xref: /netbsd-src/crypto/external/cpl/trousers/dist/ChangeLog (revision 122b5006ee1bd67145794b4cde92f4fe4781a5ec) 
1* TROUSERS_0_3_14
2- Changes to support OpenSSL 1.1.0
3- Removed some warnings for proper builds
4- Changes to allow building on OS X
5- Fixed memory leaks
6- Fixed failure to recognize connections from localhost over IPv6
7- Fixed for an exploitable local denial of service in tcsd
8
9* TROUSERS_0_3_13
10- Changed exported functions which had a name too common, to avoid collision
11- Assessed daemon security using manual techniques and coverit
12- Fixed major security bugs and memory leaks
13- Added debug support to run tcsd with a different user/group
14- Daemon now properly closes sockets before shutting down
15
16* TROUSERS_0_3_12
17- Added new network code for RPC, which supports IPv6
18- Users of client applications can configure the hostname of the tcsd server
19they want to connect through the TSS_TCSD_HOSTNAME env var (only works if
20application didn't set a hostname in the context)
21- Added disable_ipv4 and disable_ipv6 config options for server
22
23* TROUSERS_0_3_11
24- Fix build process for distros
25- License was changed from GPL to BSD
26- Many bugfixes
27- updated man pages
28
29* TROUSERS_0_3_8
30
31- Fix ssl_ui.c overflow
32- Handling of TPM_CERTIFY_INFO2 structure special case
33- Fix possible obfuscation of obj_migdata.c errors.
34- Make 1.2 keys respect the TPM_PCRIGNOREDONREAD flag.
35- PCRInfo member allocation in Trspi_Unload_CERTIFY_INFO.
36- Add functions for deserializing NVRAM related data structures
37- Add NVRAM specific error messages
38- Fix spec file so one can build an rpm
39- Initialize the tcsd_config_file with NULL.
40- support for -c <configfile> command line option
41- Establish a .gitignore file
42- ENDIAN_H and htole definition fix
43
44* TROUSERS_0_3_7
45
46- __tspi_freeTable wrong call
47- Owner Evict pubkey setup fix
48- The "HAVE_ENDIAN_H" check is missing from configure.in, but it appears to be needed in a couple of the source files.
49- tspi_context.c fix (memleak)
50- Added the missing setup of a tcs handle for owner evict keys.
51- No need to initialize the flock structure.
52- flock to fcntl change
53- Fixed cleanup code in svrside.c
54- Avoid warning of missing return in tcsd_thread_run()
55- printf() warning fix
56- Moved hDAA debug message after initialization
57- Additional length check
58- Tspi_NV_DefineSpace secret check fix
59
60* TROUNSERS_0_3_6
61
62- Fixed a number of warnings during a build with --debug regarding THREAD ID
63  definition
64- Removed htole() dependency, which was included only in glibc 2.9
65
66* TROUSERS_0_3_5
67
68- Allowed TCD Daemon to run with reduced privileges In Solaris.
69- Fixing previous kfreebsd build patch conflict with the current tree.
70- TCSD error handling improvements.
71- mutex init inclusion.
72- pthread_t portability fix
73- Owner Evict keys load fix.
74- Big- endian issues.
75- Memory leak fix.
76- Adding missing #include <limits.h>.
77- kfreebsd build fixes.
78- Fixed usage of syslog().
79- 64bits clean
80- Fixes the TCP UN and IN socket connection attempt handling
81- Fixes logic on opening a hardware TPM.
82- Added communication through TCP to software TPMs in TrouSerS.
83- Fixed conflicting defines
84- Adds missing free()
85- Fixed fread() return value check.
86- Made the previous fix cleaner and more robust.
87- Added missing check in order to avoid freeing buffer that's out of Tspi_Data_Seal() scope.
88- Fixed Tspi_TPM_GetRandom 4kb output limit.
89
90* TROUSERS_0_3_4
91
92- Fixed TrouSerS mishandling of TPM auth sessions
93- Enabled hosttable.c "_init" and "_fini" functions to work on Solaris
94- Included Solaris in BSD_CONST definition conditional
95- Made the init script LSB compliant
96- make distcheck improved
97
98* TROUSERS_0_3_3_2
99
100- Fixed logic when filling up RSA keys objects.
101
102* TROUSERS_0_3_3_1
103
104- TCSD now runs as tss and has a better signal handling
105- Fixed many memory handling issues
106
107* TROUSERS_0_3_3
108
109- Tspi_ChangeAuth fixed for popup secret use case.
110- Prefixed exported functions with common names.
111- Fixed issues  with accessing the utmp database.
112- Migrated the bios parser file handler from open to fopen.
113
114* TROUSERS_0_3_2
115
116- Added IMA log parser in conformance with format introduced in linux kernel 2.6.30
117- Fixed memory handling issues in src/tspi/tspi_quote2.c and tspi_tick.c
118- Fixed memory handling issues in tcs/rpc/tcstp/rpc_tick.c
119- Fixed logic when releasing auth handles, now the TPM won't become out of
120resources due too many unreleased auth handles there.
121- Fixed compilation problems when building trousers in Fedora with
122-fstack-protector & gcc 4.4
123- Fixed the legacy usage of a deprecated 1.1 TPM command, now auth sessions
124can be closed fine.
125- Fixed key memory cache when evicting keys, invalid key handles were evicted
126when shouldn't.
127- Fixed authsess_xsap_init call with wrong handle
128- Fixed authsess_callback_hmac return code
129- Fixed validateReturnAuth return value
130- Added consistency to avoid multiple double free() and bound checks to avoid
131SEGV
132- Moved from flock to fcntl since the first isn't supported in multi-thread
133applications
134- Added necessary free() and consistency necessary in tspi/tsp_delegate.c to avoid SEGV
135- Typecast added in trousers.c in the UNICODE conversion functions
136- Fixed wrong return code in Tspi_NV_ReleaseSpace
137- Fixed digest computation in Tspi_NV_ReleaseSpace
138- Fixed tpm_rsp_parse, it previously checked for an additional TPM_AUTH blob,
139resulting in a incorrect data blog unload.
