Aloz1
866b6b1d9d
Added checks to allow building against LibreSSL
...
It seems that when OpenSSL 1.1.0 support was added, LibreSSL was broken
due to the way version checking was done. This adds extra checks for
LIBRESSL_VERSION_NUMBER where applicable.
2017-12-29 14:38:37 +11:00
Trevor Bentley
20a5ecce0f
Fix OpenSSL 1.1 build with mingw32/64
2017-11-27 11:27:11 +01:00
Trevor Bentley
7ca0267ddf
Fix OpenSSL 1.1 compat layer
...
- Changes for latest ykpiv_util refactor
- Passes hw tests with openssl 1.0 and 1.1
- Passes valgrind
2017-11-21 17:08:38 +01:00
Trevor Bentley
4785e23bd1
Merge branch 'master' of https://github.com/Jakuje/yubico-piv-tool into Jakuje-master
2017-11-20 14:03:48 +01:00
Jakub Jelen
77c51a7317
Properly apply the OpenSSL version checks
2017-11-14 13:34:57 +01:00
Jakub Jelen
0a131a053d
Do not use the new API with the old OpenSSL
2017-11-14 10:54:47 +01:00
Jakub Jelen
4a847677cc
WIP:Use RSA/EC_KEY METHOD to provide X509 signatures using high-level OpenSSL API
2017-11-13 17:39:34 +01:00
Jakub Jelen
d2ffc41a6c
RAND_pseudo_bytes is deprecated in OpenSSL 1.1.0
2017-11-13 17:39:34 +01:00
Jakub Jelen
ad4e93a462
Few more OpenSSL 1.1.0 incompatibilities
2017-11-13 17:39:34 +01:00
Jakub Jelen
bd351261ec
Initial idea of openssl-1.1.0 compatibility (still missing some magic around certificates)
2017-11-13 17:39:34 +01:00
Trevor Bentley
a7eb0657f1
Fix compile time warnings about -no-install on Darwin/clang
2017-10-26 12:37:05 +02:00
Trevor Bentley
c2f86d0a0f
Move YK4 insecure on-chip key generation prevention from yubico-piv-tool to libykpiv
2017-10-24 15:59:44 +02:00
Trevor Bentley
15f533d7de
Move hardware tests to "make hwtest", with one warning for all test suites.
...
- "make check" will mark destructive tests as skipped
- "make hwtest" will ask once for user confirmation
2017-10-24 15:10:45 +02:00
Trevor Bentley
4c9004feeb
Remove artifact from rebase (bad local variable)
2017-10-23 16:28:57 +02:00
Trevor Bentley
c07355fefb
Fix unit tests for NEO: use ECCP256 and detect attestation errors
2017-10-23 16:26:14 +02:00
Trevor Bentley
7177ceda74
Extra attempts for PIN/PUK block in unit test
2017-10-23 16:26:11 +02:00
Trevor Bentley
ef81054dc2
Add automated tests for yubico-piv-tool CLI (hw-tests only)
2017-10-23 16:25:59 +02:00
Trevor Bentley
9a7ccf48fa
Fix all clang scan-build warnings
2017-10-23 16:25:56 +02:00
Trevor Bentley
90209997cc
Unit test for ykpiv_attest()
2017-10-23 16:25:53 +02:00
Trevor Bentley
5291bc4a63
Fix issue #123 - specify text/binary mode for open files
2017-10-23 16:25:50 +02:00
Trevor Bentley
79464a3d3e
Use slot enum consistently. Move slot->object translation into libykpiv.
2017-10-23 16:25:47 +02:00
Trevor Bentley
2e818dd914
Add ykpiv_util_(get/set)_cccid(), and use in yubico-piv-tool
2017-10-23 16:25:44 +02:00
Trevor Bentley
f6b817f056
Add ykpiv_attest() and use it in yubico-piv-tool
2017-10-23 16:25:38 +02:00
Trevor Bentley
248980fe27
yubico-piv-tool: use ykpiv_util_read_cert
2017-10-23 16:25:35 +02:00
Trevor Bentley
3bca63c39c
yubico-piv-tool: use ykpiv_util_delete_cert
2017-10-23 16:25:32 +02:00
Trevor Bentley
ded78751a0
Add gzip support to ykpiv_util_import_certificate(), and use in yubico-piv-tool
2017-10-23 16:25:20 +02:00
Trevor Bentley
8135a55200
yubico-piv-tool: Switch to ykpiv_set_pin_retries()
2017-10-23 16:25:17 +02:00
Trevor Bentley
ec8e2786e6
yubico-piv-tool: use ykpiv_util_reset()
2017-10-23 16:25:13 +02:00
Trevor Bentley
12f35b8884
yubico-piv-tool: use util function for key generation
2017-10-23 16:25:10 +02:00
Trevor Bentley
0d2b85fcef
Switch test cases to use libcheck framework
...
