fwknop.git
8 weeks ago[test suite] added tests/rijndael_hmac_fuzzing.pl file master
Michael Rash [Fri, 23 May 2014 22:55:06 +0000]
[test suite] added tests/rijndael_hmac_fuzzing.pl file

8 weeks ago[test suite] add hmac_fuzzing_access.conf file
Michael Rash [Fri, 23 May 2014 22:50:47 +0000]
[test suite] add hmac_fuzzing_access.conf file

2 months ago[test suite] expand libfko username coverage testing by adding undef LOGNAME env...
Michael Rash [Sun, 11 May 2014 03:16:32 +0000]
[test suite] expand libfko username coverage testing by adding undef LOGNAME env variable test

2 months ago[test suite] stronger valgrind test requirements
Michael Rash [Sat, 10 May 2014 01:13:48 +0000]
[test suite] stronger valgrind test requirements

This commit adds a couple of suppressions for known issues that valgrind
finds in libcap, and then makes a significant change to how the test
suite deals with any valgrind errors (in --enable-valgrind mode) that
are outside of these suppressions.  That is, any new valgrind errors
that are discovered will cause the test that triggers them to fail.
Previous to this commit, the final valgrind "flagged functions" test
attmpted to do this by comparing valgrind output across test runs. This
worked well enough for a while, but this latest commit enforces a
stricter stance for valgrind validation of the fwknop code base.

2 months ago[fko-wrapper] add missing fko_destroy() call
Michael Rash [Sat, 10 May 2014 00:53:32 +0000]
[fko-wrapper] add missing fko_destroy() call

2 months ago[test suite] python fuzzer pkt_id counter minor bug fix
Michael Rash [Sat, 10 May 2014 00:51:29 +0000]
[test suite] python fuzzer pkt_id counter minor bug fix

2 months ago[test suite] add lib path and valgrind string to server start/stop cycle tests
Michael Rash [Fri, 9 May 2014 11:57:46 +0000]
[test suite] add lib path and valgrind string to server start/stop cycle tests

2 months ago[test suite] add SIGINT, SIGUSR1, and SIGUSR2 signals to restart cycle test for code...
Michael Rash [Fri, 9 May 2014 11:49:57 +0000]
[test suite] add SIGINT, SIGUSR1, and SIGUSR2 signals to restart cycle test for code coverage

2 months ago[test stuie] fko-wrapper PKT_ID generation + send fuzzing packets back through fko_ne...
Michael Rash [Mon, 5 May 2014 05:15:20 +0000]
[test stuie] fko-wrapper PKT_ID generation + send fuzzing packets back through fko_new_with_data() cycle

2 months ago[server] add --test mode to enable broader fuzzing coverage
Michael Rash [Tue, 6 May 2014 03:51:21 +0000]
[server] add --test mode to enable broader fuzzing coverage

2 months ago[server] minor fix to remove unnecessary opts.status check
Michael Rash [Tue, 6 May 2014 03:11:32 +0000]
[server] minor fix to remove unnecessary opts.status check

2 months agoadd new test suite conf files
Michael Rash [Tue, 6 May 2014 03:05:02 +0000]
add new test suite conf files

2 months ago[test suite] Rijndael HMAC fuzzing support and a few minor test additions
Michael Rash [Tue, 6 May 2014 03:01:44 +0000]
[test suite] Rijndael HMAC fuzzing support and a few minor test additions

2 months ago[server] add --exit-parse-config option, man page updates (minor formatting change)
Michael Rash [Sun, 4 May 2014 13:17:27 +0000]
[server] add --exit-parse-config option, man page updates (minor formatting change)

2 months ago[test suite] add digest cache rewrite feature for test coverage, add config line...
Michael Rash [Sun, 4 May 2014 13:16:39 +0000]
[test suite] add digest cache rewrite feature for test coverage, add config line and pcap filter validation tests

2 months ago[test suite] add multi-port access request to python fuzzer
Michael Rash [Sun, 4 May 2014 13:15:44 +0000]
[test suite] add multi-port access request to python fuzzer