140- Added new OpenSSL UI for TSS_SECRET_MODE_POPUP auth mode.
141- Added workaround to fix namespace conflict with SELINUX
142- Set SO_REUSEADDR socket option.
143- Added TSS_SS_RSASSAPKCS1v15_INFO signature scheme definitions and support
144- TDDL can now be compiled apart from the rest of TrouSerS.
145- Added #include <limits.h> to remove INT_MAX undeclared error
146  during build. Files updated: trspi/crypto/openssl/symmetric.c,
147  tspi/tspi_aik.c and tspi/tsp_ps.c
148- Added bounds checking in the data parsing routines of the TCSD's
149tcstp RPC code, preventing attacks from malicious clients.
150- Removed commented out code in src/tcs/rpc/tcstp/rpc.c
151- Commented out old OSAP code, its now unused
152- Fixed bug in tcsi_bind.c, one too few params were passed to
153the function parsing the TPM blob.
154- Fixed lots of erroneous TSPERR and TCSERR calls
155- Added support for logging all error return codes when debug
156is on
157- Check that parent auth is loaded in the load key path outside
158the mem_cache_lock, if a thread sleeps holding it, we deadlock
159- Added support for dynamically growing the table that holds
160sleeping threads inside the auth manager
161- In tcs_auth_mgr.c, fixed the release handle path, which didn't
162check if the handle was swapped out before calling to the TPM.
163- Updates throughout the code supporting the modular build.
164
165* TROUSERS_0_3_1
166
167- Added check of return code for ResetDALock call in tspi_admin
168- Added missing ordinals in tcs_pbg.c as reported by Phil Carmon.
169- Added support for DSAP sessions and delegating authorizations!
170- Added support for DSAP sessions inside a transport session.
171- Prevent Tspi_TPM_GetCapability from switching the endianess of
172the data returned from a request for TSS_TPMCAP_NV_LIST when that
173list happens to be sizeof(UINT32).
174- Fixed trouble in owner_evict_init path for 1.1 TPMs
175- Fixed multiple problems with changing auth on encrypted data
176and keys.
177- Fix for SF#1811120, Tspi_TPM_StirRandom01 test crashes TCSD.
178- Fix for SF#1805829, ChangeAuth fails to return an error
179- Fix for SF#1803767, TSS_TSPATTRIB_KEY_PCR_LONG key attribute
180not implemented
181- Fix for SF#1802804, Tspi_TPM_Delegate_UpdateVerificationCount
182problem
183- Fix for SF#1799935, Tspi_TPM_Delegate_ReadTables bug
184- Fix for SF#1799912, policy lifetime counter doesn't reset with
185SetSecret
186- Fix for SF#1799901, policy lifetime timer doesn't reset with
187SetSecret
188- Fix for SF#1779282. Trspi_UnloadBlob_CERTIFY_INFO DNE.
189- Fix for setting the right kind of PCR struct in the key object
190
191* TROUSERS_REDHAT_SUBMIT
192
193- Updated ps_inspect utility to more accurately guess if the file
194you're inspecting is really a persistent storage file.
195- Fixed endianess issue with certain TPM get caps
196- Fixed bug in setting credential data in the TSP
197- Moved secret hash mode code out from inside spec compliance
198#defines since they're now part of the 1.2 spec.
199- Better support for NULL parameters to blob manipulation
200functions
201- Fix for regression - blank the SRK pubkey copy stored in system
202persistent storage
203- Added RPC plumbing for DSAP sessions
204- Added support for unmasking data on unseal :-)
205- Implemented encdata PCR_INFO_LONG GetAttrib's
206- Overhauled OSAP session handling.
207
208* TROUSERS_0_3_0
209
210- Added TSS_TCSCAP_PLATFORM_CLASS cap support
211- Added the Quote2 Commands
212- Added new TSS 1.2 return codes to Trspi_Error_String.
213- Added Tspi_Context_GetRegisteredKeysByUUID2 functions
214to the persistent storage system
215- Added Tspi_TPM_OwnerGetSRKPubKey and TCS OwnerReadInternalPub
216code.
217- Added support for operator auth and Tspi_TPM_SetOperatorAuth.
218- Added support for Sealx.
219- Added ordinal auditing support.
220- Added initial transport session support.
221- Rewrote TCSD key loading functions.
222- Added support for UINT64 loading/unloading everywhere.
223- Created an initial TCS parameter block generator in tcs_pbg.c.
224- Added support to get_local_random to either allocate a new
225buffer for the random number or write it to a given buffer.
226- Removed TCS GetCredentials APIs -- the TSSWG verified that these
227had accidentally been left in the spec.
228- Added TCS GetCredential API.
229- Added NVRAM APIs, donated by James Xu, and others from Intel.
230- Added TCS GetCredentials functions
231- Patched the TCS key loading infrastructure to return
232TCS_E_INVALID_KEY when a handle is used by a context that doesn't
233have a reference to the key in its keys_loaded list.
234- Added ASN.1 blob encoding and decoding APIs.
235- Added tick stamping APIs
236- Added monotonic counter APIs
237- Added the Tspi_PcrComposite APIs: GetPcrLocality,
238SetPcrLocality, SelectPcrIndexEx and GetCompositeHash.
239- Added new TSS 1.2 return codes for bad EK checksum and
240invalid resource passed to Tspi_Context_FreeMemory.
241- Added Christian Kummer's implementation of PCR reset
242- In PcrExtend, set up the event struct fully before sending
243to the TCS.
244- Fixed bug in ActivateIdentity's use of rgbSymCAAttestation.
245- updated policy handling to match the latest spec.
246- Fixed bug when 2 TCSD's return the same context number.
247- Added a check for the size of Tcsi_StirRandom's entropy data.
248- Added support for TSS 1.2 style keys and PCR info long and
249  short structures.
