Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package yubico-piv-tool for openSUSE:Factory
checked in at 2022-02-01 16:59:52
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yubico-piv-tool (Old)
and /work/SRC/openSUSE:Factory/.yubico-piv-tool.new.1898 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yubico-piv-tool"
Tue Feb 1 16:59:52 2022 rev:15 rq:950455 version:2.2.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/yubico-piv-tool/yubico-piv-tool.changes
2021-03-02 14:32:52.250970335 +0100
+++
/work/SRC/openSUSE:Factory/.yubico-piv-tool.new.1898/yubico-piv-tool.changes
2022-02-01 17:00:03.828845965 +0100
@@ -1,0 +2,11 @@
+Mon Jan 31 20:31:47 UTC 2022 - Dirk M??ller <[email protected]>
+
+- update to 2.2.1:
+ * ykpiv: Minor bug fixes
+ * ykcs11: Improved handling of object attributes
+ * ykcs11: Update flags for EC related mechanisms
+ * ykcs11: Minor bug fixes
+ * test: Improved testing
+ * doc: Improved documentation
+
+-------------------------------------------------------------------
Old:
----
yubico-piv-tool-2.2.0.tar.gz
yubico-piv-tool-2.2.0.tar.gz.sig
New:
----
yubico-piv-tool-2.2.1.tar.gz
yubico-piv-tool-2.2.1.tar.gz.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yubico-piv-tool.spec ++++++
--- /var/tmp/diff_new_pack.wdcLLb/_old 2022-02-01 17:00:04.488841324 +0100
+++ /var/tmp/diff_new_pack.wdcLLb/_new 2022-02-01 17:00:04.492841295 +0100
@@ -1,7 +1,7 @@
#
# spec file for package yubico-piv-tool
#
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
%define sover 2
Name: yubico-piv-tool
-Version: 2.2.0
+Version: 2.2.1
Release: 0
Summary: Yubico YubiKey NEO CCID Manager
License: BSD-2-Clause
++++++ pthread-link.patch ++++++
--- /var/tmp/diff_new_pack.wdcLLb/_old 2022-02-01 17:00:04.532841014 +0100
+++ /var/tmp/diff_new_pack.wdcLLb/_new 2022-02-01 17:00:04.536840986 +0100
@@ -1,7 +1,7 @@
-Index: yubico-piv-tool-2.2.0/ykcs11/CMakeLists.txt
+Index: yubico-piv-tool-2.2.1/ykcs11/CMakeLists.txt
===================================================================
---- yubico-piv-tool-2.2.0.orig/ykcs11/CMakeLists.txt
-+++ yubico-piv-tool-2.2.0/ykcs11/CMakeLists.txt
+--- yubico-piv-tool-2.2.1.orig/ykcs11/CMakeLists.txt
++++ yubico-piv-tool-2.2.1/ykcs11/CMakeLists.txt
@@ -60,6 +60,9 @@ if(${ENABLE_HARDWARE_TESTS})
set(HW_TESTS 1)
endif(${ENABLE_HARDWARE_TESTS})
@@ -19,6 +19,6 @@
-target_link_libraries(ykcs11_shared ${LIBCRYPTO_LDFLAGS} ykpiv_shared)
+target_link_libraries(ykcs11_shared ${LIBCRYPTO_LDFLAGS} ykpiv_shared
Threads::Threads)
set_target_properties(ykcs11_shared PROPERTIES SOVERSION ${SO_VERSION}
VERSION ${VERSION})
- set_target_properties(ykcs11_shared PROPERTIES INSTALL_RPATH
"${YKPIV_INSTALL_LIB_DIR}")
- if(WIN32)
+ if (${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
+ set_target_properties(ykcs11_shared PROPERTIES INSTALL_RPATH
"${YKPIV_INSTALL_LIB_DIR}")
++++++ yubico-piv-tool-2.2.0.tar.gz -> yubico-piv-tool-2.2.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yubico-piv-tool-2.2.0/CMakeLists.txt
new/yubico-piv-tool-2.2.1/CMakeLists.txt
--- old/yubico-piv-tool-2.2.0/CMakeLists.txt 2020-12-17 09:06:58.000000000
+0100
+++ new/yubico-piv-tool-2.2.1/CMakeLists.txt 2021-09-03 00:10:22.000000000
+0200
@@ -34,7 +34,7 @@
set (yubico_piv_tool_VERSION_MAJOR 2)
set (yubico_piv_tool_VERSION_MINOR 2)
-set (yubico_piv_tool_VERSION_PATCH 0)
+set (yubico_piv_tool_VERSION_PATCH 1)
set (VERSION
"${yubico_piv_tool_VERSION_MAJOR}.${yubico_piv_tool_VERSION_MINOR}.${yubico_piv_tool_VERSION_PATCH}")
set (SO_VERSION 2)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yubico-piv-tool-2.2.0/NEWS
new/yubico-piv-tool-2.2.1/NEWS
--- old/yubico-piv-tool-2.2.0/NEWS 2020-12-17 09:06:58.000000000 +0100
+++ new/yubico-piv-tool-2.2.1/NEWS 2021-09-03 00:10:22.000000000 +0200
@@ -1,5 +1,14 @@
yubico-piv-tool NEWS -- History of user-visible changes. -*- outline -*-
+* Version 2.2.1 (released 2021-09-07)
+
+** ykpiv: Minor bug fixes
+** ykcs11: Improved handling of object attributes
+** ykcs11: Update flags for EC related mechanisms
+** ykcs11: Minor bug fixes
+** test: Improved testing
+** doc: Improved documentation
+
* Version 2.2.0 (released 2021-01-20)
** ykpiv: Increased SO version
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yubico-piv-tool-2.2.0/README
new/yubico-piv-tool-2.2.1/README
--- old/yubico-piv-tool-2.2.0/README 2020-12-17 09:06:58.000000000 +0100
+++ new/yubico-piv-tool-2.2.1/README 2021-09-03 00:10:22.000000000 +0200
@@ -92,19 +92,23 @@
=== Building on Windows
-Building on Windows require MSBuild or Visual Studio and the MSVC compiler.
-
-On Windows, `getopt` is needed to read command line arguments. The path to
`getopt`
-library and include file need to be specified as a command line argument to
`cmake`.
-Also the path to OpenSSL need to be specified either as a command line
argument to `cmake`
+Building on Windows requires MSBuild or Visual Studio and the MSVC compiler.
It also requires
+building the binaries from the
https://developers.yubico.com/yubico-piv-tool/Releases/[source release] package
+and not from the source checked out from the repository on GitHub. This is
because some files that are part of
+the command line shell are generated but they cannot, currently, be generated
on Windows. Those files are, however,
+included in the source release package.
+
+On Windows, `getopt` is needed to read command line arguments. The easiest way
to install `getopt`
+is with the
https://docs.microsoft.com/en-us/cpp/build/vcpkg?view=msvc-160[`vcpkg` package
manager]. The
+path to `getopt` DLL library and include file need to be specified as a
command line argument to `cmake`.
+Also the path to OpenSSL needs to be specified either as a command line
argument to `cmake`
or by setting the environment variable `OPENSSL_ROOT_DIR`
-The command line examples bellow are for `PowerShell` and the prerequisites
-were installed from source.
+The command line examples bellow are for `PowerShell` and the prerequisites
were installed from source (using `vcpkg`).
$ env:OPENSSL_ROOT_DIR ="PATH/TO/OPENSSL_DIR"
$ mkdir build; cd build
- $ cmake -A ARCH -DGETOPT_LIB_DIR="PATH/TO/GETOPT_DIR/lib"
-DGETOPT_INCLUDE_DIR="PATH/TO/GETOPT_DIR/include ..
+ $ cmake -A <ARCH> -DGETOPT_LIB_DIR="PATH/TO/GETOPT_DIR/lib"
-DGETOPT_INCLUDE_DIR="PATH/TO/GETOPT_DIR/include ..
$ cmake --build .
To run the tests, `check` is used. The path to the `check` directory needs to
be
@@ -113,7 +117,7 @@
$ env:OPENSSL_ROOT_DIR ="PATH/TO/OPENSSL_DIR"
$ mkdir build; cd build
- $ cmake -A ARCH -DGETOPT_LIB_DIR="PATH/TO/GETOPT_DIR/lib"
-DGETOPT_INCLUDE_DIR="PATH/TO/GETOPT_DIR/include
-DCHECK_PATH="PATH/TO/CHECK_DIR" ..
