Skip to content

ykcs11: Increase max slots to 64 and handle overflow #714

ykcs11: Increase max slots to 64 and handle overflow

ykcs11: Increase max slots to 64 and handle overflow #714

Workflow file for this run

name: Ubuntu Build
# This workflow is triggered on pushes to the repository. This is a test machine and nothing produced here will be used
# in the official release
on: [push]
jobs:
job1:
name: Ubuntu 22.04
runs-on: ubuntu-22.04
steps:
# This action checks-out the repository under $GITHUB_WORKSPACE, so the workflow can access it.
- name: checkout
uses: actions/checkout@v2
- name: Install prerequisites
run: |
set -x
sudo apt install libpcsclite-dev check gengetopt help2man openssl opensc
- name: Build and install
run: |
set -x
mkdir build; cd build
cmake .. -DVERBOSE_CMAKE=ON
make
make test
ldd tool/yubico-piv-tool | grep libcrypto.so
ldd lib/libykpiv.so | grep libcrypto.so
ldd ykcs11/libykcs11.so | grep libcrypto.so
./tool/yubico-piv-tool --help | grep "Usage: yubico-piv-tool"
pkcs11-tool --module ykcs11/libykcs11.so --show-info | grep Yubico
sudo make install
sudo ldconfig
cd ..
LIBDIR=$(cmake -L | sed -n "s/^.*YKPIV_INSTALL_LIB_DIR:PATH=\s*\(\S*\).*$/\1/p")
BINDIR=$(cmake -L | sed -n "s/^.*YKPIV_INSTALL_BIN_DIR:PATH=\s*\(\S*\).*$/\1/p")
echo "libdir: $LIBDIR"
echo "bindir: $BINDIR"
yubico-piv-tool --help | grep "Usage: yubico-piv-tool"
objdump -T $LIBDIR/libykcs11.so | grep C_Sign
pkcs11-tool --module $LIBDIR/libykcs11.so --show-info | grep Yubico
sudo rm $BINDIR/yubico-piv-tool
sudo rm $LIBDIR/libyk*
- name: Build and install debian package
run: |
set -x
mkdir build_dir;
cd build_dir; cmake -DCMAKE_INSTALL_PREFIX=../debian/tmp/usr .. -B .
cd ..
make -C build_dir
cd build_dir; cmake -P cmake_install.cmake
cd ..
mkdir debian/tmp/DEBIAN
dpkg-gencontrol -pyubico-piv-tool
dpkg --build debian/tmp build_dir/
cd build_dir
sudo apt install ./yubico-piv-tool_*_amd64.deb
(set +e; yubico-piv-tool -a status; true) 2>&1 >/dev/null | grep "Failed to connect to yubikey."
- name: Build using OpenSSL static link
run: |
set -x
rm -rf build; mkdir build; cd build
cmake .. -DVERBOSE_CMAKE=ON -DOPENSSL_STATIC_LINK=ON -B .
make
make test
ldd tool/yubico-piv-tool | grep libcrypto.so | wc -l | grep 0
ldd lib/libykpiv.so | grep libcrypto.so | wc -l | grep 0
ldd ykcs11/libykcs11.so | grep libcrypto.so | wc -l | grep 0
pkcs11-tool --module ykcs11/libykcs11.so --show-info | grep Yubico
sudo make install
sudo ldconfig
yubico-piv-tool --help | grep "Usage: yubico-piv-tool"
cd ..
LIBDIR=$(cmake -L | sed -n "s/^.*YKPIV_INSTALL_LIB_DIR:PATH=\s*\(\S*\).*$/\1/p")
pkcs11-tool --module $LIBDIR/libykcs11.so --show-info | grep Yubico
- name: Build with YKCS11_DBG is set
run: |
set -x
rm -rf build; mkdir build; cd build
cmake .. -DVERBOSE_CMAKE=ON -DYKCS11_DBG=3 -B .
make
make test
ldd ykcs11/libykcs11.so | grep libcrypto.so
pkcs11-tool --module ykcs11/libykcs11.so --show-info | grep Yubico
- name: Build only library (no CLI and no ykcs11)
run: |
set -x
rm -rf build; mkdir build; cd build
