Commit Graph

1001 Commits

Author SHA1 Message Date
Klas Lindfors 898b85821c ykcs11: allow the pkcs11 module to find headers from tool/
fixes #166
2018-09-18 08:38:57 +02:00
Dave Pate cbd5ba5122 libykpiv/piv-tool 1.6.3
lib: promote get_serial to base API
lib: add ykpiv_get_serial to external API
tool: add serial number/version to status command
build: fix msvc build of case insensitive-reader (missing strncasecmp and cast warnings)
lib: consolidate neo/yk4 + yk5 serial number routines
lib: fix GCC 8 compilier warnings
lib: reimplement deauthenticate to select mgmt aid
build: disable -Waggregate-return
lib: fix warning differences between gcc and msvc
lib: add option to disable implicit card transactions
lib: remove application reselect prior to crypt operations
build: fix msvc warnings wrt length checking logic fixes
lib: fix error condition logic in untransacted internal functions
lib: create internal transactionless ykpiv_transfer_data
2018-09-14 14:29:39 -07:00
Klas Lindfors 311ba9b30c bump version to 1.6.3 2018-09-14 10:04:27 +02:00
Klas Lindfors 54ed4018b2 NEWS for 1.6.2 2018-09-14 09:24:05 +02:00
Klas Lindfors a24dd0a2ee tool: for openssl 1.1 rsa signatures include hash oid
the rsa signature has to be over hash oid + message digest, dropping the
oid from the hash leads to invalid certificate requests and selfsigned
certificates.

fixes #164
2018-09-10 10:24:32 +02:00
Klas Lindfors 228a04ad73 tool: only declare the static struct once in wrap_public_key()
and make sure to just set it once for both rsa and ec
2018-09-10 10:04:46 +02:00
Klas Lindfors 696894bc68 tool: handle error conditions from signing with openssl 1.1
relates #164
2018-09-10 08:52:39 +02:00
Alessio Di Mauro d0ba708260 Merge PR #163 2018-09-07 13:58:18 +02:00
Klas Lindfors 6e51db8c80 lib: make the reader comparison case-insensitive
sadly strcasestr is a GNU/BSD extension, not part of posix so we have to
do our own thing here or do different things on different platforms.
2018-09-07 12:57:10 +02:00
Klas Lindfors 62142a1b74 bump openssl versions to 1.0.2p 2018-08-17 09:45:39 +02:00
Klas Lindfors 945a0f314d bump version to 1.6.2 2018-08-17 09:45:20 +02:00
Klas Lindfors ff12f8baf3 NEWS for 1.6.1 2018-08-17 09:22:18 +02:00
Klas Lindfors 5bbce58cee update NEWS for more changes that happened in 1.6.0 2018-08-17 09:20:36 +02:00
Klas Lindfors 23a4d008c6 finish up version bump to 1.6.1, LT_REVISION has to increase 2018-08-17 09:14:32 +02:00
Klas Lindfors 45e74cfccf tool: check length before trying to store cert in buffer
fixes #148
2018-08-16 14:49:32 +02:00
Klas Lindfors 16d539041e ykpiv: when decoding an object compare lengths correctly
the length comparison when reading an object out was messed up, this
fixes it to compare correctly.

relates #154
2018-08-16 14:25:31 +02:00
Klas Lindfors c15efbfdd7 ykpiv: fix length when encoding exactly 0xff bytes
this should be encoded as 81 ff, not 82 00 ff

relates #154
2018-08-16 14:25:14 +02:00
Klas Lindfors 7b1c8197fb Merge branch 'pr-157' 2018-08-09 10:23:52 +02:00
Jakub Jelen d613b42b0c Avoid unused variables and warnings when building against OpenSSL 1.1 2018-08-08 16:12:25 +02:00
Thordur Bjornsson 419d0da8bc Revert the configure.ac portion of c31a0425.
Bugfixes don't change the libtool versions, so revert back.
2018-08-08 15:25:09 +02:00
Thordur Bjornsson c31a042595 Bump version to 1.6.1 unreleased 2018-08-08 10:42:20 +02:00
Thordur Bjornsson 5258920cff release: 1.6.0 2018-08-06 17:31:55 +02:00
Klas Lindfors 80d47c82f0 lib: in _ykpiv_fetch_object() handle bogus length by returning
otherwise we might memmove() to much data

Thanks to Eric Sesterhenn of x41 D-Sec for reporting this issue to us.
2018-08-03 10:51:46 +02:00
Klas Lindfors 01a127a44a lib: in ykpiv_transfer_data() handle overflow by exiting
this is detected and printed, but we never exit the function

