From e20586dfe65d9c2f194407d2752bdd981da588e3 Mon Sep 17 00:00:00 2001 From: Michael Rash Date: Thu, 25 Jul 2013 20:36:45 -0400 Subject: [PATCH] updated ChangeLog.git file to reflect changes from 2.5 -> 2.5.1 --- ChangeLog.git | 6889 +------------------------------------------------ 1 file changed, 44 insertions(+), 6845 deletions(-) diff --git a/ChangeLog.git b/ChangeLog.git index 1d484e84..02d3efb4 100644 --- a/ChangeLog.git +++ b/ChangeLog.git @@ -1,6869 +1,68 @@ -commit 65dc33dd9c2cc6e484e94d86e8b23e69cb7dbd56 (HEAD, refs/heads/master) +commit 90841762cf57504018ff4a93c85c0114f8f27bb1 (HEAD, refs/heads/master) Author: Michael Rash -Date: Thu Jul 18 23:06:24 2013 -0400 +Date: Thu Jul 25 20:33:37 2013 -0400 - [client] added --use-hmac to --help output (noticed by Damien) - - client/config_init.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -commit 35d168cf21d94cdf162521b0d62d62710fd341ae -Author: Michael Rash -Date: Thu Jul 18 23:05:49 2013 -0400 - - added fwknop-2.5 release date - - ChangeLog | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -commit 3ee8b47870736f96adf6add91532acde8ff377cb (refs/remotes/web/master, refs/remotes/origin/master) -Author: Michael Rash -Date: Thu Jul 18 17:30:25 2013 -0400 - - [client] fix minor memory leak in getpasswd() routine caught by the test suite in valgrind mode - - client/getpasswd.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -commit f2d829535b9692a0df01f8b41ec9894c6474b2e1 -Author: Michael Rash -Date: Thu Jul 18 00:15:22 2013 -0400 - - [client] fix minor compilation warning about an unused variable - - client/getpasswd.c | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -commit 708e3027f5293f3c7cf7edff48ad3ef73c918809 -Author: Michael Rash -Date: Wed Jul 17 23:51:54 2013 -0400 - - Revert "[libfko] Have 'make install' run ldconfig if basic fwknop/fwknopd -h exec fails" - - This reverts commit f55b89c867ab63aaf69daae0aec0c19f1c52d521. - - Damien recommended not having 'make install' run ldconfig since it breaks an RPM - build of fwknop, and most package managers should be doing this step anyway. - - CREDITS | 3 --- - Makefile.am | 11 ----------- - 2 files changed, 14 deletions(-) - -commit f7a821d0820965a8e4b800744c89018f26da669a -Author: Michael Rash -Date: Wed Jul 17 23:34:37 2013 -0400 - - minor ChangeLog text tweaks and one typo fix - - ChangeLog | 14 +++++++------- - lib/rijndael.c | 2 +- - 2 files changed, 8 insertions(+), 8 deletions(-) - -commit 4b0f0802eedb1451029aac319ff063182650ee07 -Author: Damien S. Stuart -Date: Wed Jul 17 22:46:24 2013 -0400 - - Tweaks to unbreak the windows build: Renamed FD_SET macro to FD_SET_ALT to avoid conflict with the well-known FD_SET macro. Made the client read password from file descriptor a non-supported function on Windows. - - client/cmd_opts.h | 4 ++-- - client/config_init.c | 10 +++++++++- - client/getpasswd.c | 27 +++++++-------------------- - common/common.h | 1 + - lib/fko_common.h | 2 +- - 5 files changed, 20 insertions(+), 24 deletions(-) - -commit 39213beda75697fa89a9d825d48e40803f1171ff -Author: Michael Rash -Date: Sun Jul 14 17:46:48 2013 -0400 - - add legacy_iv_long_key2_access.conf file to Makefile.am - - Makefile.am | 1 + - 1 file changed, 1 insertion(+) - -commit dac75c0242c988ebe3eafc71c52967c805712bfe -Author: Michael Rash -Date: Sun Jul 14 15:37:24 2013 -0400 - - [server] restore backwards compatibility for Rijndael keys > 16 bytes in legacy mode by truncating (upgrading recommended of course) - - server/access.c | 15 +++++++++++++- - test/conf/legacy_iv_long_key2_access.conf | 4 ++++ - test/test-fwknop.pl | 1 + - test/tests/rijndael_backwards_compatibility.pl | 28 ++++++++++++++++++-------- - 4 files changed, 39 insertions(+), 9 deletions(-) - -commit 510361fa73a9a04ae8553cc3b4bb783aab03fb13 -Author: Michael Rash -Date: Sun Jul 14 14:38:03 2013 -0400 - - [test suite] account for timestamp differences in iptables rule duplication tests - - test/test-fwknop.pl | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++--- - 1 file changed, 52 insertions(+), 3 deletions(-) - -commit dcf9c99fb5ab245cd363b277aafb240ac07e8125 -Author: Michael Rash -Date: Sun Jul 14 14:37:22 2013 -0400 - - [server] iptables rule duplication bug fix to look for protocol name with -C support isn't available - - server/fw_util_iptables.c | 41 ++++++++++++++++++++++++++++++----------- - 1 file changed, 30 insertions(+), 11 deletions(-) - -commit 44aefd117764c147a23fb3f6bf61c0456f9d0ef8 -Author: Michael Rash -Date: Sat Jul 13 23:22:58 2013 -0400 - - [test suite] bug fix to ensure multiple SPA packets are sent for iptables duplicated rules tests - - test/test-fwknop.pl | 102 ++++++++++++++++++++------------------------ - test/tests/rijndael.pl | 4 +- - test/tests/rijndael_hmac.pl | 1 - - 3 files changed, 49 insertions(+), 58 deletions(-) - -commit baa964a8cd7bdc61032fe9285ac6c651fd7403a0 -Author: Michael Rash -Date: Sat Jul 13 23:22:29 2013 -0400 - - [server] removed iptables '-C' redirection since 2>&1 is always appended by other macros - - server/fw_util_iptables.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -commit a7de80e66eda7317c428d3c38dd08212553473ce -Author: Michael Rash -Date: Fri Jul 12 23:22:50 2013 -0400 - - [server] Account for older versions of iptables that don't have -C - - This commit updates fwknopd to test for the existance of the iptables '-C' - rule checking functionality since older versions of iptables don't have this. - If it isn't offered by the installed version of iptables, then revert to parsing - fwknop chains to see if iptables rules already exist before adding new rules (to - avoid duplicates). - - server/fw_util_iptables.c | 350 ++++++++++++++++++++++++++++++++++++++-------- - server/fw_util_iptables.h | 4 +- - 2 files changed, 297 insertions(+), 57 deletions(-) - -commit f391b1391dd73faf8e65ff47d31431d6585049cf -Author: Michael Rash -Date: Fri Jul 12 23:21:38 2013 -0400 - - [libfko] apply zero_buf() to stack allocated Rijndael context for encrypt/decrypt - - lib/cipher_funcs.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -commit 3e8e9f76a07f75d5cb3da7df08ac09e511002f5e -Author: Michael Rash -Date: Thu Jul 11 22:13:40 2013 -0400 - - minor README typo fixes - - README | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -commit 96641059064136c828f5a282bba4a289e39b37ce -Author: Michael Rash -Date: Wed Jul 10 23:11:29 2013 -0400 - - [server] compile bug fix for pf/ipfw firewall systems - - server/fw_util_ipfw.c | 4 ++-- - server/fw_util_pf.c | 4 ++-- - 2 files changed, 4 insertions(+), 4 deletions(-) - -commit e75c10c6e594dcb3c13e5771ed98094d5912b1b0 -Author: Michael Rash -Date: Wed Jul 10 23:10:23 2013 -0400 - - [libfko] use zero_free_rv - dead code bug fix found by CLANG static analyzer - - lib/fko_encryption.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - -commit 6c24b1c858194b809c19167c1aeabccd73fd10f5 -Author: Michael Rash -Date: Wed Jul 10 23:09:41 2013 -0400 - - [libfko] always call free() from zero_free() on all non-NULL buf pointers - - lib/fko_util.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -commit a42bfd38c2303ef78a42fcf2e0583560172a86d7 -Author: Michael Rash -Date: Wed Jul 10 23:07:43 2013 -0400 - - [libfko] bug fix to set digest length upon SPA packet decode - - This bug was caught with the fko_wrapper.c multi-call tester running under - valgrind. - - lib/fko_decode.c | 5 +++++ - 1 file changed, 5 insertions(+) - -commit a009ebfde29586e6aa94904a281c756b050f3ba1 -Author: Michael Rash -Date: Tue Jul 9 23:21:12 2013 -0400 - - [client] minor man page update to state that -a is more secure than -R - - client/fwknop.8.in | 22 +++++++++++++++++----- - doc/fwknop.man.asciidoc | 13 ++++++++++--- - 2 files changed, 27 insertions(+), 8 deletions(-) - -commit 3756b831f5ff1db9b3f97647bb93a0e12cc394ae -Author: Michael Rash -Date: Tue Jul 9 22:17:05 2013 -0400 - - simplified zero_free() calls in support of #93 - - lib/fko_encryption.c | 100 +++++++++++++++++++++++++++++++-------------------- - lib/fko_funcs.c | 10 +++--- - lib/fko_hmac.c | 24 +++++++------ - lib/fko_util.c | 10 +++--- - lib/fko_util.h | 2 +- - 5 files changed, 85 insertions(+), 61 deletions(-) - -commit 189a183e1887d9ddb7693184e6784f768234d42b -Author: Michael Rash -Date: Tue Jul 9 21:40:23 2013 -0400 - - allow zero length to return FKO_SUCCESS from zero_buf() call - - client/fwknop.c | 8 ++++++-- - lib/fko_util.c | 8 ++++++-- - 2 files changed, 12 insertions(+), 4 deletions(-) - -commit 69760d49c5a5c0e4d3f5279d75c556c82f7d522c -Author: Michael Rash -Date: Tue Jul 9 21:18:45 2013 -0400 - - [libfko] return proper GPG error code upon gpg_decrypt() failure - - lib/fko_encryption.c | 14 +++++++++++--- - 1 file changed, 11 insertions(+), 3 deletions(-) - -commit 5915ee72a94ffb2ef4200f1578fd34a0817d0b30 -Author: Michael Rash -Date: Tue Jul 9 21:18:06 2013 -0400 - - [libfko] add ctx initialized check to fko_gpg_errstr() - - lib/fko_error.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -commit bf2a8d5914f1cc6138e00427ae9c9d825622bed2 -Author: Michael Rash -Date: Tue Jul 9 21:17:03 2013 -0400 - - clarified NEWS file to state that fwknop is distributed under the GPL v2 - - NEWS | 8 +++----- - 1 file changed, 3 insertions(+), 5 deletions(-) - -commit 5e3ec3b61117d116695e895f475d2a4e9fc2dc78 -Author: Michael Rash -Date: Tue Jul 9 21:13:07 2013 -0400 - - [client] in '-M legacy' mode truncate the key to 16 bytes - - This change helps to maintain backwards compatibility with older fwknopd daemons - that cannot handle Rijndael keys greater than 16 bytes. Blair Zajac suggested - printing a warning in '-M legacy' mode when keys are attempted > 16 bytes long, - and this warning is included in this commit. - - CREDITS | 3 +++ - client/fwknop.c | 36 +++++++++++++++++++++++++----------- - 2 files changed, 28 insertions(+), 11 deletions(-) - -commit 1b524f8104fad766176f99ee6530988e19dd94fb -Author: Michael Rash -Date: Mon Jul 8 23:06:57 2013 -0400 - - [client] make legacy encryption mode and HMAC usage mutually exclusive - - client/config_init.c | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -commit 24c4c5e208bcc61734c61b6b07546c981963685b -Author: Michael Rash -Date: Mon Jul 8 23:00:18 2013 -0400 - - continued zeroing out of sensitive data buffers in support of issue #93 - - client/fwknop.c | 73 +++++++++++++++++--------------- - lib/fko.h | 5 ++- - lib/fko_context.h | 1 + - lib/fko_encryption.c | 114 ++++++++++++++++++++++++++++---------------------- - lib/fko_error.c | 3 ++ - lib/fko_funcs.c | 28 +++++++++---- - lib/fko_hmac.c | 35 +++++++++++----- - lib/fko_util.c | 36 ++++++++++++++++ - lib/fko_util.h | 2 + - server/access.c | 21 ++++------ - server/incoming_spa.c | 31 +++++++++++--- - 11 files changed, 227 insertions(+), 122 deletions(-) - -commit 1e77f6ed53b0d7ee1ccd1fbdb6d4f2f8579ec608 -Author: Michael Rash -Date: Sun Jul 7 22:32:30 2013 -0400 - - continued changes to zero out sensitive information before exit (#93) - - client/config_init.c | 3 +- - client/fwknop.c | 315 ++++++++++++++++++++++++++++---------------------- - client/getpasswd.c | 16 +-- - client/getpasswd.h | 2 +- - client/spa_comm.c | 21 ++-- - client/utils.c | 75 ++++++------ - lib/fko_encryption.c | 1 - - server/access.c | 5 +- - server/config_init.c | 3 +- - server/fwknopd.c | 6 +- - server/replay_cache.c | 3 +- - server/utils.c | 75 +++++++----- - 12 files changed, 297 insertions(+), 228 deletions(-) - -commit 6f6f7b8de28ab8ef42601256a28134dd80f82f48 -Author: Michael Rash -Date: Sat Jul 6 15:05:09 2013 -0400 - - [server] update fw_config_init() to allow access stanza key information to be zeroed out upon error (#93) - - server/fw_util.h | 2 +- - server/fw_util_ipf.c | 2 +- - server/fw_util_ipfw.c | 12 ++++++------ - server/fw_util_iptables.c | 42 +++++++++++++++++++++++++++--------------- - server/fw_util_pf.c | 2 +- - server/fwknopd.c | 3 ++- - 6 files changed, 38 insertions(+), 25 deletions(-) - -commit cb61fd886d8559f9754392c7934f68b9f22ce2da -Author: Michael Rash -Date: Sat Jul 6 14:53:04 2013 -0400 - - [server] minor header formating update - - server/fwknopd_common.h | 34 +++++++++++++++++----------------- - 1 file changed, 17 insertions(+), 17 deletions(-) - -commit 4ff518d54a3b64457defe41328a65664b0c63fe0 -Author: Michael Rash -Date: Sat Jul 6 14:52:46 2013 -0400 - - [server] zero out access stanza key information before exit (in support of #93) - - server/access.c | 28 ++++++++++++++++++++++++++++ - server/fw_util.h | 2 +- - server/fw_util_ipf.c | 3 ++- - server/fw_util_ipfw.c | 10 ++++++---- - server/fw_util_iptables.c | 13 +++++-------- - server/fw_util_pf.c | 4 ++-- - server/fwknopd.c | 3 ++- - 7 files changed, 46 insertions(+), 17 deletions(-) - -commit ff8a3ef3a4a3b15f2f60b71f649733c3153a5763 (refs/remotes/fjoncourt/master) -Author: Franck Joncourt -Date: Sun Jun 30 22:38:41 2013 +0200 - - Another change. - - README | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -commit 9d7feb52f6db0d6c67691909a93ebf96317c8620 -Merge: c2e1a00 ce10734 -Author: Franck Joncourt -Date: Sun Jun 30 22:22:34 2013 +0200 - - Merge remote-tracking branch 'upstream/master' - -commit c2e1a00154836f4c05aa8d9c5356d722c6db206a -Author: Franck Joncourt -Date: Sun Jun 30 22:21:22 2013 +0200 - - s/GNU Public/GNU General Public/g - - android/project/jni/config.h | 2 +- - android/project/jni/fwknop/fko.h | 2 +- - android/project/jni/fwknop/fko_limits.h | 2 +- - android/project/jni/fwknop/fko_message.h | 2 +- - android/project/jni/fwknop/fwknop_client.c | 2 +- - android/project/jni/fwknop/fwknop_client.h | 2 +- - android/project/jni/fwknop/send_spa_packet.c | 2 +- - android/project/jni/logutils.h | 2 +- - android/project/src/com/max2idea/android/fwknop/Fwknop.java | 2 +- - client/cmd_opts.h | 2 +- - client/config_init.c | 2 +- - client/config_init.h | 2 +- - client/fwknop.8.in | 2 +- - client/fwknop.c | 2 +- - client/fwknop.h | 2 +- - client/fwknop_common.h | 2 +- - client/getpasswd.c | 2 +- - client/getpasswd.h | 2 +- - client/http_resolve_host.c | 2 +- - client/log_msg.c | 2 +- - client/log_msg.h | 2 +- - client/spa_comm.c | 2 +- - client/spa_comm.h | 2 +- - client/utils.c | 2 +- - client/utils.h | 2 +- - common/common.h | 2 +- - common/netinet_common.h | 2 +- - extras/fwknop-launcher/fwknop-launcher-lsof.pl | 2 +- - iphone/Classes/fwknop/fwknop_client.c | 2 +- - iphone/Classes/fwknop/fwknop_client.h | 2 +- - iphone/Classes/fwknop/send_spa_packet.c | 2 +- - iphone/Classes/libfwknop/fko_common.b | 2 +- - lib/base64.c | 2 +- - lib/base64.h | 2 +- - lib/cipher_funcs.c | 2 +- - lib/cipher_funcs.h | 2 +- - lib/digest.c | 2 +- - lib/digest.h | 2 +- - lib/fko.h | 2 +- - lib/fko_client_timeout.c | 2 +- - lib/fko_common.h | 2 +- - lib/fko_context.h | 2 +- - lib/fko_decode.c | 2 +- - lib/fko_digest.c | 2 +- - lib/fko_encode.c | 2 +- - lib/fko_encryption.c | 2 +- - lib/fko_error.c | 2 +- - lib/fko_funcs.c | 2 +- - lib/fko_hmac.c | 2 +- - lib/fko_limits.h | 2 +- - lib/fko_message.c | 2 +- - lib/fko_message.h | 2 +- - lib/fko_nat_access.c | 2 +- - lib/fko_rand_value.c | 2 +- - lib/fko_server_auth.c | 2 +- - lib/fko_state.h | 2 +- - lib/fko_timestamp.c | 2 +- - lib/fko_user.c | 2 +- - lib/fko_user.h | 2 +- - lib/fko_util.c | 2 +- - lib/fko_util.h | 2 +- - lib/gpgme_funcs.c | 2 +- - lib/gpgme_funcs.h | 2 +- - lib/hmac.c | 2 +- - lib/hmac.h | 2 +- - lib/md5.h | 2 +- - lib/rijndael.c | 2 +- - lib/rijndael.h | 2 +- - lib/sha1.h | 2 +- - perl/legacy/fwknop/Makefile | 2 +- - perl/legacy/fwknop/deps/Crypt-Rijndael/README | 2 +- - perl/legacy/fwknop/deps/Crypt-Rijndael/Rijndael.pm | 2 +- - perl/legacy/fwknop/fwknop | 2 +- - perl/legacy/fwknop/fwknop.h | 2 +- - perl/legacy/fwknop/fwknop_funcs.c | 2 +- - perl/legacy/fwknop/fwknop_serv | 2 +- - perl/legacy/fwknop/fwknopd | 2 +- - perl/legacy/fwknop/install.pl | 2 +- - perl/legacy/fwknop/knopmd.c | 2 +- - perl/legacy/fwknop/knoptm | 2 +- - perl/legacy/fwknop/knopwatchd.c | 2 +- - perl/legacy/fwknop/packaging/cd_rpmbuilder | 2 +- - perl/legacy/fwknop/test/base64_byte_frequency.pl | 2 +- - perl/legacy/fwknop/test/fwknop_test.pl | 2 +- - server/access.c | 2 +- - server/access.h | 2 +- - server/cmd_opts.h | 2 +- - server/config_init.c | 2 +- - server/config_init.h | 2 +- - server/extcmd.c | 2 +- - server/extcmd.h | 2 +- - server/fw_util.c | 2 +- - server/fw_util.h | 2 +- - server/fw_util_ipf.c | 2 +- - server/fw_util_ipf.h | 2 +- - server/fw_util_ipfw.c | 2 +- - server/fw_util_ipfw.h | 2 +- - server/fw_util_iptables.c | 2 +- - server/fw_util_iptables.h | 2 +- - server/fw_util_pf.c | 2 +- - server/fw_util_pf.h | 2 +- - server/fwknopd.c | 2 +- - server/fwknopd.h | 2 +- - server/fwknopd_common.h | 2 +- - server/fwknopd_errors.c | 2 +- - server/fwknopd_errors.h | 2 +- - server/incoming_spa.c | 2 +- - server/incoming_spa.h | 2 +- - server/log_msg.c | 2 +- - server/log_msg.h | 2 +- - server/pcap_capture.c | 2 +- - server/pcap_capture.h | 2 +- - server/process_packet.c | 2 +- - server/process_packet.h | 2 +- - server/replay_cache.c | 2 +- - server/replay_cache.h | 2 +- - server/sig_handler.c | 2 +- - server/sig_handler.h | 2 +- - server/tcp_server.c | 2 +- - server/tcp_server.h | 2 +- - server/utils.c | 2 +- - server/utils.h | 2 +- - win32/config.h | 2 +- - win32/getlogin.h | 2 +- - 124 files changed, 124 insertions(+), 124 deletions(-) - -commit ce10734c3a27257a83515b15538f04ddc57303a7 -Author: Michael Rash -Date: Sun Jun 30 16:12:29 2013 -0400 - - Added LICENSE section and a link to the fwknop tutorial - - README | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -commit a792e8bf4eacf59aaefb12281241cd563cc33ebe -Author: Michael Rash -Date: Sun Jun 30 15:55:01 2013 -0400 - - minor man page documentation updates (added twitter reference) - - client/fwknop.8.in | 8 +++++--- - doc/fwknop.man.asciidoc | 7 +++++-- - doc/fwknopd.man.asciidoc | 7 +++++-- - server/fwknopd.8.in | 8 +++++--- - 4 files changed, 20 insertions(+), 10 deletions(-) - -commit f1e946cf02c5354b173f2dd5c74f6b8549a93202 -Author: Michael Rash -Date: Sun Jun 30 15:52:47 2013 -0400 - - updated README to include the introduction from the fwknop man page - - README | 93 +++++++++++++++++++++++++++++++++++++++++++++++++++--------------- - 1 file changed, 72 insertions(+), 21 deletions(-) - -commit f55b89c867ab63aaf69daae0aec0c19f1c52d521 (tag: refs/tags/fwknop-2.5-pre3) -Author: Michael Rash -Date: Sun Jun 30 14:50:12 2013 -0400 - - [libfko] Have 'make install' run ldconfig if basic fwknop/fwknopd -h exec fails - - This commit makes sure that if running 'fwknop -h' or 'fwknopd -h' appears to - fail then run ldconfig under the 'make install' step. George Herlin reported - that on some systems ldconfig was not automatically getting executed via the - autoconf Makefile config, and since fwknop/fwknopd depend on a shared library - (libfko), ldconfig needs to be executed by 'make install' if it wasn't already - done. - - CREDITS | 3 +++ - Makefile.am | 11 +++++++++++ - 2 files changed, 14 insertions(+) - -commit 8ed088051e461c480b8b534a3830f0371a56e18a -Author: Michael Rash -Date: Sat Jun 29 10:39:07 2013 -0400 - - [libfko] fix a few 'Overfull \hbox' errors in libfko .pdf generation - - doc/libfko.texi | 25 ++++++++++++++----------- - 1 file changed, 14 insertions(+), 11 deletions(-) - -commit 5a4a8a5baa725c59ad3764f2eed563a1202805f1 -Author: Michael Rash -Date: Thu Jun 27 22:15:39 2013 -0400 - - [server] convert several LOG_INFO messages to LOG_DEBUG - - server/fw_util_ipfw.c | 26 +++++++++++++------------- - server/fw_util_iptables.c | 36 ++++++++++++++++++------------------ - 2 files changed, 31 insertions(+), 31 deletions(-) - -commit 7eacb5ba5a0b1b4d094de5ce831624d20353c7e2 -Merge: 5a0700e 47a7ffe -Author: Michael Rash -Date: Thu Jun 27 21:55:58 2013 -0400 - - Merge remote-tracking branch 'fjoncourt/master' - -commit 5a0700eb469d86f659a8eae0bc7cd616508751e3 -Author: Franck Joncourt -Date: Tue Jun 25 22:04:54 2013 +0200 - - * Mentionned the VERBOSE variable in fwknopd.conf. - * Made sure the -v command line switch overrides the value of the - VERBOSE variable set in an fwknopd.conf file. - - server/config_init.c | 8 ++------ - server/fwknopd.conf | 7 +++++++ - 2 files changed, 9 insertions(+), 6 deletions(-) - -commit 10fdbb509ccaa8dca454f2e1a19dfa93d3951c86 -Author: Franck Joncourt -Date: Tue Jun 25 21:56:53 2013 +0200 - - s/VERBOSITY/VERBOSE/g on the server side for consistency purposes. - - server/cmd_opts.h | 2 +- - server/config_init.c | 8 ++++---- - server/fwknopd_common.h | 2 +- - 3 files changed, 6 insertions(+), 6 deletions(-) - -commit 7fde3949daa0926b402f3184589270d1c8d64041 -Author: Franck Joncourt -Date: Mon Jun 24 23:15:50 2013 +0200 - - Fixed use of --verbose command line switch. - - Set default log verbosity to LOG_INFO in the log_msg driver. - - server/config_init.c | 44 ++++++++++++++++++++++++-------------------- - server/log_msg.h | 2 +- - 2 files changed, 25 insertions(+), 21 deletions(-) - -commit 5db1eeb2686030ee6fa367b983ef916561c4dc77 -Author: Franck Joncourt -Date: Thu Jun 20 23:33:04 2013 +0200 - - Interim commit to add a VERBOSE variable to fwknopd. - - client/config_init.c | 3 +++ - server/cmd_opts.h | 1 + - server/config_init.c | 21 ++++++++++++++++++--- - server/fwknopd_common.h | 1 + - 4 files changed, 23 insertions(+), 3 deletions(-) - -commit 25058f9d130dbc7ecbc415031a982b569adab50f -Author: Michael Rash -Date: Thu Jun 27 21:26:49 2013 -0400 - - [test suite] bug fix for rotate digest cache tests - - When the test suite is executed with '--include "rotate"' then previous tests - aren't executed in order to create a new digest cache file. So, when init() is - called and a clean slate is established, there is nothing to rotate away. This - change creates the default digest cache data (comment line only) if the file - doesn't already exist for the rotate tests. - - test/test-fwknop.pl | 8 ++++++++ - 1 file changed, 8 insertions(+) - -commit 1a9c8914df18c6cc0ac43435b1ba645c01c634bd -Author: Michael Rash -Date: Thu Jun 27 21:26:31 2013 -0400 - - bumped VERSION file to fwknop-2.5 - - VERSION | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -commit 37b624ac8b45093096492555ecfc3541ef462891 -Author: Michael Rash -Date: Thu Jun 27 21:21:10 2013 -0400 - - bump version to 2.5, minor fwknopd -S exit status update - - This commit bumps the fwknop version to 2.5 and sets the libfko version to 2.0 to - signal incompatibility with older libfko versions. Backwards compatibility is - maintained in SPA packet construction, but function prototypes in libfko-2.0 are - no longer compatible with older versions. - - This commit also returns non-zero exit status under 'fwknopd --status' if there - is no existing fwknopd process. This is better than always exiting with a zero - status regardless of whether fwknopd is already running or not, and adds a level - of scriptability to --status usage. This change was suggested by George Herlin. - - client/fwknop.8.in | 14 +++++++------- - configure.ac | 2 +- - doc/fwknop.man.asciidoc | 8 ++++---- - doc/fwknopd.man.asciidoc | 5 +++-- - fwknop.spec | 6 +++--- - lib/fko.h | 2 +- - server/fwknopd.8.in | 6 +++--- - server/fwknopd.c | 8 ++++++-- - 8 files changed, 28 insertions(+), 23 deletions(-) - -commit 47a7ffe22bc82f8f60867979842d6147b0bc4bbf -Merge: 5413d1c d125146 -Author: Franck Joncourt -Date: Tue Jun 25 23:03:28 2013 +0200 - - Merge remote-tracking branch 'upstream/master' - -commit 5413d1c48c9e37adada0b7c74018d7da5746d188 -Author: Franck Joncourt -Date: Tue Jun 25 22:04:54 2013 +0200 - - * Mentionned the VERBOSE variable in fwknopd.conf. - * Made sure the -v command line switch overrides the value of the - VERBOSE variable set in an fwknopd.conf file. - - server/config_init.c | 8 ++------ - server/fwknopd.conf | 7 +++++++ - 2 files changed, 9 insertions(+), 6 deletions(-) - -commit 4525a7e57c1a9e0880e30c69688c569c9ab1ed45 -Author: Franck Joncourt -Date: Tue Jun 25 21:56:53 2013 +0200 - - s/VERBOSITY/VERBOSE/g on the server side for consistency purposes. - - server/cmd_opts.h | 2 +- - server/config_init.c | 8 ++++---- - server/fwknopd_common.h | 2 +- - 3 files changed, 6 insertions(+), 6 deletions(-) - -commit 07f96f86f8e61d7d57b1675d465d1b0d24ad09b0 -Author: Franck Joncourt -Date: Mon Jun 24 23:15:50 2013 +0200 - - Fixed use of --verbose command line switch. - - Set default log verbosity to LOG_INFO in the log_msg driver. - - server/config_init.c | 44 ++++++++++++++++++++++++-------------------- - server/log_msg.h | 2 +- - 2 files changed, 25 insertions(+), 21 deletions(-) - -commit 2812897666092abb2887aa4d7012535629dbf17f -Author: Michael Rash -Date: Fri Jun 21 21:37:23 2013 -0400 - - ChangeLog 2.5 updates - - ChangeLog | 19 ++++++++++++++++++- - 1 file changed, 18 insertions(+), 1 deletion(-) - -commit d125146c37de1e31e1a59bc133c64c59ea22ea1e -Author: Michael Rash -Date: Fri Jun 21 21:11:23 2013 -0400 - - [server] minor --help update to include cipherdyne.org URL - - server/config_init.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -commit 371036bad0974e1968615be1ddabaa2cbf8405cd -Author: Michael Rash -Date: Fri Jun 21 21:08:38 2013 -0400 - - [client] re-use encryption/HMAC keys in --test mode - - The client --test mode decrypts SPA packet data as a final step, but get_keys() - was being called to re-acquire the encryption/HMAC keys. This commit reuses - the same keys that were supplied for SPA packet encryption/authentication - because the most important code to test is not get_keys() but rather libfko - encryption/decryption/authentication operations. - - client/fwknop.c | 41 ++++++++--------------------------------- - client/fwknop.h | 5 ----- - server/fwknopd.h | 5 ----- - 3 files changed, 8 insertions(+), 43 deletions(-) - -commit 6b132862fdb7503fba53c5da61992229a5f7db60 -Author: Michael Rash -Date: Thu Jun 20 22:12:29 2013 -0400 - - [client] minor man page backwards compatibility wording tweak - - client/fwknop.8.in | 6 +++--- - doc/fwknop.man.asciidoc | 16 +++++++++------- - 2 files changed, 12 insertions(+), 10 deletions(-) - -commit 047513710aec6d20dd9f0d030854267c1db9f0ef -Author: Michael Rash -Date: Thu Jun 20 22:11:42 2013 -0400 - - [client] add GPG_NO_SIGNING_PW to --save-rc-stanza functionality - - client/config_init.c | 9 ++++++--- - 1 file changed, 6 insertions(+), 3 deletions(-) - -commit afd6f6b23c1f1b8906ae4eebe87f110a602c9d76 -Author: Franck Joncourt -Date: Thu Jun 20 23:33:04 2013 +0200 - - Interim commit to add a VERBOSE variable to fwknopd. - - client/config_init.c | 3 +++ - server/cmd_opts.h | 1 + - server/config_init.c | 21 ++++++++++++++++++--- - server/fwknopd_common.h | 1 + - 4 files changed, 23 insertions(+), 3 deletions(-) - -commit 1d17c4093bbd0ae15808a8c3ffbf9f9811e31071 -Author: Michael Rash -Date: Wed Jun 19 23:47:04 2013 -0400 - - added fwknoprc gpg signing pw test conf files to Makefile.am - - Makefile.am | 2 ++ - 1 file changed, 2 insertions(+) - -commit 68acbaadc407b10d973f1157f9638088d620ea98 -Author: Michael Rash -Date: Wed Jun 19 23:42:58 2013 -0400 - - remove newline chars from log_msg() calls - - client/config_init.c | 14 ++++++++-- - client/fwknop.c | 2 +- - client/http_resolve_host.c | 2 +- - client/spa_comm.c | 4 +-- - client/utils.c | 3 +- - server/access.c | 69 ++++++++++++++++++++++++++++++---------------- - server/config_init.c | 36 ++++++++++++------------ - server/fw_util_ipf.c | 3 +- - server/fw_util_ipfw.c | 26 +++++++++-------- - server/fw_util_iptables.c | 17 ++++++------ - server/fw_util_pf.c | 5 ++-- - server/fwknopd.c | 8 +++--- - server/incoming_spa.c | 7 +++-- - server/log_msg.c | 2 +- - server/pcap_capture.c | 10 +++---- - server/replay_cache.c | 6 ++-- - server/tcp_server.c | 2 +- - server/utils.c | 10 +++---- - 18 files changed, 132 insertions(+), 94 deletions(-) - -commit 13626a2a749046771268dc5b1be3431fc03ffa7d -Author: Michael Rash -Date: Wed Jun 19 23:41:37 2013 -0400 - - [test suite] added tests for KEY synonym GPG_SIGNING_PW - - test/conf/fwknoprc_gpg_signing_pw | 2 ++ - test/conf/fwknoprc_named_gpg_signing_pw | 7 ++++++ - test/test-fwknop.pl | 2 ++ - test/tests/basic_operations.pl | 4 ++-- - test/tests/gpg.pl | 40 +++++++++++++++++++++++++++++++++ - test/tests/gpg_no_pw.pl | 2 +- - 6 files changed, 54 insertions(+), 3 deletions(-) - -commit 54c26ede6e250e19667aff6f9c4d6da5bff31d7e -Author: Michael Rash -Date: Wed Jun 19 23:38:37 2013 -0400 - - [libfko] defensive coding update to quiet minor CLANG static analyzer false positives - - lib/cipher_funcs.c | 3 +++ - lib/fko_encryption.c | 10 +++++++--- - 2 files changed, 10 insertions(+), 3 deletions(-) - -commit e3a2289d70f79b0527bad40bc674090cdfeee9d0 -Author: Michael Rash -Date: Wed Jun 19 23:37:19 2013 -0400 - - [client] man page update to include GPG_SIGNING_PW synonym for KEY variable in GPG mode - - client/fwknop.8.in | 18 ++++++++++++++++-- - doc/fwknop.man.asciidoc | 11 +++++++++++ - 2 files changed, 27 insertions(+), 2 deletions(-) - -commit a2d16f8c5ee53360d95579c7640a0ff3967d4a69 -Author: Michael Rash -Date: Tue Jun 18 23:12:42 2013 -0400 - - [test suite] minor permission modification update to use %cf hash - - test/test-fwknop.pl | 10 ++++++---- - 1 file changed, 6 insertions(+), 4 deletions(-) - -commit 13173343ee0a4797abfba868117fe08fe3a10b92 -Author: Michael Rash -Date: Tue Jun 18 22:51:22 2013 -0400 - - [client] add GPG_ALLOW_NO_SIGNING_PW and --gpg-no-signing-pw - - This change brings similar functionality to the client as the GPG_ALLOW_NO_PW - keyword in the server access.conf file. Although this option is less likely - to be used than the analogous server functionality, it stands to reason that - the client should offer this feature. The test suite has also been updated to - not use the --get-key option for the 'no password' GPG tests. - - client/cmd_opts.h | 2 + - client/config_init.c | 110 +++++++++++++++++++++++++++++++++--------------- - client/fwknop.8.in | 13 +++++- - client/fwknop.c | 23 +++++----- - client/fwknop_common.h | 1 + - doc/fwknop.man.asciidoc | 6 +++ - test/test-fwknop.pl | 6 +++ - test/tests/gpg_no_pw.pl | 61 ++++++++++----------------- - 8 files changed, 135 insertions(+), 87 deletions(-) - -commit 21dc87ace5f34637e4fb130910793694a1c39d1f -Author: Michael Rash -Date: Tue Jun 18 22:50:10 2013 -0400 - - [test suite] bug fix for missing file permission mods noticed by Franck - - test/test-fwknop.pl | 13 +++++++------ - 1 file changed, 7 insertions(+), 6 deletions(-) - -commit 2014cf767a4f2aa9e87e0b4de47a1b60fa257e3d -Merge: afbf6d5 5667d8e -Author: Michael Rash -Date: Tue Jun 18 22:48:33 2013 -0400 - - Merge remote-tracking branch 'fjoncourt/master' - - New strategy for log_module from Franck, closes #89 - -commit 5667d8e151397955e25817f47dc42463a6397225 -Author: Franck Joncourt -Date: Tue Jun 18 22:12:41 2013 +0200 - - Fixed default verbosity to LOG_NOTICE rather than LOG_WARNING. - - server/log_msg.