Dave Pate
7ff3007017
lib: clear secrets in ykpiv_import_private_key
2019-04-03 09:46:35 +02:00
Dave Pate
a10ab1ace5
lib: correct zero memory defines, correct overflow checks in _write_certificate
2019-04-03 09:46:27 +02:00
Dave Pate
c4dbf9d02c
lib: clear secrets in auth api
2019-04-03 09:46:20 +02:00
Dave Pate
340177f070
lib: check that serial/version checks occur during select
2019-04-03 09:46:15 +02:00
Dave Pate
934120888f
lib: define constant for max pin len magic numbers
...
lib: clear pin buffers when no longer used
2019-04-03 09:46:01 +02:00
Dave Pate
eb250134f8
lib: check internal authentication crypt errors
2019-04-03 09:45:57 +02:00
Dave Pate
b2dd16deb4
lib: clear buffers containing key material
2019-04-03 09:45:53 +02:00
Dave Pate
28189201a4
lib: use secure zero memory platform functions
2019-04-03 09:45:49 +02:00
Dave Pate
2e72c8f85c
lib: resolves potential reads of uninitialized data
2019-04-03 09:45:44 +02:00
pedro martelletto
9a72ec1ba1
doc: set LC_CTYPE=C; fixes ef81d164 on MacOS
2019-03-07 07:50:08 +01:00
Alessio Di Mauro
33a10a5adb
Merge pull request #187 from Yubico/pvs_remove_warnings
...
Remove some warnings
2019-03-06 15:27:40 +01:00
Gabriel Kihlman
bc2f161c51
Initialize buf to 0 to make a code scanner happy
2019-03-06 15:16:56 +01:00
Gabriel Kihlman
f60d2d4ff8
Do not assign variable twice
2019-03-06 14:32:42 +01:00
Gabriel Kihlman
3f7f2b633b
Remove duplicate check on op_info.type != YKCS11_SIGN
2019-03-06 14:31:04 +01:00
Klas Lindfors
1f8a759894
Merge branch 'pr-186'
2019-03-05 08:16:44 +01:00
pedro martelletto
ef81d16465
doc: rely on /dev/urandom's distribution to generate secrets
...
as per https://github.com/Yubico/developers.yubico.com/issues/87
2019-03-05 07:58:09 +01:00
Alessio Di Mauro
bc72c7378f
Merge PR#184
2019-02-20 16:09:32 +01:00
Gabriel Kihlman
5baf9347e1
Check return value of strdup
2019-02-20 16:02:19 +01:00
Klas Lindfors
2581c0b3c3
bump openssl version and don't include check binaries
2019-02-18 13:52:16 +01:00
Alessio Di Mauro
1d6ed20182
Merge PR#183
2019-02-15 16:05:38 +01:00
Klas Lindfors
e4e3137556
tool: fix selfsigned extensions
...
previous code was on the naive side
2019-02-15 15:46:13 +01:00
Alessio Di Mauro
6264c6a578
Merge PR #182
2019-02-15 13:34:45 +01:00
Klas Lindfors
7ecb5fe0b8
tool: add extensions for selfsigned certificates to match openssl
...
this adds subjectKeyIdentifier, authorityKeyIdentifier and
basicConstraints (CA:TRUE) for selfsigned certificates to match with
openssl req
2019-02-15 12:59:38 +01:00
Alessio Di Mauro
5749371432
ykcs11: use a large enough buffer when writing EC signatures
2019-01-07 11:03:52 +01:00
Klas Lindfors
8b38f0c079
Merge branch 'pr-178'
2019-01-02 08:50:49 +01:00
Stacey Sheldon
811ddbb22d
CHUID: fix the encoding of the FASC-N data element in the CHUID
...
This is the hard-coded FASC-N field being used by yubico-piv-tool
[9999-9999-999999-0-1-0000000000300001]
S9999F9999F999999F0F1F0000000000300001E
It should be encoded as this sequence of 5-bit values
11010 (SS)
10011 10011 10011 10011 (9999)
10110 (FS)
10011 10011 10011 10011 (9999)
10110 (FS)
10011 10011 10011 10011 10011 10011 (999999)
10110 (FS)
00001 (0)
10110 (FS)
10000 (1)
10110 (FS)
00001 00001 00001 00001 00001 00001 00001 00001 00001 00001 (0000000000)
11001 (3)
00001 00001 00001 00001 (0000)
10000 (1)
11111 (ES)
01011 (LRC)
This packs into this 25-byte (200-bit) sequence of hex bytes:
d4 e7 39 da 73 9c ed 39 ce 73 9d 83 68 58 21 08
42 10 84 21 c8 42 10 c3 eb
2019-01-01 01:43:51 -05:00
Stacey Sheldon
421469b220
FASC-N: correct encoding of the packed 4-bit decimal format with odd parity
...
