Trevor Bentley
8b99accf58
Merge pull request #138 from Jakuje/master
...
Compiler warnings and compatibility with older check versions
2018-02-27 15:00:09 +00:00
Jakub Jelen
dfca8e2e55
Remove unused variables
2018-02-27 15:40:31 +01:00
quentin
c8372f27d7
Improve compatibility with OpenSSL 1.1.0
...
* add missing headers
* stop using deprecated APIs
2018-02-26 02:43:41 +01:00
Trevor Bentley
74e1a0885c
Merge pull request #136 from jmyreen/openssl-1.1-fixes
...
Fixed some bugs in the port to Openssl-1.1:
2018-01-02 13:24:53 +01:00
Johan Myréen
b0210e0710
Fixed some bugs in the port to Openssl-1.1:
...
- wrap_public_key() passed the address of the local stack variable
internal_key to RSA_meth_set0_data(), which was used long after
wrap_public_key() had returned. Changed to static.
- The callback functions yk_rsa_meth_sign and yk_ec_meth_sign 'siglen'
parameter has type (unisgned int *), which was cast to (size_t *)
before it was used to write a value in the caller's memory
space. This caused stack corruption on machines where size_t is
bigger than unsigned int.
- The callback function's 'siglen' parameter is output-only, not
in-out. The input value was assumed to contain the maximum size of
the output buffer as input, and a bogus value was compared to the
amount of data received from the token in function
_general_authenticate(). Changed to pass in the values returned by
RSA_size(rsa) and ECDSA_size(ec), which Openssl specifies as minimum
buffer sizes.
- The callback functions' return values were swapped; fixed to return
1 on success, 0 on failure.
2017-12-30 22:08:09 +02:00
Aloz1
866b6b1d9d
Added checks to allow building against LibreSSL
...
It seems that when OpenSSL 1.1.0 support was added, LibreSSL was broken
due to the way version checking was done. This adds extra checks for
LIBRESSL_VERSION_NUMBER where applicable.
2017-12-29 14:38:37 +11:00
Trevor Bentley
20a5ecce0f
Fix OpenSSL 1.1 build with mingw32/64
2017-11-27 11:27:11 +01:00
Trevor Bentley
7ca0267ddf
Fix OpenSSL 1.1 compat layer
...
- Changes for latest ykpiv_util refactor
- Passes hw tests with openssl 1.0 and 1.1
- Passes valgrind
2017-11-21 17:08:38 +01:00
Trevor Bentley
4785e23bd1
Merge branch 'master' of https://github.com/Jakuje/yubico-piv-tool into Jakuje-master
2017-11-20 14:03:48 +01:00
Jakub Jelen
77c51a7317
Properly apply the OpenSSL version checks
2017-11-14 13:34:57 +01:00
Jakub Jelen
0a131a053d
Do not use the new API with the old OpenSSL
2017-11-14 10:54:47 +01:00
Jakub Jelen
4a847677cc
WIP:Use RSA/EC_KEY METHOD to provide X509 signatures using high-level OpenSSL API
2017-11-13 17:39:34 +01:00
Jakub Jelen
d2ffc41a6c
RAND_pseudo_bytes is deprecated in OpenSSL 1.1.0
2017-11-13 17:39:34 +01:00
Jakub Jelen
ad4e93a462
Few more OpenSSL 1.1.0 incompatibilities
2017-11-13 17:39:34 +01:00
Jakub Jelen
bd351261ec
Initial idea of openssl-1.1.0 compatibility (still missing some magic around certificates)
2017-11-13 17:39:34 +01:00
Trevor Bentley
a7eb0657f1
Fix compile time warnings about -no-install on Darwin/clang
2017-10-26 12:37:05 +02:00
Trevor Bentley
c2f86d0a0f
Move YK4 insecure on-chip key generation prevention from yubico-piv-tool to libykpiv
2017-10-24 15:59:44 +02:00
Trevor Bentley
15f533d7de
Move hardware tests to "make hwtest", with one warning for all test suites.
...
- "make check" will mark destructive tests as skipped
- "make hwtest" will ask once for user confirmation
2017-10-24 15:10:45 +02:00
Trevor Bentley
4c9004feeb
Remove artifact from rebase (bad local variable)
2017-10-23 16:28:57 +02:00
Trevor Bentley
c07355fefb
Fix unit tests for NEO: use ECCP256 and detect attestation errors
2017-10-23 16:26:14 +02:00
Trevor Bentley
7177ceda74
Extra attempts for PIN/PUK block in unit test
2017-10-23 16:26:11 +02:00
Trevor Bentley
ef81054dc2
Add automated tests for yubico-piv-tool CLI (hw-tests only)
2017-10-23 16:25:59 +02:00
Trevor Bentley
9a7ccf48fa
Fix all clang scan-build warnings
2017-10-23 16:25:56 +02:00
Trevor Bentley
90209997cc
Unit test for ykpiv_attest()
2017-10-23 16:25:53 +02:00
Trevor Bentley
5291bc4a63
Fix issue #123 - specify text/binary mode for open files
2017-10-23 16:25:50 +02:00
Trevor Bentley
79464a3d3e
Use slot enum consistently. Move slot->object translation into libykpiv.
