508b308768
fuzz: Added PA-TNC fuzzer
2018-06-12 21:47:39 +02:00
1b67166921
Unify format of HSR copyright statements
2018-05-23 16:32:53 +02:00
d8eb1049d7
travis: Disable NM build until we run on a newer image that provides libnm
...
Ubuntu 16.04 (xenial) might soon be available but it's not yet supported
officially.
2017-12-22 16:13:09 +01:00
fd9edf7f31
travis: Disable warning that causes a false positive in Xcode 8.3+
...
Xcode 8.3, to which there recently was a switch, spits out a warning for
the potentially unaligned access to ip6_plen in ip-packet.c, which we
explicitly read via untoh16() hence the access to that pointer is not
actually unaligned. It seems the compiler is not able to determine that
there is no unaligned access even though the function is defined in the
header and marked inline.
2017-12-20 16:08:21 +01:00
de280c2e03
private-key: Add optional parameters argument to sign() method
2017-11-08 16:48:10 +01:00
a413571f3b
public-key: Add optional parameters argument to verify() method
2017-11-08 16:48:10 +01:00
08e2401653
scripts: Add -d option to oid2der to decode DER encoded OIDs
2017-11-02 10:02:26 +01:00
7421884da1
travis: Use the same ASAN_OPTIONS as used by OSS-Fuzz
2017-08-15 10:35:20 +02:00
1ce2721d90
travis: Run fuzz targets
2017-08-15 10:35:20 +02:00
096626286a
appveyor: Build against OpenSSL
...
This is mainly for the RNG needed for the exchange tests.
2017-07-28 11:23:23 +02:00
6eb7dd11ec
appveyor: Run tests on AppVeyor Windows containers
...
We can't enable leak detective as it is so slow then that we run into a
timeout (60 minutes).
2017-07-28 11:18:17 +02:00
157742be7d
fuzz: Add fuzzing boilerplate
2017-05-23 18:29:11 +02:00
93700d93fa
travis: aikpub2 was removed, no need to disable it anymore
2017-03-23 18:29:18 +01:00
23c05d86de
travis: Build Windows-specific plugins
...
The plugins can only be built on x64 as the MinGW headers on Ubuntu 12.04,
which we have to use for x86 due to another issue with MinGW, are too old.
2017-03-23 18:29:18 +01:00
42f7c98980
travis: Create coverage report via codecov.io
2017-03-15 10:19:02 +01:00
1da567734f
libipsec: Fix Windows build via MinGW
...
Fixes #2118 .
2017-01-25 17:12:30 +01:00
2ac95123bb
dh-speed: Compare the shared secrets for equality after test
2016-11-14 16:20:51 +01:00
0ab854789d
dh-speed: Include the get_my_public_value() call in public exponent timing
...
This fixes results where a DH backend does not generate the public value
in the constructor internally.
2016-11-14 16:20:51 +01:00
053275150b
dh-speed: Add an identifier to test curve25519 performance
2016-11-14 16:20:51 +01:00
8486b3b438
travis: Use a more recent OS X image
...
Using the xcode8 image does not work currently (libcurl is not found).
2016-09-27 09:19:34 +02:00
39d544d56e
travis: Run 32-bit Windows build on precise (12.04) image
...
That's required due to a bug in MinGW 3.1.0 that's shipped with trusty.
2016-09-20 15:33:01 +02:00
003fec52e0
travis: Properly pass back result of make
...
Fixes: 4e8f5a189c
2016-09-20 15:32:28 +02:00
44280a1901
travis: Don't disable connmark and forecast plugins anymore
...
They build fine on Ubuntu 14.04.
2016-09-20 15:32:28 +02:00
d8f27ba679
maemo: Remove unused plugin
2016-09-15 18:33:52 +02:00
4e8f5a189c
travis: Add apidoc check
...
This requires at least Ubuntu 14.04 (the Doxygen version in 12.04 has some
issues with our Doxyfile and prints lots of warnings).
2016-09-05 16:58:29 +02:00
94a6998608
travis: Use Trusty beta image
2016-09-05 16:58:29 +02:00
1806ba0890
travis: Add a workaround for a bug regarding libtool installed via Homebrew
2016-08-25 17:21:02 +02:00
e4fd163a5a
travis: Disable tss-tss2 and aikpub2 but enable TrouSerS and build aikgen
...
Ubuntu 12.04 does not provide libtss2-dev.
