Commit Graph

142 Commits

Author SHA1 Message Date
Peter Jones a4c64c8c21 Initialize C_Initialize's reader list to NULs.
valgrind --track-origins=true says:

==13529== Conditional jump or move depends on uninitialised value(s)
==13529==    at 0x4AF92D1: PK11_MakeString (pk11slot.c:1073)
==13529==    by 0x4AFA5AA: PK11_InitSlot (pk11slot.c:1456)
==13529==    by 0x4AE315E: secmod_LoadPKCS11Module (pk11load.c:563)
==13529==    by 0x4AEF68C: SECMOD_LoadModule (pk11pars.c:1838)
==13529==    by 0x4AEF7C7: SECMOD_LoadModule (pk11pars.c:1874)
==13529==    by 0x4ABCB6A: nss_InitModules (nssinit.c:464)
==13529==    by 0x4ABCB6A: nss_Init (nssinit.c:689)
==13529==    by 0x4ABD17C: NSS_Init (nssinit.c:824)
==13529==    by 0x4059C0: main (pesign.c:354)
==13529==  Uninitialised value was created by a stack allocation
==13529==    at 0x484D175: C_Initialize (in /usr/lib64/libykcs11.so.1.5.0)

This is the result of a combination of two problems.  In
ykcs11/utils.c:parse_readers(), the code does:

  for (i = 0; i < len; i++)
    if (readers[i] == '\0' && i != len - 1) {

But in ykcs11/ykcs11.c:C_Initialize(), the parts of readers[] that are
initialized are only the parts that have been populated; the rest of
the array is still just whatever value is on the stack.  Additionally,
in lib/ykpiv.c:ykpiv_list_readers(), which populates the array, the
length is updated only in the case where the buffer is smaller than the
data, not when there is additional buffer but no data:

  if (num_readers > *len) {
    num_readers = (pcsc_word)*len;
  }

The result is that if the amount of reader data is smaller than 2048
bytes, PK11_InitSlot() will try to find reader data in the rest of the
array, which has not been initialized.

This patch adds an initialization for the data to set it all '\0', and
also updates the length when there is excess buffer available.

Signed-off-by: Peter Jones <pjones@redhat.com>
2019-05-21 11:01:24 -04:00
Dave Pate c61d6c6f23 lib: warn, but don't fail on error reading serial number or version
lib: fix Windows build with OpenSSL 1.1.1
ykcs11: fix size_t/unsigned long type mismatch on Windows x64
2019-05-06 14:46:46 -07:00
Dave Pate 5113a5ed02 lib: tlv length buffer checks 2019-04-03 09:46:54 +02:00
Dave Pate 7ff3007017 lib: clear secrets in ykpiv_import_private_key 2019-04-03 09:46:35 +02:00
Dave Pate c4dbf9d02c lib: clear secrets in auth api 2019-04-03 09:46:20 +02:00
Dave Pate 340177f070 lib: check that serial/version checks occur during select 2019-04-03 09:46:15 +02:00
Dave Pate 934120888f lib: define constant for max pin len magic numbers
lib: clear pin buffers when no longer used
2019-04-03 09:46:01 +02:00
Dave Pate eb250134f8 lib: check internal authentication crypt errors 2019-04-03 09:45:57 +02:00
Dave Pate b2dd16deb4 lib: clear buffers containing key material 2019-04-03 09:45:53 +02:00
Dave Pate 2e72c8f85c lib: resolves potential reads of uninitialized data 2019-04-03 09:45:44 +02:00
Dave Pate cbd5ba5122 libykpiv/piv-tool 1.6.3
lib: promote get_serial to base API
lib: add ykpiv_get_serial to external API
tool: add serial number/version to status command
build: fix msvc build of case insensitive-reader (missing strncasecmp and cast warnings)
lib: consolidate neo/yk4 + yk5 serial number routines
lib: fix GCC 8 compilier warnings
lib: reimplement deauthenticate to select mgmt aid
build: disable -Waggregate-return
lib: fix warning differences between gcc and msvc
lib: add option to disable implicit card transactions
lib: remove application reselect prior to crypt operations
build: fix msvc warnings wrt length checking logic fixes
lib: fix error condition logic in untransacted internal functions
lib: create internal transactionless ykpiv_transfer_data
2018-09-14 14:29:39 -07:00
Klas Lindfors 6e51db8c80 lib: make the reader comparison case-insensitive
sadly strcasestr is a GNU/BSD extension, not part of posix so we have to
do our own thing here or do different things on different platforms.
2018-09-07 12:57:10 +02:00
Klas Lindfors 16d539041e ykpiv: when decoding an object compare lengths correctly
the length comparison when reading an object out was messed up, this
fixes it to compare correctly.

