Commit Graph

1004 Commits

Author SHA1 Message Date
Tony Arcieri 5e0e0fe0c2 oxidize: Fix or note any translation errata
This either fixes or adds "FIXME" notes for any parts of the code that
corrode had trouble translating.

Namely there are a number of places members of the APDU struct(?) were
accessed which corrode failed to translate.
2019-08-10 14:50:36 -07:00
Tony Arcieri 29fe670896 oxidize: Factor into standard Rust crate structure
- Adds initial `Cargo.toml` (and `Cargo.lock` to `.gitignore`)
- Deletes `tool` (it seems hard to `corrode`)
- Moves `lib/tests` => `tests` (we should figure out how to translate them)
- Moves `lib` => `src` to match Rust conventions
- Renames `lib/ykpiv.rs` => `src/lib.rs` to match Rust conventions
- Adds copyright from `ykpiv.h` to the top of all `*.rs` files
2019-08-10 14:49:48 -07:00
Tony Arcieri 45ba342f57 oxidize: Initial corrode translation
Includes changes to the original C code needed for `corrode` to accept
the input.

There were a lot of problems with APDU fields. These need to be copied
into the translated Rust code and fixed up manually.

Code otherwise contains the raw `corrode` output.
2019-08-10 10:48:02 -07:00
Tony Arcieri a226b56696 oxidize: Prep directory structure for Rust translation
- Keeps: `lib`, `tool`
- Deletes everything else except for `COPYING` (i.e. license)
- Replaces `.gitignore` with a more standard Rust one
2019-08-10 10:12:34 -07:00
Alessio Di Mauro f794d02392 Merge PR #201 2019-07-17 09:29:30 +02:00
Tharsan Ponnampalam 48e310c33f lib: Implemented change pin for the puk key 2019-07-16 16:04:39 -04:00
Alessio Di Mauro cd2acd3ee5 Merge PR #198 2019-07-15 09:19:44 +02:00
Tharsan Ponnampalam ce5fca5d71 lib: Implemented change pin for the management key 2019-07-12 12:42:25 -04:00
Klas Lindfors 8ba243f0b3 lib: correct parentheses around condition+assignment
fixes #197
2019-07-03 16:00:57 +02:00
Dain Nilsson 682d91be2b Remove note about ifd-yubico. 2019-06-24 15:01:48 +02:00
Alessio Di Mauro 8a9223a380 Merge PR #194 2019-05-22 12:33:02 +02:00
Peter Jones a4c64c8c21 Initialize C_Initialize's reader list to NULs.
valgrind --track-origins=true says:

==13529== Conditional jump or move depends on uninitialised value(s)
==13529==    at 0x4AF92D1: PK11_MakeString (pk11slot.c:1073)
==13529==    by 0x4AFA5AA: PK11_InitSlot (pk11slot.c:1456)
==13529==    by 0x4AE315E: secmod_LoadPKCS11Module (pk11load.c:563)
==13529==    by 0x4AEF68C: SECMOD_LoadModule (pk11pars.c:1838)
==13529==    by 0x4AEF7C7: SECMOD_LoadModule (pk11pars.c:1874)
==13529==    by 0x4ABCB6A: nss_InitModules (nssinit.c:464)
==13529==    by 0x4ABCB6A: nss_Init (nssinit.c:689)
==13529==    by 0x4ABD17C: NSS_Init (nssinit.c:824)
==13529==    by 0x4059C0: main (pesign.c:354)
==13529==  Uninitialised value was created by a stack allocation
==13529==    at 0x484D175: C_Initialize (in /usr/lib64/libykcs11.so.1.5.0)

This is the result of a combination of two problems.  In
ykcs11/utils.c:parse_readers(), the code does:

  for (i = 0; i < len; i++)
    if (readers[i] == '\0' && i != len - 1) {

But in ykcs11/ykcs11.c:C_Initialize(), the parts of readers[] that are
initialized are only the parts that have been populated; the rest of
the array is still just whatever value is on the stack.  Additionally,
in lib/ykpiv.c:ykpiv_list_readers(), which populates the array, the
length is updated only in the case where the buffer is smaller than the
data, not when there is additional buffer but no data:

  if (num_readers > *len) {
    num_readers = (pcsc_word)*len;
  }

The result is that if the amount of reader data is smaller than 2048
bytes, PK11_InitSlot() will try to find reader data in the rest of the
array, which has not been initialized.

This patch adds an initialization for the data to set it all '\0', and
also updates the length when there is excess buffer available.

