sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-05 00:00:45 -04:00
Code Issues Projects Releases Wiki Activity
11,099 Commits 101 Branches 327 Tags
Commit Graph

11099 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tobias Brunner
1f14b4a1f9 Add --enable-coverage configure option 
This configure flag enables lcov [1] coverage generation and is intended
to be used with unit tests (--enable-unit-tests is implied).

A html coverage report can be generated by issuing the following command
in the toplevel build directory:

make coverage

[1] - http://ltp.sourceforge.net/coverage/lcov.php

Based on a patch by Adrian-Ken Rueegsegger.
 2013-06-11 11:03:11 +02:00
Tobias Brunner
952073b8a7 Use proper type for enumerator_t/linked_list_t tests 
Worked with -O2 but not with -O0.
 2013-06-11 11:03:11 +02:00
Tobias Brunner
de42bf35f9 Converted test for recursive mutex_t 2013-06-11 11:03:11 +02:00
Tobias Brunner
bed4bc1327 Randomly allocate chunk_hash() key during first use 
This avoids hash flooding attacks.
 2013-06-11 11:03:11 +02:00
Tobias Brunner
d1953fe403 Replace chunk_hash() with output from chunk_mac() 
The quality is way better, the calculation is a bit slower though.

The key is statically initialized to zero, which will be changed later
to prevent hash flooding.
 2013-06-11 11:03:11 +02:00
Tobias Brunner
1255de5a20 Adding chunk_mac() which calculates a 64-bit MAC using SipHash-2-4 2013-06-11 11:03:11 +02:00
Tobias Brunner
4e67f19528 Converted tests for chunk_t 2013-06-11 11:03:11 +02:00
Tobias Brunner
e09461bf77 Converted and added tests for hashtable_t 2013-06-11 11:03:10 +02:00
Tobias Brunner
0298be5705 Converted tests for identification_t 2013-06-11 11:03:10 +02:00
Tobias Brunner
3cbacad40b Remove obsolete enumerator/linked_list tests in unit_tester plugin 2013-06-11 11:03:10 +02:00
Tobias Brunner
26e8375b14 Add tests combining linked_list_t and enumerators 2013-06-11 11:03:10 +02:00
Tobias Brunner
d3b06618f8 Some minor Doxygen fixes for linked_list_t 2013-06-11 11:03:10 +02:00
Tobias Brunner
ff8f12298f Add basic tests for linked_list_t 2013-06-11 11:03:10 +02:00
Tobias Brunner
0d67c8329b Redirect test runner output to stderr 
This allows redirecting stdout of 'make check' to /dev/null.
 2013-06-11 11:03:10 +02:00
Tobias Brunner
f15fcdc9d8 Add tests for enumerator_t 2013-06-11 11:03:10 +02:00
Tobias Brunner
156dcbc12e Add test runner for unit tests in libstrongswan 2013-06-11 11:03:10 +02:00
Tobias Brunner
62516a7465 testing: Increase base image size so there is space for test results on winnetou 2013-06-11 11:01:26 +02:00
Tobias Brunner
053ad34959 testing: Ignore errors when searching for imcv log entries in daemon.log 2013-06-10 18:52:32 +02:00
Tobias Brunner
5d52087b54 Added missing string for full-length HMAC-SHA512 signer 2013-06-10 11:48:18 +02:00
Tobias Brunner
cfae3a227d attr: Fix handling of invalid IPs listed after valid ones 
Invalid IPs listed after a valid one resulted in an attribute
of the same type but with invalid data.
 2013-06-05 17:26:24 +02:00
Martin Willi
169bf6745e attr: fix a compiler warning that family is used uninitialized (seen with -Os) 2013-06-05 15:20:37 +02:00
Martin Willi
bc1c92c9e9 Strictly memwipe_check() for magic only in the affected buffer 
Passing back the buffer address we memwipe() is not ideal, as it could, in
theory, change the behavior of the compiler and not-optimize memwipe(). But
as checking a larger stack is very difficult for different architectures
and compilers, we do it nonetheless for now.
 2013-06-05 15:02:18 +02:00
Tobias Brunner
c480b5f458 Allow memwipe() to be called with NULL argument 2013-05-27 18:41:16 +02:00
Michael Rossberg
e4d5e0114f kernel-netlink: add outer addresses to policy when using BEET mode 2013-05-24 15:09:47 +02:00
Michael Rossberg
5e4b1ad20a openssl: add support for IP addr blocks in X.509 certificates 2013-05-24 15:09:47 +02:00
Andreas Steffen
71d740cac6 Make plugins in standalone libimcv configurable 2013-05-24 12:56:21 +02:00
Volker Rümelin
f8298b9f98 host-resolver: don't try to resolve a plain v4 address to an IPv6 address 
Suppress 'Address family for hostname not supported' errors if a IPv6
client connects in a mixed IPv4/IPv6 environment.
 2013-05-16 11:03:37 +02:00
Martin Willi
21bade294b traffic-selector: inet_pton is successful only if it returns 1 2013-05-16 11:01:27 +02:00
Emanuil Hristov
2ce403438f updown: pass IKE_SA unique ID in PLUTO_UNIQUEID 2013-05-16 10:13:22 +02:00
Martin Willi
e8b2ce1e72 capabilities: leak-detective using dlsym() does not need CAP_SYS_NICE anymore 2013-05-15 17:20:47 +02:00
Martin Willi
b1bd63547b capabilities: initialize supplementary groups only when doing a setuid() 2013-05-15 17:20:47 +02:00
Martin Willi
2e9201f4ef af-alg: fix number of signers after adding untruncated HMAC-SHA-512 (1f2a34d6) 2013-05-15 17:20:36 +02:00
Martin Willi
965348cd7a Raise LOCAL_AUTH_FAILED alert after receiving AUTHENTICATION_FAILURE 2013-05-15 17:18:03 +02:00
Tobias Brunner
c6e1eda6d0 testing: Set terminal title when logging in via SSH 
Since we always log in as root use a simpler command prompt. And don't
store duplicate commands in the bash command history.
 2013-05-15 10:35:48 +02:00
Tobias Brunner
bd538e8c4a openssl: Only warn about unavailable FIPS mode if the user requested it 2013-05-08 15:23:14 +02:00
Tobias Brunner
c1f1df4b40 Merge branch 'charon-cmd-pkcs12' 
Adds support for PKCS#12 files in charon-cmd and ipsec.secrets.