250- Added support for TPM_Save/LoadAuthContext.
251- Grouped all threading functions in one header file, threads.h.
252- Fix added in TCSD's event parsing code for a segfault when only
253  the number of events is requested.
254- Several bugs fixed in the Tspi_Context_GetRegisteredKeysByUUID
255  code path in the TSP lib.
256- Added a lock around all TCSP functions; removed auth_mgr_lock
257  since the TCSP lock now suffices. This fixed some TCSD multi-
258  threaded errors.
259- hosttable.c: Fixed bug in host table entry removal, thanks
260  to Thomas Winkler for the testcase that helped in finding this.
261- In the TCS GetPcrEventsByPcr, fixed a bug in calculating
262  the number of events to return. Thanks to Seiji Munetoh.
263- Added functions to do incremental hashing, removing most
264  large stack allocations in trousers.
265- Updated blob utility functions to use UINT64's instead of
266  UINT16, which had caused some arbitrary limits in parts of
267  trousers.
268- Merged in TSS 1.2 header files.
269- Merged in build changes for embedded.
270
271* TROUSERS_0_2 branch created
272
273- In obj_policy.c and obj_tpm.c, if NULL is passed in when trying
274  to set a 1.2 style callback, clear the callback address.
275- Fix in Tspi_TPM_ActivateIdentity: Only validate over the out
276  parameters from the TPM, not the TCS (size of data).
277- obj_encdata.c: fixed reference of pcrSelect, which caused
278  bad data to be returned as the PCR selection.
279- added TSS_TSPATTRIB_ENCDATAPCR_DIGEST_ATRELEASE, which was
280  type-o'd in the 1.1 header files.
281- Fix for SF1570380: Algorithm ID not compliant with TSS spec.
282- Corrected off by 1 errors in PCR index bounds checking.
283- Changed logging in the TCSD so that FILE:LINE isn't printed
284  unless debugging is on.
285- Changed build/code so that the system PS dir is mode 0700, not
286  1777.  It used to be 1777 when user PS was not in ~/.trousers.
287- Fix for SF1565726: Segfault when connecting from remote host.
288- Fix for SF1565208: User PS load key by UUID failed.
289
290* TROUSERS_0_2_8
291
292- Fixed bug in mc_add_entry, where the PCRInfo data was not being
293  copied into the mem cache with the other fields of the key.
294- Fixed 2 bugs in spi_getset.c where setting the secret hash mode
295  was passing subFlag to the internal set function instead of
296  ulAttrib.
297- Added patch to retry the libtspi's recv() call to the TCSD
298  if the call was interrupted before completion.
299- Made the popup string appear as a label on the popup, not the
300  title. Also, got rid of annoying mouse-over texts.
301- Added a flag to pass to the get_secret function internally to
302  indicate whether a popup should contain the confirm box.
303- Added support for callbacks in the identity creation code.
304- Updated the identity creation code in the TSP/TCS to support
305  AES, DES, 3DES during identity creation.
306- Added symmetric encryption interfaces for openssl, Trspi.
307- In Tspi_Hash_Sign, fixed memory leak.
308- Added SetAttribData functions for RSA modulus/exponent per
309  the upcoming additions to the TSS 1.2 errata 1 spec.
310- Fixed bug in TCS key cache where if 2 keys had the same public
311  modulus, they could confuse the key cache manager.
312- Bind/Seal functions now return more descriptive errors codes
313  and won't do the encryption if the data to use is larger than
314  the RSA pubkey.
315- Made updates to the code/headers for the TSS_VALIDATION struct
316  change to be issued as TSS 1.1 header file errata 1.
317- Bug fix: In LoadManuMaintPub's wrapping function in the TSP,
318  we incorrectly passed a reference to the pubkey in loading the
319  blob.
320- Fixed bugs in the maintenance commands, owner auth'd commands
321  were using no auth tags in their commands sent to the TPM.
322- Fixed SF1546344: Track the release of auth handles by TCS
323  context and take the fContinueAuthSession variable into account
324  when calling the TPM to release a handle.
325- Fixed SF1545614: deadlock due to auth_mgr_osap taking the
326  auth_mgr_lock before calling ensureKeyIsLoaded, which took the
327  mem_cache_lock.
328- Added checks to ensure corrupt packets don't crash the tcsd.
329- Added configure option --with-gui=gtk/none to enable building
330  with no popup support for embedded apps. The default secret
331  mode becomes TSS_SECRET_MODE_NONE for all policies and the
332  default context mode becomes TSS_TSPATTRIB_CONTEXT_SILENT to
333  supress all popups.
334- Changed the Tspi_GetAttribData function to return a TCPA_PUBKEY
335  blob as is specified in the portable data section.
336- Added a debugging #define in req_mgr.c to print all data passed
337  to/from the TPM.
338- Updated Tspi_Context_LoadKeyByUUID to check in-memory keys by
339  UUID when the TCS returns a filled-out loadkey info struct.
340- Removed the free of all context related memory when the context
341  closes. Allows an app more flexibility in choosing what to free.
342- Removed check for secret mode None in establishing an OSAP
343  session. Now, a secret of all 0's is used if no secret exists.
344- Added checks for 2 return codes in secret_TakeOwnership.
345- Fixed TSS_VERSION problem. There are no specific getcaps for
346  software version vs. TSS spec version. Instead, the TSP's
347  version structure contains spec version and software major/minor.
348- Removed obj_regdkey list references.
349
350* TROUSERS_0_2_7
351
352- Added 3 new TCSD config options to allow admins to set paths
353  to the 3 types of credentials returned on Make Identity calls.
354- Added an implementation for returning the MANUFACTURER TCS
355  caps.
356- Added translation of TSS caps that are destined for the TPM.
357- Updated DirWrite to work correctly (thanks Kylie).
358- Updated the Tspi_TPM_DirWrite manpage with more info, removed
359  a confusing statement.
360- Changed the number of loops in TCSP_GetRandom_Internal to 50,
361  which should allow TPMs that return few bytes per request to
362  fullfill up to 4K bytes.