+ $ cmake -A <ARCH> -DGETOPT_LIB_DIR="PATH/TO/GETOPT_DIR/lib"
-DGETOPT_INCLUDE_DIR="PATH/TO/GETOPT_DIR/include
-DCHECK_PATH="PATH/TO/CHECK_DIR" ..
$ cmake --build .
$ $env:Path
+=";PATH/TO//CHECK_DIR/bin;PATH/TO/OPENSSL_DIR/bin;PATH/TO/build\lib\Debug;PATH/TO/build\ykcs11\Debug"
$ ctest.exe -C Debug
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yubico-piv-tool-2.2.0/cmake/help2man.cmake
new/yubico-piv-tool-2.2.1/cmake/help2man.cmake
--- old/yubico-piv-tool-2.2.0/cmake/help2man.cmake 2020-12-17
09:06:58.000000000 +0100
+++ new/yubico-piv-tool-2.2.1/cmake/help2man.cmake 2021-09-03
00:10:22.000000000 +0200
@@ -30,9 +30,9 @@
message (FATAL_ERROR "Cannot find help2man. Please install it.")
ENDIF ()
-MACRO (add_help2man_manpage file command)
+MACRO (add_help2man_manpage file command description)
add_custom_command (OUTPUT ${CMAKE_CURRENT_SOURCE_DIR}/${file}
- COMMAND ${HELP2MAN_LOCATION} ARGS -s1 -N -o
${CMAKE_CURRENT_SOURCE_DIR}/${file} ./${command}
+ COMMAND ${HELP2MAN_LOCATION} ARGS -s1 -N -n ${description} -o
${CMAKE_CURRENT_SOURCE_DIR}/${file} ./${command}
DEPENDS ${command}
COMMENT "Building manpage for ${command}")
-ENDMACRO ()
\ No newline at end of file
+ENDMACRO ()
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yubico-piv-tool-2.2.0/debian/changelog
new/yubico-piv-tool-2.2.1/debian/changelog
--- old/yubico-piv-tool-2.2.0/debian/changelog 2020-12-17 09:06:58.000000000
+0100
+++ new/yubico-piv-tool-2.2.1/debian/changelog 2021-09-03 00:10:22.000000000
+0200
@@ -1,3 +1,9 @@
+yubico-piv-tool (2.2.1) stable; urgency=medium
+
+ * 2.2.1 release
+
+ -- Aveen Ismail <[email protected]> Thu, 2 Sep 2021 13:14:40 +0100
+
yubico-piv-tool (2.2.0) stable; urgency=medium
* 2.2.0 release
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yubico-piv-tool-2.2.0/doc/YKCS11/Functions_and_values.adoc
new/yubico-piv-tool-2.2.1/doc/YKCS11/Functions_and_values.adoc
--- old/yubico-piv-tool-2.2.0/doc/YKCS11/Functions_and_values.adoc
2020-12-17 09:06:58.000000000 +0100
+++ new/yubico-piv-tool-2.2.1/doc/YKCS11/Functions_and_values.adoc
2021-09-03 00:10:22.000000000 +0200
@@ -152,43 +152,43 @@
|82 | Private key for Retired Key 1 | Public key for Retired Key 1 | X.509
Certificate for Retired Key 1 |X.509 Certificate for PIV Attestation 82 |X.509
Certificate for Retired Key 1
-|83 | Private key for Retired Key 2 | Public key for Retired Key 2 | X.509
Certificate for Retired Key 2 | X.509 Certificate for PIV Attestation 82 |X.509
Certificate for Retired Key 2
+|83 | Private key for Retired Key 2 | Public key for Retired Key 2 | X.509
Certificate for Retired Key 2 | X.509 Certificate for PIV Attestation 83 |X.509
Certificate for Retired Key 2
-|84 | Private key for Retired Key 3 | Public key for Retired Key 3 | X.509
Certificate for Retired Key 3 | X.509 Certificate for PIV Attestation 83 |X.509
Certificate for Retired Key 3
+|84 | Private key for Retired Key 3 | Public key for Retired Key 3 | X.509
Certificate for Retired Key 3 | X.509 Certificate for PIV Attestation 84 |X.509
Certificate for Retired Key 3
-|85 | Private key for Retired Key 4 | Public key for Retired Key 4 | X.509
Certificate for Retired Key 4 | X.509 Certificate for PIV Attestation 84 |
X.509 Certificate for Retired Key 4
+|85 | Private key for Retired Key 4 | Public key for Retired Key 4 | X.509
Certificate for Retired Key 4 | X.509 Certificate for PIV Attestation 85 |
X.509 Certificate for Retired Key 4
-|86 | Private key for Retired Key 5 | Public key for Retired Key 5 | X.509
Certificate for Retired Key 5 | X.509 Certificate for PIV Attestation 85 |
X.509 Certificate for Retired Key 5
+|86 | Private key for Retired Key 5 | Public key for Retired Key 5 | X.509
Certificate for Retired Key 5 | X.509 Certificate for PIV Attestation 86 |
X.509 Certificate for Retired Key 5
-|87 | Private key for Retired Key 6 | Public key for Retired Key 6 | X.509
Certificate for Retired Key 6 | X.509 Certificate for PIV Attestation 86| X.509
Certificate for Retired Key 6
+|87 | Private key for Retired Key 6 | Public key for Retired Key 6 | X.509
Certificate for Retired Key 6 | X.509 Certificate for PIV Attestation 87| X.509
Certificate for Retired Key 6
-|88 | Private key for Retired Key 7 | Public key for Retired Key 7 | X.509
Certificate for Retired Key 7 | X.509 Certificate for PIV Attestation 87 |
X.509 Certificate for Retired Key 7
+|88 | Private key for Retired Key 7 | Public key for Retired Key 7 | X.509
Certificate for Retired Key 7 | X.509 Certificate for PIV Attestation 88 |
X.509 Certificate for Retired Key 7
-|89 | Private key for Retired Key 8 | Public key for Retired Key 8 | X.509
Certificate for Retired Key 8 | X.509 Certificate for PIV Attestation 88 |
X.509 Certificate for Retired Key 8
+|89 | Private key for Retired Key 8 | Public key for Retired Key 8 | X.509
Certificate for Retired Key 8 | X.509 Certificate for PIV Attestation 89 |
X.509 Certificate for Retired Key 8
-|8a | Private key for Retired Key 9 | Public key for Retired Key 9 | X.509
Certificate for Retired Key 9 | X.509 Certificate for PIV Attestation 89 |
X.509 Certificate for Retired Key 9
+|8a | Private key for Retired Key 9 | Public key for Retired Key 9 | X.509
Certificate for Retired Key 9 | X.509 Certificate for PIV Attestation 8a |
X.509 Certificate for Retired Key 9
-|8b | Private key for Retired Key 10 | Public key for Retired Key 10 | X.509
Certificate for Retired Key 10 | X.509 Certificate for PIV Attestation 8a |
X.509 Certificate for Retired Key 10
+|8b | Private key for Retired Key 10 | Public key for Retired Key 10 | X.509
Certificate for Retired Key 10 | X.509 Certificate for PIV Attestation 8b |
X.509 Certificate for Retired Key 10
-|8c | Private key for Retired Key 11 | Public key for Retired Key 11 | X.509
Certificate for Retired Key 11 | X.509 Certificate for PIV Attestation 8b |
X.509 Certificate for Retired Key 11
+|8c | Private key for Retired Key 11 | Public key for Retired Key 11 | X.509
Certificate for Retired Key 11 | X.509 Certificate for PIV Attestation 8c |
X.509 Certificate for Retired Key 11
-|8d | Private key for Retired Key 12 | Public key for Retired Key 12 | X.509
Certificate for Retired Key 12 | X.509 Certificate for PIV Attestation 8c |
