fwknop.git
6 weeks ago[server] minor comment typo fix
Michael Rash [Sat, 1 Mar 2014 19:34:20 +0000]
[server] minor comment typo fix

2 months ago[test suite] check for Darwin uname output for Mac OS X
Michael Rash [Mon, 10 Feb 2014 02:39:52 +0000]
[test suite] check for Darwin uname output for Mac OS X

2 months ago[test suite] added git branch and commit values to init
Michael Rash [Fri, 7 Feb 2014 03:20:40 +0000]
[test suite] added git branch and commit values to init

2 months ago[test suite] added portrange bpf filter test
Michael Rash [Fri, 7 Feb 2014 03:12:23 +0000]
[test suite] added portrange bpf filter test

2 months ago[libfko] minor bug fix to not return GPG error codes from _rijndael_decrypt()
Michael Rash [Mon, 3 Feb 2014 01:32:02 +0000]
[libfko] minor bug fix to not return GPG error codes from _rijndael_decrypt()

2 months ago[test suite] buf fix for DYLD_LIBRARY_PATH on Mac OS X systems
Michael Rash [Mon, 3 Feb 2014 01:29:14 +0000]
[test suite] buf fix for DYLD_LIBRARY_PATH on Mac OS X systems

2 months ago[test suite] minor spelling typo fix
Michael Rash [Mon, 3 Feb 2014 01:28:02 +0000]
[test suite] minor spelling typo fix

2 months agoMerge branch 'master' of ssh://10.211.55.11/home/mbr/git/fwknop
Michael Rash [Sun, 19 Jan 2014 04:13:56 +0000]
Merge branch 'master' of ssh://10.211.55.11/home/mbr/git/fwknop

2 months ago[client] minor bug fix to add --spoof-source synonym for --spoof-src to match man...
Michael Rash [Sat, 18 Jan 2014 02:10:36 +0000]
[client] minor bug fix to add --spoof-source synonym for --spoof-src to match man page

3 months ago[test suite] added --client-only mode for the test suite
Michael Rash [Sat, 18 Jan 2014 04:43:11 +0000]
[test suite] added --client-only mode for the test suite

3 months agoadded fwknop.spec update to ChangeLog.git 2.6.0
Michael Rash [Mon, 13 Jan 2014 03:29:04 +0000]
added fwknop.spec update to ChangeLog.git

3 months agoupdated fwknop.spec file release note for 2.6.0
Michael Rash [Mon, 13 Jan 2014 03:27:38 +0000]
updated fwknop.spec file release note for 2.6.0

3 months agoadded Coverity finds/fixes to ChangeLog.git for 2.6.0
Michael Rash [Mon, 13 Jan 2014 02:41:54 +0000]
added Coverity finds/fixes to ChangeLog.git for 2.6.0

3 months ago[server] better checking for read() return value flagged by Coverity
Michael Rash [Mon, 13 Jan 2014 02:40:20 +0000]
[server] better checking for read() return value flagged by Coverity

3 months ago[server] fixed copy-and-paste NULL check bug found by Coverity
Michael Rash [Mon, 13 Jan 2014 02:08:55 +0000]
[server] fixed copy-and-paste NULL check bug found by Coverity

3 months agoadded ChangeLog.git to show changes since 2.5.1
Michael Rash [Sun, 12 Jan 2014 04:33:53 +0000]
added ChangeLog.git to show changes since 2.5.1

3 months agoMerge branch 'master' of https://github.com/mrash/fwknop
Michael Rash [Sat, 11 Jan 2014 20:21:10 +0000]
Merge branch 'master' of https://github.com/mrash/fwknop

3 months agoBumped libfko and protocol versions to 2.0.1. Added dependencies for this version...
Damien Stuart [Sat, 11 Jan 2014 15:58:01 +0000]
Bumped libfko and protocol versions to 2.0.1.  Added dependencies for this version to the fwknop.spec file.

3 months agomerged android4.4_support branch
Michael Rash [Sat, 11 Jan 2014 03:46:54 +0000]
merged android4.4_support branch

3 months ago(Marek Wrzosek) Update docs to reflect random 'digits' use instead of 'bytes' 2.6.0-pre1
Michael Rash [Fri, 3 Jan 2014 01:47:41 +0000]
(Marek Wrzosek) Update docs to reflect random 'digits' use instead of 'bytes'

Suggested doc update to fwknop man pages to accurately describe the usage
of digits instead of bytes for SPA random data.  About 53 bits of entropy
are actually used, although this is in addition to the 64-bit random salt
in for key derivation used by PBKDF1 in Rjindael CBC mode.

