Klas Lindfors
898b85821c
ykcs11: allow the pkcs11 module to find headers from tool/
...
fixes #166
2018-09-18 08:38:57 +02:00
Klas Lindfors
311ba9b30c
bump version to 1.6.3
2018-09-14 10:04:27 +02:00
Klas Lindfors
54ed4018b2
NEWS for 1.6.2
2018-09-14 09:24:05 +02:00
Klas Lindfors
a24dd0a2ee
tool: for openssl 1.1 rsa signatures include hash oid
...
the rsa signature has to be over hash oid + message digest, dropping the
oid from the hash leads to invalid certificate requests and selfsigned
certificates.
fixes #164
2018-09-10 10:24:32 +02:00
Klas Lindfors
228a04ad73
tool: only declare the static struct once in wrap_public_key()
...
and make sure to just set it once for both rsa and ec
2018-09-10 10:04:46 +02:00
Klas Lindfors
696894bc68
tool: handle error conditions from signing with openssl 1.1
...
relates #164
2018-09-10 08:52:39 +02:00
Alessio Di Mauro
d0ba708260
Merge PR #163
2018-09-07 13:58:18 +02:00
Klas Lindfors
6e51db8c80
lib: make the reader comparison case-insensitive
...
sadly strcasestr is a GNU/BSD extension, not part of posix so we have to
do our own thing here or do different things on different platforms.
2018-09-07 12:57:10 +02:00
Klas Lindfors
62142a1b74
bump openssl versions to 1.0.2p
2018-08-17 09:45:39 +02:00
Klas Lindfors
945a0f314d
bump version to 1.6.2
2018-08-17 09:45:20 +02:00
Klas Lindfors
ff12f8baf3
NEWS for 1.6.1
2018-08-17 09:22:18 +02:00
Klas Lindfors
5bbce58cee
update NEWS for more changes that happened in 1.6.0
2018-08-17 09:20:36 +02:00
Klas Lindfors
23a4d008c6
finish up version bump to 1.6.1, LT_REVISION has to increase
2018-08-17 09:14:32 +02:00
Klas Lindfors
45e74cfccf
tool: check length before trying to store cert in buffer
...
fixes #148
2018-08-16 14:49:32 +02:00
Klas Lindfors
16d539041e
ykpiv: when decoding an object compare lengths correctly
...
the length comparison when reading an object out was messed up, this
fixes it to compare correctly.
relates #154
2018-08-16 14:25:31 +02:00
Klas Lindfors
c15efbfdd7
ykpiv: fix length when encoding exactly 0xff bytes
...
this should be encoded as 81 ff, not 82 00 ff
relates #154
2018-08-16 14:25:14 +02:00
Klas Lindfors
7b1c8197fb
Merge branch 'pr-157'
2018-08-09 10:23:52 +02:00
Jakub Jelen
d613b42b0c
Avoid unused variables and warnings when building against OpenSSL 1.1
2018-08-08 16:12:25 +02:00
Thordur Bjornsson
419d0da8bc
Revert the configure.ac portion of c31a0425.
...
Bugfixes don't change the libtool versions, so revert back.
2018-08-08 15:25:09 +02:00
Thordur Bjornsson
c31a042595
Bump version to 1.6.1 unreleased
2018-08-08 10:42:20 +02:00
Thordur Bjornsson
5258920cff
release: 1.6.0
2018-08-06 17:31:55 +02:00
Klas Lindfors
80d47c82f0
lib: in _ykpiv_fetch_object() handle bogus length by returning
...
otherwise we might memmove() to much data
Thanks to Eric Sesterhenn of x41 D-Sec for reporting this issue to us.
2018-08-03 10:51:46 +02:00
Klas Lindfors
01a127a44a
lib: in ykpiv_transfer_data() handle overflow by exiting
...
this is detected and printed, but we never exit the function
Thanks to Eric Sesterhenn of x41 D-Sec for reporting this issue to us.
2018-08-03 10:51:00 +02:00
Alessio Di Mauro
5877998f03
ykcs11: ignore more attributes when creating objects
2018-05-15 11:45:00 +02:00
Alessio Di Mauro
bdfe49f223
Make slot 9e private so that OpenSSL can ask for a PIN
2018-05-09 16:34:08 +02:00
Alessio Di Mauro
3758cecdd9
Remove 384 from the supported lengths for EC key generation in ykcs11
...
Closes #149
2018-05-07 13:35:05 +02:00
Alessio Di Mauro
7533e7fb56
Ignore CKA_PRIVATE in ykcs11
...
Newer version of pkcs11-tool set the CKA_PRIVATE attribute during
generation making the operation fail. The attribute is now ignored.
2018-05-03 10:20:02 +02:00
Alessio Di Mauro
15aef8957d
Update key generation in ykcs11 to work with OpenSSL 1.1
...