363- Removed the TCS's getSomeMemory() function, which was really
364  dumb.
365- Changed the way user PS operates. User PS is now really
366  persistent, its kept in ~/.trousers/users.data, which is
367  created if it doesn't exist. Also, the environment variable
368  TSS_USER_PS_FILE can be set to a path that will override the
369  default location for as long as the TSP context is open.
370- Lots of memory leaks found in error paths by Coverity, mostly
371  in tcsd_wrap.c.
372- Fix for SF #1501811, setting some SetAttribUint32 flags not
373  supported.
374- Lots of updates to the fedora specific RPM specfile.
375- Fix for SF #1490845, 'make install' overwrites old tcsd.conf
376- Added code to return TSS_E_POLICY_NO_SECRET when setting up
377  an OIAP or OSAP session.
378- Added fix for SF #1490745, trousers demands too much from
379  /dev/random. Default random device is now /dev/urandom.
380- Changed severity of the ioctl fallback print stmts to
381  warning and info.
382- Added implementation of the maintenance functions.
383- Added fix for SF #1487664, Offset in PS cache is not
384  updated correctly.
385- Removed some Atmel specific code and commented out code.
386- Added some missing auth_mgr_check calls in tcspbg.c.
387- Fixed some unchecked mallocs in the TSP.
388- Added build variables to automatically update the TSP
389  library version and TCSD version getcap variables.
390- Added call to return the modulus of an RSA key on a
391  GetAttribData call.
392- Added implementation of the migration functions.
393- Fix for SF 1477178, random numbers get hosed by the tcsd.
394
395* TROUSERS_0_2_6
396
397- Removed unnecessary call to obj_encdata_get_data in
398 Tspi_Data_Seal.
399- Added support for using the trousers.h APIs in C++.
400- Fixed Tspi_PcrComposite_GetPcrValue's man page, which had
401 left out *'s in two parameters.
402- Fix for SF 1414817, Quote's PCR object doesn't get set on
403 return.
404- Lots of function renaming to make code reading clearer.
405- Return TSS_E_INVALID_OBJ_ACCESS when trying to retrieve data
406 from an encrypted data object that hasn't been set.
407- Added contact info to the README.
408- Fix for ordering of params in call to set callback by
409  Tspi_SetAttribUint32. Thanks to Thomas Winkler for the fix.
410- Fix for SF 1410948, get random numbers from /dev/urandom
411  unless Tspi_TPM_GetRandom is called explicitly.
412- Fix for SF 1342026, print TPM error codes during bring-up.
413- Added support for a TCS_LOADKEY_INFO structure returned from
414 a TCSP_LoadKeyByUUID call.
415- Fixed 2 free_tspi's that should have been plain free's
416
417* TROUSERS_0_2_5
418
419- Changed all prints of size_t to %z (matters on 64bit platforms).
420- Backport of the context and policy object's
421 TSS_TSPATTRIB_SECRET_HASH_MODE attribute from the TSS 1.2 spec.
422 This will allow 1.1 apps to decide whether they want to
423 include the 2 bytes of NULL in the hashes of their secrets.
424 This will in turn allow various TSS's to interoperate better.
425- SF#1397265 'getpubek' to 'readpubek' in tcsd.conf.
426- Added an implementation of TSS 1.2 style callbacks.
427- Added Emily's patch to explain the TSS_DEBUG_OFF flag, added
428 blurb to README.
429- Fixed bug that only manifested on PPC64: if errno is not set
430to 0 explicitly before making a call to iconv, iconv will not
431set it on failure.
432
433* TROUSERS_0_2_4
434
435 - Updated README with how to use new system.data files.
436 - Added sample system.data files for users who've taken
437 ownership of their TPMs under other OS's.
438 - Updated unicode routines to NULL terminate their strings
439 with the same number of bytes as is the width of the
440 encoding.
441 - Fixed bug in TCS_EnumRegisteredKeys_TP, returned data should
442 be alloc'd on the TSP heap.
443 - Added a logging statement when tcsd_startup fails due to an
444 error returned by the TPM itself.
445 - Fixed validation data in Tspi_TPM_Quote and
446 Tspi_TPM_GetPubEndorsementKey.
447 - Implemented Tspi_TPM_CollateIdentityRequest and
448 Tspi_TPM_ActivateIdentity.
449 - Bug fix in TCSP_Sign_TP, signature should be alloc'd using
450 the TSP heap.
451 - Fix for SF#1351593, authdata was always 0 for the SRK. This
452 was due to the defaults set in Tspi_Context_CreateObject for
453 the SRK key flag. The default SRK key is now set to require
454 auth. If you want an authless SRK, you need to either set
455 the authdatausage attribute directly or pass in your own
456 SRK initFlags to the create object call.
457 - Return bad parameter when no the pcr object is not
458 initialized instead of internal error.
459 - Several fixes added for list locking in the obj_*.c files.
460 - Added initial support for Tspi_TPM_CollateIdentityRequest
461 and its supporting functions (symmetric encryption).
462 - Fix for SF#1338785: Support TSS_TSPATTRIB_HASH_IDENTIFIER.
463 - Changed default kernel and firmware controlled PCRs to
464 none, which should have happened a long time ago. :-/
465 - Fix for SF#1324108: Tspi_TPM_GetEvents should return a
466 number of events
467 - Fix for RFE#1301441: Fallback support for the device
468 node. ioctl is tried first, if that fails, r/w is tried,
469 if that fails, error is returned.
470 - Fixes for SF#1332479: HMAC and XOR callbacks were being
471 passed wrong params.
472 - Fix for SF#1334235, uuid data wasn't being set correctly
473 when keys were registered or loaded by uuid.
474 - Fix for SF#1332316, Tspi_GetAttribData doesn't always
475 return data alloc'd by TSP. Unicode data returned from the
476 function was being allocated off the TSP heap.
477 - Changed default return value for Tspi_GetAttribUint32 to
478 success.