This keeps the test logic the same, but moves most of them into the libcheck
test suite framework. It gives better control over grouping related tests,
running them in parallel, and reporting on multiple failures.
Running in parallel also brings problems, so libykcs11 tests are left
untouched. Parallel access to a single hardware DUT does not make sense,
and pcsc-lite doesn't work after a fork() in OS X 10.11+, so it can't run
in libcheck's tests anyway.
2017-10-23 16:21:50 +02:00
Klas Lindfors
cd11196535
disable rsa keygen for yubikey4 before 4.3.5
...
point at https://yubi.co/ysa201701/
2017-10-16 15:32:25 +02:00
Klas Lindfors
8614d227cb
touch-policy and pin-policy is only available on YubiKey 4
2017-04-24 08:27:58 +02:00
Klas Lindfors
6304a6c799
add a line about slot f9 to help output
2017-04-19 14:23:59 +02:00
Klas Lindfors
60e32d53c5
let help2adoc use the h2m file as extra include
2017-04-19 14:16:44 +02:00
Klas Lindfors
9dfe04cd06
update documentation and help output for how to specify secrets on stdin
...
also update all examples to have no space after short option.
2017-04-19 14:15:24 +02:00
Klas Lindfors
e6a7517050
add a new hidden flag --stdin-input for straight stdin input
2017-04-18 13:05:27 +02:00
Klas Lindfors
8bdf7378d6
fixup dependencies for yubico-piv-tool.1
...
should now support parallel builds
2016-09-12 09:54:04 +02:00
Klas Lindfors
621bad8acd
make sure to return RSA keys with ASN1_NULL as parameter
2016-08-17 10:32:04 +02:00
Simon Josefsson
89bec1260a
Improve license headers.
2016-08-12 15:30:06 +02:00
Klas Lindfors
b052250a1b
make certificate serial number random by default
2016-08-10 10:12:32 +02:00
Alessio Di Mauro
3f4cb12702
Add SSH export for RSA public key
2016-07-12 13:54:22 +02:00
Michael Scherer
24534bcfcf
Replace magic number for status word by constants
...
Most come from NIST special publication 800-73-4, section 5.6,
except one which I assume to be a custom one for yubikey.
2016-05-09 09:38:37 +02:00
Klas Lindfors
bbde9f91f9
Merge branch 'fix_typo' of ssh://github.com/mscherer/yubico-piv-tool into mscherer-fix_typo
2016-05-09 09:01:28 +02:00
Klas Lindfors
fc5e1536ef
Merge pull request #74 from mscherer/fix_constant_name
...
Fix error in the define name YKPIV_INS_GENERATE_ASYMMERTRIC
2016-05-09 08:58:39 +02:00
Klas Lindfors
b712600727
Merge pull request #71 from mscherer/small_cleanup
...
Do not repeat the size of certdata
2016-05-09 08:57:22 +02:00
Michael Scherer
ff67119447
Do not repeat the size of certdata
2016-05-05 01:11:46 +02:00
Michael Scherer
099c55e90a
Fix various errors messages
2016-05-05 01:11:37 +02:00
Michael Scherer
fd9a0a324d
Fix error in the define name YKPIV_INS_GENERATE_ASYMMERTRIC
2016-05-05 01:11:33 +02:00
Michael Scherer
6e4266c886
Add YKPIV_ALGO_TAG
...
Replace the magic constant 0x80 when sending a packet to the key
2016-05-05 01:11:18 +02:00
Klas Lindfors
ebf31d73f8
Merge branch 'attestation2'
2016-05-03 09:24:14 +02:00