DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity
fwknop/ChangeLog.git
Michael Rash a0ffd0f492 ChangeLog.git file now shows changes since 2.0.4
2013-07-18 23:14:00 -04:00

6870 lines
251 KiB
Plaintext
Raw Blame History

commit 65dc33dd9c2cc6e484e94d86e8b23e69cb7dbd56 (HEAD, refs/heads/master)
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jul 18 23:06:24 2013 -0400
[client] added --use-hmac to --help output (noticed by Damien)
client/config_init.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
commit 35d168cf21d94cdf162521b0d62d62710fd341ae
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jul 18 23:05:49 2013 -0400
added fwknop-2.5 release date
ChangeLog | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 3ee8b47870736f96adf6add91532acde8ff377cb (refs/remotes/web/master, refs/remotes/origin/master)
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jul 18 17:30:25 2013 -0400
[client] fix minor memory leak in getpasswd() routine caught by the test suite in valgrind mode
client/getpasswd.c | 6 ++++++
1 file changed, 6 insertions(+)
commit f2d829535b9692a0df01f8b41ec9894c6474b2e1
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jul 18 00:15:22 2013 -0400
[client] fix minor compilation warning about an unused variable
client/getpasswd.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
commit 708e3027f5293f3c7cf7edff48ad3ef73c918809
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Jul 17 23:51:54 2013 -0400
Revert "[libfko] Have 'make install' run ldconfig if basic fwknop/fwknopd -h exec fails"
This reverts commit f55b89c867ab63aaf69daae0aec0c19f1c52d521.
Damien recommended not having 'make install' run ldconfig since it breaks an RPM
build of fwknop, and most package managers should be doing this step anyway.
CREDITS | 3 ---
Makefile.am | 11 -----------
2 files changed, 14 deletions(-)
commit f7a821d0820965a8e4b800744c89018f26da669a
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Jul 17 23:34:37 2013 -0400
minor ChangeLog text tweaks and one typo fix
ChangeLog | 14 +++++++-------
lib/rijndael.c | 2 +-
2 files changed, 8 insertions(+), 8 deletions(-)
commit 4b0f0802eedb1451029aac319ff063182650ee07
Author: Damien S. Stuart <dstuart@dstuart.org>
Date: Wed Jul 17 22:46:24 2013 -0400
Tweaks to unbreak the windows build: Renamed FD_SET macro to FD_SET_ALT to avoid conflict with the well-known FD_SET macro. Made the client read password from file descriptor a non-supported function on Windows.
client/cmd_opts.h | 4 ++--
client/config_init.c | 10 +++++++++-
client/getpasswd.c | 27 +++++++--------------------
common/common.h | 1 +
lib/fko_common.h | 2 +-
5 files changed, 20 insertions(+), 24 deletions(-)
commit 39213beda75697fa89a9d825d48e40803f1171ff
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jul 14 17:46:48 2013 -0400
add legacy_iv_long_key2_access.conf file to Makefile.am
Makefile.am | 1 +
1 file changed, 1 insertion(+)
commit dac75c0242c988ebe3eafc71c52967c805712bfe
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jul 14 15:37:24 2013 -0400
[server] restore backwards compatibility for Rijndael keys > 16 bytes in legacy mode by truncating (upgrading recommended of course)
server/access.c | 15 +++++++++++++-
test/conf/legacy_iv_long_key2_access.conf | 4 ++++
test/test-fwknop.pl | 1 +
test/tests/rijndael_backwards_compatibility.pl | 28 ++++++++++++++++++--------
4 files changed, 39 insertions(+), 9 deletions(-)
commit 510361fa73a9a04ae8553cc3b4bb783aab03fb13
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jul 14 14:38:03 2013 -0400
[test suite] account for timestamp differences in iptables rule duplication tests
test/test-fwknop.pl | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++---
1 file changed, 52 insertions(+), 3 deletions(-)
commit dcf9c99fb5ab245cd363b277aafb240ac07e8125
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jul 14 14:37:22 2013 -0400
[server] iptables rule duplication bug fix to look for protocol name with -C support isn't available
server/fw_util_iptables.c | 41 ++++++++++++++++++++++++++++++-----------
1 file changed, 30 insertions(+), 11 deletions(-)
commit 44aefd117764c147a23fb3f6bf61c0456f9d0ef8
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Jul 13 23:22:58 2013 -0400
[test suite] bug fix to ensure multiple SPA packets are sent for iptables duplicated rules tests
test/test-fwknop.pl | 102 ++++++++++++++++++++------------------------
test/tests/rijndael.pl | 4 +-
test/tests/rijndael_hmac.pl | 1 -
3 files changed, 49 insertions(+), 58 deletions(-)
commit baa964a8cd7bdc61032fe9285ac6c651fd7403a0
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Jul 13 23:22:29 2013 -0400
[server] removed iptables '-C' redirection since 2>&1 is always appended by other macros
server/fw_util_iptables.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit a7de80e66eda7317c428d3c38dd08212553473ce
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Jul 12 23:22:50 2013 -0400
[server] Account for older versions of iptables that don't have -C
This commit updates fwknopd to test for the existance of the iptables '-C'
rule checking functionality since older versions of iptables don't have this.
