I did some more testing relating to the auth sessions not being freed from the TPM. The problem seems to be that "auth_mgr_release_auth" does not have enough information to make the decision about whether or not the auth handle should be flushed or not.
In the case where the primary operation succeeded and the "fContinueAuthSession" flag is FALSE, a call to TCSP_FlushSpecific_Common will fail with error = TPM_E_INVALID_AUTHHANDLE. If the primary operation FAILED and the fContinueAuthSession flag is FALSE, a call to TCSP_FlushSpecific_Common will succeed and the handle will be removed from the TPM. Perhaps this is a bug in the TPM (Infineon in this case) that it is not releasing the auth handles on error. One fix would be to modify ALL calls to auth_mgr_release_auth to take a new argument that indicates whether or not to attempt to flush the handle. That would involve changing a lot of code. It is easier to just ignore the error from the TPM and always attempt to flush the auth handle, though it does have a performance impact since it involves more TPM calls. -Wyllys ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ TrouSerS-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-tech
