관리-도구
편집 파일: ChangeLog
* TROUSERS_0_3_14 - Changes to support OpenSSL 1.1.0 - Removed some warnings for proper builds - Changes to allow building on OS X - Fixed memory leaks - Fixed failure to recognize connections from localhost over IPv6 - Fixed for an exploitable local denial of service in tcsd * TROUSERS_0_3_13 - Changed exported functions which had a name too common, to avoid collision - Assessed daemon security using manual techniques and coverit - Fixed major security bugs and memory leaks - Added debug support to run tcsd with a different user/group - Daemon now properly closes sockets before shutting down * TROUSERS_0_3_12 - Added new network code for RPC, which supports IPv6 - Users of client applications can configure the hostname of the tcsd server they want to connect through the TSS_TCSD_HOSTNAME env var (only works if application didn't set a hostname in the context) - Added disable_ipv4 and disable_ipv6 config options for server * TROUSERS_0_3_11 - Fix build process for distros - License was changed from GPL to BSD - Many bugfixes - updated man pages * TROUSERS_0_3_8 - Fix ssl_ui.c overflow - Handling of TPM_CERTIFY_INFO2 structure special case - Fix possible obfuscation of obj_migdata.c errors. - Make 1.2 keys respect the TPM_PCRIGNOREDONREAD flag. - PCRInfo member allocation in Trspi_Unload_CERTIFY_INFO. - Add functions for deserializing NVRAM related data structures - Add NVRAM specific error messages - Fix spec file so one can build an rpm - Initialize the tcsd_config_file with NULL. - support for -c <configfile> command line option - Establish a .gitignore file - ENDIAN_H and htole definition fix * TROUSERS_0_3_7 - __tspi_freeTable wrong call - Owner Evict pubkey setup fix - The "HAVE_ENDIAN_H" check is missing from configure.in, but it appears to be needed in a couple of the source files. - tspi_context.c fix (memleak) - Added the missing setup of a tcs handle for owner evict keys. - No need to initialize the flock structure. - flock to fcntl change - Fixed cleanup code in svrside.c - Avoid warning of missing return in tcsd_thread_run() - printf() warning fix - Moved hDAA debug message after initialization - Additional length check - Tspi_NV_DefineSpace secret check fix * TROUNSERS_0_3_6 - Fixed a number of warnings during a build with --debug regarding THREAD ID definition - Removed htole() dependency, which was included only in glibc 2.9 * TROUSERS_0_3_5 - Allowed TCD Daemon to run with reduced privileges In Solaris. - Fixing previous kfreebsd build patch conflict with the current tree. - TCSD error handling improvements. - mutex init inclusion. - pthread_t portability fix - Owner Evict keys load fix. - Big- endian issues. - Memory leak fix. - Adding missing #include <limits.h>. - kfreebsd build fixes. - Fixed usage of syslog(). - 64bits clean - Fixes the TCP UN and IN socket connection attempt handling - Fixes logic on opening a hardware TPM. - Added communication through TCP to software TPMs in TrouSerS. - Fixed conflicting defines - Adds missing free() - Fixed fread() return value check. - Made the previous fix cleaner and more robust. - Added missing check in order to avoid freeing buffer that's out of Tspi_Data_Seal() scope. - Fixed Tspi_TPM_GetRandom 4kb output limit. * TROUSERS_0_3_4 - Fixed TrouSerS mishandling of TPM auth sessions - Enabled hosttable.c "_init" and "_fini" functions to work on Solaris - Included Solaris in BSD_CONST definition conditional - Made the init script LSB compliant - make distcheck improved * TROUSERS_0_3_3_2 - Fixed logic when filling up RSA keys objects. * TROUSERS_0_3_3_1 - TCSD now runs as tss and has a better signal handling - Fixed many memory handling issues * TROUSERS_0_3_3 - Tspi_ChangeAuth fixed for popup secret use case. - Prefixed exported functions with common names. - Fixed issues with accessing the utmp database. - Migrated the bios parser file handler from open to fopen. * TROUSERS_0_3_2 - Added IMA log parser in conformance with format introduced in linux kernel 2.6.30 - Fixed memory handling issues in src/tspi/tspi_quote2.c and tspi_tick.c - Fixed memory handling issues in tcs/rpc/tcstp/rpc_tick.c - Fixed logic when releasing auth handles, now the TPM won't become out of resources due too many unreleased auth handles there. - Fixed compilation problems when building trousers in Fedora with -fstack-protector & gcc 4.4 - Fixed the legacy usage of a deprecated 1.1 TPM command, now auth sessions can be closed fine. - Fixed key memory cache when evicting keys, invalid key handles were evicted when shouldn't. - Fixed authsess_xsap_init call with wrong handle - Fixed authsess_callback_hmac return code - Fixed validateReturnAuth return value - Added consistency to avoid multiple double free() and bound checks to avoid SEGV - Moved from flock to fcntl since the first isn't supported in multi-thread applications - Added necessary free() and consistency necessary in tspi/tsp_delegate.c to avoid SEGV - Typecast added in trousers.c in the UNICODE conversion functions - Fixed wrong return code in Tspi_NV_ReleaseSpace - Fixed digest computation in Tspi_NV_ReleaseSpace - Fixed tpm_rsp_parse, it previously checked for an additional TPM_AUTH blob, resulting