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -commit 2cc1ac65bc05d3a7fb8ffae60f8556e74665bc19 -Author: Franck Joncourt -Date: Mon Jun 17 12:31:07 2013 +0200 - - Replaced some uses of *fprintf(stderr* by *log_msg(LOG_ERR* in config_init.c - - server/config_init.c | 30 +++++++++++++++--------------- - 1 file changed, 15 insertions(+), 15 deletions(-) - -commit f418bc21872e7c34651bb4c4d2e3f6efccf395a1 -Merge: 57cf6dc b0c9ed5 -Author: Franck Joncourt -Date: Sun Jun 16 22:28:26 2013 +0200 - - Merge remote-tracking branch 'upstream/master' - -commit 57cf6dc4727703dedb3ff9ce489ce43201896ea2 -Author: Franck Joncourt -Date: Sun Jun 16 22:16:41 2013 +0200 - - s/fprintf(stderr/log_msg(LOG_ERR/ - - server/access.c | 120 +++++++++++++++++++++++----------------------- - server/fw_util_ipf.c | 2 +- - server/fw_util_ipfw.c | 14 +++--- - server/fw_util_iptables.c | 8 ++-- - server/fw_util_pf.c | 2 +- - server/fwknopd.c | 9 ++-- - server/replay_cache.c | 15 +++--- - server/utils.c | 10 ++-- - 8 files changed, 89 insertions(+), 91 deletions(-) - -commit 84f870494941aed8549e302f2736d46a4f3eef37 -Author: Franck Joncourt -Date: Sun Jun 16 21:24:37 2013 +0200 - - Fix static_log_flag in the log_module. - - server/log_msg.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -commit 935565cd90d1cf0f8f2c2e9a435ec4e5b500348b -Author: Franck Joncourt -Date: Sun Jun 16 21:16:25 2013 +0200 - - Fix log_msg(). - - * Added new constant LOG_WITHOUT_SYSLOG to be able to print messages to - stderr only. - * Renamed LOG_STDERR_MASK as LOG_VERBOSITY_MASK for a better understanding. - - server/log_msg.c | 21 +++++++++++---------- - server/log_msg.h | 7 ++++--- - 2 files changed, 15 insertions(+), 13 deletions(-) - -commit b48295c69b2d5396689c4bf6d28a2cd70393d084 -Author: Franck Joncourt -Date: Sun Jun 16 19:12:06 2013 +0200 - - Interim commit to make the log_msg strategy. - - * log_msg : New log_set_verbosity(): It sets the default verbosity for the - log module according to the verbose option set by the user through the command - line. - * Remove useless checks of the verbose option when log_msg() is invoked. - - server/fw_util_ipfw.c | 74 +++++++++++++++++------------------------- - server/fw_util_iptables.c | 82 ++++++++++++++++++----------------------------- - server/fwknopd.c | 15 +++++---- - server/incoming_spa.c | 24 ++++++-------- - server/log_msg.c | 21 ++++++++++++ - server/log_msg.h | 3 ++ - server/pcap_capture.c | 2 +- - 7 files changed, 103 insertions(+), 118 deletions(-) - -commit afbf6d51c02f2148a96d20f447ede9c27bb0dcfa -Author: Michael Rash -Date: Sun Jun 16 08:27:29 2013 -0400 - - [client] minor man page backwards compatibility update to include better examples - - client/fwknop.8.in | 32 +++++++++++++++++++++++++++++--- - doc/fwknop.man.asciidoc | 28 ++++++++++++++++++++++++++-- - 2 files changed, 55 insertions(+), 5 deletions(-) - -commit b0c9ed52ba32da6e9514f74a4037f03c3539f793 -Author: Michael Rash -Date: Sat Jun 15 21:20:39 2013 -0400 - - [test suite] bug fix for proper replay attack regex searching of test output, added several replay attack tests - - test/test-fwknop.pl | 4 +--- - test/tests/gpg.pl | 14 ++++++------ - test/tests/gpg_hmac.pl | 18 +++++++++++++-- - test/tests/gpg_no_pw.pl | 19 +++++++++++++--- - test/tests/gpg_no_pw_hmac.pl | 18 ++++++++++++--- - test/tests/rijndael_hmac.pl | 42 +++++++++++++++++++++++++++++++++++ - test/tests/rijndael_replay_attacks.pl | 11 ++++----- - 7 files changed, 103 insertions(+), 23 deletions(-) - -commit 8155cf33315d1bb4a8827ed87d8e12a226c0bec6 -Author: Michael Rash -Date: Thu Jun 13 21:23:59 2013 -0400 - - [server] ensure 'Rule added' log messages are generated when create_rule() is called - - server/fw_util_iptables.c | 36 +++++++++++++++++------------------- - 1 file changed, 17 insertions(+), 19 deletions(-) - -commit c23d2d644f1ef116822fa418a2971a55c87210a7 -Author: Michael Rash -Date: Thu Jun 13 21:22:58 2013 -0400 - - minor typo and format fixes - - server/fwknopd.c | 2 +- - server/replay_cache.c | 4 +++- - 2 files changed, 4 insertions(+), 2 deletions(-) - -commit 1341601a663725896324aeb30d90e519e0648b71 -Author: Michael Rash -Date: Thu Jun 13 21:21:40 2013 -0400 - - [server] when log_msg() is called fflush() output to stderr (when stderr is used) - - server/log_msg.c | 1 + - 1 file changed, 1 insertion(+) - -commit 48b2213780fda6bc02b76bd013ae30dd56030165 -Author: Michael Rash -Date: Thu Jun 13 21:20:11 2013 -0400 - - [client] truncate args save file with open() - - client/fwknop.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -commit fc8a74131bbb804a73a9b6e49371e7393459d8c5 -Author: Michael Rash -Date: Wed Jun 12 23:10:19 2013 -0400 - - [test suite] minor OS compatibility test re-order - - test/tests/os_compatibility.pl | 83 +++++++++++++++++++----------------------- - 1 file changed, 38 insertions(+), 45 deletions(-) - -commit ea0ecc8cbe9b02e481fbcabe80181ee804de0265 -Author: Michael Rash -Date: Wed Jun 12 23:09:55 2013 -0400 - - [libfko] BYTEORDER macro update to 4321 or 1234 if all other methods fail - - lib/fko_common.h | 24 +++++++++++++++--------- - 1 file changed, 15 insertions(+), 9 deletions(-) - -commit 12eab497c2ddc443cecf3248f75970ad47651f04 -Author: Michael Rash -Date: Tue Jun 11 22:01:23 2013 -0400 - - [test suite] added a few OS compatibility tests - - Makefile.am | 1 + - test/test-fwknop.pl | 9 +++ - test/tests/os_compatibility.pl | 159 +++++++++++++++++++++++++++++++++++++++++ - 3 files changed, 169 insertions(+) - -commit ef8aa2e471548126ee921aff7328385dd7e1bbc0 (tag: refs/tags/fwknop-2.5-pre2) -Author: Michael Rash -Date: Mon Jun 10 22:38:55 2013 -0400 - - [test suite] minor bug fix to add 'iptables' to custom chain test titles - - test/tests/rijndael_hmac.pl | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -commit 978ddda33773f7be96e7898fa5915ad9cf24ae9a -Author: Michael Rash -Date: Mon Jun 10 22:34:48 2013 -0400 - - bump version to 2.5-pre2 - - VERSION | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -commit ffeb285f7bf6856b2ce1c2f5bdbec0f06322f384 -Author: Michael Rash -Date: Mon Jun 10 22:27:57 2013 -0400 - - [libfko] handle endian detection on PPC (and other) systems - - Blair Zajac contributed a patch to handle endian detection on PPC systems - and issue a compile time error if it cannot be determined. This commit affects - the BYTEORDER macro. - - CREDITS | 6 ++++++ - lib/fko_common.h | 18 ++++++++++++++++-- - 2 files changed, 22 insertions(+), 2 deletions(-) - -commit 5c7f5f1b0ba7d5241edb944c3bb024d610839c8b -Author: Michael Rash -Date: Mon Jun 10 21:45:26 2013 -0400 - - [libfko] use local strndup() if autoconf HAVE_STRNDUP not defined - - Blair Zajac reported that strndup() is not available on some PPC systems, so - this commit switches to use the local lib/fko_util.c implementation similarly - to what is done for Windows systems. - - lib/fko_util.c | 4 ++-- - lib/fko_util.h | 2 +- - 2 files changed, 3 insertions(+), 3 deletions(-) - -commit 63ecfd54f280fe4888af3777bc05249e92561226 -Author: Michael Rash -Date: Mon Jun 10 21:21:52 2013 -0400 - - added missing test suite conf/ files to Makefile.am - - Makefile.am | 5 +++++ - 1 file changed, 5 insertions(+) - -commit f9df2f6ecaa3bb8b63139ac77e26f9db9fd43011 -Author: Michael Rash -Date: Mon Jun 10 21:18:37 2013 -0400 - - [test suite] additional --save-rc-stanza tests for vars not printed in fwknop client decode output - - test/test-fwknop.pl | 79 +++++++++++++++++++++++++++++++----------- - test/tests/basic_operations.pl | 78 +++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 136 insertions(+), 21 deletions(-) - -commit 0c19e5170a9ec5d2f0dfd943e05df514eb26684b -Author: Michael Rash -Date: Mon Jun 10 21:16:33 2013 -0400 - - [test suite] added backwards compatibility tests with a dual usage key in access.conf - - Makefile.am | 1 + - test/conf/dual_key_legacy_iv_access.conf | 10 +++++++ - test/test-fwknop.pl | 13 +++++++++ - test/tests/rijndael_backwards_compatibility.pl | 37 ++++++++++++++++++++++++++ - 4 files changed, 61 insertions(+) - -commit a3e06966b51b5a934af40351e4dd647201e31eb4 -Author: Michael Rash -Date: Mon Jun 10 21:14:09 2013 -0400 - - [client] minor man page wording update for backwards compatibility section - - client/fwknop.8.in | 6 +++--- - doc/fwknop.man.asciidoc | 6 +++--- - 2 files changed, 6 insertions(+), 6 deletions(-) - -commit 46dadecf5a0cc4b8722131dc71a0a148158ab7a3 -Author: Michael Rash -Date: Sun Jun 9 16:00:46 2013 -0400 - - [client] minor man page tweak to use rc VERBOSE bool value (which is the default now) - - client/fwknop.8.in | 2 +- - doc/fwknop.man.asciidoc | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -commit 056fd44c2416676d055e0232af22abfd59a8abbb -Author: Michael Rash -Date: Sun Jun 9 15:58:22 2013 -0400 - - [commit] default --verbose rc handling to bool Y/N values, but allow integers too when --verbose is given multiple times - - client/config_init.c | 18 +++++++++++++----- - 1 file changed, 13 insertions(+), 5 deletions(-) - -commit dbfa2579a75ec488b538b7df49440ff9d59a2b88 -Author: Michael Rash -Date: Sun Jun 9 15:57:16 2013 -0400 - - [client] minor man page tweak - - client/fwknop.8.in | 6 +++--- - doc/fwknop.man.asciidoc | 2 +- - 2 files changed, 4 insertions(+), 4 deletions(-) - -commit 88e1e0e09951122ce8749659c5381a4ec9c80cdc -Author: Michael Rash -Date: Sun Jun 9 15:27:19 2013 -0400 - - [test suite] added tests for setting gpg recipient, signer, and homedir via the client rc file - - test/conf/fwknoprc_gpg_args_hmac_key | 7 +++++++ - test/conf/fwknoprc_gpg_args_no_pw_hmac_key | 7 +++++++ - test/test-fwknop.pl | 2 ++ - test/tests/gpg_hmac.pl | 21 +++++++++++++++++---- - test/tests/gpg_no_pw_hmac.pl | 14 ++++++++++++++ - 5 files changed, 47 insertions(+), 4 deletions(-) - -commit ac587f3c6387db6bfcd051ea031dbc007278fcca -Merge: 7a1bdea 3d688a5 -Author: Michael Rash -Date: Sun Jun 9 14:33:29 2013 -0400 - - Merge branch 'master' of github.com:mrash/fwknop - -commit 7a1bdea5140de8791d22125fca8a5b6eb50619ec -Author: Michael Rash -Date: Sun Jun 9 14:28:17 2013 -0400 - - [server] fix 'Use of untrusted string value' bug found by Coverity - - This commit changes iptables policy parsing to re-use rule_exists() for fwknop - jump rule detection instead of using sscanf() against iptables policy list - output. Also, fwknop jump rules are now deleted from iptables policies in a - loop to ensure all are removed even if there are duplicates (even though this - should not happen under normal circumstances anyway). - - server/fw_util.h | 1 + - server/fw_util_iptables.c | 72 ++++++++++--------------------- - server/fw_util_iptables.h | 4 +- - test/conf/custom_input_chain_fwknopd.conf | 2 + - test/conf/custom_nat_chain_fwknopd.conf | 5 +++ - test/test-fwknop.pl | 2 + - test/tests/rijndael_hmac.pl | 37 ++++++++++++++++ - 7 files changed, 73 insertions(+), 50 deletions(-) - -commit 3d688a5a0801ce82624bdd54f5532ce844caa44a -Merge: 8b62984 e515ba4 -Author: Michael Rash -Date: Thu Jun 6 20:22:55 2013 -0700 - - Merge pull request #87 from fjoncourt/master - - Fwknop manpage update (fd and stdin command) - -commit f491c4169758a400b70ed5ccfd997a36354fe75f -Author: Michael Rash -Date: Wed Jun 5 22:33:42 2013 -0400 - - [server] minor addition of IPT_CHK_RULE_ARGS macro for iptables -C usage - - server/fw_util_iptables.c | 2 +- - server/fw_util_iptables.h | 1 + - 2 files changed, 2 insertions(+), 1 deletion(-) - -commit 866e0a95d51369f8cfc9c85baa9964b9c443adbf -Author: Michael Rash -Date: Wed Jun 5 21:46:51 2013 -0400 - - [server] minor bug fix to switch iptables comment match check to built-in INPUT chain - - server/fw_util_iptables.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -commit e515ba45feae4e562e3a62a3595f4382820751c9 -Merge: 7dec268 8b62984 -Author: Franck Joncourt -Date: Wed Jun 5 21:47:41 2013 +0200 - - Merge remote-tracking branch 'upstream/master' - - Conflicts: - client/fwknop.8.in - -commit 7dec26852a9cf63ef686332df9aede7e12695f09 -Author: Franck Joncourt -Date: Wed Jun 5 21:38:26 2013 +0200 - - Updated fwknop manpage to document both the use of stdin and fd commands. - - client/fwknop.8.in | 14 ++++++++++++-- - doc/fwknop.man.asciidoc | 10 ++++++++++ - 2 files changed, 22 insertions(+), 2 deletions(-) - -commit 17974a1c05c4ffa3ec76c60582d407ee18c7f93a -Author: Michael Rash -Date: Tue Jun 4 22:17:59 2013 -0400 - - [server] comment additions regarding Coverity low priority TOCTOU issues - - server/access.c | 14 ++++++++++++++ - server/config_init.c | 6 ++++-- - 2 files changed, 18 insertions(+), 2 deletions(-) - -commit 59eb7fcf0f0e1b1e305eca9f41a978a14872b133 -Author: Michael Rash -Date: Tue Jun 4 21:17:15 2013 -0400 - - [extras] update spa-entropy.pl script to point fwknop client in gpg mode to the no-pw homedir - - extras/spa-entropy/spa-entropy.pl | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -commit 8b629848875fbc8f2fe84e7ddd259f15a7c59d28 -Merge: 7c4beab 48a3f7a -Author: Michael Rash -Date: Mon Jun 3 21:59:26 2013 -0400 - - Merge branch 'gpgme_autoconf_macro' - - This commit adds a new m4/gpgme.m4 to allow autogen.sh to work properly when - libgpgme is not installed. Closes #72. - -commit 7c4beabea0c4be58d2e9b30bb27353cc0949df40 -Author: Michael Rash -Date: Mon Jun 3 21:45:29 2013 -0400 - - a few HMAC doc updates to the libfko.texi file - - doc/libfko.texi | 87 ++++++++++++++++++++++++++++++++++++++++++++------------- - 1 file changed, 68 insertions(+), 19 deletions(-) - -commit 69ba2d7a06556033e35cc0df5928bae39e1117d0 -Author: Michael Rash -Date: Mon Jun 3 20:54:40 2013 -0400 - - fko-wrapper update to print fko_errstr() text, and to have one successful HMAC cycle - - test/fko-wrapper/fko_wrapper.c | 113 ++++++++++++++++++++++++++--------------- - 1 file changed, 71 insertions(+), 42 deletions(-) - -commit 66399fed1a47dfac0af636cfcdde92c1aa68eb4b -Merge: e7716b4 583e1e0 -Author: Michael Rash -Date: Sun Jun 2 22:54:23 2013 -0400 - - Merge remote-tracking branch 'fjoncourt/master' - - Closes #74 - allows a passphrase to be read from STDIN or from a file descriptor - via --fd. - -commit e7716b49c6318fd242e25ddc7620560bfc6af9e2 -Author: Michael Rash -Date: Sun Jun 2 22:08:54 2013 -0400 - - [test suite] minor bug fix to include the new legacy long key file in Makefile.am - - Makefile.am | 1 + - 1 file changed, 1 insertion(+) - -commit 164888e075a671d3df6185b0e2b67ceb0f166518 -Author: Michael Rash -Date: Sun Jun 2 21:19:19 2013 -0400 - - [test suite] added backwards compatibility test for truncated keys longer > 16 chars - - test/conf/legacy_iv_long_key_access.conf | 4 ++++ - test/test-fwknop.pl | 1 + - test/tests/rijndael_backwards_compatibility.pl | 27 ++++++++++++++++++++++++++ - 3 files changed, 32 insertions(+) - -commit 583e1e02c77ae975c1b5bee8926206de78f66650 -Merge: 9fce10a 1c8d247 -Author: Franck Joncourt -Date: Sun Jun 2 21:54:25 2013 +0200 - - Merge remote-tracking branch 'upstream/master' - - Conflicts: - client/config_init.c - -commit 9fce10abd8d37bc1bd58dfda05b82450d5ff343e -Author: Franck Joncourt -Date: Sun Jun 2 21:36:17 2013 +0200 - - Adding support for reading encryption/key password from a file descriptor. - - * Added tests to the test suite. - * Updated the usage message. - * Fixed the password functions. - - reference : mrash/fwknop#74 - - client/config_init.c | 24 ++++++++++++++---------- - client/getpasswd.c | 32 +++++++++++++++++++------------- - client/utils.h | 3 +++ - test/test-fwknop.pl | 1 + - test/tests/basic_operations.pl | 12 ++++++++++-- - test/tests/rijndael.pl | 26 ++++++++++++++++++++++++++ - 6 files changed, 73 insertions(+), 25 deletions(-) - -commit 2874205d05c7d51e38b653746f87760f6fd4bd7a -Author: Michael Rash -Date: Sun Jun 2 14:50:37 2013 -0400 - - started on libfko.texi function prototype and FKO error code documentation updates - - doc/libfko.texi | 27 ++++++++++++++++++++++----- - 1 file changed, 22 insertions(+), 5 deletions(-) - -commit 491e25a6bdc4be4058eb79d4af17d92d3ad19bd4 -Author: Michael Rash -Date: Sun Jun 2 14:29:37 2013 -0400 - - restored the NEWS file since autoconf seems to need it - - NEWS | 65 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 65 insertions(+) - -commit 382099e85aa0ca18b2d52ca422ac3faa819e4999 -Author: Michael Rash -Date: Sun Jun 2 14:07:01 2013 -0400 - - Updated copyright dates, removed NEWS file in favor of the ChangeLog - - AUTHORS | 2 +- - NEWS | 38 --------------------------------- - android/project/jni/fwknop/fko.h | 2 +- - android/project/jni/fwknop/fko_limits.h | 2 +- - client/cmd_opts.h | 2 +- - client/config_init.c | 2 +- - client/config_init.h | 2 +- - client/fwknop.c | 2 +- - client/fwknop.h | 2 +- - client/fwknop_common.h | 2 +- - client/getpasswd.c | 2 +- - client/getpasswd.h | 2 +- - client/http_resolve_host.c | 2 +- - client/log_msg.c | 2 +- - client/log_msg.h | 2 +- - client/spa_comm.c | 2 +- - client/spa_comm.h | 2 +- - client/utils.c | 2 +- - client/utils.h | 2 +- - common/common.h | 2 +- - common/netinet_common.h | 2 +- - iphone/Classes/libfwknop/fko_common.b | 2 +- - lib/base64.c | 2 +- - lib/base64.h | 2 +- - lib/cipher_funcs.c | 2 +- - lib/cipher_funcs.h | 2 +- - lib/digest.c | 2 +- - lib/digest.h | 2 +- - lib/fko.h | 2 +- - lib/fko_client_timeout.c | 2 +- - lib/fko_common.h | 2 +- - lib/fko_context.h | 2 +- - lib/fko_decode.c | 2 +- - lib/fko_digest.c | 2 +- - lib/fko_encode.c | 2 +- - lib/fko_encryption.c | 2 +- - lib/fko_error.c | 2 +- - lib/fko_funcs.c | 2 +- - lib/fko_limits.h | 2 +- - lib/fko_message.c | 2 +- - lib/fko_nat_access.c | 2 +- - lib/fko_rand_value.c | 2 +- - lib/fko_server_auth.c | 2 +- - lib/fko_state.h | 2 +- - lib/fko_timestamp.c | 2 +- - lib/fko_user.c | 2 +- - lib/fko_util.h | 2 +- - lib/gpgme_funcs.c | 2 +- - lib/gpgme_funcs.h | 2 +- - server/access.c | 2 +- - server/access.h | 2 +- - server/cmd_opts.h | 2 +- - server/config_init.c | 2 +- - server/config_init.h | 2 +- - server/extcmd.c | 2 +- - server/extcmd.h | 2 +- - server/fw_util.c | 2 +- - server/fw_util.h | 2 +- - server/fw_util_ipf.c | 2 +- - server/fw_util_ipf.h | 2 +- - server/fw_util_ipfw.c | 2 +- - server/fw_util_ipfw.h | 2 +- - server/fw_util_iptables.c | 2 +- - server/fw_util_iptables.h | 2 +- - server/fw_util_pf.h | 2 +- - server/fwknopd.c | 2 +- - server/fwknopd.h | 2 +- - server/fwknopd_common.h | 2 +- - server/fwknopd_errors.c | 2 +- - server/fwknopd_errors.h | 2 +- - server/incoming_spa.c | 2 +- - server/incoming_spa.h | 2 +- - server/log_msg.c | 2 +- - server/log_msg.h | 2 +- - server/pcap_capture.c | 2 +- - server/pcap_capture.h | 2 +- - server/process_packet.c | 2 +- - server/process_packet.h | 2 +- - server/replay_cache.c | 2 +- - server/replay_cache.h | 2 +- - server/sig_handler.c | 2 +- - server/sig_handler.h | 2 +- - server/tcp_server.c | 2 +- - server/tcp_server.h | 2 +- - server/utils.c | 2 +- - server/utils.h | 2 +- - 86 files changed, 85 insertions(+), 123 deletions(-) - -commit 1b41e606a7cd69c7a66da37c3aa78806a8f9efe5 -Author: Michael Rash -Date: Sun Jun 2 13:51:25 2013 -0400 - - Added backwards compatibility section to the client man page - - Added backwards compatibility section and new material on a 'quick start' - subsection for the EXAMPLES section. - - client/fwknop.8.in | 128 +++++++++++++++++++++++++++++-------- - doc/fwknop.man.asciidoc | 163 +++++++++++++++++++++++++++++++++++++++--------- - 2 files changed, 234 insertions(+), 57 deletions(-) - -commit 1c8d247887cae8979f7381b5808aa2b4e50e8b07 -Author: Michael Rash -Date: Sat Jun 1 22:30:29 2013 -0400 - - ChangeLog update to mention the constant_runtime_cmp() change - - CREDITS | 2 +- - ChangeLog | 8 ++++++++ - 2 files changed, 9 insertions(+), 1 deletion(-) - -commit af88af3e512c3b61b6f1a8bf2a3657df44ae92ad -Merge: b95292e 54872ac -Author: Michael Rash -Date: Sat Jun 1 22:23:35 2013 -0400 - - Merge branch 'hmac_timing_bug_fix' - - Fixes #85 - -commit b95292ef906df0310728c7455c2599711fae1b7d -Author: Michael Rash -Date: Sat Jun 1 22:10:32 2013 -0400 - - added fwknopd man page blurb for the ENABLE_PCAP_ANY_DIRECTION variable - - doc/fwknopd.man.asciidoc | 11 +++++++++++ - server/fwknopd.8.in | 9 +++++++-- - 2 files changed, 18 insertions(+), 2 deletions(-) - -commit 54872acfc34542d4ab800d4126a153854228cf11 (refs/remotes/web/hmac_timing_bug_fix, refs/heads/hmac_timing_bug_fix) -Author: Michael Rash -Date: Sat Jun 1 21:55:45 2013 -0400 - - Convert strncmp() calls to constant_runtime_cmp() at various places - - This commit is a follow up to Ryman's report (#85) of a potential timing attack - that could be leveraged against fwknop when strncmp() is used to compare HMAC - digests. All strncmp() calls that do similar things have been replaced with a - new constant_runtime_cmp() function that mitigates this problem. - - lib/cipher_funcs.c | 8 ++++---- - lib/fko_decode.c | 2 +- - lib/fko_hmac.c | 31 +++---------------------------- - lib/fko_util.c | 27 +++++++++++++++++++++++++++ - lib/fko_util.h | 1 + - server/incoming_spa.c | 6 +++--- - server/replay_cache.c | 3 ++- - 7 files changed, 41 insertions(+), 37 deletions(-) - -commit f3af0d48c5806c89fbc3a5ad35fe5dfabde6f645 -Author: Franck Joncourt -Date: Sat Jun 1 23:14:56 2013 +0200 - - Interim commit to be able to load key from file descriptor (fd 0 for example). - - client/config_init.c | 7 ++++--- - client/fwknop_common.h | 3 ++- - client/getpasswd.c | 52 +++++++++++++++++++++++++++++++------------------- - client/getpasswd.h | 2 +- - 4 files changed, 39 insertions(+), 25 deletions(-) - -commit 6706c539023f9a2dec1aed94f6e18ae1e7877c84 (refs/remotes/origin/hmac_timing_bug_fix) -Author: Michael Rash -Date: Sat Jun 1 09:09:17 2013 -0400 - - [libfko] HMAC comparison timing bug fix - - Ryman reported a timing attack bug in the HMAC comparison operation (#85) and - suggested a fix derived from YaSSL: - http://www.mail-archive.com/debian-bugs-rc@lists.debian.org/msg320402.html - - CREDITS | 5 +++++ - lib/fko_hmac.c | 28 +++++++++++++++++++++++++++- - 2 files changed, 32 insertions(+), 1 deletion(-) - -commit 0f0f73636f1a4c9292f01b1a2669e73984ec4d20 -Author: Michael Rash -Date: Fri May 31 23:19:48 2013 -0400 - - [server] minor update to rename PCAP_ANY_DIRECTION -> ENABLE_PCAP_ANY_DIRECTION - - server/cmd_opts.h | 6 +++--- - server/config_init.c | 2 +- - server/fwknopd.conf | 2 +- - server/fwknopd_common.h | 4 ++-- - 4 files changed, 7 insertions(+), 7 deletions(-) - -commit 9b2cd9e2e50ebbaed18e5cc86d302e3bfeb65b14 -Author: Michael Rash -Date: Fri May 31 23:01:47 2013 -0400 - - [client] allow -D to be used in --save-rc-stanza mode if -n is not given - - This change simplifies the fwknop client usage by allowing the -D argument to - be used as the stanza name if -n is not also specified in --save-rc-stanza - mode. - - client/config_init.c | 17 +++++++++++------ - client/fwknop.8.in | 6 +++++- - doc/fwknop.man.asciidoc | 4 +++- - 3 files changed, 19 insertions(+), 8 deletions(-) - -commit 32a6d05cdba45ac2f007450df6193ec9d3259548 -Author: Michael Rash -Date: Fri May 31 22:47:06 2013 -0400 - - added HMAC digests section to libfko info doc - - doc/libfko.texi | 86 +++++++++++++++++++++++++++++++++++++++++---------------- - 1 file changed, 62 insertions(+), 24 deletions(-) - -commit 9cbb80d434eec1d90e40f0954fbe6be8cf9f69f1 -Author: Michael Rash -Date: Fri May 31 21:36:49 2013 -0400 - - update man page in client/server directories to the latest - - client/fwknop.8.in | 114 ++++++++++++++++++++++++++++------------------------ - server/fwknopd.8.in | 18 +++++++-- - 2 files changed, 77 insertions(+), 55 deletions(-) - -commit b4171fe90cd0198d8fc84e21ab8ddeb52139e5be -Author: Michael Rash -Date: Thu May 30 22:50:29 2013 -0400 - - [test suite] minor update to reduce logging noise in valgrind comparison test - - test/test-fwknop.pl | 6 +----- - 1 file changed, 1 insertion(+), 5 deletions(-) - -commit b5c81468232ca5b171611af3e09fb418298054d1 -Author: Michael Rash -Date: Thu May 30 22:42:13 2013 -0400 - - minor configure.ac typo fix for --help output + bumped version to 2.5.1 configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -commit 1e775350682b906d4c96e1a1a31f41dd5d578779 +commit 694fb39a85e29128781c01bbdcb1faabfb0df8ec Author: Michael Rash -Date: Thu May 30 22:26:09 2013 -0400 +Date: Thu Jul 25 20:33:19 2013 -0400 - minor documentation updates - - doc/fwknop.man.asciidoc | 40 +++++++++++++++++++++++----------------- - doc/libfko.texi | 23 ++++++++++++++--------- - 2 files changed, 37 insertions(+), 26 deletions(-) - -commit 0504627c2e2fd06ac94c7cdd823f82b22e4354c2 -Author: Michael Rash -Date: Thu May 30 22:03:11 2013 -0400 - - [client] don't print keys to stdout in --save-rc-stanza --key-gen mode - - This is a minor commit to not print keys to stdout when both --save-rc-stanza - and --key-gen are set on the command line. - - client/config_init.