aboutsummaryrefslogtreecommitdiffstats
path: root/scripts
Commit message (Collapse)AuthorAgeFilesLines
* travis: Run 32-bit Windows build on precise (12.04) imageTobias Brunner2016-09-201-1/+2
| | | | That's required due to a bug in MinGW 3.1.0 that's shipped with trusty.
* travis: Properly pass back result of makeTobias Brunner2016-09-201-1/+1
| | | | Fixes: 4e8f5a189cce ("travis: Add apidoc check")
* travis: Don't disable connmark and forecast plugins anymoreTobias Brunner2016-09-201-5/+1
| | | | They build fine on Ubuntu 14.04.
* maemo: Remove unused pluginTobias Brunner2016-09-151-1/+1
|
* travis: Add apidoc checkTobias Brunner2016-09-051-2/+29
| | | | | This requires at least Ubuntu 14.04 (the Doxygen version in 12.04 has some issues with our Doxyfile and prints lots of warnings).
* travis: Use Trusty beta imageTobias Brunner2016-09-051-4/+4
|
* travis: Add a workaround for a bug regarding libtool installed via HomebrewTobias Brunner2016-08-251-0/+2
|
* travis: Disable tss-tss2 and aikpub2 but enable TrouSerS and build aikgenTobias Brunner2016-06-281-2/+5
| | | | Ubuntu 12.04 does not provide libtss2-dev.
* Use standard unsigned integer typesAndreas Steffen2016-03-241-5/+5
|
* travis: Enable OS X buildTobias Brunner2015-11-231-2/+40
|
* pki: Add --dn command to extract the subject DN of a certificateTobias Brunner2015-08-172-157/+1
|
* scripts: Add script to extract the ASN.1 subject DN from a certificateTobias Brunner2015-08-172-1/+157
| | | | | | This can be useful if the subject DN has to be configured with the asn1dn: prefix in ipsec.conf (e.g. because the actual encoding can't be created by strongSwan's string parser/encoder).
* Fix timeattack script compilation under ARMAndreas Steffen2015-06-051-1/+1
|
* crypt-burn: free() associated data after testMartin Willi2015-05-041-0/+1
|
* travis: Run a gcrypt test with leak-detectiveMartin Willi2015-04-151-4/+0
| | | | And also enable gcrypt in the all tests with leak-detective enabled.
* crypt-burn: Support burning signersMartin Willi2015-04-151-0/+53
|
* crypt-burn: Add a encryption buffer command line argumentMartin Willi2015-04-151-9/+14
|
* crypt-burn: Set a defined key, as some backends require thatMartin Willi2015-04-151-4/+10
|
* crypt-burn: Refactor to separate burn methodsMartin Willi2015-04-151-74/+116
|
* crypt-burn: Accept a PLUGINS env var to configure plugins to loadMartin Willi2015-04-151-3/+2
|
* utils: Add a constant time chunk_equals() variant for cryptographic purposesMartin Willi2015-04-141-1/+47
|
* utils: Add a constant time memeq() variant for cryptographic purposesMartin Willi2015-04-141-1/+8
|
* scripts: Add a tool that tries to guess MAC/ICV values using validation timesMartin Willi2015-04-143-1/+369
| | | | | | | | | | | | | | | | | | | This tool shows that it is trivial to re-construct the value memcmp() compares against by just measuring the time the non-time-constant memcmp() requires to fail. It also shows that even when running without any network latencies it gets very difficult to reconstruct MAC/ICV values, as the time variances due to the crypto routines are large enough that it gets difficult to measure the time that memcmp() actually requires after computing the MAC. However, the faster/time constant an algorithm is, the more likely is a successful attack. When using AES-NI, it is possible to reconstruct (parts of) a valid MAC with this tool, for example with AES-GCM. While this is all theoretical, and way more difficult to exploit with network jitter, it nonetheless shows that we should replace any use of memcmp/memeq() with a constant-time alternative in all sensitive places.
* diffie-hellman: Add a bool return value to set_other_public_value()Martin Willi2015-03-231-3/+2
|
* diffie-hellman: Add a bool return value to get_my_public_value()Martin Willi2015-03-231-2/+3
|
* travis: Install pip to install pytest in "all" testsMartin Willi2015-03-181-1/+7
| | | | | This allows ./configure to detect py.test, and execute python unit tests we provide in the vici python egg.
* travis: Disable unwind backtraces regardless of LEAK_DETECTIVE optionMartin Willi2015-02-261-3/+1
| | | | | | | While d0d85683 works around a crasher related to the use of libunwind, other build hangs have been seen in the all test cases. Try to --disable-unwind-backtraces to see if libunwind is really related to those and if it fixes these issues.
