Commit Graph

1238 Commits

Author SHA1 Message Date
Klas Lindfors 00ced78b7a bump openssl to 1.0.2r 2019-04-03 10:27:45 +02:00
Klas Lindfors 4424a541d7 bump version for 1.7.1 2019-04-03 10:27:34 +02:00
Klas Lindfors d13515d11d NEWS for 1.7.0 2019-04-03 09:53:29 +02:00
Klas Lindfors 3d084c6f9a Merge branch 'pr-188' 2019-04-03 09:47:54 +02:00
Dave Pate 7b64528cf7 lib: check tlv length encoding when reading complex data 2019-04-03 09:46:59 +02:00
Dave Pate 5113a5ed02 lib: tlv length buffer checks 2019-04-03 09:46:54 +02:00
Dave Pate afbe1b2670 lib: handle realloc failures safely 2019-04-03 09:46:49 +02:00
Dave Pate f37cf3f462 lib: clear secrets in set_protected_mgm 2019-04-03 09:46:41 +02:00
Dave Pate 7ff3007017 lib: clear secrets in ykpiv_import_private_key 2019-04-03 09:46:35 +02:00
Dave Pate a10ab1ace5 lib: correct zero memory defines, correct overflow checks in _write_certificate 2019-04-03 09:46:27 +02:00
Dave Pate c4dbf9d02c lib: clear secrets in auth api 2019-04-03 09:46:20 +02:00
Dave Pate 340177f070 lib: check that serial/version checks occur during select 2019-04-03 09:46:15 +02:00
Dave Pate 934120888f lib: define constant for max pin len magic numbers
lib: clear pin buffers when no longer used
2019-04-03 09:46:01 +02:00
Dave Pate eb250134f8 lib: check internal authentication crypt errors 2019-04-03 09:45:57 +02:00
Dave Pate b2dd16deb4 lib: clear buffers containing key material 2019-04-03 09:45:53 +02:00
Dave Pate 28189201a4 lib: use secure zero memory platform functions 2019-04-03 09:45:49 +02:00
Dave Pate 2e72c8f85c lib: resolves potential reads of uninitialized data 2019-04-03 09:45:44 +02:00
pedro martelletto 9a72ec1ba1 doc: set LC_CTYPE=C; fixes ef81d164 on MacOS 2019-03-07 07:50:08 +01:00
Alessio Di Mauro 33a10a5adb Merge pull request #187 from Yubico/pvs_remove_warnings
Remove some warnings
2019-03-06 15:27:40 +01:00
Gabriel Kihlman bc2f161c51 Initialize buf to 0 to make a code scanner happy 2019-03-06 15:16:56 +01:00
Gabriel Kihlman f60d2d4ff8 Do not assign variable twice 2019-03-06 14:32:42 +01:00
Gabriel Kihlman 3f7f2b633b Remove duplicate check on op_info.type != YKCS11_SIGN 2019-03-06 14:31:04 +01:00
Klas Lindfors 1f8a759894 Merge branch 'pr-186' 2019-03-05 08:16:44 +01:00
pedro martelletto ef81d16465 doc: rely on /dev/urandom's distribution to generate secrets
as per https://github.com/Yubico/developers.yubico.com/issues/87
2019-03-05 07:58:09 +01:00
Alessio Di Mauro bc72c7378f Merge PR#184 2019-02-20 16:09:32 +01:00
Gabriel Kihlman 5baf9347e1 Check return value of strdup 2019-02-20 16:02:19 +01:00
Klas Lindfors 2581c0b3c3 bump openssl version and don't include check binaries 2019-02-18 13:52:16 +01:00
Alessio Di Mauro 1d6ed20182 Merge PR#183 2019-02-15 16:05:38 +01:00
Klas Lindfors e4e3137556 tool: fix selfsigned extensions
previous code was on the naive side
2019-02-15 15:46:13 +01:00
Alessio Di Mauro 6264c6a578 Merge PR #182 2019-02-15 13:34:45 +01:00
Klas Lindfors 7ecb5fe0b8 tool: add extensions for selfsigned certificates to match openssl
this adds subjectKeyIdentifier, authorityKeyIdentifier and
basicConstraints (CA:TRUE) for selfsigned certificates to match with
openssl req
2019-02-15 12:59:38 +01:00
Alessio Di Mauro 5749371432 ykcs11: use a large enough buffer when writing EC signatures 2019-01-07 11:03:52 +01:00
Klas Lindfors 8b38f0c079 Merge branch 'pr-178' 2019-01-02 08:50:49 +01:00
Stacey Sheldon 811ddbb22d CHUID: fix the encoding of the FASC-N data element in the CHUID
This is the hard-coded FASC-N field being used by yubico-piv-tool
  [9999-9999-999999-0-1-0000000000300001]
  S9999F9999F999999F0F1F0000000000300001E

