Commit Graph

17934 Commits

Author SHA1 Message Date
Tobias Brunner 1eb2d149db testing: Use host-passthrough CPU mode for all KVM guests
This should give us the best performance and feature set on modern
hardware (in particular when compared to code2duo, which e.g. does not allow
nested virtualization).

Closes strongswan/strongswan#340.
2021-05-10 10:04:28 +02:00
Tobias Brunner d4c337a42f Use Botan 2.18.0 for tests 2021-05-07 14:48:17 +02:00
Adrian-Ken Rueegsegger f0c25960ed openssl: Consider authorityKeyIdentifier in issued_by()
Prior to verifying the cryptographic signature, check if the
authorityKeyIdentifier matches the key ID of the issuing certificate if
it is available.
2021-05-07 14:29:24 +02:00
Adrian-Ken Rueegsegger 027c5c9dcb x509: Consider authorityKeyIdentifier in issued_by()
Prior to verifying the cryptographic signature, check if the
authorityKeyIdentifier matches the key ID of the issuing certificate if
it is available.
2021-05-07 14:29:24 +02:00
Adrian-Ken Rueegsegger 97c9158378 openssl: Bring CRL issued_by() in line with x509 plugin 2021-05-07 14:29:24 +02:00
Adrian-Ken Rueegsegger 9f468f454a ike: Set DCSP on keepalive packets 2021-05-07 14:29:24 +02:00
Tobias Brunner 546f61d3c8 openssl: Add support for AES in CCM mode
While CCM is available in earlier versions, we only use it with
OpenSSL 1.1.0 and newer because the generic control variables are not
available before and we default to GCM for them.

Closes strongswan/strongswan#353.
2021-05-06 18:29:16 +02:00
Noel Kuntze 5191c2b063 testing: Make sure $SHAREDDIR exists before mounting it
Closes strongswan/strongswan#344.
2021-05-06 17:21:59 +02:00
Tobias Brunner a730873211 github: Fix python build and checks on older Ubuntu releases
On 18.04, setuptools was apparently pulled in by python-pip but is not
by python3-pip and on Ubuntu 16.04 there is an issue with tox when
installed via pip3 (syntax error in one of the dependencies) and with
pip that dependency is not even available.
2021-05-06 15:16:42 +02:00
Tobias Brunner 9535c3f778 wolfssl: Properly handle failure to initialize SHAKE_256 2021-05-06 11:47:38 +02:00
Tobias Brunner 2f650e085b github: Don't fail LGTM test with an error if variables are missing
That's because forks are currently not allowed to be analyzed by LGTM (unlike
with SonarCloud) so this check can't actually be successful for forks even if
variables are defined.

References strongswan/strongswan#328.
2021-05-05 19:11:38 +02:00
Noel Kuntze 260e7b55f6 github: Fail LGTM test if required environment variables aren't set
Closes strongswan/strongswan#328.
2021-05-05 18:12:25 +02:00
Tobias Brunner cd7b80e869 github: Make LGTM project ID configurable via environment variable 2021-05-05 18:09:44 +02:00
Noel Kuntze f830e71457 github: Fail sonarcloud test if required environment variables aren't set
Closes strongswan/strongswan#330.
2021-05-05 18:10:03 +02:00
Tobias Brunner c603704bb3 github: Always upload lint results from Android build 2021-05-05 18:09:44 +02:00
Tobias Brunner 742e0f213c github: Fix build on Ubuntu 20.04 and add a job for 18.04
The nm test can only be done on Ubuntu 18.04 as the required libraries
are not available on newer systems.

Switch to pip3 to install tox (the only Python dependency we use).

Closes strongswan/strongswan#327.
2021-05-05 18:09:44 +02:00
Tobias Brunner eca1b81682 github: Fix installation of Python dependencies 2021-05-05 18:08:20 +02:00
Tobias Brunner 6405653da2 android: Avoid lint errors when determining column indices
The lint version used on our GitHub build hosts reported these errors:

Error: Value must be ≥ 0 [Range]
        db.update(TABLE_VPNPROFILE, values, KEY_ID + " = " + cursor.getLong(cursor.getColumnIndex(KEY_ID)), null);