X.509 Certificate for Retired Key 12
+|8d | Private key for Retired Key 12 | Public key for Retired Key 12 | X.509
Certificate for Retired Key 12 | X.509 Certificate for PIV Attestation 8d |
X.509 Certificate for Retired Key 12
-|8e | Private key for Retired Key 13 | Public key for Retired Key 13 | X.509
Certificate for Retired Key 13 | X.509 Certificate for PIV Attestation 8d |
X.509 Certificate for Retired Key 13
+|8e | Private key for Retired Key 13 | Public key for Retired Key 13 | X.509
Certificate for Retired Key 13 | X.509 Certificate for PIV Attestation 8e |
X.509 Certificate for Retired Key 13
-|8f | Private key for Retired Key 14 | Public key for Retired Key 14 | X.509
Certificate for Retired Key 14 | X.509 Certificate for PIV Attestation 8e |
X.509 Certificate for Retired Key 14
+|8f | Private key for Retired Key 14 | Public key for Retired Key 14 | X.509
Certificate for Retired Key 14 | X.509 Certificate for PIV Attestation 8f |
X.509 Certificate for Retired Key 14
-|90 | Private key for Retired Key 15 | Public key for Retired Key 15 | X.509
Certificate for Retired Key 15 | X.509 Certificate for PIV Attestation 8f |
X.509 Certificate for Retired Key 15
+|90 | Private key for Retired Key 15 | Public key for Retired Key 15 | X.509
Certificate for Retired Key 15 | X.509 Certificate for PIV Attestation 90 |
X.509 Certificate for Retired Key 15
-|91 | Private key for Retired Key 16 | Public key for Retired Key 16 | X.509
Certificate for Retired Key 16 | X.509 Certificate for PIV Attestation 90 |
X.509 Certificate for Retired Key 16
+|91 | Private key for Retired Key 16 | Public key for Retired Key 16 | X.509
Certificate for Retired Key 16 | X.509 Certificate for PIV Attestation 91 |
X.509 Certificate for Retired Key 16
-|92 | Private key for Retired Key 17 | Public key for Retired Key 17 | X.509
Certificate for Retired Key 17 | X.509 Certificate for PIV Attestation 91 |
X.509 Certificate for Retired Key 17
+|92 | Private key for Retired Key 17 | Public key for Retired Key 17 | X.509
Certificate for Retired Key 17 | X.509 Certificate for PIV Attestation 92 |
X.509 Certificate for Retired Key 17
-|93 | Private key for Retired Key 18 | Public key for Retired Key 18 | X.509
Certificate for Retired Key 18 | X.509 Certificate for PIV Attestation 92 |
X.509 Certificate for Retired Key 18
+|93 | Private key for Retired Key 18 | Public key for Retired Key 18 | X.509
Certificate for Retired Key 18 | X.509 Certificate for PIV Attestation 93 |
X.509 Certificate for Retired Key 18
-|94 | Private key for Retired Key 19 | Public key for Retired Key 19 | X.509
Certificate for Retired Key 19 | X.509 Certificate for PIV Attestation 93 |
X.509 Certificate for Retired Key 19
+|94 | Private key for Retired Key 19 | Public key for Retired Key 19 | X.509
Certificate for Retired Key 19 | X.509 Certificate for PIV Attestation 94 |
X.509 Certificate for Retired Key 19
-|95 | Private key for Retired Key 20 | Public key for Retired Key 20 | X.509
Certificate for Retired Key 20 | X.509 Certificate for PIV Attestation 94 |
X.509 Certificate for Retired Key 20
+|95 | Private key for Retired Key 20 | Public key for Retired Key 20 | X.509
Certificate for Retired Key 20 | X.509 Certificate for PIV Attestation 95 |
X.509 Certificate for Retired Key 20
-|f9 | Private key for PIV Attestation | Public key for PIV Attestation | X.509
Certificate for PIV Attestation | X.509 Certificate for PIV Attestation 95 |
X.509 Certificate for PIV Attestation
+|f9 | Private key for PIV Attestation | Public key for PIV Attestation | X.509
Certificate for PIV Attestation | X.509 Certificate for PIV Attestation f9 |
X.509 Certificate for PIV Attestation
|=================================
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yubico-piv-tool-2.2.0/doc/YKCS11/index.adoc
new/yubico-piv-tool-2.2.1/doc/YKCS11/index.adoc
--- old/yubico-piv-tool-2.2.0/doc/YKCS11/index.adoc 2020-12-17
09:06:58.000000000 +0100
+++ new/yubico-piv-tool-2.2.1/doc/YKCS11/index.adoc 2021-09-03
00:10:22.000000000 +0200
@@ -38,7 +38,7 @@
3- Under System Variables, highlight ???Path??? and click ???Edit??????
-4- Click ???New??? and add the absolute path to yubico-piv-tool/bin
+4- Click ???New??? and add the absolute path to `Yubico PIV Tool\bin`
If setting the system path is not desirable, the `libykpiv.dll` and
`libcrypto-1_1.dll` can be copied into the same
directory as the application that needs to access the ykcs11 module.
@@ -132,4 +132,4 @@
$ make
$ sudo make install
-It is also possible to use
https://github.com/OpenSC/OpenSC/wiki/Using-OpenSC[PKCS#11 Spy], as provided by
OpenSC, to inspect the PKCS#11 communication.
\ No newline at end of file
+It is also possible to use
https://github.com/OpenSC/OpenSC/wiki/Using-OpenSC[PKCS#11 Spy], as provided by
OpenSC, to inspect the PKCS#11 communication.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yubico-piv-tool-2.2.0/lib/CMakeLists.txt
new/yubico-piv-tool-2.2.1/lib/CMakeLists.txt
--- old/yubico-piv-tool-2.2.0/lib/CMakeLists.txt 2020-12-17
09:06:58.000000000 +0100
+++ new/yubico-piv-tool-2.2.1/lib/CMakeLists.txt 2021-09-03
00:10:22.000000000 +0200
@@ -63,7 +63,9 @@
add_library(ykpiv_shared SHARED ${SOURCE})
target_link_libraries(ykpiv_shared ${LIBCRYPTO_LIBRARIES} ${PCSC_LIBRARIES}
${PCSC_WIN_LIBS} ${PCSC_MACOSX_LIBS} ${PCSC_CUSTOM_LIBS})
set_target_properties(ykpiv_shared PROPERTIES SOVERSION ${SO_VERSION} VERSION
${VERSION})
-set_target_properties(ykpiv_shared PROPERTIES INSTALL_RPATH
"${YKPIV_INSTALL_LIB_DIR}")
+if (${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
+ set_target_properties(ykpiv_shared PROPERTIES INSTALL_RPATH
"${YKPIV_INSTALL_LIB_DIR}")
+endif()
if(WIN32)
set_target_properties(ykpiv_shared PROPERTIES OUTPUT_NAME libykpiv)
else(WIN32)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yubico-piv-tool-2.2.0/lib/ykpiv-config.h
new/yubico-piv-tool-2.2.1/lib/ykpiv-config.h
--- old/yubico-piv-tool-2.2.0/lib/ykpiv-config.h 2020-12-17
09:07:52.000000000 +0100
+++ new/yubico-piv-tool-2.2.1/lib/ykpiv-config.h 2021-09-03
00:10:51.000000000 +0200
@@ -43,7 +43,7 @@
* version number. Used together with ykneomgr_check_version() to
verify
* header file and run-time library consistency.
