Martin Willi
35a783cff7
pki: Implement an acert command to issue attribute certificates
2014-03-31 11:14:58 +02:00
Martin Willi
20ea84daec
pki: Support printing attribute certificates
2014-03-31 11:14:58 +02:00
Martin Willi
e49197f15e
pki: Don't generate negative random serial numbers in X.509 certificates
...
According to RFC 5280 4.1.2.2 we MUST force non-negative serial numbers.
2014-03-31 11:14:58 +02:00
Martin Willi
0226ca886d
pem: Support encoding of attribute certificates
...
While there is no widely used PEM header for attribute certificates, at least
IAIK-JCE uses BEGIN ATTRIBUTE CERTIFICATE:
http://javadoc.iaik.tugraz.at/iaik_jce/current/iaik/utils/Util.html#toPemString(iaik.x509.attr.AttributeCertificate)
2014-03-31 11:14:58 +02:00
Martin Willi
8f9e2dbcd5
x509: Replace the comma separated string AC group builder with a list based one
2014-03-31 11:14:58 +02:00
Martin Willi
a17598bc69
x509: Integrate IETF attribute handling, and obsolete ietf_attributes_t
...
The ietf_attributes_t class is used for attribute certificates only these days,
and integrating them to x509_ac_t simplifies things significantly.
2014-03-31 11:14:58 +02:00
Martin Willi
61b2d815b9
x509: Replace fixed acert group string getter by a more dynamic group enumerator
2014-03-31 11:14:58 +02:00
Martin Willi
a9bfd4b055
x509: Skip parsing of acert chargingIdentity, as we don't use it anyway
2014-03-31 11:14:58 +02:00
Martin Willi
3134379ac7
x509: Fix some whitespaces and do some minor style cleanups in acert
2014-03-31 11:14:57 +02:00
Martin Willi
883a63adc1
ac: Remove unimplemented equals_holder() method from ac_t
2014-03-31 11:14:57 +02:00
Andreas Steffen
959ef1a2e4
Added libipsec/net2net-3des scenario
2014-03-28 09:21:51 +01:00
Andreas Steffen
7afd217ff9
Renewed self-signed OCSP signer certificate
2014-03-27 22:52:11 +01:00
Tobias Brunner
0462304dbb
unit-tests: Fix filtered enumerator tests on 64-bit big-endian platforms
...
In case of sizeof(void*) == 8 and sizeof(int) == 4 on big-endian hosts
the tests failed as the actual integer value got cut off.
2014-03-27 15:35:32 +01:00
Tobias Brunner
29b7377530
travis: Run the "all" test case with leak detective enabled
...
But disable the gcrypt plugin, as it causes leaks.
Also disable the backtraces by libunwind as they seem to cause
threads to get cleaned up after the leak detective already has been
disabled, which leads to invalid free()s.
2014-03-27 10:52:45 +01:00
Tobias Brunner
58d8c52190
unit-tests: Fix memory leak in ntru tests
2014-03-27 10:52:45 +01:00
Andreas Steffen
045f25fc81
Version bump to 5.1.3rc1
2014-03-26 22:00:00 +01:00
Andreas Steffen
c6d173a1f1
Check that valid OCSP responses are received in the ikev2/ocsp-multi-level scenario
2014-03-24 23:57:55 +01:00
Andreas Steffen
bee64a82d7
Updated expired certificates issued by the Research and Sales Intermediate CAs
2014-03-24 23:38:45 +01:00
Andreas Steffen
2d79f6d81e
Renewed revoked Research CA certificate
2014-03-22 15:16:15 +01:00
Andreas Steffen
f0388684cd
unit-test: added missing TEST_FUNCTION macros
2014-03-22 10:26:02 +01:00
Andreas Steffen
07e7cb146f
Added openssl-ikev2/net2net-pgp-v3 scenario
2014-03-22 09:55:03 +01:00
Tobias Brunner
01632eccf3
openssl: Add default fallback when calculating fingerprints of RSA keys
...
We still try to calculate these directly as it can avoid a dependency on
the pkcs1 or other plugins. But for e.g. PGPv3 keys we need to delegate the
actual fingerprint calculation to the pgp plugin.
2014-03-22 09:55:03 +01:00
Andreas Steffen
22e1aa51f9
Completed integration of ntru_crypto library into ntru plugin
2014-03-22 09:51:00 +01:00
Tobias Brunner
b517912848
Merge branch 'travis-ci'
...
Adds a config file and build script for Travis CI. Makes the unit tests
buildable with Clang, and test vectors are now actually verified when
the unit tests are executed.
Also adds options to run only selected test suites and to increase the debug
level during unit tests.
The --enable/disable configure options have been reordered and grouped, and
an option to enable all the features has been added (plus an option to
select a specific printf-hook implementation).
2014-03-20 18:50:57 +01:00
Tobias Brunner
6548f50cf9
travis: Use parallel build
...
Not sure if 4 jobs is optimal, but according to the docs each build host
has 1.5 virtual cores available (although "getconf _NPROCESSORS_ONLN"
returns 32, which is probably the number of real cores underneath), so
more jobs might not actually reduce the build time much more.
2014-03-20 18:48:13 +01:00
Tobias Brunner
510c900479
crypto-tester: Don't fail if key size is not supported
...