3 months agobumped version to 2.6.0
Michael Rash [Thu, 2 Jan 2014 03:27:07 +0000]
bumped version to 2.6.0

3 months ago[libfko] ensure a NULL HMAC key is properly handled
Michael Rash [Thu, 2 Jan 2014 00:45:38 +0000]
[libfko] ensure a NULL HMAC key is properly handled

3 months ago[test suite] minor display_ctx() call position update
Michael Rash [Thu, 2 Jan 2014 00:45:02 +0000]
[test suite] minor display_ctx() call position update

3 months ago[test suite] better loop output for fko-wrapper
Michael Rash [Wed, 1 Jan 2014 19:07:39 +0000]
[test suite] better loop output for fko-wrapper

3 months agominor README update
Michael Rash [Wed, 1 Jan 2014 18:42:13 +0000]
minor README update

3 months ago[libfko] ensure NULL is handled properly for all fko_get_* functions
Michael Rash [Wed, 1 Jan 2014 04:27:05 +0000]
[libfko] ensure NULL is handled properly for all fko_get_* functions

3 months ago[libfko] added NULL check for fko_set_spa_data() data arg
Michael Rash [Tue, 31 Dec 2013 02:56:08 +0000]
[libfko] added NULL check for fko_set_spa_data() data arg

3 months ago[libfko] < 0 checks not needed for size_t vars which are unsigned
Michael Rash [Tue, 31 Dec 2013 02:09:27 +0000]
[libfko] < 0 checks not needed for size_t vars which are unsigned

3 months ago[libfko] enc key NULL checks with fko-wrapper test support
Michael Rash [Mon, 30 Dec 2013 03:44:16 +0000]
[libfko] enc key NULL checks with fko-wrapper test support

3 months ago[libfko] reject negative length values
Michael Rash [Mon, 30 Dec 2013 02:05:04 +0000]
[libfko] reject negative length values

Integer lengths that are negative are never valid.  This commit also
extends the fuzzing capabilities of the test/fko-wrapper code to
validate libfko calls with negative length arguments, and one crash
scenario with a negative length for the encryption key was found (and
fixed) this way.

3 months agoadded fko-wrapper no valgrind script
Michael Rash [Mon, 30 Dec 2013 01:02:56 +0000]
added fko-wrapper no valgrind script

3 months ago[test suite] run fko-wrapper without valgrind, closes #113
Michael Rash [Mon, 30 Dec 2013 00:59:16 +0000]
[test suite] run fko-wrapper without valgrind, closes #113

3 months ago[test suite] use ctx_update() where possible for fko-wrapper
Michael Rash [Sat, 28 Dec 2013 20:22:01 +0000]
[test suite] use ctx_update() where possible for fko-wrapper

3 months ago[test suite] added 'getset' versions of fko_ int/short wrapper functions
Michael Rash [Sat, 28 Dec 2013 19:56:35 +0000]
[test suite] added 'getset' versions of fko_ int/short wrapper functions

3 months ago[test suite] update fko-wrapper to use constants from fko.h
Michael Rash [Sat, 28 Dec 2013 19:20:11 +0000]
[test suite] update fko-wrapper to use constants from fko.h

3 months ago[test suite] added ctx_update() function to fko-wrapper test
Michael Rash [Sat, 28 Dec 2013 19:10:47 +0000]
[test suite] added ctx_update() function to fko-wrapper test

3 months ago[test suite] call FKO functions via function pointers (interim commit)
Michael Rash [Sat, 28 Dec 2013 04:24:05 +0000]
[test suite] call FKO functions via function pointers (interim commit)

3 months ago[android] updated README file, added project/sdk.paths file
Michael Rash [Fri, 27 Dec 2013 01:44:35 +0000]
[android] updated README file, added project/sdk.paths file

3 months ago[android] Added test/conf/hmac_android_access.conf file to Makefile.am android4.4_support
Michael Rash [Tue, 24 Dec 2013 04:16:03 +0000]
[android] Added test/conf/hmac_android_access.conf file to Makefile.am

