Andreas Steffen
508b308768
fuzz: Added PA-TNC fuzzer
2018-06-12 21:47:39 +02:00
Tobias Brunner
1b67166921
Unify format of HSR copyright statements
2018-05-23 16:32:53 +02:00
Tobias Brunner
d8eb1049d7
travis: Disable NM build until we run on a newer image that provides libnm
...
Ubuntu 16.04 (xenial) might soon be available but it's not yet supported
officially.
2017-12-22 16:13:09 +01:00
Tobias Brunner
fd9edf7f31
travis: Disable warning that causes a false positive in Xcode 8.3+
...
Xcode 8.3, to which there recently was a switch, spits out a warning for
the potentially unaligned access to ip6_plen in ip-packet.c, which we
explicitly read via untoh16() hence the access to that pointer is not
actually unaligned. It seems the compiler is not able to determine that
there is no unaligned access even though the function is defined in the
header and marked inline.
2017-12-20 16:08:21 +01:00
Tobias Brunner
de280c2e03
private-key: Add optional parameters argument to sign() method
2017-11-08 16:48:10 +01:00
Tobias Brunner
a413571f3b
public-key: Add optional parameters argument to verify() method
2017-11-08 16:48:10 +01:00
Tobias Brunner
08e2401653
scripts: Add -d option to oid2der to decode DER encoded OIDs
2017-11-02 10:02:26 +01:00
Tobias Brunner
7421884da1
travis: Use the same ASAN_OPTIONS as used by OSS-Fuzz
2017-08-15 10:35:20 +02:00
Tobias Brunner
1ce2721d90
travis: Run fuzz targets
2017-08-15 10:35:20 +02:00
Tobias Brunner
096626286a
appveyor: Build against OpenSSL
...
This is mainly for the RNG needed for the exchange tests.
2017-07-28 11:23:23 +02:00
Tobias Brunner
6eb7dd11ec
appveyor: Run tests on AppVeyor Windows containers
...
We can't enable leak detective as it is so slow then that we run into a
timeout (60 minutes).
2017-07-28 11:18:17 +02:00
Tobias Brunner
157742be7d
fuzz: Add fuzzing boilerplate
2017-05-23 18:29:11 +02:00
Tobias Brunner
93700d93fa
travis: aikpub2 was removed, no need to disable it anymore
2017-03-23 18:29:18 +01:00
Tobias Brunner
23c05d86de
travis: Build Windows-specific plugins
...
The plugins can only be built on x64 as the MinGW headers on Ubuntu 12.04,
which we have to use for x86 due to another issue with MinGW, are too old.
2017-03-23 18:29:18 +01:00
Tobias Brunner
42f7c98980
travis: Create coverage report via codecov.io
2017-03-15 10:19:02 +01:00
Tobias Brunner
1da567734f
libipsec: Fix Windows build via MinGW
...
Fixes #2118 .
2017-01-25 17:12:30 +01:00
Martin Willi
2ac95123bb
dh-speed: Compare the shared secrets for equality after test
2016-11-14 16:20:51 +01:00
Martin Willi
0ab854789d
dh-speed: Include the get_my_public_value() call in public exponent timing
...
This fixes results where a DH backend does not generate the public value
in the constructor internally.
2016-11-14 16:20:51 +01:00
Martin Willi
053275150b
dh-speed: Add an identifier to test curve25519 performance
2016-11-14 16:20:51 +01:00
Tobias Brunner
8486b3b438
travis: Use a more recent OS X image
...
Using the xcode8 image does not work currently (libcurl is not found).
2016-09-27 09:19:34 +02:00
Tobias Brunner
39d544d56e
travis: Run 32-bit Windows build on precise (12.04) image
...
That's required due to a bug in MinGW 3.1.0 that's shipped with trusty.
2016-09-20 15:33:01 +02:00
Tobias Brunner
003fec52e0
travis: Properly pass back result of make
...
Fixes: 4e8f5a189c
("travis: Add apidoc check")
2016-09-20 15:32:28 +02:00
Tobias Brunner
44280a1901
travis: Don't disable connmark and forecast plugins anymore
...
They build fine on Ubuntu 14.04.
2016-09-20 15:32:28 +02:00
Tobias Brunner
d8f27ba679
maemo: Remove unused plugin
2016-09-15 18:33:52 +02:00
Tobias Brunner
4e8f5a189c
travis: Add apidoc check
...
This requires at least Ubuntu 14.04 (the Doxygen version in 12.04 has some
issues with our Doxyfile and prints lots of warnings).
2016-09-05 16:58:29 +02:00
Tobias Brunner
94a6998608
travis: Use Trusty beta image
2016-09-05 16:58:29 +02:00
Tobias Brunner
1806ba0890
travis: Add a workaround for a bug regarding libtool installed via Homebrew
2016-08-25 17:21:02 +02:00
Tobias Brunner
e4fd163a5a
travis: Disable tss-tss2 and aikpub2 but enable TrouSerS and build aikgen
...