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++-- - client/fwknop.c | 32 +------------------------------ - 2 files changed, 52 insertions(+), 33 deletions(-) - -commit 0001b37f44f3e61af8cab32cdc378d84932bacf7 -Merge: 478f866 6d9f840 -Author: Michael Rash -Date: Wed May 29 18:53:08 2013 -0400 - - Merge remote-tracking branch 'fjoncourt/save_rc_stanza' - - This set of fixes from Franck allows for much better --save-rc-stanza - functionality - new SPA keys can automatically be saved to the fwknoprc - file when --key-gen and --save-rc-stanza are given, keys aren't overwritten - upon updating the arguments for an existing stanza, and more. - - Conflicts: - client/config_init.c - -commit 6d9f840ab7599603ba279d7c7abdb630c4728d04 (refs/remotes/fjoncourt/save_rc_stanza) -Author: Franck Joncourt -Date: Wed May 29 14:06:57 2013 +0200 - - The -R command line switch is now handled in fwknoprc as RESOLVE_IP_HTTP variable. - - client/config_init.c | 15 ++++++++++++++- - 1 file changed, 14 insertions(+), 1 deletion(-) - -commit cf6cb01f671859f1ded102faed885e17c5bcf323 -Author: Franck Joncourt -Date: Wed May 29 12:19:56 2013 +0200 - - Fixed ask_overwrite(). Generated keys are now stored in fwknoprc. - - * ask_overwrite() : when the user inputs more than one char when prompted, - a second call to the function does not take the second char anymore. - We parse all of the chars until we reach an LF char and discard all of them - except the first one. - The overwrite is requested only when the user sets 'y', if there is anything - else we asssume 'N'. - - * When -k is used on the command line along with the --save-rc-stanza, the - generated keys are also written in the stanza in fwknoprc. - - client/config_init.c | 82 +++++++++++++++++++++++++++++++++++++++++++++++----- - client/fwknop.c | 13 --------- - 2 files changed, 74 insertions(+), 21 deletions(-) - -commit 82caa9a6a97ea633f15f75bb887168e4d6e14ded -Author: Franck Joncourt -Date: Tue May 28 17:14:36 2013 +0200 - - The variables are now stored in a hash (variable name and position) rather than - an array containing only their name. It is now possible to sort them without - worrying about their position in the enumeration. - - Improve variable naming for a better understanding (var_ndx becomes var_pos). - - client/config_init.c | 314 +++++++++++++++++++++++++++++---------------------- - 1 file changed, 177 insertions(+), 137 deletions(-) - -commit dedc4bc8aa10638b6f928a55e228374cd4d9f14d -Author: Franck Joncourt -Date: Mon May 27 18:18:47 2013 +0200 - - Interim commit to handle bitmask with more than 32 positions. - - client/config_init.c | 309 ++++++++++++++++++++++++++++++++++----------------- - 1 file changed, 207 insertions(+), 102 deletions(-) - -commit cc07d10d733c4ddc542de4726a9a09c67fed2af7 -Author: Franck Joncourt -Date: Sat May 25 21:56:01 2013 +0200 - - Set command line argument bitmask as a 64-bits value to be able to handle more arguments. - - Interim commit to add the VERBOSE variable to be stored in the fwknoprc file when - -v is used with --save-rc-stanza. The VERBOSE variable is also read by fwknop - and the verbosity level is set accordingly. - - client/config_init.c | 31 +++++++++++++++++++++++-------- - client/log_msg.h | 2 ++ - 2 files changed, 25 insertions(+), 8 deletions(-) - -commit 478f86669c62347d0e82f8a3df0211c275a40227 -Author: Michael Rash -Date: Thu May 23 22:29:41 2013 -0400 - - minor Makefile.am update to set permissions on access.conf.inst and fwknopd.conf.inst files - - Makefile.am | 6 ++++++ - 1 file changed, 6 insertions(+) - -commit 67f96dc3d4ddee424952ec9dbf62ea24e584dee5 -Author: Michael Rash -Date: Thu May 23 22:10:34 2013 -0400 - - [client] minor fix to set -R mode with a resolve URL is also set - - The command line arg validation function also checks this. - - client/config_init.c | 1 + - 1 file changed, 1 insertion(+) - -commit b9bd984768e1f48ac35a0064098ec0f32b42438c -Author: Michael Rash -Date: Thu May 23 22:02:43 2013 -0400 - - [test suite] bug fix on FreeBSD to just run the server for the active/expire sets not equal test - - test/tests/rijndael.pl | 9 ++++----- - 1 file changed, 4 insertions(+), 5 deletions(-) - -commit 9a21bc11ba430312e121444d126ad8cc4aab9bb7 -Author: Michael Rash -Date: Wed May 22 21:21:59 2013 -0400 - - [server] update access.conf comments to conform to no trailing semicolon or colon within the variable name - - server/access.conf | 51 ++++++++++++++++++++++++++------------------------- - 1 file changed, 26 insertions(+), 25 deletions(-) - -commit 3bc28305c39ec58f36847bc060edc7debca67d17 -Author: Michael Rash -Date: Wed May 22 21:20:42 2013 -0400 - - minor client man page wording update - - doc/fwknop.man.asciidoc | 19 ++++++++++--------- - 1 file changed, 10 insertions(+), 9 deletions(-) - -commit 47d235f4feba6ecc32b842a6a28ed7da2329cdd8 -Author: Michael Rash -Date: Tue May 21 22:12:03 2013 -0400 - - [test suite] minor formatting update to access.conf files to mimic fwknoprc vars (no colon or trailing semicolon) - - test/conf/android_access.conf | 6 +++--- - test/conf/android_legacy_iv_access.conf | 8 ++++---- - test/conf/base64_key_access.conf | 6 +++--- - test/conf/cfb_mode_access.conf | 8 ++++---- - test/conf/cmd_access.conf | 8 ++++---- - test/conf/ctr_mode_access.conf | 8 ++++---- - test/conf/default_access.conf | 6 +++--- - test/conf/dual_key_usage_access.conf | 16 +++++++-------- - test/conf/ecb_mode_access.conf | 8 ++++---- - test/conf/expired_epoch_stanza_access.conf | 8 ++++---- - test/conf/expired_stanza_access.conf | 8 ++++---- - test/conf/force_nat_access.conf | 8 ++++---- - test/conf/future_expired_stanza_access.conf | 8 ++++---- - test/conf/fuzzing_open_ports_access.conf | 8 ++++---- - test/conf/fuzzing_restrict_ports_access.conf | 10 +++++----- - test/conf/fuzzing_source_access.conf | 8 ++++---- - test/conf/gpg_access.conf | 14 ++++++------- - test/conf/gpg_hmac_access.conf | 16 +++++++-------- - test/conf/gpg_no_pw_access.conf | 12 +++++------ - test/conf/gpg_no_pw_hmac_access.conf | 16 +++++++-------- - test/conf/hmac_access.conf | 8 ++++---- - test/conf/hmac_dual_key_usage_access.conf | 22 ++++++++++---------- - test/conf/hmac_equal_keys_access.conf | 30 ++++++++++++++-------------- - test/conf/hmac_force_nat_access.conf | 10 +++++----- - test/conf/hmac_get_key_access.conf | 8 ++++---- - test/conf/hmac_invalid_type_access.conf | 10 +++++----- - test/conf/hmac_md5_access.conf | 10 +++++----- - test/conf/hmac_md5_long_key_access.conf | 10 +++++----- - test/conf/hmac_md5_short_key_access.conf | 10 +++++----- - test/conf/hmac_no_b64_access.conf | 8 ++++---- - test/conf/hmac_no_b64_cygwin_access.conf | 8 ++++---- - test/conf/hmac_sha1_access.conf | 10 +++++----- - test/conf/hmac_sha1_long_key_access.conf | 10 +++++----- - test/conf/hmac_sha1_short_key_access.conf | 10 +++++----- - test/conf/hmac_sha256_access.conf | 10 +++++----- - test/conf/hmac_sha256_long_key_access.conf | 10 +++++----- - test/conf/hmac_sha256_open_ports_access.conf | 12 +++++------ - test/conf/hmac_sha256_short_key_access.conf | 10 +++++----- - test/conf/hmac_sha384_access.conf | 10 +++++----- - test/conf/hmac_sha384_long_key_access.conf | 10 +++++----- - test/conf/hmac_sha384_short_key_access.conf | 10 +++++----- - test/conf/hmac_sha512_access.conf | 10 +++++----- - test/conf/hmac_sha512_long_key_access.conf | 10 +++++----- - test/conf/hmac_sha512_short_key2_access.conf | 10 +++++----- - test/conf/hmac_sha512_short_key_access.conf | 10 +++++----- - test/conf/hmac_simple_keys_access.conf | 8 ++++---- - test/conf/invalid_expire_access.conf | 8 ++++---- - test/conf/invalid_source_access.conf | 12 +++++------ - test/conf/ip_source_match_access.conf | 6 +++--- - test/conf/legacy_iv_access.conf | 8 ++++---- - test/conf/mismatch_open_ports_access.conf | 8 ++++---- - test/conf/mismatch_user_access.conf | 8 ++++---- - test/conf/multi_gpg_access.conf | 14 ++++++------- - test/conf/multi_gpg_no_pw_access.conf | 14 ++++++------- - test/conf/multi_source_match_access.conf | 6 +++--- - test/conf/multi_stanzas_access.conf | 24 +++++++++++----------- - test/conf/no_multi_source_match_access.conf | 6 +++--- - test/conf/no_source_match_access.conf | 6 +++--- - test/conf/no_subnet_source_match_access.conf | 6 +++--- - test/conf/ofb_mode_access.conf | 8 ++++---- - test/conf/open_ports_access.conf | 8 ++++---- - test/conf/require_src_access.conf | 10 +++++----- - test/conf/require_user_access.conf | 8 ++++---- - test/conf/subnet_source_match_access.conf | 6 +++--- - 64 files changed, 321 insertions(+), 319 deletions(-) - -commit cfbbac2654fd59f74334976292380deaade1ffe3 -Author: Michael Rash -Date: Tue May 21 22:10:13 2013 -0400 - - man page updates - access.conf section now includes variable guidance - - client/fwknop.8.in | 78 ++++++++++++++++----- - doc/fwknop.man.asciidoc | 115 +++++++++++++++++-------------- - doc/fwknopd.man.asciidoc | 170 +++++++++++++++++++++++++++------------------- - server/fwknopd.8.in | 171 +++++++++++++++++++++++++++-------------------- - 4 files changed, 324 insertions(+), 210 deletions(-) - -commit 52462e7dbaa8b525f986f43524549ead36e09325 -Author: Michael Rash -Date: Tue May 21 22:00:15 2013 -0400 - - Use {0} initializer for all stack allocated char arrays - - Lots of places in the code were already using {0} to initialize stack char - arrays, but memset() was being used as well. This commit removes all - unnecessary memset() calls against char arrays that are already initialized - via {0} (which sets all members to zero for such arrays). - - client/config_init.c | 48 ++++++++++++++++++++-------------------------- - client/fwknop.c | 25 ++++++++---------------- - client/getpasswd.c | 2 -- - client/http_resolve_host.c | 2 +- - client/spa_comm.c | 6 +++--- - lib/cipher_funcs.c | 13 ++++--------- - lib/fko_hmac.c | 2 -- - lib/hmac.c | 13 ------------- - server/access.c | 18 ++++++++--------- - server/config_init.c | 4 ++-- - server/extcmd.c | 2 +- - server/fw_util_ipf.c | 4 ++-- - server/fw_util_ipfw.c | 4 ++-- - server/fw_util_iptables.c | 14 +++++++------- - server/fw_util_pf.c | 10 +++++----- - server/fwknopd_common.h | 9 +++++---- - server/incoming_spa.c | 2 +- - server/replay_cache.c | 6 +++--- - server/tcp_server.c | 2 +- - server/utils.c | 3 +-- - 20 files changed, 76 insertions(+), 113 deletions(-) - -commit 2e2e7fcc0eb9065aa40c5ea915ecb48a99bd9c51 -Merge: fad0ef8 98e6314 -Author: Michael Rash -Date: Mon May 20 21:57:42 2013 -0400 - - Merge remote-tracking branch 'fjoncourt/save_rc_stanza' - - Closes issues #81 and #82 thanks to Franck. - -commit 05585cab8a916eb734108fd93f32865b5ae8f8fd -Merge: 6c59c9a fad0ef8 -Author: Franck Joncourt -Date: Mon May 20 22:02:31 2013 +0200 - - Merge remote-tracking branch 'upstream/master' - -commit 98e631451f34cff6713b51d0291a3ab626786ba8 -Author: Franck Joncourt -Date: Mon May 20 21:58:18 2013 +0200 - - Fixed stanza name in log message. We display the stanza we were looking for, not the current one. - - client/config_init.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -commit 209b189f202d02134d2523f7479b240ab9863b1a -Merge: 5e3d9b6 fad0ef8 -Author: Franck Joncourt -Date: Mon May 20 11:08:33 2013 +0200 - - Merge remote-tracking branch 'upstream/master' into save_rc_stanza - -commit fad0ef8690eba98279558b2984cbe72920262804 -Author: Michael Rash -Date: Sun May 19 16:15:19 2013 -0400 - - [test suite] added 'equal keys' files - - test/conf/fwknoprc_hmac_equal_keys | 4 ++++ - test/conf/hmac_equal_keys_access.conf | 17 +++++++++++++++++ - 2 files changed, 21 insertions(+) - -commit 5e3d9b6e0bdf661fea02f960b8db841afc48d56f -Author: Franck Joncourt -Date: Sun May 19 22:00:51 2013 +0200 - - Do not assume two rc sections are separated by an empty line. (mrash/fwknop#81) - - client/config_init.c | 68 +++++++++++++++++++++++++++++----------------------- - 1 file changed, 38 insertions(+), 30 deletions(-) - -commit dc2ff2119caa81a9a3187e95f51ed34544398749 -Author: Michael Rash -Date: Sun May 19 15:50:16 2013 -0400 - - [client] finished documenting client command line options via the man page - - doc/fwknop.man.asciidoc | 69 +++++++++++++++++++++++++++++++++++-------------- - 1 file changed, 50 insertions(+), 19 deletions(-) - -commit 72ab0bf5d5b046d28004fea523a03ec6c1f50800 -Author: Michael Rash -Date: Sun May 19 15:29:20 2013 -0400 - - [test suite] added client -f firewall timeout tests - - test/tests/rijndael_hmac.pl | 24 ++++++++++++++++++++++++ - 1 file changed, 24 insertions(+) - -commit 16f96a3e5391d381048e2ea2331d4ab50a2b12d8 -Author: Michael Rash -Date: Sun May 19 14:36:32 2013 -0400 - - [server] port list memory leak bug fix for OpenBSD/pf and FreeBSD/ipfw firewall interface code found by Coverity - - server/access.c | 5 +++-- - server/fw_util_ipfw.c | 3 +++ - server/fw_util_pf.c | 4 ++++ - 3 files changed, 10 insertions(+), 2 deletions(-) - -commit e31459bb1e4664482b5ccd49d9ff0326d63aabe5 -Author: Michael Rash -Date: Sun May 19 14:12:58 2013 -0400 - - updated client and server man page material - - client/fwknop.8.in | 503 +++++++++++++++++++++++++++++++++++----------------- - server/fwknopd.8.in | 59 ++++-- - 2 files changed, 381 insertions(+), 181 deletions(-) - -commit 0cc5c3495ec30691e5d7e5b65de056e4ab2a7847 -Merge: 0a279cc 4e5b960 -Author: Michael Rash -Date: Sun May 19 12:57:36 2013 -0400 - - Merge branch 'master' of github.com:mrash/fwknop - -commit 4e5b96054cf98af86cb5297faa4c668aee16843d -Merge: 96bbf7e 3e16d66 -Author: Michael Rash -Date: Sun May 19 09:57:07 2013 -0700 - - Merge pull request #80 from fjoncourt/fix-gpl2.0 - - [FTBS] Fixed gpl2.0.texi - -commit 3e16d6694c07e8e92eaf590cb79b19dd4f729524 (refs/remotes/fjoncourt/fix-gpl2.0) -Author: Franck Joncourt -Date: Sun May 19 17:14:35 2013 +0200 - - Fixed gpl2.0.texi to make it build. - - The @appendixsubsec entries are substituted by @appendixsec entries. - - doc/gpl-2.0.texi | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -commit 6c59c9ade80d905dbf597917fb55f80214a69631 -Merge: cee5807 96bbf7e -Author: Franck Joncourt -Date: Sun May 19 15:34:20 2013 +0200 - - Merge remote-tracking branch 'upstream/master' - -commit 0a279ccbfcb0be44e4e82f9ced28641a8d5cc3ef -Author: Michael Rash -Date: Sat May 18 22:49:38 2013 -0400 - - [client] minor --verbose display update to say source port is 'OS assigned' when not otherwise set - - client/spa_comm.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -commit 96bbf7e61abd9b0238392e79b412e332e3e95783 -Author: Michael Rash -Date: Sat May 18 22:36:13 2013 -0400 - - [client] bug fix to separate out --named-config vs. --no-save-args command line args - - client/config_init.c | 47 ++++++++++++++++++++++++++--------------------- - client/fwknop.c | 2 +- - doc/fwknop.man.asciidoc | 2 +- - 3 files changed, 28 insertions(+), 23 deletions(-) - -commit 15b1382160d48b253d951eceadbe14a01034d55b -Author: Michael Rash -Date: Sat May 18 16:39:08 2013 -0400 - - [test suite] slurp openssl HMAC from file into single string (it may be binary data) - - test/test-fwknop.pl | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -commit 61459c65f5a926a2740b067b47206be8c4c04c2c -Author: Michael Rash -Date: Sat May 18 12:13:50 2013 -0400 - - added test suite HMAC != enc key conf files - - Makefile.am | 2 ++ - 1 file changed, 2 insertions(+) - -commit 23a354fced4a32d083f4f854b5feb2ad6747cf18 -Author: Michael Rash -Date: Sat May 18 12:10:18 2013 -0400 - - [client+server] ensure HMAC key and encryption passphrase are not the same - - client/fwknop.c | 12 ++++++++++++ - server/access.c | 30 +++++++++++++++++++++++++++++- - test/test-fwknop.pl | 3 +++ - test/tests/rijndael_hmac.pl | 24 ++++++++++++++++++++++++ - 4 files changed, 68 insertions(+), 1 deletion(-) - -commit 731ca0e038ecd9f3e7e4a4a138ef98dc021f37b6 -Author: Michael Rash -Date: Sat May 18 10:51:49 2013 -0400 - - [client] added warning in --verbose mode if -s is used instead of -a or -R - - client/config_init.c | 17 +++++++++++++---- - 1 file changed, 13 insertions(+), 4 deletions(-) - -commit c02ec41ca099815c5422ed16c4e339afa604d8c4 -Author: Michael Rash -Date: Sat May 18 08:34:20 2013 -0400 - - [test suite] minor bug fix to preserve the init file - - test/test-fwknop.pl | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -commit cee5807debf3f49ed520ed8cfe648e9254ac62a1 -Author: Franck Joncourt -Date: Sat May 18 10:54:44 2013 +0200 - - First draft to be able to use stdin as an input for submitting fwknop key. - - mrash/fwknop#74 - - client/cmd_opts.h | 4 ++ - client/config_init.c | 7 +++ - client/fwknop.c | 12 ++-- - client/fwknop_common.h | 1 + - client/getpasswd.c | 168 +++++++++++++++++++++++++++++-------------------- - client/getpasswd.h | 2 +- - 6 files changed, 118 insertions(+), 76 deletions(-) - -commit ebe1aec54250f5ae8fbacd84254f0b71a0d370c6 -Author: Michael Rash -Date: Fri May 17 23:05:58 2013 -0400 - - continued man page updates in preparation for the 2.5 release - - doc/fwknop.man.asciidoc | 175 +++++++++++++++++++++++++---------------------- - doc/fwknopd.man.asciidoc | 69 ++++++++++++++----- - 2 files changed, 146 insertions(+), 98 deletions(-) - -commit 7cb23c75cca87d497215da27b6a263a694bc0b27 -Author: Michael Rash -Date: Fri May 17 22:34:26 2013 -0400 - - [server] added check to ensure any existing fwknop jump rule is not duplicated at init - - CREDITS | 4 +++ - server/fw_util_iptables.c | 66 +++++++++++++++++++++++++++++++++++------------ - 2 files changed, 53 insertions(+), 17 deletions(-) - -commit cabcaf2174b1a2e0c714f8a9ca56ff3ab2ed95d4 -Author: Michael Rash -Date: Fri May 17 22:28:03 2013 -0400 - - [server] apply same logging policy for --fw-* modes as --foreground mode - - server/log_msg.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -commit 45244114f82b4ab1453bbb7b22b7bb75d96b6df0 -Author: Michael Rash -Date: Fri May 17 21:03:16 2013 -0400 - - [client] --key-gen bug fix to print keys to stdout - - client/config_init.c | 5 ++++- - client/fwknop.c | 11 ++++++++++- - lib/fko_funcs.c | 10 ++++++++-- - test/test-fwknop.pl | 27 ++++++++++++++++++--------- - test/tests/rijndael.pl | 3 ++- - 5 files changed, 42 insertions(+), 14 deletions(-) - -commit b6562d3bf379fc5937e73e6c17eb03a7cade32fb -Merge: 2c8469e 95615c9 -Author: Michael Rash -Date: Wed May 15 21:31:17 2013 -0400 - - Merge remote-tracking branch 'fjoncourt/master' - - Closes issues #76 and #60. - -commit 2c8469e95e219f42c0a206454d6d0919a7447e4c -Author: Michael Rash -Date: Wed May 15 21:17:39 2013 -0400 - - [client] man page update for GPG key signing material - - doc/fwknop.man.asciidoc | 24 ++++++++++++++++++++++-- - 1 file changed, 22 insertions(+), 2 deletions(-) - -commit a6f9f1d9ec23df5cb1e4f60234602e315f154349 -Author: Michael Rash -Date: Wed May 15 20:59:29 2013 -0400 - - [client] completed fwknop client man page rc variable documentation - - doc/fwknop.man.asciidoc | 203 ++++++++++++++++++++++++++++++++---------------- - 1 file changed, 138 insertions(+), 65 deletions(-) - -commit 366255188adf06b8a9bc05fc554a89232ba6decb -Author: Michael Rash -Date: Tue May 14 23:28:45 2013 -0400 - - HMAC and PBKDF1 ChangeLog updates - - ChangeLog | 24 +++++++++++++++--------- - 1 file changed, 15 insertions(+), 9 deletions(-) - -commit e1a7011bf37413fb2d90907a48be80773c2efffd -Author: Michael Rash -Date: Tue May 14 23:22:03 2013 -0400 - - [docs] fwknop client man page update for HMAC material - - doc/fwknop.man.asciidoc | 210 +++++++++++++++++++++++++++++------------------- - 1 file changed, 129 insertions(+), 81 deletions(-) - -commit 95615c90e2eb9a6e246709bce79bc7fedd609736 -Merge: bb90a8b e73d13e -Author: Franck Joncourt -Date: Tue May 14 22:15:19 2013 +0200 - - Merge remote-tracking branch 'upstream/master' - -commit bb90a8bf7557bce71223ef66119a0dd98eecea91 -Author: Franck Joncourt -Date: Tue May 14 22:08:44 2013 +0200 - - Fixed gcc warnings on openbsd. - mrash/fwknop#60 - - client/getpasswd.c | 2 +- - lib/digest.c | 70 +++++++++++++++++------------- - lib/digest.h | 10 ++--- - lib/fko_encode.c | 6 +-- - lib/fko_rand_value.c | 6 ++- - lib/gpgme_funcs.c | 2 +- - server/utils.c | 120 ++++++++++++++++++++++++++++++--------------------- - 7 files changed, 127 insertions(+), 89 deletions(-) - -commit e73d13e14086b00435f0248d8d8a7df0885a771f -Author: Michael Rash -Date: Mon May 13 23:11:33 2013 -0400 - - minor write_test_file() path bug fix - - test/test-fwknop.pl | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -commit 4e5fb77dd046b99a629aa2da0349b0128fef92f5 -Merge: fb80575 31d94d5 -Author: Michael Rash -Date: Mon May 13 23:10:26 2013 -0400 - - Merge remote-tracking branch 'fjoncourt/master' - - Merged update from Franck - closes issue #71. - -commit fb80575209a8276767457b2c5fefaa42ea1aca23 -Author: Michael Rash -Date: Mon May 13 20:52:14 2013 -0400 - - [server] minor memory leak bug fix during SPA digest calculation found by Coverity - - server/incoming_spa.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -commit 6a2bc3db2718ab06c07c93b208dbd072d0ba5560 -Author: Michael Rash -Date: Mon May 13 20:48:23 2013 -0400 - - [server] minor memory leak bug fix during access.conf parsing found by Coverity - - server/access.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -commit 8e31f8feb02585e1b110efd6e01228425bff11ce -Author: Michael Rash -Date: Mon May 13 20:42:07 2013 -0400 - - [server] varargs cleanup bug fix found by Coverity - - server/log_msg.c | 3 +++ - 1 file changed, 3 insertions(+) - -commit d60870740da90c2eca0a8910dd5cd616438ddabd -Author: Michael Rash -Date: Mon May 13 20:41:25 2013 -0400 - - [server] fix pointer NULL check after strdup() - found by Coverity - - server/incoming_spa.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -commit 0c3da4bee4126ab96cabf35f45d2d02751d9e543 -Author: Michael Rash -Date: Mon May 13 20:40:29 2013 -0400 - - [server] minor cosmetic (unnecessary NULL checks and one un-triggerable memory leak) found by Coverity - - server/fw_util_iptables.c | 15 +++++++++++---- - 1 file changed, 11 insertions(+), 4 deletions(-) - -commit cdd0a5f3f379627cd91ddf2cd597b30d11c5795b -Author: Michael Rash -Date: Mon May 13 20:38:39 2013 -0400 - - [server] minor memory leak bug fix during access.conf parsing found by Coverity - - server/access.c | 1 + - 1 file changed, 1 insertion(+) - -commit 9dbb62ae1ef53fccdefa1894d09c422719d5af83 -Merge: 31d94d5 c83bc15 -Author: Franck Joncourt -Date: Mon May 13 16:30:27 2013 +0200 - - Merge remote-tracking branch 'upstream/master' - -commit 48a3f7a1797c557aa7babf13c7a2e5188016bb7b (refs/remotes/web/gpgme_autoconf_macro, refs/remotes/origin/gpgme_autoconf_macro, refs/heads/gpgme_autoconf_macro) -Author: Michael Rash -Date: Sun May 12 23:48:44 2013 -0400 - - added m4/gpgme.m4 file - - Makefile.am | 1 + - 1 file changed, 1 insertion(+) - -commit c83bc15c5eb9d6597df17cd9b421ab818548b210 (tag: refs/tags/fwknop-2.5-pre1) -Author: Michael Rash -Date: Sun May 12 22:42:13 2013 -0400 - - bumped VERSION file to fwknop-2.5-pre1 - - VERSION | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -commit 1144284913d78764e22742a45fe0cdaa0cb27fb7 -Merge: c6b2c0d 3246c3c -Author: Michael Rash -Date: Sun May 12 22:31:18 2013 -0400 - - Merge branch 'master' into gpgme_autoconf_macro - -commit 3246c3c6b0a40c380660f4885334c06e48213977 -Author: Michael Rash -Date: Sun May 12 22:30:28 2013 -0400 - - [test suite] added hmac_get_key_access.conf file - - test/conf/hmac_get_key_access.conf | 4 ++++ - 1 file changed, 4 insertions(+) - -commit c6b2c0def42765f1124a0b43acdb8e04e8c071a2 -Author: Michael Rash -Date: Sun May 12 22:25:16 2013 -0400 - - Added gpgme autoconf m4 macro to fix an undefined AM_PATH_GPGME error - - For systems that don't have libgpgme installed, the addition of the m4/gpgme.m4 - file fixes the following error when running the autogen.sh script: - - configure.ac:313: error: possibly undefined macro: AC_DEFINE - If this token and others are legitimate, please use m4_pattern_allow. - See the Autoconf documentation. - configure.ac:326: error: possibly undefined macro: AM_PATH_GPGME - configure.ac:329: error: possibly undefined macro: AC_MSG_FAILURE - - autogen.sh | 2 +- - m4/gpgme.m4 | 307 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 308 insertions(+), 1 deletion(-) - -commit 09f073d393ea29c9ad22b72491e0cf97da058c1c -Author: Michael Rash -Date: Sun May 12 21:04:25 2013 -0400 - - Added blurb on Coverity to the ChangeLog - - ChangeLog | 8 ++++++++ - 1 file changed, 8 insertions(+) - -commit 838782f19810d38ef2ffe556426faaf6e49d42f5 -Author: Michael Rash -Date: Sun May 12 20:57:19 2013 -0400 - - [test suite] added fko_destroy() calls to fko-wrapper - - test/fko-wrapper/fko_wrapper.c | 127 ++++++++++++++++++++++++++++++++++++++--- - 1 file changed, 118 insertions(+), 9 deletions(-) - -commit 1caf6035d9e475f3c98ee97e9c28996c7f5e54d6 -Author: Michael Rash -Date: Sun May 12 20:54:44 2013 -0400 - - [server] fixed potential double-free condition found by Coverity - - Within the access loop always call fko_destroy() right up front whenever - ctx != NULL to ensure a clean slate each time through the loop regardless of - what state may have been reached the previous time through the loop. - - server/incoming_spa.c | 58 +++++++++++++++++++++++++-------------------------- - 1 file changed, 28 insertions(+), 30 deletions(-) - -commit c555a35489b830b20f2270b91bace1e42d455e3e -Author: Michael Rash -Date: Sun May 12 20:54:04 2013 -0400 - - [client] set ctx=NULL after fko_destroy() calls - - client/fwknop.c | 27 +++++++++++++++++++++++++++ - client/getpasswd.c | 2 ++ - 2 files changed, 29 insertions(+) - -commit d85c2e74ce06ac461bb84dd508f8a5562a0483c8 -Author: Michael Rash -Date: Sun May 12 20:53:22 2013 -0400 - - [libfko] set ctx=NULL after fko_destroy(), add NULL check for encrypted msg pointer in fko_new_with_data() - - lib/fko_funcs.c | 120 ++++++++++++++++++++++++++++++-------------------------- - 1 file changed, 65 insertions(+), 55 deletions(-) - -commit 7b3c854a024c9778b4c16fea075e5a80a53c7ea2 -Author: Michael Rash -Date: Sun May 12 20:49:00 2013 -0400 - - [libfko] added context initialized check to fko_decrypt_spa_data() - - lib/fko_encryption.c | 3 +++ - 1 file changed, 3 insertions(+) - -commit 6d0f970b3441b5980cff69eeb636963558b1e617 -Author: Michael Rash -Date: Sun May 12 15:02:31 2013 -0400 - - [libfko] bug fix to apply ctx initialization check before attempting to use ctx->message_type in fko_set_spa_client_timeout() - - lib/fko_client_timeout.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -commit 38395b04c69268004519a54efd3331e6e1c6583d -Author: Michael Rash -Date: Sun May 12 14:43:19 2013 -0400 - - [test suite] add -x to run_valgrind.sh fko-wrapper script - - test/fko-wrapper/run_valgrind.sh | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -commit 3302dd42207d1aa40a3a90386aec8e6a34169c36 -Author: Michael Rash -Date: Sun May 12 14:42:35 2013 -0400 - - [test suite] added -g to fko_wrapper Makefile for debugging symbols - - test/fko-wrapper/Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -commit 31d94d50b1d841073d6c7160cfb83d7279d907cf -Author: Franck Joncourt -Date: Sun May 12 17:35:19 2013 +0200 - - Added tests to validate the encryption mode for the client. - Renamed the CBC legacy VI encryption mode by legacy as mentionned in the man page. - - lib/fko_util.c | 2 +- - test/tests/basic_operations.pl | 81 ++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 82 insertions(+), 1 deletion(-) - -commit 160c21d6b63f79f12d5166c860aad05cc76aad87 -Author: Franck Joncourt -Date: Sun May 12 16:52:52 2013 +0200 - - Rewrite enc_mode_inttostr() and enc_mode_strtoint(). - - Make sure both functions works the same way and refer to the same - encryption mode string. - - Updated the fwknop usage message to display the encryption mode. - - client/config_init.c | 9 ++++ - lib/fko_common.h | 4 ++ - lib/fko_util.c | 130 ++++++++++++++++++++++++++++++--------------------- - 3 files changed, 90 insertions(+), 53 deletions(-) - -commit a8410d8f2a6a77ae2be76a67f05af80f47927f9d -Author: Michael Rash -Date: Sat May 11 13:28:55 2013 -0400 - - [test suite] allow valgrind coverage test to run after --test-limit - - test/test-fwknop.pl | 58 ++++++++++++++++++++++++++--------------------------- - 1 file changed, 28 insertions(+), 30 deletions(-) - -commit 282b0198ecabc69b1aa9adc9bc839b6a9dea2967 -Author: Michael Rash -Date: Thu May 9 22:43:05 2013 -0400 - - [libfko] changed 'state' context element to 'int' type to fix a 'extra high-order bits' bug found by Coverity - - lib/fko_context.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -commit aafc3ac264e9e8b347ba6b3b3b487e94b03fe7ef -Author: Michael Rash -Date: Thu May 9 22:35:08 2013 -0400 - - [server] setsockopt() nad fcntl() return value checking (found by Coverity) - - server/fwknopd.c | 7 ++++++- - server/tcp_server.c | 7 ++++++- - 2 files changed, 12 insertions(+), 2 deletions(-) - -commit 72e4edbf6a3b0c4bc361183b94e5495908e1e618 -Author: Michael Rash -Date: Thu May 9 22:14:06 2013 -0400 - - [libfko] fixed remaining sizeof() usage bug in SHA256 code found by Coverity - - lib/sha2.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -commit 62edf0910147435290c8fb8bc3d9d78c37ef1758 -Author: Michael Rash -Date: Thu May 9 22:13:25 2013 -0400 - - [libfko] fixed remaining buffer constraints in lib/hmac.c code found by Coverity - - lib/hmac.c | 52 ++++++++++++++++------------------------------------ - 1 file changed, 16 insertions(+), 36 deletions(-) - -commit add518016c533c06fbdce5eb8a9adb5a903e178f -Author: Michael Rash -Date: Thu May 9 22:10:38 2013 -0400 - - [client] removed unnecessary array NULL check found by Coverity - - client/config_init.c | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -commit 9046acaf22650b2c3f71185d8a1201647c431a7b -Author: Michael Rash -Date: Thu May 9 21:56:13 2013 -0400 - - [libfko] memory leak fixes found by Coverity - - lib/fko_encryption.