Thanks to Eric Sesterhenn of x41 D-Sec for reporting this issue to us.
2018-08-03 10:51:00 +02:00
Alessio Di Mauro 5877998f03 ykcs11: ignore more attributes when creating objects 2018-05-15 11:45:00 +02:00
Alessio Di Mauro bdfe49f223 Make slot 9e private so that OpenSSL can ask for a PIN 2018-05-09 16:34:08 +02:00
Alessio Di Mauro 3758cecdd9 Remove 384 from the supported lengths for EC key generation in ykcs11
Closes #149
2018-05-07 13:35:05 +02:00
Alessio Di Mauro 7533e7fb56 Ignore CKA_PRIVATE in ykcs11
Newer version of pkcs11-tool set the CKA_PRIVATE attribute during
generation making the operation fail. The attribute is now ignored.
2018-05-03 10:20:02 +02:00
Alessio Di Mauro 15aef8957d Update key generation in ykcs11 to work with OpenSSL 1.1
Manually setting a signature for a certificate is not possible in
OpenSSL 1.1 because some of the structs have become opaque. Use
X509_sign() with a bogus key instead.
2018-05-03 10:20:00 +02:00
Klas Lindfors 0bae4b53ce Merge branch 'pr-144' 2018-03-25 17:36:12 +02:00
James Alseth 9d8f8f3f2b Fixed slot argument error in attestation verification example. 2018-03-23 14:53:27 -07:00
Alessio Di Mauro a2005eac92 Add check as a dependency to the Vagrant provision script
Closes #142.
2018-03-19 09:08:10 +01:00
Trevor Bentley b4201cb605 Merge pull request #139 from notdpate/master
Libykpiv ROCA mitigation changes for PIV tool/Minidriver - Release 1.5.2
2018-03-06 12:46:46 +00:00
Dave Pate 7aa8228985 Release 1.5.2
Bump libtool version
2018-03-05 14:17:47 -08:00
Dave Pate 775eaacc9f Merge upstream master commits 2018-03-05 11:32:25 -08:00
Dave Pate b98f97ef62 Fixes linux/osx build warnings
Clarify logic for configuration file
2018-03-05 11:28:52 -08:00
Trevor Bentley 8b99accf58 Merge pull request #138 from Jakuje/master
Compiler warnings and compatibility with older check versions
2018-02-27 15:00:09 +00:00
Jakub Jelen bbd92009fc libcheck 0.9 compatibility for RHEL7 2018-02-27 15:40:31 +01:00
Jakub Jelen dfca8e2e55 Remove unused variables 2018-02-27 15:40:31 +01:00
Trevor Bentley b5d9dc86d7 Merge pull request #141 from laomaiweng/openssl-1.1.0-compat
Improve compatibility with OpenSSL 1.1.0
2018-02-27 14:21:49 +00:00
quentin c8372f27d7 Improve compatibility with OpenSSL 1.1.0
* add missing headers
* stop using deprecated APIs
2018-02-26 02:43:41 +01:00
Jakub Jelen f5c42cef89 Do not build test if HW_TESTS is not enabled (to avoid warnings) 2018-02-10 19:35:12 +01:00
Dave Pate 0b2dcb0aaf Fix msvc build warning re: return values 2018-02-09 09:14:45 -08:00
Dave Pate 9783f9b626 Fix warnings in msvc build 2018-02-09 09:03:10 -08:00
Dave Pate 289896ac61 Add syslog/windows event log output
Read multistage configuration
Update ROCA mitigation check and warnings
2018-02-09 08:28:51 -08:00
Trevor Bentley 38ce95cf1c Merge pull request #137 from Yubico/custom_pcsc
Support specifying custom PCSC lib
2018-01-25 11:23:01 +01:00
Trevor Bentley c9f4d684d1 Support specifying custom PCSC lib 2018-01-24 15:44:22 +01:00
Trevor Bentley 74e1a0885c Merge pull request #136 from jmyreen/openssl-1.1-fixes
Fixed some bugs in the port to Openssl-1.1:
2018-01-02 13:24:53 +01:00
Trevor Bentley 6dc0419a79 Merge pull request #135 from Aloz1/libressl-support
Added checks to allow building against LibreSSL
2018-01-02 13:07:07 +01:00
Johan Myréen b0210e0710 Fixed some bugs in the port to Openssl-1.1:
- wrap_public_key() passed the address of the local stack variable
  internal_key to RSA_meth_set0_data(), which was used long after
  wrap_public_key() had returned. Changed to static.

- The callback functions yk_rsa_meth_sign and yk_ec_meth_sign 'siglen'
  parameter has type (unisgned int *), which was cast to (size_t *)
  before it was used to write a value in the caller's memory
  space. This caused stack corruption on machines where size_t is
  bigger than unsigned int.

- The callback function's 'siglen' parameter is output-only, not
  in-out. The input value was assumed to contain the maximum size of
  the output buffer as input, and a bogus value was compared to the
  amount of data received from the token in function
  _general_authenticate(). Changed to pass in the values returned by
  RSA_size(rsa) and ECDSA_size(ec), which Openssl specifies as minimum
  buffer sizes.

- The callback functions' return values were swapped; fixed to return
  1 on success, 0 on failure.
2017-12-30 22:08:09 +02:00