Dave Pate
340177f070
lib: check that serial/version checks occur during select
2019-04-03 09:46:15 +02:00
Dave Pate
934120888f
lib: define constant for max pin len magic numbers
...
lib: clear pin buffers when no longer used
2019-04-03 09:46:01 +02:00
Dave Pate
eb250134f8
lib: check internal authentication crypt errors
2019-04-03 09:45:57 +02:00
Dave Pate
b2dd16deb4
lib: clear buffers containing key material
2019-04-03 09:45:53 +02:00
Dave Pate
28189201a4
lib: use secure zero memory platform functions
2019-04-03 09:45:49 +02:00
Dave Pate
2e72c8f85c
lib: resolves potential reads of uninitialized data
2019-04-03 09:45:44 +02:00
Stacey Sheldon
811ddbb22d
CHUID: fix the encoding of the FASC-N data element in the CHUID
...
This is the hard-coded FASC-N field being used by yubico-piv-tool
[9999-9999-999999-0-1-0000000000300001]
S9999F9999F999999F0F1F0000000000300001E
It should be encoded as this sequence of 5-bit values
11010 (SS)
10011 10011 10011 10011 (9999)
10110 (FS)
10011 10011 10011 10011 (9999)
10110 (FS)
10011 10011 10011 10011 10011 10011 (999999)
10110 (FS)
00001 (0)
10110 (FS)
10000 (1)
10110 (FS)
00001 00001 00001 00001 00001 00001 00001 00001 00001 00001 (0000000000)
11001 (3)
00001 00001 00001 00001 (0000)
10000 (1)
11111 (ES)
01011 (LRC)
This packs into this 25-byte (200-bit) sequence of hex bytes:
d4 e7 39 da 73 9c ed 39 ce 73 9d 83 68 58 21 08
42 10 84 21 c8 42 10 c3 eb
2019-01-01 01:43:51 -05:00
Dave Pate
cbd5ba5122
libykpiv/piv-tool 1.6.3
...
lib: promote get_serial to base API
lib: add ykpiv_get_serial to external API
tool: add serial number/version to status command
build: fix msvc build of case insensitive-reader (missing strncasecmp and cast warnings)
lib: consolidate neo/yk4 + yk5 serial number routines
lib: fix GCC 8 compilier warnings
lib: reimplement deauthenticate to select mgmt aid
build: disable -Waggregate-return
lib: fix warning differences between gcc and msvc
lib: add option to disable implicit card transactions
lib: remove application reselect prior to crypt operations
build: fix msvc warnings wrt length checking logic fixes
lib: fix error condition logic in untransacted internal functions
lib: create internal transactionless ykpiv_transfer_data
2018-09-14 14:29:39 -07:00
Klas Lindfors
6e51db8c80
lib: make the reader comparison case-insensitive
...
sadly strcasestr is a GNU/BSD extension, not part of posix so we have to
do our own thing here or do different things on different platforms.
2018-09-07 12:57:10 +02:00
Klas Lindfors
16d539041e
ykpiv: when decoding an object compare lengths correctly
...
the length comparison when reading an object out was messed up, this
fixes it to compare correctly.
relates #154
2018-08-16 14:25:31 +02:00
Klas Lindfors
c15efbfdd7
ykpiv: fix length when encoding exactly 0xff bytes
...
this should be encoded as 81 ff, not 82 00 ff
relates #154
2018-08-16 14:25:14 +02:00
Jakub Jelen
d613b42b0c
Avoid unused variables and warnings when building against OpenSSL 1.1
2018-08-08 16:12:25 +02:00
Klas Lindfors
80d47c82f0
lib: in _ykpiv_fetch_object() handle bogus length by returning
...
otherwise we might memmove() to much data
Thanks to Eric Sesterhenn of x41 D-Sec for reporting this issue to us.
2018-08-03 10:51:46 +02:00
Klas Lindfors
01a127a44a
lib: in ykpiv_transfer_data() handle overflow by exiting
...
this is detected and printed, but we never exit the function
Thanks to Eric Sesterhenn of x41 D-Sec for reporting this issue to us.
2018-08-03 10:51:00 +02:00
Dave Pate
775eaacc9f
Merge upstream master commits
2018-03-05 11:32:25 -08:00
Dave Pate
b98f97ef62
Fixes linux/osx build warnings
...
Clarify logic for configuration file
2018-03-05 11:28:52 -08:00
Jakub Jelen
bbd92009fc
libcheck 0.9 compatibility for RHEL7
2018-02-27 15:40:31 +01:00
Jakub Jelen
dfca8e2e55
Remove unused variables
2018-02-27 15:40:31 +01:00
Jakub Jelen
f5c42cef89
Do not build test if HW_TESTS is not enabled (to avoid warnings)
2018-02-10 19:35:12 +01:00
Dave Pate
0b2dcb0aaf
Fix msvc build warning re: return values
2018-02-09 09:14:45 -08:00
Dave Pate
9783f9b626
Fix warnings in msvc build
2018-02-09 09:03:10 -08:00
Dave Pate
289896ac61
Add syslog/windows event log output
...