2016-06-28 11:30:25 +02:00
b12c53ce77
Use standard unsigned integer types
2016-03-24 18:52:48 +01:00
e36b1e2edb
travis: Enable OS X build
2015-11-23 11:42:52 +01:00
6ef4668626
pki: Add --dn command to extract the subject DN of a certificate
2015-08-17 11:34:01 +02:00
18662e9694
scripts: Add script to extract the ASN.1 subject DN from a certificate
...
This can be useful if the subject DN has to be configured with the
asn1dn: prefix in ipsec.conf (e.g. because the actual encoding can't be
created by strongSwan's string parser/encoder).
2015-08-17 11:29:11 +02:00
9bb7307825
Fix timeattack script compilation under ARM
2015-06-05 12:09:38 +02:00
b821575093
crypt-burn: free() associated data after test
2015-05-04 13:24:33 +02:00
3aa785507d
travis: Run a gcrypt test with leak-detective
...
And also enable gcrypt in the all tests with leak-detective enabled.
2015-04-15 14:38:42 +02:00
22d0c934cd
crypt-burn: Support burning signers
2015-04-15 11:35:26 +02:00
3935d812b7
crypt-burn: Add a encryption buffer command line argument
2015-04-15 11:35:25 +02:00
466d560a33
crypt-burn: Set a defined key, as some backends require that
2015-04-15 11:35:25 +02:00
5da79478ff
crypt-burn: Refactor to separate burn methods
2015-04-15 11:35:25 +02:00
d5ce572d99
crypt-burn: Accept a PLUGINS env var to configure plugins to load
2015-04-15 11:35:25 +02:00
9d6e952201
utils: Add a constant time chunk_equals() variant for cryptographic purposes
2015-04-14 12:02:48 +02:00
b833963270
utils: Add a constant time memeq() variant for cryptographic purposes
2015-04-14 11:51:54 +02:00
39e1ddec2e
scripts: Add a tool that tries to guess MAC/ICV values using validation times
...
This tool shows that it is trivial to re-construct the value memcmp() compares
against by just measuring the time the non-time-constant memcmp() requires to
fail.
It also shows that even when running without any network latencies it gets
very difficult to reconstruct MAC/ICV values, as the time variances due to the
crypto routines are large enough that it gets difficult to measure the time
that memcmp() actually requires after computing the MAC.
However, the faster/time constant an algorithm is, the more likely is a
successful attack. When using AES-NI, it is possible to reconstruct (parts of)
a valid MAC with this tool, for example with AES-GCM.
While this is all theoretical, and way more difficult to exploit with network
jitter, it nonetheless shows that we should replace any use of memcmp/memeq()
with a constant-time alternative in all sensitive places.
2015-04-14 11:51:54 +02:00
a777155ffe
diffie-hellman: Add a bool return value to set_other_public_value()
2015-03-23 17:54:03 +01:00
42431690e0
diffie-hellman: Add a bool return value to get_my_public_value()
2015-03-23 17:54:03 +01:00
75a8457922
travis: Install pip to install pytest in "all" tests
...
This allows ./configure to detect py.test, and execute python unit tests we
provide in the vici python egg.
2015-03-18 14:29:45 +01:00
83f0c22afe
travis: Disable unwind backtraces regardless of LEAK_DETECTIVE option
...
While d0d85683
2015-02-26 10:43:20 +01:00
54d143ca37
travis: Disable forecast/connmark plugins in monolithic builds
...
Ubuntu 12.04 does not seem to provide a sane pkg-config for libiptc or libip4tc.
The monolithic build fails due to missing symbols, so disable it until we have
a newer Ubuntu release.
2015-02-24 12:25:23 +01:00
2a8e351117
travis: Install iptables-dev for connmark plugin in "all" tests
2015-02-20 16:34:53 +01:00
05a3f349a7
travis: Build-test updown and ext-auth plugins for Windows
2014-10-14 11:11:34 +02:00
ab23a0f86a
travis: Disable soup in "all" test
...
On Ubuntu 12.04, there seems to be a resource leak related to pthread keys
when initializing glib or related libraries more than once. With our repeated
initialization for libstrongswan tests, we hit the following error:
Lib (gthread-posix.c): Unexpected error from C library during
'pthread_key_create': Resource temporarily unavailable.
The problem is not reproducible on a newer Gnome stack, hence we disable the
glib based soup plugin until we have a more recent Ubuntu on Travis.
2014-09-24 17:35:16 +02:00
575d3ab19a
travis: Disable build of native systemd IKE daemon
...
Travis still uses Ubuntu 12.04, where no systemd libraries are available. Skip
systemd support on Travis until we have a more recent Ubuntu distribution.