in a incorrect data blog unload. - Added new OpenSSL UI for TSS_SECRET_MODE_POPUP auth mode. - Added workaround to fix namespace conflict with SELINUX - Set SO_REUSEADDR socket option. - Added TSS_SS_RSASSAPKCS1v15_INFO signature scheme definitions and support - TDDL can now be compiled apart from the rest of TrouSerS. - Added #include <limits.h> to remove INT_MAX undeclared error during build. Files updated: trspi/crypto/openssl/symmetric.c, tspi/tspi_aik.c and tspi/tsp_ps.c - Added bounds checking in the data parsing routines of the TCSD's tcstp RPC code, preventing attacks from malicious clients. - Removed commented out code in src/tcs/rpc/tcstp/rpc.c - Commented out old OSAP code, its now unused - Fixed bug in tcsi_bind.c, one too few params were passed to the function parsing the TPM blob. - Fixed lots of erroneous TSPERR and TCSERR calls - Added support for logging all error return codes when debug is on - Check that parent auth is loaded in the load key path outside the mem_cache_lock, if a thread sleeps holding it, we deadlock - Added support for dynamically growing the table that holds sleeping threads inside the auth manager - In tcs_auth_mgr.c, fixed the release handle path, which didn't check if the handle was swapped out before calling to the TPM. - Updates throughout the code supporting the modular build. * TROUSERS_0_3_1 - Added check of return code for ResetDALock call in tspi_admin - Added missing ordinals in tcs_pbg.c as reported by Phil Carmon. - Added support for DSAP sessions and delegating authorizations! - Added support for DSAP sessions inside a transport session. - Prevent Tspi_TPM_GetCapability from switching the endianess of the data returned from a request for TSS_TPMCAP_NV_LIST when that list happens to be sizeof(UINT32). - Fixed trouble in owner_evict_init path for 1.1 TPMs - Fixed multiple problems with changing auth on encrypted data and keys. - Fix for SF#1811120, Tspi_TPM_StirRandom01 test crashes TCSD. - Fix for SF#1805829, ChangeAuth fails to return an error - Fix for SF#1803767, TSS_TSPATTRIB_KEY_PCR_LONG key attribute not implemented - Fix for SF#1802804, Tspi_TPM_Delegate_UpdateVerificationCount problem - Fix for SF#1799935, Tspi_TPM_Delegate_ReadTables bug - Fix for SF#1799912, policy lifetime counter doesn't reset with SetSecret - Fix for SF#1799901, policy lifetime timer doesn't reset with SetSecret - Fix for SF#1779282. Trspi_UnloadBlob_CERTIFY_INFO DNE. - Fix for setting the right kind of PCR struct in the key object * TROUSERS_REDHAT_SUBMIT - Updated ps_inspect utility to more accurately guess if the file you're inspecting is really a persistent storage file. - Fixed endianess issue with certain TPM get caps - Fixed bug in setting credential data in the TSP - Moved secret hash mode code out from inside spec compliance #defines since they're now part of the 1.2 spec. - Better support for NULL parameters to blob manipulation functions - Fix for regression - blank the SRK pubkey copy stored in system persistent storage - Added RPC plumbing for DSAP sessions - Added support for unmasking data on unseal :-) - Implemented encdata PCR_INFO_LONG GetAttrib's - Overhauled OSAP session handling. * TROUSERS_0_3_0 - Added TSS_TCSCAP_PLATFORM_CLASS cap support - Added the Quote2 Commands - Added new TSS 1.2 return codes to Trspi_Error_String. - Added Tspi_Context_GetRegisteredKeysByUUID2 functions to the persistent storage system - Added Tspi_TPM_OwnerGetSRKPubKey and TCS OwnerReadInternalPub code. - Added support for operator auth and Tspi_TPM_SetOperatorAuth. - Added support for Sealx. - Added ordinal auditing support. - Added initial transport session support. - Rewrote TCSD key loading functions. - Added support for UINT64 loading/unloading everywhere. - Created an initial TCS parameter block generator in tcs_pbg.c. - Added support to get_local_random to either allocate a new buffer for the random number or write it to a given buffer. - Removed TCS GetCredentials APIs -- the TSSWG verified that these had accidentally been left in the spec. - Added TCS GetCredential API. - Added NVRAM APIs, donated by James Xu, and others from Intel. - Added TCS GetCredentials functions - Patched the TCS key loading infrastructure to return TCS_E_INVALID_KEY when a handle is used by a context that doesn't have a reference to the key in its keys_loaded list. - Added ASN.1 blob encoding and decoding APIs. - Added tick stamping APIs - Added monotonic counter APIs - Added the Tspi_PcrComposite APIs: GetPcrLocality, SetPcrLocality, SelectPcrIndexEx and GetCompositeHash. - Added new TSS 1.2 return codes for bad EK checksum and invalid resource passed to Tspi_Context_FreeMemory. - Added Christian Kummer's implementation of PCR reset - In PcrExtend, set up the event struct fully before sending to the TCS. - Fixed bug in ActivateIdentity's use of rgbSymCAAttestation. - updated policy handling to match the latest spec. - Fixed bug when 2 TCSD's return the same context number. - Added a check for the size of Tcsi_StirRandom's entropy data. - Added support for TSS 1.2 style keys and PCR info long and short structures. - Added support for TPM_Save/LoadAuthContext. - Grouped all threading functions