* travis: Disable forecast/connmark plugins in monolithic buildsMartin Willi2015-02-241-0/+4
| | | | | | Ubuntu 12.04 does not seem to provide a sane pkg-config for libiptc or libip4tc. The monolithic build fails due to missing symbols, so disable it until we have a newer Ubuntu release.
* travis: Install iptables-dev for connmark plugin in "all" testsMartin Willi2015-02-201-1/+1
|
* travis: Build-test updown and ext-auth plugins for WindowsMartin Willi2014-10-141-0/+1
|
* travis: Disable soup in "all" testMartin Willi2014-09-241-1/+1
| | | | | | | | | | | | On Ubuntu 12.04, there seems to be a resource leak related to pthread keys when initializing glib or related libraries more than once. With our repeated initialization for libstrongswan tests, we hit the following error: Lib (gthread-posix.c): Unexpected error from C library during 'pthread_key_create': Resource temporarily unavailable. The problem is not reproducible on a newer Gnome stack, hence we disable the glib based soup plugin until we have a more recent Ubuntu on Travis.
* travis: Disable build of native systemd IKE daemonMartin Willi2014-09-221-0/+1
| | | | | Travis still uses Ubuntu 12.04, where no systemd libraries are available. Skip systemd support on Travis until we have a more recent Ubuntu distribution.
* autoconf: Replace --disable-tools option with --disable-scepclientTobias Brunner2014-06-301-2/+2
| | | | | Since using a separate option for pki this was the only tool that was still enabled by that option.
* travis: Add a Windows 32-bit variant build testMartin Willi2014-06-061-5/+15
|
* travis: Build "all" tests without Windows HTTP fetcherMartin Willi2014-06-041-1/+1
| | | | | We don't include it in the Windows build test either, as MinGW does not come with -lwinhttp.
* travis: Build "all" tests without Windows kernel backendsMartin Willi2014-06-041-1/+2
|
* travis: Include socket backend in Windows build testMartin Willi2014-06-041-1/+1
|
* travis: Build "all" tests without Windows socket backendMartin Willi2014-06-041-1/+1
|
* travis: Define a Windows build test using MinGWMartin Willi2014-06-041-2/+18
|
* travis: Perform build tests with -WerrorMartin Willi2014-06-041-1/+3
|
* travis: Build "all" test without Windows specific charon-svc or dbghelpMartin Willi2014-06-041-1/+2
|
* travis: Install libjson dependency for "all" testsMartin Willi2014-06-031-1/+1
|
* scripts: Ignore settings-test scriptTobias Brunner2014-05-201-7/+8
|
* enum: Return boolean result for enum_from_name() lookupMartin Willi2014-05-161-2/+1
| | | | | | | | | | | Handling the result for enum_from_name() is difficult, as checking for negative return values requires a cast if the enum type is unsigned. The new signature clearly differentiates lookup result from lookup value. Further, this actually allows to convert real -1 enum values, which could not be distinguished from "not-found" and the -1 return value. This also fixes several clang warnings where enums are unsigned.
* scripts: Add test script for settings_tTobias Brunner2014-05-152-1/+128
|
* travis: --disable-aikgen in "all" testsMartin Willi2014-05-071-1/+1
| | | | | aikgen has a hard dependency on TrouSerS, which we currently don't have in the travis build.
* tls: Support a maximum TLS version to negotiate using TLS socket abstractionMartin Willi2014-04-011-2/+2
|
* tls: Introduce a generic TLS purpose that accepts NULL encryption ciphersMartin Willi2014-04-011-2/+2
|
* aead: Support custom AEAD salt sizesMartin Willi2014-03-312-2/+2
| | | | | | | | | The salt, or often called implicit nonce, varies between AEAD algorithms and their use in protocols. For IKE and ESP, GCM uses 4 bytes, while CCM uses 3 bytes. With TLS, however, AEAD mode uses 4 bytes for both GCM and CCM. Our GCM backends currently support 4 bytes and CCM 3 bytes only. This is fine until we go for CCM mode support in TLS, which requires 4 byte nonces.
* travis: Run the "all" test case with leak detective enabledTobias Brunner2014-03-271-0/+6
| | | | | | | | But disable the gcrypt plugin, as it causes leaks. Also disable the backtraces by libunwind as they seem to cause threads to get cleaned up after the leak detective already has been disabled, which leads to invalid free()s.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-01 18:33:15 +0000