fwknop.git
10 months ago[android] Added test/conf/hmac_android_access.conf file to Makefile.am android4.4_support
Michael Rash [Tue, 24 Dec 2013 04:16:03 +0000]
[android] Added test/conf/hmac_android_access.conf file to Makefile.am

10 months ago[android] added HMAC test along with non-legacy Rijndael test
Michael Rash [Tue, 24 Dec 2013 04:15:11 +0000]
[android] added HMAC test along with non-legacy Rijndael test

10 months ago[android] added ant.properties file
Michael Rash [Tue, 24 Dec 2013 03:51:26 +0000]
[android] added ant.properties file

10 months ago[android] added project.properties file
Michael Rash [Tue, 24 Dec 2013 03:44:53 +0000]
[android] added project.properties file

10 months ago[android] Makefile.am minor script path update
Michael Rash [Tue, 24 Dec 2013 03:40:18 +0000]
[android] Makefile.am minor script path update

10 months ago[android] update Makefile.am for latest Android directory tree
Michael Rash [Tue, 24 Dec 2013 03:39:21 +0000]
[android] update Makefile.am for latest Android directory tree

10 months ago[android] add HMAC support (currently optional)
Michael Rash [Tue, 24 Dec 2013 03:29:51 +0000]
[android] add HMAC support (currently optional)

10 months ago[android] update to copy fko.h and associated files to jni/fwknop/ via get_libfko_hea...
Michael Rash [Tue, 24 Dec 2013 01:38:04 +0000]
[android] update to copy fko.h and associated files to jni/fwknop/ via get_libfko_header.sh

10 months agoadded Gerry Reno
Michael Rash [Mon, 23 Dec 2013 02:12:26 +0000]
added Gerry Reno

10 months ago[android] applied Gerry Reno's patch for Android-4.4
Michael Rash [Sun, 22 Dec 2013 20:25:32 +0000]
[android] applied Gerry Reno's patch for Android-4.4

10 months agoFix 'string literal' warning for Android client
Michael Rash [Sun, 22 Dec 2013 20:10:23 +0000]
Fix 'string literal' warning for Android client

Under Android-4.4 this commit fixes the following warning:

     [exec] jni/./fwknop/fwknop_client.c: In function 'Java_com_max2idea_android_fwknop_Fwknop_sendSPAPacket':
     [exec] jni/./fwknop/fwknop_client.c:181:5: error: format not a string literal and no format arguments [-Werror=format-security]
     [exec] cc1: some warnings being treated as errors

10 months ago[test suite] bug fix for python FKO extension library path (found on Fedora 19)
Michael Rash [Tue, 17 Dec 2013 03:33:55 +0000]
[test suite] bug fix for python FKO extension library path (found on Fedora 19)

10 months ago[server] fw_initialize() vs. fw_config_init() bug fix for use_masquerade
Michael Rash [Sun, 15 Dec 2013 00:41:00 +0000]
[server] fw_initialize() vs. fw_config_init() bug fix for use_masquerade

10 months ago[server] added FORCE_MASQUERADE to fwknopd(8) man page, closes #101
Michael Rash [Sat, 14 Dec 2013 20:44:39 +0000]
[server] added FORCE_MASQUERADE to fwknopd(8) man page, closes #101

This commit completes the addition of generalized NAT (both DNAT and
SNAT) capabilities to access.conf stanzas.

10 months agoAdded Les Aker to credits file
Michael Rash [Thu, 12 Dec 2013 05:01:44 +0000]
Added Les Aker to credits file

10 months ago[server] pcap_dispatch() packet count default to 100
Michael Rash [Wed, 11 Dec 2013 04:24:39 +0000]
[server] pcap_dispatch() packet count default to 100

Updated pcap_dispatch() default packet count from zero to 100.
This change was made to ensure backwards compatibility with older
versions of libpcap per the pcap_dispatch() man page, and also because
some of a report from Les Aker of an unexpected crash on Arch Linux with
libpcap-1.5.1 that is fixed by this change (closes #110).