3 months ago[android] added HMAC test along with non-legacy Rijndael test
Michael Rash [Tue, 24 Dec 2013 04:15:11 +0000]
[android] added HMAC test along with non-legacy Rijndael test

3 months ago[android] added ant.properties file
Michael Rash [Tue, 24 Dec 2013 03:51:26 +0000]
[android] added ant.properties file

3 months ago[android] added project.properties file
Michael Rash [Tue, 24 Dec 2013 03:44:53 +0000]
[android] added project.properties file

3 months ago[android] Makefile.am minor script path update
Michael Rash [Tue, 24 Dec 2013 03:40:18 +0000]
[android] Makefile.am minor script path update

3 months ago[android] update Makefile.am for latest Android directory tree
Michael Rash [Tue, 24 Dec 2013 03:39:21 +0000]
[android] update Makefile.am for latest Android directory tree

3 months ago[android] add HMAC support (currently optional)
Michael Rash [Tue, 24 Dec 2013 03:29:51 +0000]
[android] add HMAC support (currently optional)

3 months ago[android] update to copy fko.h and associated files to jni/fwknop/ via get_libfko_hea...
Michael Rash [Tue, 24 Dec 2013 01:38:04 +0000]
[android] update to copy fko.h and associated files to jni/fwknop/ via get_libfko_header.sh

3 months agoadded Gerry Reno
Michael Rash [Mon, 23 Dec 2013 02:12:26 +0000]
added Gerry Reno

3 months ago[android] applied Gerry Reno's patch for Android-4.4
Michael Rash [Sun, 22 Dec 2013 20:25:32 +0000]
[android] applied Gerry Reno's patch for Android-4.4

3 months agoFix 'string literal' warning for Android client
Michael Rash [Sun, 22 Dec 2013 20:10:23 +0000]
Fix 'string literal' warning for Android client

Under Android-4.4 this commit fixes the following warning:

     [exec] jni/./fwknop/fwknop_client.c: In function 'Java_com_max2idea_android_fwknop_Fwknop_sendSPAPacket':
     [exec] jni/./fwknop/fwknop_client.c:181:5: error: format not a string literal and no format arguments [-Werror=format-security]
     [exec] cc1: some warnings being treated as errors

4 months ago[test suite] bug fix for python FKO extension library path (found on Fedora 19)
Michael Rash [Tue, 17 Dec 2013 03:33:55 +0000]
[test suite] bug fix for python FKO extension library path (found on Fedora 19)

4 months ago[server] fw_initialize() vs. fw_config_init() bug fix for use_masquerade
Michael Rash [Sun, 15 Dec 2013 00:41:00 +0000]
[server] fw_initialize() vs. fw_config_init() bug fix for use_masquerade

4 months ago[server] added FORCE_MASQUERADE to fwknopd(8) man page, closes #101
Michael Rash [Sat, 14 Dec 2013 20:44:39 +0000]
[server] added FORCE_MASQUERADE to fwknopd(8) man page, closes #101

This commit completes the addition of generalized NAT (both DNAT and
SNAT) capabilities to access.conf stanzas.

4 months agoAdded Les Aker to credits file
Michael Rash [Thu, 12 Dec 2013 05:01:44 +0000]
Added Les Aker to credits file

4 months ago[server] pcap_dispatch() packet count default to 100
Michael Rash [Wed, 11 Dec 2013 04:24:39 +0000]
[server] pcap_dispatch() packet count default to 100

Updated pcap_dispatch() default packet count from zero to 100.
This change was made to ensure backwards compatibility with older
versions of libpcap per the pcap_dispatch() man page, and also because
some of a report from Les Aker of an unexpected crash on Arch Linux with
libpcap-1.5.1 that is fixed by this change (closes #110).

4 months ago[test suite] multi-packet pcap test for pcap_dispatch() validation
Michael Rash [Wed, 11 Dec 2013 03:31:03 +0000]
[test suite] multi-packet pcap test for pcap_dispatch() validation

This commit adds a new pcap file to the test suite with an SPA packet after
99 other garbage packets.  This can be used for pcap_dispatch() testing,
though this is not meant to be super instensive - it is just to ensure that
if a PCAP_DISPATCH_COUNT of, say, 10 is selected that the SPA is still seen
by fwknopd.  This commit is in support of #110.