in one header file, threads.h. - Fix added in TCSD's event parsing code for a segfault when only the number of events is requested. - Several bugs fixed in the Tspi_Context_GetRegisteredKeysByUUID code path in the TSP lib. - Added a lock around all TCSP functions; removed auth_mgr_lock since the TCSP lock now suffices. This fixed some TCSD multi- threaded errors. - hosttable.c: Fixed bug in host table entry removal, thanks to Thomas Winkler for the testcase that helped in finding this. - In the TCS GetPcrEventsByPcr, fixed a bug in calculating the number of events to return. Thanks to Seiji Munetoh. - Added functions to do incremental hashing, removing most large stack allocations in trousers. - Updated blob utility functions to use UINT64's instead of UINT16, which had caused some arbitrary limits in parts of trousers. - Merged in TSS 1.2 header files. - Merged in build changes for embedded. * TROUSERS_0_2 branch created - In obj_policy.c and obj_tpm.c, if NULL is passed in when trying to set a 1.2 style callback, clear the callback address. - Fix in Tspi_TPM_ActivateIdentity: Only validate over the out parameters from the TPM, not the TCS (size of data). - obj_encdata.c: fixed reference of pcrSelect, which caused bad data to be returned as the PCR selection. - added TSS_TSPATTRIB_ENCDATAPCR_DIGEST_ATRELEASE, which was type-o'd in the 1.1 header files. - Fix for SF1570380: Algorithm ID not compliant with TSS spec. - Corrected off by 1 errors in PCR index bounds checking. - Changed logging in the TCSD so that FILE:LINE isn't printed unless debugging is on. - Changed build/code so that the system PS dir is mode 0700, not 1777. It used to be 1777 when user PS was not in ~/.trousers. - Fix for SF1565726: Segfault when connecting from remote host. - Fix for SF1565208: User PS load key by UUID failed. * TROUSERS_0_2_8 - Fixed bug in mc_add_entry, where the PCRInfo data was not being copied into the mem cache with the other fields of the key. - Fixed 2 bugs in spi_getset.c where setting the secret hash mode was passing subFlag to the internal set function instead of ulAttrib. - Added patch to retry the libtspi's recv() call to the TCSD if the call was interrupted before completion. - Made the popup string appear as a label on the popup, not the title. Also, got rid of annoying mouse-over texts. - Added a flag to pass to the get_secret function internally to indicate whether a popup should contain the confirm box. - Added support for callbacks in the identity creation code. - Updated the identity creation code in the TSP/TCS to support AES, DES, 3DES during identity creation. - Added symmetric encryption interfaces for openssl, Trspi. - In Tspi_Hash_Sign, fixed memory leak. - Added SetAttribData functions for RSA modulus/exponent per the upcoming additions to the TSS 1.2 errata 1 spec. - Fixed bug in TCS key cache where if 2 keys had the same public modulus, they could confuse the key cache manager. - Bind/Seal functions now return more descriptive errors codes and won't do the encryption if the data to use is larger than the RSA pubkey. - Made updates to the code/headers for the TSS_VALIDATION struct change to be issued as TSS 1.1 header file errata 1. - Bug fix: In LoadManuMaintPub's wrapping function in the TSP, we incorrectly passed a reference to the pubkey in loading the blob. - Fixed bugs in the maintenance commands, owner auth'd commands were using no auth tags in their commands sent to the TPM. - Fixed SF1546344: Track the release of auth handles by TCS context and take the fContinueAuthSession variable into account when calling the TPM to release a handle. - Fixed SF1545614: deadlock due to auth_mgr_osap taking the auth_mgr_lock before calling ensureKeyIsLoaded, which took the mem_cache_lock. - Added checks to ensure corrupt packets don't crash the tcsd. - Added configure option --with-gui=gtk/none to enable building with no popup support for embedded apps. The default secret mode becomes TSS_SECRET_MODE_NONE for all policies and the default context mode becomes TSS_TSPATTRIB_CONTEXT_SILENT to supress all popups. - Changed the Tspi_GetAttribData function to return a TCPA_PUBKEY blob as is specified in the portable data section. - Added a debugging #define in req_mgr.c to print all data passed to/from the TPM. - Updated Tspi_Context_LoadKeyByUUID to check in-memory keys by UUID when the TCS returns a filled-out loadkey info struct. - Removed the free of all context related memory when the context closes. Allows an app more flexibility in choosing what to free. - Removed check for secret mode None in establishing an OSAP session. Now, a secret of all 0's is used if no secret exists. - Added checks for 2 return codes in secret_TakeOwnership. - Fixed TSS_VERSION problem. There are no specific getcaps for software version vs. TSS spec version. Instead, the TSP's version structure contains spec version and software major/minor. - Removed obj_regdkey list references. * TROUSERS_0_2_7 - Added 3 new TCSD config options to allow admins to set paths to the 3 types of credentials returned on Make Identity calls. - Added an implementation for returning the MANUFACTURER TCS caps. - Added translation of TSS caps that are