479 - Corrected Tspi_TPM_PcrExtend manpage to state that the
480 application should fill out the TSS_PCR_EVENT structure.
481 -Fixes for SF BUG#1312194, and SF BUG#1312196.  Get
482 Attribs for key usage and size were not being returned
483 correctly. Imported values for size from the TSS 1.2
484 header files and translated TPM <-> TSP values for
485 key usage in the get attrib calls.
486 - Accepted Halcrow's patch to add a TSP key object
487 removal function, invoked at object close time.
488 This was SF BUG#1276133.
489 - increased the size of the return buffer from TCS to
490 TSP to 8K, so that larger requests won't fail.
491 - added a loop to TCSP_GetRandom_Internal to try several
492 (currently 5) times to get the number of requested bytes
493 from the TPM. Since the TSP has no way to tell an
494 application that a single request failed, this will help
495 improve the odds of a large request succeeding.
496
497* TROUSERS_0_2_3
498
499 - SF#1291256 bugs fixed. A UINT16 was being passed instead
500 of a UINT32 to TCS_LoadKeyByBlob_Internal.
501 - Removed test in spi_context.c's call to TCS_LoadKeyByUUID,
502 which would always fail, since there was no TCS layer bit
503 set. This kept us in a success path.
504 - Added debug logging functions that print the function
505 name at the beginning of the statement.
506 - Added GetPubKey as an option for TCSD's remote ops.
507 - SF#1249767 bug fixed. UTF16 strings are now hashed when
508 passwords are passed in through the popups.
509 - SF#1286333 bug fixed. New unicode functions added that
510 convert to UTF-16 and from the nl_langinfo(CODESET)
511 encoding.
512 - SF#1285428 bug fixed. obj_context_get_machine_name copied
513   too many bytes out. Code added to Tspi_GetAttribData to
514   convert to UTF16 before returning.
515
516* TROUSERS_0_2_2
517
518 - deleted section on ssh-askpass in README
519 - Modified popup code to hash UTF16 instead of UTF8.
520 - Restructured TCS calls to the TPM so that all auth sessions
521   are released correctly.
522 - Removed TSP contexts from all Trspi functions and modified
523   all trousers code to free its own memory instead.
524 - Fixed the TSP seal command to allow Sealing with a no-auth
525   key by using null auth data. Also changes the TCS seal
526   to return bad parameter if it gets null auth data.
527 - Removed lots of unused code and made formatting changes.
528 - Don't require Tspi_Key_WrapKey to be connected to succeed
529   and return a default value (or from the environment) if
530   we're doing PCR operations on an unconnected context.
531 - Fixed bug where a tcsd created system.data file was not
532   getting the right version info put into it.
533 - SF BUG#1269290 Fixed: Protect the SRK pub key. Upon taking
534   ownership, the unaltered SRK blob is passed back to the TSP
535   to create a valid key object with the SRK pub key intact.
536   The copies of the SRK pub key data that do into the TCSd's
537   mem cache and PS are zeroed out. From then on, the only way
538   to get the SRK pub key is through Tspi_Key_GetPubKey.
539 - tcspbg.c: deleted unused code and always release auth session
540   on an Unbind call.
541 - Bugfix for SF#1274308, Tspi_Key_CreateKey doesn't add PCRs
542   correctly. Ordering of calls in obj_rsakey_set_pcr_data
543   and calculation of PCRInfo size were incorrect.
544 - Close auth sessions in TCS_GetCapabilityOwner
545 - Removed volatile flag from the SRK key handle at key object
546   create time. This was keeping National TPM's from having the
547   ability to be owned!
548 - Moved calcCompositeHash to obj_pcrs.c and renamed it.
549 - Check returns everywhere for addKeyHandle calls.
550 - Call pthread_mutex_init on the host table's mutex.
551 - Modified TSSWG headers so that code w/o BSD types compiles
552   (such as the PKCS#11 TPM STDLL).
553 - Removed ssh_askpass, since UNICODE must be hashed from the GUI
554   input source.
555 - Updated all manpages to include the TSSWG header file names
556   instead of trousers specific files.
557 - Don't log debug data when TSS_DEBUG_OFF env var is available.
558 - Converted UNICODE to unsigned short and modified code accordingly.
559 - Only allow INADDR_LOCALHOST connections when no remote_ops are
560   defined in the tcsd.conf file.
561 - Bugfix in obj_pcrs.c, setting pcr indices and values was buggy.
562 - Moved macros from trousers_types.h (internal) to trousers.h
563   (external), since new header files make them virtually a
564   requirement
565 - Bugfix for SF#1249780, PCR selection structure was incomplete.
566 - Bugfix for SF#1249769, addKeyHandle now returns a TSS_RESULT.
567
568* TROUSERS_0_2_1
569
570 - return invalid handle int Tspi_ChangeAuth when hParentObject
571   is not of the right type.
572 - Fixed bug in TCS ps, write_key_init returned the wrong offset.
573 - Fixed mem leak in spi_getset.c:791, found by Coverity.
574 - Fixed mem leak in calltcsapi.c:70, found by Coverity.
575 - Fixed mem leak in tcskcm.c:531, found by Coverity.
576 - Fixed type-o mem leak in tspps.c:319/tcsps.c:349, found by Coverity.
577 - Fixed mem leak bug in memmgr.c:173, found by Coverity.
578 - Fixed bounds error bugs in tcstp.c:38/98, found by Coverity.
579 - Fixed bounds error bug in tcsd_wrap.c:154, found by Coverity.
580 - Fixed unchecked return bug in spi_utils.c:430, found by Coverity.
581 - Fixed unchecked return bug in calltcsapi.c:1159, found by Coverity.
582 - Fixed negative return value bug tcs/ps/ps_utils.c:365, found by Coverity.
583 - Fixed negative array index bug readpass.c:65, found by Coverity.
584 - Fixed null deref bugs spi_tpm.c:1292/1309/1302, and uninitialized
585   variable 1272, found by Coverity.