4 months ago[server] use SIGKILL if necessary for -K
Michael Rash [Tue, 10 Dec 2013 04:10:46 +0000]
[server] use SIGKILL if necessary for -K

This change sends SIGKILL to fwknopd under -K if SIGTERM does not do the job
first.  This can be necessary in some cases if libpcap does not properly handle
a packet count of zero in pcap_dispatch() (see github issue #110).  On a side
note, the default packet dispatch count of zero will likely be changed because
of that issue too.

4 months ago[test suite] added masquerade exception for non-Linux systems
Michael Rash [Fri, 6 Dec 2013 04:37:10 +0000]
[test suite] added masquerade exception for non-Linux systems

4 months ago[test suite] added missing config files
Michael Rash [Fri, 6 Dec 2013 04:01:12 +0000]
[test suite] added missing config files

4 months ago[server] added the ability to use FORCE_MASQUERADE to access.conf stanzas
Michael Rash [Fri, 6 Dec 2013 04:00:19 +0000]
[server] added the ability to use FORCE_MASQUERADE to access.conf stanzas

4 months ago[libfko] added defensive NULL check for is_valid_ipv4_addr()
Michael Rash [Thu, 5 Dec 2013 04:11:11 +0000]
[libfko] added defensive NULL check for is_valid_ipv4_addr()

4 months ago[server] Added FORCE_SNAT to access.conf stanzas.
Michael Rash [Thu, 5 Dec 2013 02:52:07 +0000]
[server] Added FORCE_SNAT to access.conf stanzas.

Added FORCE_SNAT to the access.conf file so that per-access stanza SNAT
criteria can be specified for SPA access.

4 months ago[server] Bug fix for SPA NAT modes on iptables firewalls for chain re-creation
Michael Rash [Wed, 4 Dec 2013 02:42:23 +0000]
[server] Bug fix for SPA NAT modes on iptables firewalls for chain re-creation

For SPA NAT modes this commit ensures that custom fwknop chains are re-created
if they get deleted out from under the running fwknopd instance.

4 months ago[test suite] added FreeBSD-9.2 and OpenBSD-5.4 compatibility tests
Michael Rash [Thu, 28 Nov 2013 02:58:13 +0000]
[test suite] added FreeBSD-9.2 and OpenBSD-5.4 compatibility tests

4 months ago[client] use libfko is_valid_ipv4_addr() for IP address validation
Michael Rash [Wed, 27 Nov 2013 04:48:56 +0000]
[client] use libfko is_valid_ipv4_addr() for IP address validation

4 months agomove fuzzing_spa_packets file to perl/FKO/t/ for fuzzing tests
Michael Rash [Wed, 27 Nov 2013 02:44:53 +0000]
move fuzzing_spa_packets file to perl/FKO/t/ for fuzzing tests

This change moves the fuzzing_spa_packets file from the test/fuzzing/
directory into the perl FKO extension t/ directory and is now referenced
directly by the t/04_fuzzing.t test file.  The test suite itself also uses
this file for fuzzing tests as well, but having the FKO built-in tests
enables Test::Valgrind memory checks so it is useful to have this included
in the FKO sources.  (When the FKO module is submitted to CPAN, it should
not depend on non-local files, but it's ok for the test suite to reference
the ../perl/FKO/t/ directory.)

4 months agominor ChangeLog rewording for GPG fix
Michael Rash [Tue, 26 Nov 2013 04:15:35 +0000]
minor ChangeLog rewording for GPG fix

4 months ago[libfko] Bug fix to not decrypt with GnuGP without FKO_ENC_MODE_ASYMMETRIC
Michael Rash [Tue, 26 Nov 2013 04:11:01 +0000]
[libfko] Bug fix to not decrypt with GnuGP without FKO_ENC_MODE_ASYMMETRIC

[libfko] Bug fix to not attempt SPA packet decryption with GnuPG without
an fko object with encryption_mode set to FKO_ENC_MODE_ASYMMETRIC.  This
bug was caught with valgrind validation against the perl FKO extension
together with the set of SPA fuzzing packets in
test/fuzzing/fuzzing_spa_packets.  Note that this bug cannot be
triggered via fwknopd because additional checks are made within fwknopd
itself to force FKO_ENC_MODE_ASYMMETRIC whenever an access.conf stanza
contains GPG key information.  This fix strengthens libfko itself to
independently require that the usage of fko objects without GPG key
information does not result in attempted GPG decryption operations.  Hence
this fix applies mostly to third party usage of libfko - i.e. stock
installations of fwknopd are not affected.  As always, it is recommended to
use HMAC authenticated encryption whenever possible even for GPG modes since
this also provides a work around even for libfko prior to this fix.

