Commit Graph

129 Commits

Author SHA1 Message Date
Klas Lindfors c15efbfdd7 ykpiv: fix length when encoding exactly 0xff bytes
this should be encoded as 81 ff, not 82 00 ff

relates #154
2018-08-16 14:25:14 +02:00
Jakub Jelen d613b42b0c Avoid unused variables and warnings when building against OpenSSL 1.1 2018-08-08 16:12:25 +02:00
Klas Lindfors 80d47c82f0 lib: in _ykpiv_fetch_object() handle bogus length by returning
otherwise we might memmove() to much data

Thanks to Eric Sesterhenn of x41 D-Sec for reporting this issue to us.
2018-08-03 10:51:46 +02:00
Klas Lindfors 01a127a44a lib: in ykpiv_transfer_data() handle overflow by exiting
this is detected and printed, but we never exit the function

Thanks to Eric Sesterhenn of x41 D-Sec for reporting this issue to us.
2018-08-03 10:51:00 +02:00
Dave Pate 0b2dcb0aaf Fix msvc build warning re: return values 2018-02-09 09:14:45 -08:00
Dave Pate 9783f9b626 Fix warnings in msvc build 2018-02-09 09:03:10 -08:00
Dave Pate 289896ac61 Add syslog/windows event log output
Read multistage configuration
Update ROCA mitigation check and warnings
2018-02-09 08:28:51 -08:00
Trevor Bentley 7ca0267ddf Fix OpenSSL 1.1 compat layer
- Changes for latest ykpiv_util refactor
 - Passes hw tests with openssl 1.0 and 1.1
 - Passes valgrind
2017-11-21 17:08:38 +01:00
Trevor Bentley 3ce4f0ccae Clean up typos, warnings, and incorrect libtool age. 2017-11-08 11:11:45 +01:00
Trevor Bentley c939cff518 Allow changing libykpiv compile-time ifdefs from CFLAGS 2017-10-31 12:34:15 +01:00
Trevor Bentley 252226220a Disable ensure_application_selected() by default, since it breaks PIN policy. 2017-10-31 12:29:16 +01:00
Trevor Bentley 4eb6f1b193 Fix build on Linux
Signed-off-by: Trevor Bentley <trevor@yubico.com>
2017-10-26 17:03:35 +02:00
Dave Pate 999312e6b5 api: use uintptr_t for architecture specific handle sizes 2017-10-26 14:09:09 +02:00
Trevor Bentley b3cbfb5560 Some documentation and cleanup of ykpiv.h 2017-10-23 16:26:25 +02:00
Trevor Bentley 27933eaff8 Fix applet selection for whole public API. 2017-10-23 16:26:17 +02:00
Trevor Bentley c07355fefb Fix unit tests for NEO: use ECCP256 and detect attestation errors 2017-10-23 16:26:14 +02:00
Trevor Bentley aa293dcc31 Fix PIN length handling in ykpiv_verify*() 2017-10-23 16:26:08 +02:00
Trevor Bentley f903a432e3 Backport minidriver changes
* Port ykpiv_auth_getchallenge and ykpiv_auth_verifyresponse
 - Commit 8fde607b50b19c57a662c53c6b276b54a78606d8
 - Commit 6046b98e477cfef59a590ce2177336d694813e7e
 - Commit 422cea11745dc67d15039e242ed21ecb5208ae55
 - Commit 1d31647e5a27bd2df6bda76512c7d673980f0bec
* Rename connect2() and done2() to connect_with_external_card(), etc.
* Select applet in ykpiv_change_pin, change_puk, and unblock_pin
2017-10-23 16:26:02 +02:00
Trevor Bentley 13e02f998d Fix ykpiv_attest slot argument name 2017-10-23 16:25:41 +02:00
Trevor Bentley f6b817f056 Add ykpiv_attest() and use it in yubico-piv-tool 2017-10-23 16:25:38 +02:00
Trevor Bentley 8135a55200 yubico-piv-tool: Switch to ykpiv_set_pin_retries() 2017-10-23 16:25:17 +02:00
Trevor Bentley 48c2b8e99c Move shared functionality from util.c to internal.h 2017-10-23 16:22:34 +02:00
Trevor Bentley dfd2a9ef92 Cleanup compiler warnings, and switch to cross-platform data types 2017-10-23 16:22:31 +02:00
Trevor Bentley 97ecb75dd4 Cleanup function names. Make PIN cache optional. 2017-10-23 16:22:27 +02:00
Trevor Bentley a8b2c2c1c4 Fix DES bugs in Linux. Windows+Linux both pass unit tests. 2017-10-23 16:22:24 +02:00
Trevor Bentley fb00baf672 Backport from minidriver:
commit 90020fea0ac34b2f98b68a5798fa85cb5ad12175 (tag: 3.2)
Author: Dave Pate <dpate@yubico.com>
Date:   Thu Jul 27 00:31:54 2017 -0700