Also fixes the cleanup of the OpenSSL library in the openssl plugin.
 2013-05-08 15:19:38 +02:00
Tobias Brunner
6040eff900 stroke: Add second password if provided 2013-05-08 15:02:41 +02:00
Tobias Brunner
b7aa6b789e Load pkcs7 plugin in charon (and while we are at it in nm) 2013-05-08 15:02:41 +02:00
Tobias Brunner
1c080407b2 stroke: Fail silently if another builder calls PW callback after giving up 
Also reduced the number of tries to 3.
 2013-05-08 15:02:41 +02:00
Tobias Brunner
4a64c3e9a0 stroke: Cache passwords so the user is not prompted multiple times for the same password 
To verify/decrypt a PKCS#12 container a password might be needed
multiple times.  If it was entered correctly we don't want to bother the
user again with another password prompt.
The passwords for MAC creation and encryption could be different so the
user might be prompted multiple times after all.
 2013-05-08 15:02:41 +02:00
Tobias Brunner
e240b03e68 stroke: Fix prompt and error messages in passphrase callback 2013-05-08 15:02:41 +02:00
Tobias Brunner
7971278c92 stroke: Load credentials from PKCS#12 files (P12 token) 2013-05-08 15:02:41 +02:00
Tobias Brunner
904390e887 openssl: Cleanup thread specific error buffer 2013-05-08 15:02:40 +02:00
Tobias Brunner
3ee2af97bf openssl: Don't use deprecated CRYPTO_set_id_callback() with OpenSSL >= 1.0.0 2013-05-08 15:02:40 +02:00
Tobias Brunner
780900ab0e openssl: Add PKCS#12 parsing via OpenSSL 2013-05-08 15:02:40 +02:00
Tobias Brunner
651d5ab8e7 openssl: Properly cleanup OpenSSL library 2013-05-08 15:02:40 +02:00
Tobias Brunner
02116fdc2d charon-cmd: Add support for PKCS#12 files 2013-05-08 15:02:40 +02:00
Tobias Brunner
3bd498284e PEM plugin loads PKCS#12 containers from (DER-encoded) files 
It is not actually able to handle PEM encoded PKCS#12 files produced
by OpenSSL.
 2013-05-08 15:02:40 +02:00
Tobias Brunner
abc04e6b3f Remove pluto specific certificate types 2013-05-08 15:02:40 +02:00
Tobias Brunner
f77d6e16d2 charon-cmd: match_me/match_other are optional in callback credentials 2013-05-08 15:02:40 +02:00