Dave Pate
|
c61d6c6f23
|
lib: warn, but don't fail on error reading serial number or version
lib: fix Windows build with OpenSSL 1.1.1
ykcs11: fix size_t/unsigned long type mismatch on Windows x64
|
2019-05-06 14:46:46 -07:00 |
|
Dave Pate
|
7b64528cf7
|
lib: check tlv length encoding when reading complex data
|
2019-04-03 09:46:59 +02:00 |
|
Dave Pate
|
5113a5ed02
|
lib: tlv length buffer checks
|
2019-04-03 09:46:54 +02:00 |
|
Dave Pate
|
afbe1b2670
|
lib: handle realloc failures safely
|
2019-04-03 09:46:49 +02:00 |
|
Dave Pate
|
f37cf3f462
|
lib: clear secrets in set_protected_mgm
|
2019-04-03 09:46:41 +02:00 |
|
Dave Pate
|
7ff3007017
|
lib: clear secrets in ykpiv_import_private_key
|
2019-04-03 09:46:35 +02:00 |
|
Dave Pate
|
a10ab1ace5
|
lib: correct zero memory defines, correct overflow checks in _write_certificate
|
2019-04-03 09:46:27 +02:00 |
|
Dave Pate
|
c4dbf9d02c
|
lib: clear secrets in auth api
|
2019-04-03 09:46:20 +02:00 |
|
Dave Pate
|
340177f070
|
lib: check that serial/version checks occur during select
|
2019-04-03 09:46:15 +02:00 |
|
Dave Pate
|
934120888f
|
lib: define constant for max pin len magic numbers
lib: clear pin buffers when no longer used
|
2019-04-03 09:46:01 +02:00 |
|
Dave Pate
|
eb250134f8
|
lib: check internal authentication crypt errors
|
2019-04-03 09:45:57 +02:00 |
|
Dave Pate
|
b2dd16deb4
|
lib: clear buffers containing key material
|
2019-04-03 09:45:53 +02:00 |
|
Dave Pate
|
28189201a4
|
lib: use secure zero memory platform functions
|
2019-04-03 09:45:49 +02:00 |
|
Dave Pate
|
2e72c8f85c
|
lib: resolves potential reads of uninitialized data
|
2019-04-03 09:45:44 +02:00 |
|
Stacey Sheldon
|
811ddbb22d
|
CHUID: fix the encoding of the FASC-N data element in the CHUID
This is the hard-coded FASC-N field being used by yubico-piv-tool
[9999-9999-999999-0-1-0000000000300001]
S9999F9999F999999F0F1F0000000000300001E
It should be encoded as this sequence of 5-bit values
11010 (SS)
10011 10011 10011 10011 (9999)
10110 (FS)
10011 10011 10011 10011 (9999)
10110 (FS)
10011 10011 10011 10011 10011 10011 (999999)
10110 (FS)
00001 (0)
10110 (FS)
10000 (1)
10110 (FS)
00001 00001 00001 00001 00001 00001 00001 00001 00001 00001 (0000000000)
11001 (3)
00001 00001 00001 00001 (0000)
10000 (1)
11111 (ES)
01011 (LRC)
This packs into this 25-byte (200-bit) sequence of hex bytes:
d4 e7 39 da 73 9c ed 39 ce 73 9d 83 68 58 21 08
42 10 84 21 c8 42 10 c3 eb
|
2019-01-01 01:43:51 -05:00 |
|
Dave Pate
|
cbd5ba5122
|
libykpiv/piv-tool 1.6.3
lib: promote get_serial to base API
lib: add ykpiv_get_serial to external API
tool: add serial number/version to status command
build: fix msvc build of case insensitive-reader (missing strncasecmp and cast warnings)
lib: consolidate neo/yk4 + yk5 serial number routines
lib: fix GCC 8 compilier warnings
lib: reimplement deauthenticate to select mgmt aid
build: disable -Waggregate-return
lib: fix warning differences between gcc and msvc
lib: add option to disable implicit card transactions
lib: remove application reselect prior to crypt operations
build: fix msvc warnings wrt length checking logic fixes
lib: fix error condition logic in untransacted internal functions
lib: create internal transactionless ykpiv_transfer_data
|
2018-09-14 14:29:39 -07:00 |
|
Klas Lindfors
|
6e51db8c80
|
lib: make the reader comparison case-insensitive
sadly strcasestr is a GNU/BSD extension, not part of posix so we have to
do our own thing here or do different things on different platforms.
|
2018-09-07 12:57:10 +02:00 |
|
Klas Lindfors
|
16d539041e
|
ykpiv: when decoding an object compare lengths correctly
the length comparison when reading an object out was messed up, this
fixes it to compare correctly.
relates #154
|
2018-08-16 14:25:31 +02:00 |
|
Klas Lindfors
|
c15efbfdd7
|
ykpiv: fix length when encoding exactly 0xff bytes
this should be encoded as 81 ff, not 82 00 ff
relates #154
|
2018-08-16 14:25:14 +02:00 |
|
Jakub Jelen
|
d613b42b0c
|
Avoid unused variables and warnings when building against OpenSSL 1.1
|
2018-08-08 16:12:25 +02:00 |
|
Klas Lindfors
|
80d47c82f0
|
lib: in _ykpiv_fetch_object() handle bogus length by returning
otherwise we might memmove() to much data
Thanks to Eric Sesterhenn of x41 D-Sec for reporting this issue to us.