destined for the TPM. - Updated DirWrite to work correctly (thanks Kylie). - Updated the Tspi_TPM_DirWrite manpage with more info, removed a confusing statement. - Changed the number of loops in TCSP_GetRandom_Internal to 50, which should allow TPMs that return few bytes per request to fullfill up to 4K bytes. - Removed the TCS's getSomeMemory() function, which was really dumb. - Changed the way user PS operates. User PS is now really persistent, its kept in ~/.trousers/users.data, which is created if it doesn't exist. Also, the environment variable TSS_USER_PS_FILE can be set to a path that will override the default location for as long as the TSP context is open. - Lots of memory leaks found in error paths by Coverity, mostly in tcsd_wrap.c. - Fix for SF #1501811, setting some SetAttribUint32 flags not supported. - Lots of updates to the fedora specific RPM specfile. - Fix for SF #1490845, 'make install' overwrites old tcsd.conf - Added code to return TSS_E_POLICY_NO_SECRET when setting up an OIAP or OSAP session. - Added fix for SF #1490745, trousers demands too much from /dev/random. Default random device is now /dev/urandom. - Changed severity of the ioctl fallback print stmts to warning and info. - Added implementation of the maintenance functions. - Added fix for SF #1487664, Offset in PS cache is not updated correctly. - Removed some Atmel specific code and commented out code. - Added some missing auth_mgr_check calls in tcspbg.c. - Fixed some unchecked mallocs in the TSP. - Added build variables to automatically update the TSP library version and TCSD version getcap variables. - Added call to return the modulus of an RSA key on a GetAttribData call. - Added implementation of the migration functions. - Fix for SF 1477178, random numbers get hosed by the tcsd. * TROUSERS_0_2_6 - Removed unnecessary call to obj_encdata_get_data in Tspi_Data_Seal. - Added support for using the trousers.h APIs in C++. - Fixed Tspi_PcrComposite_GetPcrValue's man page, which had left out *'s in two parameters. - Fix for SF 1414817, Quote's PCR object doesn't get set on return. - Lots of function renaming to make code reading clearer. - Return TSS_E_INVALID_OBJ_ACCESS when trying to retrieve data from an encrypted data object that hasn't been set. - Added contact info to the README. - Fix for ordering of params in call to set callback by Tspi_SetAttribUint32. Thanks to Thomas Winkler for the fix. - Fix for SF 1410948, get random numbers from /dev/urandom unless Tspi_TPM_GetRandom is called explicitly. - Fix for SF 1342026, print TPM error codes during bring-up. - Added support for a TCS_LOADKEY_INFO structure returned from a TCSP_LoadKeyByUUID call. - Fixed 2 free_tspi's that should have been plain free's * TROUSERS_0_2_5 - Changed all prints of size_t to %z (matters on 64bit platforms). - Backport of the context and policy object's TSS_TSPATTRIB_SECRET_HASH_MODE attribute from the TSS 1.2 spec. This will allow 1.1 apps to decide whether they want to include the 2 bytes of NULL in the hashes of their secrets. This will in turn allow various TSS's to interoperate better. - SF#1397265 'getpubek' to 'readpubek' in tcsd.conf. - Added an implementation of TSS 1.2 style callbacks. - Added Emily's patch to explain the TSS_DEBUG_OFF flag, added blurb to README. - Fixed bug that only manifested on PPC64: if errno is not set to 0 explicitly before making a call to iconv, iconv will not set it on failure. * TROUSERS_0_2_4 - Updated README with how to use new system.data files. - Added sample system.data files for users who've taken ownership of their TPMs under other OS's. - Updated unicode routines to NULL terminate their strings with the same number of bytes as is the width of the encoding. - Fixed bug in TCS_EnumRegisteredKeys_TP, returned data should be alloc'd on the TSP heap. - Added a logging statement when tcsd_startup fails due to an error returned by the TPM itself. - Fixed validation data in Tspi_TPM_Quote and Tspi_TPM_GetPubEndorsementKey. - Implemented Tspi_TPM_CollateIdentityRequest and Tspi_TPM_ActivateIdentity. - Bug fix in TCSP_Sign_TP, signature should be alloc'd using the TSP heap. - Fix for SF#1351593, authdata was always 0 for the SRK. This was due to the defaults set in Tspi_Context_CreateObject for the SRK key flag. The default SRK key is now set to require auth. If you want an authless SRK, you need to either set the authdatausage attribute directly or pass in your own SRK initFlags to the create object call. - Return bad parameter when no the pcr object is not initialized instead of internal error. - Several fixes added for list locking in the obj_*.c files. - Added initial support for Tspi_TPM_CollateIdentityRequest and its supporting functions (symmetric encryption). - Fix for SF#1338785: Support TSS_TSPATTRIB_HASH_IDENTIFIER. - Changed default kernel and firmware controlled PCRs to none, which should have happened a long time ago. :-/ - Fix for SF#1324108: Tspi_TPM_GetEvents should return a number of events - Fix for RFE#1301441: Fallback support for the device node. ioctl is tried first, if that fails, r/w is tried, if that fails, error is returned. - Fixes for SF#1332479: HMAC and XOR callbacks were being