2 months ago[server] add --dump-serv-err-codes for test coverage
Michael Rash [Wed, 30 Apr 2014 03:50:54 +0000]
[server] add --dump-serv-err-codes for test coverage

2 months ago[server] add test coverage for tcp server when FUZZING_INTERFACES is defined
Michael Rash [Wed, 30 Apr 2014 03:41:01 +0000]
[server] add test coverage for tcp server when FUZZING_INTERFACES is defined

2 months ago[server] bug fix to handle SPA packets via http
Michael Rash [Wed, 30 Apr 2014 03:25:31 +0000]
[server] bug fix to handle SPA packets via http

2 months ago[test suite] significant test coverage update
Michael Rash [Wed, 30 Apr 2014 00:54:01 +0000]
[test suite] significant test coverage update

This commit adds a lot of test coverage support as guided by gcov +
lcov.

Also added the --no-ipt-check-support option to fwknopd (this is only
useful in practice on older Linux distros where 'iptables -C' is not
available, but it helps with test coverage).

2 months agoMerge branch 'spa_encoding_fuzzing'
Michael Rash [Tue, 29 Apr 2014 03:00:16 +0000]
Merge branch 'spa_encoding_fuzzing'

2 months agochanges since fwknop-2.6.1
Michael Rash [Tue, 29 Apr 2014 01:20:21 +0000]
changes since fwknop-2.6.1

2 months agoupdated RPM Release tag to 1
Michael Rash [Tue, 29 Apr 2014 01:17:13 +0000]
updated RPM Release tag to 1

2 months agochanges since 2.6.1
Michael Rash [Tue, 29 Apr 2014 01:08:49 +0000]
changes since 2.6.1

2 months ago[libfko] bumped version to 2.0.2
Michael Rash [Tue, 29 Apr 2014 01:08:27 +0000]
[libfko] bumped version to 2.0.2

2 months agochanges since 2.6.1
Michael Rash [Tue, 29 Apr 2014 00:43:18 +0000]
changes since 2.6.1

2 months agominor 2.6.2 release date change
Michael Rash [Tue, 29 Apr 2014 00:26:05 +0000]
minor 2.6.2 release date change

2 months agochanges since 2.6.1
Michael Rash [Sun, 27 Apr 2014 03:46:40 +0000]
changes since 2.6.1

2 months agobumped version to 2.6.2
Michael Rash [Sun, 27 Apr 2014 03:43:32 +0000]
bumped version to 2.6.2

2 months agoChangeLog for 2.6.2
Michael Rash [Sun, 27 Apr 2014 03:42:17 +0000]
ChangeLog for 2.6.2

2 months ago[libfko] fix double free bug in SPA parser
Michael Rash [Wed, 23 Apr 2014 01:58:09 +0000]
[libfko] fix double free bug in SPA parser

This commit fixes a double free condition discovered through the new
python SPA payload fuzzer.  This bug could be triggered in fwknopd with
a malicious SPA payload but only when GnuPG is used.  When Rijndael is
used for SPA packet encryption, this bug cannot be triggered due to an
length/format check towards the end of _rijndael_decrypt().  It should
be noted that only a person in possession of the correct encryption and
authentication GnuPG keys could trigger this bug.

2 months ago[libfko/test suite] add the FUZZING_INTERFACES macro
Michael Rash [Sun, 27 Apr 2014 03:04:44 +0000]
[libfko/test suite] add the FUZZING_INTERFACES macro

Add a new fko_set_encoded_data() function gated by #define
FUZZING_INTERFACES to allow encryption and authentication to be bypassed
for fuzzing purposes (and only fuzzing purposes).  The fko-wrapper code
has been extended to process data in the
test/fko-wrapper/fuzz_spa_payloads file, which is created by the new
python fuzzer.  Typical workflow is:

$ cd test/fko-wrapper
$ ../spa_fuzzer.py > fuzz_spa_payloads
$ make fuzzing

(as root):