10 months ago[test suite] multi-packet pcap test for pcap_dispatch() validation
Michael Rash [Wed, 11 Dec 2013 03:31:03 +0000]
[test suite] multi-packet pcap test for pcap_dispatch() validation

This commit adds a new pcap file to the test suite with an SPA packet after
99 other garbage packets.  This can be used for pcap_dispatch() testing,
though this is not meant to be super instensive - it is just to ensure that
if a PCAP_DISPATCH_COUNT of, say, 10 is selected that the SPA is still seen
by fwknopd.  This commit is in support of #110.

10 months ago[server] use SIGKILL if necessary for -K
Michael Rash [Tue, 10 Dec 2013 04:10:46 +0000]
[server] use SIGKILL if necessary for -K

This change sends SIGKILL to fwknopd under -K if SIGTERM does not do the job
first.  This can be necessary in some cases if libpcap does not properly handle
a packet count of zero in pcap_dispatch() (see github issue #110).  On a side
note, the default packet dispatch count of zero will likely be changed because
of that issue too.

10 months ago[test suite] added masquerade exception for non-Linux systems
Michael Rash [Fri, 6 Dec 2013 04:37:10 +0000]
[test suite] added masquerade exception for non-Linux systems

10 months ago[test suite] added missing config files
Michael Rash [Fri, 6 Dec 2013 04:01:12 +0000]
[test suite] added missing config files

10 months ago[server] added the ability to use FORCE_MASQUERADE to access.conf stanzas
Michael Rash [Fri, 6 Dec 2013 04:00:19 +0000]
[server] added the ability to use FORCE_MASQUERADE to access.conf stanzas

10 months ago[libfko] added defensive NULL check for is_valid_ipv4_addr()
Michael Rash [Thu, 5 Dec 2013 04:11:11 +0000]
[libfko] added defensive NULL check for is_valid_ipv4_addr()

10 months ago[server] Added FORCE_SNAT to access.conf stanzas.
Michael Rash [Thu, 5 Dec 2013 02:52:07 +0000]
[server] Added FORCE_SNAT to access.conf stanzas.

Added FORCE_SNAT to the access.conf file so that per-access stanza SNAT
criteria can be specified for SPA access.

10 months ago[server] Bug fix for SPA NAT modes on iptables firewalls for chain re-creation
Michael Rash [Wed, 4 Dec 2013 02:42:23 +0000]
[server] Bug fix for SPA NAT modes on iptables firewalls for chain re-creation

For SPA NAT modes this commit ensures that custom fwknop chains are re-created
if they get deleted out from under the running fwknopd instance.

10 months ago[test suite] added FreeBSD-9.2 and OpenBSD-5.4 compatibility tests
Michael Rash [Thu, 28 Nov 2013 02:58:13 +0000]
[test suite] added FreeBSD-9.2 and OpenBSD-5.4 compatibility tests

10 months ago[client] use libfko is_valid_ipv4_addr() for IP address validation
Michael Rash [Wed, 27 Nov 2013 04:48:56 +0000]
[client] use libfko is_valid_ipv4_addr() for IP address validation

10 months agomove fuzzing_spa_packets file to perl/FKO/t/ for fuzzing tests
Michael Rash [Wed, 27 Nov 2013 02:44:53 +0000]
move fuzzing_spa_packets file to perl/FKO/t/ for fuzzing tests

This change moves the fuzzing_spa_packets file from the test/fuzzing/
directory into the perl FKO extension t/ directory and is now referenced
directly by the t/04_fuzzing.t test file.  The test suite itself also uses
this file for fuzzing tests as well, but having the FKO built-in tests
enables Test::Valgrind memory checks so it is useful to have this included
in the FKO sources.  (When the FKO module is submitted to CPAN, it should
not depend on non-local files, but it's ok for the test suite to reference
the ../perl/FKO/t/ directory.)