passed wrong params. - Fix for SF#1334235, uuid data wasn't being set correctly when keys were registered or loaded by uuid. - Fix for SF#1332316, Tspi_GetAttribData doesn't always return data alloc'd by TSP. Unicode data returned from the function was being allocated off the TSP heap. - Changed default return value for Tspi_GetAttribUint32 to success. - Corrected Tspi_TPM_PcrExtend manpage to state that the application should fill out the TSS_PCR_EVENT structure. -Fixes for SF BUG#1312194, and SF BUG#1312196. Get Attribs for key usage and size were not being returned correctly. Imported values for size from the TSS 1.2 header files and translated TPM <-> TSP values for key usage in the get attrib calls. - Accepted Halcrow's patch to add a TSP key object removal function, invoked at object close time. This was SF BUG#1276133. - increased the size of the return buffer from TCS to TSP to 8K, so that larger requests won't fail. - added a loop to TCSP_GetRandom_Internal to try several (currently 5) times to get the number of requested bytes from the TPM. Since the TSP has no way to tell an application that a single request failed, this will help improve the odds of a large request succeeding. * TROUSERS_0_2_3 - SF#1291256 bugs fixed. A UINT16 was being passed instead of a UINT32 to TCS_LoadKeyByBlob_Internal. - Removed test in spi_context.c's call to TCS_LoadKeyByUUID, which would always fail, since there was no TCS layer bit set. This kept us in a success path. - Added debug logging functions that print the function name at the beginning of the statement. - Added GetPubKey as an option for TCSD's remote ops. - SF#1249767 bug fixed. UTF16 strings are now hashed when passwords are passed in through the popups. - SF#1286333 bug fixed. New unicode functions added that convert to UTF-16 and from the nl_langinfo(CODESET) encoding. - SF#1285428 bug fixed. obj_context_get_machine_name copied too many bytes out. Code added to Tspi_GetAttribData to convert to UTF16 before returning. * TROUSERS_0_2_2 - deleted section on ssh-askpass in README - Modified popup code to hash UTF16 instead of UTF8. - Restructured TCS calls to the TPM so that all auth sessions are released correctly. - Removed TSP contexts from all Trspi functions and modified all trousers code to free its own memory instead. - Fixed the TSP seal command to allow Sealing with a no-auth key by using null auth data. Also changes the TCS seal to return bad parameter if it gets null auth data. - Removed lots of unused code and made formatting changes. - Don't require Tspi_Key_WrapKey to be connected to succeed and return a default value (or from the environment) if we're doing PCR operations on an unconnected context. - Fixed bug where a tcsd created system.data file was not getting the right version info put into it. - SF BUG#1269290 Fixed: Protect the SRK pub key. Upon taking ownership, the unaltered SRK blob is passed back to the TSP to create a valid key object with the SRK pub key intact. The copies of the SRK pub key data that do into the TCSd's mem cache and PS are zeroed out. From then on, the only way to get the SRK pub key is through Tspi_Key_GetPubKey. - tcspbg.c: deleted unused code and always release auth session on an Unbind call. - Bugfix for SF#1274308, Tspi_Key_CreateKey doesn't add PCRs correctly. Ordering of calls in obj_rsakey_set_pcr_data and calculation of PCRInfo size were incorrect. - Close auth sessions in TCS_GetCapabilityOwner - Removed volatile flag from the SRK key handle at key object create time. This was keeping National TPM's from having the ability to be owned! - Moved calcCompositeHash to obj_pcrs.c and renamed it. - Check returns everywhere for addKeyHandle calls. - Call pthread_mutex_init on the host table's mutex. - Modified TSSWG headers so that code w/o BSD types compiles (such as the PKCS#11 TPM STDLL). - Removed ssh_askpass, since UNICODE must be hashed from the GUI input source. - Updated all manpages to include the TSSWG header file names instead of trousers specific files. - Don't log debug data when TSS_DEBUG_OFF env var is available. - Converted UNICODE to unsigned short and modified code accordingly. - Only allow INADDR_LOCALHOST connections when no remote_ops are defined in the tcsd.conf file. - Bugfix in obj_pcrs.c, setting pcr indices and values was buggy. - Moved macros from trousers_types.h (internal) to trousers.h (external), since new header files make them virtually a requirement - Bugfix for SF#1249780, PCR selection structure was incomplete. - Bugfix for SF#1249769, addKeyHandle now returns a TSS_RESULT. * TROUSERS_0_2_1 - return invalid handle int Tspi_ChangeAuth when hParentObject is not of the right type. - Fixed bug in TCS ps, write_key_init returned the wrong offset. - Fixed mem leak in spi_getset.c:791, found by Coverity. - Fixed mem leak in calltcsapi.c:70, found by Coverity. - Fixed mem leak in tcskcm.c:531, found by Coverity. - Fixed type-o mem leak in tspps.c:319/tcsps.c:349, found by Coverity. - Fixed mem leak bug in memmgr.c:173, found by Coverity. - Fixed bounds error bugs in tcstp.c:38/98, found by Coverity. - Fixed bounds error bug in tcsd_wrap.c:154, found by Coverity. - Fixed unchecked return