cmake .. -DVERBOSE_CMAKE=ON -DBUILD_ONLY_LIB=ON -B .
make
make test
- name: Build only dynamic libaries
run: |
set -x
rm -rf build; mkdir build; cd build
cmake .. -DVERBOSE_CMAKE=ON -DBUILD_STATIC_LIB=OFF -B .
make
make test
job2:
name: Ubuntu 20.04
runs-on: ubuntu-20.04
steps:
# This action checks-out the repository under $GITHUB_WORKSPACE, so the workflow can access it.
- name: checkout
uses: actions/checkout@v2
- name: Install prerequisites
run: |
set -x
sudo apt install libpcsclite-dev check gengetopt help2man openssl opensc
- name: Build and install
run: |
set -x
mkdir build; cd build
cmake .. -DVERBOSE_CMAKE=ON
make
make test
ldd tool/yubico-piv-tool | grep libcrypto.so
ldd lib/libykpiv.so | grep libcrypto.so
ldd ykcs11/libykcs11.so | grep libcrypto.so
./tool/yubico-piv-tool --help | grep "Usage: yubico-piv-tool"
pkcs11-tool --module ykcs11/libykcs11.so --show-info | grep Yubico
sudo make install
sudo ldconfig
cd ..
LIBDIR=$(cmake -L | sed -n "s/^.*YKPIV_INSTALL_LIB_DIR:PATH=\s*\(\S*\).*$/\1/p")
BINDIR=$(cmake -L | sed -n "s/^.*YKPIV_INSTALL_BIN_DIR:PATH=\s*\(\S*\).*$/\1/p")
yubico-piv-tool --help | grep "Usage: yubico-piv-tool"
objdump -T $LIBDIR/libykcs11.so | grep C_Sign
pkcs11-tool --module $LIBDIR/libykcs11.so --show-info | grep Yubico
sudo rm $BINDIR/yubico-piv-tool
sudo rm $LIBDIR/libyk*
- name: Build and install debian package
run: |
set -x
mkdir build_dir;
cd build_dir; cmake -DCMAKE_INSTALL_PREFIX=../debian/tmp/usr .. -B .
cd ..
make -C build_dir
cd build_dir; cmake -P cmake_install.cmake
cd ..
mkdir debian/tmp/DEBIAN
dpkg-gencontrol -pyubico-piv-tool
dpkg --build debian/tmp build_dir/
cd build_dir
sudo apt install ./yubico-piv-tool_*_amd64.deb
(set +e; yubico-piv-tool -a status; true) 2>&1 >/dev/null | grep "Failed to connect to yubikey."
- name: Build using OpenSSL static link
run: |
set -x
rm -rf build; mkdir build; cd build
cmake .. -DVERBOSE_CMAKE=ON -DOPENSSL_STATIC_LINK=ON -B .
make
make test
ldd tool/yubico-piv-tool | grep libcrypto.so | wc -l | grep 0
ldd lib/libykpiv.so | grep libcrypto.so | wc -l | grep 0
ldd ykcs11/libykcs11.so | grep libcrypto.so | wc -l | grep 0
pkcs11-tool --module ykcs11/libykcs11.so --show-info | grep Yubico
sudo make install
sudo ldconfig
yubico-piv-tool --help | grep "Usage: yubico-piv-tool"
cd ..
LIBDIR=$(cmake -L | sed -n "s/^.*YKPIV_INSTALL_LIB_DIR:PATH=\s*\(\S*\).*$/\1/p")
pkcs11-tool --module $LIBDIR/libykcs11.so --show-info | grep Yubico
- name: Build with YKCS11_DBG is set
run: |
set -x
rm -rf build; mkdir build; cd build
cmake .. -DVERBOSE_CMAKE=ON -DYKCS11_DBG=3 -B .
make
make test
ldd ykcs11/libykcs11.so | grep libcrypto.so
pkcs11-tool --module ykcs11/libykcs11.so --show-info | grep Yubico
- name: Build only library (no CLI and no ykcs11)
run: |
set -x
rm -rf build; mkdir build; cd build
cmake .. -DVERBOSE_CMAKE=ON -DBUILD_ONLY_LIB=ON -B .
make
make test
- name: Build only dynamic libaries
run: |
set -x
rm -rf build; mkdir build; cd build
cmake .. -DVERBOSE_CMAKE=ON -DBUILD_STATIC_LIB=OFF -B .
make
make test