10 months agominor ChangeLog rewording for GPG fix
Michael Rash [Tue, 26 Nov 2013 04:15:35 +0000]
minor ChangeLog rewording for GPG fix

10 months ago[libfko] Bug fix to not decrypt with GnuGP without FKO_ENC_MODE_ASYMMETRIC
Michael Rash [Tue, 26 Nov 2013 04:11:01 +0000]
[libfko] Bug fix to not decrypt with GnuGP without FKO_ENC_MODE_ASYMMETRIC

[libfko] Bug fix to not attempt SPA packet decryption with GnuPG without
an fko object with encryption_mode set to FKO_ENC_MODE_ASYMMETRIC.  This
bug was caught with valgrind validation against the perl FKO extension
together with the set of SPA fuzzing packets in
test/fuzzing/fuzzing_spa_packets.  Note that this bug cannot be
triggered via fwknopd because additional checks are made within fwknopd
itself to force FKO_ENC_MODE_ASYMMETRIC whenever an access.conf stanza
contains GPG key information.  This fix strengthens libfko itself to
independently require that the usage of fko objects without GPG key
information does not result in attempted GPG decryption operations.  Hence
this fix applies mostly to third party usage of libfko - i.e. stock
installations of fwknopd are not affected.  As always, it is recommended to
use HMAC authenticated encryption whenever possible even for GPG modes since
this also provides a work around even for libfko prior to this fix.

11 months ago[test suite] added --cmd-verbose to control fwknop command verbosity levels
Michael Rash [Sat, 23 Nov 2013 04:00:20 +0000]
[test suite] added --cmd-verbose to control fwknop command verbosity levels

This commit provides an easy way to control how verbose fwknop command
execution will be.  For example, fwknopd only calls hex_dump() against
SPA packets when --verbose > 2, so invoking the tests suite as follows
will result in hex_dump() being included in fwknopd output (see the
output/1_fwknopd.test file:

./test-fwknop.pl --include "Rijndael.*complete.*22" --test-limit 1 --cmd-verbose "--verbose --verbose --verbose"

[+] candidate SPA packet payload:

  0x0000:  39 62 72 51 58 75 7a 4b  57 54 53 67 57 56 35 66 9brQXuzKWTSgWV5f
  0x0010:  73 63 78 42 35 78 69 51  65 6c 55 4f 53 78 69 45 scxB5xiQelUOSxiE
  0x0020:  51 30 59 6a 41 50 70 31  4f 70 43 62 32 51 4a 4c Q0YjAPp1OpCb2QJL
  0x0030:  48 34 42 65 68 64 6d 47  35 49 31 50 36 2f 5a 69 H4BehdmG5I1P6/Zi
  0x0040:  6a 34 4b 41 62 34 53 68  6a 59 66 4f 71 2b 46 6c j4KAb4ShjYfOq+Fl
  0x0050:  4a 35 52 75 70 33 39 6f  6e 65 42 79 72 51 46 57 J5Rup39oneByrQFW
  0x0060:  61 38 6c 37 63 48 6e 38  5a 54 36 59 6e 55 56 47 a8l7cHn8ZT6YnUVG
  0x0070:  50 36 6e 53 6f 69 30 61  70 72 32 52 39 62 6b 56 P6nSoi0apr2R9bkV
  0x0080:  37 50 61 67 41 61 6b 49  44 63 58 59 44 6b 2f 64 7PagAakIDcXYDk/d
  0x0090:  67 51 45 61 37 39 32 6f  30 4d 38 6e 30 30 6e 35 gQEa792o0M8n00n5
  0x00a0:  55                                               U

11 months agoAppArmor profile update to allow GnuPG link operations, closes #109
Michael Rash [Sat, 23 Nov 2013 03:36:17 +0000]
AppArmor profile update to allow GnuPG link operations, closes #109

This fix was submitted by Raybuntu through github.

