aboutsummaryrefslogtreecommitdiffstats
path: root/scripts
Commit message (Collapse)AuthorAgeFilesLines
* private-key: Add optional parameters argument to sign() methodTobias Brunner2017-11-081-1/+1
|
* public-key: Add optional parameters argument to verify() methodTobias Brunner2017-11-081-1/+1
|
* scripts: Add -d option to oid2der to decode DER encoded OIDsTobias Brunner2017-11-021-0/+17
|
* travis: Use the same ASAN_OPTIONS as used by OSS-FuzzTobias Brunner2017-08-151-0/+8
|
* travis: Run fuzz targetsTobias Brunner2017-08-151-0/+13
|
* appveyor: Build against OpenSSLTobias Brunner2017-07-281-0/+5
| | | | This is mainly for the RNG needed for the exchange tests.
* appveyor: Run tests on AppVeyor Windows containersTobias Brunner2017-07-281-3/+5
| | | | | We can't enable leak detective as it is so slow then that we run into a timeout (60 minutes).
* fuzz: Add fuzzing boilerplateTobias Brunner2017-05-231-1/+1
|
* travis: aikpub2 was removed, no need to disable it anymoreTobias Brunner2017-03-231-1/+1
|
* travis: Build Windows-specific pluginsTobias Brunner2017-03-231-1/+7
| | | | | The plugins can only be built on x64 as the MinGW headers on Ubuntu 12.04, which we have to use for x86 due to another issue with MinGW, are too old.
* travis: Create coverage report via codecov.ioTobias Brunner2017-03-151-3/+7
|
* libipsec: Fix Windows build via MinGWTobias Brunner2017-01-251-1/+1
| | | | Fixes #2118.
* dh-speed: Compare the shared secrets for equality after testMartin Willi2016-11-141-3/+7
|
* dh-speed: Include the get_my_public_value() call in public exponent timingMartin Willi2016-11-141-4/+4
| | | | | This fixes results where a DH backend does not generate the public value in the constructor internally.
* dh-speed: Add an identifier to test curve25519 performanceMartin Willi2016-11-141-0/+1
|
* travis: Use a more recent OS X imageTobias Brunner2016-09-271-1/+1
| | | | Using the xcode8 image does not work currently (libcurl is not found).
* travis: Run 32-bit Windows build on precise (12.04) imageTobias Brunner2016-09-201-1/+2
| | | | That's required due to a bug in MinGW 3.1.0 that's shipped with trusty.
* travis: Properly pass back result of makeTobias Brunner2016-09-201-1/+1
| | | | Fixes: 4e8f5a189cce ("travis: Add apidoc check")
* travis: Don't disable connmark and forecast plugins anymoreTobias Brunner2016-09-201-5/+1
| | | | They build fine on Ubuntu 14.04.
* maemo: Remove unused pluginTobias Brunner2016-09-151-1/+1
|
* travis: Add apidoc checkTobias Brunner2016-09-051-2/+29
| | | | | This requires at least Ubuntu 14.04 (the Doxygen version in 12.04 has some issues with our Doxyfile and prints lots of warnings).
* travis: Use Trusty beta imageTobias Brunner2016-09-051-4/+4
|
* travis: Add a workaround for a bug regarding libtool installed via HomebrewTobias Brunner2016-08-251-0/+2
|
* travis: Disable tss-tss2 and aikpub2 but enable TrouSerS and build aikgenTobias Brunner2016-06-281-2/+5
| | | | Ubuntu 12.04 does not provide libtss2-dev.
* Use standard unsigned integer typesAndreas Steffen2016-03-241-5/+5
|
* travis: Enable OS X buildTobias Brunner2015-11-231-2/+40
|
* pki: Add --dn command to extract the subject DN of a certificateTobias Brunner2015-08-172-157/+1
|
* scripts: Add script to extract the ASN.1 subject DN from a certificateTobias Brunner2015-08-172-1/+157
| | | | | | This can be useful if the subject DN has to be configured with the asn1dn: prefix in ipsec.conf (e.g. because the actual encoding can't be created by strongSwan's string parser/encoder).