./test-fwknop.pl  --enable-profile-coverage --enable-fuzzing-interfaces --enable-all --include wrapper

[+] Starting the fwknop test suite...

    args: --enable-profile-coverage --enable-fuzzing-interfaces --enable-all --include wrapper

    Saved results from previous run to: output.last/

    Valgrind mode enabled, will import previous coverage from:
        output.last/valgrind-coverage/

[+] Total test buckets to execute: 2

[Rijndael] [fko-wrapper] multiple libfko calls (with valgrind)......pass (1)
[Rijndael] [fko-wrapper] multiple libfko calls......................pass (2)
[profile coverage] gcov profile coverage............................pass (3)
[valgrind output] [flagged functions] ..............................pass (4)

    Run time: 5.85 minutes

[+] 0/0/0 OpenSSL tests passed/failed/executed
[+] 0/0/0 OpenSSL HMAC tests passed/failed/executed
[+] 4/0/4 test buckets passed/failed/executed

2 months ago[test suite] python fuzzer - more field length variations to hit MAX_SPA_MESSAGE_SIZE
Michael Rash [Sun, 27 Apr 2014 03:01:47 +0000]
[test suite] python fuzzer - more field length variations to hit MAX_SPA_MESSAGE_SIZE

2 months ago[test suite] libfko wrapper is already called in Rijndael tests
Michael Rash [Sun, 27 Apr 2014 02:35:57 +0000]
[test suite] libfko wrapper is already called in Rijndael tests

2 months ago[test suite] python fuzzer - account for base64 strings that have stripped '=' chars
Michael Rash [Sun, 27 Apr 2014 02:03:32 +0000]
[test suite] python fuzzer - account for base64 strings that have stripped '=' chars

2 months ago[test suite] python fuzzer - add fuzzing fields to original fields (interim commit)
Michael Rash [Sat, 26 Apr 2014 21:03:47 +0000]
[test suite] python fuzzer - add fuzzing fields to original fields (interim commit)

2 months ago[test suite] python fuzzer - break out fuzzing sections into dedicated functions
Michael Rash [Fri, 25 Apr 2014 02:11:04 +0000]
[test suite] python fuzzer - break out fuzzing sections into dedicated functions

2 months ago[test suite] add command mode SPA payload and splicing tests to python fuzzer
Michael Rash [Thu, 24 Apr 2014 03:31:37 +0000]
[test suite] add command mode SPA payload and splicing tests to python fuzzer

2 months ago[test suite] support multiple initial SPA payloads in the python fuzzer
Michael Rash [Wed, 23 Apr 2014 03:48:13 +0000]
[test suite] support multiple initial SPA payloads in the python fuzzer

2 months ago[test suite] python fuzzer additional tests
Michael Rash [Wed, 23 Apr 2014 03:20:06 +0000]
[test suite] python fuzzer additional tests

2 months ago[libfko] fix double free bug in SPA parser
Michael Rash [Wed, 23 Apr 2014 01:58:09 +0000]
[libfko] fix double free bug in SPA parser

This commit fixes a double free condition discovered through the new
python SPA payload fuzzer.  This bug could be triggered in fwknopd with
a malicious SPA payload but only when GnuPG is used.  When Rijndael is
used for SPA packet encryption, this bug cannot be triggered due to an
length/format check towards the end of _rijndael_decrypt().  It should
be noted that only a person in possession of the correct encryption and
authentication GnuPG keys could trigger this bug.