relates #154
2018-08-16 14:25:31 +02:00
Klas Lindfors c15efbfdd7 ykpiv: fix length when encoding exactly 0xff bytes
this should be encoded as 81 ff, not 82 00 ff

relates #154
2018-08-16 14:25:14 +02:00
Jakub Jelen d613b42b0c Avoid unused variables and warnings when building against OpenSSL 1.1 2018-08-08 16:12:25 +02:00
Klas Lindfors 80d47c82f0 lib: in _ykpiv_fetch_object() handle bogus length by returning
otherwise we might memmove() to much data

Thanks to Eric Sesterhenn of x41 D-Sec for reporting this issue to us.
2018-08-03 10:51:46 +02:00
Klas Lindfors 01a127a44a lib: in ykpiv_transfer_data() handle overflow by exiting
this is detected and printed, but we never exit the function

Thanks to Eric Sesterhenn of x41 D-Sec for reporting this issue to us.
2018-08-03 10:51:00 +02:00
Dave Pate 0b2dcb0aaf Fix msvc build warning re: return values 2018-02-09 09:14:45 -08:00
Dave Pate 9783f9b626 Fix warnings in msvc build 2018-02-09 09:03:10 -08:00
Dave Pate 289896ac61 Add syslog/windows event log output
Read multistage configuration
Update ROCA mitigation check and warnings
2018-02-09 08:28:51 -08:00
Trevor Bentley 7ca0267ddf Fix OpenSSL 1.1 compat layer
- Changes for latest ykpiv_util refactor
 - Passes hw tests with openssl 1.0 and 1.1
 - Passes valgrind
2017-11-21 17:08:38 +01:00
Trevor Bentley 3ce4f0ccae Clean up typos, warnings, and incorrect libtool age. 2017-11-08 11:11:45 +01:00
Trevor Bentley c939cff518 Allow changing libykpiv compile-time ifdefs from CFLAGS 2017-10-31 12:34:15 +01:00
Trevor Bentley 252226220a Disable ensure_application_selected() by default, since it breaks PIN policy. 2017-10-31 12:29:16 +01:00
Trevor Bentley 4eb6f1b193 Fix build on Linux
Signed-off-by: Trevor Bentley <trevor@yubico.com>
2017-10-26 17:03:35 +02:00
Dave Pate 999312e6b5 api: use uintptr_t for architecture specific handle sizes 2017-10-26 14:09:09 +02:00
Trevor Bentley b3cbfb5560 Some documentation and cleanup of ykpiv.h 2017-10-23 16:26:25 +02:00
Trevor Bentley 27933eaff8 Fix applet selection for whole public API. 2017-10-23 16:26:17 +02:00
Trevor Bentley c07355fefb Fix unit tests for NEO: use ECCP256 and detect attestation errors 2017-10-23 16:26:14 +02:00
Trevor Bentley aa293dcc31 Fix PIN length handling in ykpiv_verify*() 2017-10-23 16:26:08 +02:00
Trevor Bentley f903a432e3 Backport minidriver changes
* Port ykpiv_auth_getchallenge and ykpiv_auth_verifyresponse
 - Commit 8fde607b50b19c57a662c53c6b276b54a78606d8
 - Commit 6046b98e477cfef59a590ce2177336d694813e7e
 - Commit 422cea11745dc67d15039e242ed21ecb5208ae55
 - Commit 1d31647e5a27bd2df6bda76512c7d673980f0bec
* Rename connect2() and done2() to connect_with_external_card(), etc.
* Select applet in ykpiv_change_pin, change_puk, and unblock_pin
2017-10-23 16:26:02 +02:00
Trevor Bentley 13e02f998d Fix ykpiv_attest slot argument name 2017-10-23 16:25:41 +02:00
Trevor Bentley f6b817f056 Add ykpiv_attest() and use it in yubico-piv-tool 2017-10-23 16:25:38 +02:00
Trevor Bentley 8135a55200 yubico-piv-tool: Switch to ykpiv_set_pin_retries() 2017-10-23 16:25:17 +02:00
Trevor Bentley 48c2b8e99c Move shared functionality from util.c to internal.h 2017-10-23 16:22:34 +02:00
Trevor Bentley dfd2a9ef92 Cleanup compiler warnings, and switch to cross-platform data types 2017-10-23 16:22:31 +02:00
Trevor Bentley 97ecb75dd4 Cleanup function names. Make PIN cache optional. 2017-10-23 16:22:27 +02:00
Trevor Bentley a8b2c2c1c4 Fix DES bugs in Linux. Windows+Linux both pass unit tests. 2017-10-23 16:22:24 +02:00
Trevor Bentley fb00baf672 Backport from minidriver:
commit 90020fea0ac34b2f98b68a5798fa85cb5ad12175 (tag: 3.2)
Author: Dave Pate <dpate@yubico.com>
Date:   Thu Jul 27 00:31:54 2017 -0700