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -commit 8c09d38941485623a452b4f2c8fd3946482414d0 -Author: Michael Rash -Date: Thu May 9 21:17:27 2013 -0400 - - various sizeof() usage and type bug fixes found by Coverity - - client/config_init.c | 2 +- - client/fwknop.c | 14 +++++++------- - lib/fko_encryption.c | 6 ++++-- - lib/hmac.c | 10 +++++----- - lib/md5.c | 3 ++- - lib/sha2.c | 10 +++++----- - server/fwknopd.c | 7 +++++-- - 7 files changed, 29 insertions(+), 23 deletions(-) - -commit b92f892ae089679a80cb3ecc0217c5c0b8b700d8 -Author: Michael Rash -Date: Thu May 9 21:11:45 2013 -0400 - - [test suite] minor bug fix for printing the number of test buckets to be executed - - test/test-fwknop.pl | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -commit 9f9bbcbcdd8a47ee29bf60bb2f2728685bbc7aec -Author: Michael Rash -Date: Wed May 8 23:55:35 2013 -0400 - - fixed several resource leak conditions found by Coverity - - client/config_init.c | 9 +++++---- - client/spa_comm.c | 1 + - lib/fko_encryption.c | 23 ++++++++++++++++++++++- - lib/fko_user.c | 10 +++++++++- - server/fwknopd.c | 31 +++++++++++++++++-------------- - 5 files changed, 54 insertions(+), 20 deletions(-) - -commit aaa28d4ab3437f3641aedf98074d8325ecec1196 -Author: Michael Rash -Date: Wed May 8 23:44:13 2013 -0400 - - [server] double free bug fix in access.conf parsing routine caught by Coverity - - server/access.c | 2 -- - 1 file changed, 2 deletions(-) - -commit 3a1efd9321b428fc3dcebab18ee1d3453de4cab0 -Author: Michael Rash -Date: Tue May 7 23:35:34 2013 -0400 - - [server] fixed several (non-exploitable) overflow conditions found by Coverity - - lib/fko_encryption.c | 2 +- - lib/hmac.c | 60 +++++++++++++++++++++++++++++++++++++++------------- - 2 files changed, 46 insertions(+), 16 deletions(-) - -commit 8d980ae68646af35b531713b2d01bbf24e3a9468 -Author: Michael Rash -Date: Tue May 7 23:02:49 2013 -0400 - - remove dead code caught by Coverity - - client/fwknop.c | 2 +- - lib/cipher_funcs.c | 6 ++---- - server/extcmd.c | 3 --- - 3 files changed, 3 insertions(+), 8 deletions(-) - -commit 50f0ee2f7db5d0d2290efa3fee10339318fa023f -Author: Michael Rash -Date: Tue May 7 22:52:35 2013 -0400 - - [server] bug fix for GPG 'nesting level does not match indentation' issue (discovered by Coverity) - - server/incoming_spa.c | 2 ++ - 1 file changed, 2 insertions(+) - -commit e1c6f04ef9658557fbfe99ff0953d206d8f0f0f5 -Author: Michael Rash -Date: Tue May 7 21:43:38 2013 -0400 - - [client] fix missing 'break' in switch statement (discovered by Coverity) - - client/config_init.c | 2 ++ - 1 file changed, 2 insertions(+) - -commit 8f423e8b89915b0b1c6ae37b9d505d37f2c18315 -Author: Michael Rash -Date: Mon May 6 22:23:59 2013 -0400 - - [server] added --pcap-any-direction along with config file support - - From the config file comments: - - This variable controls whether fwknopd is permitted to sniff SPA packets - regardless of whether they are received on the sniffing interface or sent - from the sniffing interface. In the later case, this can be useful to have - fwknopd sniff SPA packets that are forwarded through a system and destined - for a different network. If the sniffing interface is the egress interface - for such packets, then this variable will need to be set to "Y" in order for - fwknopd to see them. The default is "N" so that fwknopd only looks for SPA - packets that are received on the sniffin - - PCAP_ANY_DIRECTION N; - - server/cmd_opts.h | 3 +++ - server/config_init.c | 3 +++ - server/fwknopd.conf | 12 ++++++++++++ - server/fwknopd_common.h | 9 +++++++++ - server/pcap_capture.c | 3 ++- - test/test-fwknop.pl | 9 ++++++--- - 6 files changed, 35 insertions(+), 4 deletions(-) - -commit 5aac3d978c8eadb81b10a055d176a950994f91ac -Author: Michael Rash -Date: Mon May 6 22:22:22 2013 -0400 - - minor typo fix - - test/tests/rijndael.pl | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -commit a9a143a85d54bf4443a1b6c9ef61d8e74cc55da0 -Merge: d4577ab eb143db -Author: Franck Joncourt -Date: Mon May 6 11:52:35 2013 +0200 - - Merge remote-tracking branch 'upstream/master' - -commit d4577ab697414cddb1fdb9d3794249a7cb005ed4 -Author: Franck Joncourt -Date: Mon May 6 11:49:16 2013 +0200 - - Added new tests to the test suite to validate the --save-rc-stanza command line argument. - - test/test-fwknop.pl | 2 +- - test/tests/basic_operations.pl | 223 ++++++++++++++++++++++++++++++++++++++--- - 2 files changed, 209 insertions(+), 16 deletions(-) - -commit b3cbf1ecfa513647e03f207bf4ba7b16d0ffa2a8 -Author: Franck Joncourt -Date: Mon May 6 10:02:02 2013 +0200 - - Replaced printf() by log_msg(). - - client/fwknop.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -commit eb143db9a7f540f83ee538aff63f44e151c453dc -Author: Michael Rash -Date: Sun May 5 21:54:07 2013 -0400 - - [client] added --get-hmac-key to mirror --get-key, closes #68 - - ChangeLog | 4 ++++ - Makefile.am | 1 + - client/cmd_opts.h | 2 ++ - client/config_init.c | 17 ++++++++++++++++ - client/fwknop.c | 30 +++++++++++++-------------- - client/fwknop_common.h | 1 + - client/getpasswd.c | 28 ++++++++++++++++---------- - client/getpasswd.h | 6 +++++- - doc/fwknop.man.asciidoc | 49 ++++++++++++++++++++++++++++++++------------- - test/test-fwknop.pl | 18 ++++++++++++++++- - test/tests/rijndael_hmac.pl | 18 +++++++++++++++++ - 11 files changed, 132 insertions(+), 42 deletions(-) - -commit 83493a424c7c0d7e7e927b2384a55ec56b2dadbe -Merge: 314cc3e 0363a20 -Author: Michael Rash -Date: Sun May 5 21:01:26 2013 -0400 - - Merge branch 'master' of github.com:mrash/fwknop - -commit 314cc3eb23d9ef58790afe4f75530d8eb1558b14 -Merge: 3c32839 63fed30 -Author: Michael Rash -Date: Sun May 5 20:59:04 2013 -0400 - - Merge remote-tracking branch 'origin/win32_fixes' - - This fixes issue #69 thanks to Damien. - -commit 0363a2099a03a11d9d034381fb0a371f5f10ed92 -Author: Damien S. Stuart -Date: Sun May 5 20:44:47 2013 -0400 - - Regenerated the client and server manpage .in files from the asciidoc sources - - client/fwknop.8.in | 125 ++++++++++++++++++++++++++++++++++++++++++---- - server/fwknopd.8.in | 139 +++++++++++++++++++++++++++++++++++++++++++++------- - 2 files changed, 236 insertions(+), 28 deletions(-) - -commit 63fed301b82b8f92bc9a80fa7167743c2fd0cd54 (refs/remotes/origin/win32_fixes) -Merge: 2c1a911 c0c0941 -Author: Damien S. Stuart -Date: Sun May 5 20:37:02 2013 -0400 - - Merge branch 'win32_fixes' of ssh://github.com/mrash/fwknop into win32_fixes - -commit 2c1a911a50982afc417f49bbd7f2c0122f6d6297 -Author: Damien S. Stuart -Date: Sun May 5 20:36:33 2013 -0400 - - Copied the win32 Visual Studio solution and project files to preserve a VS 2008 version. - - win32/README.VISUAL_STUDIO | 26 ++ - win32/fwknop-client.vcproj.vs2008 | 543 +++++++++++++++++++++++++++++++++++++ - win32/libfko.sln.vs2008 | 44 +++ - win32/libfko.vcproj.vs2008 | 558 ++++++++++++++++++++++++++++++++++++++ - 4 files changed, 1171 insertions(+) - -commit c0c0941d5525375e5a5513e1d723c974ff030cf5 -Author: Damien Stuart -Date: Sun May 5 19:02:48 2013 -0400 - - Tweaked WIN32 conditional for using inet_ntoa instead of inet_ntop to apply only to versions below Vista (WINVER <= 0x0600) - - client/utils.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -commit b84415c33cbff2f13448c89eb46820b04c63583c -Author: Damien Stuart -Date: Sun May 5 16:37:18 2013 -0400 - - Use inet_aton on Windows (Older windows versions do not have enet_ntop). - - client/utils.c | 20 +++++++++++++++++--- - 1 file changed, 17 insertions(+), 3 deletions(-) - -commit 327257ef5fc7d5d5985c24b302bdccbeeee77259 -Author: Franck Joncourt -Date: Sun May 5 22:03:21 2013 +0200 - - Fixed command line arguments (key-base64-rijndael and key-base64-hmac). - - The cmd_opts structure containing the command line args does not follow the - documentation. This update fix it. - - client/cmd_opts.h | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -commit ea8a9419ed6f33607e0a73dbe8fd088e9e3574dd -Author: Franck Joncourt -Date: Sun May 5 22:00:02 2013 +0200 - - Added force-stanza to the client documentation. - - doc/fwknop.man.asciidoc | 4 ++++ - 1 file changed, 4 insertions(+) - -commit f3da6853488109414928beba98fa9a411c3c41ac -Merge: 17a105f 5804e15 -Author: Franck Joncourt -Date: Sun May 5 21:47:21 2013 +0200 - - Merge remote-tracking branch 'upstream/master' - -commit 17a105fd8a08e060ec667d825f524751effda522 -Author: Franck Joncourt -Date: Sun May 5 21:43:31 2013 +0200 - - Added GPG_SIGNER and GPG_RECIPIENT to the list of important variables. - - client/config_init.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -commit b8145f6d7f1d7c545f2f98fce4e754273d3f1984 -Author: Franck Joncourt -Date: Sun May 5 21:13:26 2013 +0200 - - Added --force-stanza command line arg to avoid prompting the user. - - client/cmd_opts.h | 2 ++ - client/config_init.c | 14 ++++++++++++-- - client/fwknop_common.h | 1 + - 3 files changed, 15 insertions(+), 2 deletions(-) - -commit 15d9c6197b3cc233c906e0901a291a6329297b71 -Author: Damien Stuart -Date: Sun May 5 13:20:20 2013 -0400 - - Fixes to get hmac_support and 2.5 changes working for the Windows lib and client builds. - - client/spa_comm.c | 8 ++++---- - client/utils.c | 2 ++ - client/utils.h | 11 +++++++++-- - common/common.h | 10 ++++++++++ - lib/cipher_funcs.c | 2 +- - lib/fko_encryption.c | 2 +- - lib/fko_util.c | 22 ++++++++++++++++++++++ - lib/fko_util.h | 4 ++++ - win32/fwknop-client.vcproj | 24 ++++++++++++++++++++++++ - win32/libfko.vcproj | 20 ++++++++++++++++++++ - 10 files changed, 97 insertions(+), 8 deletions(-) - -commit 3c3283992c71291b9028121fe90e5381a5b3ef36 -Author: Michael Rash -Date: Sat May 4 14:16:06 2013 -0400 - - (Franck Joncourt) patch to address sprintf() warnings for issue #60 - - client/http_resolve_host.c | 4 +++- - server/fw_util_iptables.c | 2 +- - 2 files changed, 4 insertions(+), 2 deletions(-) - -commit 9d8d1de60d1aece79ce5c5f700bfc1976bbc7e5e -Author: Franck Joncourt -Date: Sat May 4 17:02:02 2013 +0200 - - Ask the user whether he wants to overwrite a variable in the updated rc file or not. - - client/config_init.c | 42 +++++++++++++++++++++++++++++++----------- - 1 file changed, 31 insertions(+), 11 deletions(-) - -commit 5804e15859aee23e9af2fd4bd917c4c5fbc29372 -Merge: d61d5b9 621e7b1 -Author: Michael Rash -Date: Sat May 4 09:41:27 2013 -0400 - - Merge remote-tracking branch 'ag4ve/master' - - (Shawn Wilson) This adds better source IP logging for fwknopd log messages. - Closes #70. - -commit 9f43f7a6ff994d5515469e109c005352b0f17332 -Merge: f217506 d61d5b9 -Author: Franck Joncourt -Date: Sat May 4 15:34:34 2013 +0200 - - Merge remote-tracking branch 'upstream/master' - -commit f2175062347a1b300d4b71440fd257d7e0ab4c02 -Author: Franck Joncourt -Date: Sat May 4 15:33:03 2013 +0200 - - Fixed names of function for better understanding. - - client/config_init.c | 16 +++++++++++----- - 1 file changed, 11 insertions(+), 5 deletions(-) - -commit d61d5b964ea50356aff3474718be9ef1c24a7012 -Author: Michael Rash -Date: Fri May 3 23:17:24 2013 -0400 - - [test suite] added Cygwin client compatibility tests - - Makefile.am | 1 + - test/conf/hmac_no_b64_cygwin_access.conf | 4 ++++ - test/test-fwknop.pl | 1 + - test/tests/rijndael.pl | 19 +++++++++++++++++++ - test/tests/rijndael_backwards_compatibility.pl | 12 ++++++++++++ - test/tests/rijndael_hmac.pl | 21 +++++++++++++++++++++ - 6 files changed, 58 insertions(+) - -commit 589a68b97bc9c84d4f24dd8015a30901aac087b8 -Author: Michael Rash -Date: Fri May 3 20:56:05 2013 -0400 - - [test suite] additional iptables init/exit 'no flush' tests - - test/tests/gpg.pl | 43 +++++++++++++++++++++++++++++++++ - test/tests/gpg_no_pw.pl | 58 +++++++++++++++++++++++++++++++++++++++++++++ - test/tests/rijndael_hmac.pl | 44 ++++++++++++++++++++++++++++++++++ - 3 files changed, 145 insertions(+) - -commit df5f2d3ac07d0ed42b7c8989fc7bf653b513b911 -Author: Michael Rash -Date: Fri May 3 20:55:20 2013 -0400 - - [test suite] minor update to not count HMAC OpenSSL tests against non-ascii HMAC keys when the hexkey option is not supported - - test/test-fwknop.pl | 16 +++++++++------- - 1 file changed, 9 insertions(+), 7 deletions(-) - -commit 621e7b1c6d4b3033bb1825a7389143d91ae1666c (refs/remotes/ag4ve/master) -Merge: 9dc1d26 c086105 -Author: Shawn Wilson -Date: Fri May 3 12:28:49 2013 -0400 - - Merge branch 'master' of github.com:ag4ve/fwknop - - Pull in forked upstream - -commit 5f06cefb0286ee3337767ff321c972af7da908fe -Author: Michael Rash -Date: Fri May 3 08:35:24 2013 -0400 - - [test suite] added check for test script inclusion in Makefile.am - - Makefile.am | 1 + - test/test-fwknop.pl | 25 +++++++++++++++++++++---- - 2 files changed, 22 insertions(+), 4 deletions(-) - -commit 84768dda6fd6828d30e6cf26a4a107a9aaf5fb59 -Author: Franck Joncourt -Date: Fri May 3 13:49:32 2013 +0200 - - Continued implementing a way to not overwrite KEY.. variables with --save-rc-stanza - mrash/fwknop#67 - - client/config_init.c | 159 +++++++++++++++++++++++++++++++-------------------- - 1 file changed, 98 insertions(+), 61 deletions(-) - -commit c086105eb1b473c68f1d7677320c6564c4478806 -Author: Michael Rash -Date: Thu May 2 22:29:51 2013 -0400 - - [server] added tests on Linux systems for the iptables FLUSH_IPT_* vars - - test/test-fwknop.pl | 256 +++++++++++++++++++++++++++++------------------- - test/tests/gpg.pl | 4 +- - test/tests/gpg_no_pw.pl | 4 +- - test/tests/rijndael.pl | 62 +++++++++++- - 4 files changed, 221 insertions(+), 105 deletions(-) - -commit 2297dfd8c2c2a953efde72cd3051d21858c167f4 -Author: Michael Rash -Date: Thu May 2 22:26:21 2013 -0400 - - [server] minor memory leak bug fix for invalid date processing - - Bug fix to ensure to release memory when invalid access stanza dates are set - and fwknopd has to exit. This leak was caught with the test suite in - --enable-valgrind mode based on the following output: - - ==31947== 568 bytes in 1 blocks are still reachable in loss record 1 of 1 - ==31947== at 0x4C2CD7B: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) - ==31947== by 0x52EE42A: __fopen_internal (iofopen.c:73) - ==31947== by 0x1116A2: parse_access_file (access.c:909) - ==31947== by 0x10BAD5: main (fwknopd.c:194) - - server/access.c | 24 ++++++++++++++++-------- - 1 file changed, 16 insertions(+), 8 deletions(-) - -commit c71ce885be0c5d389aa37bbe2246704d584d575c -Author: Franck Joncourt -Date: Thu May 2 23:58:28 2013 +0200 - - First attempt to not ovewrite some configuration variables with --save-rc-stanza. - - At this time it only does not overwrite the KEY and HMAC variable without asking the user - what he wants to do. - - client/config_init.c | 153 +++++++++++++++++++++++++++++++++++---------------- - 1 file changed, 107 insertions(+), 46 deletions(-) - -commit 56ef34738edd53a2b7abafd7926f03af62b47251 -Author: Michael Rash -Date: Wed May 1 23:55:34 2013 -0400 - - [test suite] add new test files to Makefile.am - - Makefile.am | 6 ++++++ - test/conf/no_flush_exit_fwknopd.conf | 1 + - test/conf/no_flush_init_fwknopd.conf | 1 + - test/conf/no_flush_init_or_exit_fwknopd.conf | 2 ++ - 4 files changed, 10 insertions(+) - -commit 9dc1d26d6af5f02213a2f1385077c9189fb062d3 -Author: Shawn Wilson -Date: Wed May 1 10:59:48 2013 -0400 - - fixed more typos - - server/incoming_spa.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -commit e50d776ff7aa7b7990e8dede1db8684aab5e79c5 -Author: Shawn Wilson -Date: Wed May 1 10:42:13 2013 -0400 - - correct variable name typo - - server/incoming_spa.c | 50 +++++++++++++++++++++++++------------------------- - 1 file changed, 25 insertions(+), 25 deletions(-) - -commit 52e35b735d6b534705cf104774052dd495a3f627 -Author: Shawn Wilson -Date: Wed May 1 10:31:44 2013 -0400 - - add ip address to messages where appropriate - - server/incoming_spa.c | 94 +++++++++++++++++++++++++-------------------------- - 1 file changed, 47 insertions(+), 47 deletions(-) - -commit 23de2d6b5faf73318e105dc84977b262337ba312 -Author: Franck Joncourt -Date: Wed May 1 15:52:01 2013 +0200 - - Removed duplicate variable in the test suite (fake_spoof_ip/spoof_ip). - - test/test-fwknop.pl | 3 +-- - test/tests/rijndael.pl | 2 +- - 2 files changed, 2 insertions(+), 3 deletions(-) - -commit fca497f0d85ac583675797ec35eebc25dfa86be6 -Author: Franck Joncourt -Date: Wed May 1 15:13:42 2013 +0200 - - New tests for rc file processing (SPA_SOURCE_PORT, FW_TIMEOUT). - - Added spa source port variable to dump_transmit_options() and renamed port - to destination port. - - client/spa_comm.c | 12 +++++++++--- - test/tests/basic_operations.pl | 37 +++++++++++++++++++++++++++++++++++-- - 2 files changed, 44 insertions(+), 5 deletions(-) - -commit 209c0f16da9ca6bd677fc2378bafb2bd52c5d738 -Author: Franck Joncourt -Date: Wed May 1 14:33:35 2013 +0200 - - Protocol string is set has const char in fko_protocol_t. - - client/utils.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -commit 0f2487776206ea078693dd558879b1d6935dd6bb -Author: Michael Rash -Date: Wed May 1 08:21:11 2013 -0400 - - [test suite] minor comment addition so this isn't a zero-byte file - - test/conf/default_fwknopd.conf | 1 + - 1 file changed, 1 insertion(+) - -commit d93648cf99f0a307f5a9cd18b0620e02d586abcd -Author: Franck Joncourt -Date: Tue Apr 30 22:22:03 2013 +0200 - - Moved/Created proto_intostr() and proto_strtoint() to utils.c. - - This allows to update dump_transmit_options() to use the log module to dump data. - - client/config_init.c | 75 +++-------------------------------------------- - client/spa_comm.c | 39 +++++++----------------- - client/utils.c | 83 ++++++++++++++++++++++++++++++++++++++++++++++++++++ - client/utils.h | 14 +++++---- - common/common.h | 4 +++ - 5 files changed, 110 insertions(+), 105 deletions(-) - -commit 10a4e1f675096b325e959b1ae8bec7a15aac5ee1 -Author: Franck Joncourt -Date: Tue Apr 30 15:37:08 2013 +0200 - - Updated the TParam typedef to conform to the fko_cli_options_t typedef. - - client/config_init.c | 27 +++++++++++++++------------ - 1 file changed, 15 insertions(+), 12 deletions(-) - -commit 2110790a304934633742b39c02a8c8385cbcde73 -Author: Franck Joncourt -Date: Tue Apr 30 13:54:58 2013 +0200 - - Added new rc file processing tests for the SPA_SERVER_PORT. - - client/config_init.c | 2 +- - test/tests/basic_operations.pl | 22 ++++++++++++++++++++++ - 2 files changed, 23 insertions(+), 1 deletion(-) - -commit 90175250e5683bf75707c8f5330120562cdbc7f4 -Author: Michael Rash -Date: Mon Apr 29 22:14:39 2013 -0400 - - [client] add USE_HMAC handling to parse_rc_param() - - client/config_init.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -commit 892ee15ff9e574d78e716f87e89fa822e708a398 -Author: Michael Rash -Date: Mon Apr 29 21:52:07 2013 -0400 - - ChangeLog and credits updates for Franck - - CREDITS | 3 +++ - ChangeLog | 3 +++ - 2 files changed, 6 insertions(+) - -commit df5066447d48f1d09300784b306602866c66abef -Author: Michael Rash -Date: Mon Apr 29 21:43:21 2013 -0400 - - Started on --save-rc-stanza tests, client bug fix for HMAC verification in --test mode - - client/config_init.c | 38 ++++++++++---------- - client/fwknop.c | 15 +++----- - test/test-fwknop.pl | 27 ++++++++++++++- - test/tests/basic_operations.pl | 78 ++++++++++++++++++++++++++++++++++++++++++ - 4 files changed, 127 insertions(+), 31 deletions(-) - -commit b53699ef9246f905461a56bdb54fd0d342f4e0c5 -Author: Franck Joncourt -Date: Mon Apr 29 22:53:06 2013 +0200 - - Added tests for the SPA_SERVER_PROTO variable from an rc file. - - test/tests/basic_operations.pl | 56 +++++++++++++++++++++++++++++++++++++++++- - 1 file changed, 55 insertions(+), 1 deletion(-) - -commit 36202d8c66488be645af8aba80b377550c26e745 -Merge: 7a71938 ea5bb69 -Author: Franck Joncourt -Date: Mon Apr 29 22:21:18 2013 +0200 - - Merge remote-tracking branch 'upstream/master' - -commit 7a719389ca48cda8f1f3d8ef1faab1a5d8ee52bf -Author: Franck Joncourt -Date: Mon Apr 29 22:18:29 2013 +0200 - - Integrated the log module in the whol client source code. - - perror() is also replaced by log_msg() - - client/fwknop.c | 116 ++++++++++++++++++++++----------------------- - client/getpasswd.c | 4 +- - client/http_resolve_host.c | 40 ++++++++-------- - client/spa_comm.c | 89 +++++++++++++++++----------------- - client/utils.c | 15 +++--- - 5 files changed, 131 insertions(+), 133 deletions(-) - -commit ea5bb6937a79ffb70b307b4bf16ee1c17bc04c1e -Author: Michael Rash -Date: Sun Apr 28 21:52:14 2013 -0400 - - [test suite] add client rc file processing tests (digest only for now, more coming) - - test/test-fwknop.pl | 114 +++++++++++++++++++++++++++++++++++++++++ - test/tests/basic_operations.pl | 56 ++++++++++++++++++++ - 2 files changed, 170 insertions(+) - -commit b719c06769cb5367fb4998abb3451d2a75bae337 -Author: Michael Rash -Date: Sun Apr 28 21:51:16 2013 -0400 - - [client] ensure to set HMAC mode by default only when an HMAC key is used - - client/config_init.c | 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) - -commit 486f0ea52f6375c529f081143e0729e37fa77cb5 -Author: Michael Rash -Date: Sat Apr 27 22:41:17 2013 -0400 - - [test suite] restore gpg directories after test suite runs - - Makefile.am | 1 + - test/conf/client-gpg-no-pw/trustdb.gpg | Bin 1360 -> 1360 bytes - test/conf/client-gpg/trustdb.gpg | Bin 1360 -> 1360 bytes - test/conf/gpg_dirs_orig.tar.gz | Bin 0 -> 3876 bytes - test/conf/server-gpg-no-pw/trustdb.gpg | Bin 1360 -> 1360 bytes - test/conf/server-gpg/trustdb.gpg | Bin 1360 -> 1360 bytes - test/test-fwknop.pl | 17 +++++++++++++++++ - 7 files changed, 18 insertions(+) - -commit dd05975217767104092189270f8470cca83df4e2 -Merge: 12a6e9e b04de68 -Author: Michael Rash -Date: Sat Apr 27 22:26:38 2013 -0400 - - Merge remote-tracking branch 'fjoncourt/master' - - This merges changes from Franck Joncourt for issues #55 (log module for fwknop) - and #64 (hostname resolution not working for -P icmp spoofing). - -commit 12a6e9e93a739494a985620619878a4a7983558c -Author: Michael Rash -Date: Sat Apr 27 20:41:12 2013 -0400 - - Convert most strlcat() calls to use destination bound from sizeof() - - This commit helps to ensure correctness of strlcat() calls in support of fixing - issue #2. - - client/fwknop.c | 6 +++--- - server/config_init.c | 10 +++++----- - 2 files changed, 8 insertions(+), 8 deletions(-) - -commit b04de687ce6e9bcb43cb558dee6b2a5606e4d147 -Author: Franck Joncourt -Date: Sat Apr 27 23:31:40 2013 +0200 - - Fixed hostname resolution while spoof ip is used. - - mrash/fwknop#64 - - client/fwknop.c | 76 -------------------------------- - client/spa_comm.c | 21 ++++++--- - client/utils.c | 77 +++++++++++++++++++++++++++++++++ - client/utils.h | 5 +++ - test/conf/client-gpg-no-pw/trustdb.gpg | Bin 1360 -> 1360 bytes - test/conf/client-gpg/trustdb.gpg | Bin 1360 -> 1360 bytes - test/conf/server-gpg-no-pw/trustdb.gpg | Bin 1360 -> 1360 bytes - test/conf/server-gpg/trustdb.gpg | Bin 1360 -> 1360 bytes - test/test-fwknop.pl | 11 ++--- - test/tests/rijndael.pl | 14 ++++++ - 10 files changed, 118 insertions(+), 86 deletions(-) - -commit 0bf0d8f8766dbe4c55b8c789e8b167977d85b25c -Merge: 6063679 0ec547e -Author: Franck Joncourt -Date: Sat Apr 27 22:38:27 2013 +0200 - - Merge remote-tracking branch 'upstream/master' - -commit 6063679c6da2179acd058945f1620b7780b112e7 -Author: Franck Joncourt -Date: Sat Apr 27 22:19:40 2013 +0200 - - Continue implementing the log_msg module. - - client/config_init.c | 2 +- - client/config_init.h | 8 ++++---- - client/log_msg.c | 44 ++++++++++++++++++++++++++------------------ - 3 files changed, 31 insertions(+), 23 deletions(-) - -commit b3f55bf1aba4ba5f80660223492f66fe2be9f4fe -Author: Michael Rash -Date: Sat Apr 27 14:59:30 2013 -0400 - - Convert most strlcpy() calls to use destination bound from sizeof() - - This commit helps to ensure correctness of strlcpy() calls in support of fixing - issue #2. - - client/config_init.c | 88 +++++++++++++++++++++++----------------------- - client/fwknop.c | 4 +-- - client/http_resolve_host.c | 18 +++++----- - client/spa_comm.c | 3 +- - server/config_init.c | 10 +++--- - server/fw_util_ipf.c | 2 +- - server/fw_util_ipfw.c | 4 +-- - server/fw_util_iptables.c | 14 ++++---- - server/fw_util_pf.c | 6 ++-- - server/fwknopd.c | 7 ++-- - 10 files changed, 79 insertions(+), 77 deletions(-) - -commit 6b095d948d6c4a84ed3d3aaa8158436b1c0d442e -Author: Michael Rash -Date: Sat Apr 27 12:56:50 2013 -0400 - - [test suite] minor openssl verification update to print base64 decode flag value - - test/test-fwknop.pl | 1 + - 1 file changed, 1 insertion(+) - -commit eb727e1271ad09eee12c7e12499434cc00158d8e -Author: Michael Rash -Date: Fri Apr 26 21:56:26 2013 -0400 - - removed roadmap.org file in favor of using github milestones - - Makefile.am | 2 -- - roadmap.org | 69 ------------------------------------------------------------- - 2 files changed, 71 deletions(-) - -commit 6036619b1c7c094224cce7f86a21e0c64b0e5ee9 -Author: Michael Rash -Date: Fri Apr 26 21:47:49 2013 -0400 - - removed todo.org file in favor of using github issues - - todo.org | 179 --------------------------------------------------------------- - 1 file changed, 179 deletions(-) - -commit 2396193e06558016357451ae9c97f43e913d4079 -Author: Franck Joncourt -Date: Fri Apr 26 17:16:05 2013 +0200 - - Replaced all references to *fprintf(stderr,* by log_msg() in config_init.c - - client/config_init.c | 155 +++++++++++++++++++++++++++------------------------ - client/log_msg.c | 2 + - 2 files changed, 83 insertions(+), 74 deletions(-) - -commit 65d0517a9c9fe7905a240f0c483082950fbbcd52 -Author: Franck Joncourt -Date: Fri Apr 26 16:18:08 2013 +0200 - - Inverted log level enumeration - - client/Makefile.am | 3 ++- - client/config_init.c | 3 +++ - client/fwknop.c | 3 +++ - client/fwknop_common.h | 1 + - client/log_msg.c | 15 +++++---------- - client/log_msg.h | 13 +++++++------ - 6 files changed, 21 insertions(+), 17 deletions(-) - -commit bb70a9752f93e843ad7f859c3cd899f10f938f91 -Author: Franck Joncourt -Date: Fri Apr 26 14:08:25 2013 +0200 - - Ajout du module log_msg pour le client - - client/log_msg.c | 111 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ - client/log_msg.h | 48 ++++++++++++++++++++++++ - 2 files changed, 159 insertions(+) - -commit 0ec547e04d5bfda5558051eab719e8e7e4f88fcf -Author: Michael Rash -Date: Thu Apr 25 21:32:02 2013 -0400 - - [server] another minor CLANG static analyzer fix - - server/utils.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -commit a6e8919728998f4aa2490d8e7b3342e2d27f10fd -Author: Michael Rash -Date: Thu Apr 25 21:29:37 2013 -0400 - - [server] fix minor CLANG static analyzer bugs - - These are simple logic fixes that would not have impacted run time to address - the following warnings generated by the CLANG static analyzer: - - incoming_spa.c:433:17: warning: Value stored to 'attempted_decrypt' is never read - attempted_decrypt = 1; - ^ ~ - incoming_spa.c:647:13: warning: Value stored to 'acc' is never read - acc = acc->next; - ^ ~~~~~~~~~ - - server/incoming_spa.c | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -commit bf889f7b6e0b9c6b2970574f1d3af38af3857c4e -Author: Franck Joncourt -Date: Thu Apr 25 23:03:02 2013 +0200 - - Used args enumeration for both the update_rc() and add_rc_param(). - - Updated fwknop client to refer to the fwknop args enumeration rather - than the config variable names directly. This should make easier to - handle future changes of the variable name. - - New function to validate a string matches a YES pattern in the configuration - file : is_yes_str(). - - The parse_rc_param() only returns at the end of the function, unless a fatal - error has been encountered. - - client/config_init.c | 139 +++++++++++++++++++++++++++++++++------------------ - 1 file changed, 90 insertions(+), 49 deletions(-) - -commit 5e82adbf3fb45487fa749eb3abe4b5f876d39ae9 -Author: Michael Rash -Date: Tue Apr 23 21:56:41 2013 -0400 - - [test suite] added GPG password required HMAC tests, added --disable-valgrind argument - - test/conf/fwknoprc_gpg_hmac_key | 3 + - test/conf/gpg_hmac_access.conf | 8 +++ - test/test-fwknop.pl | 29 ++++++++-- - test/tests/gpg_hmac.pl | 124 ++++++++++++++++++++++++++++++++++++++++ - 4 files changed, 160 insertions(+), 4 deletions(-) - -commit 4ea683678b7dd9975d5b048046ab4e6e5450f064 -Author: Michael Rash -Date: Mon Apr 22 20:59:32 2013 -0400 - - [test suite] added gpg_no_pw_hmac_access.conf file - - test/conf/gpg_no_pw_hmac_access.conf | 8 ++++++++ - 1 file changed, 8 insertions(+) - -commit f02cc0ddd251321daa1cb63f683356d5931bded2 -Author: Michael Rash -Date: Mon Apr 22 20:45:59 2013 -0400 - - Added HMAC support to GPG encryption modes, closes #58 - - ChangeLog | 5 +- - Makefile.am | 1 + - lib/cipher_funcs.c | 35 +++++++++++ - lib/cipher_funcs.h | 1 + - lib/fko_context.h | 1 + - lib/fko_encryption.c | 22 +------ - lib/fko_hmac.c | 25 ++++++-- - server/access.c | 20 ++++-- - server/incoming_spa.c | 3 +- - test/test-fwknop.pl | 28 +++++++-- - test/tests/gpg_no_pw_hmac.pl | 115 ++++++++++++++++++++++++++++++++++ - test/tests/rijndael_replay_attacks.pl | 2 - - 12 files changed, 219 insertions(+), 39 deletions(-) - -commit 2f72960e0fb91b1e257a24461f30263f3b9c0f7a -Author: Michael Rash -Date: Sun Apr 21 21:13:15 2013 -0400 - - [test suite] clean command tmp files before and after each test - - test/test-fwknop.pl | 28 ++++++++++++++++++++++------ - 1 file changed, 22 insertions(+), 6 deletions(-) - -commit 08add2fd48e23a259fd6a80ee765fa3668711201 -Author: Michael Rash -Date: Sun Apr 21 20:48:42 2013 -0400 - - [server] minor function prototype convention update for create_rule() - - server/fw_util_iptables.