2014-09-22 14:19:38 +02:00
3986c1e3fd
autoconf: Replace --disable-tools option with --disable-scepclient
...
Since using a separate option for pki this was the only tool that was still
enabled by that option.
2014-06-30 13:25:13 +02:00
fd372e13a2
travis: Add a Windows 32-bit variant build test
2014-06-06 16:28:28 +02:00
c572401b34
travis: Build "all" tests without Windows HTTP fetcher
...
We don't include it in the Windows build test either, as MinGW does not come
with -lwinhttp.
2014-06-04 16:34:16 +02:00
4732e29a1d
travis: Build "all" tests without Windows kernel backends
2014-06-04 16:32:12 +02:00
9b7a2188d9
travis: Include socket backend in Windows build test
2014-06-04 16:31:09 +02:00
d62b2444bc
travis: Build "all" tests without Windows socket backend
2014-06-04 16:31:09 +02:00
d930d18417
travis: Define a Windows build test using MinGW
2014-06-04 16:22:43 +02:00
95e67e8d19
travis: Perform build tests with -Werror
2014-06-04 15:53:13 +02:00
c2c2c639af
travis: Build "all" test without Windows specific charon-svc or dbghelp
2014-06-04 15:53:11 +02:00
62dd8c3082
travis: Install libjson dependency for "all" tests
2014-06-03 10:16:33 +02:00
e34905ce7b
scripts: Ignore settings-test script
2014-05-20 18:56:43 +02:00
064fe9c963
enum: Return boolean result for enum_from_name() lookup
...
Handling the result for enum_from_name() is difficult, as checking for
negative return values requires a cast if the enum type is unsigned. The new
signature clearly differentiates lookup result from lookup value.
Further, this actually allows to convert real -1 enum values, which could not
be distinguished from "not-found" and the -1 return value.
This also fixes several clang warnings where enums are unsigned.
2014-05-16 15:42:07 +02:00
5b64c04046
scripts: Add test script for settings_t
2014-05-15 12:03:07 +02:00
dba3c649da
travis: --disable-aikgen in "all" tests
...
aikgen has a hard dependency on TrouSerS, which we currently don't have in the
travis build.
2014-05-07 14:12:13 +02:00
e15f64cc81
tls: Support a maximum TLS version to negotiate using TLS socket abstraction
2014-04-01 14:28:55 +02:00
ddf5222096
tls: Introduce a generic TLS purpose that accepts NULL encryption ciphers
2014-04-01 14:28:55 +02:00
e5d73b0dfa
aead: Support custom AEAD salt sizes
...
The salt, or often called implicit nonce, varies between AEAD algorithms and
their use in protocols. For IKE and ESP, GCM uses 4 bytes, while CCM uses
3 bytes. With TLS, however, AEAD mode uses 4 bytes for both GCM and CCM.
Our GCM backends currently support 4 bytes and CCM 3 bytes only. This is fine
until we go for CCM mode support in TLS, which requires 4 byte nonces.
2014-03-31 15:56:12 +02:00
29b7377530
travis: Run the "all" test case with leak detective enabled
...
But disable the gcrypt plugin, as it causes leaks.
Also disable the backtraces by libunwind as they seem to cause
threads to get cleaned up after the leak detective already has been
disabled, which leads to invalid free()s.
2014-03-27 10:52:45 +01:00
6548f50cf9
travis: Use parallel build
...
Not sure if 4 jobs is optimal, but according to the docs each build host
has 1.5 virtual cores available (although "getconf _NPROCESSORS_ONLN"
returns 32, which is probably the number of real cores underneath), so
more jobs might not actually reduce the build time much more.
2014-03-20 18:48:13 +01:00
316aa4b43b
travis: Add tests for builtin printf hook implementation
...
We can't test Vstr as it does not properly handle negative int arguments
for custom format callbacks, so some of the enum tests would fail.
2014-03-20 15:49:05 +01:00
60a0bb6767
travis: Install dependencies for each test dynamically
...
Since the installation of all packages alone takes several minutes this
should speed up some test cases.
2014-03-20 15:49:05 +01:00
d151cd283e
Add Travis CI config and build script
2014-03-20 15:29:27 +01:00
34d3bfcf14
lib: Add global config namespace
2014-02-12 14:34:31 +01:00
7c4629060a
aes-test: Fix compiler warnings from older versions of GCC
2013-12-19 11:02:23 +01:00
0b47bb5377
pubkey_speed: Add missing plugins
...