* Fix timeattack script compilation under ARMAndreas Steffen2015-06-051-1/+1
|
* crypt-burn: free() associated data after testMartin Willi2015-05-041-0/+1
|
* travis: Run a gcrypt test with leak-detectiveMartin Willi2015-04-151-4/+0
| | | | And also enable gcrypt in the all tests with leak-detective enabled.
* crypt-burn: Support burning signersMartin Willi2015-04-151-0/+53
|
* crypt-burn: Add a encryption buffer command line argumentMartin Willi2015-04-151-9/+14
|
* crypt-burn: Set a defined key, as some backends require thatMartin Willi2015-04-151-4/+10
|
* crypt-burn: Refactor to separate burn methodsMartin Willi2015-04-151-74/+116
|
* crypt-burn: Accept a PLUGINS env var to configure plugins to loadMartin Willi2015-04-151-3/+2
|
* utils: Add a constant time chunk_equals() variant for cryptographic purposesMartin Willi2015-04-141-1/+47
|
* utils: Add a constant time memeq() variant for cryptographic purposesMartin Willi2015-04-141-1/+8
|
* scripts: Add a tool that tries to guess MAC/ICV values using validation timesMartin Willi2015-04-143-1/+369
| | | | | | | | | | | | | | | | | | | This tool shows that it is trivial to re-construct the value memcmp() compares against by just measuring the time the non-time-constant memcmp() requires to fail. It also shows that even when running without any network latencies it gets very difficult to reconstruct MAC/ICV values, as the time variances due to the crypto routines are large enough that it gets difficult to measure the time that memcmp() actually requires after computing the MAC. However, the faster/time constant an algorithm is, the more likely is a successful attack. When using AES-NI, it is possible to reconstruct (parts of) a valid MAC with this tool, for example with AES-GCM. While this is all theoretical, and way more difficult to exploit with network jitter, it nonetheless shows that we should replace any use of memcmp/memeq() with a constant-time alternative in all sensitive places.
* diffie-hellman: Add a bool return value to set_other_public_value()Martin Willi2015-03-231-3/+2
|
* diffie-hellman: Add a bool return value to get_my_public_value()Martin Willi2015-03-231-2/+3
|
* travis: Install pip to install pytest in "all" testsMartin Willi2015-03-181-1/+7
| | | | | This allows ./configure to detect py.test, and execute python unit tests we provide in the vici python egg.
* travis: Disable unwind backtraces regardless of LEAK_DETECTIVE optionMartin Willi2015-02-261-3/+1
| | | | | | | While d0d85683 works around a crasher related to the use of libunwind, other build hangs have been seen in the all test cases. Try to --disable-unwind-backtraces to see if libunwind is really related to those and if it fixes these issues.
* travis: Disable forecast/connmark plugins in monolithic buildsMartin Willi2015-02-241-0/+4
| | | | | | Ubuntu 12.04 does not seem to provide a sane pkg-config for libiptc or libip4tc. The monolithic build fails due to missing symbols, so disable it until we have a newer Ubuntu release.
* travis: Install iptables-dev for connmark plugin in "all" testsMartin Willi2015-02-201-1/+1
|
* travis: Build-test updown and ext-auth plugins for WindowsMartin Willi2014-10-141-0/+1
|
* travis: Disable soup in "all" testMartin Willi2014-09-241-1/+1
| | | | | | | | | | | | On Ubuntu 12.04, there seems to be a resource leak related to pthread keys when initializing glib or related libraries more than once. With our repeated initialization for libstrongswan tests, we hit the following error: Lib (gthread-posix.c): Unexpected error from C library during 'pthread_key_create': Resource temporarily unavailable. The problem is not reproducible on a newer Gnome stack, hence we disable the glib based soup plugin until we have a more recent Ubuntu on Travis.
* travis: Disable build of native systemd IKE daemonMartin Willi2014-09-221-0/+1
| | | | | Travis still uses Ubuntu 12.04, where no systemd libraries are available. Skip systemd support on Travis until we have a more recent Ubuntu distribution.
* autoconf: Replace --disable-tools option with --disable-scepclientTobias Brunner2014-06-301-2/+2
| | | | | Since using a separate option for pki this was the only tool that was still enabled by that option.
* travis: Add a Windows 32-bit variant build testMartin Willi2014-06-061-5/+15
|
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-30 00:33:17 +0000