Andreas Steffen
8c40609f96
Use python-based swidGenerator to generated SWID tags
2014-04-15 09:21:06 +02:00
Andreas Steffen
8505ce1cc6
Updated imv database templates
2014-04-15 09:21:05 +02:00
Andreas Steffen
b138bbee4e
Optimized PTS measurements
2014-04-15 09:21:05 +02:00
Andreas Steffen
40e8c67392
Use cached pid for product-based package access
2014-04-15 09:21:05 +02:00
Andreas Steffen
48f37c448c
Make Attestation IMV independent of OS IMV
2014-04-15 09:21:05 +02:00
Andreas Steffen
4894bfa227
Separated IMV session management from IMV policy database
2014-04-15 09:21:05 +02:00
Andreas Steffen
0bd64fa5bf
Renamed the AIK public key parameter to imc-attestation.aik_pubkey
2014-04-15 09:21:05 +02:00
Andreas Steffen
c54c26dd17
Implemented configurable Device ID in OS IMC
2014-04-15 09:21:05 +02:00
Andreas Steffen
6d1b4b6baf
Version bump to 5.2.0dr1
2014-04-15 09:20:38 +02:00
Andreas Steffen
266fcdce2b
Version bump to 5.1.3
2014-04-14 15:18:38 +02:00
Tobias Brunner
e59ce07bfa
NEWS: Added info about CVE-2014-2338
2014-04-14 13:32:36 +02:00
Martin Willi
8503077175
ikev2: Reject CREATE_CHILD_SA exchange on unestablished IKE_SAs
...
Prevents a responder peer to trick us into established state by starting
IKE_SA rekeying before the IKE_SA has been authenticated during IKE_AUTH.
Fixes CVE-2014-2338.
2014-04-14 13:29:49 +02:00
Tobias Brunner
abd7d3be9c
eap-mschapv2: Fix potential leaks in case of invalid messages from servers
2014-04-09 18:27:02 +02:00
Tobias Brunner
f0923ff377
pts: Make sure the complete AIK blob has been read
2014-04-09 17:47:32 +02:00
Tobias Brunner
8d34e55375
attr: Don't shift the 32-bit netmask by 32
...
This is undefined behavior as per the C99 standard (sentence 1185):
"If the value of the right operand is negative or is greater or equal
to the width of the promoted left operand, the behavior is undefined."
Apparently shifts may be done modulo the width on some platforms so
a shift by 32 would not shift at all.
2014-04-09 17:09:55 +02:00
Tobias Brunner
f738753abc
nm: Fix NULL-pointer dereference when handling TUN device failure
2014-04-09 16:35:46 +02:00
Tobias Brunner
f7d04ba6c4
x509: Don't include authKeyIdentifier in self-signed certificates
...
As the comment indicates this was the intention in
d7be290643
all along.
2014-04-09 16:06:18 +02:00
Tobias Brunner
3f3680ec3f
x509: Initialize certs when building optionalSignature for OCSP requests
2014-04-09 16:06:17 +02:00
Tobias Brunner
a04ef18bda
stroke: Fix memory leak when printing unknown AC group OIDs
2014-04-09 16:06:17 +02:00
Tobias Brunner
297bc06ca9
pki: Fix memory leak when printing unknown AC group OIDs
2014-04-09 15:56:11 +02:00
Tobias Brunner
ce845838ea
pki: Removed extra continue statement
2014-04-09 15:12:27 +02:00
Andreas Steffen
98ae0492b6
Added support for msSmartcardLogon EKU
2014-04-08 13:09:03 +02:00
Andreas Steffen
e2df745122
Added some more OIDs
2014-04-08 11:32:30 +02:00
Andreas Steffen
6a44fcf929
Initialize m1 to suppress compiler warning
2014-04-07 13:29:39 +02:00
Andreas Steffen
4e9123a0b1
Fixed another dirname/basename refactoring bug.
...
file was freed before use.
2014-04-07 12:07:00 +02:00
Andreas Steffen
d982e38b8b
Fixed dirname/basename refactoring bug.
...