2 months ago[test suite] add python SPA packet payload fuzzer
Michael Rash [Wed, 23 Apr 2014 01:00:16 +0000]
[test suite] add python SPA packet payload fuzzer

2 months ago[test suite] add --enable-fuzzing-interfaces, fix profile coverage file handling
Michael Rash [Wed, 23 Apr 2014 00:58:03 +0000]
[test suite] add --enable-fuzzing-interfaces, fix profile coverage file handling

3 months ago[libfko] for fuzzing purposes, added fko_set_encoded_data() to bypass encryption...
Michael Rash [Sat, 19 Apr 2014 01:39:54 +0000]
[libfko] for fuzzing purposes, added fko_set_encoded_data() to bypass encryption and authentication for SPA payloads

3 months agocredit Blair and Tim with MacPorts and Homebrew maintainer status
Michael Rash [Mon, 14 Apr 2014 01:39:50 +0000]
credit Blair and Tim with MacPorts and Homebrew maintainer status

3 months agochanges since 2.6.0 2.6.1
Michael Rash [Sat, 12 Apr 2014 19:25:03 +0000]
changes since 2.6.0

3 months ago[server] bug fix to allow IP-formatted masks for SOURCE lines in access.conf
Michael Rash [Sat, 12 Apr 2014 19:21:00 +0000]
[server] bug fix to allow IP-formatted masks for SOURCE lines in access.conf

3 months agominor typo fix
Michael Rash [Sat, 12 Apr 2014 19:20:31 +0000]
minor typo fix

3 months ago[client] fix minor memory leak before exit() in parsing invalid time offsets
Michael Rash [Sat, 12 Apr 2014 02:45:27 +0000]
[client] fix minor memory leak before exit() in parsing invalid time offsets

3 months agobump version to 2.6.1
Michael Rash [Sat, 12 Apr 2014 02:41:00 +0000]
bump version to 2.6.1

3 months ago[client] fix memory leak introduced in 0ff210099
Michael Rash [Fri, 11 Apr 2014 03:18:44 +0000]
[client] fix memory leak introduced in 0ff210099

3 months ago[test suite] implement new fwknopd access/fwknopd.conf file writing feature similar...
Michael Rash [Fri, 11 Apr 2014 03:10:11 +0000]
[test suite] implement new fwknopd access/fwknopd.conf file writing feature similar to client rc file writing/testing

3 months ago[test suite] add compounded tests for fko-wrapper
Michael Rash [Fri, 11 Apr 2014 03:08:51 +0000]
[test suite] add compounded tests for fko-wrapper

3 months ago[server] make parse_access_file() exit if there is a variable formatting problem
Michael Rash [Fri, 11 Apr 2014 03:08:19 +0000]
[server] make parse_access_file() exit if there is a variable formatting problem

3 months ago[client] ensure to call fko_destroy() on the correct context if encryption mode could...
Michael Rash [Fri, 11 Apr 2014 03:07:39 +0000]
[client] ensure to call fko_destroy() on the correct context if encryption mode could not be determined

3 months ago[client] make is_rc_param() error condition fatal
Michael Rash [Fri, 11 Apr 2014 00:48:05 +0000]
[client] make is_rc_param() error condition fatal

3 months ago[test suite] --key-* arg validation with --fd 0
Michael Rash [Thu, 10 Apr 2014 03:56:50 +0000]
[test suite] --key-* arg validation with --fd 0

3 months ago[server] Validate GPG sigs with libfko fko_gpg_signature_id_match() function
Michael Rash [Thu, 10 Apr 2014 03:56:03 +0000]
[server] Validate GPG sigs with libfko fko_gpg_signature_id_match() function

3 months ago[test suite/client] memory leak bug fix and test coverage
Michael Rash [Wed, 9 Apr 2014 01:12:46 +0000]
[test suite/client] memory leak bug fix and test coverage

This commit fixes a minor memory leak in the fwknop client before
calling exit() when an abnormally large number of command line arguments
are given.  The leak was found with valgrind together with the test
suite (specifically the 'show last args (4)' test):

==23748== 175 bytes in 50 blocks are definitely lost in loss record 1 of 1
==23748==    at 0x4C2C494: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23748==    by 0x1112F1: run_last_args (fwknop.c:991)
==23748==    by 0x110D36: prev_exec (fwknop.c:916)
==23748==    by 0x10D953: main (fwknop.c:170)

Additional test coverage was added for the client via the
basic_operations.pl tests.