The BCD digits in the FASC-N credential are sent lsb first followed by an
odd parity. Since this perl script is simply packing the bits in their
expected order, the encodings should exactly match figure 7 in
"Technical Implementation Guidance: Smart Card Enabled Physical Access
Control Systems Version 2.2".
2019-01-01 01:23:55 -05:00
Klas Lindfors
79b86cf9bd
fix fasc-n value of 1
...
relates #177
2018-12-18 09:25:05 +01:00
Klas Lindfors
5d1d044982
Merge branch 'pr-165'
2018-09-21 10:34:09 +02:00
Klas Lindfors
898b85821c
ykcs11: allow the pkcs11 module to find headers from tool/
...
fixes #166
2018-09-18 08:38:57 +02:00
Dave Pate
cbd5ba5122
libykpiv/piv-tool 1.6.3
...
lib: promote get_serial to base API
lib: add ykpiv_get_serial to external API
tool: add serial number/version to status command
build: fix msvc build of case insensitive-reader (missing strncasecmp and cast warnings)
lib: consolidate neo/yk4 + yk5 serial number routines
lib: fix GCC 8 compilier warnings
lib: reimplement deauthenticate to select mgmt aid
build: disable -Waggregate-return
lib: fix warning differences between gcc and msvc
lib: add option to disable implicit card transactions
lib: remove application reselect prior to crypt operations
build: fix msvc warnings wrt length checking logic fixes
lib: fix error condition logic in untransacted internal functions
lib: create internal transactionless ykpiv_transfer_data
2018-09-14 14:29:39 -07:00
Klas Lindfors
311ba9b30c
bump version to 1.6.3
2018-09-14 10:04:27 +02:00
Klas Lindfors
54ed4018b2
NEWS for 1.6.2
2018-09-14 09:24:05 +02:00
Klas Lindfors
a24dd0a2ee
tool: for openssl 1.1 rsa signatures include hash oid
...
the rsa signature has to be over hash oid + message digest, dropping the
oid from the hash leads to invalid certificate requests and selfsigned
certificates.
fixes #164
2018-09-10 10:24:32 +02:00
Klas Lindfors
228a04ad73
tool: only declare the static struct once in wrap_public_key()
...
and make sure to just set it once for both rsa and ec
2018-09-10 10:04:46 +02:00
Klas Lindfors
696894bc68
tool: handle error conditions from signing with openssl 1.1
...
relates #164
2018-09-10 08:52:39 +02:00
Alessio Di Mauro
d0ba708260
Merge PR #163
2018-09-07 13:58:18 +02:00
Klas Lindfors
6e51db8c80
lib: make the reader comparison case-insensitive
...
sadly strcasestr is a GNU/BSD extension, not part of posix so we have to
do our own thing here or do different things on different platforms.
2018-09-07 12:57:10 +02:00
Klas Lindfors
62142a1b74
bump openssl versions to 1.0.2p
2018-08-17 09:45:39 +02:00
Klas Lindfors
945a0f314d
bump version to 1.6.2
2018-08-17 09:45:20 +02:00
Klas Lindfors
ff12f8baf3
NEWS for 1.6.1
2018-08-17 09:22:18 +02:00
Klas Lindfors
5bbce58cee
update NEWS for more changes that happened in 1.6.0
2018-08-17 09:20:36 +02:00
Klas Lindfors
23a4d008c6
finish up version bump to 1.6.1, LT_REVISION has to increase
2018-08-17 09:14:32 +02:00
Klas Lindfors
45e74cfccf
tool: check length before trying to store cert in buffer
...
fixes #148
2018-08-16 14:49:32 +02:00
Klas Lindfors
16d539041e
ykpiv: when decoding an object compare lengths correctly
...
the length comparison when reading an object out was messed up, this
fixes it to compare correctly.
relates #154
2018-08-16 14:25:31 +02:00
Klas Lindfors
c15efbfdd7
ykpiv: fix length when encoding exactly 0xff bytes
...
this should be encoded as 81 ff, not 82 00 ff
relates #154
2018-08-16 14:25:14 +02:00
Klas Lindfors
7b1c8197fb
Merge branch 'pr-157'
2018-08-09 10:23:52 +02:00
Jakub Jelen
d613b42b0c
Avoid unused variables and warnings when building against OpenSSL 1.1
2018-08-08 16:12:25 +02:00
Thordur Bjornsson
419d0da8bc
Revert the configure.ac portion of c31a0425.
...
Bugfixes don't change the libtool versions, so revert back.
2018-08-08 15:25:09 +02:00
Thordur Bjornsson
c31a042595
Bump version to 1.6.1 unreleased
2018-08-08 10:42:20 +02:00