The Blowfish and Twofish implementations provided by the gcrypt plugin
only support specific key lengths, which we don't know when testing
against vectors (either during unit tests or during algorithm
registration). The on_create test with a specific key length will be
skipped anyway, so there is no point in treating this failure differently.
2014-03-20 15:49:05 +01:00
Tobias Brunner
5dd638f45c
unit-tests: Add an option to increase the verbosity when running tests
...
The TESTS_VERBOSITY option takes an integer from -1 to 4 that sets the
default debug level.
2014-03-20 15:49:05 +01:00
Tobias Brunner
77603e98a3
unit-tests: Add an option to run only a subset of all test suites
...
The TESTS_SUITES environment variable can contain a comma separated list
of names of test suites to run.
2014-03-20 15:49:05 +01:00
Tobias Brunner
636076d45d
unit-tests: Actually verify registered algorithms against test vectors
...
Previously, the {ns}.crypto_test.on_add option had to be enabled to
actually test the algorithms, which we can't enforce for the tests in
the test_runner as the option is already read when the crypto factory
is initialized. Even so, we wouldn't want to do this for every unit
test, which would be the result of enabling that option.
2014-03-20 15:49:05 +01:00
Tobias Brunner
316aa4b43b
travis: Add tests for builtin printf hook implementation
...
We can't test Vstr as it does not properly handle negative int arguments
for custom format callbacks, so some of the enum tests would fail.
2014-03-20 15:49:05 +01:00
Tobias Brunner
4ffe02a75d
configure: Add an option to select a specific printf hook implementation
2014-03-20 15:49:05 +01:00
Tobias Brunner
60a0bb6767
travis: Install dependencies for each test dynamically
...
Since the installation of all packages alone takes several minutes this
should speed up some test cases.
2014-03-20 15:49:05 +01:00
Tobias Brunner
d62b663646
travis: Enable clang build
...
But build the distribution only once.
2014-03-20 15:49:05 +01:00
Tobias Brunner
6ce5aee0b2
unit-tests: Use TEST_FUNCTION macro in ntru tests
2014-03-20 15:49:05 +01:00
Tobias Brunner
b751f6f25a
unit-tests: Implement registered functions without __builtin_apply()
...
This makes the tests work with clang, which does not implement said
builtin.
2014-03-20 15:37:44 +01:00
Tobias Brunner
31b3bb2211
unit-tests: Call functions with TEST_ prefix in ntru test
2014-03-20 15:37:44 +01:00
Tobias Brunner
2c687b3cb3
unit-tests: Prefix imported testable functions with TEST_
...
This avoids any clashes with existing functions in the monolithic build.
2014-03-20 15:29:27 +01:00
Tobias Brunner
f51169eb09
unit-tests: Change how hashtable for testable functions is created
...
Because GCC does not adhere to the priorities defined for constructors
when building with --enable-monolithic (not sure if it was just luck
that it worked in non-monolithic mode - anyway, it's not very portable)
function registration would fail because the hashtable would not be
created yet.
2014-03-20 15:29:27 +01:00
Tobias Brunner
d151cd283e
Add Travis CI config and build script
2014-03-20 15:29:27 +01:00
Tobias Brunner
0e6f3a380a
configure: Add an option to enable all optional features/plugins
...
This has probably no real practical use, but it simplifies testing.
2014-03-20 15:29:27 +01:00
Tobias Brunner
1c26ce2dc3
configure: Reorder and group feature options
2014-03-20 15:29:27 +01:00
Tobias Brunner
48ac56e2aa
unit-tests: Generate weak keys with gcrypt plugin (but quickly)
2014-03-20 15:29:27 +01:00
Tobias Brunner
fc4f8fc30e
tnc-pdp: Fix monolithic build
2014-03-20 15:29:27 +01:00
Tobias Brunner
27b3358fed
plugin-feature: Hash only the actually used feature argument
...
Clang does not initialize padding in union members so hashing the
complete "arg" union could lead to different hashes if the hashed
plugin_feature_t does not have static storage duration.
Fixes #549 .
2014-03-20 13:42:57 +01:00
Andreas Steffen
0b408faef1
Added TPMRA workitem support for [dummy] Trusted Boot measurements
2014-03-19 20:26:31 +01:00
Martin Willi
0a8c399a21
pki: When dispatching commands, don't look beyond non-null-terminated array
2014-03-19 09:37:46 +01:00
Martin Willi
87e53819a6
pki: Check length of commands array before accessing command in --help
...
As --help is counted as command as well, the array is not null-terminated
and we have to check for MAX_COMMANDS.
Fixes #550 .
2014-03-19 09:25:29 +01:00
Tobias Brunner
c489c5881a
charon-nm: No additional secrets are required once a password has been entered
...
Recent versions of NM will call need_secrets() as long as it returns TRUE,
but then fail as the number of calls is limited by an assert.
Fixes #547 .
2014-03-18 14:53:40 +01:00
Tobias Brunner
11f31ceb6a
array: Fix removal of elements in the second half of an array
...
Memory beyond the end of the array was moved when array elements in the
second half of an array were removed.
Fixes #548 .
2014-03-18 14:46:16 +01:00
Tobias Brunner
0ab7d5f1f9
plugin-loader: Properly initialize modular plugin list if no plugins are enabled
2014-03-18 10:56:39 +01:00