3 months ago[libfko] minor formating update for strtol_wrapper() range output messages
Michael Rash [Wed, 9 Apr 2014 01:08:24 +0000]
[libfko] minor formating update for strtol_wrapper() range output messages

3 months ago[libfko] minor comment re-wording
Michael Rash [Wed, 9 Apr 2014 01:06:45 +0000]
[libfko] minor comment re-wording

3 months ago[client] minor typo fix
Michael Rash [Wed, 9 Apr 2014 01:06:18 +0000]
[client] minor typo fix

3 months ago[test suite] env HOME tests, -R http resolve tests
Michael Rash [Wed, 9 Apr 2014 00:45:13 +0000]
[test suite] env HOME tests, -R http resolve tests

3 months ago[test suite] more client/config_init.c test coverage
Michael Rash [Tue, 8 Apr 2014 02:31:56 +0000]
[test suite] more client/config_init.c test coverage

3 months ago[test suite] KEY_FILE and HMAC_KEY_FILE tests
Michael Rash [Mon, 7 Apr 2014 02:21:14 +0000]
[test suite] KEY_FILE and HMAC_KEY_FILE tests

3 months ago[test suite] more client/config_init.c test coverage
Michael Rash [Mon, 7 Apr 2014 02:14:10 +0000]
[test suite] more client/config_init.c test coverage

3 months ago[test suite] additional test coverage for client/config_init.c
Michael Rash [Mon, 7 Apr 2014 01:27:15 +0000]
[test suite] additional test coverage for client/config_init.c

3 months ago[test suite] allow tests/*.pl files to use lib_view_str variable directly
Michael Rash [Mon, 7 Apr 2014 01:27:07 +0000]
[test suite] allow tests/*.pl files to use lib_view_str variable directly

3 months ago[test suite] additional test coverage for client/config_init.c
Michael Rash [Sun, 6 Apr 2014 19:42:22 +0000]
[test suite] additional test coverage for client/config_init.c

3 months ago[test suite] non-default stanza digest update test
Michael Rash [Sun, 6 Apr 2014 03:09:04 +0000]
[test suite] non-default stanza digest update test

3 months ago[test suite] added --key-gen -K file path too long test
Michael Rash [Sun, 6 Apr 2014 01:51:56 +0000]
[test suite] added --key-gen -K file path too long test

3 months ago[test suite] added key file path too long tests
Michael Rash [Sun, 6 Apr 2014 01:29:24 +0000]
[test suite] added key file path too long tests

3 months ago[test suite] added rc file path too long test
Michael Rash [Sat, 5 Apr 2014 12:19:20 +0000]
[test suite] added rc file path too long test

3 months ago[test suite] add several validation tests to exercise various client/config_init...
Michael Rash [Sat, 5 Apr 2014 03:03:03 +0000]
[test suite] add several validation tests to exercise various client/config_init.c lines

3 months ago[client] return error exit status if --stanza-list cannot open the rc file
Michael Rash [Sat, 5 Apr 2014 03:02:09 +0000]
[client] return error exit status if --stanza-list cannot open the rc file

3 months ago[libfko] remove unused digest *_End(), *_Data(), and *_hex() functions in favor of...
Michael Rash [Sat, 5 Apr 2014 02:54:38 +0000]
[libfko] remove unused digest *_End(), *_Data(), and *_hex() functions in favor of better test coverage (always can be reinstantiated if needed)

3 months ago[libfko] add GPG sig status to fko dump context function
Michael Rash [Sat, 5 Apr 2014 02:50:41 +0000]
[libfko] add GPG sig status to fko dump context function

3 months ago[test suite] added --key-rijndael and --key-hmac tests
Michael Rash [Fri, 4 Apr 2014 02:52:53 +0000]
[test suite] added --key-rijndael and --key-hmac tests

3 months ago[client] minor typo fix for -P requirement under spoofed src mode
Michael Rash [Fri, 4 Apr 2014 02:52:11 +0000]
[client] minor typo fix for -P requirement under spoofed src mode