11 months agoMerge branch 'master' of ssh://192.168.10.1/home/mbr/git/fwknop
Michael Rash [Fri, 22 Nov 2013 02:02:08 +0000]
Merge branch 'master' of ssh://192.168.10.1/home/mbr/git/fwknop

11 months ago[test suite] fix LD_LIBRARY_PATH for perl FKO 'make test' run
Michael Rash [Fri, 22 Nov 2013 02:01:17 +0000]
[test suite] fix LD_LIBRARY_PATH for perl FKO 'make test' run

11 months agoadded AppArmor policy to Makefile.am
Michael Rash [Fri, 22 Nov 2013 01:47:50 +0000]
added AppArmor policy to Makefile.am

11 months ago[test suite] better --lib-dir support for non-default LD_LIBRARY_PATH values
Michael Rash [Thu, 21 Nov 2013 04:14:57 +0000]
[test suite] better --lib-dir support for non-default LD_LIBRARY_PATH values

This commit allow the test suite to easily use a non-default LD_LIBRARY_PATH
in order to test mixed combinations of newly compiled fwknop client/server
binaries and previously installed versions of libfko.  This allows backwards
compatibility (and forwards compatibility) to be verified by the test suite.

For example, after compiling the fwknop client and server for the 2.5.2
release, one could use libfko from 2.5.1 to verify compatibility:

./test-fwknop.pl --enable-all --lib-path /home/mbr/install/fwknop-2.0.4/lib

See the --fwknop-path and --fwknopd-path args as well in order to support
arbitrary client/server/libfko combinations.

11 months ago[test suite] added short and long IP tests (1.1.1.1 and 123.123.123.123)
Michael Rash [Thu, 21 Nov 2013 04:10:36 +0000]
[test suite] added short and long IP tests (1.1.1.1 and 123.123.123.123)

11 months ago[libfko] implemented shared utility function for ipv4 address checking
Michael Rash [Wed, 20 Nov 2013 04:31:09 +0000]
[libfko] implemented shared utility function for ipv4 address checking

This commit implements a single shared utility function for checking the
validaty of an IPv4 address, and both libfko and the fwknopd server use it
now.  The client will be updated as well.

11 months ago[server] minor error code text typo fixes
Michael Rash [Wed, 20 Nov 2013 04:14:46 +0000]
[server] minor error code text typo fixes

11 months ago[test suite] minor update for SNAT tests to not restrict --fw-list search to 127...
Michael Rash [Tue, 19 Nov 2013 03:22:02 +0000]
[test suite] minor update for SNAT tests to not restrict --fw-list search to 127.0.0.2

11 months ago[test suite] remove init file before starting test run
Michael Rash [Mon, 18 Nov 2013 03:27:07 +0000]
[test suite] remove init file before starting test run

11 months agoadded tests/code_structure.pl file to Makefile.am
Michael Rash [Mon, 18 Nov 2013 02:26:51 +0000]
added tests/code_structure.pl file to Makefile.am

11 months ago[python extension] bug fix for missing error code constants (caught with code structu...
Michael Rash [Mon, 18 Nov 2013 01:44:41 +0000]
[python extension] bug fix for missing error code constants (caught with code structure test)

11 months ago[test suite] extended code structure errstr test to validate python extention error...
Michael Rash [Mon, 18 Nov 2013 01:43:28 +0000]
[test suite] extended code structure errstr test to validate python extention error code constants

11 months ago[perl FKO module] bug fix for missing error code constants (caught with code structur...
Michael Rash [Mon, 18 Nov 2013 00:52:09 +0000]
[perl FKO module] bug fix for missing error code constants (caught with code structure test)

11 months ago[test suite] extended code structure errstr test to validate perl FKO constants
Michael Rash [Mon, 18 Nov 2013 00:50:42 +0000]
[test suite] extended code structure errstr test to validate perl FKO constants

11 months ago[libfko] bug fix caught by new code structure error str test to add string for FKO_ER...
Michael Rash [Sun, 17 Nov 2013 04:23:32 +0000]
[libfko] bug fix caught by new code structure error str test to add string for FKO_ERROR_INVALID_DATA_DECODE_EXTRA_TOOBIG

11 months ago[test suite] added tests/code_structure.pl with a test for expected lib/fko.h error...
Michael Rash [Sun, 17 Nov 2013 04:22:25 +0000]
[test suite] added tests/code_structure.pl with a test for expected lib/fko.h error code fko_errstr() handling

