Merge branch 'pr-157'
This commit is contained in:
@@ -513,7 +513,6 @@ setting_bool_t _get_bool_config(const char *sz_setting) {
|
|||||||
char *psz_value = 0;
|
char *psz_value = 0;
|
||||||
char sz_name[256] = { 0 };
|
char sz_name[256] = { 0 };
|
||||||
char sz_value[256] = { 0 };
|
char sz_value[256] = { 0 };
|
||||||
size_t i = 0;
|
|
||||||
FILE *pf = 0;
|
FILE *pf = 0;
|
||||||
|
|
||||||
if ((pf = fopen(_CONFIG_FILE, "r"))) {
|
if ((pf = fopen(_CONFIG_FILE, "r"))) {
|
||||||
|
|||||||
@@ -1329,7 +1329,6 @@ uint32_t ykpiv_util_slot_object(uint8_t slot) {
|
|||||||
ykpiv_rc _ykpiv_util_get_serial(ykpiv_state *state, uint32_t *p_serial, bool f_force) {
|
ykpiv_rc _ykpiv_util_get_serial(ykpiv_state *state, uint32_t *p_serial, bool f_force) {
|
||||||
ykpiv_rc res = YKPIV_OK;
|
ykpiv_rc res = YKPIV_OK;
|
||||||
APDU apdu;
|
APDU apdu;
|
||||||
const uint8_t templ[] = { 0, YKPIV_INS_SELECT_APPLICATION, 0x04, 0 };
|
|
||||||
const uint8_t yk_applet[] = { 0xa0, 0x00, 0x00, 0x05, 0x27, 0x20, 0x01, 0x01 };
|
const uint8_t yk_applet[] = { 0xa0, 0x00, 0x00, 0x05, 0x27, 0x20, 0x01, 0x01 };
|
||||||
unsigned char data[0xff];
|
unsigned char data[0xff];
|
||||||
uint32_t recv_len = sizeof(data);
|
uint32_t recv_len = sizeof(data);
|
||||||
|
|||||||
@@ -1493,7 +1493,6 @@ Cleanup:
|
|||||||
|
|
||||||
ykpiv_rc ykpiv_attest(ykpiv_state *state, const unsigned char key, unsigned char *data, size_t *data_len) {
|
ykpiv_rc ykpiv_attest(ykpiv_state *state, const unsigned char key, unsigned char *data, size_t *data_len) {
|
||||||
ykpiv_rc res;
|
ykpiv_rc res;
|
||||||
bool ret = false;
|
|
||||||
unsigned char templ[] = {0, YKPIV_INS_ATTEST, key, 0};
|
unsigned char templ[] = {0, YKPIV_INS_ATTEST, key, 0};
|
||||||
int sw;
|
int sw;
|
||||||
unsigned long ul_data_len;
|
unsigned long ul_data_len;
|
||||||
|
|||||||
+26
-22
@@ -627,20 +627,19 @@ static bool request_certificate(ykpiv_state *state, enum enum_key_format key_for
|
|||||||
EVP_PKEY *public_key = NULL;
|
EVP_PKEY *public_key = NULL;
|
||||||
const EVP_MD *md;
|
const EVP_MD *md;
|
||||||
bool ret = false;
|
bool ret = false;
|
||||||
unsigned char digest[EVP_MAX_MD_SIZE + MAX_OID_LEN];
|
|
||||||
unsigned int digest_len;
|
|
||||||
unsigned int md_len;
|
|
||||||
unsigned char algorithm;
|
unsigned char algorithm;
|
||||||
int key = 0;
|
int key = 0;
|
||||||
unsigned char *signinput;
|
|
||||||
size_t len = 0;
|
|
||||||
size_t oid_len;
|
size_t oid_len;
|
||||||
const unsigned char *oid;
|
const unsigned char *oid;
|
||||||
|
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
|
||||||
|
unsigned char digest[EVP_MAX_MD_SIZE + MAX_OID_LEN];
|
||||||
|
unsigned int md_len;
|
||||||
|
unsigned int digest_len;
|
||||||
|
unsigned char *signinput;
|
||||||
|
size_t len = 0;
|
||||||
int nid;
|
int nid;
|
||||||
ASN1_TYPE null_parameter;
|
ASN1_TYPE null_parameter;
|
||||||
|
#endif
|
||||||
null_parameter.type = V_ASN1_NULL;
|
|
||||||
null_parameter.value.ptr = NULL;
|
|
||||||
|
|
||||||
key = get_slot_hex(slot);
|
key = get_slot_hex(slot);
|
||||||
|
|
||||||
@@ -674,9 +673,6 @@ static bool request_certificate(ykpiv_state *state, enum enum_key_format key_for
|
|||||||
goto request_out;
|
goto request_out;
|
||||||
}
|
}
|
||||||
|
|
||||||
md_len = (unsigned int)EVP_MD_size(md);
|
|
||||||
digest_len = sizeof(digest) - md_len;
|
|
||||||
|
|
||||||
req = X509_REQ_new();
|
req = X509_REQ_new();
|
||||||
if(!req) {
|
if(!req) {
|
||||||
fprintf(stderr, "Failed to allocate request structure.\n");