Variables used in a database query have to be kept until the end of the enumeration
2014-04-07 12:05:55 +02:00
Andreas Steffen
60451e2fb6
Added SHA3 OIDs
2014-04-04 23:44:55 +02:00
Andreas Steffen
ab8ed95bfc
Fixed pretest script in tnc/tnccs-20-pt-tls scenario
2014-04-04 23:04:54 +02:00
Tobias Brunner
23f34f6ed5
ike-cfg: Properly compare IKE proposals for equality
2014-04-03 09:46:41 +02:00
Tobias Brunner
adc1157487
leak-detective: LEAK_DETECTIVE_DISABLE completely disables LD
...
If lib->leak_detective is non-null some code parts (e.g. the plugin
loader) assume LD is actually used.
2014-04-03 09:44:26 +02:00
Tobias Brunner
7a61bf9032
testing: Run 'conntrack -F' before all test scenarios
...
This prevents failures due to remaining conntrack entries.
2014-04-02 11:55:05 +02:00
Tobias Brunner
f678bce84c
unit-tests: Verify two bytes at once when testing chunk_clear()
...
This reduces the chances of arbitrary test failures if the memory area
already got overwritten.
2014-04-02 11:50:11 +02:00
Martin Willi
b87f7840bc
Merge branch 'tls-unit-tests'
...
Add some initial unit-tests to libtls, testing all supported cipher suites
against self, both with and without client authentication, for all supported
TLS versions.
2014-04-01 14:53:28 +02:00
Martin Willi
5ba9f73457
tls: Add a test case to check correct enum name mapping of cipher suites
2014-04-01 14:52:18 +02:00
Martin Willi
2c8d77394c
tls: Add socket based tests testing all supported suites with TLS 1.2/1.1/1.0
2014-04-01 14:52:18 +02:00
Martin Willi
74162ed997
tls: Remove superfluous initializers in TLS AEAD implementations
2014-04-01 14:52:18 +02:00
Martin Willi
e15f64cc81
tls: Support a maximum TLS version to negotiate using TLS socket abstraction
2014-04-01 14:28:55 +02:00
Martin Willi
5313880261
tls: Support a null encryption flag on TLS socket abstraction
2014-04-01 14:28:55 +02:00
Martin Willi
ddf5222096
tls: Introduce a generic TLS purpose that accepts NULL encryption ciphers
2014-04-01 14:28:55 +02:00
Martin Willi
ac5717c9e9
tls: Export a function to list supported TLS cipher suites
2014-04-01 14:28:55 +02:00
Martin Willi
c0efaaebe3
tls: Create a unit-test runner
2014-04-01 14:28:55 +02:00
Martin Willi
70889c42a6
unit-tests: Catch timeouts during test runner deinit function
...
The test runner deinit function often cancels all threads from the pool. This
operation might hang on error conditions, hence we should include that hook in
the test timeout to fail properly.
2014-04-01 14:28:55 +02:00
Martin Willi
4e8ff4f010
unit-tests: Prevent a failing worker thread to go wild after it fails
...
A worker raises SIGUSR1 to inform the main thread that the test fails. The main
thread then starts cancelling workers, but the offending thread should be
terminated immediately to prevent it from test continuation.
2014-04-01 14:28:54 +02:00
Andreas Steffen
96e3142c39
Test TLS AEAD cipher suites
2014-04-01 10:12:15 +02:00
Andreas Steffen
37ef086ea7
Added Ubuntu 14.04 to IMV database
2014-03-31 22:22:58 +02:00
Andreas Steffen
05eb83e986
Slightly edited evaltest of ikev2/ocsp-untrusted-cert scenario
2014-03-31 22:22:58 +02:00
Tobias Brunner
036dab0a10
unit-tests: Always load address of testable functions
...
The addresses can actually change as plugins are loaded/unloaded for
each test case.
Fixes #551 .
2014-03-31 17:00:22 +02:00
Tobias Brunner
2a38b4556e
settings: Reduce log verbosity if strongswan.conf does not exist
...
In some situations we expect strongswan.conf to not exist, for instance,
when running the unit tests before installation.
2014-03-31 16:40:04 +02:00
Tobias Brunner
a800253fbf
test-vectors: Renumber AES-GCM test vectors according to original source
...
Also adds several missing ones.
2014-03-31 16:38:30 +02:00
Martin Willi
e2e0165605
Merge branch 'tls-aead'
...
Adds AEAD support to the TLS stack, currently supporting AES-GCM. Brings fixes
for TLS record fragmentation, enforcing TLS versions < 1.2 and proper signature
scheme support indication.
2014-03-31 16:17:57 +02:00