Commit Graph

210 Commits

Author SHA1 Message Date
Dave Pate c61d6c6f23 lib: warn, but don't fail on error reading serial number or version
lib: fix Windows build with OpenSSL 1.1.1
ykcs11: fix size_t/unsigned long type mismatch on Windows x64
2019-05-06 14:46:46 -07:00
Dave Pate 7b64528cf7 lib: check tlv length encoding when reading complex data 2019-04-03 09:46:59 +02:00
Dave Pate 5113a5ed02 lib: tlv length buffer checks 2019-04-03 09:46:54 +02:00
Dave Pate afbe1b2670 lib: handle realloc failures safely 2019-04-03 09:46:49 +02:00
Dave Pate f37cf3f462 lib: clear secrets in set_protected_mgm 2019-04-03 09:46:41 +02:00
Dave Pate 7ff3007017 lib: clear secrets in ykpiv_import_private_key 2019-04-03 09:46:35 +02:00
Dave Pate a10ab1ace5 lib: correct zero memory defines, correct overflow checks in _write_certificate 2019-04-03 09:46:27 +02:00
Dave Pate c4dbf9d02c lib: clear secrets in auth api 2019-04-03 09:46:20 +02:00
Dave Pate 340177f070 lib: check that serial/version checks occur during select 2019-04-03 09:46:15 +02:00
Dave Pate 934120888f lib: define constant for max pin len magic numbers
lib: clear pin buffers when no longer used
2019-04-03 09:46:01 +02:00
Dave Pate eb250134f8 lib: check internal authentication crypt errors 2019-04-03 09:45:57 +02:00
Dave Pate b2dd16deb4 lib: clear buffers containing key material 2019-04-03 09:45:53 +02:00
Dave Pate 28189201a4 lib: use secure zero memory platform functions 2019-04-03 09:45:49 +02:00
Dave Pate 2e72c8f85c lib: resolves potential reads of uninitialized data 2019-04-03 09:45:44 +02:00
Stacey Sheldon 811ddbb22d CHUID: fix the encoding of the FASC-N data element in the CHUID
This is the hard-coded FASC-N field being used by yubico-piv-tool
  [9999-9999-999999-0-1-0000000000300001]
  S9999F9999F999999F0F1F0000000000300001E

It should be encoded as this sequence of 5-bit values
 11010 (SS)
   10011 10011 10011 10011 (9999)
 10110 (FS)
   10011 10011 10011 10011 (9999)
 10110 (FS)
   10011 10011 10011 10011 10011 10011 (999999)
 10110 (FS)
   00001 (0)
 10110 (FS)
   10000 (1)
 10110 (FS)
   00001 00001 00001 00001 00001 00001 00001 00001 00001 00001 (0000000000)
   11001 (3)
   00001 00001 00001 00001 (0000)
   10000 (1)
 11111 (ES)
 01011 (LRC)

This packs into this 25-byte (200-bit) sequence of hex bytes:
 d4 e7 39 da 73 9c ed 39 ce 73 9d 83 68 58 21 08
 42 10 84 21 c8 42 10 c3 eb
2019-01-01 01:43:51 -05:00
Dave Pate cbd5ba5122 libykpiv/piv-tool 1.6.3
lib: promote get_serial to base API
lib: add ykpiv_get_serial to external API
tool: add serial number/version to status command
build: fix msvc build of case insensitive-reader (missing strncasecmp and cast warnings)
lib: consolidate neo/yk4 + yk5 serial number routines
lib: fix GCC 8 compilier warnings
lib: reimplement deauthenticate to select mgmt aid
build: disable -Waggregate-return
lib: fix warning differences between gcc and msvc
lib: add option to disable implicit card transactions
lib: remove application reselect prior to crypt operations
build: fix msvc warnings wrt length checking logic fixes
lib: fix error condition logic in untransacted internal functions
lib: create internal transactionless ykpiv_transfer_data
2018-09-14 14:29:39 -07:00
Klas Lindfors 6e51db8c80 lib: make the reader comparison case-insensitive
sadly strcasestr is a GNU/BSD extension, not part of posix so we have to
do our own thing here or do different things on different platforms.
2018-09-07 12:57:10 +02:00
Klas Lindfors 16d539041e ykpiv: when decoding an object compare lengths correctly
the length comparison when reading an object out was messed up, this
fixes it to compare correctly.

relates #154
2018-08-16 14:25:31 +02:00
Klas Lindfors c15efbfdd7 ykpiv: fix length when encoding exactly 0xff bytes
this should be encoded as 81 ff, not 82 00 ff

relates #154
2018-08-16 14:25:14 +02:00
Jakub Jelen d613b42b0c Avoid unused variables and warnings when building against OpenSSL 1.1 2018-08-08 16:12:25 +02:00
Klas Lindfors 80d47c82f0 lib: in _ykpiv_fetch_object() handle bogus length by returning
otherwise we might memmove() to much data

