Alessio Di Mauro
5877998f03
ykcs11: ignore more attributes when creating objects
2018-05-15 11:45:00 +02:00
Alessio Di Mauro
bdfe49f223
Make slot 9e private so that OpenSSL can ask for a PIN
2018-05-09 16:34:08 +02:00
Alessio Di Mauro
3758cecdd9
Remove 384 from the supported lengths for EC key generation in ykcs11
...
Closes #149
2018-05-07 13:35:05 +02:00
Alessio Di Mauro
7533e7fb56
Ignore CKA_PRIVATE in ykcs11
...
Newer version of pkcs11-tool set the CKA_PRIVATE attribute during
generation making the operation fail. The attribute is now ignored.
2018-05-03 10:20:02 +02:00
Alessio Di Mauro
15aef8957d
Update key generation in ykcs11 to work with OpenSSL 1.1
...
Manually setting a signature for a certificate is not possible in
OpenSSL 1.1 because some of the structs have become opaque. Use
X509_sign() with a bogus key instead.
2018-05-03 10:20:00 +02:00
quentin
c8372f27d7
Improve compatibility with OpenSSL 1.1.0
...
* add missing headers
* stop using deprecated APIs
2018-02-26 02:43:41 +01:00
Aloz1
866b6b1d9d
Added checks to allow building against LibreSSL
...
It seems that when OpenSSL 1.1.0 support was added, LibreSSL was broken
due to the way version checking was done. This adds extra checks for
LIBRESSL_VERSION_NUMBER where applicable.
2017-12-29 14:38:37 +11:00
Trevor Bentley
d5d953be95
Use library dependencies for openssl compat layer
2017-11-29 09:47:45 +00:00
Trevor Bentley
7ca0267ddf
Fix OpenSSL 1.1 compat layer
...
- Changes for latest ykpiv_util refactor
- Passes hw tests with openssl 1.0 and 1.1
- Passes valgrind
2017-11-21 17:08:38 +01:00
Trevor Bentley
4785e23bd1
Merge branch 'master' of https://github.com/Jakuje/yubico-piv-tool into Jakuje-master
2017-11-20 14:03:48 +01:00
Trevor Bentley
6a34b6ef96
Fix cross-compiling for mingw64
2017-11-17 16:13:15 +01:00
Jakub Jelen
77c51a7317
Properly apply the OpenSSL version checks
2017-11-14 13:34:57 +01:00
Jakub Jelen
eda075fa57
Provide the bogus signature with OpenSSL 1.1.0 API
2017-11-14 10:37:02 +01:00
Jakub Jelen
13f542c1f8
Use the new OpenSSL 1.1.0 API also in the HW tests
2017-11-14 10:29:34 +01:00
Jakub Jelen
a2715f0a4a
Use OpenSSL 1.1.0 API
2017-11-13 17:43:06 +01:00
Jakub Jelen
4a847677cc
WIP:Use RSA/EC_KEY METHOD to provide X509 signatures using high-level OpenSSL API
2017-11-13 17:39:34 +01:00
Jakub Jelen
d2ffc41a6c
RAND_pseudo_bytes is deprecated in OpenSSL 1.1.0
2017-11-13 17:39:34 +01:00
Jakub Jelen
ad4e93a462
Few more OpenSSL 1.1.0 incompatibilities
2017-11-13 17:39:34 +01:00
Trevor Bentley
7818b49e7d
Skip unusable integration tests when testing a NEO
2017-10-31 15:40:51 +01:00
Trevor Bentley
252226220a
Disable ensure_application_selected() by default, since it breaks PIN policy.
2017-10-31 12:29:16 +01:00
Trevor Bentley
a7eb0657f1
Fix compile time warnings about -no-install on Darwin/clang
2017-10-26 12:37:05 +02:00
Trevor Bentley
15f533d7de
Move hardware tests to "make hwtest", with one warning for all test suites.
...
- "make check" will mark destructive tests as skipped
- "make hwtest" will ask once for user confirmation
2017-10-24 15:10:45 +02:00
Trevor Bentley
9a7ccf48fa
Fix all clang scan-build warnings
2017-10-23 16:25:56 +02:00
Trevor Bentley
79464a3d3e
Use slot enum consistently. Move slot->object translation into libykpiv.