11 months ago[test suite] minor addition to fko-wrapper to call fko_errstr() across valid and...
Michael Rash [Sun, 17 Nov 2013 01:36:39 +0000]
[test suite] minor addition to fko-wrapper to call fko_errstr() across valid and invalid values

11 months ago[libfko] move is_base64 check to libfko
Michael Rash [Sun, 17 Nov 2013 00:20:08 +0000]
[libfko] move is_base64 check to libfko

This commit replaces the separately implemented client/server
is_base64() check with a single libfko function, and libfko itself now
uses it as well before prepending Rijndael or GnuPG base64 encoded
prefixes.

11 months agoMerge branch 'mac_os_x_mavericks_build' of ssh://10.211.55.3/home/parallels/git/fwkno...
Michael Rash [Fri, 15 Nov 2013 19:55:28 +0000]
Merge branch 'mac_os_x_mavericks_build' of ssh://10.211.55.3/home/parallels/git/fwknop into mac_os_x_mavericks_build

11 months agominor hex_dump() formatting bug fix to properly align ascii remainder output
Michael Rash [Fri, 15 Nov 2013 03:55:51 +0000]
minor hex_dump() formatting bug fix to properly align ascii remainder output

11 months ago[libfko] minor update to print 'None' for the HMAC type when an HMAC is not used...
Michael Rash [Fri, 15 Nov 2013 04:13:33 +0000]
[libfko] minor update to print 'None' for the HMAC type when an HMAC is not used instead of just diplaying '()'

11 months ago[test suite] handle LD_LIBRARY_PATH from the main test-fwknop.pl script
Michael Rash [Fri, 15 Nov 2013 03:47:13 +0000]
[test suite] handle LD_LIBRARY_PATH from the main test-fwknop.pl script

11 months ago[test suite] added Rijndael/HMAC compatibility tests for Mac OS X 10.9
Michael Rash [Thu, 14 Nov 2013 04:17:09 +0000]
[test suite] added Rijndael/HMAC compatibility tests for Mac OS X 10.9

11 months ago[test suite] minor cleanup to remove uncessary 'fatal' test hash keys
Michael Rash [Thu, 14 Nov 2013 04:11:43 +0000]
[test suite] minor cleanup to remove uncessary 'fatal' test hash keys

11 months ago[test suite] added support for 'otool' instead of 'ldd' on Mac OS X systems
Michael Rash [Wed, 13 Nov 2013 04:32:24 +0000]
[test suite] added support for 'otool' instead of 'ldd' on Mac OS X systems

11 months agominor extras/apparmor configure_args.sh path typo fix
Michael Rash [Wed, 13 Nov 2013 04:26:58 +0000]
minor extras/apparmor configure_args.sh path typo fix

11 months agoadded extras/apparmor configure_args.sh helper script for building fwknop with args...
Michael Rash [Wed, 13 Nov 2013 04:26:54 +0000]
added extras/apparmor configure_args.sh helper script for building fwknop with args that AppArmor expects

11 months ago[test suite] added DYLD_LIBRARY_PATH for Mac OS X 10.9 mac_os_x_mavericks_build
Michael Rash [Wed, 13 Nov 2013 04:05:16 +0000]
[test suite] added DYLD_LIBRARY_PATH for Mac OS X 10.9

11 months ago[server] ignore pcap direction for sniffing link type DLT_NULL interfaces (fixes...
Michael Rash [Wed, 13 Nov 2013 04:04:35 +0000]
[server] ignore pcap direction for sniffing link type DLT_NULL interfaces (fixes OS X 10.9 test suite runs)

11 months ago[libfko] Candidate build fix for Mac OS X 10.9 (closes #108)
Michael Rash [Wed, 13 Nov 2013 02:36:14 +0000]
[libfko] Candidate build fix for Mac OS X 10.9 (closes #108)

Nikolay Kolev reported a build issue on Mac OS X 10.9 (Mavericks) where fwknop
copies of strlcpy() and strlcat() functions were conflicting with those that ship
with OS X 10.9.

