- update to 2.5.0:
* ykpiv: cmd: ykcs11: Add support for RSA3072 and RSA4096 key types.
Available in firmware 5.7.0 and newer
* ykpiv: cmd: Add support for ED25519 and X25519 key types.
Available in firmware 5.7.0 and newer
* ykpiv: cmd: Add support for deleting keys.
Available in firmware 5.7.0 and newer
* ykpiv: cmd: Add support for moving keys between slots.
Available in firmware 5.7.0 and newer
- add temporary-cmake-flags-fix.patch
The included cmake modules are buggy. This patch should be removed once the
root cause is fixed in upstream.
OBS-URL: https://build.opensuse.org/request/show/1145140
OBS-URL: https://build.opensuse.org/package/show/security/yubico-piv-tool?expand=0&rev=41
- update to 2.4.2:
* ykpiv: Fix potential type casting bug.
* ykpiv: ykcs11: Fix building on certain architectures.
* ykpiv: cmd: Add support for compressing certificate upon
import
* ykcs11: Increase maximum number of slots to handle
overflow
* ykcs11: Add support for CKA_COPYABLE and CKA_DESTROYABLE
attributes
* tests: Improved tests
- Add attest action When used on a slot with a generated key,
- Properly handle DER encoding in ECDSA signatures.
- Add ykcs11.
- Use PCSC transactions when sending and receiving data
COPYING files says package is under GPL-3.0+.
Revert the check for parity and just set parity before the weak check.
OBS-URL: https://build.opensuse.org/request/show/1133745
OBS-URL: https://build.opensuse.org/package/show/security/yubico-piv-tool?expand=0&rev=39
- update to 2.3.1:
* ykpiv: Add support for T=0 smartcards
* ykpiv: ykcs11: Minor code optimization
* ykpiv: ykcs11: Improve logging
* ykpiv: ykcs11: Improve error handling
* ykpiv: ykcs11: Fix minor bugs
* ykcs11: Add support for several PKCS11 Attributes
* ykcs11: Add support for CKM_ECDSA_SHA512 mechanism
* ykcs11: Fix incorrect value for public key attributes
CKA_PRIVATE, CKA_SENSITIVE, CKA_ALWAYS_SENSITIVE,
CKA_EXTRACTABLE and CKA_NEVER_EXTRACTABLE
* doc: Minor documentation improvement
OBS-URL: https://build.opensuse.org/request/show/1069319
OBS-URL: https://build.opensuse.org/package/show/security/yubico-piv-tool?expand=0&rev=37
- update to 2.3.0:
* ykpiv: Add support for AES management keys
* ykpiv: Better handling of connection reset
* ykpiv: Add support for T=0 protocol
* ykcs11: Support YubiKeys in NFC readers
* ykcs11: Support touch and PIN policies for imported private keys
* ykcs11: Support touch and PIN policy when generating keys
* ykcs11: Set length to -1 on function fail
* ykcs11: Ignore CKA_NAME_HASH_ALGORITHM and CKA_HASH_OF_SUBJECT_PUBLIC_KEY for certificates
* cmd: Support attestation in selfsign certificates
* build: Compile cleanly with openssl 1.1 and 3
- add keyring
OBS-URL: https://build.opensuse.org/request/show/1039843
OBS-URL: https://build.opensuse.org/package/show/security/yubico-piv-tool?expand=0&rev=35
- update to 2.2.0:
* ykpiv: Increased SO version
* ykpiv: Fixed minor memory leaks
* ykpiv: Improved error handling
* ykpiv: Improved handling of PCSC card validation
* ykcs11: Updated Cryptoki version
* ykcs11: Support for CKM_ECDH1_DERIVE mechanism info
* ykcs11: Support for destroying ECDH derived keys
* ykcs11: Improved handling of PIN after device re-connection
* ykcs11: Improved debug logging
* cmd: Improved parsing of certificate Distinguished Name to allow an escape character
* cmd: Warning to discourage generating RSA1024 keys
* build: Use of platform standard installation path when building yubico-piv-tool
* tests: Improved testing
* Replaced building with autotool with building with cmake
* Security update for YSA-2020-02
* ykpiv: Fixed potential memory leaks
* ykpiv: Use PIN-protected MGMT key if the device is configured that way
* ykpiv: Added attestation to CSR if requested
* ykpiv: Fixed compatibility with LibreSSL
* ykcs11: Improved handling of error codes
* ykcs11: Improved handling of examples in the PKCS11 specifications
* ykcs11: Added the possibility to have debug output as a runtime setting
* ykcs11: Added support to unblock PIN with PUK
* ykcs11: Make C_SetPIN backwards compatible while also allowing unblock PIN
* tests: Improved tests
- run tests
- add pthread-link.patch
OBS-URL: https://build.opensuse.org/request/show/875814
OBS-URL: https://build.opensuse.org/package/show/security/yubico-piv-tool?expand=0&rev=32
- Version 1.6.1 (released 2018-08-17)
- Compilation warning fixes for OpenSSL 1.1 builds
- Fix length when encoding exactly 0xff bytes
- Check length of objects correctly before storing in buffer
- Check length of certificate correctly when storing
- Version 1.6.0 (released 2018-08-08)
- Security release to mitigate YSA-2018-03 (YSA-2018-03, CVE-2018-14779,
CVE-2018-14780, bsc#1104809, bsc#1104811)
- Allow building against LibreSSL
- Bugfixes in OpenSSL 1.1 code
- Fix compilation warnings
- Fix ykcs11 key generation to work with OpenSSL 1.1
- Ykcs11 compatibility fixes
- Make use of %license macro instead of %doc for COPYING
- Applied spec-cleaner
OBS-URL: https://build.opensuse.org/request/show/631937
OBS-URL: https://build.opensuse.org/package/show/security/yubico-piv-tool?expand=0&rev=23
- Version 1.5.0 (released 2017-11-29)
- API additions: Higher-level "util" API added to libykpiv.
- Added ykpiv_attest(), ykpiv_get_pin_retries(), ykpiv_set_pin_retries()
- Added functions for using existing PCSC card handle.
- Support using custom memory allocator.
- Documentation updates. make doxygen for HTML format.
- Expanded automated tests for hardware devices, moved to make hwcheck.
- OpenSSL 1.1 support
- Moderate internal refactoring. Many small bugs fixed.
OBS-URL: https://build.opensuse.org/request/show/547082
OBS-URL: https://build.opensuse.org/package/show/security/yubico-piv-tool?expand=0&rev=21
- Version 1.4.4 (released 2017-10-17)
- Documentation updates.
- Add pin caching to work around disconnect problems.
- Disable RSA key generation on YubiKey 4 before 4.3.5. See https://yubi.co/ysa201701/ for details.
- Version 1.4.3 (released 2017-04-18)
- Encode RSA x509 certificates correctly.
- Documentation updates.
- In ykcs11 return CKA_MODULUS correctly for private keys.
- In ykcs11 fix for signature size approximation.
- Fix PSS signatures in ykcs11.
- Add a CLI flag --stdin-input to make batch execution easier.
OBS-URL: https://build.opensuse.org/request/show/544051
OBS-URL: https://build.opensuse.org/package/show/security/yubico-piv-tool?expand=0&rev=20
