8c40609f96
Use python-based swidGenerator to generated SWID tags
2014-04-15 09:21:06 +02:00
8505ce1cc6
Updated imv database templates
2014-04-15 09:21:05 +02:00
b138bbee4e
Optimized PTS measurements
2014-04-15 09:21:05 +02:00
40e8c67392
Use cached pid for product-based package access
2014-04-15 09:21:05 +02:00
48f37c448c
Make Attestation IMV independent of OS IMV
2014-04-15 09:21:05 +02:00
4894bfa227
Separated IMV session management from IMV policy database
2014-04-15 09:21:05 +02:00
0bd64fa5bf
Renamed the AIK public key parameter to imc-attestation.aik_pubkey
2014-04-15 09:21:05 +02:00
c54c26dd17
Implemented configurable Device ID in OS IMC
2014-04-15 09:21:05 +02:00
6d1b4b6baf
Version bump to 5.2.0dr1
2014-04-15 09:20:38 +02:00
266fcdce2b
Version bump to 5.1.3
2014-04-14 15:18:38 +02:00
e59ce07bfa
NEWS: Added info about CVE-2014-2338
2014-04-14 13:32:36 +02:00
8503077175
ikev2: Reject CREATE_CHILD_SA exchange on unestablished IKE_SAs
...
Prevents a responder peer to trick us into established state by starting
IKE_SA rekeying before the IKE_SA has been authenticated during IKE_AUTH.
Fixes CVE-2014-2338.
2014-04-14 13:29:49 +02:00
abd7d3be9c
eap-mschapv2: Fix potential leaks in case of invalid messages from servers
2014-04-09 18:27:02 +02:00
f0923ff377
pts: Make sure the complete AIK blob has been read
2014-04-09 17:47:32 +02:00
8d34e55375
attr: Don't shift the 32-bit netmask by 32
...
This is undefined behavior as per the C99 standard (sentence 1185):
"If the value of the right operand is negative or is greater or equal
to the width of the promoted left operand, the behavior is undefined."
Apparently shifts may be done modulo the width on some platforms so
a shift by 32 would not shift at all.
2014-04-09 17:09:55 +02:00
f738753abc
nm: Fix NULL-pointer dereference when handling TUN device failure
2014-04-09 16:35:46 +02:00
f7d04ba6c4
x509: Don't include authKeyIdentifier in self-signed certificates
...
As the comment indicates this was the intention in
d7be290643
2014-04-09 16:06:18 +02:00
3f3680ec3f
x509: Initialize certs when building optionalSignature for OCSP requests
2014-04-09 16:06:17 +02:00
a04ef18bda
stroke: Fix memory leak when printing unknown AC group OIDs
2014-04-09 16:06:17 +02:00
297bc06ca9
pki: Fix memory leak when printing unknown AC group OIDs
2014-04-09 15:56:11 +02:00
ce845838ea
pki: Removed extra continue statement
2014-04-09 15:12:27 +02:00
98ae0492b6
Added support for msSmartcardLogon EKU
2014-04-08 13:09:03 +02:00
e2df745122
Added some more OIDs
2014-04-08 11:32:30 +02:00
6a44fcf929
Initialize m1 to suppress compiler warning
2014-04-07 13:29:39 +02:00
4e9123a0b1
Fixed another dirname/basename refactoring bug.
...
file was freed before use.
2014-04-07 12:07:00 +02:00
d982e38b8b
Fixed dirname/basename refactoring bug.
...
Variables used in a database query have to be kept until the end of the enumeration
2014-04-07 12:05:55 +02:00
60451e2fb6
Added SHA3 OIDs
2014-04-04 23:44:55 +02:00
ab8ed95bfc
Fixed pretest script in tnc/tnccs-20-pt-tls scenario
2014-04-04 23:04:54 +02:00
23f34f6ed5
ike-cfg: Properly compare IKE proposals for equality
2014-04-03 09:46:41 +02:00
adc1157487
leak-detective: LEAK_DETECTIVE_DISABLE completely disables LD
...
If lib->leak_detective is non-null some code parts (e.g. the plugin
loader) assume LD is actually used.
2014-04-03 09:44:26 +02:00
7a61bf9032
testing: Run 'conntrack -F' before all test scenarios
...
This prevents failures due to remaining conntrack entries.
2014-04-02 11:55:05 +02:00
f678bce84c
unit-tests: Verify two bytes at once when testing chunk_clear()
...
This reduces the chances of arbitrary test failures if the memory area
already got overwritten.
2014-04-02 11:50:11 +02:00
b87f7840bc
Merge branch 'tls-unit-tests'
...
Add some initial unit-tests to libtls, testing all supported cipher suites
against self, both with and without client authentication, for all supported
TLS versions.
2014-04-01 14:53:28 +02:00
5ba9f73457
tls: Add a test case to check correct enum name mapping of cipher suites
2014-04-01 14:52:18 +02:00
2c8d77394c
tls: Add socket based tests testing all supported suites with TLS 1.2/1.1/1.0
2014-04-01 14:52:18 +02:00
74162ed997
tls: Remove superfluous initializers in TLS AEAD implementations
2014-04-01 14:52:18 +02:00
e15f64cc81
tls: Support a maximum TLS version to negotiate using TLS socket abstraction
2014-04-01 14:28:55 +02:00
5313880261
tls: Support a null encryption flag on TLS socket abstraction
2014-04-01 14:28:55 +02:00
ddf5222096
tls: Introduce a generic TLS purpose that accepts NULL encryption ciphers
2014-04-01 14:28:55 +02:00
ac5717c9e9
tls: Export a function to list supported TLS cipher suites
2014-04-01 14:28:55 +02:00
c0efaaebe3
tls: Create a unit-test runner
2014-04-01 14:28:55 +02:00
70889c42a6
unit-tests: Catch timeouts during test runner deinit function
...
The test runner deinit function often cancels all threads from the pool. This
operation might hang on error conditions, hence we should include that hook in
the test timeout to fail properly.
2014-04-01 14:28:55 +02:00
4e8ff4f010
unit-tests: Prevent a failing worker thread to go wild after it fails
...
A worker raises SIGUSR1 to inform the main thread that the test fails. The main
thread then starts cancelling workers, but the offending thread should be
terminated immediately to prevent it from test continuation.
2014-04-01 14:28:54 +02:00
96e3142c39
Test TLS AEAD cipher suites
2014-04-01 10:12:15 +02:00
37ef086ea7
Added Ubuntu 14.04 to IMV database
2014-03-31 22:22:58 +02:00
05eb83e986
Slightly edited evaltest of ikev2/ocsp-untrusted-cert scenario
2014-03-31 22:22:58 +02:00
036dab0a10
unit-tests: Always load address of testable functions
...
The addresses can actually change as plugins are loaded/unloaded for
each test case.
Fixes #551 .
2014-03-31 17:00:22 +02:00
2a38b4556e
settings: Reduce log verbosity if strongswan.conf does not exist
...
In some situations we expect strongswan.conf to not exist, for instance,
when running the unit tests before installation.
2014-03-31 16:40:04 +02:00
a800253fbf
test-vectors: Renumber AES-GCM test vectors according to original source
...
Also adds several missing ones.
2014-03-31 16:38:30 +02:00
e2e0165605
Merge branch 'tls-aead'
...
Adds AEAD support to the TLS stack, currently supporting AES-GCM. Brings fixes
for TLS record fragmentation, enforcing TLS versions < 1.2 and proper signature
scheme support indication.
2014-03-31 16:17:57 +02:00
Andreas Steffen