The solution was to add a configure.ac check for strlcat() and strlcpy() and
wrap "#if !HAVE_..." checks around those functions.

A portion of the build errors looked like this:

/Applications/Xcode.app/Contents/Developer/usr/bin/make  all-recursive
Making all in lib
/bin/sh ../libtool  --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I. -I..   -I ../common   -g -O2 -Wall -Wformat -Wformat-security -fstack-protector-all -fstack-protector -fPIE -D_FORTIFY_SOURCE=2 -MT base64.lo -MD -MP -MF .deps/base64.Tpo -c -o base64.lo base64.c
libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I.. -I ../common -g -O2 -Wall -Wformat -Wformat-security -fstack-protector-all -fstack-protector -D_FORTIFY_SOURCE=2 -MT base64.lo -MD -MP -MF .deps/base64.Tpo -c base64.c  -fno-common -DPIC -o .libs/base64.o
In file included from base64.c:34:
In file included from ./fko_common.h:149:
./fko_util.h:56:9: error: expected parameter declarator
size_t  strlcat(char *dst, const char *src, size_t siz);
        ^
/usr/include/secure/_string.h:111:44: note: expanded from macro 'strlcat'
  __builtin___strlcat_chk (dest, src, len, __darwin_obsz (dest))
                                           ^
/usr/include/secure/_common.h:39:62: note: expanded from macro '__darwin_obsz'
 #define __darwin_obsz(object) __builtin_object_size (object, _USE_FORTIFY_LEVEL > 1 ? 1 : 0)
                                                             ^

11 months ago[perl FKO module] added a series of encryption + HMAC key tests with single bytes...
Michael Rash [Thu, 31 Oct 2013 03:39:48 +0000]
[perl FKO module] added a series of encryption + HMAC key tests with single bytes converted to NULL

11 months agoadded perl FKO t/04_fuzzing.t tests file
Michael Rash [Thu, 31 Oct 2013 03:30:31 +0000]
added perl FKO t/04_fuzzing.t tests file

11 months ago[perl FKO module] additional fuzzing tests
Michael Rash [Mon, 28 Oct 2013 02:24:12 +0000]
[perl FKO module] additional fuzzing tests

11 months ago[test suite] minor negative output match addition for Test::Valgrind test
Michael Rash [Sun, 27 Oct 2013 19:08:01 +0000]
[test suite] minor negative output match addition for Test::Valgrind test

12 months ago[test suite] added valgrind output interpretation for Test::Valgrind output for previ...
Michael Rash [Sat, 26 Oct 2013 02:38:09 +0000]
[test suite] added valgrind output interpretation for Test::Valgrind output for previous run comparisons

12 months ago[perl FKO module] added t/04_fuzzing tests
Michael Rash [Fri, 25 Oct 2013 03:17:51 +0000]
[perl FKO module] added t/04_fuzzing tests

12 months ago[test suite] minor wording update for Test::Valgrind test
Michael Rash [Wed, 23 Oct 2013 03:05:36 +0000]
[test suite] minor wording update for Test::Valgrind test

12 months agoadded Test::Valgrind note to the ChangeLog
Michael Rash [Wed, 23 Oct 2013 02:58:58 +0000]
added Test::Valgrind note to the ChangeLog

12 months ago[perl FKO] interim commit to update the perldoc info
Michael Rash [Wed, 23 Oct 2013 02:24:47 +0000]
[perl FKO] interim commit to update the perldoc info

12 months ago[test suite] minor python update to use a main() function
Michael Rash [Wed, 23 Oct 2013 01:38:47 +0000]
[test suite] minor python update to use a main() function

12 months ago[test suite] minor Test::Valgrind name typo fix
Michael Rash [Wed, 23 Oct 2013 00:37:58 +0000]
[test suite] minor Test::Valgrind name typo fix

12 months agoRevert "[test suite] minor Test::Valgrind name typo fix"
Michael Rash [Wed, 23 Oct 2013 00:36:30 +0000]
Revert "[test suite] minor Test::Valgrind name typo fix"

This reverts commit 642024041534d79c897a21b2e19ef3e1ed7b2a61.