Signed-off-by: Peter Jones <pjones@redhat.com>
2019-05-21 11:01:24 -04:00
Alessio Di Mauro 6dd9ab09d4 Merge PR #193 2019-05-20 09:04:33 +02:00
Kelby Ludwig 08b32ef3e0 added switch to ignore CKA_LABEL on calls to check_pubkey_template and check_pvtkey_template 2019-05-18 21:39:36 -05:00
Klas Lindfors 0f33efeff7 Merge branch 'pr-191' 2019-05-07 14:44:35 +02:00
Dave Pate c61d6c6f23 lib: warn, but don't fail on error reading serial number or version
lib: fix Windows build with OpenSSL 1.1.1
ykcs11: fix size_t/unsigned long type mismatch on Windows x64
2019-05-06 14:46:46 -07:00
Klas Lindfors 00ced78b7a bump openssl to 1.0.2r 2019-04-03 10:27:45 +02:00
Klas Lindfors 4424a541d7 bump version for 1.7.1 2019-04-03 10:27:34 +02:00
Klas Lindfors d13515d11d NEWS for 1.7.0 2019-04-03 09:53:29 +02:00
Klas Lindfors 3d084c6f9a Merge branch 'pr-188' 2019-04-03 09:47:54 +02:00
Dave Pate 7b64528cf7 lib: check tlv length encoding when reading complex data 2019-04-03 09:46:59 +02:00
Dave Pate 5113a5ed02 lib: tlv length buffer checks 2019-04-03 09:46:54 +02:00
Dave Pate afbe1b2670 lib: handle realloc failures safely 2019-04-03 09:46:49 +02:00
Dave Pate f37cf3f462 lib: clear secrets in set_protected_mgm 2019-04-03 09:46:41 +02:00
Dave Pate 7ff3007017 lib: clear secrets in ykpiv_import_private_key 2019-04-03 09:46:35 +02:00
Dave Pate a10ab1ace5 lib: correct zero memory defines, correct overflow checks in _write_certificate 2019-04-03 09:46:27 +02:00
Dave Pate c4dbf9d02c lib: clear secrets in auth api 2019-04-03 09:46:20 +02:00
Dave Pate 340177f070 lib: check that serial/version checks occur during select 2019-04-03 09:46:15 +02:00
Dave Pate 934120888f lib: define constant for max pin len magic numbers
lib: clear pin buffers when no longer used
2019-04-03 09:46:01 +02:00
Dave Pate eb250134f8 lib: check internal authentication crypt errors 2019-04-03 09:45:57 +02:00
Dave Pate b2dd16deb4 lib: clear buffers containing key material 2019-04-03 09:45:53 +02:00
Dave Pate 28189201a4 lib: use secure zero memory platform functions 2019-04-03 09:45:49 +02:00
Dave Pate 2e72c8f85c lib: resolves potential reads of uninitialized data 2019-04-03 09:45:44 +02:00
pedro martelletto 9a72ec1ba1 doc: set LC_CTYPE=C; fixes ef81d164 on MacOS 2019-03-07 07:50:08 +01:00
Alessio Di Mauro 33a10a5adb Merge pull request #187 from Yubico/pvs_remove_warnings
Remove some warnings
2019-03-06 15:27:40 +01:00
Gabriel Kihlman bc2f161c51 Initialize buf to 0 to make a code scanner happy 2019-03-06 15:16:56 +01:00
Gabriel Kihlman f60d2d4ff8 Do not assign variable twice 2019-03-06 14:32:42 +01:00
Gabriel Kihlman 3f7f2b633b Remove duplicate check on op_info.type != YKCS11_SIGN 2019-03-06 14:31:04 +01:00
Klas Lindfors 1f8a759894 Merge branch 'pr-186' 2019-03-05 08:16:44 +01:00
pedro martelletto ef81d16465 doc: rely on /dev/urandom's distribution to generate secrets
as per https://github.com/Yubico/developers.yubico.com/issues/87
2019-03-05 07:58:09 +01:00
Alessio Di Mauro bc72c7378f Merge PR#184 2019-02-20 16:09:32 +01:00
Gabriel Kihlman 5baf9347e1 Check return value of strdup 2019-02-20 16:02:19 +01:00
Klas Lindfors 2581c0b3c3 bump openssl version and don't include check binaries 2019-02-18 13:52:16 +01:00
Alessio Di Mauro 1d6ed20182 Merge PR#183 2019-02-15 16:05:38 +01:00
Klas Lindfors e4e3137556 tool: fix selfsigned extensions
previous code was on the naive side
2019-02-15 15:46:13 +01:00
Alessio Di Mauro 6264c6a578 Merge PR #182 2019-02-15 13:34:45 +01:00
Klas Lindfors 7ecb5fe0b8 tool: add extensions for selfsigned certificates to match openssl
this adds subjectKeyIdentifier, authorityKeyIdentifier and
basicConstraints (CA:TRUE) for selfsigned certificates to match with
openssl req
2019-02-15 12:59:38 +01:00
Alessio Di Mauro 5749371432 ykcs11: use a large enough buffer when writing EC signatures 2019-01-07 11:03:52 +01:00
Klas Lindfors 8b38f0c079 Merge branch 'pr-178' 2019-01-02 08:50:49 +01:00
Stacey Sheldon 811ddbb22d CHUID: fix the encoding of the FASC-N data element in the CHUID
This is the hard-coded FASC-N field being used by yubico-piv-tool
  [9999-9999-999999-0-1-0000000000300001]
  S9999F9999F999999F0F1F0000000000300001E

It should be encoded as this sequence of 5-bit values
 11010 (SS)
   10011 10011 10011 10011 (9999)
 10110 (FS)
   10011 10011 10011 10011 (9999)
 10110 (FS)
   10011 10011 10011 10011 10011 10011 (999999)
 10110 (FS)
   00001 (0)
 10110 (FS)
   10000 (1)
 10110 (FS)
   00001 00001 00001 00001 00001 00001 00001 00001 00001 00001 (0000000000)
   11001 (3)
   00001 00001 00001 00001 (0000)
   10000 (1)
 11111 (ES)
 01011 (LRC)

This packs into this 25-byte (200-bit) sequence of hex bytes:
 d4 e7 39 da 73 9c ed 39 ce 73 9d 83 68 58 21 08
 42 10 84 21 c8 42 10 c3 eb
2019-01-01 01:43:51 -05:00