Stacey Sheldon
421469b220
FASC-N: correct encoding of the packed 4-bit decimal format with odd parity
...
The BCD digits in the FASC-N credential are sent lsb first followed by an
odd parity. Since this perl script is simply packing the bits in their
expected order, the encodings should exactly match figure 7 in
"Technical Implementation Guidance: Smart Card Enabled Physical Access
Control Systems Version 2.2".
2019-01-01 01:23:55 -05:00
Klas Lindfors
79b86cf9bd
fix fasc-n value of 1
...
relates #177
2018-12-18 09:25:05 +01:00
Klas Lindfors
5d1d044982
Merge branch 'pr-165'
2018-09-21 10:34:09 +02:00
Klas Lindfors
898b85821c
ykcs11: allow the pkcs11 module to find headers from tool/
...
fixes #166
2018-09-18 08:38:57 +02:00
Dave Pate
cbd5ba5122
libykpiv/piv-tool 1.6.3
...
lib: promote get_serial to base API
lib: add ykpiv_get_serial to external API
tool: add serial number/version to status command
build: fix msvc build of case insensitive-reader (missing strncasecmp and cast warnings)
lib: consolidate neo/yk4 + yk5 serial number routines
lib: fix GCC 8 compilier warnings
lib: reimplement deauthenticate to select mgmt aid
build: disable -Waggregate-return
lib: fix warning differences between gcc and msvc
lib: add option to disable implicit card transactions
lib: remove application reselect prior to crypt operations
build: fix msvc warnings wrt length checking logic fixes
lib: fix error condition logic in untransacted internal functions
lib: create internal transactionless ykpiv_transfer_data
2018-09-14 14:29:39 -07:00
Klas Lindfors
311ba9b30c
bump version to 1.6.3
2018-09-14 10:04:27 +02:00
Klas Lindfors
54ed4018b2
NEWS for 1.6.2
2018-09-14 09:24:05 +02:00
Klas Lindfors
a24dd0a2ee
tool: for openssl 1.1 rsa signatures include hash oid
...
the rsa signature has to be over hash oid + message digest, dropping the
oid from the hash leads to invalid certificate requests and selfsigned
certificates.
fixes #164
2018-09-10 10:24:32 +02:00
Klas Lindfors
228a04ad73
tool: only declare the static struct once in wrap_public_key()
...
and make sure to just set it once for both rsa and ec
2018-09-10 10:04:46 +02:00
Klas Lindfors
696894bc68
tool: handle error conditions from signing with openssl 1.1
...
relates #164
2018-09-10 08:52:39 +02:00
Alessio Di Mauro
d0ba708260
Merge PR #163
2018-09-07 13:58:18 +02:00
Klas Lindfors
6e51db8c80
lib: make the reader comparison case-insensitive
...
sadly strcasestr is a GNU/BSD extension, not part of posix so we have to
do our own thing here or do different things on different platforms.
2018-09-07 12:57:10 +02:00
Klas Lindfors
62142a1b74
bump openssl versions to 1.0.2p
2018-08-17 09:45:39 +02:00
Klas Lindfors
945a0f314d
bump version to 1.6.2
2018-08-17 09:45:20 +02:00
Klas Lindfors
ff12f8baf3
NEWS for 1.6.1
2018-08-17 09:22:18 +02:00
Klas Lindfors
5bbce58cee
update NEWS for more changes that happened in 1.6.0
2018-08-17 09:20:36 +02:00
Klas Lindfors
23a4d008c6
finish up version bump to 1.6.1, LT_REVISION has to increase
2018-08-17 09:14:32 +02:00
Klas Lindfors
45e74cfccf
tool: check length before trying to store cert in buffer
...
fixes #148
2018-08-16 14:49:32 +02:00
Klas Lindfors
16d539041e
ykpiv: when decoding an object compare lengths correctly
...
the length comparison when reading an object out was messed up, this
fixes it to compare correctly.
relates #154
2018-08-16 14:25:31 +02:00
Klas Lindfors
c15efbfdd7
ykpiv: fix length when encoding exactly 0xff bytes
...
this should be encoded as 81 ff, not 82 00 ff
relates #154
2018-08-16 14:25:14 +02:00
Klas Lindfors
7b1c8197fb
Merge branch 'pr-157'
2018-08-09 10:23:52 +02:00
Jakub Jelen
d613b42b0c
Avoid unused variables and warnings when building against OpenSSL 1.1
2018-08-08 16:12:25 +02:00
Thordur Bjornsson
419d0da8bc
Revert the configure.ac portion of c31a0425.
...
Bugfixes don't change the libtool versions, so revert back.