The pkcs1 plugin is required to test the gmp/gcrypt plugins. Likewise,
the pem plugin is required when testing the openssl plugin.
Fixes #401 .
2013-09-04 10:01:46 +02:00
f17322dccb
pubkey_speed: sudo is not required
...
Also, refer to pubkey_speed properly when not being called from the same
directory.
2013-09-04 09:53:36 +02:00
f1d5d87619
pubkey_speed: Add header and fix usage
2013-09-04 09:53:36 +02:00
2a7a9471dd
aes-test: Rename crypt() as it conflicts with a library function on Mac OS X
...
unistd.h on Linux defines this only if _XOPEN_SOURCE is defined.
2013-08-30 08:51:09 +02:00
db4a072ca9
Added scripts/aes-test to .gitignore
2013-08-28 22:52:30 +02:00
9455f8b386
aes-test: Support test vectors at the end of a file
2013-08-24 16:22:51 +02:00
8972c72237
aes-test: Add script to test AES implementations according to AESAVS/GCMVS
2013-08-24 16:22:51 +02:00
3b6d8855e8
scripts: link against librt only if required
...
With glibc, this seems to be the case for 2.17 and older versions only.
2013-08-08 09:12:52 +02:00
62e1c80803
scripts: link malloc_speed against librt
2013-08-08 09:09:00 +02:00
19cb07b890
automake: replace INCLUDES by AM_CPPFLAGS
...
INCLUDES are now deprecated and throw warnings when using automake 1.13.
We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and
defines are passed to AM_CPPFLAGS only.
2013-07-18 14:59:19 +02:00
b18a531715
plugin-loader: Removed unused path argument of load() method
...
Multiple additional search paths can be added with the add_path()
method.
2013-06-28 10:44:15 +02:00
40f2a5306a
scripts: add a simple test utility to do some malloc() benchmarking/profiling
2013-05-06 15:15:24 +02:00
676e862487
fixed another printf statement
2013-04-09 15:16:49 +02:00
1a185ae14b
fixed printf statements
2013-04-08 22:21:14 +02:00
3f4300ed1e
Accept a certificate/key pair to use client authentication in tls_test
2013-04-02 16:09:17 +02:00
51caeeb161
crypt_burn: Proper cleanup
2013-03-25 18:40:32 +01:00
d4f2f3dd7f
crypt_burn: Fix loop condition for regular crypters
2013-03-25 18:40:31 +01:00
d786cbda5c
Implemented the resolver test script "dnssec"
2013-02-19 11:57:21 +01:00
f05b427265
Moved debug.[ch] to utils folder
2012-10-24 16:00:51 +02:00
2e7cc07ecd
Moved host_t and host_resolver_t to a new networking subfolder
2012-10-24 15:06:18 +02:00
4c57c63062
Added possibility to register custom proposal keywords
...
Keyword lookup and registration are handled via the new lib->proposal object.
2012-09-13 15:44:46 +02:00
995875210a
Removed len argument from proposal_get_token()
...
Also use enumerators instead of lexparser.h to parse proposal strings.
2012-09-13 15:44:01 +02:00
8217c099ce
Add a tool to burn hashers
2012-07-17 17:32:08 +02:00
3b96189a2a
Add a return value to crypter_t.decrypt()
2012-07-16 14:53:38 +02:00
e35abbe588
Add a return value to crypter_t.encrypt
2012-07-16 14:53:37 +02:00
e2ed7bfd22
Add a return value to aead_t.encrypt()
2012-07-16 14:53:32 +02:00
f3af4969a7
Added GPL header to scripts
2012-06-29 16:51:29 +02:00
79d5c4f06b
Fixed return values of several functions (e.g. return FALSE for pointer types).
2012-05-31 17:39:04 +02:00
f8b2906929
Use the TLS socket splicing in tls_test script
2011-12-31 13:14:49 +01:00
6a5c86b7ad
Implemented TLS session resumption both as client and as server
2011-12-31 13:14:49 +01:00
4ae7f7d13e
Use spaces in Makefile.am identation, autotools don't like tabs
2011-05-20 10:09:09 +02:00
513701f41b
Fix some warnings triggered by gcc 4.6 -Wunused-but-set-variable
2011-05-19 15:47:40 +02:00
4ceb31f941
Added alloc/stream options to fetcher test utility
2011-04-04 08:48:27 +02:00
a8a7a31700
Added simple fetcher tool to test fetcher implementations
2011-01-17 18:19:59 +01:00
7240e2266c
Added command line tool for OID to DER conversion function
2011-01-05 16:46:02 +01:00
3f9ba3be66
Conditional exclusion of tls_test script completed.