2017-10-23 16:25:47 +02:00
Trevor Bentley
0d2b85fcef
Switch test cases to use libcheck framework
...
This keeps the test logic the same, but moves most of them into the libcheck
test suite framework. It gives better control over grouping related tests,
running them in parallel, and reporting on multiple failures.
Running in parallel also brings problems, so libykcs11 tests are left
untouched. Parallel access to a single hardware DUT does not make sense,
and pcsc-lite doesn't work after a fork() in OS X 10.11+, so it can't run
in libcheck's tests anyway.
2017-10-23 16:21:50 +02:00
Trevor Bentley
ba7d256ecf
Fix test cases: uninitialized memory and non-terminated string compare
2017-10-23 16:21:46 +02:00
Klas Lindfors
bf9c09f9e8
ykcs11: disable rsa keygeneration for yk4 < 4.3.5
...
see https://yubi.co/ysa201701/
relates #127
2017-10-17 12:51:48 +02:00
edent
ea00678314
http->https
2017-10-17 08:02:02 +01:00
Hannes Mehnert
03849d9722
alias RSA type, call openssl functions only in openssl_utils.c
2017-03-29 23:01:17 +01:00
Hannes Mehnert
847b0b4267
fix PSS signing support
2017-03-26 19:13:07 +02:00
Alessio Di Mauro
127227fe4c
Better approximation for signature size
...
Relates to #98 .
2016-10-05 16:39:58 +02:00
Alessio Di Mauro
af78e18151
Always set number of slots
...
Relates to #98 .
2016-10-05 16:39:58 +02:00
Alessio Di Mauro
7b7c798ef6
Return correct modulus
...
When asked for CKA_MODULUS on a private key return only n and not the
whole key
Relates to #98 .
2016-10-05 16:39:54 +02:00
Simon Josefsson
e54176d530
Drop cflags since this "library" doesn't have any public header files.
2016-08-12 15:39:25 +02:00
Simon Josefsson
1b453e0f38
We modified it => add license header.
2016-08-12 15:38:31 +02:00
Simon Josefsson
4937270a13
Don't install ykcs11-version.h.
2016-08-12 15:37:33 +02:00
Simon Josefsson
89bec1260a
Improve license headers.
2016-08-12 15:30:06 +02:00
Klas Lindfors
8e7a2796b9
if CRYPTOKI_EXPORTS is not defined don't add __declspec
...
this messes up the windows build since we're already using libtool for
the exports.
2016-08-12 15:09:49 +02:00
Klas Lindfors
56cb376b3c
drop ykcs11_check_version() that was never used or exported
2016-08-12 14:46:13 +02:00
Klas Lindfors
c5f60bac4f
fixup license header of Makefile.am
2016-08-12 14:03:42 +02:00
Klas Lindfors
e7b4fc6ccf
switch out the pkcs11 headers for the SCUTE pkcs11 header from opensc
...
create pkcs11y.h for our additional things
2016-08-12 14:00:15 +02:00
Klas Lindfors
fead011e71
add copyright and license header
2016-08-12 13:37:56 +02:00
Klas Lindfors
0d7854540e
correct license on ykcs11 files
2016-08-11 15:46:47 +02:00
Alessio Di Mauro
89d8a60876
Return CKR_FUNCTION_FAILED for unimplemented func
...
Closes #84
2016-08-11 14:41:12 +02:00
Klas Lindfors
fc5e1536ef
Merge pull request #74 from mscherer/fix_constant_name
...
Fix error in the define name YKPIV_INS_GENERATE_ASYMMERTRIC
2016-05-09 08:58:39 +02:00
Michael Scherer
fd9a0a324d
Fix error in the define name YKPIV_INS_GENERATE_ASYMMERTRIC
2016-05-05 01:11:33 +02:00
Michael Scherer
6e4266c886
Add YKPIV_ALGO_TAG
...
Replace the magic constant 0x80 when sending a packet to the key
2016-05-05 01:11:18 +02:00
Mikhail Denisenko
47cb761a7e
Fix bugs windows
2016-01-14 11:03:22 -05:00
Alessio Di Mauro
58766ac403
Whitespace fix.
2016-01-11 12:49:15 +01:00
Alessio Di Mauro
018821e99d
Addresses #59 , ykcs11 still has issues on Win64.
2016-01-11 12:45:09 +01:00