It should be encoded as this sequence of 5-bit values
 11010 (SS)
   10011 10011 10011 10011 (9999)
 10110 (FS)
   10011 10011 10011 10011 (9999)
 10110 (FS)
   10011 10011 10011 10011 10011 10011 (999999)
 10110 (FS)
   00001 (0)
 10110 (FS)
   10000 (1)
 10110 (FS)
   00001 00001 00001 00001 00001 00001 00001 00001 00001 00001 (0000000000)
   11001 (3)
   00001 00001 00001 00001 (0000)
   10000 (1)
 11111 (ES)
 01011 (LRC)

This packs into this 25-byte (200-bit) sequence of hex bytes:
 d4 e7 39 da 73 9c ed 39 ce 73 9d 83 68 58 21 08
 42 10 84 21 c8 42 10 c3 eb
2019-01-01 01:43:51 -05:00
Stacey Sheldon 421469b220 FASC-N: correct encoding of the packed 4-bit decimal format with odd parity
The BCD digits in the FASC-N credential are sent lsb first followed by an
odd parity.  Since this perl script is simply packing the bits in their
expected order, the encodings should exactly match figure 7 in
"Technical Implementation Guidance: Smart Card Enabled Physical Access
Control Systems Version 2.2".
2019-01-01 01:23:55 -05:00
Klas Lindfors 79b86cf9bd fix fasc-n value of 1
relates #177
2018-12-18 09:25:05 +01:00
Klas Lindfors 5d1d044982 Merge branch 'pr-165' 2018-09-21 10:34:09 +02:00
Klas Lindfors 898b85821c ykcs11: allow the pkcs11 module to find headers from tool/
fixes #166
2018-09-18 08:38:57 +02:00
Dave Pate cbd5ba5122 libykpiv/piv-tool 1.6.3
lib: promote get_serial to base API
lib: add ykpiv_get_serial to external API
tool: add serial number/version to status command
build: fix msvc build of case insensitive-reader (missing strncasecmp and cast warnings)
lib: consolidate neo/yk4 + yk5 serial number routines
lib: fix GCC 8 compilier warnings
lib: reimplement deauthenticate to select mgmt aid
build: disable -Waggregate-return
lib: fix warning differences between gcc and msvc
lib: add option to disable implicit card transactions
lib: remove application reselect prior to crypt operations
build: fix msvc warnings wrt length checking logic fixes
lib: fix error condition logic in untransacted internal functions
lib: create internal transactionless ykpiv_transfer_data
2018-09-14 14:29:39 -07:00
Klas Lindfors 311ba9b30c bump version to 1.6.3 2018-09-14 10:04:27 +02:00
Klas Lindfors 54ed4018b2 NEWS for 1.6.2 2018-09-14 09:24:05 +02:00
Klas Lindfors a24dd0a2ee tool: for openssl 1.1 rsa signatures include hash oid
the rsa signature has to be over hash oid + message digest, dropping the
oid from the hash leads to invalid certificate requests and selfsigned
certificates.

fixes #164
2018-09-10 10:24:32 +02:00
Klas Lindfors 228a04ad73 tool: only declare the static struct once in wrap_public_key()
and make sure to just set it once for both rsa and ec
2018-09-10 10:04:46 +02:00
Klas Lindfors 696894bc68 tool: handle error conditions from signing with openssl 1.1
relates #164
2018-09-10 08:52:39 +02:00
Alessio Di Mauro d0ba708260 Merge PR #163 2018-09-07 13:58:18 +02:00
Klas Lindfors 6e51db8c80 lib: make the reader comparison case-insensitive
sadly strcasestr is a GNU/BSD extension, not part of posix so we have to
do our own thing here or do different things on different platforms.
2018-09-07 12:57:10 +02:00
Klas Lindfors 62142a1b74 bump openssl versions to 1.0.2p 2018-08-17 09:45:39 +02:00
Klas Lindfors 945a0f314d bump version to 1.6.2 2018-08-17 09:45:20 +02:00
Klas Lindfors ff12f8baf3 NEWS for 1.6.1 2018-08-17 09:22:18 +02:00
Klas Lindfors 5bbce58cee update NEWS for more changes that happened in 1.6.0 2018-08-17 09:20:36 +02:00