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -commit 6c1b755beae3133aab427f8242403e04bfde247f -Author: Michael Rash -Date: Sat Apr 20 15:31:26 2013 -0400 - - [test suite] removed unnecessary comment lines from test config files - - test/conf/default_fwknopd.conf | 4 -- - test/conf/disable_aging_fwknopd.conf | 4 -- - test/conf/disable_aging_nat_fwknopd.conf | 4 -- - test/conf/dual_key_usage_access.conf | 1 - - test/conf/fwknoprc_default_hmac_base64_key | 69 ------------------------ - test/conf/fwknoprc_hmac_invalid_type | 69 ------------------------ - test/conf/fwknoprc_hmac_key2 | 69 ------------------------ - test/conf/fwknoprc_hmac_md5_key | 69 ------------------------ - test/conf/fwknoprc_hmac_md5_long_key | 69 ------------------------ - test/conf/fwknoprc_hmac_md5_short_key | 69 ------------------------ - test/conf/fwknoprc_hmac_sha1_key | 69 ------------------------ - test/conf/fwknoprc_hmac_sha1_long_key | 69 ------------------------ - test/conf/fwknoprc_hmac_sha1_short_key | 69 ------------------------ - test/conf/fwknoprc_hmac_sha256_key | 69 ------------------------ - test/conf/fwknoprc_hmac_sha256_long_key | 69 ------------------------ - test/conf/fwknoprc_hmac_sha256_short_key | 69 ------------------------ - test/conf/fwknoprc_hmac_sha384_key | 69 ------------------------ - test/conf/fwknoprc_hmac_sha384_long_key | 69 ------------------------ - test/conf/fwknoprc_hmac_sha384_short_key | 69 ------------------------ - test/conf/fwknoprc_hmac_sha512_key | 69 ------------------------ - test/conf/fwknoprc_hmac_sha512_long_key | 69 ------------------------ - test/conf/fwknoprc_hmac_sha512_short_key | 69 ------------------------ - test/conf/fwknoprc_hmac_simple_keys | 69 ------------------------ - test/conf/fwknoprc_invalid_base64_key | 70 ------------------------- - test/conf/fwknoprc_named_key | 70 ------------------------- - test/conf/fwknoprc_with_default_base64_key | 69 ------------------------ - test/conf/fwknoprc_with_default_key | 69 ------------------------ - test/conf/fwknoprc_with_named_key | 70 ------------------------- - test/conf/hmac_dual_key_usage_access.conf | 1 - - test/conf/hmac_simple_keys_access.conf | 2 - - test/conf/icmp_pcap_filter_fwknopd.conf | 4 -- - test/conf/invalid_source_access.conf | 1 - - test/conf/ipfw_active_expire_equal_fwknopd.conf | 4 -- - test/conf/local_nat_fwknopd.conf | 4 -- - test/conf/multi_stanzas_access.conf | 3 -- - test/conf/multi_stanzas_with_broken_keys.conf | 4 -- - test/conf/nat_fwknopd.conf | 4 -- - test/conf/tcp_pcap_filter_fwknopd.conf | 4 -- - test/conf/tcp_server_fwknopd.conf | 4 -- - 39 files changed, 1707 deletions(-) - -commit f0036f7f22a315571fd4ba10102de2f3db4a5f4f -Author: Michael Rash -Date: Sat Apr 20 11:12:04 2013 -0400 - - [client] set HMAC mode whenever any HMAC option is given, add --key-hmac arg - - client/cmd_opts.h | 2 ++ - client/config_init.c | 32 +++++++++++++++++++++++++++++++- - doc/fwknop.man.asciidoc | 12 +++++++++++- - 3 files changed, 44 insertions(+), 2 deletions(-) - -commit 387b6e40d3a4fc5cf8b5d69b959a3a5af31b6abb -Author: Michael Rash -Date: Sat Apr 20 11:09:48 2013 -0400 - - [test suite] updated non-based64 keys in non-base64 key files - - test/conf/fwknoprc_hmac_key2 | 4 ++-- - test/conf/hmac_no_b64_access.conf | 4 ++-- - 2 files changed, 4 insertions(+), 4 deletions(-) - -commit e447ef57c0f2d70d3f8d0eda80c43aeeb0a8bb4a -Author: Michael Rash -Date: Sat Apr 20 11:04:53 2013 -0400 - - [test suite] bug fix to properly extract 'KEY' variable for Rijndael key information - - test/test-fwknop.pl | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - -commit 9a366c2d677ee28c4c5db096f2f1f377b3cf2a7a -Author: Michael Rash -Date: Fri Apr 19 19:43:15 2013 -0400 - - [test suite] consolidated client/server interaction result variables into client_server_interaction() - - test/test-fwknop.pl | 260 ++++++++++++++++++++++--------------------------- - test/tests/rijndael.pl | 2 + - 2 files changed, 120 insertions(+), 142 deletions(-) - -commit f010d88016f570e26e19bf32e3ff9494262cf436 -Author: Michael Rash -Date: Fri Apr 19 19:42:06 2013 -0400 - - removed trailing semicolon from KEY value - - test/conf/fwknoprc_named_key | 2 +- - test/conf/fwknoprc_with_named_key | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -commit d356d07bb8c57aec240168c1c433116eb47b15dc -Author: Michael Rash -Date: Thu Apr 18 22:17:18 2013 -0400 - - minor typo fix in ChangeLog file - - ChangeLog | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -commit 39115c6dde3019c54b31f3b31533bbc5e80ccb23 -Author: Michael Rash -Date: Thu Apr 18 21:15:00 2013 -0400 - - added Ruhsam Bernhard to the credits file - - CREDITS | 6 ++++++ - 1 file changed, 6 insertions(+) - -commit 77c876c1108a2be36d7a6a6fc152d32a4396b3b8 (refs/remotes/web/hmac_support, refs/remotes/origin/hmac_support, refs/remotes/ag4ve/hmac_support, refs/heads/hmac_support) -Author: Michael Rash -Date: Thu Apr 18 20:53:37 2013 -0400 - - credits and changelog updates - - CREDITS | 11 +++++++++++ - ChangeLog | 17 +++++++++++++++++ - 2 files changed, 28 insertions(+) - -commit a61939c005e2b09d6800e2171f607c9d1948f022 -Author: Michael Rash -Date: Wed Apr 17 23:50:51 2013 -0400 - - [test suite] Reorganize client/server interactions to be more rigorous - - This is a significant commit that alters how the test suite interacts with the - fwknop client and server by looking for indications that SPA packets are - actually received. This is done by first waiting for 'main event loop' in - fwknopd log output to ensure that fwknopd is ready to receive packets, sending - the SPA packet(s), and then watching for for 'SPA Packet from IP' in fwknopd - output. This is an improvement over the previous strategy that was only based - on timeout values since it works identically regardless of whether fwknop is - being run under valgrind or when the test suite is run on an embedded system - with very limited resources. Another check is run for fwknopd receiving the - SIGTERM signal to shutdown via 'fwknopd -K', and that failing, the test suite - manually kills the process (though this should be rarely needed). - - The above strategy is the result of discussions with George Herlin who proposed - the verification-based approach to test suite operations. - - Other things this commit changes is the ability to detect whether OpenSSL - supports the 'hexkey:' style specification for HMAC keys (an older version - of FreeBSD doesn't support this) and falls back to the '-hmac ' method if - not. - - test/test-fwknop.pl | 441 ++++++++++++++++++++++++++++++++++++---------------- - 1 file changed, 310 insertions(+), 131 deletions(-) - -commit b17cb08ddc9707771f7a67ae55d8f7a51f990d88 -Author: Michael Rash -Date: Wed Apr 17 23:27:54 2013 -0400 - - fixed two type mismatch compilation warnings for the perl FKO extension - - perl/FKO/FKO.xs | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -commit d785dcbe6264ddf37ef709ff01551d813ec21851 -Author: Michael Rash -Date: Mon Apr 15 22:02:19 2013 -0400 - - [test suite] added tests/python_fko.pl for python tests - - Makefile.am | 1 + - 1 file changed, 1 insertion(+) - -commit cbf751e8ddd513ed953d2f8fd64864e6c3211d98 -Author: Michael Rash -Date: Fri Apr 12 21:50:47 2013 -0400 - - [test suite] check for fwknopd ready to receive packets - - This commit was inspired through conversations with George Herlin. - - test/test-fwknop.pl | 39 +++++++++++++++++++++++++++++++++++---- - 1 file changed, 35 insertions(+), 4 deletions(-) - -commit 87fc50bb317573511af09e25b1b39009fc9b6f43 -Merge: c112cb4 fbd38d8 -Author: Michael Rash -Date: Fri Apr 12 21:16:20 2013 -0400 - - Merge remote-tracking branch 'fjoncourt/hmac_support' into hmac_support - - This commit from Franck Joncourt closes #43 - -commit fbd38d805b2fca970369c16fe3cd936272288165 -Author: Franck Joncourt -Date: Fri Apr 12 14:48:26 2013 +0200 - - Added some else statements and their comments. - - client/fwknop.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -commit d988f95a46994de722424c63faebb4537315becd -Author: Franck Joncourt -Date: Thu Apr 11 13:36:58 2013 +0200 - - Fixed test-fwknop.pl to remove any references to my test files. - - test/test-fwknop.pl | 3 --- - 1 file changed, 3 deletions(-) - -commit 9faa625d956ac0a9da881d008055840d7ba2713f -Author: Franck Joncourt -Date: Thu Apr 11 13:08:36 2013 +0200 - - Removed tests. - - test/tests/client_nat.pl | 24 ------------------------ - 1 file changed, 24 deletions(-) - -commit c112cb4811f435091466556aa5a11a812d0263c5 -Author: Michael Rash -Date: Wed Apr 10 23:31:58 2013 -0400 - - [test suite] get hmac iptables duplicated and sha512 long key tests to pass - - client/fwknop.c | 3 ++- - test/test-fwknop.pl | 21 +++++++++++++-------- - test/tests/rijndael_hmac.pl | 12 +++++------- - 3 files changed, 20 insertions(+), 16 deletions(-) - -commit fd767a1f47937c64c60a2a79066d23a0b34a827f -Author: Franck Joncourt -Date: Wed Apr 10 16:06:06 2013 +0200 - - Resolve ip address in all of tha nat modes (mrash/fwknop#43). - - client/fwknop.c | 155 +++++++++++++++++++++++++++++++++++++++++++++-------- - test/local_spa.key | 1 - - 2 files changed, 133 insertions(+), 23 deletions(-) - -commit 8f3e6a4ed104527e14dcc124fc8940e7730d1dc4 -Merge: ed2d6ec 05ced0a -Author: Franck Joncourt -Date: Wed Apr 10 15:12:54 2013 +0200 - - Merge remote-tracking branch 'upstream/hmac_support' into hmac_support - -commit 378305a8ab2732a812e3de9a50967088f1daf71a -Author: Michael Rash -Date: Tue Apr 9 22:48:54 2013 -0400 - - [test suite] added perl FKO Rijndael key test with embedded NULL char - - test/test-fwknop.pl | 74 +++++++++++++++++++++++++++++++++++++++++-- - test/tests/perl_FKO_module.pl | 9 ++++++ - 2 files changed, 80 insertions(+), 3 deletions(-) - -commit b45a1b07ad2210443a84b0dcf959a03e3712e358 -Author: Michael Rash -Date: Tue Apr 9 21:28:32 2013 -0400 - - minor var naming/spacing update - - test/test-fwknop.pl | 123 +++++++++++++++++++++++++--------------------------- - 1 file changed, 60 insertions(+), 63 deletions(-) - -commit 05ced0a5143b0296b480c1c4e834e494880ca615 -Author: Michael Rash -Date: Mon Apr 8 22:14:06 2013 -0400 - - add HMAC_KEY variable support to access.conf (alternative to HMAC_KEY_BASE64) - - Makefile.am | 2 ++ - server/access.c | 13 +++++++ - test/conf/fwknoprc_hmac_key2 | 73 +++++++++++++++++++++++++++++++++++++++ - test/conf/hmac_no_b64_access.conf | 4 +++ - test/test-fwknop.pl | 2 ++ - test/tests/rijndael_hmac.pl | 18 ++++++++++ - 6 files changed, 112 insertions(+) - -commit 748715acf83c8baee7d3d37295306c59fd7e00f7 -Author: Michael Rash -Date: Mon Apr 8 20:45:14 2013 -0400 - - [test suite] added python->C HMAC test - - Makefile.am | 1 + - test/conf/hmac_sha512_short_key2_access.conf | 5 +++ - test/fko-python.py | 6 +-- - test/test-fwknop.pl | 55 ++++++++++++++++++++++++++++ - test/tests/python_fko.pl | 12 ++++++ - 5 files changed, 76 insertions(+), 3 deletions(-) - -commit 57773993e4de17823084cd3fe93d122a0607d687 -Author: Michael Rash -Date: Sun Apr 7 20:57:35 2013 -0400 - - [test suite] don't remove output/ directory in --list mode, closes #53 - - test/test-fwknop.pl | 58 +++++++++++++++++++++++++++-------------------------- - 1 file changed, 30 insertions(+), 28 deletions(-) - -commit cccab3c22bba7466f498a061d5f9d0493d76daef -Author: Michael Rash -Date: Sun Apr 7 16:28:33 2013 -0400 - - [test suite] restore --diff mode, fixes #52 - - test/test-fwknop.pl | 9 +++------ - 1 file changed, 3 insertions(+), 6 deletions(-) - -commit a59b5acc991e8e097005f9636f9f36275385ff29 -Merge: 4f9fbe4 8f667c1 -Author: Michael Rash -Date: Sun Apr 7 15:11:09 2013 -0400 - - Merge patch from Franck in support of issue #43 - -commit 4f9fbe4549258c4e1e80e4236f24ca875a7f4dbd -Author: Michael Rash -Date: Sun Apr 7 13:33:42 2013 -0400 - - [test suite] NAT name resolution tests - - This commit adds tests for NAT name resolution in support of issue #43. - - test/tests/rijndael.pl | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 52 insertions(+) - -commit ed2d6ec8eaa3624e79697acc653ab59ef3845dd5 -Author: Franck Joncourt -Date: Sun Apr 7 19:00:38 2013 +0200 - - Added tests to the test suite in order to check the update. - - test/local_spa.key | 1 + - test/test-fwknop.pl | 3 +++ - test/tests/client_nat.pl | 24 ++++++++++++++++++++++++ - 3 files changed, 28 insertions(+) - -commit 8f667c17acc1dd95bf2596ecb87998db09f95834 -Author: Franck Joncourt -Date: Sat Apr 6 22:59:59 2013 +0200 - - Fixed Nat mode not resolving hostname to IP's. - - Linked mrash/fwknop#43 - - client/fwknop.c | 114 ++++++++++++++++++++++++++++++++++++++++++++++++++------ - 1 file changed, 102 insertions(+), 12 deletions(-) - -commit fcac5ca413df89e2e766e3a78554ada1564bfaed -Author: Michael Rash -Date: Mon Apr 1 23:02:45 2013 -0400 - - [test suite] minor encryption key variable name update - - test/test-fwknop.pl | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -commit 98d5b6d8a02bc03d01dbf849f088db224f6e6145 -Author: Michael Rash -Date: Mon Apr 1 23:01:45 2013 -0400 - - added 'legacy' initialization vector text to man pages - - doc/fwknop.man.asciidoc | 6 +++++- - doc/fwknopd.man.asciidoc | 6 +++++- - 2 files changed, 10 insertions(+), 2 deletions(-) - -commit 9ee21aae127d351d14ff81c981729e3d82f2b9a9 -Merge: 6b845cc fb18b77 -Author: Michael Rash -Date: Fri Mar 29 20:45:30 2013 -0400 - - Merge branch 'hmac_support' of ssh://192.168.10.1/home/mbr/git/bare_repos/fwknop into hmac_support - -commit fb18b778d191316bf78c962d9478c605b31f3757 -Author: Michael Rash -Date: Fri Mar 29 20:44:48 2013 -0400 - - added test/fko-python.py test script - - Makefile.am | 1 + - 1 file changed, 1 insertion(+) - -commit 08c9cc0938d6cad9e059a920e9a4bcbecae810b9 -Author: Michael Rash -Date: Fri Mar 29 20:42:44 2013 -0400 - - HMAC function rename for consistency - - Make sure that HMAC function names conform to previously established get_*, - set_* naming convention. - - client/fwknop.c | 2 +- - lib/fko.h | 4 ++-- - lib/fko_funcs.c | 2 +- - lib/fko_hmac.c | 6 +++--- - perl/FKO/FKO.xs | 6 +++--- - perl/FKO/lib/FKO.pm | 6 +++--- - python/fko.py | 8 ++++---- - python/fkomodule.c | 16 ++++++++-------- - server/utils.c | 2 +- - test/fko-python.py | 37 +++++++++++++++++++++++++++++++++++++ - test/fko-wrapper/fko_wrapper.c | 2 +- - 11 files changed, 64 insertions(+), 27 deletions(-) - -commit d6b4a2a1c3f52853cd959817c93511f6c2070db1 -Author: Michael Rash -Date: Thu Mar 28 20:42:12 2013 -0400 - - added fuzzing tests for long Rijndael and HMAC keys - - test/test-fwknop.pl | 124 ++++++++++++++++++++++++++++++++++++++++-- - test/tests/perl_FKO_module.pl | 15 +++++ - 2 files changed, 134 insertions(+), 5 deletions(-) - -commit 6ecf6514c9ec47fd3d3cc9aae0c626ec16d33e85 -Author: Michael Rash -Date: Sun Mar 24 21:04:18 2013 -0400 - - Enforce Rijndael and HMAC key length maximum sizes - - This commit fixes a couple of overflow conditions for Rijndael and HMAC keys - that are larger than anticipated maximums. In the case of Rijndael, PKCS#5 1.5 - is supported up to key sizes of 32 bytes or smaller (and maintains compatibility - with OpenSSL, and future versions will support PKCS#5 2.0 (PBKDF2) while allowing - for larger key sizes. HMAC keys may be up to 128 bytes even for digest - algorithms such as SHA256 that have block sizes that are smaller than this. - - lib/fko.h | 2 ++ - lib/fko_encryption.c | 6 ++++++ - lib/fko_error.c | 6 ++++++ - lib/fko_hmac.c | 6 ++++++ - 4 files changed, 20 insertions(+) - -commit 08ab1cf8e1ebb0217e060a67226357a02b982c33 -Author: Michael Rash -Date: Sat Mar 23 08:56:22 2013 -0400 - - remove execute bit - - client/config_init.c | 0 - 1 file changed, 0 insertions(+), 0 deletions(-) - -commit 6b845cce432fe61e3cccbbd850048a921b983626 -Author: Michael Rash -Date: Sat Mar 23 08:53:48 2013 -0400 - - remove execute bit - - client/config_init.c | 0 - 1 file changed, 0 insertions(+), 0 deletions(-) - -commit 6ca996a1731562ce2aca07d97757b6a5a3f2e437 -Author: Michael Rash -Date: Fri Mar 22 22:34:10 2013 -0400 - - [test suite] minor spacing update - - test/test-fwknop.pl | 16 ++++++++-------- - 1 file changed, 8 insertions(+), 8 deletions(-) - -commit 112dc6959e58f5f34961c261a0eba2a635369c77 -Merge: 42cfc58 11ba153 -Author: Michael Rash -Date: Thu Mar 21 21:58:05 2013 -0400 - - Merge remote-tracking branch 'fjoncourt/hmac_support' into hmac_support - -commit 42cfc58e20db72b7bdcff848e0e6a9838028e923 -Author: Michael Rash -Date: Thu Mar 21 21:55:18 2013 -0400 - - [perl FKO] add HMAC support along with test suite HMAC verification (closes #16) - - perl/FKO/FKO.xs | 43 ++++++++++++ - perl/FKO/lib/FKO.pm | 54 ++++++++++++++- - test/test-fwknop.pl | 149 ++++++++++++++++++++++++++++++++++++++++-- - test/tests/perl_FKO_module.pl | 9 +++ - 4 files changed, 249 insertions(+), 6 deletions(-) - -commit d677e18e2527be218aadfae96d7cbcd75d0c68d2 -Author: Michael Rash -Date: Thu Mar 21 21:48:38 2013 -0400 - - minor ChangeLog wording update for HMAC section - - ChangeLog | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -commit 11ba15383227e763377fcd5cb4b2f31f880010a0 -Merge: 4b63181 49c956d -Author: Franck Joncourt -Date: Wed Mar 20 22:33:45 2013 +0100 - - Merge remote-tracking branch 'upstream/hmac_support' into hmac_support - -commit 4b6318138746b851dc07bf00556f5d99364cceac -Author: Franck Joncourt -Date: Wed Mar 20 22:31:58 2013 +0100 - - Updated fwknop documentation. - - client/config_init.c | 2 +- - doc/fwknop.man.asciidoc | 33 +++++++++++++++++++++++++++++++++ - 2 files changed, 34 insertions(+), 1 deletion(-) - -commit b6bd8a8e8cf426c8da97b9a8409e27225c48bd65 -Author: Franck Joncourt -Date: Wed Mar 20 21:38:52 2013 +0100 - - Fixed issue when trying to save options for a new stanza. - - client/config_init.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -commit 49c956dafc423bc7a2440e53589748a3c1287598 -Author: Michael Rash -Date: Tue Mar 19 21:23:36 2013 -0400 - - [test suite] added two basic tests for installation and operations of the python fko extension - - test/test-fwknop.pl | 70 ++++++++++++++++++++++++++++++++++++++++++++++++ - test/tests/python_fko.pl | 17 ++++++++++++ - 2 files changed, 87 insertions(+) - -commit b92fcce648ba64ffcb54a8e6c3586c3b6965dc3c -Author: Michael Rash -Date: Tue Mar 19 21:22:32 2013 -0400 - - [python extension] minor function name updates - - python/README | 2 +- - python/fko.py | 4 ++-- - 2 files changed, 3 insertions(+), 3 deletions(-) - -commit 8c3cab02699926d4df9a1e71eed9e25102bed90c -Author: Michael Rash -Date: Tue Mar 19 21:15:45 2013 -0400 - - [python extension] update key_gen() parse tuple format arg to handle hmac_type integer - - python/fkomodule.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -commit e4689892ef152674e25c647ad0665539bf34e852 -Author: Michael Rash -Date: Tue Mar 19 21:09:11 2013 -0400 - - [client] minor http resolve update to include URL in error output - - client/http_resolve_host.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -commit ab40e300226484bb445680daad2e57dfa099b6ea -Author: Michael Rash -Date: Mon Mar 18 21:49:00 2013 -0400 - - minor typo fix - - test/test-fwknop.pl | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -commit d8090a81430ec7b91d7aa4572ea4b6d0ee56c2cd -Author: Franck Joncourt -Date: Mon Mar 18 22:06:31 2013 +0100 - - Allowed an fwknoprc stanza (-n) to be overriden by arguments from the command line. - Added a sanity check to make sure the -n option is used with the --save-rc-stanza option. - - client/config_init.c | 22 +++++++++++----------- - 1 file changed, 11 insertions(+), 11 deletions(-) - -commit 817a719a9c4e8de4992b3136abcac6caa2eee47b -Author: Michael Rash -Date: Sun Mar 17 23:03:48 2013 -0400 - - [python module] update fko_new_with_data() call to include hmac_type - - python/fkomodule.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -commit 92af5b53beff297dffa06280f557a208d1f49c05 -Merge: 247edec d299f1d -Author: Michael Rash -Date: Sun Mar 17 23:02:57 2013 -0400 - - Merge remote-tracking branch 'fjoncourt/python_binding' into hmac_support - -commit 247edec004eabd81fab9eed5cb06a7e5d9a554a8 -Author: Michael Rash -Date: Sun Mar 17 22:48:29 2013 -0400 - - minor hmac prototype update to add const qualifier - - lib/hmac.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -commit 066e90d955e98b20c260626a8921348e82dde125 -Author: Michael Rash -Date: Sun Mar 17 22:42:52 2013 -0400 - - [test suite] added hmac_force_nat_access.conf file to Makefile.am - - Makefile.am | 1 + - 1 file changed, 1 insertion(+) - -commit c7b5611fa4947f4d0dd0086b140e6390d0db6d43 -Merge: 7e784df b9046df -Author: Michael Rash -Date: Sun Mar 17 21:34:23 2013 -0400 - - Merge remote-tracking branch 'fjoncourt/hmac_support' into hmac_support - - Significant merge from Franck Joncourt to add the ability to save command line - args to ~/.fwknoprc stanzas. This merge is in support of #4. - - Conflicts: - lib/fko_util.c - lib/fko_util.h - -commit d299f1de665bb8b0e0443637d873cdddcae57df6 (refs/remotes/fjoncourt/python_binding) -Author: Franck Joncourt -Date: Sun Mar 17 12:03:07 2013 +0100 - - Add ne wdirective to setup.py in order to be able to build the python binding - without having libfko installed on the system. - - python/setup.py | 2 ++ - 1 file changed, 2 insertions(+) - -commit 7e784df3870373f055a2f0f8d818829501bcb1c0 -Author: Michael Rash -Date: Sat Mar 16 14:43:15 2013 -0400 - - [server] allow long Rijndael command messages - - This change allows SPA clients to include long messages in command mode and - generally allows decryption operations to dictate success/failure instead of - SPA packet length to gate decryption attempts. Closes #40. - - server/incoming_spa.c | 39 +++++++++++++++++++++++++++++++-------- - 1 file changed, 31 insertions(+), 8 deletions(-) - -commit 1de5e370e1f4b1464bfcd94c7ff4c76bbc1922bc -Author: Michael Rash -Date: Sat Mar 16 14:40:08 2013 -0400 - - [test suite] added 'server_conf' hash key verification - - test/test-fwknop.pl | 13 +++++++++---- - 1 file changed, 9 insertions(+), 4 deletions(-) - -commit 4bdb71315a049e072f95e3426fe9c149ca763586 -Author: Michael Rash -Date: Sat Mar 16 14:38:20 2013 -0400 - - [client] --nat-rand-port bug fix - - Bug fix for --nat-rand-port mode to ensure that the port to be - NAT'd is properly defined so that the fwknopd server will NAT - connnections to this port instead of applying the NAT operation to the - port that is to be accessed via -A. This change also prints the - randomly assigned port to stdout regardless of whether --verbose mode is - used (since it not then the user will have no idea which port is - actually going to be NAT'd on the fwknopd side). - - ChangeLog | 18 +- - Makefile.am | 1 + - client/fwknop.c | 212 ++++++++++++++---- - test/conf/fwknoprc_hmac_sha512_long_key | 73 ++++++ - test/conf/hmac_force_nat_access.conf | 5 + - test/conf/hmac_sha256_open_ports_access.conf | 6 + - test/conf/hmac_sha512_long_key_access.conf | 5 + - test/test-fwknop.pl | 4 + - test/tests/rijndael.pl | 89 +++++++- - test/tests/rijndael_hmac.pl | 318 +++++++++++++++++++++++++++ - 10 files changed, 678 insertions(+), 53 deletions(-) - -commit 253ccb7cea76d4b6f381998b7c00c785674b138f -Author: Michael Rash -Date: Thu Mar 14 22:26:44 2013 -0400 - - added encryption type/mode and message type string representations for FKO context diplay output - - client/fwknop.c | 15 ++++++++++--- - lib/fko_util.c | 65 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - lib/fko_util.h | 3 +++ - server/utils.c | 20 ++++++++++++++++-- - 4 files changed, 98 insertions(+), 5 deletions(-) - -commit b9046df64de2472fa59a318a99f86b6ef2eaa78e -Author: Franck Joncourt -Date: Thu Mar 14 22:39:36 2013 +0100 - - Remove useless comment. - - client/config_init.c | 3 --- - 1 file changed, 3 deletions(-) - -commit 212075094cf2b5380e85af34145917921639423d -Author: Franck Joncourt -Date: Thu Mar 14 22:16:37 2013 +0100 - - Added the possibility to parse only sedction in a fwknoprc file and - not only the whole file - more. - - client/config_init.c | 270 +++++++++++---------------------------------------- - 1 file changed, 57 insertions(+), 213 deletions(-) - -commit 366536055fd18600c879f4147b4612ce2f056d97 -Author: Franck Joncourt -Date: Wed Mar 13 07:13:50 2013 +0100 - - Added the possibility to parse only sedction in a fwknoprc file and not only the whole file - - client/config_init.c | 193 ++++++++++++++++++++++++++++++++++++++++++++++++--- - 1 file changed, 185 insertions(+), 8 deletions(-) - -commit aa36f3ffee347c67218be36d5cf851be8b46cffc -Author: Michael Rash -Date: Tue Mar 12 23:25:53 2013 -0400 - - bug fix to remove hmac_sha512_long_key_access.conf file (doesn't exist) from Makefile.am - - Makefile.am | 1 - - 1 file changed, 1 deletion(-) - -commit 3ef3ab29c87f307d10dccf2d9857dd4aacc687de -Author: Michael Rash -Date: Tue Mar 12 23:20:12 2013 -0400 - - [test suite] 'key_file' hash key update for HMAC SHA384 test + [test suite] Bug fix to not run an iptables Rijndael HMAC test on non-Linux systems + ChangeLog | 2 ++ test/tests/rijndael_hmac.pl | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) + 2 files changed, 3 insertions(+), 1 deletion(-) -commit 0b9f25362e231e4a072fdfddd60ad673107e1b47 +commit 22836d9915ddca38c74b73d1823c6e95510fe5a6 (tag: refs/tags/fwknop-2.5.1-pre1, refs/remotes/web/master, refs/remotes/origin/master) Author: Michael Rash -Date: Tue Mar 12 23:10:09 2013 -0400 +Date: Wed Jul 24 23:11:46 2013 -0400 - [test suite] minor bug fix for HMAC SHA384 default key test rc file path + updated version and release date for 2.5.1 - test/tests/rijndael_hmac.pl | 3 ++- + ChangeLog | 2 +- + VERSION | 2 +- + fwknop.spec | 5 ++++- + 3 files changed, 6 insertions(+), 3 deletions(-) + +commit 246c4da322478cc9e83e00013b440672bd080260 +Author: Michael Rash +Date: Wed Jul 24 23:04:40 2013 -0400 + + added 2.5.1 material + + ChangeLog | 6 ++++++ + 1 file changed, 6 insertions(+) + +commit dcb7871d02a196b93b8554fe3c155464fcfdd91b +Author: Michael Rash +Date: Wed Jul 24 23:04:31 2013 -0400 + + [server] don't print PID file existence warning in daemon mode (suggested by Ilya Tumaykin) + + server/fwknopd.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) -commit 9e32cdd6d92555aff99653cba67b1518f2c7d310 +commit ea9d6a0fdc56706d0934021cf7ca9a15e5c8d261 Author: Michael Rash -Date: Tue Mar 12 22:50:37 2013 -0400 +Date: Wed Jul 24 22:44:08 2013 -0400 - [test suite] added files to Makefile.am and added a test to verify this + [client] apply patch from Ilya Tumaykin for terminal setting type + + This commit also fixes a 'possible use of uninitialized value' warning from gcc for + the old_c_lflag variable. - Makefile.am | 33 +++++++++++++++++++++++++++++++++ - test/test-fwknop.pl | 43 +++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 76 insertions(+) + client/getpasswd.c | 19 +++++++++++-------- + 1 file changed, 11 insertions(+), 8 deletions(-) -commit 55d188ed1f6a04d3c89ce0df8ddb768247a77e7f -Author: Michael Rash -Date: Tue Mar 12 22:18:43 2013 -0400 - - [test suite] added HMAC key tests - - test/conf/fwknoprc_hmac_md5_key | 73 ++++++++++++ - test/conf/fwknoprc_hmac_md5_long_key | 73 ++++++++++++ - test/conf/fwknoprc_hmac_md5_short_key | 73 ++++++++++++ - test/conf/fwknoprc_hmac_sha1_key | 73 ++++++++++++ - test/conf/fwknoprc_hmac_sha1_long_key | 73 ++++++++++++ - test/conf/fwknoprc_hmac_sha1_short_key | 73 ++++++++++++ - test/conf/fwknoprc_hmac_sha256_key | 73 ++++++++++++ - test/conf/fwknoprc_hmac_sha256_long_key | 73 ++++++++++++ - test/conf/fwknoprc_hmac_sha256_short_key | 73 ++++++++++++ - test/conf/fwknoprc_hmac_sha384_key | 73 ++++++++++++ - test/conf/fwknoprc_hmac_sha384_long_key | 73 ++++++++++++ - test/conf/fwknoprc_hmac_sha384_short_key | 73 ++++++++++++ - test/conf/hmac_md5_access.conf | 2 +- - test/conf/hmac_md5_long_key_access.conf | 5 + - test/conf/hmac_md5_short_key_access.conf | 5 + - test/conf/hmac_sha1_long_key_access.conf | 5 + - test/conf/hmac_sha1_short_key_access.conf | 5 + - test/conf/hmac_sha256_access.conf | 5 + - test/conf/hmac_sha256_long_key_access.conf | 5 + - test/conf/hmac_sha256_short_key_access.conf | 5 + - test/conf/hmac_sha384_access.conf | 2 +- - test/conf/hmac_sha384_long_key_access.conf | 5 + - test/conf/hmac_sha384_short_key_access.conf | 5 + - test/test-fwknop.pl | 165 +++++++++++++++++----------- - test/tests/rijndael_hmac.pl | 151 ++++++++++++++++++++++++- - 25 files changed, 1172 insertions(+), 69 deletions(-) - -commit fe22423a44f09c41d1e7452c216d07a6a8f4c020 -Author: Michael Rash -Date: Tue Mar 12 22:17:41 2013 -0400 - - [libfko] bug fix to maintain OpenSSL compatibility for HMAC keys longer than associated block size - - lib/hmac.c | 168 ++++++++++++++++++++++++++++++++++++------------------------- - lib/hmac.h | 2 + - 2 files changed, 102 insertions(+), 68 deletions(-) - -commit 402a545cb29b04420cb17c722f103bd27c316a4d -Author: Michael Rash -Date: Mon Mar 11 23:12:56 2013 -0400 - - convert standard hmac access.conf file for HMAC SHA512 to use key size of 128 bytes - - test/conf/fwknoprc_hmac_sha512_key | 73 +++++++++++++++++++++++++++++ - test/conf/fwknoprc_hmac_sha512_short_key | 73 +++++++++++++++++++++++++++++ - test/conf/hmac_sha512_access.conf | 2 +- - test/conf/hmac_sha512_short_key_access.conf | 5 ++ - 4 files changed, 152 insertions(+), 1 deletion(-) - -commit bf6cc6c6059ca1759c8724432c57d3e19ab068ff -Author: Michael Rash -Date: Mon Mar 11 23:02:07 2013 -0400 - - --key-gen bug fix to allow --key-len and --hmac-key-len values to apply to generated key lengths - - lib/fko_funcs.