12 months ago[test suite] minor Test::Valgrind name typo fix
Michael Rash [Tue, 22 Oct 2013 00:47:01 +0000]
[test suite] minor Test::Valgrind name typo fix

12 months ago[test suite, FKO module] new(), spa_data_final(), and other fcns don't require key...
Michael Rash [Tue, 22 Oct 2013 00:45:21 +0000]
[test suite, FKO module] new(), spa_data_final(), and other fcns don't require key length args

12 months ago[test suite] Add support for Test::Valgrind against the perl FKO module
Michael Rash [Tue, 22 Oct 2013 00:34:22 +0000]
[test suite] Add support for Test::Valgrind against the perl FKO module

When --enable-valgrind is used, this commit adds support for running the
perl FKO built-in tests (in the t/ directory) under the CPAN
Test::Valgrind module.  A check is performed to see whether
Test::Valgrind is install before attempting to use it.  Any 'fko_'
function that shows up under the test output is flagged and causes the
test-suite test to fail.

12 months ago[perl FKO module] switch to CBC mode tests from ECB
Michael Rash [Fri, 11 Oct 2013 02:43:45 +0000]
[perl FKO module] switch to CBC mode tests from ECB

12 months ago[test suite] display all possible tests under --list (with a --enable-* note)
Michael Rash [Fri, 11 Oct 2013 02:34:25 +0000]
[test suite] display all possible tests under --list (with a --enable-* note)

13 months agoFixed missing error codes and error tests.
Damien Stuart [Sun, 15 Sep 2013 18:33:42 +0000]
Fixed missing error codes and error tests.

13 months agoMerge branch 'perl_module'
Damien Stuart [Sat, 7 Sep 2013 03:18:39 +0000]
Merge branch 'perl_module'

13 months agominor ChangeLog typo update
Michael Rash [Fri, 6 Sep 2013 00:31:08 +0000]
minor ChangeLog typo update

13 months agoUpdated Perl FKO tests for lastest changes to libfko. Fixed bug where $fko->hmac...
Damien Stuart [Wed, 4 Sep 2013 19:19:43 +0000]
Updated Perl FKO tests for lastest changes to libfko.  Fixed bug where $fko->hmac() was always returning -1.

13 months agoMerge pull request #105 from fjoncourt/master
Michael Rash [Thu, 29 Aug 2013 04:55:39 +0000]
Merge pull request #105 from fjoncourt/master

Make sure log_msg() sends messages to STDERR until the context gets initialized.

13 months agoFixed *Value stored is never read* warning found by clang.
Franck Joncourt [Tue, 27 Aug 2013 18:45:17 +0000]
Fixed *Value stored is never read* warning found by clang.

13 months agoMake sure all calls to log_msg() send messages to STDERR until the config files are...
Franck Joncourt [Tue, 27 Aug 2013 18:39:03 +0000]
Make sure all calls to log_msg() send messages to STDERR until the config files are parsed.
(mrash/fwknop#102)

14 months agoadded Radostan Riedel's AppArmor policy note
Michael Rash [Mon, 19 Aug 2013 03:02:44 +0000]
added Radostan Riedel's AppArmor policy note

14 months agoAdded AppArmor policy
Michael Rash [Mon, 19 Aug 2013 02:58:10 +0000]
Added AppArmor policy

This commit adds an AppArmor policy that is known to work in Debian and Ubuntu
systems.  The original version of this policy was contributed by Radostan Riedel
to the fwknop mailing list.