That's because get*() expect a valid index >= 0 but getColumnIndex()
can return -1 if the column name doesn't exist.
2021-05-05 16:40:14 +02:00
Tobias Brunner f0a20dd2b8 backtrace: The BFD API changed in newer versions 2021-05-05 16:17:54 +02:00
Noel Kuntze 1de13f9037 openssl: Fix OpenSSL version check for EC_POINT_set_affine_coordinates
Fixes: bd323ae6c8 ("openssl: Migrate from deprecated EC_POINT_[set|get]_affine_coordinates_GFp() functions")
Closes strongswan/strongswan#332
2021-05-04 14:51:18 +02:00
Noel Kuntze e9a55abce4 forecast: Restrict strncpy() call
Closes strongswan/strongswan#331.
2021-05-04 14:48:53 +02:00
Tobias Brunner 2b89676157 Merge branch 'doxygen-fixes'
Closes strongswan/strongswan#326.
2021-05-04 14:39:56 +02:00
Noel Kuntze 4886a2c7d8
Doxyfile.in: Remove deprecated variables 2021-04-15 16:13:22 +02:00
Noel Kuntze a11efc5214
doxygen: Fix documentation problems 2021-04-15 00:17:59 +02:00
Andreas Steffen 09df86c033 Version bump to 5.9.3dr1 2021-03-31 09:59:55 +02:00
Andreas Steffen 66ba50b217 testing: Migrated p2pnat/medsrv-psk scenario to vici 2021-03-30 22:12:00 +02:00
Andreas Steffen 03e1272ff2 testing: Migrated p2pnat/behind-same-nat scenario to vici 2021-03-30 22:12:00 +02:00
Andreas Steffen 68154033bb testing: Store mars credentials in the swanctl directory 2021-03-30 22:12:00 +02:00
Andreas Steffen 2cbf7da51a testing: Migrated redirect-active scenario to vici 2021-03-30 22:12:00 +02:00
Andreas Steffen 511b860916 testing: Migrated ha/both-active scenario to vici 2021-03-30 18:57:49 +02:00
Andreas Steffen 5c22e94f0f testing: Migrated ha/active-passive scenario to vici 2021-03-30 18:57:49 +02:00
Andreas Steffen 737f7fce51 testing: Switched PTS measurements to /usr/sbin
Due to Debian 10 linking /bin to /usr/bin which drastically
increased the number of files in /bin, the PTS measurement
was switched to /usr/sbin with a lesser number of files.
2021-03-23 10:54:48 +01:00
Andreas Steffen f412c97648 wolfssl: Support SHAKE_256 2021-03-20 11:19:12 +01:00
Andreas Steffen a91eb3eb96 wolfssl: Support SHA3 2021-03-20 11:15:42 +01:00
Andreas Steffen b57215ba2b wolfssl: Support AES_ECB 2021-03-20 11:15:42 +01:00
Andreas Steffen bd323ae6c8 openssl: Migrate from deprecated EC_POINT_[set|get]_affine_coordinates_GFp() functions 2021-03-19 08:50:27 +01:00
Petr Gotthard c5eac9c390 libcharon: Include libtpmtss in monolithic build 2021-03-17 12:14:47 +01:00
Andreas Steffen 6aef079f59 testing: Bump guest kernel to Linux 5.11 2021-03-07 14:39:44 +01:00
Andreas Steffen 87ba3a424d Version bump to 5.9.2 2021-02-26 11:30:13 +01:00
Tobias Brunner 88c4d8cb22 Merge branch 'sha2-no-trunc'
Closes strongswan/strongswan#215.
2021-02-23 17:30:11 +01:00
Tobias Brunner 875813c055 save-keys: Fix length of AES-GCM with 12-byte ICV 2021-02-23 17:28:46 +01:00
Michał Skalski b6b8880340 save-keys: Add support for full-length HMAC-SHA256 for ESP
Wireshark doesn't really support it, but this way it at least decodes
the ESP packets correctly and the encryption keys are saved and the
packets can be decrypted.  The full-length versions of SHA-384 and
SHA-512 are not supported by Wireshark as 256-bit is the longest ICV
it is able to decode currently.
2021-02-23 17:28:46 +01:00
Michał Skalski c632aa7b31 kernel-netlink: Add support for full-length HMAC-SHA2 algorithms 2021-02-23 17:28:46 +01:00
Michał Skalski aa6da3700a keymat: Add support for full-length HMAC-SHA2 algorithms 2021-02-23 17:23:29 +01:00
Michał Skalski 7a8cd5d6d0 af-alg: Fix typo in algorithm mapping for full-size HMAC-SHA-256 2021-02-23 09:25:44 +01:00
Andreas Steffen 356f87355b Version bump to 5.9.2rc2 2021-02-21 10:40:34 +01:00
Andreas Steffen 20c47af319 testing: Use TLS 1.3 in TNC PT-TLS tests 2021-02-21 09:48:34 +01:00
Andreas Steffen 9f55246018 testing: Added mgf1 plugin to load statement 2021-02-19 17:41:44 +01:00
Andreas Steffen 283b352cee Merge branch 'tls-fixes' 2021-02-18 20:28:33 +01:00
Andreas Steffen d08fa4bd0a Version bump to 5.9.2rc1 2021-02-18 20:16:17 +01:00