If it isn't offered by the installed version of iptables, then revert to parsing
fwknop chains to see if iptables rules already exist before adding new rules (to
avoid duplicates).
server/fw_util_iptables.c | 350 ++++++++++++++++++++++++++++++++++++++--------
server/fw_util_iptables.h | 4 +-
2 files changed, 297 insertions(+), 57 deletions(-)
commit f391b1391dd73faf8e65ff47d31431d6585049cf
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Jul 12 23:21:38 2013 -0400
[libfko] apply zero_buf() to stack allocated Rijndael context for encrypt/decrypt
lib/cipher_funcs.c | 8 ++++++++
1 file changed, 8 insertions(+)
commit 3e8e9f76a07f75d5cb3da7df08ac09e511002f5e
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jul 11 22:13:40 2013 -0400
minor README typo fixes
README | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
commit 96641059064136c828f5a282bba4a289e39b37ce
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Jul 10 23:11:29 2013 -0400
[server] compile bug fix for pf/ipfw firewall systems
server/fw_util_ipfw.c | 4 ++--
server/fw_util_pf.c | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
commit e75c10c6e594dcb3c13e5771ed98094d5912b1b0
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Jul 10 23:10:23 2013 -0400
[libfko] use zero_free_rv - dead code bug fix found by CLANG static analyzer
lib/fko_encryption.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
commit 6c24b1c858194b809c19167c1aeabccd73fd10f5
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Jul 10 23:09:41 2013 -0400
[libfko] always call free() from zero_free() on all non-NULL buf pointers
lib/fko_util.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
commit a42bfd38c2303ef78a42fcf2e0583560172a86d7
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Jul 10 23:07:43 2013 -0400
[libfko] bug fix to set digest length upon SPA packet decode
This bug was caught with the fko_wrapper.c multi-call tester running under
valgrind.
lib/fko_decode.c | 5 +++++
1 file changed, 5 insertions(+)
commit a009ebfde29586e6aa94904a281c756b050f3ba1
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Jul 9 23:21:12 2013 -0400
[client] minor man page update to state that -a is more secure than -R
client/fwknop.8.in | 22 +++++++++++++++++-----
doc/fwknop.man.asciidoc | 13 ++++++++++---
2 files changed, 27 insertions(+), 8 deletions(-)
commit 3756b831f5ff1db9b3f97647bb93a0e12cc394ae
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Jul 9 22:17:05 2013 -0400
simplified zero_free() calls in support of #93
lib/fko_encryption.c | 100 +++++++++++++++++++++++++++++++--------------------
lib/fko_funcs.c | 10 +++---
lib/fko_hmac.c | 24 +++++++------
lib/fko_util.c | 10 +++---
lib/fko_util.h | 2 +-
5 files changed, 85 insertions(+), 61 deletions(-)
commit 189a183e1887d9ddb7693184e6784f768234d42b
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Jul 9 21:40:23 2013 -0400
allow zero length to return FKO_SUCCESS from zero_buf() call
client/fwknop.c | 8 ++++++--
lib/fko_util.c | 8 ++++++--
2 files changed, 12 insertions(+), 4 deletions(-)
commit 69760d49c5a5c0e4d3f5279d75c556c82f7d522c
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Jul 9 21:18:45 2013 -0400
[libfko] return proper GPG error code upon gpg_decrypt() failure
lib/fko_encryption.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
commit 5915ee72a94ffb2ef4200f1578fd34a0817d0b30
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Jul 9 21:18:06 2013 -0400
[libfko] add ctx initialized check to fko_gpg_errstr()
lib/fko_error.c | 6 ++++++
1 file changed, 6 insertions(+)
commit bf2a8d5914f1cc6138e00427ae9c9d825622bed2
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Jul 9 21:17:03 2013 -0400
clarified NEWS file to state that fwknop is distributed under the GPL v2
NEWS | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
commit 5e3ec3b61117d116695e895f475d2a4e9fc2dc78
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Jul 9 21:13:07 2013 -0400
[client] in '-M legacy' mode truncate the key to 16 bytes
This change helps to maintain backwards compatibility with older fwknopd daemons
that cannot handle Rijndael keys greater than 16 bytes. Blair Zajac suggested
printing a warning in '-M legacy' mode when keys are attempted > 16 bytes long,
and this warning is included in this commit.