2018-08-08 15:25:09 +02:00
Thordur Bjornsson
c31a042595
Bump version to 1.6.1 unreleased
2018-08-08 10:42:20 +02:00
Thordur Bjornsson
5258920cff
release: 1.6.0
2018-08-06 17:31:55 +02:00
Klas Lindfors
80d47c82f0
lib: in _ykpiv_fetch_object() handle bogus length by returning
...
otherwise we might memmove() to much data
Thanks to Eric Sesterhenn of x41 D-Sec for reporting this issue to us.
2018-08-03 10:51:46 +02:00
Klas Lindfors
01a127a44a
lib: in ykpiv_transfer_data() handle overflow by exiting
...
this is detected and printed, but we never exit the function
Thanks to Eric Sesterhenn of x41 D-Sec for reporting this issue to us.
2018-08-03 10:51:00 +02:00
Alessio Di Mauro
5877998f03
ykcs11: ignore more attributes when creating objects
2018-05-15 11:45:00 +02:00
Alessio Di Mauro
bdfe49f223
Make slot 9e private so that OpenSSL can ask for a PIN
2018-05-09 16:34:08 +02:00
Alessio Di Mauro
3758cecdd9
Remove 384 from the supported lengths for EC key generation in ykcs11
...
Closes #149
2018-05-07 13:35:05 +02:00
Alessio Di Mauro
7533e7fb56
Ignore CKA_PRIVATE in ykcs11
...
Newer version of pkcs11-tool set the CKA_PRIVATE attribute during
generation making the operation fail. The attribute is now ignored.
2018-05-03 10:20:02 +02:00
Alessio Di Mauro
15aef8957d
Update key generation in ykcs11 to work with OpenSSL 1.1
...
Manually setting a signature for a certificate is not possible in
OpenSSL 1.1 because some of the structs have become opaque. Use
X509_sign() with a bogus key instead.
2018-05-03 10:20:00 +02:00
Klas Lindfors
0bae4b53ce
Merge branch 'pr-144'
2018-03-25 17:36:12 +02:00
James Alseth
9d8f8f3f2b
Fixed slot argument error in attestation verification example.
2018-03-23 14:53:27 -07:00
Alessio Di Mauro
a2005eac92
Add check as a dependency to the Vagrant provision script
...
Closes #142 .
2018-03-19 09:08:10 +01:00
Trevor Bentley
b4201cb605
Merge pull request #139 from notdpate/master
...
Libykpiv ROCA mitigation changes for PIV tool/Minidriver - Release 1.5.2
2018-03-06 12:46:46 +00:00
Dave Pate
7aa8228985
Release 1.5.2
...
Bump libtool version
2018-03-05 14:17:47 -08:00
Dave Pate
775eaacc9f
Merge upstream master commits
2018-03-05 11:32:25 -08:00
Dave Pate
b98f97ef62
Fixes linux/osx build warnings
...
Clarify logic for configuration file
2018-03-05 11:28:52 -08:00
Trevor Bentley
8b99accf58
Merge pull request #138 from Jakuje/master
...
Compiler warnings and compatibility with older check versions
2018-02-27 15:00:09 +00:00
Jakub Jelen
bbd92009fc
libcheck 0.9 compatibility for RHEL7
2018-02-27 15:40:31 +01:00
Jakub Jelen
dfca8e2e55
Remove unused variables
2018-02-27 15:40:31 +01:00
Trevor Bentley
b5d9dc86d7
Merge pull request #141 from laomaiweng/openssl-1.1.0-compat
...
Improve compatibility with OpenSSL 1.1.0
2018-02-27 14:21:49 +00:00
quentin
c8372f27d7
Improve compatibility with OpenSSL 1.1.0
...
* add missing headers
* stop using deprecated APIs
2018-02-26 02:43:41 +01:00
Jakub Jelen
f5c42cef89
Do not build test if HW_TESTS is not enabled (to avoid warnings)
2018-02-10 19:35:12 +01:00
Dave Pate
0b2dcb0aaf
Fix msvc build warning re: return values
2018-02-09 09:14:45 -08:00
Dave Pate
9783f9b626
Fix warnings in msvc build
2018-02-09 09:03:10 -08:00
Dave Pate
289896ac61
Add syslog/windows event log output
...
Read multistage configuration
Update ROCA mitigation check and warnings
2018-02-09 08:28:51 -08:00
Trevor Bentley
38ce95cf1c
Merge pull request #137 from Yubico/custom_pcsc
...
Support specifying custom PCSC lib
2018-01-25 11:23:01 +01:00
Trevor Bentley
c9f4d684d1
Support specifying custom PCSC lib
2018-01-24 15:44:22 +01:00