2017-10-23 16:25:47 +02:00
Trevor Bentley
2e818dd914
Add ykpiv_util_(get/set)_cccid(), and use in yubico-piv-tool
2017-10-23 16:25:44 +02:00
Trevor Bentley
f6b817f056
Add ykpiv_attest() and use it in yubico-piv-tool
2017-10-23 16:25:38 +02:00
Trevor Bentley
248980fe27
yubico-piv-tool: use ykpiv_util_read_cert
2017-10-23 16:25:35 +02:00
Trevor Bentley
3bca63c39c
yubico-piv-tool: use ykpiv_util_delete_cert
2017-10-23 16:25:32 +02:00
Trevor Bentley
ded78751a0
Add gzip support to ykpiv_util_import_certificate(), and use in yubico-piv-tool
2017-10-23 16:25:20 +02:00
Trevor Bentley
8135a55200
yubico-piv-tool: Switch to ykpiv_set_pin_retries()
2017-10-23 16:25:17 +02:00
Trevor Bentley
ec8e2786e6
yubico-piv-tool: use ykpiv_util_reset()
2017-10-23 16:25:13 +02:00
Trevor Bentley
12f35b8884
yubico-piv-tool: use util function for key generation
2017-10-23 16:25:10 +02:00
Trevor Bentley
0d2b85fcef
Switch test cases to use libcheck framework
...
This keeps the test logic the same, but moves most of them into the libcheck
test suite framework. It gives better control over grouping related tests,
running them in parallel, and reporting on multiple failures.
Running in parallel also brings problems, so libykcs11 tests are left
untouched. Parallel access to a single hardware DUT does not make sense,
and pcsc-lite doesn't work after a fork() in OS X 10.11+, so it can't run
in libcheck's tests anyway.
2017-10-23 16:21:50 +02:00
Klas Lindfors
cd11196535
disable rsa keygen for yubikey4 before 4.3.5
...
point at https://yubi.co/ysa201701/
2017-10-16 15:32:25 +02:00
Klas Lindfors
8614d227cb
touch-policy and pin-policy is only available on YubiKey 4
2017-04-24 08:27:58 +02:00
Klas Lindfors
6304a6c799
add a line about slot f9 to help output
2017-04-19 14:23:59 +02:00
Klas Lindfors
60e32d53c5
let help2adoc use the h2m file as extra include
2017-04-19 14:16:44 +02:00
Klas Lindfors
9dfe04cd06
update documentation and help output for how to specify secrets on stdin
...
also update all examples to have no space after short option.
2017-04-19 14:15:24 +02:00
Klas Lindfors
e6a7517050
add a new hidden flag --stdin-input for straight stdin input
2017-04-18 13:05:27 +02:00
Klas Lindfors
8bdf7378d6
fixup dependencies for yubico-piv-tool.1
...
should now support parallel builds
2016-09-12 09:54:04 +02:00
Klas Lindfors
621bad8acd
make sure to return RSA keys with ASN1_NULL as parameter
2016-08-17 10:32:04 +02:00
Simon Josefsson
89bec1260a
Improve license headers.
2016-08-12 15:30:06 +02:00
Klas Lindfors
b052250a1b
make certificate serial number random by default
2016-08-10 10:12:32 +02:00
Alessio Di Mauro
3f4cb12702
Add SSH export for RSA public key
2016-07-12 13:54:22 +02:00
Michael Scherer
24534bcfcf
Replace magic number for status word by constants
...
Most come from NIST special publication 800-73-4, section 5.6,
except one which I assume to be a custom one for yubikey.
2016-05-09 09:38:37 +02:00
Klas Lindfors
bbde9f91f9
Merge branch 'fix_typo' of ssh://github.com/mscherer/yubico-piv-tool into mscherer-fix_typo
2016-05-09 09:01:28 +02:00
Klas Lindfors
fc5e1536ef
Merge pull request #74 from mscherer/fix_constant_name
...
Fix error in the define name YKPIV_INS_GENERATE_ASYMMERTRIC
2016-05-09 08:58:39 +02:00
Klas Lindfors
b712600727
Merge pull request #71 from mscherer/small_cleanup
...
Do not repeat the size of certdata
2016-05-09 08:57:22 +02:00