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -commit 02d0255a7cc8de78b82398b88bccba12c43152a4 -Author: Michael Rash -Date: Mon Mar 11 22:55:00 2013 -0400 - - update base64 key char arrays to use MAX_B64_KEY_LEN macro - - client/fwknop_common.h | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -commit 6478d2b892850960e0c68bd5e0d8bd25896c775d -Author: Michael Rash -Date: Mon Mar 11 22:54:10 2013 -0400 - - minor fix to remove extraneous memset() call - - client/fwknop.c | 1 - - 1 file changed, 1 deletion(-) - -commit 70c17be91603b2236d4366a1181466f8e5d99546 -Author: Michael Rash -Date: Mon Mar 11 22:50:02 2013 -0400 - - added MAX_B64_KEY_LEN for full length SHA512 keys - - client/config_init.c | 4 ++-- - client/fwknop_common.h | 1 + - 2 files changed, 3 insertions(+), 2 deletions(-) - -commit 4ef2a1ec57e33f36eec2fb44e70597990fc34902 -Author: Michael Rash -Date: Mon Mar 11 22:41:08 2013 -0400 - - fix fko_new_with_data() call to include the hmac type - - test/fko-wrapper/fko_wrapper.c | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -commit 6e7a56067bcdce14bfdd2a4a8dd4955fc225dd29 -Author: Michael Rash -Date: Mon Mar 11 21:13:20 2013 -0400 - - [perl FKO module] add hmac_type to fko_new_with_data() calls - - perl/FKO/FKO.xs | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -commit 343bd449d4d826668a816fe3b840582b401fa545 -Author: Michael Rash -Date: Sun Mar 10 21:59:39 2013 -0400 - - HMAC MD5 bug fix to ensure to set the MD5 block length to 64 - - lib/md5.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -commit bd2af22691da42dc65db89946ef0876632db5734 -Author: Michael Rash -Date: Sun Mar 10 21:58:52 2013 -0400 - - [test suite] set HMAC_DIGEST_TYPE to md5 for HMAC MD5 test - - test/conf/hmac_md5_access.conf | 1 + - 1 file changed, 1 insertion(+) - -commit 3598fc7d7d6af540c5e75c23ac20649e833060dd -Author: Michael Rash -Date: Sun Mar 10 18:56:19 2013 -0400 - - added missing hmac_md5() function to hmac.h - - lib/hmac.h | 2 ++ - 1 file changed, 2 insertions(+) - -commit 7274f6724eb46bd74315db64a3f3a21e8722f4f4 -Merge: dc0ce29 19cf0d5 -Author: Michael Rash -Date: Sun Mar 10 18:12:41 2013 -0400 - - Merge branch 'hmac_support' of github.com:mrash/fwknop into hmac_support - -commit 19cf0d51fde2db386637537dd1c4c8b42dda084b -Merge: 744e002 0529d23 +commit 5ec4998aaa603b01f607a6da6877a03501a513ac Author: Damien Stuart -Date: Sun Mar 10 17:17:39 2013 -0400 +Date: Wed Jul 24 14:38:08 2013 -0400 - Merge branch 'hmac_support' of github.com:mrash/fwknop into hmac_support + Reset terminal setting to orignal values after entering keys via stdin -commit 744e002779158911a0e4b9fb6bf53f7fafce4f2c -Author: Damien Stuart -Date: Sun Mar 10 17:17:19 2013 -0400 - - Removed tmp lib and include dirs from the python module setup.py file. - - python/setup.py | 2 -- - 1 file changed, 2 deletions(-) - -commit dc0ce294777763c5211bdd241a31ee6a4bc2d045 -Author: Michael Rash -Date: Sun Mar 10 16:37:34 2013 -0400 - - bug fix to anticipate OpenSSL HMAC output that spans multiple lines (as in SHA512) - - test/test-fwknop.pl | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -commit c5b5cba72968bc39e76f80a4f47063640ef9e92a -Author: Michael Rash -Date: Sun Mar 10 16:30:06 2013 -0400 - - Added HMAC MD5 support (need test suite validation still) - - lib/fko_hmac.c | 6 ++++- - lib/hmac.c | 82 +++++++++++++++++++++++++++++++++++++++++++++++++++++++--- - lib/md5.h | 6 +++-- - 3 files changed, 87 insertions(+), 7 deletions(-) - -commit 977ee18c3f75966de0be52cce54eace40c0185ef -Author: Franck Joncourt -Date: Sun Mar 10 20:55:19 2013 +0100 - - New function bool_to_yesno. - - client/config_init.c | 45 ++++++++++++++++++++++++++++++--------------- - 1 file changed, 30 insertions(+), 15 deletions(-) - -commit 0529d235958364de42c3d806ce02da2e52f36a17 -Author: Michael Rash -Date: Sun Mar 10 15:13:34 2013 -0400 - - remove minor debugging statement - - server/access.c | 1 - - 1 file changed, 1 deletion(-) - -commit 6882ac57ec9bfc945d29304df11fe60dc70b8d5a -Author: Michael Rash -Date: Sun Mar 10 14:56:39 2013 -0400 - - add HMAC-SHA1 support - - lib/fko_hmac.c | 6 ++++- - lib/hmac.c | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - lib/hmac.h | 2 ++ - lib/sha1.h | 2 ++ - 4 files changed, 83 insertions(+), 1 deletion(-) - -commit 7821e83dfc818b69ffe8ad867d9de42729ccd308 -Merge: 22dde8e 6fa3be3 -Author: Michael Rash -Date: Sun Mar 10 14:32:07 2013 -0400 - - Merge branch 'hmac_support' of github.com:mrash/fwknop into hmac_support - - Conflicts: - client/fwknop.c - lib/fko_hmac.c - -commit 22dde8eb351fb2ad01e0f6d532c787a19e1e44ae -Author: Michael Rash -Date: Sun Mar 10 14:26:05 2013 -0400 - - SPA with HMAC SHA256 and SHA384 now works - - This is a fairly significant commit that lays the groundwork for getting - selectable HMAC modes working for both the client and server. One libfko API - change was required so that the hmac_type is passed into fko_new_with_data(). - This allows the server to set the hmac_type via access.conf stanzas. The - effort in this commit will be extended to allow HMAC MD5, SHA1, and SHA512 - also function properly. - - client/fwknop.c | 4 +- - lib/fko.h | 2 +- - lib/fko_error.c | 2 +- - lib/fko_funcs.c | 15 +++++++- - lib/fko_hmac.c | 81 +++++++++++++++++++++++++++++++-------- - server/access.c | 13 ++++++- - server/incoming_spa.c | 6 +-- - test/conf/hmac_sha1_access.conf | 1 + - test/conf/hmac_sha384_access.conf | 1 + - test/test-fwknop.pl | 2 +- - test/tests/rijndael_hmac.pl | 26 +++++++------ - 11 files changed, 114 insertions(+), 39 deletions(-) - -commit 6fa3be393c02dfd9725690a84900f519bfa7659f -Author: Damien Stuart -Date: Sun Mar 10 13:21:24 2013 -0400 - - Renamed fko_set_hmac_type to fko_set_spa_hmac_type. Incorporated libfko changes and additions to the fko python module code. - - client/fwknop.c | 4 +- - fwknop.spec | 2 +- - lib/fko.h | 4 +- - lib/fko_hmac.c | 4 +- - perl/FKO/FKO.xs | 2 +- - python/fko.py | 255 ++++++++++++++++++++++---- - python/fkomodule.c | 407 +++++++++++++++++++++++++++++++++++++++-- - python/setup.py | 6 +- - test/fko-wrapper/fko_wrapper.c | 4 +- - 9 files changed, 631 insertions(+), 57 deletions(-) - -commit 8a2bc732b76b5a265cc38890e0c0eee1a1170ce6 -Author: Franck Joncourt -Date: Sun Mar 10 18:17:08 2013 +0100 - - Fixed data format for some arguments in fwknoprc when they are saved. - - client/config_init.c | 18 +++++++++--------- - 1 file changed, 9 insertions(+), 9 deletions(-) - -commit 6f45b2c3b15c40ab57e503cb148d6e9781cae240 -Author: Michael Rash -Date: Sat Mar 9 23:27:08 2013 -0500 - - added HMAC SHA384 and SHA512 support, bug fix to allow shorter HMAC key lengths than associated digest block size - - client/fwknop.c | 4 +- - lib/fko_hmac.c | 2 +- - lib/fko_util.c | 19 +++++++ - lib/fko_util.h | 1 + - lib/hmac.c | 167 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-- - lib/hmac.h | 6 +- - 6 files changed, 191 insertions(+), 8 deletions(-) - -commit f9fa3c2b6d2df719a826771d3935f535799eade4 -Author: Michael Rash -Date: Sat Mar 9 23:25:59 2013 -0500 - - [test suite] derive HMAC digest type from client display context output - - test/test-fwknop.pl | 15 +++++++++------ - 1 file changed, 9 insertions(+), 6 deletions(-) - -commit 6741cfc22b6f4bb174aa7c8160da0882ea90bf29 -Author: Michael Rash -Date: Sat Mar 9 16:47:42 2013 -0500 - - convert HMAC functions to static where possible - - lib/hmac.c | 44 +++++++++++++++++++++++++++++--------------- - lib/hmac.h | 13 ------------- - 2 files changed, 29 insertions(+), 28 deletions(-) - -commit 3ff39dfab48c587005781027589a8a8605b34ca5 -Author: Michael Rash -Date: Sat Mar 9 16:41:32 2013 -0500 - - [test suite] minor variable conversion to 'our' vars - - test/test-fwknop.pl | 64 ++++++++++++++++++++++++++--------------------------- - 1 file changed, 32 insertions(+), 32 deletions(-) - -commit c5163fcc24a1ef22c4540044aaacc9c9063741ff -Author: Franck Joncourt -Date: Sat Mar 9 12:39:05 2013 +0100 - - Added new parameters HMAC_DIGEST_TYPE to the save capability. - - client/config_init.c | 7 ++++++- - lib/fko_util.c | 45 +++++++++++++++++++++++++++++++++++++++++++++ - lib/fko_util.h | 1 + - 3 files changed, 52 insertions(+), 1 deletion(-) - -commit c2ef7f224ad067251b5c6b4790a2465be943139f -Author: Franck Joncourt -Date: Sat Mar 9 12:17:17 2013 +0100 - - Moved static functions from the client to the fko_util.c file. - - client/config_init.c | 128 --------------------------------------------------- - lib/fko_util.c | 94 +++++++++++++++++++++++++++++++++++++ - lib/fko_util.h | 22 +++++---- - 3 files changed, 106 insertions(+), 138 deletions(-) - -commit 469f9a5f395ec56dc23e7ef14561abb38fbb7a43 -Merge: 053db37 1a39047 -Author: Franck Joncourt -Date: Sat Mar 9 11:54:45 2013 +0100 - - Merge remote-tracking branch 'upstream/hmac_support' into hmac_support - - Conflicts: - client/cmd_opts.h - client/config_init.c - -commit 1a39047b925666bc90436ea72b090a29790710d3 -Author: Michael Rash -Date: Fri Mar 8 22:12:19 2013 -0500 - - ensure to close access.conf file ptr when an error condition is found and exit() is going to be called - - server/access.c | 14 ++++++++++++++ - 1 file changed, 14 insertions(+) - -commit 8b5cf3446fe33dba185d6399c510a76f2243eed7 -Author: Michael Rash -Date: Fri Mar 8 22:05:11 2013 -0500 - - [test suite] minor bug fix for command line definition for invalid HMAC test - - test/tests/rijndael_hmac.pl | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -commit d13eba7d133bfdc03ffe8e59a752c6e20db1cb23 -Author: Michael Rash -Date: Fri Mar 8 21:48:19 2013 -0500 - - [test suite] minor category/subcategory update for fuzzing tests - - test/tests/rijndael_fuzzing.pl | 28 ++++++++++++++-------------- - 1 file changed, 14 insertions(+), 14 deletions(-) - -commit 7fe5c55fcfc8e90207fc6e0ef9e29e9d50a6d420 -Author: Michael Rash -Date: Fri Mar 8 21:10:45 2013 -0500 - - [test suite] added various hmac verification conf files - - test/conf/fwknoprc_hmac_invalid_type | 73 +++++++++++++++++++++++++++++++++ - test/conf/hmac_invalid_type_access.conf | 5 +++ - test/conf/hmac_md5_access.conf | 4 ++ - test/conf/hmac_sha1_access.conf | 4 ++ - test/conf/hmac_sha384_access.conf | 4 ++ - test/conf/hmac_sha512_access.conf | 5 +++ - 6 files changed, 95 insertions(+) - -commit d4362b7b3858fefe066b52f9dcdaa026dca4b802 -Author: Michael Rash -Date: Fri Mar 8 21:09:51 2013 -0500 - - [test suite] import test definitions from tests/*.pl files - - Makefile.am | 26 +- - test/test-fwknop.pl | 2970 ++---------------------- - test/tests/basic_operations.pl | 187 ++ - test/tests/build_security.pl | 145 ++ - test/tests/gpg.pl | 217 ++ - test/tests/gpg_no_pw.pl | 172 ++ - test/tests/perl_FKO_module.pl | 196 ++ - test/tests/preliminaries.pl | 73 + - test/tests/rijndael.pl | 992 ++++++++ - test/tests/rijndael_backwards_compatibility.pl | 98 + - test/tests/rijndael_cmd_exec.pl | 21 + - test/tests/rijndael_fuzzing.pl | 312 +++ - test/tests/rijndael_hmac.pl | 261 +++ - test/tests/rijndael_replay_attacks.pl | 39 + - 14 files changed, 2911 insertions(+), 2798 deletions(-) - -commit 44d05a691668b49804555694166f11cf033465ba -Author: Michael Rash -Date: Thu Mar 7 23:14:48 2013 -0500 - - interim commit for supporting multiple HMAC digest types (# 45) - - client/cmd_opts.h | 10 +- - client/config_init.c | 75 ++++-- - client/fwknop.c | 18 +- - client/fwknop_common.h | 7 +- - extras/spa-entropy/spa-entropy.pl | 6 +- - lib/fko.h | 20 +- - lib/fko_context.h | 2 +- - lib/fko_funcs.c | 40 ++- - lib/fko_hmac.c | 25 +- - lib/fko_util.c | 36 +++ - lib/fko_util.h | 2 + - lib/sha2.h | 2 + - perl/FKO/FKO.xs | 6 +- - server/access.c | 12 + - server/fwknopd_common.h | 1 + - test/conf/fwknoprc_default_hmac_base64_key | 5 +- - test/fko-wrapper/fko_wrapper.c | 4 +- - test/test-fwknop.pl | 378 ++++++++--------------------- - 18 files changed, 320 insertions(+), 329 deletions(-) - -commit 39ca73a245e40f93f144a55be91f53821e75269a -Author: Michael Rash -Date: Tue Mar 5 23:29:46 2013 -0500 - - [test suite] added OpenSSL HMAC verification (closes #39) - - Makefile.am | 2 + - client/fwknop.c | 2 + - lib/fko_hmac.c | 2 + - lib/hmac.c | 2 + - test/conf/fwknoprc_hmac_simple_keys | 72 ++++++++++++ - test/conf/hmac_simple_keys_access.conf | 6 + - test/test-fwknop.pl | 194 +++++++++++++++++++++++++++++---- - 7 files changed, 257 insertions(+), 23 deletions(-) - -commit 053db37c0dd711ff7c189fb84f498af859cb7a4c -Author: Franck Joncourt -Date: Tue Mar 5 21:01:38 2013 +0100 - - Added more command line switches in order for the user to be able to specify the Rijndael, Rijndael base64 and HMAC key. - - client/cmd_opts.h | 6 ++++++ - client/config_init.c | 58 +++++++++++++++++++++++++++++++++++++++++++++++++--- - 2 files changed, 61 insertions(+), 3 deletions(-) - -commit a09392b08debce847f71fa1a87b084d858050bd0 -Author: Michael Rash -Date: Sun Mar 3 17:56:02 2013 -0500 - - [test suite] better reporting of test title matching for valgrind coverage test - - test/test-fwknop.pl | 97 ++++++++++++++++++++++++++++------------------------- - 1 file changed, 52 insertions(+), 45 deletions(-) - -commit 5c182c1722ff328515b06505d075c8b6792bba1b -Author: Michael Rash -Date: Sun Mar 3 16:21:46 2013 -0500 - - [test suite] added HMAC dual usage test - - Makefile.am | 1 + - test/conf/hmac_dual_key_usage_access.conf | 11 +++++++++++ - test/test-fwknop.pl | 20 ++++++++++++++++++++ - 3 files changed, 32 insertions(+) - -commit e064e39284102908bfd478fe120fb0b5b85279c5 (refs/remotes/web/hmac_header_fixes, refs/remotes/origin/hmac_header_fixes, refs/remotes/ag4ve/hmac_header_fixes, refs/heads/hmac_header_fixes) -Merge: 374c573 1dc47f8 -Author: Michael Rash -Date: Sun Mar 3 14:36:21 2013 -0500 - - Merge branch 'hmac_header_fixes' into hmac_support - -commit 1dc47f80d8e33e8d38473870efb2611728d2a22b -Author: Michael Rash -Date: Sun Mar 3 14:29:08 2013 -0500 - - Fix byte order warning - - This commit fixes a byte order warning for both sha1.c and md5.c like so: - - sha1.c:127:6: warning: #warning Undetermined or unsupported Byte Order... We will try LITTLE_ENDIAN [-Wcpp] - - Also removed a couple of header includes that appear not be needed. - - client/fwknop.c | 1 - - client/fwknop_common.h | 1 - - lib/cipher_funcs.h | 1 - - lib/md5.c | 1 + - lib/sha1.c | 1 + - 5 files changed, 2 insertions(+), 3 deletions(-) - -commit 38a803fb71d463a3e20227f03d7cff64f85e578b -Author: Franck Joncourt -Date: Sun Mar 3 18:41:31 2013 +0100 - - * Added KEY, KEY_BASE64 and HMAC_KEY_BASE64 definitions to the save capability. - * Allowed section to be found during an update of fwknoprc even if there are somes spaces before the stanza. - * Allowed the user to strike the ENTER key to overwrite the section as it will be done with the 'Y' char. - - client/config_init.c | 18 ++++++++++++++---- - 1 file changed, 14 insertions(+), 4 deletions(-) - -commit 374c573c89309c31e875dc1d6738f63d459554ce -Merge: d94513e b86e48d -Author: Michael Rash -Date: Sun Mar 3 00:35:39 2013 -0500 - - Merge branch 'hmac_header_fixes' into hmac_support - -commit b86e48dd66c3e7a6160cf932639418d1c2325cd3 -Author: Michael Rash -Date: Sat Mar 2 23:16:26 2013 -0500 - - remove a couple of unnecessary header includes - - client/fwknop.c | 3 --- - server/access.c | 1 - - server/incoming_spa.c | 1 - - 3 files changed, 5 deletions(-) - -commit d27c3e3b09410101f88db05bdf05dc02fc0403a5 -Merge: 8731f02 f9e1ae4 -Author: Michael Rash -Date: Sat Mar 2 22:41:15 2013 -0500 - - Merge branch 'hmac_header_fixes' of github.com:mrash/fwknop into hmac_header_fixes - -commit d94513ee00d64f1686cda7eb5f6a2eb3825776ec -Author: Michael Rash -Date: Sat Mar 2 22:38:26 2013 -0500 - - [test suite] started adding HMAC equivalent tests for all existing tests - - test/test-fwknop.pl | 153 ++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 153 insertions(+) - -commit f9e1ae4859ac850ede8e980bb96d64189eb7fefe -Merge: 73b1931 c1baa7e -Author: Damien Stuart -Date: Sat Mar 2 17:22:50 2013 -0500 - - Merge my working branch 'hmac_support' into hmac_header_fixes - -commit c1baa7e12f3663ebecb481fe51b8ae92255cebb0 -Merge: 6ecf81b 839cc41 -Author: Damien Stuart -Date: Sat Mar 2 17:08:55 2013 -0500 - - Merge branch 'hmac_support' of github.com:mrash/fwknop into hmac_support - -commit 6ecf81b16e601b92f67487cee2ef4c303f733b2e -Author: Damien Stuart -Date: Sat Mar 2 17:03:20 2013 -0500 - - First round if refactoring to clean up header dependencies. - - client/fwknop.c | 28 +++++++++++++++++++++++----- - client/fwknop_common.h | 1 + - client/utils.h | 3 --- - common/common.h | 1 + - configure.ac | 2 +- - lib/base64.c | 1 + - lib/base64.h | 2 -- - lib/cipher_funcs.c | 1 + - lib/cipher_funcs.h | 2 +- - lib/digest.c | 2 ++ - lib/digest.h | 10 ---------- - lib/fko.h | 15 ++++++--------- - lib/fko_common.h | 6 ------ - lib/fko_context.h | 4 ++++ - lib/fko_encryption.c | 35 +++++++++++++++++++++++++++++++---- - lib/fko_hmac.c | 17 +++++++++++++++-- - lib/fko_util.c | 25 +------------------------ - lib/fko_util.h | 2 -- - lib/gpgme_funcs.h | 5 ++++- - lib/md5.h | 3 ++- - lib/rijndael.c | 1 + - lib/rijndael.h | 3 +-- - lib/sha1.h | 3 ++- - lib/sha2.h | 5 ++++- - server/access.c | 1 + - server/incoming_spa.c | 1 + - server/utils.h | 3 --- - 27 files changed, 104 insertions(+), 78 deletions(-) - -commit 58ba7717e61d1471b86cc4ac070f871ff4f02d15 -Author: Michael Rash -Date: Sat Mar 2 14:13:47 2013 -0500 - - [test suite] minor category renaming - - test/test-fwknop.pl | 294 +++++++++++++++++++++++++++------------------------- - 1 file changed, 150 insertions(+), 144 deletions(-) - -commit 1de684ab167543f14fcf3046086d5b9aacba90d2 -Author: Michael Rash -Date: Sat Mar 2 11:15:19 2013 -0500 - - [test suite] minor spacing fix for hmac_access.conf file - - test/conf/hmac_access.conf | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -commit e4b6f566192aaebd927046c663f572e1b97d8da4 -Author: Michael Rash -Date: Sat Mar 2 11:10:48 2013 -0500 - - [test suite] minor valgrind coverage dir import status message - - test/test-fwknop.pl | 35 +++++++++++++++++++++-------------- - 1 file changed, 21 insertions(+), 14 deletions(-) - -commit a00de31f5a73750eee6a46ceb50d300f2432f528 -Author: Michael Rash -Date: Sat Mar 2 10:47:03 2013 -0500 - - [test suite] use find_command() for valgrind path - - test/test-fwknop.pl | 43 +++++++++++++++++++++---------------------- - 1 file changed, 21 insertions(+), 22 deletions(-) - -commit 1e01d59c918b7d6e015e9874981109c09ec8aedc -Author: Michael Rash -Date: Sat Mar 2 10:18:05 2013 -0500 - - [test suite] added elapsed time display - - test/test-fwknop.pl | 14 +++++++++++++- - 1 file changed, 13 insertions(+), 1 deletion(-) - -commit 8731f02005f50a52482211128a5dd0bb050bfeb4 -Merge: 73b1931 839cc41 -Author: Michael Rash -Date: Fri Mar 1 22:35:19 2013 -0500 - - Merge branch 'hmac_support' into hmac_header_fixes - -commit 839cc416039ca10d42f36071587d4b1ad3bd1fbe -Author: Michael Rash -Date: Fri Mar 1 22:11:22 2013 -0500 - - remove unused vars for pf/ipfw/ipf firewalls until NAT is supported for them - - server/fw_util_ipf.c | 9 --------- - server/fw_util_ipfw.c | 9 --------- - server/fw_util_pf.c | 9 --------- - 3 files changed, 27 deletions(-) - -commit bf94e79a3b85ae1f662b580822dd3d99e2b803fc -Merge: 22316b7 bf99082 -Author: Michael Rash -Date: Fri Mar 1 21:58:08 2013 -0500 - - merged bf990821ffcb44aba4c82a476e0309b49837ebb7 for #20 - -commit 73b1931bd874c9c4315825dfc913bf39139f3085 -Author: Michael Rash -Date: Thu Feb 28 22:25:04 2013 -0500 - - minor clean up for get_keys() base64 decoded key length - - client/fwknop.c | 7 +++---- - 1 file changed, 3 insertions(+), 4 deletions(-) - -commit ffcb77552b44833765020a0c04f5232343c02146 -Author: Michael Rash -Date: Thu Feb 28 21:47:43 2013 -0500 - - Remove lib/fko.h dependency on rijndael.h - - client/config_init.c | 21 --------------------- - client/fwknop.c | 11 ++++++++++- - lib/cipher_funcs.c | 24 ++++++++++++++++++------ - lib/fko.h | 17 ++++++++--------- - lib/fko_encryption.c | 5 ++--- - lib/fko_funcs.c | 3 +-- - lib/fko_util.c | 23 +++++++++++++++++++++++ - lib/fko_util.h | 1 + - server/access.c | 23 ----------------------- - 9 files changed, 63 insertions(+), 65 deletions(-) - -commit 22316b796cc38824bf699898b6148719204b54f5 -Author: Michael Rash -Date: Thu Feb 28 21:42:53 2013 -0500 - - added test/fko-wrapper/ files for the test suite - - Makefile.am | 3 +++ - 1 file changed, 3 insertions(+) - -commit e38fb835d0622125f514561c9c34f52f1ff54cd7 -Author: Franck Joncourt -Date: Thu Feb 28 22:53:08 2013 +0100 - - Added save capability for a specific stanza in fwknoprc. - - client/config_init.c | 655 +++++++++++++++++++++++++++++++++++++++++++++++-- - client/fwknop_common.h | 1 + - 2 files changed, 633 insertions(+), 23 deletions(-) - -commit 9c1b1d531d28dc32cbf7935e4a59d629ad2ac38c -Merge: bdb32cf bf99082 -Author: Damien Stuart -Date: Mon Feb 25 21:46:09 2013 -0500 - - Merging fixes_for_2.0.4 into hmac_support - -commit db7f3e2b3c53c27f64663fff5c926238cc7bdea6 -Author: Michael Rash -Date: Mon Feb 25 16:50:12 2013 -0500 - - Added fko_set_spa_encryption_mode() multi-call test to fko-wrapper - - test/fko-wrapper/fko_wrapper.c | 5 +++++ - 1 file changed, 5 insertions(+) - -commit bf990821ffcb44aba4c82a476e0309b49837ebb7 (refs/remotes/origin/fixes_for_2.0.4, refs/remotes/ag4ve/fixes_for_2.0.4) -Author: Damien Stuart -Date: Sun Feb 24 18:09:13 2013 -0500 - - Fixed broken configure options for forcing a particular firewall type and path. - - configure.ac | 33 +++++++++++++++++++++++++++++---- - 1 file changed, 29 insertions(+), 4 deletions(-) - -commit 2f1768fcc4c287a3a26d844fafec9197d8ae1db8 -Author: Michael Rash -Date: Fri Feb 22 20:51:48 2013 -0500 - - minor CREDITS file formatting update - - CREDITS | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -commit bdb32cf634760bb22d376ea371a0be6951ce0612 -Author: Michael Rash -Date: Thu Feb 21 22:47:40 2013 -0500 - - added decryption tests to fko-wrapper - - test/fko-wrapper/fko_wrapper.c | 96 +++++++++++++++++++++++++++++++++++++++--- - 1 file changed, 89 insertions(+), 7 deletions(-) - -commit 6c2b657bfe6991224c665bc4c8e93fdcad8262b7 -Author: Michael Rash -Date: Thu Feb 21 22:44:33 2013 -0500 - - [libfko] free dynamically allocated resources for multiple libfko fcn calls - - lib/fko_decode.c | 25 ++++++++++++++++++++++++- - lib/fko_encryption.c | 3 +++ - lib/fko_funcs.c | 9 ++++++--- - lib/fko_hmac.c | 3 +++ - 4 files changed, 36 insertions(+), 4 deletions(-) - -commit 2b54cb94f540d2db9d8cd4db37e61ed893f1bffb -Author: Michael Rash -Date: Thu Feb 21 07:36:33 2013 -0500 - - memory leak bug fix for fko_new() to allow multiple calls without requiring external fko_destroy() call - - lib/fko_funcs.c | 3 +++ - 1 file changed, 3 insertions(+) - -commit 74fe3c633049b53bdb92f2d65ed589a05accf9c4 -Author: Michael Rash -Date: Thu Feb 21 07:35:53 2013 -0500 - - added fko-wrapper memory validation test - - test/test-fwknop.pl | 71 +++++++++++++++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 69 insertions(+), 2 deletions(-) - -commit 3ce7a77df35eb2277a71767deb1dcc22cc8886d8 -Author: Michael Rash -Date: Thu Feb 21 07:33:52 2013 -0500 - - added global function call number var for fko-wrapper - - test/fko-wrapper/fko_wrapper.c | 36 +++++++++++++++++++++--------------- - 1 file changed, 21 insertions(+), 15 deletions(-) - -commit 52f40fea3cc0a84a0db9dad853b8abbc5bdd78cb -Author: Michael Rash -Date: Thu Feb 21 07:32:55 2013 -0500 - - added 'clean' stanza for fko-wrapper Makefile - - test/fko-wrapper/Makefile | 3 +++ - 1 file changed, 3 insertions(+) - -commit 0ae954cb1769f9b064a84440f5d518457db57da3 -Author: Michael Rash -Date: Wed Feb 20 23:06:40 2013 -0500 - - completed fko_wrapper Rijndael encryption usage - - test/fko-wrapper/Makefile | 2 +- - test/fko-wrapper/fko_wrapper.c | 29 +++++++++++++++++++++++++++-- - 2 files changed, 28 insertions(+), 3 deletions(-) - -commit cae795f6fdea27ada3f94e6a23d4e4eb530ea814 -Author: Michael Rash -Date: Wed Feb 20 22:55:26 2013 -0500 - - allow encryption routines to be called multiple times for the same context (deallocate memory from previous calls) - - lib/fko_encryption.c | 18 ++++++++++++++++++ - 1 file changed, 18 insertions(+) - -commit 5b00d1756f590c5003bc2a027faeb3110eaa836c -Author: Michael Rash -Date: Wed Feb 20 21:20:09 2013 -0500 - - set fko_ctx_t opaque pointers to NULL - - client/fwknop.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -commit c70ad5f12f4684389a895aaf7ec3cf8ef6be5f7b -Author: Michael Rash -Date: Wed Feb 20 21:05:47 2013 -0500 - - added fko-wrapper Makefile - - test/fko-wrapper/Makefile | 3 +++ - 1 file changed, 3 insertions(+) - -commit e4a5b79750faa14224671e8242028e1eaa501b52 -Author: Michael Rash -Date: Wed Feb 20 21:00:46 2013 -0500 - - Added fko-wrapper that the test suite will be able to use for valgrind operations - - The fko_wrapper.c code is designed to call libfko functions multiple times in - order to allow valgrind to test re-execution conditions. This ensures that - libfko code frees memory from previous calls before leaking memory. - - test/fko-wrapper/fko_wrapper.c | 74 ++++++++++++++++++++++++++++++++++++++++ - test/fko-wrapper/run_valgrind.sh | 3 ++ - 2 files changed, 77 insertions(+) - -commit 33e1c19bb265df2f4b956447e016e3cf4226a8fc -Author: Michael Rash -Date: Wed Feb 20 20:45:40 2013 -0500 - - Make sure valgrind is stopped after each test in --enable-valgrind mode, closes #38 - - This commit uses pgrep + killall (if available) to ensure that valgrind is not - running after each test. - - test/test-fwknop.pl | 33 ++++++++++++++++++++++----------- - 1 file changed, 22 insertions(+), 11 deletions(-) - -commit a413c6cf94afd1fcd0000f03f75ecd2a904220a9 -Author: Michael Rash -Date: Tue Feb 19 23:11:01 2013 -0500 - - Continue atoi() replacement with strtol() wrapper, closes issue #21 - - This commit completes the conversion to the strtol() wrapper function in order - to remove all atoi() calls. In addition, variable max values are enforced - using more broadly defined RCHK_* values. - - client/config_init.c | 37 +++++-------- - client/fwknop.c | 2 +- - client/http_resolve_host.c | 6 +- - client/spa_comm.c | 6 +- - lib/fko_decode.c | 2 +- - lib/fko_util.c | 6 +- - server/access.c | 7 ++- - server/config_init.c | 2 +- - server/config_init.h | 16 ------ - server/fw_util_ipfw.c | 135 +++++++++++++++++++++++++++++++-------------- - server/fw_util_iptables.c | 6 +- - server/fwknopd.c | 2 +- - server/fwknopd_common.h | 24 +++++++- - server/incoming_spa.c | 2 +- - server/pcap_capture.c | 6 +- - 15 files changed, 155 insertions(+), 104 deletions(-) - -commit 6a475bbe5407b076a3c1425009efbeb93427618e -Author: Michael Rash -Date: Mon Feb 18 22:22:44 2013 -0500 - - Continued atoi() replacement with strtol() wrapper (issue #21) - - This commit replaces a few additional atoi() calls with the strtol() wrapper - function, and also fixes a bug where access SOURCE IP/mask combinations would - not be accepted when the string length was a long as something like - '123.123.123.123/255.255.255.255'. - - server/access.c | 37 +++++++++++++++++++++++-------------- - server/access.h | 4 +++- - test/conf/multi_stanzas_access.conf | 2 +- - 3 files changed, 27 insertions(+), 16 deletions(-) - -commit 3f05f81ac68d0845983b4470410f200495e3a401 -Author: Michael Rash -Date: Mon Feb 18 19:54:50 2013 -0500 - - memory leak bug fix in fko_set_rand_value() - - Bug fix for the following error caught by the test suite (in the [Rijndael SPA] - [client+server] random SPA port (tcp/22 ssh) test): - - ==24257== 17 bytes in 1 blocks are definitely lost in loss record 1 of 1 - ==24257== at 0x4C2B3F8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) - ==24257== by 0x4E38B9B: fko_set_rand_value (fko_rand_value.c:114) - ==24257== by 0x4E37FE0: fko_new (fko_funcs.c:75) - ==24257== by 0x10AE52: main (fwknop.c:113) - - lib/fko_rand_value.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -commit 1afc8db96a0e2cd8abdf2cd5994ab3ab385a4e73 -Author: Michael Rash -Date: Mon Feb 18 19:32:53 2013 -0500 - - Added strtol_wrapper() libfko utility function for atoi() replacement (#21) - - This commit replaces most atoi() calls (which don't report errors) with a strtol() - wrapper function for stronger string -> integer conversion validation. - - client/config_init.c | 75 ++++++++++++++++++++++++---------------------- - client/fwknop.c | 20 +++++++++++-- - client/http_resolve_host.c | 6 ++-- - client/spa_comm.c | 10 +++++-- - common/Makefile.am | 2 +- - lib/fko.h | 5 ++++ - lib/fko_decode.c | 24 +++++++++++---- - lib/fko_util.c | 52 +++++++++++++++++++++++++++++++- - lib/fko_util.h | 2 ++ - server/config_init.c | 38 ++++++++++++++++++----- - server/fw_util_iptables.c | 52 +++++++++++++++++++++++++------- - server/fwknopd.c | 25 ++++++++++------ - server/incoming_spa.c | 15 +++++++++- - server/pcap_capture.c | 36 +++++++++++++++++----- - server/tcp_server.c | 11 +++++-- - 15 files changed, 285 insertions(+), 88 deletions(-) - -commit 934e6760537b1438358dc5b12ae81543d2104843 -Author: Michael Rash -Date: Mon Feb 18 19:22:48 2013 -0500 - - minor cleanup to put --enable-all flags in one place - - test/test-fwknop.pl | 12 +++--------- - 1 file changed, 3 insertions(+), 9 deletions(-) - -commit 500a395cb6577e2d17ff9e23b6de19c9665635a6 -Author: Michael Rash -Date: Sun Feb 17 21:43:16 2013 -0500 - - apply const to pf and ipfw firewall function prototypes - - server/fw_util_ipfw.c | 13 +++++++------ - server/fw_util_pf.c | 13 +++++++------ - 2 files changed, 14 insertions(+), 12 deletions(-) - -commit 0b4cbbedfb2a6588243e6a71b354e42f08c257ff -Author: Michael Rash -Date: Sun Feb 17 21:38:03 2013 -0500 - - added fwknoprc* files - - Makefile.am | 6 ++++++ - 1 file changed, 6 insertions(+) - -commit 7735e8ce7a7e4c82718b743bcc3de60c08394eb6 -Author: Michael Rash -Date: Sun Feb 17 12:02:48 2013 -0500 - - minor comment typ fix - - client/fwknop.