2010-09-09 13:21:38 +02:00
6d4ae46768
Fixed typo.
2010-09-09 13:21:38 +02:00
00755453e3
Build tls_test script only if TLS stack is enabled
2010-09-07 10:21:44 +02:00
fd0bde9a60
Added a TLS debug level option, use debugging hook
2010-08-31 15:35:29 +02:00
f1a74a3cab
Implemented a TLS utility to test on any TLS secured TCP connection
2010-08-25 12:57:13 +02:00
37e52c3fbf
Added a crypto transform stress test for profiling
2010-08-19 19:05:14 +02:00
8f01815143
Build dedicated plugin lists for each strongSwan component
2010-08-12 14:46:57 +02:00
a944d2092b
Use bits instead of bytes for a private/public key
2010-08-10 18:46:30 +02:00
da9724e6d0
Renamed key_encod{ing,der}_t and constants, prepare for generic credential encoding
2010-07-13 11:29:35 +02:00
0465d2c0b7
fixed typo
2010-05-04 16:17:32 +02:00
257e27df07
Fixing out-of-tree build after adding dependency to config.status.
2010-04-29 13:29:53 +02:00
b0e789035c
Users of PLUGINS depend on config.status, rebuilding them if plugin configuration is updated
2010-04-29 11:28:27 +02:00
4590260b2d
Added support for DH groups 22, 23 and 24, patch contributed by Joy Latten
2010-04-19 14:41:20 +02:00
3b878dae7e
Removed chunk_from_buf() in favor of a simpler chunk_from_chars() macro
2009-09-11 15:39:35 +02:00
356b2b2780
pass NULL to library_init() to load settings from default file
2009-09-10 18:52:42 +02:00
5b03a350fc
use NULL to load plugins from default plugin directory
2009-09-10 18:52:42 +02:00
7daf5226b7
removed trailing spaces ([[:space:]]+$)
2009-09-04 13:46:09 +02:00
0df451bc07
use ./configured plugins in keyid scripts
2009-08-26 11:23:55 +02:00
500aa2607f
accept PEM encoded keys in keyid scripts
2009-08-26 11:23:55 +02:00
94dde8a0ab
migrated scripts to new fingerprinting API
2009-08-26 11:23:55 +02:00
2b7e085dea
updated pubkey_speed test to use pem plugin
2009-08-26 11:23:49 +02:00
aab814c793
fixed compiler warning
2009-06-19 10:05:27 +02:00
25d6c5146b
remove obsolete scripts
2009-06-10 18:31:15 +02:00
e0069366c8
fixed ecp521 test
2009-06-10 18:07:19 +02:00
0461a2ff13
added missing RSA 768 test
2009-06-10 17:26:56 +02:00
6edad5afdd
added convenience scripts for pubkey/dh speed tests
2009-06-10 16:25:32 +02:00
a4caeac76e
moved publickey speed test to a standalone program
...
This reverts commit 08874d6ae2
2009-06-10 16:25:32 +02:00
3e3de01b28
moved Diffie-Hellman speed test to a standalone program
...
This reverts commit 1e6050bfae
2009-06-10 14:58:58 +02:00
5c1e8ca7ae
missed keyid2sql.c
2009-05-28 15:50:05 +02:00
af1feed96a
NO_CREDENTIAL_FACTORY compile option not needed anymore
2009-05-28 15:44:22 +02:00
466f11bfaf
added .gitignore files, ready for the switch
2009-04-30 07:42:30 +00:00
be0a03be64
set default CFLAGS globally, including -Wno-format
2009-04-27 11:34:07 +00:00
faf0e41801
suppress format warnings in the scripts directory
2009-04-21 19:51:48 +00:00
b768170bf3
missing LOGFILE in debug statement
2008-12-23 06:35:16 +00:00
4dc0dce886
added migration to NEWS
2008-11-16 21:23:56 +00:00
35379b2130
typedef fixed
2008-10-15 11:34:29 +00:00
1a4d27c854
added thread_analysis tool
2008-09-01 11:19:07 +00:00
eb3e27059b
use libcap for capability dropping
...
optional, must be enabled --with-capabilities=libcap
will be extended to support --with-capabilities=libcap2
2008-08-29 09:24:14 +00:00
f5a0d968fc
added keyid2sql helper script
2008-07-29 19:46:39 +00:00
Andreas Steffen