    Release 3.2
    Adds automatic PUK blocking
    Adds feature to turn automatic PUK blocking off
    Miscellaneous fixes with metadata handling
2017-10-23 16:22:21 +02:00
Trevor Bentley 16d0a519c4 Continuing unit tests and minor bug fixes
* Support unit tests on Yubikey NEO
* Test ykpiv_get_version
* Test ykpiv_import_private_key
* Test ykpiv_sign_data
* Test ykpiv_decipher_data
* Test ykpiv_change_pin
* Test ykpiv_change_puk
* Test ykpiv_get_pin_retries
* Test ykpiv_set_pin_retries
* Test ykpiv_verify
* Fix segfault when |tries| is NULL
* Fix segfault when import_private_key algorithm is wrong
2017-10-23 16:22:14 +02:00
Trevor Bentley 2ea0e4cbdd Port custom allocator from minidriver, and add test case for it. 2017-10-23 16:22:08 +02:00
Trevor Bentley 6c5d5545bf WIP port minidriver ykpiv_util_* functions 2017-10-23 16:21:57 +02:00
Trevor Bentley 86a0e72dbe Port fix from ykpiv-minidriver:
commit 79ae87153c2be06e8193a491e26b799e3b5ba028
Author: Oscar K So JR <oscar@yubico.com>
Date:   Mon Jan 30 22:08:29 2017 +0000

    Fixed Issue #78 - P2 Bug: MXCT352 - Importing PKCS#12 with key size 4096 bits crashed CertUtil.exe
2017-10-23 16:21:54 +02:00
Klas Lindfors 82cd15db50 change _change_pin_internal to change_pin_internal to match style
all other internal functions have plain names
2017-05-30 13:05:24 +02:00
Klas Lindfors 0db87e8721 drop unused variable 2017-05-30 13:05:00 +02:00
emersonl d1db8eb282 Improve the style based on comments from Klas 2017-05-30 13:02:49 +02:00
emersonl 6882bc5c7c Fix issue #116 2017-05-30 12:59:08 +02:00
emersonl c05d879968 Fix issue #88 and #102 2017-05-30 12:56:25 +02:00
Simon Josefsson 89bec1260a Improve license headers. 2016-08-12 15:30:06 +02:00
Michael Scherer 24534bcfcf Replace magic number for status word by constants
Most come from NIST special publication 800-73-4, section 5.6,
except one which I assume to be a custom one for yubikey.
2016-05-09 09:38:37 +02:00
Klas Lindfors bbde9f91f9 Merge branch 'fix_typo' of ssh://github.com/mscherer/yubico-piv-tool into mscherer-fix_typo 2016-05-09 09:01:28 +02:00
Michael Scherer 6a4608ff05 Use more constant for filling apdu struct. 2016-05-05 01:11:42 +02:00
Michael Scherer 099c55e90a Fix various errors messages 2016-05-05 01:11:37 +02:00
Klas Lindfors ebf31d73f8 Merge branch 'attestation2' 2016-05-03 09:24:14 +02:00
Klas Lindfors 60dbac235d unblock pin should unblock pin, not change puk 2016-04-18 21:43:34 +02:00
Klas Lindfors f5fab7e962 add ykpiv touchpolicy to ykpiv 2016-03-17 12:29:25 +01:00
Klas Lindfors 189fe723f1 add YKPIV_KEY_ATTESTATION to ykpiv_import_key() 2016-03-17 12:29:13 +01:00
Alessio Di Mauro 39f5dbd119 Typo. 2016-01-11 12:49:58 +01:00
Mikhail Denisenko 6042a2140e Implemented C_SetPIN 2015-12-11 13:23:38 -05:00
Alessio Di Mauro 4849e494be Add retired key definitions to libykpiv.
Include retired keys in import_key's check.
2015-11-20 15:44:19 +01:00
Klas Lindfors ed38b96fe4 raise buffer sizes and remove a miss-leading error 2015-11-20 13:14:55 +01:00
Alessio Di Mauro e39b203d66 Remove leftover print. 2015-11-20 11:45:35 +01:00
Alessio Di Mauro 6269280578 Add import private key to libykpiv. 2015-11-19 18:30:58 +01:00