUSERS_0_1_5 + + - Complete memory management overhaul. calloc_tspi is now used to clean up + memory allocated by Tspi functions. TCS blob functions have been changed + to not require a context, since there's no need w/o calloc_tspi. Its + now necessary to call free explicitly everywhere in the TCS. In the TSP, + calloc_tspi is now always called with the TSP context of the session, which + would will ensure all memory allocated by the session is accounted for. + - Unused #defines and variables removed from spi_utils.h + - Commented out code removed throughout the source. + - Removed log.o on a 'make clean'. + - commented out unnecessary logging, added more descriptive logging + - renamed variables named 'hContext' to specifiy whether they represent TSP + of TCS context handles. + - got rid of a few magic numbers + - Bugfixes + - in tcs/cache.c, getNextTimeStamp() was unlocking the mutex twice. + - removed destroy_key_refs() in TSP, which caused double free errors + - added call to event_log_final() in tcsd_shutdown() to clean up the event log + - added an intermediate copy stage of data in getTCSDPacket() to avoid + memcpy() calls with overlapping source and dest fields. + +* TROUSERS_0_1_4 + + - added ChangeLog :-) + - TSP object management overhaul. All API's should be correct for contexts + whether they're connected to a TCS or not. + - testsuite changes based on object mgmt overhaul + - various internal fixes and simplifications of the code due to object mgmt + overhaul + +* TROUSERS_0_1_3 + + - added helpful message when package gtk2-devel is not found in configure.in + - chown changes in dist/Makefile for new syntax + - added detailed flags to various manpages + - TSP memory management overhaul + - added more complete destroy_key_refs() function + - Bugfixes + - quashed memory leaks in TSP found by valgrind + - return TRUE/FALSE from getAttribData + - added TSS_TSPATTRIB_KEYINFO_SIZE to Tspi_GetAttribData + - call free() not Tspi_Context_FreeMemory() in spi_utils.c + +* TROUSERS_0_1_2 + + - added bug report mailing list to configure.in + - added --enable-stderrlog feature to configure.in + - Marked Tspi_TPM_GetCapabilitySigned as not implemented (per TSS v1.1b spec) + - Bugfixes + - Removed common.h from Tspi_Context_RegisterKey manpage + - added endianess macros to spi_utils.h + - made all endianess fixes to the TSP and testsuite + - logging improvements tcspbg.c + - tcs_utils.c compile time warning quashed + +* TROUSERS_0_1_1 + + - Updated design doc + - Updated README + - More sensible function naming (no addNewObject, just addObject) + - Bugfixes + - return data correctly in Tspi_GetAttribData + - malloc space for returned UUID correctly in tspps.c + - log errors in tddl.c + - follow a failure path in auth_mgr.c + - don't always return success in req_mgr.c + +* TROUSERS_0_1_0 + + - Initial code drop |