*/
-#define YKPIV_VERSION_STRING "2.2.0"
+#define YKPIV_VERSION_STRING "2.2.1"
/**
* YKPIV_VERSION_NUMBER
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yubico-piv-tool-2.2.0/lib/ykpiv.pc
new/yubico-piv-tool-2.2.1/lib/ykpiv.pc
--- old/yubico-piv-tool-2.2.0/lib/ykpiv.pc 2020-12-17 09:07:52.000000000
+0100
+++ new/yubico-piv-tool-2.2.1/lib/ykpiv.pc 2021-09-03 00:10:51.000000000
+0200
@@ -33,7 +33,7 @@
Name: yubico-piv-tool
Description: Yubico PIV C Library
URL: https://www.yubico.com/
-Version: 2.2.0
+Version: 2.2.1
Requires.private: libcrypto
Libs: -L${libdir} -lykpiv
Cflags: -I${includedir}/ykpiv
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yubico-piv-tool-2.2.0/resources/macos/make_universal_binaries.sh
new/yubico-piv-tool-2.2.1/resources/macos/make_universal_binaries.sh
--- old/yubico-piv-tool-2.2.0/resources/macos/make_universal_binaries.sh
1970-01-01 01:00:00.000000000 +0100
+++ new/yubico-piv-tool-2.2.1/resources/macos/make_universal_binaries.sh
2021-09-03 00:10:22.000000000 +0200
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+# Script to produce universal binaries for OSX by combining 2 binary sets
+if [ "$#" -ne 2 ]; then
+ echo "This script combines x86_64 and arm64 binaries into universal
binaries for MacOS"
+ echo ""
+ echo " Usage: ./make_universal_binaries.sh <path/to/x86_64_binaries>
<path/to/arm64_binaries>"
+ echo "";
+ exit 0
+fi
+
+X86_64_PATH=$1
+ARM64_PATH=$2
+UNIVERSAL_PATH=universal
+
+set -x
+
+mkdir -p universal/usr/local/bin universal/usr/local/lib
+
+for f in $X86_64_PATH/usr/local/bin/*; do
+ filename="$(basename $f)"
+ lipo -create -output $UNIVERSAL_PATH/usr/local/bin/$filename
$X86_64_PATH/usr/local/bin/$filename $ARM64_PATH/usr/local/bin/$filename
+done
+
+for f in $X86_64_PATH/usr/local/lib/*.dylib; do
+ filename="$(basename $f)"
+ lipo -create -output $UNIVERSAL_PATH/usr/local/lib/$filename
$X86_64_PATH/usr/local/lib/$filename $ARM64_PATH/usr/local/lib/$filename
+done
+
+cp -r $X86_64_PATH/usr/local/share $UNIVERSAL_PATH/usr/local/
+cp -r $X86_64_PATH/usr/local/licenses $UNIVERSAL_PATH/usr/local/
+cp -r $X86_64_PATH/usr/local/include $UNIVERSAL_PATH/usr/local/
+
+set +x
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yubico-piv-tool-2.2.0/resources/scripts/cmdline_test.sh
new/yubico-piv-tool-2.2.1/resources/scripts/cmdline_test.sh
--- old/yubico-piv-tool-2.2.0/resources/scripts/cmdline_test.sh 2020-12-17
09:06:58.000000000 +0100
+++ new/yubico-piv-tool-2.2.1/resources/scripts/cmdline_test.sh 2021-09-03
00:10:22.000000000 +0200
@@ -10,8 +10,11 @@
BIN=$1 # path to the yubico-piv-tool command line tool
fi
+
+SLOTS=('9a' '9c' '9d' '9e' '82' '83' '84' '85' '86' '87' '88' '89' '8a' '8b'
'8c' '8d' '8e' '8f' '90' '91' '92' '93' '94' '95')
+
set -e
-set -x
+#set -x
if [ -e yubico-piv-tool_test_dir ];
then
@@ -38,132 +41,133 @@
$BIN -achange-puk -P000000 -N00000000 || true
$BIN -areset
-echo "********************** Generate ECCP256 in 9a ********************* "
+echo "********************** Generate ECCP256 in all slots
********************* "
-# Generate key on-board, issue certificate, and verify it
-$BIN -agenerate -s9a -AECCP256 -o key_9a.pub
-$BIN -averify -P123456 -s9a
-S'/CN=YubicoTestECCP256/OU=YubicoGenerated/O=yubico.com/' -aselfsign -i
key_9a.pub -o cert_9a.pem
-$BIN -averify -P123456 -s9a -atest-signature -i cert_9a.pem
-$BIN -aimport-certificate -P123456 -s9a -i cert_9a.pem
-
-# Read status and validate fields
-STATUS=$($BIN -astatus)
-echo "$STATUS"
-ALGO_9A=$(echo "$STATUS" |grep "Slot 9a" -A 6 |grep "Algorithm" |tr -d
"[:blank:]")
-if [ "x$ALGO_9A" != "xAlgorithm:ECCP256" ]; then
- echo "$ALGO_9A"
+for slot in "${SLOTS[@]}"
+do
+ echo "Generating ECCP256 on slot $slot"
+ $BIN -agenerate -s $slot -AECCP256 -o key.pub
+ $BIN -averify -P123456 -s$slot
-S'/CN=YubicoTestECCP256/OU=YubicoGenerated/O=yubico.com/' --valid-days '5'
-aselfsign -i key.pub -o cert.pem
+ $BIN -averify -P123456 -s$slot -atest-signature -i cert.pem
+ $BIN -aimport-certificate -P123456 -s$slot -i cert.pem
+
+ # Read status and validate fields
+ STATUS=$($BIN -astatus)
+ echo "$STATUS"
+ ALGO=$(echo "$STATUS" |grep "Slot $slot" -A 6 |grep "Algorithm" |tr -d
"[:blank:]")
+ if [ "x$ALGO" != "xAlgorithm:ECCP256" ]; then
+ echo "$ALGO"
echo "Generated algorithm incorrect." >/dev/stderr
exit 1
-fi
+ fi
-SUBJECT_9A=$(echo "$STATUS" |grep "Slot 9a" -A 6 |grep "Subject DN" |tr -d
"[:blank:]")
-if [ "x$SUBJECT_9A" !=
"xSubjectDN:CN=YubicoTestECCP256,OU=YubicoGenerated,O=yubico.com" ]; then
- echo "$SUBJECT_9A"
+ SUBJECT=$(echo "$STATUS" |grep "Slot $slot" -A 6 |grep "Subject DN" |tr -d
"[:blank:]")
+ if [ "x$SUBJECT" !=
"xSubjectDN:CN=YubicoTestECCP256,OU=YubicoGenerated,O=yubico.com" ]; then
+ echo "$SUBJECT"
echo "Certificate subject incorrect." >/dev/stderr
exit 1
-fi
+ fi
-$BIN -a verify-pin -P123456 --sign -s 9a -A ECCP256 -i data.txt -o data.sig
-exitcode=$?
-if [ "$exitcode" != "0" ]; then
- exit $exitcode
-fi
+ $BIN -a verify-pin -P123456 --sign -s $slot -A ECCP256 -i data.txt -o
data.sig
+done
-echo "********************** Generate ECCP384 in 9c ********************* "
-# Generate key on-board, issue certificate, and verify it
-$BIN -agenerate -s9c -AECCP384 -o key_9c.pub
-$BIN -averify -P123456 -s9c
-S'/CN=YubicoTestECCP384/OU=YubicoGenerated/O=yubico.com/' -aselfsign -i
key_9c.pub -o cert_9c.pem
-$BIN -averify -P123456 -s9c -atest-signature -i cert_9c.pem
-$BIN -aimport-certificate -P123456 -s9c -i cert_9c.pem
-
-# Read status and validate fields
-STATUS=$($BIN -astatus)
-echo "$STATUS"
-ALGO_9C=$(echo "$STATUS" |grep "Slot 9c" -A 6 |grep "Algorithm" |tr -d
"[:blank:]")
-if [ "x$ALGO_9C" != "xAlgorithm:ECCP384" ]; then
- echo "$ALGO_9C"
+echo "********************** Generate ECCP384 in all ********************* "
+
+for slot in "${SLOTS[@]}"
+do
+ # Generate key on-board, issue certificate, and verify it
+ $BIN -agenerate -s$slot -AECCP384 -o key.pub
+ $BIN -averify -P123456 -s$slot
-S'/CN=YubicoTestECCP384/OU=YubicoGenerated/O=yubico.com/' -aselfsign -i
key.pub -o cert.pem
+ $BIN -averify -P123456 -s$slot -atest-signature -i cert.pem
+ $BIN -aimport-certificate -P123456 -s$slot -i cert.pem
+
+ # Read status and validate fields
+ STATUS=$($BIN -astatus)
+ echo "$STATUS"
+ ALGO=$(echo "$STATUS" |grep "Slot $slot" -A 6 |grep "Algorithm" |tr -d
"[:blank:]")
+ if [ "x$ALGO" != "xAlgorithm:ECCP384" ]; then
+ echo "$ALGO"
echo "Generated algorithm incorrect." >/dev/stderr
exit 1
-fi
+ fi
-SUBJECT_9C=$(echo "$STATUS" |grep "Slot 9c" -A 6 |grep "Subject DN" |tr -d
"[:blank:]")
-if [ "x$SUBJECT_9C" !=
"xSubjectDN:CN=YubicoTestECCP384,OU=YubicoGenerated,O=yubico.com" ]; then
- echo "$SUBJECT_9C"
+ SUBJECT=$(echo "$STATUS" |grep "Slot $slot" -A 6 |grep "Subject DN" |tr -d
"[:blank:]")
+ if [ "x$SUBJECT" !=
"xSubjectDN:CN=YubicoTestECCP384,OU=YubicoGenerated,O=yubico.com" ]; then
+ echo "$SUBJECT"
echo "Certificate subject incorrect." >/dev/stderr
exit 1
-fi
+ fi
-$BIN -a verify-pin -P123456 --sign -s 9c -A ECCP384 -i data.txt -o data.sig
-exitcode=$?