3 months ago[test suite] fwknoprc GPG tests, more time offset tests
Michael Rash [Thu, 3 Apr 2014 23:29:14 +0000]
[test suite] fwknoprc GPG tests, more time offset tests

3 months ago[client] minor update to comment out unused function
Michael Rash [Thu, 3 Apr 2014 23:27:44 +0000]
[client] minor update to comment out unused function

3 months ago[test suite] save pkt to file tests
Michael Rash [Thu, 3 Apr 2014 04:10:22 +0000]
[test suite] save pkt to file tests

3 months ago[test suite] added popen() 'n' answer test
Michael Rash [Thu, 3 Apr 2014 03:58:03 +0000]
[test suite] added popen() 'n' answer test

3 months ago[test suite] additional save rc file variable coverage
Michael Rash [Thu, 3 Apr 2014 03:55:00 +0000]
[test suite] additional save rc file variable coverage

3 months ago[test suite] ensure to recompile for gcov coverage analysis
Michael Rash [Thu, 3 Apr 2014 03:54:33 +0000]
[test suite] ensure to recompile for gcov coverage analysis

3 months ago[test suite] remove .gcno files in --profile-coverage-init mode
Michael Rash [Tue, 1 Apr 2014 03:40:11 +0000]
[test suite] remove .gcno files in --profile-coverage-init mode

3 months ago[test suite] basic ops save rc stanza --encryption-mode tests
Michael Rash [Tue, 1 Apr 2014 03:15:34 +0000]
[test suite] basic ops save rc stanza --encryption-mode tests

3 months ago[test suite] basic ops save rc stanza time offset minus test
Michael Rash [Tue, 1 Apr 2014 03:09:57 +0000]
[test suite] basic ops save rc stanza time offset minus test

3 months ago[test suite] basic ops save rc stanza time offset tests
Michael Rash [Tue, 1 Apr 2014 03:09:25 +0000]
[test suite] basic ops save rc stanza time offset tests

3 months ago[test suite] basic ops get key tests
Michael Rash [Tue, 1 Apr 2014 03:01:44 +0000]
[test suite] basic ops get key tests

3 months ago[test suite] rc file time offset tests
Michael Rash [Tue, 1 Apr 2014 02:21:58 +0000]
[test suite] rc file time offset tests

3 months ago[test suite] minor popen_cmd() status update
Michael Rash [Tue, 1 Apr 2014 02:12:01 +0000]
[test suite] minor popen_cmd() status update

3 months ago[test suite] add long_spa.key file
Michael Rash [Mon, 31 Mar 2014 01:12:01 +0000]
[test suite] add long_spa.key file

3 months ago[test suite] additional critical var popen() tests
Michael Rash [Mon, 31 Mar 2014 01:10:17 +0000]
[test suite] additional critical var popen() tests

3 months ago[test suite] add coverage test for client -M legacy truncated key
Michael Rash [Mon, 31 Mar 2014 00:59:33 +0000]
[test suite] add coverage test for client -M legacy truncated key

3 months ago[test suite] add --profile-coverage-init to recompile and remove old .gcov and .gcda...
Michael Rash [Mon, 31 Mar 2014 00:45:23 +0000]
[test suite] add --profile-coverage-init to recompile and remove old .gcov and .gcda files

3 months ago[test suite] exercise client rc file ask overwrite feature via popen()
Michael Rash [Mon, 31 Mar 2014 00:34:11 +0000]
[test suite] exercise client rc file ask overwrite feature via popen()

3 months ago[test suite] exclude /usr/include/* files from lcov coverage analysis
Michael Rash [Sun, 30 Mar 2014 20:06:46 +0000]
[test suite] exclude /usr/include/* files from lcov coverage analysis

3 months ago[test suite] additional rc file code coverage tests
Michael Rash [Sun, 30 Mar 2014 02:23:45 +0000]
[test suite] additional rc file code coverage tests

3 months ago[test suite] minor typo fix
Michael Rash [Sun, 30 Mar 2014 01:45:10 +0000]
[test suite] minor typo fix