4 months ago[test suite] added --cmd-verbose to control fwknop command verbosity levels
Michael Rash [Sat, 23 Nov 2013 04:00:20 +0000]
[test suite] added --cmd-verbose to control fwknop command verbosity levels

This commit provides an easy way to control how verbose fwknop command
execution will be.  For example, fwknopd only calls hex_dump() against
SPA packets when --verbose > 2, so invoking the tests suite as follows
will result in hex_dump() being included in fwknopd output (see the
output/1_fwknopd.test file:

./test-fwknop.pl --include "Rijndael.*complete.*22" --test-limit 1 --cmd-verbose "--verbose --verbose --verbose"

[+] candidate SPA packet payload:

  0x0000:  39 62 72 51 58 75 7a 4b  57 54 53 67 57 56 35 66 9brQXuzKWTSgWV5f
  0x0010:  73 63 78 42 35 78 69 51  65 6c 55 4f 53 78 69 45 scxB5xiQelUOSxiE
  0x0020:  51 30 59 6a 41 50 70 31  4f 70 43 62 32 51 4a 4c Q0YjAPp1OpCb2QJL
  0x0030:  48 34 42 65 68 64 6d 47  35 49 31 50 36 2f 5a 69 H4BehdmG5I1P6/Zi
  0x0040:  6a 34 4b 41 62 34 53 68  6a 59 66 4f 71 2b 46 6c j4KAb4ShjYfOq+Fl
  0x0050:  4a 35 52 75 70 33 39 6f  6e 65 42 79 72 51 46 57 J5Rup39oneByrQFW
  0x0060:  61 38 6c 37 63 48 6e 38  5a 54 36 59 6e 55 56 47 a8l7cHn8ZT6YnUVG
  0x0070:  50 36 6e 53 6f 69 30 61  70 72 32 52 39 62 6b 56 P6nSoi0apr2R9bkV
  0x0080:  37 50 61 67 41 61 6b 49  44 63 58 59 44 6b 2f 64 7PagAakIDcXYDk/d
  0x0090:  67 51 45 61 37 39 32 6f  30 4d 38 6e 30 30 6e 35 gQEa792o0M8n00n5
  0x00a0:  55                                               U

4 months agoAppArmor profile update to allow GnuPG link operations, closes #109
Michael Rash [Sat, 23 Nov 2013 03:36:17 +0000]
AppArmor profile update to allow GnuPG link operations, closes #109

This fix was submitted by Raybuntu through github.

4 months agoMerge branch 'master' of ssh://192.168.10.1/home/mbr/git/fwknop
Michael Rash [Fri, 22 Nov 2013 02:02:08 +0000]
Merge branch 'master' of ssh://192.168.10.1/home/mbr/git/fwknop

4 months ago[test suite] fix LD_LIBRARY_PATH for perl FKO 'make test' run
Michael Rash [Fri, 22 Nov 2013 02:01:17 +0000]
[test suite] fix LD_LIBRARY_PATH for perl FKO 'make test' run

4 months agoadded AppArmor policy to Makefile.am
Michael Rash [Fri, 22 Nov 2013 01:47:50 +0000]
added AppArmor policy to Makefile.am

4 months ago[test suite] better --lib-dir support for non-default LD_LIBRARY_PATH values
Michael Rash [Thu, 21 Nov 2013 04:14:57 +0000]
[test suite] better --lib-dir support for non-default LD_LIBRARY_PATH values

This commit allow the test suite to easily use a non-default LD_LIBRARY_PATH
in order to test mixed combinations of newly compiled fwknop client/server
binaries and previously installed versions of libfko.  This allows backwards
compatibility (and forwards compatibility) to be verified by the test suite.

For example, after compiling the fwknop client and server for the 2.5.2
release, one could use libfko from 2.5.1 to verify compatibility:

./test-fwknop.pl --enable-all --lib-path /home/mbr/install/fwknop-2.0.4/lib

See the --fwknop-path and --fwknopd-path args as well in order to support
arbitrary client/server/libfko combinations.