Thanks to Eric Sesterhenn of x41 D-Sec for reporting this issue to us.
2018-08-03 10:51:46 +02:00
Klas Lindfors 01a127a44a lib: in ykpiv_transfer_data() handle overflow by exiting
this is detected and printed, but we never exit the function

Thanks to Eric Sesterhenn of x41 D-Sec for reporting this issue to us.
2018-08-03 10:51:00 +02:00
Dave Pate 775eaacc9f Merge upstream master commits 2018-03-05 11:32:25 -08:00
Dave Pate b98f97ef62 Fixes linux/osx build warnings
Clarify logic for configuration file
2018-03-05 11:28:52 -08:00
Jakub Jelen bbd92009fc libcheck 0.9 compatibility for RHEL7 2018-02-27 15:40:31 +01:00
Jakub Jelen dfca8e2e55 Remove unused variables 2018-02-27 15:40:31 +01:00
Jakub Jelen f5c42cef89 Do not build test if HW_TESTS is not enabled (to avoid warnings) 2018-02-10 19:35:12 +01:00
Dave Pate 0b2dcb0aaf Fix msvc build warning re: return values 2018-02-09 09:14:45 -08:00
Dave Pate 9783f9b626 Fix warnings in msvc build 2018-02-09 09:03:10 -08:00
Dave Pate 289896ac61 Add syslog/windows event log output
Read multistage configuration
Update ROCA mitigation check and warnings
2018-02-09 08:28:51 -08:00
Trevor Bentley c9f4d684d1 Support specifying custom PCSC lib 2018-01-24 15:44:22 +01:00
Trevor Bentley d5d953be95 Use library dependencies for openssl compat layer 2017-11-29 09:47:45 +00:00
Trevor Bentley 20a5ecce0f Fix OpenSSL 1.1 build with mingw32/64 2017-11-27 11:27:11 +01:00
Trevor Bentley 7ca0267ddf Fix OpenSSL 1.1 compat layer
- Changes for latest ykpiv_util refactor
 - Passes hw tests with openssl 1.0 and 1.1
 - Passes valgrind
2017-11-21 17:08:38 +01:00
Trevor Bentley 6a34b6ef96 Fix cross-compiling for mingw64 2017-11-17 16:13:15 +01:00
Trevor Bentley aa3b69926b Doxygen documentation for ykpiv_util_* API. 2017-11-08 11:38:27 +01:00
Trevor Bentley 3ce4f0ccae Clean up typos, warnings, and incorrect libtool age. 2017-11-08 11:11:45 +01:00
Trevor Bentley 366de02ab1 Organize ykpiv.h, update NEWS file for 1.5.0 2017-11-03 16:15:13 +01:00
Trevor Bentley c6abe7ac6d Add integration test for PIN cache 2017-11-03 13:39:23 +01:00
Trevor Bentley 7818b49e7d Skip unusable integration tests when testing a NEO 2017-10-31 15:40:51 +01:00
Trevor Bentley c939cff518 Allow changing libykpiv compile-time ifdefs from CFLAGS 2017-10-31 12:34:15 +01:00
Trevor Bentley 252226220a Disable ensure_application_selected() by default, since it breaks PIN policy. 2017-10-31 12:29:16 +01:00
Trevor Bentley 4eb6f1b193 Fix build on Linux
Signed-off-by: Trevor Bentley <trevor@yubico.com>
2017-10-26 17:03:35 +02:00
Dave Pate 999312e6b5 api: use uintptr_t for architecture specific handle sizes 2017-10-26 14:09:09 +02:00
Trevor Bentley a7eb0657f1 Fix compile time warnings about -no-install on Darwin/clang 2017-10-26 12:37:05 +02:00
Trevor Bentley 05ac49abbb Suppress sscanf_s error on Windows 2017-10-25 16:19:13 +02:00
Trevor Bentley edda816abe Remove accidental printf 2017-10-25 16:18:53 +02:00
Trevor Bentley c2f86d0a0f Move YK4 insecure on-chip key generation prevention from yubico-piv-tool to libykpiv 2017-10-24 15:59:44 +02:00
Trevor Bentley 15f533d7de Move hardware tests to "make hwtest", with one warning for all test suites.
- "make check" will mark destructive tests as skipped
- "make hwtest" will ask once for user confirmation
2017-10-24 15:10:45 +02:00
Trevor Bentley 4dffc0fa6a Bump libykpiv version to 1.5.0 2017-10-23 16:27:09 +02:00