|
fprintf(stderr, "Failed to allocate request structure.\n");
|
||||||
@@ -700,6 +696,12 @@ static bool request_certificate(ykpiv_state *state, enum enum_key_format key_for
|
|||||||
}
|
}
|
||||||
|
|
||||||
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
|
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
|
||||||
|
null_parameter.type = V_ASN1_NULL;
|
||||||
|
null_parameter.value.ptr = NULL;
|
||||||
|
|
||||||
|
md_len = (unsigned int)EVP_MD_size(md);
|
||||||
|
digest_len = sizeof(digest) - md_len;
|
||||||
|
|
||||||
memcpy(digest, oid, oid_len);
|
memcpy(digest, oid, oid_len);
|
||||||
/* XXX: this should probably use X509_REQ_digest() but that's buggy */
|
/* XXX: this should probably use X509_REQ_digest() but that's buggy */
|
||||||
if(!ASN1_item_digest(ASN1_ITEM_rptr(X509_REQ_INFO), md, req->req_info,
|
if(!ASN1_item_digest(ASN1_ITEM_rptr(X509_REQ_INFO), md, req->req_info,
|
||||||
@@ -785,22 +787,21 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo
|
|||||||
X509 *x509 = NULL;
|
X509 *x509 = NULL;
|
||||||
X509_NAME *name = NULL;
|
X509_NAME *name = NULL;
|
||||||
const EVP_MD *md;
|
const EVP_MD *md;
|
||||||
unsigned char digest[EVP_MAX_MD_SIZE + MAX_OID_LEN];
|
|
||||||
unsigned int digest_len;
|
|
||||||
unsigned char algorithm;
|
unsigned char algorithm;
|
||||||
int key = 0;
|
int key = 0;
|
||||||
unsigned char *signinput;
|
|
||||||
size_t len = 0;
|
|
||||||
size_t oid_len;
|
size_t oid_len;
|
||||||
const unsigned char *oid;
|
const unsigned char *oid;
|
||||||
int nid;
|
int nid;
|
||||||
unsigned int md_len;
|
|
||||||
ASN1_INTEGER *sno = ASN1_INTEGER_new();
|
ASN1_INTEGER *sno = ASN1_INTEGER_new();
|
||||||
BIGNUM *ser = NULL;
|
BIGNUM *ser = NULL;
|
||||||
|
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
|
||||||
|
unsigned char digest[EVP_MAX_MD_SIZE + MAX_OID_LEN];
|
||||||
|
unsigned int digest_len;
|
||||||
|
unsigned int md_len;
|
||||||
|
unsigned char *signinput;
|
||||||
|
size_t len = 0;
|
||||||
ASN1_TYPE null_parameter;
|
ASN1_TYPE null_parameter;
|
||||||
|
#endif
|
||||||
null_parameter.type = V_ASN1_NULL;
|
|
||||||
null_parameter.value.ptr = NULL;
|
|
||||||
|
|
||||||
key = get_slot_hex(slot);
|
key = get_slot_hex(slot);
|
||||||
|
|
||||||
@@ -833,9 +834,6 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo
|
|||||||
if(md == NULL) {
|
if(md == NULL) {
|
||||||
goto selfsign_out;
|
goto selfsign_out;
|
||||||
}
|
}
|
||||||
md_len = (unsigned int)EVP_MD_size(md);
|
|
||||||
digest_len = sizeof(digest) - md_len;
|
|
||||||
|
|
||||||
x509 = X509_new();
|
x509 = X509_new();
|
||||||
if(!x509) {
|
if(!x509) {
|
||||||
fprintf(stderr, "Failed to allocate certificate structure.\n");
|
fprintf(stderr, "Failed to allocate certificate structure.\n");
|
||||||
@@ -904,6 +902,12 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo
|
|||||||
goto selfsign_out;
|
goto selfsign_out;
|
||||||
}
|
}
|
||||||
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
|
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
|
||||||
|
null_parameter.type = V_ASN1_NULL;
|
||||||
|
null_parameter.value.ptr = NULL;
|
||||||
|
|
||||||
|
md_len = (unsigned int)EVP_MD_size(md);
|
||||||
|
digest_len = sizeof(digest) - md_len;
|
||||||
|
|
||||||
if(YKPIV_IS_RSA(algorithm)) {
|
if(YKPIV_IS_RSA(algorithm)) {
|
||||||
signinput = digest;
|
signinput = digest;
|
||||||
len = oid_len + md_len;
|
len = oid_len + md_len;
|
||||||
|
|||||||
Reference in New Issue
Block a user