bug in spi_utils.c:430, found by Coverity. - Fixed unchecked return bug in calltcsapi.c:1159, found by Coverity. - Fixed negative return value bug tcs/ps/ps_utils.c:365, found by Coverity. - Fixed negative array index bug readpass.c:65, found by Coverity. - Fixed null deref bugs spi_tpm.c:1292/1309/1302, and uninitialized variable 1272, found by Coverity. - Fixed null deref bugs spi_context.c:358/378, found by Coverity. - Fixed null deref bug tcspbg.c:1413, found by Coverity. - Fixed null deref bug tcspbg.c:745, found by Coverity. - Fixed null deref bug imaem.c:356, found by Coverity. - changed config file defaults for kernel/firmware pcrs. - added better logging for when user/group "tss" doesn't exist - in sendTCSDPacket: set transmitBuffer to 0 to prevent sending bogus data. - added some sanity checking in getTCSDPacket to prevent segfaults. - added TCSERR where needed in tcs/ps files. - BUG 1233031 fixed, TSP now stores PACKAGE_STRING as the vendor data when registering a key. - Added better debugging of auth mapping table, also closed two auth handles that were getting left opened in CreateWrapKey and Seal/Unseal. - fixed ps_inspect's printing function. - added SELinux files and README.selinux. - updated ps_inspect tool to recognize non-PS files, print out version 1 PS files and added a license statement. Also added ps_convert tool to convert version 0 PS files to version 1. - updated ps_inspect tool to print out blobs and keys. - change assert to DBG_ASSERT in tcs/ps files, also assert that data sizes are > 0 when read off disk. - Lots of malloc error logging changes where %d should have been %u in the print statment. - auth_mgr.c: allow a TSP to open a max of max_auths/2 sessions before its denied any more, for TPMs that can handle a lot of auth sessions. - Big-endian fixes for the persistent store functions. Trousers now runs fine on ppc64, for example. - BUG 1226617: Audit of code for auth handle termination. - Use @PACKAGE_BUGREPORT@ instead of a static email addr in manpages. - Added man page for tcsd.conf in section 5. - Bugfix in remove_table_entry. Host table head was left pointing at free'd memory. - corrected comment in spi_context.c. - added 64bit stuff to configure.in - fixed bug in Tspi_ChangeAuth where parent object was assumed to be an rsakey. - fixed debug logging of data. - modified calcCompositeHash for accepting incomplete pcr select structures & to fill out the structure correctly. * TROUSERS_0_2_0 - removed unused code and added debugging in clearUnusedKeys(). - Updated README with info on the 2.6.12 kernel device driver. - fixed bug in calculating pcr select size - fixed bug in init'ing PCRS, spi_utils.c:431 - Changed TCPA sig schemes to TSS sig schemes in Hash_VerifySignature. - Implemented Tspi_Context_GetKeyByPublicInfo on the TCS side. - Fixed PS bug in storing the pub key data. - Implemented Tspi_Key_UnloadKey - Implemented the guts of Tspi_Key_CertifyKey, which now works in at least the case where both keys passed in are authless. - in obj_rsakey_set_es/ss, added mapping from TCPA numbers to TSS numbers and vice versa. - added #includes in readpass.c to get rid of compile errors. (thanks Emily). - Fixed popup secret handling. Bug #1194607 closed. - Fixed up the LogBlobData functions, no more strcat. Bug #1221974 closed. - changed sprintf's to snprintf. Bug #1221932 closed. - Changed the TCPA_RSA_KEY_PARMS management at key creation time. - Re-implemented TSP object management. - Integrated TSSWG header files. - Added valid_keys variable for the debugging build of tcs/ps/ps_utils.c. - Changed >= to > in openssl/crypto.c to correct off by one in checking the size of the input data. - added cvs commit logging to CVSROOT/loginfo file. * TROUSERS_0_1_11 - Changed TCSD logging to only log on remote connection attempts, local connections will be left silent. - mended compiled time warnings - updated src/tspi/Makefile.am to respect libtool. - added x86_64 case to configure.in - added args to print stmt tcsd_wrap.c:3640 (thanks Kylie). - commited fix for detecting past runlevel states (thanks Kylie). - committed fix for RNG problem: a TPM's RNG is disabled when the TPM is in the disabled state, yet needs a random number to open an OSAP session to call the owner auth'd TPM enable command. - added code for CreatePubEK plumbing (thanks Kylie). - fixed a couple signed/unsigned comparison warnings - fixed endianess stuff in TPM GetCap spi_tpm.c. - added Trspi_Error functions to manipulate TSS_RESULTs. - Fixed order of receiving for the TCS_OwnerReadPubek call (thanks Kylie). - Added defns for volatile and non-volatile flags (thanks Kylie). - Added Trspi_Error, which converts a TSS_RESULT to a string. (thanks Kylie). - In tcsd_wrap.c, added function bodies for tcs_wrap_OwnerClear, tcs_wrap_DisablePubekRead, tcs_wrap_OwnerReadPubek, tcs_wrap_DisableForceClear and tcs_wrap_DisableOwnerClear. (thanks Kylie). - Added an unload of the auth returned from the TPM in TCSP_OwnerReadPubek_Internal. (thanks Kylie). - Corrected the TAG for the TPM command in TCSP_OwnerReadPubek_Internal. (thanks Kylie). * TROUSERS_0_1_10 - Updated implementation of Tspi_Key_WrapKey. - Added missing goto in ReadPubEK