4 months ago[test suite] added short and long IP tests (1.1.1.1 and 123.123.123.123)
Michael Rash [Thu, 21 Nov 2013 04:10:36 +0000]
[test suite] added short and long IP tests (1.1.1.1 and 123.123.123.123)

4 months ago[libfko] implemented shared utility function for ipv4 address checking
Michael Rash [Wed, 20 Nov 2013 04:31:09 +0000]
[libfko] implemented shared utility function for ipv4 address checking

This commit implements a single shared utility function for checking the
validaty of an IPv4 address, and both libfko and the fwknopd server use it
now.  The client will be updated as well.

4 months ago[server] minor error code text typo fixes
Michael Rash [Wed, 20 Nov 2013 04:14:46 +0000]
[server] minor error code text typo fixes

4 months ago[test suite] minor update for SNAT tests to not restrict --fw-list search to 127...
Michael Rash [Tue, 19 Nov 2013 03:22:02 +0000]
[test suite] minor update for SNAT tests to not restrict --fw-list search to 127.0.0.2

4 months ago[test suite] remove init file before starting test run
Michael Rash [Mon, 18 Nov 2013 03:27:07 +0000]
[test suite] remove init file before starting test run

4 months agoadded tests/code_structure.pl file to Makefile.am
Michael Rash [Mon, 18 Nov 2013 02:26:51 +0000]
added tests/code_structure.pl file to Makefile.am

4 months ago[python extension] bug fix for missing error code constants (caught with code structu...
Michael Rash [Mon, 18 Nov 2013 01:44:41 +0000]
[python extension] bug fix for missing error code constants (caught with code structure test)

4 months ago[test suite] extended code structure errstr test to validate python extention error...
Michael Rash [Mon, 18 Nov 2013 01:43:28 +0000]
[test suite] extended code structure errstr test to validate python extention error code constants

4 months ago[perl FKO module] bug fix for missing error code constants (caught with code structur...
Michael Rash [Mon, 18 Nov 2013 00:52:09 +0000]
[perl FKO module] bug fix for missing error code constants (caught with code structure test)

4 months ago[test suite] extended code structure errstr test to validate perl FKO constants
Michael Rash [Mon, 18 Nov 2013 00:50:42 +0000]
[test suite] extended code structure errstr test to validate perl FKO constants

5 months ago[libfko] bug fix caught by new code structure error str test to add string for FKO_ER...
Michael Rash [Sun, 17 Nov 2013 04:23:32 +0000]
[libfko] bug fix caught by new code structure error str test to add string for FKO_ERROR_INVALID_DATA_DECODE_EXTRA_TOOBIG

5 months ago[test suite] added tests/code_structure.pl with a test for expected lib/fko.h error...
Michael Rash [Sun, 17 Nov 2013 04:22:25 +0000]
[test suite] added tests/code_structure.pl with a test for expected lib/fko.h error code fko_errstr() handling

5 months ago[test suite] minor addition to fko-wrapper to call fko_errstr() across valid and...
Michael Rash [Sun, 17 Nov 2013 01:36:39 +0000]
[test suite] minor addition to fko-wrapper to call fko_errstr() across valid and invalid values

5 months ago[libfko] move is_base64 check to libfko
Michael Rash [Sun, 17 Nov 2013 00:20:08 +0000]
[libfko] move is_base64 check to libfko

This commit replaces the separately implemented client/server
is_base64() check with a single libfko function, and libfko itself now
uses it as well before prepending Rijndael or GnuPG base64 encoded
prefixes.

5 months agoMerge branch 'mac_os_x_mavericks_build' of ssh://10.211.55.3/home/parallels/git/fwkno...
Michael Rash [Fri, 15 Nov 2013 19:55:28 +0000]
Merge branch 'mac_os_x_mavericks_build' of ssh://10.211.55.3/home/parallels/git/fwknop into mac_os_x_mavericks_build

5 months agominor hex_dump() formatting bug fix to properly align ascii remainder output
Michael Rash [Fri, 15 Nov 2013 03:55:51 +0000]
minor hex_dump() formatting bug fix to properly align ascii remainder output

5 months ago[libfko] minor update to print 'None' for the HMAC type when an HMAC is not used...
Michael Rash [Fri, 15 Nov 2013 04:13:33 +0000]
[libfko] minor update to print 'None' for the HMAC type when an HMAC is not used instead of just diplaying '()'

