Tobias Brunner
1eb2d149db
testing: Use host-passthrough CPU mode for all KVM guests
...
This should give us the best performance and feature set on modern
hardware (in particular when compared to code2duo, which e.g. does not allow
nested virtualization).
Closes strongswan/strongswan#340 .
2021-05-10 10:04:28 +02:00
Tobias Brunner
d4c337a42f
Use Botan 2.18.0 for tests
2021-05-07 14:48:17 +02:00
Adrian-Ken Rueegsegger
f0c25960ed
openssl: Consider authorityKeyIdentifier in issued_by()
...
Prior to verifying the cryptographic signature, check if the
authorityKeyIdentifier matches the key ID of the issuing certificate if
it is available.
2021-05-07 14:29:24 +02:00
Adrian-Ken Rueegsegger
027c5c9dcb
x509: Consider authorityKeyIdentifier in issued_by()
...
Prior to verifying the cryptographic signature, check if the
authorityKeyIdentifier matches the key ID of the issuing certificate if
it is available.
2021-05-07 14:29:24 +02:00
Adrian-Ken Rueegsegger
97c9158378
openssl: Bring CRL issued_by() in line with x509 plugin
2021-05-07 14:29:24 +02:00
Adrian-Ken Rueegsegger
9f468f454a
ike: Set DCSP on keepalive packets
2021-05-07 14:29:24 +02:00
Tobias Brunner
546f61d3c8
openssl: Add support for AES in CCM mode
...
While CCM is available in earlier versions, we only use it with
OpenSSL 1.1.0 and newer because the generic control variables are not
available before and we default to GCM for them.
Closes strongswan/strongswan#353 .
2021-05-06 18:29:16 +02:00
Noel Kuntze
5191c2b063
testing: Make sure $SHAREDDIR exists before mounting it
...
Closes strongswan/strongswan#344 .
2021-05-06 17:21:59 +02:00
Tobias Brunner
a730873211
github: Fix python build and checks on older Ubuntu releases
...
On 18.04, setuptools was apparently pulled in by python-pip but is not
by python3-pip and on Ubuntu 16.04 there is an issue with tox when
installed via pip3 (syntax error in one of the dependencies) and with
pip that dependency is not even available.
2021-05-06 15:16:42 +02:00
Tobias Brunner
9535c3f778
wolfssl: Properly handle failure to initialize SHAKE_256
2021-05-06 11:47:38 +02:00
Tobias Brunner
2f650e085b
github: Don't fail LGTM test with an error if variables are missing
...
That's because forks are currently not allowed to be analyzed by LGTM (unlike
with SonarCloud) so this check can't actually be successful for forks even if
variables are defined.
References strongswan/strongswan#328 .
2021-05-05 19:11:38 +02:00
Noel Kuntze
260e7b55f6
github: Fail LGTM test if required environment variables aren't set
...
Closes strongswan/strongswan#328 .
2021-05-05 18:12:25 +02:00
Tobias Brunner
cd7b80e869
github: Make LGTM project ID configurable via environment variable
2021-05-05 18:09:44 +02:00
Noel Kuntze
f830e71457
github: Fail sonarcloud test if required environment variables aren't set
...
Closes strongswan/strongswan#330 .
2021-05-05 18:10:03 +02:00
Tobias Brunner
c603704bb3
github: Always upload lint results from Android build
2021-05-05 18:09:44 +02:00
Tobias Brunner
742e0f213c
github: Fix build on Ubuntu 20.04 and add a job for 18.04
...
The nm test can only be done on Ubuntu 18.04 as the required libraries
are not available on newer systems.
Switch to pip3 to install tox (the only Python dependency we use).
Closes strongswan/strongswan#327 .
2021-05-05 18:09:44 +02:00
Tobias Brunner
eca1b81682
github: Fix installation of Python dependencies
2021-05-05 18:08:20 +02:00
Tobias Brunner
6405653da2
android: Avoid lint errors when determining column indices
...
The lint version used on our GitHub build hosts reported these errors:
Error: Value must be ≥ 0 [Range]
db.update(TABLE_VPNPROFILE, values, KEY_ID + " = " + cursor.getLong(cursor.getColumnIndex(KEY_ID)), null);
That's because get*() expect a valid index >= 0 but getColumnIndex()
can return -1 if the column name doesn't exist.
2021-05-05 16:40:14 +02:00
Tobias Brunner
f0a20dd2b8
backtrace: The BFD API changed in newer versions
2021-05-05 16:17:54 +02:00
Noel Kuntze
1de13f9037
openssl: Fix OpenSSL version check for EC_POINT_set_affine_coordinates
...
Fixes: bd323ae6c8
("openssl: Migrate from deprecated EC_POINT_[set|get]_affine_coordinates_GFp() functions")
Closes strongswan/strongswan#332
2021-05-04 14:51:18 +02:00
Noel Kuntze
e9a55abce4
forecast: Restrict strncpy() call
...