in tcstp.c. (thanks Kylie). - Added function guts for various functions in tcstp.c. (thanks Kylie). - In Tspi_TPM_SetStatus, do the right in the physical presence path based on boolean. (thanks Kylie). - Actually pass in the bool flag on TCSP_PhysicalPresence_Internal (thanks Kylie). - corrected force clear logic in spi_tpm.c:818 (thanks Kylie). - fixed error return code check to socket() syscall clntside.c:52. - added comment about TDDL reries and added log statement when a physical presence command is denied because of runlevel. - Fixed Tspi_Hash_VerifySignature to check signatures based on the signature scheme of the key in use. Also, crypto.c was changed to do a verify based on TSS_HASH_OTHER. - Added 2 new highlevel Unbind testcases to test PKCS1.5 vs OAEP. - In Tspi_Context_LoadKeyByUUID, the uninitialized keyBlob variable was causing an invalid free on exit. Corrected that. - changed return value from internal error to invalid handle when a bad object handle is passed to Tspi_Hash_Sign and the Tspi_Data functions. - added Tspi_TPM_CertifySelfTest functionality - corrected iptables string in the tcsd manpage. - Corrected return code in Tspi_Key_UnloadKey02.c testcase. - enabled Tspi_TPM_GetTestResult functionality - added selftest as an option to the list of remote ops for the access control - added compatibility with openssh-askpass for the popup dialog box. Now either gtk2-devel OR openssh-askpass must be installed to build trousers. Using openssh-askpass reduces the size of libtspi.so by about 40K and reduces the number of dependencies from 26 to 6! - Bugfixes - The entityType field was being passed between the TCSD and TSP as a UINT32 instead of UINT16. This was keeping Tspi_ChangeAuth from working as advertised. - Secrets were being hashed incorrectly when secret mode was PLAIN and the secret data length was 0. Now, when secret mode is plain, the passed in data is always hashed, even if its 0 length. - Popups are hopefully being handled more correctly now. Previously the dialog popped up at the time SetSecret was called, but now its just when the secret is actually needed. - sf.net Bug #118026: memory allocations and free's fixed in almost all paths from app to tcstp.c wrt correctly returning calloc_tspi'd memory vs. malloc'd memory. Only problem remaining is the PCR event functions, which have dangling malloc'd references, which is an architectural problem which should be solved in the 1.2 rewrite. * TROUSERS_0_1_9 - added tcsd manpage - added access control functionality so that sets of ordinals cannot be executed by non-local hosts. This is now a configurable option in tcsd.conf as "remote_ops". - Set Physical Presence now works from the TSP when the TCSD detects that it is running in single user mode. When not running in single user mode, the TCS_PhysicalPresence command returns TSS_E_NOTIMPL. - Changed an fprintf to LogError in gtk/support.c - TCP/IP server-side fixes in svrside.c - various compile warnings fixed - moved commonly used utility functions to trspi/trousers.c and exported these functions in the header file tss/trousers.h. - added new testcases for ChangeAuth of the TPM owner and SRK in tcg/highlevel/tspi. - added test tcg/highlevel/tpm/Tspi_TPM_PcrRead04.c - updated Tspi_TPM_GetCapability manpage. - added code to detect a 1.2 TPM and get auth sessions the 1.2 way. - added manpage for Tspi_TPM_GetPubEndorsementKey - Bugfixes - in crypto.c, encrypted data area should be RSA_size(rsa) bytes large, not always 256. This was keeping non-2048 bit keys from working with the TPM keyring app. - Fixed detection of an already closed Tddl. - Allow validating the entire TCPA_PUBKEY structure in Tspi_TPM_GetPubEndorsementKey, as National chips do this. - Added support for TSS_TPMCAP_ORD and TSS_TPMCAP_FLAG in Tspi_TPM_GetCapability, which required a call to TCSP_GetCapabilityOwner to fetch the TPM's internal flags. Added tcg/highlevel/tpm/Tspi_TPM_GetCapability0{4,5}.c to test. - When loading the SRK from TCS PS, the TCS key handle should now be 0x40000000 (TSS_SRK_KEY_HANDLE). There were checks for this in the ChangeAuth code paths, which caused failing of various sorts. - Bug fixed in roll over of TCS key handle generation. Previously we would have smashed the SRK's fixed value and we would have thought there were 2 SRK's loaded. - sf.net bug #1154611, old SRK was not being removed from mem cache, though disk cache was being deleted. This means that after re-taking ownership the mem cache was corrupted until a restart of the TCSD. - Feature Requests - sf.net RFE #1122608 completed. Several different device locations are now supported by default. If /dev/tpm is created its assumed that the IBM Research device driver is being used and therefore ioctl's are sent to the driver, all others get read/write's. Updated README. * TROUSERS_0_1_8 - added a manpage for Tspi_TPM_PcrExtend - added SHA1_HASH_SIZE #define tied to openssl/sha.h - Corrected typo in tcpa_types.h of pValdationData -> pValidationData - updated README with info on device file stuff - added a usage function and long options to tcsd - added an error message when incorrect params are passed to tcsd on the command line. - added -lcrypto