Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | private-key: Add optional parameters argument to sign() method | Tobias Brunner | 2017-11-08 | 1 | -1/+1 |
| | |||||
* | public-key: Add optional parameters argument to verify() method | Tobias Brunner | 2017-11-08 | 1 | -1/+1 |
| | |||||
* | scripts: Add -d option to oid2der to decode DER encoded OIDs | Tobias Brunner | 2017-11-02 | 1 | -0/+17 |
| | |||||
* | travis: Use the same ASAN_OPTIONS as used by OSS-Fuzz | Tobias Brunner | 2017-08-15 | 1 | -0/+8 |
| | |||||
* | travis: Run fuzz targets | Tobias Brunner | 2017-08-15 | 1 | -0/+13 |
| | |||||
* | appveyor: Build against OpenSSL | Tobias Brunner | 2017-07-28 | 1 | -0/+5 |
| | | | | This is mainly for the RNG needed for the exchange tests. | ||||
* | appveyor: Run tests on AppVeyor Windows containers | Tobias Brunner | 2017-07-28 | 1 | -3/+5 |
| | | | | | We can't enable leak detective as it is so slow then that we run into a timeout (60 minutes). | ||||
* | fuzz: Add fuzzing boilerplate | Tobias Brunner | 2017-05-23 | 1 | -1/+1 |
| | |||||
* | travis: aikpub2 was removed, no need to disable it anymore | Tobias Brunner | 2017-03-23 | 1 | -1/+1 |
| | |||||
* | travis: Build Windows-specific plugins | Tobias Brunner | 2017-03-23 | 1 | -1/+7 |
| | | | | | The plugins can only be built on x64 as the MinGW headers on Ubuntu 12.04, which we have to use for x86 due to another issue with MinGW, are too old. | ||||
* | travis: Create coverage report via codecov.io | Tobias Brunner | 2017-03-15 | 1 | -3/+7 |
| | |||||
* | libipsec: Fix Windows build via MinGW | Tobias Brunner | 2017-01-25 | 1 | -1/+1 |
| | | | | Fixes #2118. | ||||
* | dh-speed: Compare the shared secrets for equality after test | Martin Willi | 2016-11-14 | 1 | -3/+7 |
| | |||||
* | dh-speed: Include the get_my_public_value() call in public exponent timing | Martin Willi | 2016-11-14 | 1 | -4/+4 |
| | | | | | This fixes results where a DH backend does not generate the public value in the constructor internally. | ||||
* | dh-speed: Add an identifier to test curve25519 performance | Martin Willi | 2016-11-14 | 1 | -0/+1 |
| | |||||
* | travis: Use a more recent OS X image | Tobias Brunner | 2016-09-27 | 1 | -1/+1 |
| | | | | Using the xcode8 image does not work currently (libcurl is not found). | ||||
* | travis: Run 32-bit Windows build on precise (12.04) image | Tobias Brunner | 2016-09-20 | 1 | -1/+2 |
| | | | | That's required due to a bug in MinGW 3.1.0 that's shipped with trusty. | ||||
* | travis: Properly pass back result of make | Tobias Brunner | 2016-09-20 | 1 | -1/+1 |
| | | | | Fixes: 4e8f5a189cce ("travis: Add apidoc check") | ||||
* | travis: Don't disable connmark and forecast plugins anymore | Tobias Brunner | 2016-09-20 | 1 | -5/+1 |
| | | | | They build fine on Ubuntu 14.04. | ||||
* | maemo: Remove unused plugin | Tobias Brunner | 2016-09-15 | 1 | -1/+1 |
| | |||||
* | travis: Add apidoc check | Tobias Brunner | 2016-09-05 | 1 | -2/+29 |
| | | | | | This requires at least Ubuntu 14.04 (the Doxygen version in 12.04 has some issues with our Doxyfile and prints lots of warnings). | ||||
* | travis: Use Trusty beta image | Tobias Brunner | 2016-09-05 | 1 | -4/+4 |
| | |||||
* | travis: Add a workaround for a bug regarding libtool installed via Homebrew | Tobias Brunner | 2016-08-25 | 1 | -0/+2 |
| | |||||
* | travis: Disable tss-tss2 and aikpub2 but enable TrouSerS and build aikgen | Tobias Brunner | 2016-06-28 | 1 | -2/+5 |
| | | | | Ubuntu 12.04 does not provide libtss2-dev. | ||||
* | Use standard unsigned integer types | Andreas Steffen | 2016-03-24 | 1 | -5/+5 |
| | |||||
* | travis: Enable OS X build | Tobias Brunner | 2015-11-23 | 1 | -2/+40 |
| | |||||
* | pki: Add --dn command to extract the subject DN of a certificate | Tobias Brunner | 2015-08-17 | 2 | -157/+1 |
| | |||||
* | scripts: Add script to extract the ASN.1 subject DN from a certificate | Tobias Brunner | 2015-08-17 | 2 | -1/+157 |
| | | | | | | This can be useful if the subject DN has to be configured with the asn1dn: prefix in ipsec.conf (e.g. because the actual encoding can't be created by strongSwan's string parser/encoder). | ||||
* | Fix timeattack script compilation under ARM | Andreas Steffen | 2015-06-05 | 1 | -1/+1 |
| | |||||
* | crypt-burn: free() associated data after test | Martin Willi | 2015-05-04 | 1 | -0/+1 |
| | |||||
* | travis: Run a gcrypt test with leak-detective | Martin Willi | 2015-04-15 | 1 | -4/+0 |