Closes strongswan/strongswan#331 .
2021-05-04 14:48:53 +02:00
Tobias Brunner
2b89676157
Merge branch 'doxygen-fixes'
...
Closes strongswan/strongswan#326 .
2021-05-04 14:39:56 +02:00
Noel Kuntze
4886a2c7d8
Doxyfile.in: Remove deprecated variables
2021-04-15 16:13:22 +02:00
Noel Kuntze
a11efc5214
doxygen: Fix documentation problems
2021-04-15 00:17:59 +02:00
Andreas Steffen
09df86c033
Version bump to 5.9.3dr1
2021-03-31 09:59:55 +02:00
Andreas Steffen
66ba50b217
testing: Migrated p2pnat/medsrv-psk scenario to vici
2021-03-30 22:12:00 +02:00
Andreas Steffen
03e1272ff2
testing: Migrated p2pnat/behind-same-nat scenario to vici
2021-03-30 22:12:00 +02:00
Andreas Steffen
68154033bb
testing: Store mars credentials in the swanctl directory
2021-03-30 22:12:00 +02:00
Andreas Steffen
2cbf7da51a
testing: Migrated redirect-active scenario to vici
2021-03-30 22:12:00 +02:00
Andreas Steffen
511b860916
testing: Migrated ha/both-active scenario to vici
2021-03-30 18:57:49 +02:00
Andreas Steffen
5c22e94f0f
testing: Migrated ha/active-passive scenario to vici
2021-03-30 18:57:49 +02:00
Andreas Steffen
737f7fce51
testing: Switched PTS measurements to /usr/sbin
...
Due to Debian 10 linking /bin to /usr/bin which drastically
increased the number of files in /bin, the PTS measurement
was switched to /usr/sbin with a lesser number of files.
2021-03-23 10:54:48 +01:00
Andreas Steffen
f412c97648
wolfssl: Support SHAKE_256
2021-03-20 11:19:12 +01:00
Andreas Steffen
a91eb3eb96
wolfssl: Support SHA3
2021-03-20 11:15:42 +01:00
Andreas Steffen
b57215ba2b
wolfssl: Support AES_ECB
2021-03-20 11:15:42 +01:00
Andreas Steffen
bd323ae6c8
openssl: Migrate from deprecated EC_POINT_[set|get]_affine_coordinates_GFp() functions
2021-03-19 08:50:27 +01:00
Petr Gotthard
c5eac9c390
libcharon: Include libtpmtss in monolithic build
2021-03-17 12:14:47 +01:00
Andreas Steffen
6aef079f59
testing: Bump guest kernel to Linux 5.11
2021-03-07 14:39:44 +01:00
Andreas Steffen
87ba3a424d
Version bump to 5.9.2
2021-02-26 11:30:13 +01:00
Tobias Brunner
88c4d8cb22
Merge branch 'sha2-no-trunc'
...
Closes strongswan/strongswan#215 .
2021-02-23 17:30:11 +01:00
Tobias Brunner
875813c055
save-keys: Fix length of AES-GCM with 12-byte ICV
2021-02-23 17:28:46 +01:00
Michał Skalski
b6b8880340
save-keys: Add support for full-length HMAC-SHA256 for ESP
...
Wireshark doesn't really support it, but this way it at least decodes
the ESP packets correctly and the encryption keys are saved and the
packets can be decrypted. The full-length versions of SHA-384 and
SHA-512 are not supported by Wireshark as 256-bit is the longest ICV
it is able to decode currently.
2021-02-23 17:28:46 +01:00
Michał Skalski
c632aa7b31
kernel-netlink: Add support for full-length HMAC-SHA2 algorithms
2021-02-23 17:28:46 +01:00
Michał Skalski
aa6da3700a
keymat: Add support for full-length HMAC-SHA2 algorithms
2021-02-23 17:23:29 +01:00
Michał Skalski
7a8cd5d6d0
af-alg: Fix typo in algorithm mapping for full-size HMAC-SHA-256
2021-02-23 09:25:44 +01:00
Andreas Steffen
356f87355b
Version bump to 5.9.2rc2
2021-02-21 10:40:34 +01:00
Andreas Steffen
20c47af319
testing: Use TLS 1.3 in TNC PT-TLS tests
2021-02-21 09:48:34 +01:00
Andreas Steffen
9f55246018
testing: Added mgf1 plugin to load statement
2021-02-19 17:41:44 +01:00
Andreas Steffen
283b352cee
Merge branch 'tls-fixes'
2021-02-18 20:28:33 +01:00
Andreas Steffen
d08fa4bd0a
Version bump to 5.9.2rc1
2021-02-18 20:16:17 +01:00