586 - Fixed null deref bugs spi_context.c:358/378, found by Coverity.
587 - Fixed null deref bug tcspbg.c:1413, found by Coverity.
588 - Fixed null deref bug tcspbg.c:745, found by Coverity.
589 - Fixed null deref bug imaem.c:356, found by Coverity.
590 - changed config file defaults for kernel/firmware pcrs.
591 - added better logging for when user/group "tss" doesn't exist
592 - in sendTCSDPacket: set transmitBuffer to 0 to prevent sending
593   bogus data.
594 - added some sanity checking in getTCSDPacket to prevent segfaults.
595 - added TCSERR where needed in tcs/ps files.
596 - BUG 1233031 fixed, TSP now stores PACKAGE_STRING as the vendor
597   data when registering a key.
598 - Added better debugging of auth mapping table, also closed two
599   auth handles that were getting left opened in CreateWrapKey and
600   Seal/Unseal.
601 - fixed ps_inspect's printing function.
602 - added SELinux files and README.selinux.
603 - updated ps_inspect tool to recognize non-PS files,
604   print out version 1 PS files and added a license
605   statement. Also added ps_convert tool to convert
606   version 0 PS files to version 1.
607 - updated ps_inspect tool to print out blobs and keys.
608 - change assert to DBG_ASSERT in tcs/ps files, also
609   assert that data sizes are > 0 when read off disk.
610 - Lots of malloc error logging changes where %d should
611   have been %u in the print statment.
612 - auth_mgr.c: allow a TSP to open a max of max_auths/2
613   sessions before its denied any more, for TPMs that
614   can handle a lot of auth sessions.
615 - Big-endian fixes for the persistent store functions.
616   Trousers now runs fine on ppc64, for example.
617 - BUG 1226617: Audit of code for auth handle termination.
618 - Use @PACKAGE_BUGREPORT@ instead of a static email addr in
619   manpages.
620 - Added man page for tcsd.conf in section 5.
621 - Bugfix in remove_table_entry. Host table head was left
622   pointing at free'd memory.
623 - corrected comment in spi_context.c.
624 - added 64bit stuff to configure.in
625 - fixed bug in Tspi_ChangeAuth where parent object was
626   assumed to be an rsakey.
627 - fixed debug logging of data.
628 - modified calcCompositeHash for accepting incomplete pcr
629   select structures & to fill out the structure correctly.
630
631* TROUSERS_0_2_0
632
633 - removed unused code and added debugging in clearUnusedKeys().
634 - Updated README with info on the 2.6.12 kernel device driver.
635 - fixed bug in calculating pcr select size
636 - fixed bug in init'ing PCRS, spi_utils.c:431
637 - Changed TCPA sig schemes to TSS sig schemes in
638   Hash_VerifySignature.
639 - Implemented Tspi_Context_GetKeyByPublicInfo on the TCS side.
640 - Fixed PS bug in storing the pub key data.
641 - Implemented Tspi_Key_UnloadKey
642 - Implemented the guts of Tspi_Key_CertifyKey, which now works
643   in at least the case where both keys passed in are authless.
644 - in obj_rsakey_set_es/ss, added mapping from TCPA numbers
645   to TSS numbers and vice versa.
646 - added #includes in readpass.c to get rid of compile errors.
647   (thanks Emily).
648 - Fixed popup secret handling. Bug #1194607 closed.
649 - Fixed up the LogBlobData functions, no more strcat. Bug #1221974
650   closed.
651 - changed sprintf's to snprintf. Bug #1221932 closed.
652 - Changed the TCPA_RSA_KEY_PARMS management at key creation time.
653 - Re-implemented TSP object management.
654 - Integrated TSSWG header files.
655 - Added valid_keys variable for the debugging build of
656   tcs/ps/ps_utils.c.
657 - Changed >= to > in openssl/crypto.c to correct off by one in
658   checking the size of the input data.
659 - added cvs commit logging to CVSROOT/loginfo file.
660
661* TROUSERS_0_1_11
662
663 - Changed TCSD logging to only log on remote connection attempts,
664   local connections will be left silent.
665 - mended compiled time warnings
666 - updated src/tspi/Makefile.am to respect libtool.
667 - added x86_64 case to configure.in
668 - added args to print stmt tcsd_wrap.c:3640 (thanks Kylie).
669 - commited fix for detecting past runlevel states (thanks Kylie).
670 - committed fix for RNG problem: a TPM's RNG is disabled when
671   the TPM is in the disabled state, yet needs a random number
672   to open an OSAP session to call the owner auth'd TPM enable
673   command.
674 - added code for CreatePubEK plumbing (thanks Kylie).
675 - fixed a couple signed/unsigned comparison warnings
676 - fixed endianess stuff in TPM GetCap spi_tpm.c.
677 - added Trspi_Error functions to manipulate TSS_RESULTs.
678 - Fixed order of receiving for the TCS_OwnerReadPubek call
679   (thanks Kylie).
680 - Added defns for volatile and non-volatile flags (thanks Kylie).
681 - Added Trspi_Error, which converts a TSS_RESULT to a string.
682   (thanks Kylie).
683 - In tcsd_wrap.c, added function bodies for tcs_wrap_OwnerClear,
684   tcs_wrap_DisablePubekRead, tcs_wrap_OwnerReadPubek,
685   tcs_wrap_DisableForceClear and tcs_wrap_DisableOwnerClear.
686   (thanks Kylie).
687 - Added an unload of the auth returned from the TPM in
688   TCSP_OwnerReadPubek_Internal. (thanks Kylie).
689 - Corrected the TAG for the TPM command in
690   TCSP_OwnerReadPubek_Internal. (thanks Kylie).
691
692* TROUSERS_0_1_10
693
694 - Updated implementation of Tspi_Key_WrapKey.
695 - Added missing goto in ReadPubEK in tcstp.c. (thanks Kylie).