    Release 3.2
    Adds automatic PUK blocking
    Adds feature to turn automatic PUK blocking off
    Miscellaneous fixes with metadata handling
2017-10-23 16:22:21 +02:00
Trevor Bentley 16d0a519c4 Continuing unit tests and minor bug fixes
* Support unit tests on Yubikey NEO
* Test ykpiv_get_version
* Test ykpiv_import_private_key
* Test ykpiv_sign_data
* Test ykpiv_decipher_data
* Test ykpiv_change_pin
* Test ykpiv_change_puk
* Test ykpiv_get_pin_retries
* Test ykpiv_set_pin_retries
* Test ykpiv_verify
* Fix segfault when |tries| is NULL
* Fix segfault when import_private_key algorithm is wrong
2017-10-23 16:22:14 +02:00
Trevor Bentley 2ea0e4cbdd Port custom allocator from minidriver, and add test case for it. 2017-10-23 16:22:08 +02:00
Trevor Bentley 6c5d5545bf WIP port minidriver ykpiv_util_* functions 2017-10-23 16:21:57 +02:00
Trevor Bentley 86a0e72dbe Port fix from ykpiv-minidriver:
commit 79ae87153c2be06e8193a491e26b799e3b5ba028
Author: Oscar K So JR <oscar@yubico.com>
Date:   Mon Jan 30 22:08:29 2017 +0000

    Fixed Issue #78 - P2 Bug: MXCT352 - Importing PKCS#12 with key size 4096 bits crashed CertUtil.exe
2017-10-23 16:21:54 +02:00
Klas Lindfors 82cd15db50 change _change_pin_internal to change_pin_internal to match style
all other internal functions have plain names
2017-05-30 13:05:24 +02:00
Klas Lindfors 0db87e8721 drop unused variable 2017-05-30 13:05:00 +02:00
emersonl d1db8eb282 Improve the style based on comments from Klas 2017-05-30 13:02:49 +02:00
emersonl 6882bc5c7c Fix issue #116 2017-05-30 12:59:08 +02:00
emersonl c05d879968 Fix issue #88 and #102 2017-05-30 12:56:25 +02:00
Simon Josefsson 89bec1260a Improve license headers. 2016-08-12 15:30:06 +02:00
Michael Scherer 24534bcfcf Replace magic number for status word by constants
Most come from NIST special publication 800-73-4, section 5.6,
except one which I assume to be a custom one for yubikey.
2016-05-09 09:38:37 +02:00