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -commit ff285961e806c06376802e49cedff3b9b087497a -Author: Michael Rash -Date: Fri Feb 15 07:58:49 2013 -0500 - - Added --save-args-file and --no-save-args text to fwknop man page - - doc/fwknop.man.asciidoc | 8 ++++++++ + client/getpasswd.c | 8 ++++++++ 1 file changed, 8 insertions(+) - -commit aab3ba3b0cca99fdbd97efd4219990a76d04d7ce -Author: Michael Rash -Date: Thu Feb 14 22:50:14 2013 -0500 - - added --save-args-file and corresponding tests to the fwknop client - - client/cmd_opts.h | 3 +- - client/config_init.c | 8 +- - client/fwknop.c | 232 +++++++++++++++++++++++++++---------------------- - client/fwknop_common.h | 1 + - test/test-fwknop.pl | 25 +++++- - 5 files changed, 160 insertions(+), 109 deletions(-) - -commit 280dbbfe103fb52661dcc228d3db47cb031dae85 -Author: Michael Rash -Date: Tue Feb 12 23:26:08 2013 -0500 - - added test for client --save-packet argument - - test/test-fwknop.pl | 23 ++++++++++++++++++++++- - 1 file changed, 22 insertions(+), 1 deletion(-) - -commit ce18de4f841c522e4fcb73dcb04b404d2b2642ad -Author: Michael Rash -Date: Tue Feb 12 22:39:39 2013 -0500 - - make libfko pointers constant where possible - - lib/fko.h | 66 +++++++++++++++++++++-------------------------- - lib/fko_encryption.c | 22 +++++++++------- - lib/fko_funcs.c | 18 ++++++------- - lib/fko_hmac.c | 4 +-- - lib/fko_message.c | 2 +- - lib/fko_nat_access.c | 2 +- - lib/fko_rand_value.c | 2 +- - lib/fko_server_auth.c | 2 +- - lib/fko_user.c | 16 ++++++------ - server/fw_util.h | 13 +++++----- - server/fw_util_iptables.c | 52 +++++++++++++++++++++---------------- - server/fwknopd.c | 13 +++++----- - 12 files changed, 108 insertions(+), 104 deletions(-) - -commit 4daedde364c0c938e813fb0f5bc05c7ca3a0f0f0 -Author: Michael Rash -Date: Tue Feb 12 22:18:16 2013 -0500 - - updated untested function list for Linux systems - - test/test-coverage/iptables/zero_called_functions | 42 +++-------------------- - 1 file changed, 5 insertions(+), 37 deletions(-) - -commit 67c09c8a1f50dc1fa87cf7e28998579e7ff59136 -Author: Michael Rash -Date: Tue Feb 12 22:08:42 2013 -0500 - - Added test-coverage/README file - - test/test-coverage/README | 15 +++++++++++++++ - 1 file changed, 15 insertions(+) - -commit f14fb4cb766f26f9984fb5019ed177b35fe18757 -Author: Michael Rash -Date: Tue Feb 12 22:06:35 2013 -0500 - - use same test execution strategy for --enable-profile-coverage-check as --enable-valgrind - - test/test-fwknop.pl | 30 ++++++++++++++++-------------- - 1 file changed, 16 insertions(+), 14 deletions(-) - -commit 98ed91a36f5c7278c9a4c0a2fd8d8527dce907b7 -Author: Michael Rash -Date: Mon Feb 11 23:17:52 2013 -0500 - - updated ownership determination to use the test suite owner instead of the configure script - - test/test-fwknop.pl | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -commit 67f92e7647911083d8bc7553c19fcf630235be77 -Author: Michael Rash -Date: Sun Feb 10 15:04:33 2013 -0500 - - added the roadmap.org file - - Makefile.am | 1 + - 1 file changed, 1 insertion(+) - -commit 381487569c4ba0ad5c90e58c9a532977a15acced -Author: Michael Rash -Date: Sun Feb 10 15:01:06 2013 -0500 - - added the roadmap.org file to define the upcoming fwknop road map - - roadmap.org | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 69 insertions(+) - -commit b820bbbe4b5fedeb88e7798cfdddec722936c34c -Author: Michael Rash -Date: Sun Feb 10 14:57:44 2013 -0500 - - Minor memory leak bug fix in --rotate-digest-cache mode - - This commit fixes a minor memory leak for the digest cache file path in - --rotate-digest-cache mode in the replay_cache_init() function. The leak was - caught by valgrind, and a new test was added to the test suite for it. Here - is the valgrind warning: - - ==29021== 21 bytes in 1 blocks are definitely lost in loss record 2 of 2 - ==29021== at 0x4C2B3F8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) - ==29021== by 0x1103AA: replay_cache_init (replay_cache.c:96) - ==29021== by 0x10BB8C: main (fwknopd.c:254) - - server/replay_cache.c | 8 +++++++- - test/test-fwknop.pl | 52 +++++++++++++++++++++++++++++++++++++++++++++++++-- - 2 files changed, 57 insertions(+), 3 deletions(-) - -commit 7face3eec9bbfa8a2df7b96cf078a418cb940e95 -Author: Michael Rash -Date: Sat Feb 2 22:37:17 2013 -0500 - - ensure matching test file comparison for valgrind test - - test/test-fwknop.pl | 30 ++++++++++++++++++------------ - 1 file changed, 18 insertions(+), 12 deletions(-) - -commit 7bfaee9aef7893b08c7cdcbb9af7ae424ff4fbf5 -Author: Michael Rash -Date: Sat Feb 2 22:06:45 2013 -0500 - - Make valgrind test fail for new flagged functions - - In --enable-valgrind mode, this commit adds the ability to compare current test - result output with any previous test suite execution. Whenever valgrind flags - a new function or if an existing flagged function has a greater number of - calls, then the final valgrind test will fail. This allows a greater level of - valgrind validation to take place for new code in an automated fashion. For - example, if a change to a piece of code introduces a memory handling problem of - the sort that valgrind can detect, then the final test will fail like so: - - # ./test-fwknop.pl --include "complete cycle.*HMAC" --enable-valgrind --test-limit 1 - - [+] Starting the fwknop test suite... - - args: --include complete cycle.*HMAC --enable-valgrind --test-limit 1 - - Saved results from previous run to: output.last/ - - [Rijndael SPA] [client+server] complete cycle + HMAC (tcp/22 ssh)...pass (1) - [valgrind output] [flagged functions] ..............................fail (2) - - [+] 1/1/2 tests passed/failed/executed - - The newly flagged functions will be written to the corresponding test file: - - # cat output/2.test - - [+] TEST: [valgrind output] [flagged functions]~ - [-] 1.test (client) '[+] TEST: [Rijndael SPA] [client+server] complete cycle + HMAC (tcp/22 ssh)' --> NEW valgrind flagged function: main - [-] 1.test (client) '[+] TEST: [Rijndael SPA] [client+server] complete cycle + HMAC (tcp/22 ssh)' --> NEW valgrind flagged function: fko_spa_data_final - [-] 1.test (client) '[+] TEST: [Rijndael SPA] [client+server] complete cycle + HMAC (tcp/22 ssh)' --> NEW valgrind flagged function: strdup - [-] 1.test (client) '[+] TEST: [Rijndael SPA] [client+server] complete cycle + HMAC (tcp/22 ssh)' --> NEW valgrind flagged function: fko_new - [-] 1.test (client) '[+] TEST: [Rijndael SPA] [client+server] complete cycle + HMAC (tcp/22 ssh)' --> NEW valgrind flagged function: fko_encrypt_spa_data - [-] 1.test (client) '[+] TEST: [Rijndael SPA] [client+server] complete cycle + HMAC (tcp/22 ssh)' --> NEW valgrind flagged function: fko_encode_spa_data - [-] 1.test (client) '[+] TEST: [Rijndael SPA] [client+server] complete cycle + HMAC (tcp/22 ssh)' --> NEW valgrind flagged function: fko_calculate_hmac - [-] 1.test (client) '[+] TEST: [Rijndael SPA] [client+server] complete cycle + HMAC (tcp/22 ssh)' --> NEW valgrind flagged function: fko_set_username - [-] 1.test (client) '[+] TEST: [Rijndael SPA] [client+server] complete cycle + HMAC (tcp/22 ssh)' --> NEW valgrind flagged function: fko_set_rand_value - [-] 1.test (client) '[+] TEST: [Rijndael SPA] [client+server] complete cycle + HMAC (tcp/22 ssh)' --> NEW valgrind flagged function: fko_set_spa_message - [-] 1.test (client) '[+] TEST: [Rijndael SPA] [client+server] complete cycle + HMAC (tcp/22 ssh)' --> NEW valgrind flagged function: set_digest - [-] 1.test New and/or greater number of valgrind flagged function calls - - test/test-fwknop.pl | 214 ++++++++++++++++++++++++++++++++++++++-------------- - 1 file changed, 159 insertions(+), 55 deletions(-) - -commit 4824b74d93f3b44a9b233c7bd474c1f0ceaa2ea4 -Author: Michael Rash -Date: Thu Jan 31 22:19:21 2013 -0500 - - bug fix for iptables duplicate rules test to account for rules that may have a different time stamp - - test/test-fwknop.pl | 22 +++++++++++++++++----- - 1 file changed, 17 insertions(+), 5 deletions(-) - -commit 6d233a9427622352775a2d59d9b29800eb3a8e3e -Author: Michael Rash -Date: Thu Jan 31 21:20:04 2013 -0500 - - make sure test message strings are unique across all tests - - test/test-fwknop.pl | 23 ++++++++++++++++++----- - 1 file changed, 18 insertions(+), 5 deletions(-) - -commit c31c924a4541700e6a1a1eb9bd6ce82e1f9e7651 -Author: Michael Rash -Date: Wed Jan 30 21:13:44 2013 -0500 - - minor spacing fix - - lib/sha2.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -commit 13018a5c42dfd50345bbd34cbd6e14857086b50e -Merge: fa56f95 fcf9f43 -Author: Michael Rash -Date: Wed Jan 30 18:04:50 2013 -0800 - - Merge pull request #19 from fjoncourt/hmac_support - - Fixed gcc warning for the md5 driver. - -commit fa56f951b422cb42c9be99234df24d0b9c51403b -Author: Michael Rash -Date: Tue Jan 29 21:57:38 2013 -0500 - - [test suite] bug fix for 'set_legacy_iv' mode in perl_fko_module_complete_cycle() - - test/test-fwknop.pl | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -commit f1793a61d6d26378f9be5d662a81d02596d41bc6 -Merge: efe6e9f 1a8520d -Author: Michael Rash -Date: Tue Jan 29 21:52:15 2013 -0500 - - Merge remote-tracking branch 'fjoncourt/hmac_support' into hmac_support - - Applied fix from Franck Joncourt for the 'warning: dereferencing type-punned - pointer will break strict-aliasing rules [-Wstrict-aliasing]' error in the - MD5 digest code. - -commit fcf9f43c5ba0e11214d31c515854543c21d7bd63 -Author: Franck Joncourt -Date: Mon Jan 28 21:47:57 2013 +0100 - - Fixed gcc warnings for the sha2 driver. - - lib/sha2.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -commit efe6e9f23b32c5376b9696ffd60cb78b683bf761 -Author: Michael Rash -Date: Sun Jan 27 22:22:52 2013 -0500 - - more legacy IV mode tests with the perl FKO module - - test/test-fwknop.pl | 49 ++++++++++++++++++++++++++++++++++++++++++++----- - 1 file changed, 44 insertions(+), 5 deletions(-) - -commit 4cb139c6744f1c92fe03561c8007eb00c4ddb8ca -Author: Michael Rash -Date: Sun Jan 27 20:37:48 2013 -0500 - - added fuzzing test counters with summary output - - test/test-fwknop.pl | 28 ++++++++++++++++++++++------ - 1 file changed, 22 insertions(+), 6 deletions(-) - -commit 2ecb278d8ee3e922647066254d8195afca3e0db4 -Author: Michael Rash -Date: Sun Jan 27 14:18:25 2013 -0500 - - added legacy IV tests for perl FKO client -> C server - - test/test-fwknop.pl | 48 ++++++++++++++++++++++++++++++++++++++++++------ - 1 file changed, 42 insertions(+), 6 deletions(-) - -commit 0109d64e545f5c2d124c2aff4e5691b46fb3ace3 -Author: Michael Rash -Date: Sun Jan 27 14:03:26 2013 -0500 - - added encryption_mode() support to perl FKO module - - perl/FKO/FKO.xs | 21 +++++++++++++++++++++ - perl/FKO/lib/FKO.pm | 16 ++++++++++++++++ - perl/FKO/lib/FKO_Constants.pl | 23 +++++++++++++++++++++++ - test/test-fwknop.pl | 1 + - 4 files changed, 61 insertions(+) - -commit b537c9e451a6b7e97bcf63a76d18b3246a622222 -Author: Michael Rash -Date: Sun Jan 27 13:30:26 2013 -0500 - - ensure test/conf/ files are included - - Makefile.am | 27 ++++++++++++++++++--------- - 1 file changed, 18 insertions(+), 9 deletions(-) - -commit e7eb02f82df2949c1a9092745b771fa8ffaf6723 -Author: Michael Rash -Date: Sun Jan 27 13:18:29 2013 -0500 - - Maintain backwards compatibility with old "zero padding" code - - [libfko] Added the ability to maintain backwards compatibility with the - now deprecated "zero padding" strategy in AES mode that was a hold over - from the old perl fwknop implementation. This enables the backwards - compatiblity tests to continue to pass in the test suite. - - ChangeLog | 3 +++ - lib/cipher_funcs.c | 20 +++++++++-------- - lib/fko.h | 1 + - server/access.c | 2 ++ - test/conf/android_legacy_iv_access.conf | 4 ++++ - test/conf/legacy_iv_access.conf | 4 ++++ - test/test-fwknop.pl | 38 ++++++++++++++++++--------------- - 7 files changed, 46 insertions(+), 26 deletions(-) - -commit 8a5b700c3007239c81a069b390f0dfc5ce1d8552 -Author: Michael Rash -Date: Sun Jan 27 10:54:20 2013 -0500 - - openssl tests to use '-pass file:' method for setting passphrase - - test/test-fwknop.pl | 105 +++++++++++++++++++++++++++++++++++++++++++--------- - 1 file changed, 87 insertions(+), 18 deletions(-) - -commit 98c16005da147e4885abb6e95ea3e3ce0d207468 -Author: Michael Rash -Date: Sun Jan 27 10:53:07 2013 -0500 - - memset() AES buffers to zero - - lib/cipher_funcs.c | 5 +++++ - 1 file changed, 5 insertions(+) - -commit 1618dc2a7c2f8c0c5b4808225e579f23778e4b68 -Author: Michael Rash -Date: Sat Jan 26 20:45:56 2013 -0500 - - minor typo spelling fix - - test/conf/fwknoprc_default_hmac_base64_key | 2 +- - test/conf/fwknoprc_invalid_base64_key | 2 +- - test/conf/fwknoprc_named_key | 2 +- - test/conf/fwknoprc_with_default_base64_key | 2 +- - test/conf/fwknoprc_with_default_key | 2 +- - test/conf/fwknoprc_with_named_key | 2 +- - 6 files changed, 6 insertions(+), 6 deletions(-) - -commit 1a8520d659c6488be5eff6c8bad30bf7f01614d3 -Author: Franck Joncourt -Date: Sat Jan 26 22:23:18 2013 +0100 - - Fixed gcc warning for the md5 driver. - - md5.c: In function 'MD5Final': - md5.c:166:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] - md5.c:167:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] - - Debian Gnu/Linux on i386 build against 2.0.4 : - - https://buildd.debian.org/status/fetch.php?pkg=fwknop&arch=i386&ver=2.0.4-1&stamp=1358610541 - - lib/md5.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -commit 1d35c33d5214345118836146713b8c6fff8d211d -Author: Michael Rash -Date: Fri Jan 25 21:44:24 2013 -0500 - - [test suite] added --enable-openssl-checks - - Added --enable-openssl-checks to send all SPA packets encrypted via libfko - through the OpenSSL library to ensure that the libfko usage of AES is always - compatible with OpenSSL. This ensures that the fwknop usage of AES is properly - implemented as verified by the OpenSSL library, which is a frequently audited - high profile crypto engine. If a vulnerability is discovered in OpenSSL and a - change is made, then the --enable-openssl-checks mode will allow the test suite - to discover this in a automated fashion for fwknop. - - ChangeLog | 8 ++ - lib/cipher_funcs.c | 43 ++++++---- - test/test-fwknop.pl | 241 ++++++++++++++++++++++++++++++++++++++++++++++++++-- - todo.org | 15 ++++ - 4 files changed, 286 insertions(+), 21 deletions(-) - -commit e6e695bc2efe09634cda917ba33eb296302fc2b5 -Author: Michael Rash -Date: Tue Jan 22 22:47:40 2013 -0500 - - minor todo.org updates - - todo.org | 13 ++++++++----- - 1 file changed, 8 insertions(+), 5 deletions(-) - -commit fbbcae3a0db81336f45b45e3c4698a79f113c393 -Author: Michael Rash -Date: Tue Jan 22 22:20:54 2013 -0500 - - [libfko] Don't trundate > 16 byte Rijndael keys - - Significant bug fix to honor the full encryption key length for - user-supplied Rijndael keys > 16 bytes long. Previous to this bug fix, - only the first 16 bytes of a key were actually used in the encryption/ - decryption process even if the supplied key was longer. The result was - a weakening of expected security for users that had keys > 16 bytes, - although this is probably not too common. Note that "passphrase" is - perhaps technically a better word for "user-supplied key" in this - context since Rijndael in CBC mode derives a real encryption/decryption - key from the passphrase through a series of applications of md5 against - the passphrase and a random salt. This issue was reported by Michael T. - Dean. Closes issue #18 on github. - - CREDITS | 4 +++ - ChangeLog | 11 +++++++ - lib/cipher_funcs.c | 42 ++++++++++++++------------ - lib/rijndael.h | 10 +++---- - test/test-fwknop.pl | 85 +++++++++++++++++++++++++++++++++++++++++++++++++++++ - 5 files changed, 128 insertions(+), 24 deletions(-) - -commit fde5ec8ed99a37717af756618c7fb36ed62a4b69 -Author: Michael Rash -Date: Sun Jan 20 22:43:29 2013 -0500 - - minor todo.org updates - - todo.org | 5 +++++ - 1 file changed, 5 insertions(+) - -commit 7d82b3ef30b57240d81af443a973be7a92269dbc -Author: Michael Rash -Date: Sun Jan 20 22:01:29 2013 -0500 - - minor ChangeLog and todo.org updates for the coming HMAC feature - - ChangeLog | 4 +++- - todo.org | 14 ++++++++++---- - 2 files changed, 13 insertions(+), 5 deletions(-) - -commit 6c72e7a90849b847fc03bea038a83397340d3d50 -Author: Michael Rash -Date: Sun Jan 20 18:51:34 2013 -0500 - - added test for b0a4c045e6862e4359fe6530934f456a2e61703d (ensure iptables rules not duplicated) - - test/test-fwknop.pl | 61 +++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 61 insertions(+) - -commit fd41308ce55db47ddc7ae54237a55a283526437e -Author: Michael Rash -Date: Sun Jan 20 15:31:55 2013 -0500 - - added info for Franck's latest contribution - - CREDITS | 3 +++ - 1 file changed, 3 insertions(+) - -commit b0a4c045e6862e4359fe6530934f456a2e61703d -Merge: 160a9e5 0fda88c -Author: Michael Rash -Date: Sun Jan 20 15:22:47 2013 -0500 - - Merge remote-tracking branch 'fjoncourt/master' into hmac_support - - This merges in code from Franck Joncourt to ensure that duplicate iptables - rules are not created for SPA packets that are themselves different but arrive - at the same time and that request exactly the same access. This is done by - using the 'iptables -C' functionality to determine whether a duplicate rule - already exists before adding a new one. - -commit 160a9e5565ffdec56e528a4412bbf0cbcef7963a -Author: Michael Rash -Date: Sun Jan 20 14:27:27 2013 -0500 - - perl FKO module HMAC compatibility - - lib/fko_funcs.c | 13 +++++++++++-- - perl/FKO/FKO.xs | 26 ++++++++++++++++++-------- - perl/FKO/lib/FKO.pm | 38 +++++++++++++++++++++++--------------- - perl/FKO/lib/FKO_Constants.pl | 18 ++++++++++++++++++ - test/test-fwknop.pl | 28 ++++++++++++++-------------- - 5 files changed, 84 insertions(+), 39 deletions(-) - -commit 47f20ea30cc07b1a4b2b3aff6da259b7320f0782 -Author: Michael Rash -Date: Sat Jan 19 18:36:52 2013 -0500 - - merged in the fixes_for_2.0.4 branch - - client/Makefile.am | 2 +- - common/Makefile.am | 8 ++++++++ - lib/Makefile.am | 15 +++------------ - server/Makefile.am | 2 +- - 4 files changed, 13 insertions(+), 14 deletions(-) - -commit fc4825b3310f9a9675ea18fea870904628ae59e8 -Author: Michael Rash -Date: Sat Jan 19 18:17:29 2013 -0500 - - added backwards compatibility test for 2.0.4 client->server - - test/test-fwknop.pl | 16 ++++++++++++++++ - 1 file changed, 16 insertions(+) - -commit 437a05dac66e05e875431d1a705ad19c2a4eac54 -Author: Michael Rash -Date: Sat Jan 19 16:27:34 2013 -0500 - - interim commit towards FKO compatibility with HMAC code - - perl/FKO/FKO.xs | 31 ++++++++++++++++++++----------- - 1 file changed, 20 insertions(+), 11 deletions(-) - -commit 307cb84323c0dd699ff2e30e5cee07da933bc352 -Author: Michael Rash -Date: Fri Jan 18 22:11:32 2013 -0500 - - port strlen bugfix - - client/spa_comm.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -commit 47ea800889f272fc1d64f85da81659a4aa49b273 -Merge: 55fa484 10c1906 -Author: Michael Rash -Date: Fri Jan 18 18:24:45 2013 -0500 - - merged in fwknop-2.0.4 changes - -commit 0fda88cfcac4d99bcb3d0f1e20d405ae1e5b6d9d -Author: Franck Joncourt -Date: Thu Jan 17 21:46:13 2013 +0100 - - * Avoid duplicate rules with the same timestamp. - - server/fw_util_iptables.c | 305 ++++++++++++++++++++++++---------------------- - server/fw_util_iptables.h | 10 +- - 2 files changed, 165 insertions(+), 150 deletions(-) - -commit ecc9a62a23faa3688c5b63849e4f12109beffef5 (refs/remotes/fjoncourt/fixes_for_2.0.4) -Author: Damien Stuart -Date: Sun Jan 13 22:28:34 2013 -0500 - - Add AM_CPPFLAGS to common/Makefile.am - - common/Makefile.am | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -commit b7b4e857be15c2f34ada9d63c988fc3d4debcc6f -Author: Damien Stuart -Date: Sun Jan 13 22:16:30 2013 -0500 - - Change to how strlcpy and strlcat are handled - - Put strlcpy and strlcat object files back in the source group in lib. - Moved libfko_util.a to the common directory (though sources remain in - lib). Client and server code looks to common dir for libfko-util. - This fixes issue with strlcpy showing as undefined symbol when perl FKO - module is loaded. - - client/Makefile.am | 2 +- - common/Makefile.am | 6 ++++++ - lib/Makefile.am | 11 +---------- - server/Makefile.am | 2 +- - 4 files changed, 9 insertions(+), 12 deletions(-) - -commit 10c19063df27f0bc60f86bc1c3498be498f3a0d3 -Author: Damien Stuart -Date: Sun Dec 23 10:28:30 2012 -0500 - - Fixed parallel build issue - - Added explicit dependency directives to Makefile.am to address errors - when running a parallel build. - - lib/Makefile.am | 20 ++++++++++++-------- - 1 file changed, 12 insertions(+), 8 deletions(-) - -commit 516b75f41c738b9e88fa836d93600d6bb23d4f2e -Author: Michael Rash -Date: Thu Dec 13 21:09:47 2012 -0500 - - removed openbsd/pkg/ directory - - extras/openbsd/pkg/DESCR | 14 -------------- - extras/openbsd/pkg/PFRAG.shared | 2 -- - extras/openbsd/pkg/PLIST | 11 ----------- - extras/openbsd/pkg/fwknopd.rc | 9 --------- - 4 files changed, 36 deletions(-) - -commit 0d19065ecc4c4f1a34c85b27302c98bc2e6adfe7 -Author: Michael Rash -Date: Thu Dec 13 21:07:53 2012 -0500 - - added fwknop-2.0.4 OpenBSD port from Vlad Glagolev - - ChangeLog | 4 +++ - extras/openbsd/fwknop-2.0.4/Makefile | 46 ++++++++++++++++++++++++++++ - extras/openbsd/fwknop-2.0.4/distinfo | 5 +++ - extras/openbsd/fwknop-2.0.4/pkg/DESCR | 14 +++++++++ - extras/openbsd/fwknop-2.0.4/pkg/PFRAG.shared | 2 ++ - extras/openbsd/fwknop-2.0.4/pkg/PLIST | 11 +++++++ - extras/openbsd/fwknop-2.0.4/pkg/fwknopd.rc | 9 ++++++ - 7 files changed, 91 insertions(+) - -commit 0e89efb40e3bd94c2a871f54289e35672ab29371 -Author: Michael Rash -Date: Thu Dec 13 21:05:31 2012 -0500 - - moved openbsd/* to openbsd/fwknop-2.0.3/ now that Vlad Glagolev has contributed an fwknop-2.0.4 OpenBSD port - - extras/openbsd/distinfo | 5 --- - extras/openbsd/fwknop-2.0.3/Makefile | 46 ++++++++++++++++++++++ - extras/openbsd/fwknop-2.0.3/distinfo | 5 +++ - .../fwknop-2.0.3/patches/patch-lib_fko_decode_c | 14 +++++++ - .../patches/patch-server_replay_cache_c | 27 +++++++++++++ - extras/openbsd/patches/patch-lib_fko_decode_c | 14 ------- - extras/openbsd/patches/patch-server_replay_cache_c | 27 ------------- - 7 files changed, 92 insertions(+), 46 deletions(-) - -commit 55fa4841f24f13c1db84fa76a02d106298c057ec -Merge: 5daaca0 40ac28d -Author: Michael Rash -Date: Mon Sep 3 22:32:44 2012 -0400 - - another merge from master - -commit 5daaca01ea30bec306cdd96085e4efc8e384d082 -Merge: b643848 d739331 -Author: Michael Rash -Date: Fri Aug 31 21:43:55 2012 -0400 - - merged master 2.0.3 changes - -commit b643848e057eb72085c9bc690a30fe434944437f -Author: Michael Rash -Date: Sun Aug 19 22:27:04 2012 -0400 - - added --hmac-mode to spa-entropy.pl - - extras/spa-entropy/spa-entropy.pl | 28 ++++++++++++++++++++++------ - 1 file changed, 22 insertions(+), 6 deletions(-) - -commit e80a6de5f7dda2fbe0c0f9e4e1df2e951921511b -Author: Michael Rash -Date: Sun Aug 19 10:43:30 2012 -0400 - - Memory leak bug fix discovered through the "altered HMAC test" - - This commit fixes a memory leak caught with valgrind in the "altered HMAC - test": - - [+] fwknop functions (unique view): - - 9 : ??? - - 4 : main - - 4 : pcap_capture - - 2 : incoming_spa - - 2 : fko_new_with_data - - 2 : fko_verify_hmac - + 7 : ??? - + 2 : pcap_capture - + 2 : main - 1 : pcap_compile - - 1 : strdup - - 1 : fko_calculate_hmac - - 1 : add_salted_str - - [+] fwknop functions (with call line numbers): - - 9 : ??? (in /usr/lib/x86_64-linux-gnu/libpcap.so.1.1.1) - - 4 : main (fwknopd.c:299) - - 2 : fko_new_with_data (fko_funcs.c:220) - - 2 : pcap_capture (pcap_capture.c:226) - - 2 : incoming_spa (incoming_spa.c:378) - - 1 : add_salted_str (cipher_funcs.c:298) - - 1 : strdup (strdup.c:43) - - 1 : fko_verify_hmac (fko_hmac.c:78) - - 1 : fko_verify_hmac (fko_hmac.c:92) - - 1 : pcap_capture (pcap_capture.c:105) - + 7 : ??? (in /usr/lib/x86_64-linux-gnu/libpcap.so.1.1.1) - + 2 : main (fwknopd.c:299) - 1 : pcap_compile (in /usr/lib/x86_64-linux-gnu/libpcap.so.1.1.1) - 1 : pcap_capture (pcap_capture.c:97) - - 1 : fko_calculate_hmac (fko_hmac.c:169) - + 1 : pcap_capture (pcap_capture.c:105) - - lib/fko_funcs.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -commit 6199180c6971e08fdb52242deaed127c8d4af92c -Author: Michael Rash -Date: Sat Aug 18 16:29:08 2012 -0400 - - minor paren's syntax bug fix - - server/incoming_spa.c | 2 ++ - 1 file changed, 2 insertions(+) - -commit 6392e5891e626393e553eb032405424f5311be21 -Merge: 8d6bc05 6de386b -Author: Michael Rash -Date: Sat Aug 18 16:26:06 2012 -0400 - - Merge branch 'master' into hmac_support - -commit 8d6bc052952b9b99f4d0898038df78c946aef64b -Merge: 47795d4 38feb8d -Author: Michael Rash -Date: Fri Aug 17 21:19:52 2012 -0400 - - merged from master - -commit 47795d41e29feabe4824b7436d376cd71b56e406 -Merge: c374a7d 27ccfe3 -Author: Michael Rash -Date: Fri Aug 10 22:30:07 2012 -0400 - - merged from master - -commit c374a7df27c9baf37e6c0c43b284886588b59d15 -Merge: eb5176c e70739d -Author: Michael Rash -Date: Sun Aug 5 13:26:43 2012 -0400 - - Merge branch 'master' into hmac_support - -commit eb5176cf6058fd5bec254767a511665066bf0691 -Author: Michael Rash -Date: Fri Aug 3 21:20:21 2012 -0400 - - [test suite] added --enable-all arg - - test/test-fwknop.pl | 8 ++++++++ - 1 file changed, 8 insertions(+) - -commit f7084721b76df36551c72a5603c91c7488d1da0e -Author: Michael Rash -Date: Thu Aug 2 23:24:38 2012 -0400 - - added 'altered HMAC' tests to ensure HMAC verification happens properly - - test/test-fwknop.pl | 134 ++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 134 insertions(+) - -commit 30acf93b727ab5b9c03dd052c59dfc466689edc7 -Author: Michael Rash -Date: Thu Aug 2 22:55:54 2012 -0400 - - Memory leak fix for HMAC verification - - This commit commit fixes a memory leak in the HMAC verification code found with - the test suite running in valgrind mode. Here is the './test-fwknop.pl --diff' - output showing fko_verify_hmac() removed from the flagged functions list: - - [+] fwknop functions (unique view): - - 8 : ??? - - 3 : main - - 3 : pcap_capture - - 1 : incoming_spa - + 7 : ??? - + 2 : pcap_capture - + 2 : main - 1 : pcap_compile - - 1 : fko_new_with_data - - 1 : strndup - - 1 : fko_verify_hmac - - [+] fwknop functions (with call line numbers): - - 8 : ??? (in /usr/lib/x86_64-linux-gnu/libpcap.so.1.1.1) - - 3 : main (fwknopd.c:299) - - 1 : fko_new_with_data (fko_funcs.c:220) - - 1 : pcap_capture (pcap_capture.c:105) - - 1 : incoming_spa (incoming_spa.c:376) - - 1 : strndup (strndup.c:46) - + 7 : ??? (in /usr/lib/x86_64-linux-gnu/libpcap.so.1.1.1) - + 2 : main (fwknopd.c:299) - 1 : pcap_compile (in /usr/lib/x86_64-linux-gnu/libpcap.so.1.1.1) - - 1 : pcap_capture (pcap_capture.c:226) - 1 : pcap_capture (pcap_capture.c:97) - - 1 : fko_verify_hmac (fko_hmac.c:54) - + 1 : pcap_capture (pcap_capture.c:105) - - lib/fko_hmac.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -commit 3d9e96af564a915096f29c8d779c3c8128269635 -Author: Michael Rash -Date: Thu Aug 2 22:46:52 2012 -0400 - - Memory leak fix in client test mode - - This commit fixes the following memory leak found with the test suite running - in valgrind mode: - - HEAP SUMMARY: - in use at exit: 217 bytes in 3 blocks - total heap usage: 27 allocs, 24 frees, 5,260 bytes allocated - - 44 bytes in 1 blocks are definitely lost in loss record 1 of 3 - at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) - by 0x50CB861: strndup (strndup.c:46) - by 0x4E3A4D4: fko_verify_hmac (fko_hmac.c:54) - by 0x4E394DD: fko_new_with_data (fko_funcs.c:220) - by 0x10B3A7: main (fwknop.c:408) - - 44 bytes in 1 blocks are definitely lost in loss record 2 of 3 - at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) - by 0x50CB801: strdup (strdup.c:43) - by 0x4E3A3FC: fko_calculate_hmac (fko_hmac.c:162) - by 0x4E3A552: fko_verify_hmac (fko_hmac.c:86) - by 0x4E394DD: fko_new_with_data (fko_funcs.c:220) - by 0x10B3A7: main (fwknop.c:408) - - 129 bytes in 1 blocks are definitely lost in loss record 3 of 3 - at 0x4C2B7B2: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) - by 0x4E36A03: add_salted_str (cipher_funcs.c:298) - by 0x4E3A587: fko_verify_hmac (fko_hmac.c:75) - by 0x4E394DD: fko_new_with_data (fko_funcs.c:220) - by 0x10B3A7: main (fwknop.c:408) - - LEAK SUMMARY: - definitely lost: 217 bytes in 3 blocks - indirectly lost: 0 bytes in 0 blocks - possibly lost: 0 bytes in 0 blocks - still reachable: 0 bytes in 0 blocks - suppressed: 0 bytes in 0 blocks - - lib/fko_funcs.