696 - Added function guts for various functions in tcstp.c. (thanks
697   Kylie).
698 - In Tspi_TPM_SetStatus, do the right in the physical presence
699   path based on boolean. (thanks Kylie).
700 - Actually pass in the bool flag on TCSP_PhysicalPresence_Internal
701   (thanks Kylie).
702 - corrected force clear logic in spi_tpm.c:818 (thanks Kylie).
703 - fixed error return code check to socket() syscall clntside.c:52.
704 - added comment about TDDL reries and added log statement when a
705   physical presence command is denied because of runlevel.
706 - Fixed Tspi_Hash_VerifySignature to check signatures based on the
707   signature scheme of the key in use. Also, crypto.c was changed
708   to do a verify based on TSS_HASH_OTHER.
709 - Added 2 new highlevel Unbind testcases to test PKCS1.5 vs OAEP.
710 - In Tspi_Context_LoadKeyByUUID, the uninitialized keyBlob variable
711   was causing an invalid free on exit. Corrected that.
712 - changed return value from internal error to invalid handle when a
713   bad object handle is passed to Tspi_Hash_Sign and the Tspi_Data
714   functions.
715 - added Tspi_TPM_CertifySelfTest functionality
716 - corrected iptables string in the tcsd manpage.
717 - Corrected return code in Tspi_Key_UnloadKey02.c testcase.
718 - enabled Tspi_TPM_GetTestResult functionality
719 - added selftest as an option to the list of remote ops for the access
720   control
721 - added compatibility with openssh-askpass for the popup dialog box.
722   Now either gtk2-devel OR openssh-askpass must be installed to build
723   trousers. Using openssh-askpass reduces the size of libtspi.so by
724   about 40K and reduces the number of dependencies from 26 to 6!
725 - Bugfixes
726   - The entityType field was being passed between the TCSD and
727   TSP as a UINT32 instead of UINT16. This was keeping Tspi_ChangeAuth
728   from working as advertised.
729   - Secrets were being hashed incorrectly when secret mode was PLAIN
730   and the secret data length was 0. Now, when secret mode is plain, the
731   passed in data is always hashed, even if its 0 length.
732   - Popups are hopefully being handled more correctly now. Previously
733   the dialog popped up at the time SetSecret was called, but now its
734   just when the secret is actually needed.
735   - sf.net Bug #118026: memory allocations and free's fixed in almost
736   all paths from app to tcstp.c wrt correctly returning calloc_tspi'd
737   memory vs. malloc'd memory. Only problem remaining is the PCR event
738   functions, which have dangling malloc'd references, which is an
739   architectural problem which should be solved in the 1.2 rewrite.
740
741* TROUSERS_0_1_9
742
743 - added tcsd manpage
744 - added access control functionality so that sets of ordinals
745   cannot be executed by non-local hosts. This is now a
746   configurable option in tcsd.conf as "remote_ops".
747 - Set Physical Presence now works from the TSP when the TCSD
748   detects that it is running in single user mode. When not
749   running in single user mode, the TCS_PhysicalPresence
750   command returns TSS_E_NOTIMPL.
751 - Changed an fprintf to LogError in gtk/support.c
752 - TCP/IP server-side fixes in svrside.c
753 - various compile warnings fixed
754 - moved commonly used utility functions to trspi/trousers.c and
755   exported these functions in the header file tss/trousers.h.
756 - added new testcases for ChangeAuth of the TPM owner and SRK in
757   tcg/highlevel/tspi.
758 - added test tcg/highlevel/tpm/Tspi_TPM_PcrRead04.c
759 - updated Tspi_TPM_GetCapability manpage.
760 - added code to detect a 1.2 TPM and get auth sessions the 1.2 way.
761 - added manpage for Tspi_TPM_GetPubEndorsementKey
762 - Bugfixes
763    - in crypto.c, encrypted data area should be RSA_size(rsa) bytes
764    large, not always 256. This was keeping non-2048 bit keys from
765    working with the TPM keyring app.
766    - Fixed detection of an already closed Tddl.
767    - Allow validating the entire TCPA_PUBKEY structure in
768    Tspi_TPM_GetPubEndorsementKey, as National chips do this.
769    - Added support for TSS_TPMCAP_ORD and TSS_TPMCAP_FLAG in
770    Tspi_TPM_GetCapability, which required a call to
771    TCSP_GetCapabilityOwner to fetch the TPM's internal flags. Added
772    tcg/highlevel/tpm/Tspi_TPM_GetCapability0{4,5}.c to test.
773    - When loading the SRK from TCS PS, the TCS key handle should now
774    be 0x40000000 (TSS_SRK_KEY_HANDLE). There were checks for this in
775    the ChangeAuth code paths, which caused failing of various sorts.
776    - Bug fixed in roll over of TCS key handle generation. Previously we
777    would have smashed the SRK's fixed value and we would have thought
778    there were 2 SRK's loaded.
779    - sf.net bug #1154611, old SRK was not being removed from mem cache,
780    though disk cache was being deleted. This means that after re-taking
781    ownership the mem cache was corrupted until a restart of the TCSD.
782 - Feature Requests
783    - sf.net RFE #1122608 completed. Several different device locations
784    are now supported by default.  If /dev/tpm is created its assumed that
785    the IBM Research device driver is being used and therefore ioctl's are
786    sent to the driver, all others get read/write's. Updated README.
787
788* TROUSERS_0_1_8
789
790 - added a manpage for Tspi_TPM_PcrExtend
791 - added SHA1_HASH_SIZE #define tied to openssl/sha.h
792 - Corrected typo in tcpa_types.h of pValdationData -> pValidationData
793 - updated README with info on device file stuff
794 - added a usage function and long options to tcsd
795 - added an error message when incorrect params are passed to tcsd on
796   the command line.
797 - added -lcrypto and -lpthread to the build of libtspi.so, so that app
798   writers will avoid having to include those when they don't have to.
