Commit Graph

1021 Commits

Author SHA1 Message Date
James Alseth 9d8f8f3f2b Fixed slot argument error in attestation verification example. 2018-03-23 14:53:27 -07:00
Alessio Di Mauro a2005eac92 Add check as a dependency to the Vagrant provision script
Closes #142.
2018-03-19 09:08:10 +01:00
Trevor Bentley b4201cb605 Merge pull request #139 from notdpate/master
Libykpiv ROCA mitigation changes for PIV tool/Minidriver - Release 1.5.2
2018-03-06 12:46:46 +00:00
Dave Pate 7aa8228985 Release 1.5.2
Bump libtool version
2018-03-05 14:17:47 -08:00
Dave Pate 775eaacc9f Merge upstream master commits 2018-03-05 11:32:25 -08:00
Dave Pate b98f97ef62 Fixes linux/osx build warnings
Clarify logic for configuration file
2018-03-05 11:28:52 -08:00
Trevor Bentley 8b99accf58 Merge pull request #138 from Jakuje/master
Compiler warnings and compatibility with older check versions
2018-02-27 15:00:09 +00:00
Jakub Jelen bbd92009fc libcheck 0.9 compatibility for RHEL7 2018-02-27 15:40:31 +01:00
Jakub Jelen dfca8e2e55 Remove unused variables 2018-02-27 15:40:31 +01:00
Trevor Bentley b5d9dc86d7 Merge pull request #141 from laomaiweng/openssl-1.1.0-compat
Improve compatibility with OpenSSL 1.1.0
2018-02-27 14:21:49 +00:00
quentin c8372f27d7 Improve compatibility with OpenSSL 1.1.0
* add missing headers
* stop using deprecated APIs
2018-02-26 02:43:41 +01:00
Jakub Jelen f5c42cef89 Do not build test if HW_TESTS is not enabled (to avoid warnings) 2018-02-10 19:35:12 +01:00
Dave Pate 0b2dcb0aaf Fix msvc build warning re: return values 2018-02-09 09:14:45 -08:00
Dave Pate 9783f9b626 Fix warnings in msvc build 2018-02-09 09:03:10 -08:00
Dave Pate 289896ac61 Add syslog/windows event log output
Read multistage configuration
Update ROCA mitigation check and warnings
2018-02-09 08:28:51 -08:00
Trevor Bentley 38ce95cf1c Merge pull request #137 from Yubico/custom_pcsc
Support specifying custom PCSC lib
2018-01-25 11:23:01 +01:00
Trevor Bentley c9f4d684d1 Support specifying custom PCSC lib 2018-01-24 15:44:22 +01:00
Trevor Bentley 74e1a0885c Merge pull request #136 from jmyreen/openssl-1.1-fixes
Fixed some bugs in the port to Openssl-1.1:
2018-01-02 13:24:53 +01:00
Trevor Bentley 6dc0419a79 Merge pull request #135 from Aloz1/libressl-support
Added checks to allow building against LibreSSL
2018-01-02 13:07:07 +01:00
Johan Myréen b0210e0710 Fixed some bugs in the port to Openssl-1.1:
- wrap_public_key() passed the address of the local stack variable
  internal_key to RSA_meth_set0_data(), which was used long after
  wrap_public_key() had returned. Changed to static.

- The callback functions yk_rsa_meth_sign and yk_ec_meth_sign 'siglen'
  parameter has type (unisgned int *), which was cast to (size_t *)
  before it was used to write a value in the caller's memory
  space. This caused stack corruption on machines where size_t is
  bigger than unsigned int.

- The callback function's 'siglen' parameter is output-only, not
  in-out. The input value was assumed to contain the maximum size of
  the output buffer as input, and a bogus value was compared to the
  amount of data received from the token in function
  _general_authenticate(). Changed to pass in the values returned by
  RSA_size(rsa) and ECDSA_size(ec), which Openssl specifies as minimum
  buffer sizes.