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -commit cba6478258c32c9106646e1cca62d300b53f6c46 -Author: Michael Rash -Date: Thu Aug 2 22:29:54 2012 -0400 - - Memory leak bug fix for rc file parsing of invalid data - - This commit fixes the following (found with the test suite in valgrind mode): - - 568 bytes in 1 blocks are still reachable in loss record 1 of 1 - at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) - by 0x50B1C9A: __fopen_internal (iofopen.c:76) - by 0x10D0CD: process_rc (config_init.c:516) - by 0x10D645: config_init (config_init.c:752) - by 0x10AB13: main (fwknop.c:70) - - client/config_init.c | 15 ++++++++++++--- - 1 file changed, 12 insertions(+), 3 deletions(-) - -commit c37047ac93d57ebeec0d58bf2c7120cf67783eba -Author: Michael Rash -Date: Thu Aug 2 22:00:05 2012 -0400 - - Memory leak bug fix in --key-gen mode - - This commit fixes the following memory caught with the test suite in valgrind - mode: - - HEAP SUMMARY: - in use at exit: 285 bytes in 4 blocks - total heap usage: 11 allocs, 7 frees, 3,179 bytes allocated - - 5 bytes in 1 blocks are indirectly lost in loss record 1 of 4 - at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) - by 0x50CB801: strdup (strdup.c:43) - by 0x4E3A7B2: fko_set_username (fko_user.c:96) - by 0x4E39628: fko_new (fko_funcs.c:86) - by 0x10AB54: main (fwknop.c:83) - - 7 bytes in 1 blocks are indirectly lost in loss record 2 of 4 - at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) - by 0x4E395D7: fko_new (fko_funcs.c:62) - by 0x10AB54: main (fwknop.c:83) - - 17 bytes in 1 blocks are indirectly lost in loss record 3 of 4 - at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) - by 0x4E3A06A: fko_set_rand_value (fko_rand_value.c:114) - by 0x4E39605: fko_new (fko_funcs.c:75) - by 0x10AB54: main (fwknop.c:83) - - 285 (256 direct, 29 indirect) bytes in 1 blocks are definitely lost in loss record 4 of 4 - at 0x4C29DB4: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) - by 0x4E395BA: fko_new (fko_funcs.c:46) - by 0x10AB54: main (fwknop.c:83) - - LEAK SUMMARY: - definitely lost: 256 bytes in 1 blocks - indirectly lost: 29 bytes in 3 blocks - possibly lost: 0 bytes in 0 blocks - still reachable: 0 bytes in 0 blocks - suppressed: 0 bytes in 0 blocks - - client/fwknop.c | 20 +++++++++++--------- - 1 file changed, 11 insertions(+), 9 deletions(-) - -commit b8ed3a60d9a4d2e191f43a11240210672553c5d6 -Author: Michael Rash -Date: Thu Aug 2 21:56:45 2012 -0400 - - excluded HMAC random verification from --enable-valgrind mode (too slow for 100 client executions) - - test/test-fwknop.pl | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -commit 84b9c775c037ec079bb43dcdf7b8e93517937534 -Merge: 1528697 7061b7b -Author: Michael Rash -Date: Wed Aug 1 23:41:00 2012 -0400 - - Merge branch 'master' into hmac_support - -commit 1528697aaa7d322c4dd8becd9ca90c2131e54568 -Merge: a8bb425 5fd3343 -Author: Michael Rash -Date: Wed Aug 1 23:05:51 2012 -0400 - - merged replay prefix and IP resolve tests - -commit a8bb42569c807becef2bd96238601e6adf5db909 -Author: Michael Rash -Date: Sun Jul 29 23:35:32 2012 -0400 - - [test suite] minor compile bug fix - - test/test-fwknop.pl | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -commit afc71b7df3d992ed6f3add8760fbd64b46c7cd31 -Author: Michael Rash -Date: Sun Jul 29 23:31:15 2012 -0400 - - Replay attack bug fix (encryption prefixes) - - Ensure that an attacker cannot force a replay attack by intercepting an - SPA packet and the replaying it with the base64 version of "Salted__" - (for Rindael) or the "hQ" prefix (for GnuPG). This is an important fix. - The following comment was added into the fwknopd code: - - /* Ignore any SPA packets that contain the Rijndael or GnuPG prefixes - * since an attacker might have tacked them on to a previously seen - * SPA packet in an attempt to get past the replay check. And, we're - * no worse off since a legitimate SPA packet that happens to include - * a prefix after the outer one is stripped off won't decrypt properly - * anyway because libfko would not add a new one. - */ - - lib/cipher_funcs.h | 9 --------- - lib/fko.h | 8 ++++++++ - server/incoming_spa.c | 14 ++++++++++++++ - test/test-fwknop.pl | 30 ++++++++++++++++++++++++++++++ - 4 files changed, 52 insertions(+), 9 deletions(-) - -commit fd30a3491d6201736095846cb45ffaa808d29ee2 -Author: Michael Rash -Date: Sun Jul 29 21:57:05 2012 -0400 - - minor variable rename LENGTH -> LEN, STRING_LENGTH -> STR_LEN - - client/fwknop.c | 2 +- - lib/digest.c | 40 ++++++++++----------- - lib/digest.h | 10 +++--- - lib/fko_decode.c | 12 +++---- - lib/fko_digest.c | 20 +++++------ - lib/fko_funcs.c | 6 ++-- - lib/fko_hmac.c | 16 ++++----- - lib/fko_util.c | 10 +++--- - lib/hmac.c | 10 +++--- - lib/hmac.h | 4 +-- - lib/md5.h | 2 +- - lib/sha1.h | 4 +-- - lib/sha2.c | 106 +++++++++++++++++++++++++++---------------------------- - lib/sha2.h | 62 ++++++++++++++++---------------- - 14 files changed, 152 insertions(+), 152 deletions(-) - -commit a9cbd60327374e61791ff4ea8fe50c03981739a0 -Author: Michael Rash -Date: Sun Jul 29 21:34:08 2012 -0400 - - [libfko] first HMAC-SHA256 implementation (includes test suite support) - - lib/cipher_funcs.c | 37 ++++++++++++++++++++ - lib/cipher_funcs.h | 1 + - lib/fko_context.h | 1 + - lib/fko_encryption.c | 22 ++---------- - lib/fko_hmac.c | 56 ++++++++++++++++++++++++++++-- - lib/fko_util.c | 2 ++ - test/conf/fwknoprc_default_hmac_base64_key | 2 +- - test/test-fwknop.pl | 26 +++++++++++--- - 8 files changed, 119 insertions(+), 28 deletions(-) - -commit df0f0b7f61c136e32ae51bbd595e576028f47305 -Author: Michael Rash -Date: Sun Jul 29 21:31:44 2012 -0400 - - [libfko] minor memory leak fix for user detection (corner case) - - lib/fko_user.c | 4 ++++ - 1 file changed, 4 insertions(+) - -commit 6d379aba6e9eac17599f99c90b9458f2e6bce006 -Author: Michael Rash -Date: Sat Jul 28 00:08:30 2012 -0400 - - [server] replay attack detection memory leak bug fix - - This commit fixes the following memory leak found with valgrind: - - 44 bytes in 1 blocks are definitely lost in loss record 2 of 2 - at 0x482BE68: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) - by 0x490EA50: strdup (strdup.c:43) - by 0x10CD69: incoming_spa (incoming_spa.c:162) - by 0x10E000: process_packet (process_packet.c:200) - by 0x4862E63: ??? (in /usr/lib/i386-linux-gnu/libpcap.so.1.1.1) - by 0x4865667: pcap_dispatch (in /usr/lib/i386-linux-gnu/libpcap.so.1.1.1) - by 0x10DABF: pcap_capture (pcap_capture.c:226) - by 0x10A798: main (fwknopd.c:299) - - server/incoming_spa.c | 4 ++++ - 1 file changed, 4 insertions(+) - -commit b760f4aad3faaa713ca8097414752ba2ad854326 -Author: Michael Rash -Date: Fri Jul 27 23:59:03 2012 -0400 - - [test suite] exempted valgrind collection test from --test-limit - - test/test-fwknop.pl | 25 +++++++++++++------------ - 1 file changed, 13 insertions(+), 12 deletions(-) - -commit c6cef8982a854f4671173964fe18cc82dc38594f -Author: Michael Rash -Date: Fri Jul 27 23:25:32 2012 -0400 - - [libfko] validate incoming plaintext lengths - - lib/fko_encryption.c | 29 +++++++++++++++++++---------- - lib/fko_limits.h | 6 +++++- - lib/fko_util.c | 11 +++++++++++ - lib/fko_util.h | 1 + - 4 files changed, 36 insertions(+), 11 deletions(-) - -commit 482e6f974c4022b15909f648af94f013adcd4580 -Author: Michael Rash -Date: Fri Jul 27 21:29:26 2012 -0400 - - added msg_hmac_len and removed additional strlen() calls - - lib/fko_context.h | 1 + - lib/fko_encryption.c | 12 ++++++++++-- - lib/fko_funcs.c | 2 +- - lib/fko_hmac.c | 8 ++++++-- - 4 files changed, 18 insertions(+), 5 deletions(-) - -commit 10195cf29a41dc64e3cbfc429656618dca55d973 -Author: Michael Rash -Date: Fri Jul 27 18:16:37 2012 -0400 - - [libfko] added encrypted_msg_len and replaced additional strlen() calls - - lib/cipher_funcs.h | 3 +++ - lib/fko_context.h | 1 + - lib/fko_encryption.c | 51 ++++++++++++++++++++++----------------------------- - lib/fko_funcs.c | 17 ++++++++++++++--- - 4 files changed, 40 insertions(+), 32 deletions(-) - -commit a6ea3f6935b84c17fd4dc3db1ec73c57038f8a11 -Author: Michael Rash -Date: Fri Jul 27 18:08:23 2012 -0400 - - [test suite] minor bug fix for file existence check - - test/test-fwknop.pl | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -commit d0cb2c6ad5cd464303faceb9a5aec5ee0d8da810 -Author: Michael Rash -Date: Fri Jul 27 13:30:29 2012 -0400 - - [test suite] added 100 key uniqueness test for --key-gen mode - - test/test-fwknop.pl | 44 ++++++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 42 insertions(+), 2 deletions(-) - -commit ab52476bfc8d3843a54493ea1bb46fc6009df157 -Author: Michael Rash -Date: Fri Jul 27 13:05:29 2012 -0400 - - [test suite] [client] added --key-gen and --key-gen-file tests - - client/config_init.c | 7 +++++++ - client/fwknop.c | 21 ++++++++++++++++++++- - test/test-fwknop.pl | 45 +++++++++++++++++++++++++++++---------------- - 3 files changed, 56 insertions(+), 17 deletions(-) - -commit 16348aaccd74281f38a74b40a456984ca002e5cb -Author: Michael Rash -Date: Fri Jul 27 02:06:58 2012 -0400 - - replace strlen() call with strnlen() and MAX_SPA_ENCODED_MSG_SIZE bound - - lib/fko_encode.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -commit 8471d8aae6f835ad91f2cd2ade5e28646c70f59f -Author: Michael Rash -Date: Fri Jul 27 02:01:43 2012 -0400 - - semicolon syntax buf fix - - lib/fko_encode.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -commit d561fdd4d7f7847b5ca85f362039b925ca440ed0 -Author: Michael Rash -Date: Thu Jul 26 18:01:36 2012 -0400 - - added lib/fko_util.c with basic length checking functions - - lib/Makefile.am | 6 ++--- - lib/fko_decode.c | 3 +-- - lib/fko_encode.c | 2 +- - lib/fko_encryption.c | 22 +++++++++++++---- - lib/fko_util.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++++ - lib/fko_util.h | 3 +++ - 6 files changed, 92 insertions(+), 11 deletions(-) - -commit bdb6cc0eb12be6744081902a7ddd62da338de6ac -Author: Michael Rash -Date: Thu Jul 26 15:00:32 2012 -0400 - - Added digest_len and raw_digest_len fields and replaced strlen() calls - - lib/fko_context.h | 2 ++ - lib/fko_digest.c | 15 ++++++++++----- - lib/fko_encryption.c | 4 ++-- - 3 files changed, 14 insertions(+), 7 deletions(-) - -commit 3f05a6d25a74a1ced03574bdf457b84eceb5b546 -Author: Michael Rash -Date: Thu Jul 26 14:53:45 2012 -0400 - - [test suite] added sha384 and digest type arg tests - - test/test-fwknop.pl | 24 ++++++++++++++++++++++++ - 1 file changed, 24 insertions(+) - -commit 4f1c5b55a4d9f1ab7c7072b674ebdf7dba4eabc2 -Author: Michael Rash -Date: Thu Jul 26 12:52:25 2012 -0400 - - [test suite] added --test-limit argument - - test/test-fwknop.pl | 6 ++++++ - 1 file changed, 6 insertions(+) - -commit e733f4aa4fa1d4431175f4600a4755ce179bcf72 -Author: Michael Rash -Date: Thu Jul 26 12:21:24 2012 -0400 - - have encryption calls use encoded_msg_len - - lib/fko_encryption.c | 6 ++---- - 1 file changed, 2 insertions(+), 4 deletions(-) - -commit 661991b74787711ec49676828427fd305c6bf8bb -Author: Michael Rash -Date: Thu Jul 26 04:09:06 2012 -0400 - - complete cycle tests for client-set digest types - - test/test-fwknop.pl | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 52 insertions(+) - -commit 838829f2bb91758d87137d4344aa7a1ad25bc0d3 -Author: Michael Rash -Date: Thu Jul 26 00:10:28 2012 -0400 - - added a new encoded_msg_len to cut down on strlen() calls within libfko - - lib/fko_context.h | 1 + - lib/fko_decode.c | 27 +++++++++++++-------------- - lib/fko_digest.c | 16 +++++++++++----- - lib/fko_encode.c | 5 +++++ - lib/fko_encryption.c | 28 ++++++++++++++++++++-------- - 5 files changed, 50 insertions(+), 27 deletions(-) - -commit c51a85523f4153cbade24da7f7d6475a23f83723 -Author: Michael Rash -Date: Wed Jul 25 23:38:41 2012 -0400 - - Added valgrind individual test diff results. - - A new output/valgrind-coverage directory was added to test suite results, and valgrind - output is compared in --diff mode using data in this directory. - - test/test-fwknop.pl | 296 ++++++++++++++++++++++++++++++++-------------------- - 1 file changed, 180 insertions(+), 116 deletions(-) - -commit 50436837393efe90e7e627d16c1b7edb88ecfbe0 -Author: Michael Rash -Date: Tue Jul 24 17:50:17 2012 -0400 - - [test suite] bug fix after merge to account for new file_find_regex() API - - test/test-fwknop.pl | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -commit 175374337d12b1935ca8c02e585fa54121cebfc0 -Merge: 29fe16d c6b6746 -Author: Michael Rash -Date: Tue Jul 24 17:10:00 2012 -0400 - - merged crypto_update after fwknop-2.0.1 merge to crypto_update from master - -commit c6b674617c096ad7f4180ef8d0b5ad107962040e -Merge: 7145cdd 8e26cca -Author: Michael Rash -Date: Tue Jul 24 16:19:48 2012 -0400 - - completed merge from master after fwknop-2.0.1 release - -commit 29fe16d29ff23649a8acd360334c6b5ac83392aa -Author: Michael Rash -Date: Tue Jul 10 22:16:54 2012 -0400 - - post-merge fix after merged crypto_update branch changes - - server/incoming_spa.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -commit d7c4572521bf0d8b1f822f1c639092dc7bdaf690 -Merge: 47e3927 7145cdd -Author: Michael Rash -Date: Tue Jul 10 22:03:56 2012 -0400 - - merged test suite changes from the crypto_update branch - -commit 47e39272edcdd20b226c77c45704041be25a38ad -Author: Michael Rash -Date: Tue Jul 10 21:44:06 2012 -0400 - - Make encrypt/decrypt code accept integer key lengths instead of using strlen() - - Now that encryptions keys and hmac keys may be acquired from /dev/random with - --key-gen (and base64 encoded), they may contain NULL bytes. This emphasizes - the need to not leverage code that assumes C-style strings when making use of - key information. - - client/fwknop.c | 40 ++++++++++++++++++++++++++++++---------- - lib/cipher_funcs.c | 39 +++++++++++++++++++++------------------ - lib/cipher_funcs.h | 6 ++++-- - lib/fko.h | 35 +++++++++++++++++++++++------------ - lib/fko_encryption.c | 21 ++++++++++++--------- - lib/fko_funcs.c | 24 +++++++++++++----------- - lib/fko_hmac.c | 9 ++++++--- - lib/rijndael.c | 4 ++-- - lib/rijndael.h | 5 +++-- - server/access.c | 36 ++++++++++++++++++++++++++++++++---- - server/fwknopd_common.h | 2 ++ - server/incoming_spa.c | 34 ++++------------------------------ - 12 files changed, 152 insertions(+), 103 deletions(-) - -commit 7145cdd8a154d086ec3879edfe2d2fcf3cbae64e (refs/remotes/web/crypto_update, refs/remotes/origin/crypto_update, refs/remotes/fjoncourt/crypto_update, refs/remotes/ag4ve/crypto_update, refs/heads/crypto_update) -Author: Michael Rash -Date: Tue Jul 10 08:30:11 2012 -0400 - - Merge from master minor bug fix to include default encryption mode - - When getting raw digest for replay attack detection specify the default - encryption mode (which doesn't actually get used when passing a NULL key). - - server/incoming_spa.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -commit e5004dc829f64d15cd5652d49437c3a6ae17d700 -Merge: dc8a034 86fde0d -Author: Michael Rash -Date: Tue Jul 10 08:23:16 2012 -0400 - - Merge branch 'master' into crypto_update - -commit dc8a034a4d3a953482bc84a85fe0fe99d8e284e6 -Merge: adbc6a8 bc2e41f -Author: Michael Rash -Date: Sun Jul 8 22:00:13 2012 -0400 - - merged usage() information from master - -commit 92e403a242d8d2bf63dc2427caa91085f80d9cba -Author: Michael Rash -Date: Mon Jul 2 23:50:45 2012 -0400 - - added initial HMAC-SHA256 support for the client side - - client/cmd_opts.h | 2 + - client/config_init.c | 3 + - client/fwknop.c | 159 +++++++++++++++++++++-------- - client/fwknop_common.h | 3 + - client/getpasswd.c | 4 +- - lib/Makefile.am | 4 +- - lib/fko.h | 26 ++++- - lib/fko_context.h | 2 + - lib/fko_encryption.c | 21 +++- - lib/fko_error.c | 3 + - lib/fko_funcs.c | 59 +++++++++-- - lib/fko_hmac.c | 114 +++++++++++++++++++++ - lib/fko_state.h | 1 + - lib/hmac.c | 80 +++++++++++++++ - lib/hmac.h | 54 ++++++++++ - server/access.c | 3 + - server/fwknopd_common.h | 1 + - server/incoming_spa.c | 30 ++++-- - test/conf/fwknoprc_default_hmac_base64_key | 72 +++++++++++++ - test/conf/fwknoprc_invalid_base64_key | 73 +++++++++++++ - test/conf/fwknoprc_named_key | 73 +++++++++++++ - test/test-fwknop.pl | 28 ++++- - 22 files changed, 741 insertions(+), 74 deletions(-) - -commit 3095f0ee436540776f185ce7b6a3b7f6e059af45 -Author: Michael Rash -Date: Wed Jun 27 23:06:17 2012 -0400 - - Added key generation support with --key-gen - - Added --key-gen to allow KEY_BASE64 and HMAC_KEY_BASE64 keys to be created from - reading random data from /dev/random. These keys can be placed within server - access.conf files and corresponding client .fwknoprc files for SPA - communications. The HMAC key is not used yet with this commit, but that is - coming. - - client/cmd_opts.h | 6 +- - client/config_init.c | 103 +++++++++++++++----- - client/fwknop.c | 24 ++++- - client/fwknop_common.h | 15 ++- - client/getpasswd.c | 8 +- - client/utils.c | 23 ++++- - client/utils.h | 1 + - lib/base64.c | 2 +- - lib/cipher_funcs.c | 2 +- - lib/cipher_funcs.h | 1 + - lib/fko.h | 3 + - lib/fko_funcs.c | 35 +++++++ - server/access.c | 50 ++++++++++ - server/fwknopd_common.h | 2 + - server/incoming_spa.c | 17 ++++ - server/utils.c | 2 +- - server/utils.h | 2 +- - test/conf/base64_key_access.conf | 3 + - test/conf/fwknoprc_with_default_base64_key | 71 ++++++++++++++ - test/conf/fwknoprc_with_default_key | 71 ++++++++++++++ - test/conf/fwknoprc_with_named_key | 73 ++++++++++++++ - test/test-fwknop.pl | 149 +++++++++++++++++++++++++++++ - 22 files changed, 625 insertions(+), 38 deletions(-) - -commit 20e3e3b6e54688858144e000513b1ae5f3504ed7 -Author: Michael Rash -Date: Sat Jun 23 15:41:58 2012 -0400 - - added test for client --show-last functionality - - test/test-fwknop.pl | 19 ++++++++++++++++--- - 1 file changed, 16 insertions(+), 3 deletions(-) - -commit adbc6a8f39e43bed7adc29949ed3c56d06cbefb0 -Author: Michael Rash -Date: Sat Jun 23 15:13:03 2012 -0400 - - Bug fix to not force asymmetric gpg decryption - - fwknopd access stanzas can have both Rijndael and GnuPG keys, so this - commit fixes a bug where any gpg info would force only gpg decryption - attempts even if a Rijndael key is provided in the stanza. - - server/access.c | 1 - - server/incoming_spa.c | 2 +- - 2 files changed, 1 insertion(+), 2 deletions(-) - -commit c6a2680be2b4a61266506847de69ba44c6ad32e1 -Author: Michael Rash -Date: Sun Jun 17 13:57:06 2012 -0400 - - added test for invalid SOURCE access lines - - test/conf/invalid_source_access.conf | 7 +++++++ - test/test-fwknop.pl | 15 +++++++++++++++ - 2 files changed, 22 insertions(+) - -commit 5f8e3f4a7d145670594a98802a776a26be66d577 -Author: Michael Rash -Date: Sun Jun 17 13:42:23 2012 -0400 - - Bug fix to throw out invalid access.conf SOURCE entries - - This commit causes fwknopd to exit whenever an invalid SOURCE entry is seen - such as ":ANY". Previous to this commit, valgrind threw the following errors - with ":ANY" as an access.conf SOURCE entry: - - Invalid read of size 8 - at 0x117695: free_acc_source_list (access.c:512) - by 0x1177E3: free_acc_stanza_data (access.c:564) - by 0x117C67: free_acc_stanzas (access.c:654) - by 0x10E32E: free_configs (config_init.c:106) - by 0x10D085: main (fwknopd.c:376) - Address 0x5a80658 is 8 bytes inside a block of size 16 free'd - at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) - by 0x116AE0: add_source_mask (access.c:255) - by 0x116D57: expand_acc_source (access.c:303) - by 0x117A82: expand_acc_ent_lists (access.c:620) - by 0x119570: parse_access_file (access.c:1043) - by 0x10C77E: main (fwknopd.c:193) - - Invalid free() / delete / delete[] / realloc() - at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) - by 0x1176A8: free_acc_source_list (access.c:514) - by 0x1177E3: free_acc_stanza_data (access.c:564) - by 0x117C67: free_acc_stanzas (access.c:654) - by 0x10E32E: free_configs (config_init.c:106) - by 0x10D085: main (fwknopd.c:376) - Address 0x5a80650 is 0 bytes inside a block of size 16 free'd - at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) - by 0x116AE0: add_source_mask (access.c:255) - by 0x116D57: expand_acc_source (access.c:303) - by 0x117A82: expand_acc_ent_lists (access.c:620) - by 0x119570: parse_access_file (access.c:1043) - by 0x10C77E: main (fwknopd.c:193) - - HEAP SUMMARY: - in use at exit: 8 bytes in 1 blocks - total heap usage: 1,659 allocs, 1,659 frees, 238,310 bytes allocated - - server/access.c | 20 ++++++++------------ - 1 file changed, 8 insertions(+), 12 deletions(-) - -commit 10d380d1933d9060d8b1a5b3db4f31cea7390396 -Author: Michael Rash -Date: Thu Jun 14 20:43:57 2012 -0400 - - Test suite support for function coverage testing via gcov - - Added --enable-profile-coverage to the configure script to have the fwknop - binaries compiled with gcc profiling support in order to see which functions - get executed by the test suite via gcov. The last test executed by the test - suite under --enable-profile-coverage contains all fwknop functions that - were not executed under the test run (function execution totals are - cumlative). - - configure.ac | 14 ++++ - test/test-coverage/iptables/zero_called_functions | 79 +++++++++++++++++++++++ - test/test-fwknop.pl | 62 +++++++++++++++++- - 3 files changed, 154 insertions(+), 1 deletion(-) - -commit e3761b8bff47600374803443a97493488bc8b4da -Merge: 71690a1 fcf40b5 -Author: Michael Rash -Date: Mon May 28 14:24:02 2012 -0400 - - merged minor updates from master - -commit 71690a1de45b273789af4e26a01594e9d5150eff -Author: Michael Rash -Date: Mon Feb 13 13:56:24 2012 -0500 - - bug fix to ensure to pick up proper entropy min/max values - - extras/spa-entropy/spa-entropy.pl | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -commit 65cd9b0038c6e92ff4a36aea652b0d65afda897a -Author: Michael Rash -Date: Mon Feb 13 12:48:58 2012 -0500 - - updated to local_spa.key from the test suite directory - - extras/spa-entropy/spa-entropy.pl | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -commit 0c9946160ce241e9a2c3226e7d0dab64b6bb7910 -Author: Michael Rash -Date: Sun Feb 12 20:52:17 2012 -0500 - - ensure CBC is the default symmetric encryption mode - - extras/spa-entropy/spa-entropy.pl | 40 ++++++++++++++++++++++++++++----------- - 1 file changed, 29 insertions(+), 11 deletions(-) - -commit 8fd83f5a3f8b1c745b2e932bcaff7f8d850a8b9d -Author: Michael Rash -Date: Fri Feb 10 15:59:26 2012 -0500 - - updated docs to reference the default AES encryption mode of CBC - - doc/fwknop.man.asciidoc | 12 +++++------- - doc/fwknopd.man.asciidoc | 10 +++------- - 2 files changed, 8 insertions(+), 14 deletions(-) - -commit de41b0a1ec93fd0e2a913e0c57b495fb2cbbefd1 -Author: Michael Rash -Date: Fri Feb 10 15:10:19 2012 -0500 - - bugfix to ensure that incoming SPA data in AES mode is a multiple of the Rjindael blocksize (16) - - lib/cipher_funcs.c | 4 ++-- - lib/fko_encryption.c | 9 +++++++++ - 2 files changed, 11 insertions(+), 2 deletions(-) - -commit 6dbe523052161d8553b09a9dad0890d1e7ec0995 -Author: Michael Rash -Date: Fri Feb 10 15:09:27 2012 -0500 - - added test suite support for AES CTR, OFB, CFB, and ECB encryption modes - - client/config_init.c | 2 +- - server/access.c | 2 +- - test/conf/cfb_mode_access.conf | 4 +++ - test/conf/ctr_mode_access.conf | 4 +++ - test/conf/ofb_mode_access.conf | 4 +++ - test/test-fwknop.pl | 63 ++++++++++++++++++++++++++++++++++++++++++ - 6 files changed, 77 insertions(+), 2 deletions(-) - -commit 6130099b75bee3984757787269bb1e6d24fd1b1b -Author: Michael Rash -Date: Fri Feb 10 13:38:30 2012 -0500 - - minor header addition for spa-entropy.pl - - extras/spa-entropy/spa-entropy.pl | 8 ++++++++ - 1 file changed, 8 insertions(+) - -commit 79a5265be0404b487cd448a6b6f490bfd7459b2c -Author: Michael Rash -Date: Thu Feb 9 15:23:07 2012 -0500 - - updated to not base64 decode encrypted packet data by default (can override with --base64-decode) - - extras/spa-entropy/spa-entropy.pl | 43 +++++++++++++-------------------------- - 1 file changed, 14 insertions(+), 29 deletions(-) - -commit aeb96c502ef5ae8420689cb583142d342d2f5d49 -Author: Michael Rash -Date: Thu Feb 9 14:56:18 2012 -0500 - - added --gpg entropy measurement, added sensible gnuplot yrange calculations - - extras/spa-entropy/spa-entropy.pl | 23 ++++++++++++++++++++--- - 1 file changed, 20 insertions(+), 3 deletions(-) - -commit 280b8c56f0d73488aab23c0396e63b1a7dbbf072 (refs/heads/spa_entropy) -Author: Michael Rash -Date: Wed Feb 8 14:29:33 2012 -0500 - - switched CBC mode test (which is the default Rjindael encryption mode) to ECB mode - - test/conf/cbc_mode_access.conf | 4 ---- - test/conf/ecb_mode_access.conf | 4 ++++ - test/test-fwknop.pl | 8 ++++---- - 3 files changed, 8 insertions(+), 8 deletions(-) - -commit bcb0fcfc1adc78cc39ebf9d5b89965bda4522016 -Author: Michael Rash -Date: Wed Feb 8 14:16:42 2012 -0500 - - Re-worked encryption/decryption handling - - For SPA packets encrypted with Rjindael, fwknop has always used CBC mode - even though ECB mode is mentioned in a couple of places. This change makes - more transparent use of block_encrypt() and block_decrypt() to ensure that - the appropriate mode is used. The default is CBC mode, but others can be - selected as well (-M for the fwknop client, and ENCRYPTION_MODE in - access.conf for the fwknopd server). - - lib/cipher_funcs.c | 66 ++++++++++------------------------------------------ - lib/fko.h | 2 +- - lib/fko_encryption.c | 36 ++++++++++++++-------------- - 3 files changed, 32 insertions(+), 72 deletions(-) - -commit efcefdfb811859b2d957d5e48cdaf5a43f7b34d3 -Author: Michael Rash -Date: Wed Feb 8 14:15:36 2012 -0500 - - update display_ctx() to show the entire plaintext data on one line - - client/fwknop.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -commit 193e1799e608cb33bb1c4145c1d4812feaaccdd8 -Author: Michael Rash -Date: Mon Feb 6 15:19:03 2012 -0500 - - made default openssl encryption mode 'aes-256-ecb' - - extras/spa-entropy/spa-entropy.pl | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -commit c68358eabd7b2d1d21d82f35200dcc24f920edc5 -Author: Michael Rash -Date: Mon Feb 6 15:12:31 2012 -0500 - - added the ability to encrypt fwknop client plaintext data with openssl - - extras/spa-entropy/spa-entropy.pl | 379 +++++++++++++++++++++++++++----------- - 1 file changed, 273 insertions(+), 106 deletions(-) - -commit a7cb3bf62b54294a9fa5856c9a90b2c5c9fdcc53 -Author: Michael Rash -Date: Sun Jan 29 22:07:06 2012 -0500 - - added spa-entropy/ directory for measuring entropy across SPA packets - - extras/spa-entropy/spa-entropy.pl | 209 ++++++++++++++++++++++++++++++++++++++ - 1 file changed, 209 insertions(+) - -commit 53a6d72cd2cea4a14bfb3f1b65f5dd50116f6795 -Author: Michael Rash -Date: Sun Jan 29 17:31:12 2012 -0500 - - added test suite support for CBC mode Rijndael tcp/22 test - - lib/cipher_funcs.c | 5 +++-- - lib/rijndael.h | 6 +++--- - test/conf/cbc_mode_access.conf | 4 ++++ - test/test-fwknop.pl | 16 ++++++++++++++++ - 4 files changed, 26 insertions(+), 5 deletions(-) - -commit 4c3d2188a1b94c5d33ac34d348e8d48eac858f00 -Author: Michael Rash -Date: Tue Jan 24 20:26:21 2012 -0500 - - Update to make AES encryption modes selectable - - This is a significant update to allow AES encryption modes to be selected on a - per-key basis. For now, only ECB and CBC (recommended) modes are supported. - The default is ECB modes in order to maintain backwards compatibility with the - older perl version of fwknop and the Crypt::CBC CPAN module. This will likely - be changed to use CBC mode by default because of its better security - properties. - - In the access.conf file on the server side, there is a new configuration - variable "ENCRYPTION_MODE" that controls the mode for the corresponding AES - key. On the client side, a new command line argument "--encryption-mode" - controls how the client encrypts SPA packets. - - client/cmd_opts.h | 4 +++- - client/config_init.c | 50 ++++++++++++++++++++++++++++++++++++++++++++---- - client/fwknop.c | 31 ++++++++++++++++++++++++++++-- - client/fwknop_common.h | 3 ++- - doc/fwknop.man.asciidoc | 25 ++++++++++++++++++------ - doc/fwknopd.man.asciidoc | 9 +++++++++ - lib/cipher_funcs.c | 15 +++++++++------ - lib/cipher_funcs.h | 6 ++++-- - lib/fko.h | 22 ++++++++++++++++++++- - lib/fko_context.h | 1 + - lib/fko_encryption.c | 45 +++++++++++++++++++++++++++++++++++++++---- - lib/fko_funcs.c | 29 +++++++++++++++++++++++++--- - lib/fko_state.h | 3 ++- - server/access.c | 43 ++++++++++++++++++++++++++++++++++++++--- - server/fwknopd_common.h | 1 + - server/incoming_spa.c | 6 ++++-- - 16 files changed, 257 insertions(+), 36 deletions(-)