| | | | | And also enable gcrypt in the all tests with leak-detective enabled. | ||||
* | crypt-burn: Support burning signers | Martin Willi | 2015-04-15 | 1 | -0/+53 |
| | |||||
* | crypt-burn: Add a encryption buffer command line argument | Martin Willi | 2015-04-15 | 1 | -9/+14 |
| | |||||
* | crypt-burn: Set a defined key, as some backends require that | Martin Willi | 2015-04-15 | 1 | -4/+10 |
| | |||||
* | crypt-burn: Refactor to separate burn methods | Martin Willi | 2015-04-15 | 1 | -74/+116 |
| | |||||
* | crypt-burn: Accept a PLUGINS env var to configure plugins to load | Martin Willi | 2015-04-15 | 1 | -3/+2 |
| | |||||
* | utils: Add a constant time chunk_equals() variant for cryptographic purposes | Martin Willi | 2015-04-14 | 1 | -1/+47 |
| | |||||
* | utils: Add a constant time memeq() variant for cryptographic purposes | Martin Willi | 2015-04-14 | 1 | -1/+8 |
| | |||||
* | scripts: Add a tool that tries to guess MAC/ICV values using validation times | Martin Willi | 2015-04-14 | 3 | -1/+369 |
| | | | | | | | | | | | | | | | | | | | This tool shows that it is trivial to re-construct the value memcmp() compares against by just measuring the time the non-time-constant memcmp() requires to fail. It also shows that even when running without any network latencies it gets very difficult to reconstruct MAC/ICV values, as the time variances due to the crypto routines are large enough that it gets difficult to measure the time that memcmp() actually requires after computing the MAC. However, the faster/time constant an algorithm is, the more likely is a successful attack. When using AES-NI, it is possible to reconstruct (parts of) a valid MAC with this tool, for example with AES-GCM. While this is all theoretical, and way more difficult to exploit with network jitter, it nonetheless shows that we should replace any use of memcmp/memeq() with a constant-time alternative in all sensitive places. | ||||
* | diffie-hellman: Add a bool return value to set_other_public_value() | Martin Willi | 2015-03-23 | 1 | -3/+2 |
| | |||||
* | diffie-hellman: Add a bool return value to get_my_public_value() | Martin Willi | 2015-03-23 | 1 | -2/+3 |
| | |||||
* | travis: Install pip to install pytest in "all" tests | Martin Willi | 2015-03-18 | 1 | -1/+7 |
| | | | | | This allows ./configure to detect py.test, and execute python unit tests we provide in the vici python egg. | ||||
* | travis: Disable unwind backtraces regardless of LEAK_DETECTIVE option | Martin Willi | 2015-02-26 | 1 | -3/+1 |
| | | | | | | | While d0d85683 works around a crasher related to the use of libunwind, other build hangs have been seen in the all test cases. Try to --disable-unwind-backtraces to see if libunwind is really related to those and if it fixes these issues. | ||||
* | travis: Disable forecast/connmark plugins in monolithic builds | Martin Willi | 2015-02-24 | 1 | -0/+4 |
| | | | | | | Ubuntu 12.04 does not seem to provide a sane pkg-config for libiptc or libip4tc. The monolithic build fails due to missing symbols, so disable it until we have a newer Ubuntu release. | ||||
* | travis: Install iptables-dev for connmark plugin in "all" tests | Martin Willi | 2015-02-20 | 1 | -1/+1 |
| | |||||
* | travis: Build-test updown and ext-auth plugins for Windows | Martin Willi | 2014-10-14 | 1 | -0/+1 |
| | |||||
* | travis: Disable soup in "all" test | Martin Willi | 2014-09-24 | 1 | -1/+1 |
| | | | | | | | | | | | | On Ubuntu 12.04, there seems to be a resource leak related to pthread keys when initializing glib or related libraries more than once. With our repeated initialization for libstrongswan tests, we hit the following error: Lib (gthread-posix.c): Unexpected error from C library during 'pthread_key_create': Resource temporarily unavailable. The problem is not reproducible on a newer Gnome stack, hence we disable the glib based soup plugin until we have a more recent Ubuntu on Travis. | ||||
* | travis: Disable build of native systemd IKE daemon | Martin Willi | 2014-09-22 | 1 | -0/+1 |
| | | | | | Travis still uses Ubuntu 12.04, where no systemd libraries are available. Skip systemd support on Travis until we have a more recent Ubuntu distribution. | ||||
* | autoconf: Replace --disable-tools option with --disable-scepclient | Tobias Brunner | 2014-06-30 | 1 | -2/+2 |
| | | | | | Since using a separate option for pki this was the only tool that was still enabled by that option. | ||||
* | travis: Add a Windows 32-bit variant build test | Martin Willi | 2014-06-06 | 1 | -5/+15 |
| |