5 months ago[test suite] handle LD_LIBRARY_PATH from the main test-fwknop.pl script
Michael Rash [Fri, 15 Nov 2013 03:47:13 +0000]
[test suite] handle LD_LIBRARY_PATH from the main test-fwknop.pl script

5 months ago[test suite] added Rijndael/HMAC compatibility tests for Mac OS X 10.9
Michael Rash [Thu, 14 Nov 2013 04:17:09 +0000]
[test suite] added Rijndael/HMAC compatibility tests for Mac OS X 10.9

5 months ago[test suite] minor cleanup to remove uncessary 'fatal' test hash keys
Michael Rash [Thu, 14 Nov 2013 04:11:43 +0000]
[test suite] minor cleanup to remove uncessary 'fatal' test hash keys

5 months ago[test suite] added support for 'otool' instead of 'ldd' on Mac OS X systems
Michael Rash [Wed, 13 Nov 2013 04:32:24 +0000]
[test suite] added support for 'otool' instead of 'ldd' on Mac OS X systems

5 months agominor extras/apparmor configure_args.sh path typo fix
Michael Rash [Wed, 13 Nov 2013 04:26:58 +0000]
minor extras/apparmor configure_args.sh path typo fix

5 months agoadded extras/apparmor configure_args.sh helper script for building fwknop with args...
Michael Rash [Wed, 13 Nov 2013 04:26:54 +0000]
added extras/apparmor configure_args.sh helper script for building fwknop with args that AppArmor expects

5 months ago[test suite] added DYLD_LIBRARY_PATH for Mac OS X 10.9 mac_os_x_mavericks_build
Michael Rash [Wed, 13 Nov 2013 04:05:16 +0000]
[test suite] added DYLD_LIBRARY_PATH for Mac OS X 10.9

5 months ago[server] ignore pcap direction for sniffing link type DLT_NULL interfaces (fixes...
Michael Rash [Wed, 13 Nov 2013 04:04:35 +0000]
[server] ignore pcap direction for sniffing link type DLT_NULL interfaces (fixes OS X 10.9 test suite runs)

5 months ago[libfko] Candidate build fix for Mac OS X 10.9 (closes #108)
Michael Rash [Wed, 13 Nov 2013 02:36:14 +0000]
[libfko] Candidate build fix for Mac OS X 10.9 (closes #108)

Nikolay Kolev reported a build issue on Mac OS X 10.9 (Mavericks) where fwknop
copies of strlcpy() and strlcat() functions were conflicting with those that ship
with OS X 10.9.

The solution was to add a configure.ac check for strlcat() and strlcpy() and
wrap "#if !HAVE_..." checks around those functions.

A portion of the build errors looked like this:

/Applications/Xcode.app/Contents/Developer/usr/bin/make  all-recursive
Making all in lib
/bin/sh ../libtool  --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I. -I..   -I ../common   -g -O2 -Wall -Wformat -Wformat-security -fstack-protector-all -fstack-protector -fPIE -D_FORTIFY_SOURCE=2 -MT base64.lo -MD -MP -MF .deps/base64.Tpo -c -o base64.lo base64.c
libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I.. -I ../common -g -O2 -Wall -Wformat -Wformat-security -fstack-protector-all -fstack-protector -D_FORTIFY_SOURCE=2 -MT base64.lo -MD -MP -MF .deps/base64.Tpo -c base64.c  -fno-common -DPIC -o .libs/base64.o
In file included from base64.c:34:
In file included from ./fko_common.h:149:
./fko_util.h:56:9: error: expected parameter declarator
size_t  strlcat(char *dst, const char *src, size_t siz);
        ^
/usr/include/secure/_string.h:111:44: note: expanded from macro 'strlcat'
  __builtin___strlcat_chk (dest, src, len, __darwin_obsz (dest))
                                           ^
/usr/include/secure/_common.h:39:62: note: expanded from macro '__darwin_obsz'
 #define __darwin_obsz(object) __builtin_object_size (object, _USE_FORTIFY_LEVEL > 1 ? 1 : 0)
                                                             ^

5 months ago[perl FKO module] added a series of encryption + HMAC key tests with single bytes...
Michael Rash [Thu, 31 Oct 2013 03:39:48 +0000]
[perl FKO module] added a series of encryption + HMAC key tests with single bytes converted to NULL