14 months ago[server] fix crash if replay digest tracking init() fails
Michael Rash [Mon, 19 Aug 2013 02:15:15 +0000]
[server] fix crash if replay digest tracking init() fails

This commit fixes a crash if the replay digest init() routine fails - fwknopd
attempted to make use of replay tracking anyway.  The crash was discovered
during testing fwknopd with an AppArmor enforce policy deployed.  The
following stack trace shows the crash (taken before the previous static
function commit):

 Program received signal SIGSEGV, Segmentation fault.
 __strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:31
 31      ../sysdeps/x86_64/multiarch/../strlen.S: No such file or directory.
 (gdb) where
 #0  __strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:31
 #1  0x00007f59cabd8b26 in add_replay_file_cache (opts=opts@entry=0x7fff3eaa0bb0, digest=digest@entry=0x0) at replay_cache.c:516
 #2  0x00007f59cabd8cf5 in add_replay (opts=opts@entry=0x7fff3eaa0bb0, digest=digest@entry=0x0) at replay_cache.c:472
 #3  0x00007f59cabd62eb in incoming_spa (opts=0x7fff3eaa0bb0) at incoming_spa.c:536
 #4  0x00007f59ca56164e in ?? () from /usr/lib/x86_64-linux-gnu/libpcap.so.0.8
 #5  0x00007f59cabd7175 in pcap_capture (opts=opts@entry=0x7fff3eaa0bb0) at pcap_capture.c:269
 #6  0x00007f59cabd3d4d in main (argc=5, argv=0x7fff3eaa1458) at fwknopd.c:314

14 months ago[server] minor replay code update to make functions static where possible
Michael Rash [Mon, 19 Aug 2013 01:56:53 +0000]
[server] minor replay code update to make functions static where possible

14 months ago[test suite] added 'make test' check for FKO perl module
Michael Rash [Sun, 18 Aug 2013 03:51:23 +0000]
[test suite] added 'make test' check for FKO perl module

All built-in tests in the FKO module must pass for this new test to pass.  This commit
is in support of #103

14 months agoFirst round of updates to get the Perl module up-to-date with the new libfko. Added...
Damien Stuart [Tue, 13 Aug 2013 00:53:29 +0000]
First round of updates to get the Perl module up-to-date with the new libfko.  Added new error refs and commented out bad/invalid tests.

14 months agoMerge branch 'master' of github.com:mrash/fwknop
Michael Rash [Mon, 12 Aug 2013 02:09:22 +0000]
Merge branch 'master' of github.com:mrash/fwknop

14 months agoAdded fko context dumper change to ChangeLog, updated test suite to account for singl...
Michael Rash [Mon, 12 Aug 2013 02:07:02 +0000]
Added fko context dumper change to ChangeLog, updated test suite to account for single line printing of final SPA data

14 months agoMoved new invalid data error definitions above the GPGME_ERR_START marker.
Damien Stuart [Mon, 12 Aug 2013 02:02:50 +0000]
Moved new invalid data error definitions above the GPGME_ERR_START marker.

14 months agoMerge remote-tracking branch 'fjoncourt/fko_dump'
Michael Rash [Sun, 11 Aug 2013 19:02:01 +0000]
Merge remote-tracking branch 'fjoncourt/fko_dump'

This implements an FKO context dumping function in lib/fko_utils.c, and closes #100

14 months agominor edit to credits file for Hank Leininger
Michael Rash [Sun, 11 Aug 2013 18:30:37 +0000]
minor edit to credits file for Hank Leininger

14 months ago[test suite] minor bug fix for GPG no password HMAC test rc file
Michael Rash [Sun, 11 Aug 2013 01:03:07 +0000]
[test suite] minor bug fix for GPG no password HMAC test rc file

14 months ago[server] minor addition to access stanza dump output to include hmac digest type
Michael Rash [Sat, 10 Aug 2013 20:08:19 +0000]
[server] minor addition to access stanza dump output to include hmac digest type

14 months ago[test suite] added Rijndael HMAC digest mismatch tests
Michael Rash [Sat, 10 Aug 2013 19:45:51 +0000]
[test suite] added Rijndael HMAC digest mismatch tests

14 months ago[test suite] added Rijndael HMAC + RAND_PORT test
Michael Rash [Sat, 10 Aug 2013 18:27:10 +0000]
[test suite] added Rijndael HMAC + RAND_PORT test