Read multistage configuration
Update ROCA mitigation check and warnings
2018-02-09 08:28:51 -08:00
Trevor Bentley
c9f4d684d1
Support specifying custom PCSC lib
2018-01-24 15:44:22 +01:00
Trevor Bentley
d5d953be95
Use library dependencies for openssl compat layer
2017-11-29 09:47:45 +00:00
Trevor Bentley
20a5ecce0f
Fix OpenSSL 1.1 build with mingw32/64
2017-11-27 11:27:11 +01:00
Trevor Bentley
7ca0267ddf
Fix OpenSSL 1.1 compat layer
...
- Changes for latest ykpiv_util refactor
- Passes hw tests with openssl 1.0 and 1.1
- Passes valgrind
2017-11-21 17:08:38 +01:00
Trevor Bentley
6a34b6ef96
Fix cross-compiling for mingw64
2017-11-17 16:13:15 +01:00
Trevor Bentley
aa3b69926b
Doxygen documentation for ykpiv_util_* API.
2017-11-08 11:38:27 +01:00
Trevor Bentley
3ce4f0ccae
Clean up typos, warnings, and incorrect libtool age.
2017-11-08 11:11:45 +01:00
Trevor Bentley
366de02ab1
Organize ykpiv.h, update NEWS file for 1.5.0
2017-11-03 16:15:13 +01:00
Trevor Bentley
c6abe7ac6d
Add integration test for PIN cache
2017-11-03 13:39:23 +01:00
Trevor Bentley
7818b49e7d
Skip unusable integration tests when testing a NEO
2017-10-31 15:40:51 +01:00
Trevor Bentley
c939cff518
Allow changing libykpiv compile-time ifdefs from CFLAGS
2017-10-31 12:34:15 +01:00
Trevor Bentley
252226220a
Disable ensure_application_selected() by default, since it breaks PIN policy.
2017-10-31 12:29:16 +01:00
Trevor Bentley
4eb6f1b193
Fix build on Linux
...
Signed-off-by: Trevor Bentley <trevor@yubico.com >
2017-10-26 17:03:35 +02:00
Dave Pate
999312e6b5
api: use uintptr_t for architecture specific handle sizes
2017-10-26 14:09:09 +02:00
Trevor Bentley
a7eb0657f1
Fix compile time warnings about -no-install on Darwin/clang
2017-10-26 12:37:05 +02:00
Trevor Bentley
05ac49abbb
Suppress sscanf_s error on Windows
2017-10-25 16:19:13 +02:00
Trevor Bentley
edda816abe
Remove accidental printf
2017-10-25 16:18:53 +02:00
Trevor Bentley
c2f86d0a0f
Move YK4 insecure on-chip key generation prevention from yubico-piv-tool to libykpiv
2017-10-24 15:59:44 +02:00
Trevor Bentley
15f533d7de
Move hardware tests to "make hwtest", with one warning for all test suites.
...
- "make check" will mark destructive tests as skipped
- "make hwtest" will ask once for user confirmation
2017-10-24 15:10:45 +02:00
Trevor Bentley
4dffc0fa6a
Bump libykpiv version to 1.5.0
2017-10-23 16:27:09 +02:00
Trevor Bentley
b3cbfb5560
Some documentation and cleanup of ykpiv.h
2017-10-23 16:26:25 +02:00
Trevor Bentley
58abe404f3
Generate Doxygen docs for libykpiv if doxygen is available.
2017-10-23 16:26:23 +02:00
Trevor Bentley
935e05485a
Use openssl implementation of DES_is_weak_key on non-Windows, and add unit test.
2017-10-23 16:26:20 +02:00
Trevor Bentley
27933eaff8
Fix applet selection for whole public API.
2017-10-23 16:26:17 +02:00
Trevor Bentley
c07355fefb
Fix unit tests for NEO: use ECCP256 and detect attestation errors
2017-10-23 16:26:14 +02:00
Trevor Bentley
aa293dcc31
Fix PIN length handling in ykpiv_verify*()
2017-10-23 16:26:08 +02:00
Trevor Bentley
de065ae36e
Rename util.c test suite to api.c
2017-10-23 16:26:05 +02:00
Trevor Bentley
f903a432e3
Backport minidriver changes
...
* Port ykpiv_auth_getchallenge and ykpiv_auth_verifyresponse
- Commit 8fde607b50b19c57a662c53c6b276b54a78606d8
- Commit 6046b98e477cfef59a590ce2177336d694813e7e
- Commit 422cea11745dc67d15039e242ed21ecb5208ae55
- Commit 1d31647e5a27bd2df6bda76512c7d673980f0bec
* Rename connect2() and done2() to connect_with_external_card(), etc.
* Select applet in ykpiv_change_pin, change_puk, and unblock_pin
2017-10-23 16:26:02 +02:00