Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cleanup yubi for release #210

Merged
merged 11 commits into from
Aug 14, 2023
Merged

Cleanup yubi for release #210

merged 11 commits into from
Aug 14, 2023

Conversation

carljbai
Copy link
Contributor

conplete todo:

  • error handling for print_card_info
  • config arg for PKCS11_MODULE_PATH

@carljbai carljbai marked this pull request as ready for review August 14, 2023 15:53
@seriousbusinessprofessional
Copy link
Collaborator

One thing stands out to me.
libpkpass/password.py:
260: decrypt_entry : PKCS11_module_path given explicit default path

This function has it overwritten in a try block to match the given argument so that works. However there are other functions that do it differently elsewhere:

libpkpass/crypto.py:
123: pk_decrypt_string : PKCS11_module_path given explicit default path.
200: pk_sign_string : PKCS11_module_path given explicit default path.

These two both have a following popen line that takes PKCS11_MODULE_PATH. PKCS11_MODULE_PATH is set to the default at the start of the function, and I do not see any try block or way that PKCS11_MODULE_PATH is set back to the supplied argument for PKCS11_MODULE_PATH, and stays as the default path of PKCS11_module_path="/usr/local/lib/libykcs11.dylib" that is set in the function definition.

@carljbai carljbai self-assigned this Aug 14, 2023
@seriousbusinessprofessional
Copy link
Collaborator

One thing stands out to me. libpkpass/password.py: 260: decrypt_entry : PKCS11_module_path given explicit default path

This function has it overwritten in a try block to match the given argument so that works. However there are other functions that do it differently elsewhere:

libpkpass/crypto.py: 123: pk_decrypt_string : PKCS11_module_path given explicit default path. 200: pk_sign_string : PKCS11_module_path given explicit default path.

These two both have a following popen line that takes PKCS11_MODULE_PATH. PKCS11_MODULE_PATH is set to the default at the start of the function, and I do not see any try block or way that PKCS11_MODULE_PATH is set back to the supplied argument for PKCS11_MODULE_PATH, and stays as the default path of PKCS11_module_path="/usr/local/lib/libykcs11.dylib" that is set in the function definition.

On closer inspection this has been addressed. However, current error handling will not report that a supplied PKCS11_MODULE_PATH is not valid.

@carljbai
Copy link
Contributor Author

One thing stands out to me. libpkpass/password.py: 260: decrypt_entry : PKCS11_module_path given explicit default path
This function has it overwritten in a try block to match the given argument so that works. However there are other functions that do it differently elsewhere:
libpkpass/crypto.py: 123: pk_decrypt_string : PKCS11_module_path given explicit default path. 200: pk_sign_string : PKCS11_module_path given explicit default path.
These two both have a following popen line that takes PKCS11_MODULE_PATH. PKCS11_MODULE_PATH is set to the default at the start of the function, and I do not see any try block or way that PKCS11_MODULE_PATH is set back to the supplied argument for PKCS11_MODULE_PATH, and stays as the default path of PKCS11_module_path="/usr/local/lib/libykcs11.dylib" that is set in the function definition.

On closer inspection this has been addressed. However, current error handling will not report that a supplied PKCS11_MODULE_PATH is not valid.

22ae40d should resolve this issue.

seriousbusinessprofessional
seriousbusinessprofessional approved these changes Aug 14, 2023
View reviewed changes
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Error handling added and working.

@carljbai carljbai merged commit 3a7ed06 into 208-add-yubico-piv-tool-backend-for-crypto-operations Aug 14, 2023
@carljbai carljbai deleted the cleanup-yubi-for-release branch December 1, 2023 18:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@seriousbusinessprofessional seriousbusinessprofessional seriousbusinessprofessional approved these changes

Assignees

@carljbai carljbai

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@carljbai @seriousbusinessprofessional