Manually setting a signature for a certificate is not possible in
OpenSSL 1.1 because some of the structs have become opaque. Use
X509_sign() with a bogus key instead.
2018-05-03 10:20:00 +02:00
Klas Lindfors
0bae4b53ce
Merge branch 'pr-144'
2018-03-25 17:36:12 +02:00
James Alseth
9d8f8f3f2b
Fixed slot argument error in attestation verification example.
2018-03-23 14:53:27 -07:00
Alessio Di Mauro
a2005eac92
Add check as a dependency to the Vagrant provision script
...
Closes #142 .
2018-03-19 09:08:10 +01:00
Trevor Bentley
b4201cb605
Merge pull request #139 from notdpate/master
...
Libykpiv ROCA mitigation changes for PIV tool/Minidriver - Release 1.5.2
2018-03-06 12:46:46 +00:00
Dave Pate
7aa8228985
Release 1.5.2
...
Bump libtool version
2018-03-05 14:17:47 -08:00
Dave Pate
775eaacc9f
Merge upstream master commits
2018-03-05 11:32:25 -08:00
Dave Pate
b98f97ef62
Fixes linux/osx build warnings
...
Clarify logic for configuration file
2018-03-05 11:28:52 -08:00
Trevor Bentley
8b99accf58
Merge pull request #138 from Jakuje/master
...
Compiler warnings and compatibility with older check versions
2018-02-27 15:00:09 +00:00
Jakub Jelen
bbd92009fc
libcheck 0.9 compatibility for RHEL7
2018-02-27 15:40:31 +01:00
Jakub Jelen
dfca8e2e55
Remove unused variables
2018-02-27 15:40:31 +01:00
Trevor Bentley
b5d9dc86d7
Merge pull request #141 from laomaiweng/openssl-1.1.0-compat
...
Improve compatibility with OpenSSL 1.1.0
2018-02-27 14:21:49 +00:00
quentin
c8372f27d7
Improve compatibility with OpenSSL 1.1.0
...
* add missing headers
* stop using deprecated APIs
2018-02-26 02:43:41 +01:00
Jakub Jelen
f5c42cef89
Do not build test if HW_TESTS is not enabled (to avoid warnings)
2018-02-10 19:35:12 +01:00
Dave Pate
0b2dcb0aaf
Fix msvc build warning re: return values
2018-02-09 09:14:45 -08:00
Dave Pate
9783f9b626
Fix warnings in msvc build
2018-02-09 09:03:10 -08:00
Dave Pate
289896ac61
Add syslog/windows event log output
...
Read multistage configuration
Update ROCA mitigation check and warnings
2018-02-09 08:28:51 -08:00
Trevor Bentley
38ce95cf1c
Merge pull request #137 from Yubico/custom_pcsc
...
Support specifying custom PCSC lib
2018-01-25 11:23:01 +01:00
Trevor Bentley
c9f4d684d1
Support specifying custom PCSC lib
2018-01-24 15:44:22 +01:00
Trevor Bentley
74e1a0885c
Merge pull request #136 from jmyreen/openssl-1.1-fixes
...
Fixed some bugs in the port to Openssl-1.1:
2018-01-02 13:24:53 +01:00
Trevor Bentley
6dc0419a79
Merge pull request #135 from Aloz1/libressl-support
...
Added checks to allow building against LibreSSL
2018-01-02 13:07:07 +01:00
Johan Myréen
b0210e0710
Fixed some bugs in the port to Openssl-1.1:
...
- wrap_public_key() passed the address of the local stack variable
internal_key to RSA_meth_set0_data(), which was used long after
wrap_public_key() had returned. Changed to static.
- The callback functions yk_rsa_meth_sign and yk_ec_meth_sign 'siglen'
parameter has type (unisgned int *), which was cast to (size_t *)
before it was used to write a value in the caller's memory
space. This caused stack corruption on machines where size_t is
bigger than unsigned int.
- The callback function's 'siglen' parameter is output-only, not
in-out. The input value was assumed to contain the maximum size of
the output buffer as input, and a bogus value was compared to the
amount of data received from the token in function
_general_authenticate(). Changed to pass in the values returned by
RSA_size(rsa) and ECDSA_size(ec), which Openssl specifies as minimum
buffer sizes.
- The callback functions' return values were swapped; fixed to return
1 on success, 0 on failure.
2017-12-30 22:08:09 +02:00
Aloz1
866b6b1d9d
Added checks to allow building against LibreSSL
...
It seems that when OpenSSL 1.1.0 support was added, LibreSSL was broken
due to the way version checking was done. This adds extra checks for
LIBRESSL_VERSION_NUMBER where applicable.
2017-12-29 14:38:37 +11:00