Ubuntu 12.04 does not provide libtss2-dev.
2016-06-28 11:30:25 +02:00
Andreas Steffen
b12c53ce77
Use standard unsigned integer types
2016-03-24 18:52:48 +01:00
Tobias Brunner
e36b1e2edb
travis: Enable OS X build
2015-11-23 11:42:52 +01:00
Tobias Brunner
6ef4668626
pki: Add --dn command to extract the subject DN of a certificate
2015-08-17 11:34:01 +02:00
Tobias Brunner
18662e9694
scripts: Add script to extract the ASN.1 subject DN from a certificate
...
This can be useful if the subject DN has to be configured with the
asn1dn: prefix in ipsec.conf (e.g. because the actual encoding can't be
created by strongSwan's string parser/encoder).
2015-08-17 11:29:11 +02:00
Andreas Steffen
9bb7307825
Fix timeattack script compilation under ARM
2015-06-05 12:09:38 +02:00
Martin Willi
b821575093
crypt-burn: free() associated data after test
2015-05-04 13:24:33 +02:00
Martin Willi
3aa785507d
travis: Run a gcrypt test with leak-detective
...
And also enable gcrypt in the all tests with leak-detective enabled.
2015-04-15 14:38:42 +02:00
Martin Willi
22d0c934cd
crypt-burn: Support burning signers
2015-04-15 11:35:26 +02:00
Martin Willi
3935d812b7
crypt-burn: Add a encryption buffer command line argument
2015-04-15 11:35:25 +02:00
Martin Willi
466d560a33
crypt-burn: Set a defined key, as some backends require that
2015-04-15 11:35:25 +02:00
Martin Willi
5da79478ff
crypt-burn: Refactor to separate burn methods
2015-04-15 11:35:25 +02:00
Martin Willi
d5ce572d99
crypt-burn: Accept a PLUGINS env var to configure plugins to load
2015-04-15 11:35:25 +02:00
Martin Willi
9d6e952201
utils: Add a constant time chunk_equals() variant for cryptographic purposes
2015-04-14 12:02:48 +02:00
Martin Willi
b833963270
utils: Add a constant time memeq() variant for cryptographic purposes
2015-04-14 11:51:54 +02:00
Martin Willi
39e1ddec2e
scripts: Add a tool that tries to guess MAC/ICV values using validation times
...
This tool shows that it is trivial to re-construct the value memcmp() compares
against by just measuring the time the non-time-constant memcmp() requires to
fail.
It also shows that even when running without any network latencies it gets
very difficult to reconstruct MAC/ICV values, as the time variances due to the
crypto routines are large enough that it gets difficult to measure the time
that memcmp() actually requires after computing the MAC.
However, the faster/time constant an algorithm is, the more likely is a
successful attack. When using AES-NI, it is possible to reconstruct (parts of)
a valid MAC with this tool, for example with AES-GCM.
While this is all theoretical, and way more difficult to exploit with network
jitter, it nonetheless shows that we should replace any use of memcmp/memeq()
with a constant-time alternative in all sensitive places.
2015-04-14 11:51:54 +02:00
Martin Willi
a777155ffe
diffie-hellman: Add a bool return value to set_other_public_value()
2015-03-23 17:54:03 +01:00
Martin Willi
42431690e0
diffie-hellman: Add a bool return value to get_my_public_value()
2015-03-23 17:54:03 +01:00
Martin Willi
75a8457922
travis: Install pip to install pytest in "all" tests
...
This allows ./configure to detect py.test, and execute python unit tests we
provide in the vici python egg.
2015-03-18 14:29:45 +01:00
Martin Willi
83f0c22afe
travis: Disable unwind backtraces regardless of LEAK_DETECTIVE option
...
While d0d85683
works around a crasher related to the use of libunwind, other
build hangs have been seen in the all test cases. Try to
--disable-unwind-backtraces to see if libunwind is really related to those
and if it fixes these issues.
2015-02-26 10:43:20 +01:00
Martin Willi
54d143ca37
travis: Disable forecast/connmark plugins in monolithic builds
...
Ubuntu 12.04 does not seem to provide a sane pkg-config for libiptc or libip4tc.
The monolithic build fails due to missing symbols, so disable it until we have
a newer Ubuntu release.
2015-02-24 12:25:23 +01:00
Martin Willi
2a8e351117
travis: Install iptables-dev for connmark plugin in "all" tests
2015-02-20 16:34:53 +01:00
Martin Willi
05a3f349a7
travis: Build-test updown and ext-auth plugins for Windows
2014-10-14 11:11:34 +02:00