-if [ "$exitcode" != "0" ]; then
- exit $exitcode
-fi
+ $BIN -a verify-pin -P123456 --sign -s $slot -A ECCP384 -i data.txt -o
data.sig
+done
-echo "********************** Generate RSA1024 in 9d ********************* "
+echo "********************** Generate RSA1024 in all slots
********************* "
-# Generate key on-board, issue certificate, and verify it
-$BIN -agenerate -s9d -ARSA1024 -o key_9d.pub
-$BIN -averify -P123456 -s9d
-S'/CN=YubicoTestRSA1024/OU=YubicoGenerated/O=yubico.com/' -aselfsign -i
key_9d.pub -o cert_9d.pem
-$BIN -averify -P123456 -s9d -atest-signature -i cert_9d.pem
-$BIN -aimport-certificate -P123456 -s9d -i cert_9d.pem
-
-# Read status and validate fields
-STATUS=$($BIN -astatus)
-echo "$STATUS"
-ALGO_9D=$(echo "$STATUS" |grep "Slot 9d" -A 6 |grep "Algorithm" |tr -d
"[:blank:]")
-if [ "x$ALGO_9D" != "xAlgorithm:RSA1024" ]; then
- echo "$ALGO_9D"
+for slot in "${SLOTS[@]}"
+do
+ # Generate key on-board, issue certificate, and verify it
+ $BIN -agenerate -s$slot -ARSA1024 -o key.pub
+ $BIN -averify -P123456 -s$slot
-S'/CN=YubicoTestRSA1024/OU=YubicoGenerated/O=yubico.com/' -aselfsign -i
key.pub -o cert.pem
+ $BIN -averify -P123456 -s$slot -atest-signature -i cert.pem
+ $BIN -aimport-certificate -P123456 -s$slot -i cert.pem
+
+ # Read status and validate fields
+ STATUS=$($BIN -astatus)
+ echo "$STATUS"
+ ALGO=$(echo "$STATUS" |grep "Slot $slot" -A 6 |grep "Algorithm" |tr -d
"[:blank:]")
+ if [ "x$ALGO" != "xAlgorithm:RSA1024" ]; then
+ echo "$ALGO"
echo "Generated algorithm incorrect." >/dev/stderr
exit 1
-fi
+ fi
-SUBJECT_9D=$(echo "$STATUS" |grep "Slot 9d" -A 6 |grep "Subject DN" |tr -d
"[:blank:]")
-if [ "x$SUBJECT_9D" !=
"xSubjectDN:CN=YubicoTestRSA1024,OU=YubicoGenerated,O=yubico.com" ]; then
- echo "$SUBJECT_9D"
+ SUBJECT=$(echo "$STATUS" |grep "Slot $slot" -A 6 |grep "Subject DN" |tr -d
"[:blank:]")
+ if [ "x$SUBJECT" !=
"xSubjectDN:CN=YubicoTestRSA1024,OU=YubicoGenerated,O=yubico.com" ]; then
+ echo "$SUBJECT"
echo "Certificate subject incorrect." >/dev/stderr
exit 1
-fi
+ fi
-$BIN -a verify-pin -P123456 --sign -s 9d -A RSA1024 -i data.txt -o data.sig
-exitcode=$?
-if [ "$exitcode" != "0" ]; then
- exit $exitcode
-fi
+ $BIN -a verify-pin -P123456 --sign -s $slot -A RSA1024 -i data.txt -o
data.sig
+done
-echo "********************** Generate RSA2048 in 9e ********************* "
+echo "********************** Generate RSA2048 in all slots
********************* "
-# Generate key on-board, issue certificate, and verify it
-$BIN -agenerate -s9e -ARSA2048 -o key_9e.pub
-$BIN -averify -P123456 -s9e
-S'/CN=YubicoTestRSA2048/OU=YubicoGenerated/O=yubico.com/' -aselfsign -i
key_9e.pub -o cert_9e.pem
-$BIN -averify -P123456 -s9e -atest-signature -i cert_9e.pem
-$BIN -aimport-certificate -P123456 -s9e -i cert_9e.pem
-
-# Read status and validate fields
-STATUS=$($BIN -astatus)
-echo "$STATUS"
-ALGO_9E=$(echo "$STATUS" |grep "Slot 9e" -A 6 |grep "Algorithm" |tr -d
"[:blank:]")
-if [ "x$ALGO_9E" != "xAlgorithm:RSA2048" ]; then
- echo "$ALGO_9E"
+for slot in "${SLOTS[@]}"
+do
+ # Generate key on-board, issue certificate, and verify it
+ $BIN -agenerate -s$slot -ARSA2048 -o key.pub
+ $BIN -averify -P123456 -s$slot
-S'/CN=YubicoTestRSA2048/OU=YubicoGenerated/O=yubico.com/' -aselfsign -i
key.pub -o cert.pem
+ $BIN -averify -P123456 -s$slot -atest-signature -i cert.pem
+ $BIN -aimport-certificate -P123456 -s$slot -i cert.pem
+
+ # Read status and validate fields
+ STATUS=$($BIN -astatus)
+ echo "$STATUS"
+ ALGO=$(echo "$STATUS" |grep "Slot $slot" -A 6 |grep "Algorithm" |tr -d
"[:blank:]")
+ if [ "x$ALGO" != "xAlgorithm:RSA2048" ]; then
+ echo "$ALGO"
echo "Generated algorithm incorrect." >/dev/stderr
exit 1
-fi
+ fi
-SUBJECT_9E=$(echo "$STATUS" |grep "Slot 9e" -A 6 |grep "Subject DN" |tr -d
"[:blank:]")
-if [ "x$SUBJECT_9E" !=
"xSubjectDN:CN=YubicoTestRSA2048,OU=YubicoGenerated,O=yubico.com" ]; then
- echo "$SUBJECT_9E"
+ SUBJECT=$(echo "$STATUS" |grep "Slot $slot" -A 6 |grep "Subject DN" |tr -d
"[:blank:]")
+ if [ "x$SUBJECT" !=
"xSubjectDN:CN=YubicoTestRSA2048,OU=YubicoGenerated,O=yubico.com" ]; then
+ echo "$SUBJECT"
echo "Certificate subject incorrect." >/dev/stderr
exit 1
-fi
+ fi
+
+ $BIN -a verify-pin -P123456 --sign -s $slot -A RSA2048 -i data.txt -o
data.sig
+done
+
+
+
-$BIN -a verify-pin -P123456 --sign -s 9e -A RSA2048 -i data.txt -o data.sig
-exitcode=$?
-if [ "$exitcode" != "0" ]; then
- exit $exitcode
-fi
cd ..