799 - Connected up Tspi_TPM_SetStatus and Tspi_TPM_SelfTestFull to
800   TCSP_SetTempDeactivated, TCSP_SelfTestFull, TCSP_SetOwnerInstall,
801   TCSP_OwnerSetDisable and TCSP_PhysicalDisable.
802 - Bugfixes
803   - tcsem.c:507, error in calculating number of PCR events to copy out.
804   - sf.net bug #1151183 fixed. Tspi_TPM_GetPubEndorsementKey now takes
805   the correct number of params, and all testcases/TSS calls are changed.
806   - sf.net bug #1113313 fixed. Tspi_TPM_TakeOwnership now allows a NULL
807   pub endorsement key handle and a testcase,
808   tcg/highlevel/tpm/Tspi_TPM_TakeOwnership03.c, exists to test this.
809   - In Tspi_SetAttribData, set the TCPA_KEY's privkey, not the wrapper
810   object on a TSS_TSPATTRIB_KEYBLOB_PRIVATE_KEY.
811
812* TROUSERS_0_1_7
813
814 - Fixed the logging up so that if tcsd -f is specified, all logs go the
815   foreground, else all logs go to syslog.
816 - Moved the TPM_IOCTL #define into the tddl.h file. Now, if you're
817   using the IBM research device driver, compiling with #define TPM_IOCTL
818   will use ioctl's to open /dev/tpm and #undef TPM_IOCTL will use
819   read/write calls to /dev/tpm0.
820 - Revert accidental change in tddl.c
821 - Lots of 0's replaced with non-magic #define's in the TSP code
822 - In spi_getset.c: removed unimportant debugging stmts; make
823   Tspi_{Get|Set}AttribData set the correct public and private key data
824   when asked to.
825 - Lots of manpage verbage changes.
826 - added new manpages for: Tspi_TPM_TakeOwnership, Tspi_Key_LoadKey,
827   Tspi_Context_Create and Tspi_TPM_ClearOwner.
828 - Bugfixes
829   - cxt.c: when destroying a context object, release the tcs_ctx_lock before
830     calling ctx_ref_count_keys(). This prevents a deadlock.
831   - added a mutex unlock call for an error path that would have caused a
832     deadlock
833
834* TROUSERS_0_1_6
835
836 - Logging functionality changes only, for bug #1106301
837   - TCSD:
838     - Logs now go to stdout/stderr until a successful startup
839     - After a successful startup, cmdline args are parsed
840     - if -f is specified, logging continues to stdout/stderr and daemon runs
841       in the foreground, killable by ctrl-c.
842     - If -f is not specified, logs go to syslog and the tcsd forks into the
843       background
844   - TSP library
845     - If compiled w/o debugging, there is no logging of any kind
846     - If compiled w/ debugging, all logs go to stdout/stderr, unless the
847       environment variable TSS_DEBUG_OFF is set, then, there is no logging of
848       any kind
849 - There is no longer a --enable-stderrlog option to the configure script
850
851* TROUSERS_0_1_5
852
853 - Complete memory management overhaul. calloc_tspi is now used to clean up
854   memory allocated by Tspi functions. TCS blob functions have been changed
855   to not require a context, since there's no need w/o calloc_tspi. Its
856   now necessary to call free explicitly everywhere in the TCS. In the TSP,
857   calloc_tspi is now always called with the TSP context of the session, which
858   would will ensure all memory allocated by the session is accounted for.
859 - Unused #defines and variables removed from spi_utils.h
860 - Commented out code removed throughout the source.
861 - Removed log.o on a 'make clean'.
862 - commented out unnecessary logging, added more descriptive logging
863 - renamed variables named 'hContext' to specifiy whether they represent TSP
864   of TCS context handles.
865 - got rid of a few magic numbers
866 - Bugfixes
867   - in tcs/cache.c, getNextTimeStamp() was unlocking the mutex twice.
868   - removed destroy_key_refs() in TSP, which caused double free errors
869   - added call to event_log_final() in tcsd_shutdown() to clean up the event log
870   - added an intermediate copy stage of data in getTCSDPacket() to avoid
871   memcpy() calls with overlapping source and dest fields.
872
873* TROUSERS_0_1_4
874
875 - added ChangeLog :-)
876 - TSP object management overhaul. All API's should be correct for contexts
877    whether they're connected to a TCS or not.
878 - testsuite changes based on object mgmt overhaul
879 - various internal fixes and simplifications of the code due to object mgmt
880    overhaul
881
882* TROUSERS_0_1_3
883
884 - added helpful message when package gtk2-devel is not found in configure.in
885 - chown changes in dist/Makefile for new syntax
886 - added detailed flags to various manpages
887 - TSP memory management overhaul
888 - added more complete destroy_key_refs() function
889 - Bugfixes
890    - quashed memory leaks in TSP found by valgrind
891    - return TRUE/FALSE from getAttribData
892    - added TSS_TSPATTRIB_KEYINFO_SIZE to Tspi_GetAttribData
893    - call free() not Tspi_Context_FreeMemory() in spi_utils.c
894
895* TROUSERS_0_1_2
896
897 - added bug report mailing list to configure.in
898 - added --enable-stderrlog feature to configure.in
899 - Marked Tspi_TPM_GetCapabilitySigned as not implemented (per TSS v1.1b spec)
900 - Bugfixes
901    - Removed common.h from Tspi_Context_RegisterKey manpage
902    - added endianess macros to spi_utils.h
903    - made all endianess fixes to the TSP and testsuite
904    - logging improvements tcspbg.c
905    - tcs_utils.c compile time warning quashed
906
907* TROUSERS_0_1_1
908
909 - Updated design doc
910 - Updated README
911 - More sensible function naming (no addNewObject, just addObject)
912 - Bugfixes
913    - return data correctly in Tspi_GetAttribData
914    - malloc space for returned UUID correctly in tspps.c
915    - log errors in tddl.c
916    - follow a failure path in auth_mgr.c
917    - don't always return success in req_mgr.c
918
919* TROUSERS_0_1_0
920
921 - Initial code drop
922