|
2018-08-03 10:51:46 +02:00 |
|
Klas Lindfors
|
01a127a44a
|
lib: in ykpiv_transfer_data() handle overflow by exiting
this is detected and printed, but we never exit the function
Thanks to Eric Sesterhenn of x41 D-Sec for reporting this issue to us.
|
2018-08-03 10:51:00 +02:00 |
|
Dave Pate
|
775eaacc9f
|
Merge upstream master commits
|
2018-03-05 11:32:25 -08:00 |
|
Dave Pate
|
b98f97ef62
|
Fixes linux/osx build warnings
Clarify logic for configuration file
|
2018-03-05 11:28:52 -08:00 |
|
Jakub Jelen
|
bbd92009fc
|
libcheck 0.9 compatibility for RHEL7
|
2018-02-27 15:40:31 +01:00 |
|
Jakub Jelen
|
dfca8e2e55
|
Remove unused variables
|
2018-02-27 15:40:31 +01:00 |
|
Jakub Jelen
|
f5c42cef89
|
Do not build test if HW_TESTS is not enabled (to avoid warnings)
|
2018-02-10 19:35:12 +01:00 |
|
Dave Pate
|
0b2dcb0aaf
|
Fix msvc build warning re: return values
|
2018-02-09 09:14:45 -08:00 |
|
Dave Pate
|
9783f9b626
|
Fix warnings in msvc build
|
2018-02-09 09:03:10 -08:00 |
|
Dave Pate
|
289896ac61
|
Add syslog/windows event log output
Read multistage configuration
Update ROCA mitigation check and warnings
|
2018-02-09 08:28:51 -08:00 |
|
Trevor Bentley
|
c9f4d684d1
|
Support specifying custom PCSC lib
|
2018-01-24 15:44:22 +01:00 |
|
Trevor Bentley
|
d5d953be95
|
Use library dependencies for openssl compat layer
|
2017-11-29 09:47:45 +00:00 |
|
Trevor Bentley
|
20a5ecce0f
|
Fix OpenSSL 1.1 build with mingw32/64
|
2017-11-27 11:27:11 +01:00 |
|
Trevor Bentley
|
7ca0267ddf
|
Fix OpenSSL 1.1 compat layer
- Changes for latest ykpiv_util refactor
- Passes hw tests with openssl 1.0 and 1.1
- Passes valgrind
|
2017-11-21 17:08:38 +01:00 |
|
Trevor Bentley
|
6a34b6ef96
|
Fix cross-compiling for mingw64
|
2017-11-17 16:13:15 +01:00 |
|
Trevor Bentley
|
aa3b69926b
|
Doxygen documentation for ykpiv_util_* API.
|
2017-11-08 11:38:27 +01:00 |
|
Trevor Bentley
|
3ce4f0ccae
|
Clean up typos, warnings, and incorrect libtool age.
|
2017-11-08 11:11:45 +01:00 |
|
Trevor Bentley
|
366de02ab1
|
Organize ykpiv.h, update NEWS file for 1.5.0
|
2017-11-03 16:15:13 +01:00 |
|
Trevor Bentley
|
c6abe7ac6d
|
Add integration test for PIN cache
|
2017-11-03 13:39:23 +01:00 |
|
Trevor Bentley
|
7818b49e7d
|
Skip unusable integration tests when testing a NEO
|
2017-10-31 15:40:51 +01:00 |
|
Trevor Bentley
|
c939cff518
|
Allow changing libykpiv compile-time ifdefs from CFLAGS
|
2017-10-31 12:34:15 +01:00 |
|
Trevor Bentley
|
252226220a
|
Disable ensure_application_selected() by default, since it breaks PIN policy.
|
2017-10-31 12:29:16 +01:00 |
|
Trevor Bentley
|
4eb6f1b193
|
Fix build on Linux
Signed-off-by: Trevor Bentley <trevor@yubico.com>
|
2017-10-26 17:03:35 +02:00 |
|
Dave Pate
|
999312e6b5
|
api: use uintptr_t for architecture specific handle sizes
|
2017-10-26 14:09:09 +02:00 |
|
Trevor Bentley
|
a7eb0657f1
|
Fix compile time warnings about -no-install on Darwin/clang
|
2017-10-26 12:37:05 +02:00 |
|
Trevor Bentley
|
05ac49abbb
|
Suppress sscanf_s error on Windows
|
2017-10-25 16:19:13 +02:00 |
|
Trevor Bentley
|
edda816abe
|
Remove accidental printf
|
2017-10-25 16:18:53 +02:00 |
|
Trevor Bentley
|
c2f86d0a0f
|
Move YK4 insecure on-chip key generation prevention from yubico-piv-tool to libykpiv
|
2017-10-24 15:59:44 +02:00 |
|
Trevor Bentley
|
15f533d7de
|
Move hardware tests to "make hwtest", with one warning for all test suites.
- "make check" will mark destructive tests as skipped
- "make hwtest" will ask once for user confirmation
|
2017-10-24 15:10:45 +02:00 |
|
Trevor Bentley
|
4dffc0fa6a
|
Bump libykpiv version to 1.5.0
|
2017-10-23 16:27:09 +02:00 |
|