rm -r yubico-piv-tool_test_dir
-set +x
+#set +x
set +e
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yubico-piv-tool-2.2.0/resources/win/yubico-piv-tool_x64.wxs
new/yubico-piv-tool-2.2.1/resources/win/yubico-piv-tool_x64.wxs
--- old/yubico-piv-tool-2.2.0/resources/win/yubico-piv-tool_x64.wxs
2020-12-17 09:06:58.000000000 +0100
+++ new/yubico-piv-tool-2.2.1/resources/win/yubico-piv-tool_x64.wxs
2021-09-03 00:10:22.000000000 +0200
@@ -1,6 +1,6 @@
<?xml version="1.0"?>
<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi";
xmlns:util="http://schemas.microsoft.com/wix/UtilExtension";>
- <?define ProductVersion="2.1.0" ?>
+ <?define ProductVersion="2.2.1" ?>
<?define ProductName="Yubico PIV Tool (x64)" ?>
<Product Id="*" UpgradeCode="e4f980c4-5dd5-4d39-95b7-c6362ae65be8"
Name="$(var.ProductName)" Version="$(var.ProductVersion)" Manufacturer="Yubico
AB" Language="1033">
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yubico-piv-tool-2.2.0/resources/win/yubico-piv-tool_x86.wxs
new/yubico-piv-tool-2.2.1/resources/win/yubico-piv-tool_x86.wxs
--- old/yubico-piv-tool-2.2.0/resources/win/yubico-piv-tool_x86.wxs
2020-12-17 09:06:58.000000000 +0100
+++ new/yubico-piv-tool-2.2.1/resources/win/yubico-piv-tool_x86.wxs
2021-09-03 00:10:22.000000000 +0200
@@ -1,6 +1,6 @@
<?xml version="1.0"?>
<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi";
xmlns:util="http://schemas.microsoft.com/wix/UtilExtension";>
- <?define ProductVersion="2.1.0" ?>
+ <?define ProductVersion="2.2.1" ?>
<?define ProductName="Yubico PIV Tool (x86)" ?>
<Product Id="*" UpgradeCode="1aa2f085-add9-4556-9e21-299b078e6273"
Name="$(var.ProductName)" Version="$(var.ProductVersion)" Manufacturer="Yubico
AB" Language="1033">
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yubico-piv-tool-2.2.0/tool/CMakeLists.txt
new/yubico-piv-tool-2.2.1/tool/CMakeLists.txt
--- old/yubico-piv-tool-2.2.0/tool/CMakeLists.txt 2020-12-17
09:06:58.000000000 +0100
+++ new/yubico-piv-tool-2.2.1/tool/CMakeLists.txt 2021-09-03
00:10:22.000000000 +0200
@@ -57,7 +57,10 @@
target_link_libraries(yubico-piv-tool ${LIBCRYPTO_LDFLAGS} ${LINK_LIBS_WIN}
ykpiv_shared)
add_coverage(yubico-piv-tool)
-set_target_properties(yubico-piv-tool PROPERTIES INSTALL_RPATH
"${YKPIV_INSTALL_LIB_DIR}")
+if (${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
+ set_target_properties(yubico-piv-tool PROPERTIES INSTALL_RPATH
"${YKPIV_INSTALL_LIB_DIR}")
+endif()
+
install(
TARGETS yubico-piv-tool
ARCHIVE DESTINATION "${YKPIV_INSTALL_LIB_DIR}"
@@ -66,7 +69,7 @@
if (GENERATE_MAN_PAGES)
include (${CMAKE_SOURCE_DIR}/cmake/help2man.cmake)
- add_help2man_manpage (yubico-piv-tool.1 yubico-piv-tool)
+ add_help2man_manpage (yubico-piv-tool.1 yubico-piv-tool "Tool for managing
Personal Identity Verification credentials on Yubikeys")
add_custom_target (yubico-piv-tool-man ALL DEPENDS
${CMAKE_CURRENT_SOURCE_DIR}/yubico-piv-tool.1)
install(FILES "${CMAKE_CURRENT_SOURCE_DIR}/yubico-piv-tool.1" DESTINATION
"${YKPIV_INSTALL_MAN_DIR}/man1")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yubico-piv-tool-2.2.0/tool/cmdline.c
new/yubico-piv-tool-2.2.1/tool/cmdline.c
--- old/yubico-piv-tool-2.2.0/tool/cmdline.c 2020-12-17 09:07:52.000000000
+0100
+++ new/yubico-piv-tool-2.2.1/tool/cmdline.c 2021-09-03 00:10:51.000000000
+0200
@@ -1,7 +1,7 @@
/*
File autogenerated by gengetopt version 2.23
generated with the following command:
- gengetopt --conf-parser -i
/home/aveen/yubico_workspace/yubico-piv-tool-2.2.0/yubico-piv-tool/tool/cmdline.ggo
--output-dir
/home/aveen/yubico_workspace/yubico-piv-tool-2.2.0/yubico-piv-tool/tool
+ gengetopt --conf-parser -i
/home/aveen/yubico_workspace/yubico-piv-tool-2.2.1/yubico-piv-tool/tool/cmdline.ggo
--output-dir
/home/aveen/yubico_workspace/yubico-piv-tool-2.2.1/yubico-piv-tool/tool
The developers of gengetopt consider the fixed text that goes in all
gengetopt output files to be in the public domain:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yubico-piv-tool-2.2.0/tool/yubico-piv-tool.1
new/yubico-piv-tool-2.2.1/tool/yubico-piv-tool.1
--- old/yubico-piv-tool-2.2.0/tool/yubico-piv-tool.1 2020-12-17
09:07:59.000000000 +0100
+++ new/yubico-piv-tool-2.2.1/tool/yubico-piv-tool.1 2021-09-03
00:10:57.000000000 +0200
@@ -1,7 +1,7 @@
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.13.
-.TH YUBICO-PIV-TOOL "1" "December 2020" "yubico-piv-tool 2.2.0" "User Commands"
+.TH YUBICO-PIV-TOOL "1" "September 2021" "yubico-piv-tool 2.2.1" "User
Commands"
.SH NAME
-yubico-piv-tool \- manual page for yubico-piv-tool 2.2.0
+yubico-piv-tool \- Tool for managing Personal Identity Verification
credentials on Yubikeys
.SH SYNOPSIS
.B yubico-piv-tool
[\fI\,OPTION\/\fR]...
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yubico-piv-tool-2.2.0/ykcs11/CMakeLists.txt
new/yubico-piv-tool-2.2.1/ykcs11/CMakeLists.txt
--- old/yubico-piv-tool-2.2.0/ykcs11/CMakeLists.txt 2020-12-17
09:06:58.000000000 +0100
+++ new/yubico-piv-tool-2.2.1/ykcs11/CMakeLists.txt 2021-09-03
00:10:22.000000000 +0200
@@ -75,7 +75,9 @@
add_library(ykcs11_shared SHARED ${SOURCE})
target_link_libraries(ykcs11_shared ${LIBCRYPTO_LDFLAGS} ykpiv_shared)
set_target_properties(ykcs11_shared PROPERTIES SOVERSION ${SO_VERSION} VERSION
${VERSION})
-set_target_properties(ykcs11_shared PROPERTIES INSTALL_RPATH
"${YKPIV_INSTALL_LIB_DIR}")
+if (${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
+ set_target_properties(ykcs11_shared PROPERTIES INSTALL_RPATH
"${YKPIV_INSTALL_LIB_DIR}")
+endif()
if(WIN32)
set_target_properties(ykcs11_shared PROPERTIES OUTPUT_NAME libykcs11)
else(WIN32)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yubico-piv-tool-2.2.0/ykcs11/mechanisms.c
new/yubico-piv-tool-2.2.1/ykcs11/mechanisms.c
--- old/yubico-piv-tool-2.2.0/ykcs11/mechanisms.c 2020-12-17
09:06:58.000000000 +0100
+++ new/yubico-piv-tool-2.2.1/ykcs11/mechanisms.c 2021-09-03
00:10:22.000000000 +0200
@@ -706,9 +706,23 @@
break;
case CKA_SENSITIVE:
+ if (*((CK_BBOOL *)templ[i].pValue) != CK_TRUE) {
+ DBG("CKA_SENSITIVE must be TRUE or omitted");
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+ break;
+
+ case CKA_EXTRACTABLE:
+ if (*((CK_BBOOL *)templ[i].pValue) != CK_FALSE) {
+ DBG("CKA_EXTRACTABLE must be FALSE or omitted");
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+ break;
+
case CKA_DECRYPT:
case CKA_UNWRAP:
case CKA_SIGN:
+ case CKA_SIGN_RECOVER:
case CKA_PRIVATE:
case CKA_TOKEN:
case CKA_DERIVE:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yubico-piv-tool-2.2.0/ykcs11/objects.c
new/yubico-piv-tool-2.2.1/ykcs11/objects.c
--- old/yubico-piv-tool-2.2.0/ykcs11/objects.c 2020-12-17 09:06:58.000000000
+0100
+++ new/yubico-piv-tool-2.2.1/ykcs11/objects.c 2021-09-03 00:10:22.000000000
+0200
@@ -560,8 +560,8 @@
case CKA_ID:
DBG("ID");
len = sizeof(CK_BYTE);
- ul_tmp = piv_objects[obj].sub_id;
- data = (CK_BYTE_PTR) &ul_tmp;
+ b_tmp[0] = piv_objects[obj].sub_id;
+ data = b_tmp;
break;
case CKA_SENSITIVE:
@@ -722,6 +722,13 @@
data = b_tmp;
break;
+ case CKA_SIGN_RECOVER:
+ DBG("SIGN_RECOVER");
+ len = sizeof(CK_BBOOL);
+ b_tmp[0] = CK_FALSE;
+ data = b_tmp;
+ break;
+
default:
DBG("UNKNOWN ATTRIBUTE %lx (%lu)", template[0].type, template[0].type);
template->ulValueLen = CK_UNAVAILABLE_INFORMATION;
@@ -1576,10 +1583,23 @@
break;
+ case CKA_SENSITIVE:
+ if (*((CK_BBOOL *)templ[i].pValue) != CK_TRUE) {
+ DBG("CKA_SENSITIVE must be TRUE or omitted");
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+ break;
+
+ case CKA_EXTRACTABLE:
+ if (*((CK_BBOOL *)templ[i].pValue) != CK_FALSE) {
+ DBG("CKA_EXTRACTABLE must be FALSE or omitted");
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+ break;
+
case CKA_TOKEN:
case CKA_LABEL:
case CKA_SUBJECT:
- case CKA_SENSITIVE:
case CKA_DERIVE:
// Ignore other attributes
break;
@@ -1689,10 +1709,23 @@
break;
+ case CKA_SENSITIVE:
+ if (*((CK_BBOOL *)templ[i].pValue) != CK_TRUE) {
+ DBG("CKA_SENSITIVE must be TRUE or omitted");
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+ break;
+
+ case CKA_EXTRACTABLE:
+ if (*((CK_BBOOL *)templ[i].pValue) != CK_FALSE) {
+ DBG("CKA_EXTRACTABLE must be FALSE or omitted");
+ return CKR_ATTRIBUTE_VALUE_INVALID;
+ }
+ break;
+
case CKA_TOKEN:
case CKA_LABEL:
case CKA_SUBJECT:
- case CKA_SENSITIVE:
case CKA_DERIVE:
// Ignore other attributes
break;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yubico-piv-tool-2.2.0/ykcs11/openssl_utils.c
new/yubico-piv-tool-2.2.1/ykcs11/openssl_utils.c
--- old/yubico-piv-tool-2.2.0/ykcs11/openssl_utils.c 2020-12-17
09:06:58.000000000 +0100
+++ new/yubico-piv-tool-2.2.1/ykcs11/openssl_utils.c 2021-09-03
00:10:22.000000000 +0200
@@ -482,6 +482,9 @@
CK_KEY_TYPE do_get_key_type(ykcs11_pkey_t *key) {
+ if(!key) // EVP_PKEY_base_id doesn't handle NULL
+ return CKK_VENDOR_DEFINED; // Actually an error
+
switch (EVP_PKEY_base_id(key)) {
case EVP_PKEY_RSA:
return CKK_RSA;
@@ -538,7 +541,6 @@
CK_RV do_get_modulus(ykcs11_pkey_t *key, CK_BYTE_PTR data, CK_ULONG_PTR len) {
RSA *rsa = NULL;
const BIGNUM *n = NULL;
- CK_RV rv;
rsa = EVP_PKEY_get0_RSA(key);
if (rsa == NULL)
@@ -546,25 +548,18 @@
RSA_get0_key(rsa, &n, NULL, NULL);
if ((CK_ULONG)BN_num_bytes(n) > *len) {
- rv = CKR_BUFFER_TOO_SMALL;
- goto get_mod_cleanup;
+ return CKR_BUFFER_TOO_SMALL;
}
*len = (CK_ULONG)BN_bn2bin(n, data);
return CKR_OK;
-get_mod_cleanup:
- if(n != NULL) {
- BN_free(n);
- }
- return rv;
}
CK_RV do_get_public_exponent(ykcs11_pkey_t *key, CK_BYTE_PTR data,
CK_ULONG_PTR len) {
RSA *rsa = NULL;
const BIGNUM *bn_e;
- CK_RV rv;
rsa = EVP_PKEY_get0_RSA(key);
if (rsa == NULL)
@@ -572,17 +567,11 @@
RSA_get0_key(rsa, NULL, &bn_e, NULL);
if ((CK_ULONG)BN_num_bytes(bn_e) > *len) {
- rv = CKR_BUFFER_TOO_SMALL;
- goto get_pubexp_cleanup;
+ return CKR_BUFFER_TOO_SMALL;
}
*len = (CK_ULONG)BN_bn2bin(bn_e, data);
return CKR_OK;
-get_pubexp_cleanup:
- if(bn_e != NULL) {
- BN_free(bn_e);
- }
- return rv;
}
/* #include <stdio.h> */
@@ -768,8 +757,7 @@
goto strip_der_cleanup;
}
- ECDSA_SIG_free(sig);
- return CKR_OK;
+ rv = CKR_OK;
strip_der_cleanup:
ECDSA_SIG_free(sig);
return rv;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yubico-piv-tool-2.2.0/ykcs11/tests/ykcs11_tests.c
new/yubico-piv-tool-2.2.1/ykcs11/tests/ykcs11_tests.c
--- old/yubico-piv-tool-2.2.0/ykcs11/tests/ykcs11_tests.c 2020-12-17
09:06:58.000000000 +0100
+++ new/yubico-piv-tool-2.2.1/ykcs11/tests/ykcs11_tests.c 2021-09-03
00:10:22.000000000 +0200
@@ -81,9 +81,9 @@
static void init_connection() {
asrt(funcs->C_Initialize(NULL), CKR_OK, "INITIALIZE");
- CK_SLOT_ID pSlotList;
+ CK_SLOT_ID pSlotList[16];
CK_ULONG pulCount = 16;
- asrt(funcs->C_GetSlotList(true, &pSlotList, &pulCount), CKR_OK,
"GETSLOTLIST");
+ asrt(funcs->C_GetSlotList(true, pSlotList, &pulCount), CKR_OK,
"GETSLOTLIST");
}
static void test_lib_info() {
@@ -217,13 +217,13 @@
{1024, 2048, CKF_HW | CKF_SIGN | CKF_VERIFY},
{1024, 2048, CKF_HW | CKF_SIGN | CKF_VERIFY},
{1024, 2048, CKF_HW | CKF_SIGN | CKF_VERIFY},
- {256, 384, CKF_HW | CKF_GENERATE_KEY_PAIR},
- {256, 384, CKF_HW | CKF_SIGN | CKF_VERIFY},
- {256, 384, CKF_HW | CKF_SIGN | CKF_VERIFY},
- {256, 384, CKF_HW | CKF_SIGN | CKF_VERIFY},
- {256, 384, CKF_HW | CKF_SIGN | CKF_VERIFY},
- {256, 384, CKF_HW | CKF_SIGN | CKF_VERIFY},
- {256, 384, CKF_HW | CKF_DERIVE},
+ {256, 384, CKF_HW | CKF_GENERATE_KEY_PAIR | CKF_EC_F_P | CKF_EC_NAMEDCURVE
| CKF_EC_UNCOMPRESS},
+ {256, 384, CKF_HW | CKF_SIGN | CKF_VERIFY | CKF_EC_F_P | CKF_EC_NAMEDCURVE
| CKF_EC_UNCOMPRESS},
+ {256, 384, CKF_HW | CKF_SIGN | CKF_VERIFY | CKF_EC_F_P | CKF_EC_NAMEDCURVE
| CKF_EC_UNCOMPRESS},
+ {256, 384, CKF_HW | CKF_SIGN | CKF_VERIFY | CKF_EC_F_P | CKF_EC_NAMEDCURVE
| CKF_EC_UNCOMPRESS},
+ {256, 384, CKF_HW | CKF_SIGN | CKF_VERIFY | CKF_EC_F_P | CKF_EC_NAMEDCURVE
| CKF_EC_UNCOMPRESS},
+ {256, 384, CKF_HW | CKF_SIGN | CKF_VERIFY | CKF_EC_F_P | CKF_EC_NAMEDCURVE
| CKF_EC_UNCOMPRESS},
+ {256, 384, CKF_HW | CKF_DERIVE | CKF_EC_F_P | CKF_EC_NAMEDCURVE |