- The callback functions' return values were swapped; fixed to return
  1 on success, 0 on failure.
2017-12-30 22:08:09 +02:00
Aloz1 866b6b1d9d Added checks to allow building against LibreSSL
It seems that when OpenSSL 1.1.0 support was added, LibreSSL was broken
due to the way version checking was done. This adds extra checks for
LIBRESSL_VERSION_NUMBER where applicable.
2017-12-29 14:38:37 +11:00
Trevor Bentley 427451c12f Bump version to 1.5.1 unreleased 2017-11-29 13:10:53 +01:00
Trevor Bentley ab6f3d668a Merge pull request #133 from Yubico/distclean
Use library dependencies for openssl compat layer
2017-11-29 10:56:55 +01:00
Trevor Bentley d46db8e181 Build libs before running check. 2017-11-29 09:55:20 +00:00
Trevor Bentley d5d953be95 Use library dependencies for openssl compat layer 2017-11-29 09:47:45 +00:00
Trevor Bentley 5bc03bfc29 Updated NEWS 2017-11-29 10:18:42 +01:00
Trevor Bentley 4acf0361cd Merge pull request #132 from Yubico/bump_openssl
Bump Windows/Mac builds to latest OpenSSL 1.0.x
2017-11-29 10:16:23 +01:00
Trevor Bentley 7e9c383b1c Bump Windows/Mac builds to latest OpenSSL 1.0.x 2017-11-29 10:09:59 +01:00
Trevor Bentley 66a2bafacb Merge pull request #131 from Yubico/openssl1.1_jakuje
OpenSSL 1.1 compatibility
2017-11-27 16:39:42 +01:00
Trevor Bentley 7f76eaeb64 Fix 'make dist' 2017-11-27 14:50:50 +01:00
Trevor Bentley c1a500fce4 Build with correct OpenSSL version number on Mac and mingw32/64
This is a cosmetic change.  OpenSSL picks up the VERSION environment variable
when building, which is set to the yubico-piv-tool version number during
Travis-CI builds.  This overrides it back to the OpenSSL version when building
OpenSSL.
2017-11-27 13:02:19 +01:00
Trevor Bentley 20a5ecce0f Fix OpenSSL 1.1 build with mingw32/64 2017-11-27 11:27:11 +01:00
Trevor Bentley b10d98e96b Build against OpenSSL 1.1 in travis-ci 2017-11-24 15:52:17 +01:00
Trevor Bentley 7ca0267ddf Fix OpenSSL 1.1 compat layer
- Changes for latest ykpiv_util refactor
 - Passes hw tests with openssl 1.0 and 1.1
 - Passes valgrind
2017-11-21 17:08:38 +01:00
Trevor Bentley 4785e23bd1 Merge branch 'master' of https://github.com/Jakuje/yubico-piv-tool into Jakuje-master 2017-11-20 14:03:48 +01:00
Trevor Bentley 3aaa525efc Merge pull request #130 from Yubico/ykpiv_util
Refactor yubico-piv-tool/libykpiv with a ykpiv_util_* high-level API
2017-11-20 10:23:05 +01:00
Trevor Bentley 6a34b6ef96 Fix cross-compiling for mingw64 2017-11-17 16:13:15 +01:00
Jakub Jelen 77c51a7317 Properly apply the OpenSSL version checks 2017-11-14 13:34:57 +01:00
Trevor Bentley 40d5b7cbab Install 'check' package in build script. 2017-11-14 11:34:07 +01:00
Jakub Jelen 0a131a053d Do not use the new API with the old OpenSSL 2017-11-14 10:54:47 +01:00
Jakub Jelen eda075fa57 Provide the bogus signature with OpenSSL 1.1.0 API 2017-11-14 10:37:02 +01:00
Jakub Jelen 13f542c1f8 Use the new OpenSSL 1.1.0 API also in the HW tests 2017-11-14 10:29:34 +01:00
Jakub Jelen a2715f0a4a Use OpenSSL 1.1.0 API 2017-11-13 17:43:06 +01:00
Jakub Jelen 4a847677cc WIP:Use RSA/EC_KEY METHOD to provide X509 signatures using high-level OpenSSL API 2017-11-13 17:39:34 +01:00
Jakub Jelen d2ffc41a6c RAND_pseudo_bytes is deprecated in OpenSSL 1.1.0 2017-11-13 17:39:34 +01:00
Jakub Jelen ad4e93a462 Few more OpenSSL 1.1.0 incompatibilities 2017-11-13 17:39:34 +01:00
Jakub Jelen bd351261ec Initial idea of openssl-1.1.0 compatibility (still missing some magic around certificates) 2017-11-13 17:39:34 +01:00
Trevor Bentley aa3b69926b Doxygen documentation for ykpiv_util_* API. 2017-11-08 11:38:27 +01:00
Trevor Bentley 3ce4f0ccae Clean up typos, warnings, and incorrect libtool age. 2017-11-08 11:11:45 +01:00
Trevor Bentley c7549ac9cc Update .gitignore 2017-11-03 16:29:17 +01:00