and -lpthread to the build of libtspi.so, so that app writers will avoid having to include those when they don't have to. - Connected up Tspi_TPM_SetStatus and Tspi_TPM_SelfTestFull to TCSP_SetTempDeactivated, TCSP_SelfTestFull, TCSP_SetOwnerInstall, TCSP_OwnerSetDisable and TCSP_PhysicalDisable. - Bugfixes - tcsem.c:507, error in calculating number of PCR events to copy out. - sf.net bug #1151183 fixed. Tspi_TPM_GetPubEndorsementKey now takes the correct number of params, and all testcases/TSS calls are changed. - sf.net bug #1113313 fixed. Tspi_TPM_TakeOwnership now allows a NULL pub endorsement key handle and a testcase, tcg/highlevel/tpm/Tspi_TPM_TakeOwnership03.c, exists to test this. - In Tspi_SetAttribData, set the TCPA_KEY's privkey, not the wrapper object on a TSS_TSPATTRIB_KEYBLOB_PRIVATE_KEY. * TROUSERS_0_1_7 - Fixed the logging up so that if tcsd -f is specified, all logs go the foreground, else all logs go to syslog. - Moved the TPM_IOCTL #define into the tddl.h file. Now, if you're using the IBM research device driver, compiling with #define TPM_IOCTL will use ioctl's to open /dev/tpm and #undef TPM_IOCTL will use read/write calls to /dev/tpm0. - Revert accidental change in tddl.c - Lots of 0's replaced with non-magic #define's in the TSP code - In spi_getset.c: removed unimportant debugging stmts; make Tspi_{Get|Set}AttribData set the correct public and private key data when asked to. - Lots of manpage verbage changes. - added new manpages for: Tspi_TPM_TakeOwnership, Tspi_Key_LoadKey, Tspi_Context_Create and Tspi_TPM_ClearOwner. - Bugfixes - cxt.c: when destroying a context object, release the tcs_ctx_lock before calling ctx_ref_count_keys(). This prevents a deadlock. - added a mutex unlock call for an error path that would have caused a deadlock * TROUSERS_0_1_6 - Logging functionality changes only, for bug #1106301 - TCSD: - Logs now go to stdout/stderr until a successful startup - After a successful startup, cmdline args are parsed - if -f is specified, logging continues to stdout/stderr and daemon runs in the foreground, killable by ctrl-c. - If -f is not specified, logs go to syslog and the tcsd forks into the background - TSP library - If compiled w/o debugging, there is no logging of any kind - If compiled w/ debugging, all logs go to stdout/stderr, unless the environment variable TSS_DEBUG_OFF is set, then, there is no logging of any kind - There is no longer a --enable-stderrlog option to the configure script * TROUSERS_0_1_5 - Complete memory management overhaul. calloc_tspi is now used to clean up memory allocated by Tspi functions. TCS blob functions have been changed to not require a context, since there's no need w/o calloc_tspi. Its now necessary to call free explicitly everywhere in the TCS. In the TSP, calloc_tspi is now always called with the TSP context of the session, which would will ensure all memory allocated by the session is accounted for. - Unused #defines and variables removed from spi_utils.h - Commented out code removed throughout the source. - Removed log.o on a 'make clean'. - commented out unnecessary logging, added more descriptive logging - renamed variables named 'hContext' to specifiy whether they represent TSP of TCS context handles. - got rid of a few magic numbers - Bugfixes - in tcs/cache.c, getNextTimeStamp() was unlocking the mutex twice. - removed destroy_key_refs() in TSP, which caused double free errors - added call to event_log_final() in tcsd_shutdown() to clean up the event log - added an intermediate copy stage of data in getTCSDPacket() to avoid memcpy() calls with overlapping source and dest fields. * TROUSERS_0_1_4 - added ChangeLog :-) - TSP object management overhaul. All API's should be correct for contexts whether they're connected to a TCS or not. - testsuite changes based on object mgmt overhaul - various internal fixes and simplifications of the code due to object mgmt overhaul * TROUSERS_0_1_3 - added helpful message when package gtk2-devel is not found in configure.in - chown changes in dist/Makefile for new syntax - added detailed flags to various manpages - TSP memory management overhaul - added more complete destroy_key_refs() function - Bugfixes - quashed memory leaks in TSP found by valgrind - return TRUE/FALSE from getAttribData - added TSS_TSPATTRIB_KEYINFO_SIZE to Tspi_GetAttribData - call free() not Tspi_Context_FreeMemory() in spi_utils.c * TROUSERS_0_1_2 - added bug report mailing list to configure.in - added --enable-stderrlog feature to configure.in - Marked Tspi_TPM_GetCapabilitySigned as not implemented (per TSS v1.1b spec) - Bugfixes - Removed common.h from Tspi_Context_RegisterKey manpage - added endianess macros to spi_utils.h - made all endianess fixes to the TSP and testsuite - logging improvements tcspbg.c - tcs_utils.c compile time warning quashed * TROUSERS_0_1_1 - Updated design doc - Updated README - More sensible function naming (no addNewObject, just addObject) - Bugfixes - return data correctly in Tspi_GetAttribData - malloc space for returned UUID correctly in tspps.c - log errors in tddl.c - follow a failure path in auth_mgr.c - don't always return success in req_mgr.c * TROUSERS_0_1_0 - Initial code drop