CKF_EC_UNCOMPRESS},
{0, 0, CKF_DIGEST},
{0, 0, CKF_DIGEST},
{0, 0, CKF_DIGEST},
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yubico-piv-tool-2.2.0/ykcs11/tests/ykcs11_tests_util.c
new/yubico-piv-tool-2.2.1/ykcs11/tests/ykcs11_tests_util.c
--- old/yubico-piv-tool-2.2.0/ykcs11/tests/ykcs11_tests_util.c 2020-12-17
09:06:58.000000000 +0100
+++ new/yubico-piv-tool-2.2.1/ykcs11/tests/ykcs11_tests_util.c 2021-09-03
00:10:22.000000000 +0200
@@ -1332,6 +1332,7 @@
CK_BBOOL obj_decrypt;
CK_BBOOL obj_unwrap;
CK_BBOOL obj_sign;
+ CK_BBOOL obj_sign_recover;
CK_BBOOL obj_derive;
CK_ULONG obj_modulus_bits;
CK_BBOOL obj_always_authenticate;
@@ -1352,6 +1353,7 @@
{CKA_DECRYPT, &obj_decrypt, sizeof(CK_BBOOL)},
{CKA_UNWRAP, &obj_unwrap, sizeof(CK_BBOOL)},
{CKA_SIGN, &obj_sign, sizeof(CK_BBOOL)},
+ {CKA_SIGN_RECOVER, &obj_sign_recover, sizeof(CK_BBOOL)},
{CKA_DERIVE, &obj_derive, sizeof(CK_BBOOL)},
{CKA_MODULUS_BITS, &obj_modulus_bits, sizeof(CK_ULONG)},
{CKA_ALWAYS_AUTHENTICATE, &obj_always_authenticate, sizeof(CK_BBOOL)},
@@ -1362,7 +1364,7 @@
{CKA_LABEL, obj_label, sizeof(obj_label)}
};
- asrt(funcs->C_GetAttributeValue(session, privkey, template, 16), CKR_OK,
"GET BASIC ATTRIBUTES");
+ asrt(funcs->C_GetAttributeValue(session, privkey, template, 17), CKR_OK,
"GET BASIC ATTRIBUTES");
asrt(obj_class, CKO_PRIVATE_KEY, "CLASS");
asrt(obj_token, CK_TRUE, "TOKEN");
asrt(obj_private, CK_TRUE, "PRIVATE");
@@ -1375,6 +1377,7 @@
asrt(obj_decrypt, CK_TRUE, "DECRYPT");
asrt(obj_unwrap, CK_FALSE, "UNWRAP");
asrt(obj_sign, CK_TRUE, "SIGN");
+ asrt(obj_sign_recover, CK_FALSE, "SIGN_RECOVER");
asrt(obj_derive, CK_FALSE, "DERIVE");
asrt(obj_modulus_bits, key_size, "MODULUS BITS");
asrt(obj_always_authenticate, always_authenticate, "ALWAYS AUTHENTICATE");
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yubico-piv-tool-2.2.0/ykcs11/token.c
new/yubico-piv-tool-2.2.1/ykcs11/token.c
--- old/yubico-piv-tool-2.2.0/ykcs11/token.c 2020-12-17 09:06:58.000000000
+0100
+++ new/yubico-piv-tool-2.2.1/ykcs11/token.c 2021-09-03 00:10:22.000000000
+0200
@@ -59,14 +59,14 @@
CKM_SHA256_RSA_PKCS_PSS, {MIN_RSA_KEY_SIZE, MAX_RSA_KEY_SIZE, CKF_HW |
CKF_SIGN | CKF_VERIFY},
CKM_SHA384_RSA_PKCS_PSS, {MIN_RSA_KEY_SIZE, MAX_RSA_KEY_SIZE, CKF_HW |
CKF_SIGN | CKF_VERIFY},
CKM_SHA512_RSA_PKCS_PSS, {MIN_RSA_KEY_SIZE, MAX_RSA_KEY_SIZE, CKF_HW |
CKF_SIGN | CKF_VERIFY},
- CKM_EC_KEY_PAIR_GEN, {MIN_ECC_KEY_SIZE, MAX_ECC_KEY_SIZE, CKF_HW |
CKF_GENERATE_KEY_PAIR},
- //CKM_ECDSA_KEY_PAIR_GEN, {MIN_ECC_KEY_SIZE, MAX_ECC_KEY_SIZE, CKF_HW |
CKF_GENERATE_KEY_PAIR}, //Same as CKM_EC_KEY_PAIR_GEN, deprecated in 2.11
- CKM_ECDSA, {MIN_ECC_KEY_SIZE, MAX_ECC_KEY_SIZE, CKF_HW | CKF_SIGN |
CKF_VERIFY},
- CKM_ECDSA_SHA1, {MIN_ECC_KEY_SIZE, MAX_ECC_KEY_SIZE, CKF_HW | CKF_SIGN |
CKF_VERIFY},
- CKM_ECDSA_SHA224, {MIN_ECC_KEY_SIZE, MAX_ECC_KEY_SIZE, CKF_HW | CKF_SIGN |
CKF_VERIFY},
- CKM_ECDSA_SHA256, {MIN_ECC_KEY_SIZE, MAX_ECC_KEY_SIZE, CKF_HW | CKF_SIGN |
CKF_VERIFY},
- CKM_ECDSA_SHA384, {MIN_ECC_KEY_SIZE, MAX_ECC_KEY_SIZE, CKF_HW | CKF_SIGN |
CKF_VERIFY},
- CKM_ECDH1_DERIVE, {MIN_ECC_KEY_SIZE, MAX_ECC_KEY_SIZE, CKF_HW | CKF_DERIVE},
+ CKM_EC_KEY_PAIR_GEN, {MIN_ECC_KEY_SIZE, MAX_ECC_KEY_SIZE, CKF_HW |
CKF_GENERATE_KEY_PAIR | CKF_EC_F_P | CKF_EC_NAMEDCURVE | CKF_EC_UNCOMPRESS},
+ //CKM_ECDSA_KEY_PAIR_GEN, {MIN_ECC_KEY_SIZE, MAX_ECC_KEY_SIZE, CKF_HW |
CKF_GENERATE_KEY_PAIR | CKF_EC_F_P | CKF_EC_NAMEDCURVE | CKF_EC_UNCOMPRESS},
//Same as CKM_EC_KEY_PAIR_GEN, deprecated in 2.11
+ CKM_ECDSA, {MIN_ECC_KEY_SIZE, MAX_ECC_KEY_SIZE, CKF_HW | CKF_SIGN |
CKF_VERIFY | CKF_EC_F_P | CKF_EC_NAMEDCURVE | CKF_EC_UNCOMPRESS},
+ CKM_ECDSA_SHA1, {MIN_ECC_KEY_SIZE, MAX_ECC_KEY_SIZE, CKF_HW | CKF_SIGN |
CKF_VERIFY | CKF_EC_F_P | CKF_EC_NAMEDCURVE | CKF_EC_UNCOMPRESS},
+ CKM_ECDSA_SHA224, {MIN_ECC_KEY_SIZE, MAX_ECC_KEY_SIZE, CKF_HW | CKF_SIGN |
CKF_VERIFY | CKF_EC_F_P | CKF_EC_NAMEDCURVE | CKF_EC_UNCOMPRESS},
+ CKM_ECDSA_SHA256, {MIN_ECC_KEY_SIZE, MAX_ECC_KEY_SIZE, CKF_HW | CKF_SIGN |
CKF_VERIFY | CKF_EC_F_P | CKF_EC_NAMEDCURVE | CKF_EC_UNCOMPRESS},
+ CKM_ECDSA_SHA384, {MIN_ECC_KEY_SIZE, MAX_ECC_KEY_SIZE, CKF_HW | CKF_SIGN |
CKF_VERIFY | CKF_EC_F_P | CKF_EC_NAMEDCURVE | CKF_EC_UNCOMPRESS},
+ CKM_ECDH1_DERIVE, {MIN_ECC_KEY_SIZE, MAX_ECC_KEY_SIZE, CKF_HW | CKF_DERIVE |
CKF_EC_F_P | CKF_EC_NAMEDCURVE | CKF_EC_UNCOMPRESS},
CKM_SHA_1, {0, 0, CKF_DIGEST},
CKM_SHA256, {0, 0, CKF_DIGEST},
CKM_SHA384, {0, 0, CKF_DIGEST},
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yubico-piv-tool-2.2.0/ykcs11/ykcs11-config.h
new/yubico-piv-tool-2.2.1/ykcs11/ykcs11-config.h
--- old/yubico-piv-tool-2.2.0/ykcs11/ykcs11-config.h 2020-12-17
09:07:52.000000000 +0100
+++ new/yubico-piv-tool-2.2.1/ykcs11/ykcs11-config.h 2021-09-03
00:10:51.000000000 +0200
@@ -43,7 +43,7 @@
* version number. Used together with ykneomgr_check_version() to
verify
* header file and run-time library consistency.
*/
-#define YKCS11_VERSION_STRING "2.2.0"
+#define YKCS11_VERSION_STRING "2.2.1"
/**
* YKCS11_VERSION_NUMBER
@@ -53,7 +53,7 @@
* this symbol will have the value 0x01020300. The last two digits
* are only used between public releases, and will otherwise be 00.
*/
-#define YKCS11_VERSION_NUMBER 2.2.0
+#define YKCS11_VERSION_NUMBER 2.2.1
/**
* YKCS11_VERSION_MAJOR
@@ -80,7 +80,7 @@
* level of the header file version number. For example, when the
* header version is 1.2.3 this symbol will be 3.
*/
-#define YKCS11_VERSION_PATCH 0
+#define YKCS11_VERSION_PATCH 1
/**
* _WIN32
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yubico-piv-tool-2.2.0/ykcs11/ykcs11.pc
new/yubico-piv-tool-2.2.1/ykcs11/ykcs11.pc
--- old/yubico-piv-tool-2.2.0/ykcs11/ykcs11.pc 2020-12-17 09:07:52.000000000
+0100
+++ new/yubico-piv-tool-2.2.1/ykcs11/ykcs11.pc 2021-09-03 00:10:51.000000000
+0200
@@ -33,5 +33,5 @@
Name: yubico-piv-tool
Description: Yubico PIV PKCS#11 Module
URL: https://www.yubico.com/
-Version: 2.2.0
+Version: 2.2.1
Libs: -L${libdir} -lykcs11