CREDITS | 3 +++
client/fwknop.c | 36 +++++++++++++++++++++++++-----------
2 files changed, 28 insertions(+), 11 deletions(-)
commit 1b524f8104fad766176f99ee6530988e19dd94fb
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jul 8 23:06:57 2013 -0400
[client] make legacy encryption mode and HMAC usage mutually exclusive
client/config_init.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
commit 24c4c5e208bcc61734c61b6b07546c981963685b
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jul 8 23:00:18 2013 -0400
continued zeroing out of sensitive data buffers in support of issue #93
client/fwknop.c | 73 +++++++++++++++++---------------
lib/fko.h | 5 ++-
lib/fko_context.h | 1 +
lib/fko_encryption.c | 114 ++++++++++++++++++++++++++++----------------------
lib/fko_error.c | 3 ++
lib/fko_funcs.c | 28 +++++++++----
lib/fko_hmac.c | 35 +++++++++++-----
lib/fko_util.c | 36 ++++++++++++++++
lib/fko_util.h | 2 +
server/access.c | 21 ++++------
server/incoming_spa.c | 31 +++++++++++---
11 files changed, 227 insertions(+), 122 deletions(-)
commit 1e77f6ed53b0d7ee1ccd1fbdb6d4f2f8579ec608
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jul 7 22:32:30 2013 -0400
continued changes to zero out sensitive information before exit (#93)
client/config_init.c | 3 +-
client/fwknop.c | 315 ++++++++++++++++++++++++++++----------------------
client/getpasswd.c | 16 +--
client/getpasswd.h | 2 +-
client/spa_comm.c | 21 ++--
client/utils.c | 75 ++++++------
lib/fko_encryption.c | 1 -
server/access.c | 5 +-
server/config_init.c | 3 +-
server/fwknopd.c | 6 +-
server/replay_cache.c | 3 +-
server/utils.c | 75 +++++++-----
12 files changed, 297 insertions(+), 228 deletions(-)
commit 6f6f7b8de28ab8ef42601256a28134dd80f82f48
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Jul 6 15:05:09 2013 -0400
[server] update fw_config_init() to allow access stanza key information to be zeroed out upon error (#93)
server/fw_util.h | 2 +-
server/fw_util_ipf.c | 2 +-
server/fw_util_ipfw.c | 12 ++++++------
server/fw_util_iptables.c | 42 +++++++++++++++++++++++++++---------------
server/fw_util_pf.c | 2 +-
server/fwknopd.c | 3 ++-
6 files changed, 38 insertions(+), 25 deletions(-)
commit cb61fd886d8559f9754392c7934f68b9f22ce2da
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Jul 6 14:53:04 2013 -0400
[server] minor header formating update
server/fwknopd_common.h | 34 +++++++++++++++++-----------------
1 file changed, 17 insertions(+), 17 deletions(-)
commit 4ff518d54a3b64457defe41328a65664b0c63fe0
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Jul 6 14:52:46 2013 -0400
[server] zero out access stanza key information before exit (in support of #93)
server/access.c | 28 ++++++++++++++++++++++++++++
server/fw_util.h | 2 +-
server/fw_util_ipf.c | 3 ++-
server/fw_util_ipfw.c | 10 ++++++----
server/fw_util_iptables.c | 13 +++++--------
server/fw_util_pf.c | 4 ++--
server/fwknopd.c | 3 ++-
7 files changed, 46 insertions(+), 17 deletions(-)
commit ff8a3ef3a4a3b15f2f60b71f649733c3153a5763 (refs/remotes/fjoncourt/master)
Author: Franck Joncourt <franck@debian.org>
Date: Sun Jun 30 22:38:41 2013 +0200
Another change.
README | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 9d7feb52f6db0d6c67691909a93ebf96317c8620
Merge: c2e1a00 ce10734
Author: Franck Joncourt <franck@debian.org>
Date: Sun Jun 30 22:22:34 2013 +0200
Merge remote-tracking branch 'upstream/master'
commit c2e1a00154836f4c05aa8d9c5356d722c6db206a
Author: Franck Joncourt <franck@debian.org>
Date: Sun Jun 30 22:21:22 2013 +0200
s/GNU Public/GNU General Public/g
android/project/jni/config.h | 2 +-
android/project/jni/fwknop/fko.h | 2 +-
android/project/jni/fwknop/fko_limits.h | 2 +-
android/project/jni/fwknop/fko_message.h | 2 +-
android/project/jni/fwknop/fwknop_client.c | 2 +-
android/project/jni/fwknop/fwknop_client.h | 2 +-
android/project/jni/fwknop/send_spa_packet.c | 2 +-
android/project/jni/logutils.h | 2 +-
android/project/src/com/max2idea/android/fwknop/Fwknop.java | 2 +-
client/cmd_opts.h | 2 +-
client/config_init.c | 2 +-
client/config_init.h | 2 +-
client/fwknop.8.in | 2 +-
client/fwknop.c | 2 +-
client/fwknop.h | 2 +-
client/fwknop_common.h | 2 +-
client/getpasswd.c | 2 +-
client/getpasswd.h | 2 +-
client/http_resolve_host.c | 2 +-
client/log_msg.c | 2 +-
client/log_msg.h | 2 +-
client/spa_comm.c | 2 +-
client/spa_comm.h | 2 +-
client/utils.c | 2 +-
client/utils.h | 2 +-
common/common.h | 2 +-
common/netinet_common.h | 2 +-
extras/fwknop-launcher/fwknop-launcher-lsof.pl | 2 +-
iphone/Classes/fwknop/fwknop_client.c | 2 +-
iphone/Classes/fwknop/fwknop_client.h | 2 +-
iphone/Classes/fwknop/send_spa_packet.c | 2 +-
iphone/Classes/libfwknop/fko_common.b | 2 +-
lib/base64.c | 2 +-
lib/base64.h | 2 +-
lib/cipher_funcs.c | 2 +-
lib/cipher_funcs.h | 2 +-
lib/digest.c | 2 +-
lib/digest.h | 2 +-
lib/fko.h | 2 +-
lib/fko_client_timeout.c | 2 +-
lib/fko_common.h | 2 +-
lib/fko_context.h | 2 +-
lib/fko_decode.c | 2 +-
lib/fko_digest.c | 2 +-
lib/fko_encode.c | 2 +-
lib/fko_encryption.c | 2 +-
lib/fko_error.c | 2 +-
lib/fko_funcs.c | 2 +-
lib/fko_hmac.c | 2 +-
lib/fko_limits.h | 2 +-
lib/fko_message.c | 2 +-
lib/fko_message.h | 2 +-
lib/fko_nat_access.c | 2 +-
lib/fko_rand_value.c | 2 +-
lib/fko_server_auth.c | 2 +-
lib/fko_state.h | 2 +-
lib/fko_timestamp.c | 2 +-
lib/fko_user.c | 2 +-
lib/fko_user.h | 2 +-
lib/fko_util.c | 2 +-
lib/fko_util.h | 2 +-
lib/gpgme_funcs.c | 2 +-
lib/gpgme_funcs.h | 2 +-
lib/hmac.c | 2 +-
lib/hmac.h | 2 +-
lib/md5.h | 2 +-
lib/rijndael.c | 2 +-
lib/rijndael.h | 2 +-
lib/sha1.h | 2 +-
perl/legacy/fwknop/Makefile | 2 +-
perl/legacy/fwknop/deps/Crypt-Rijndael/README | 2 +-
perl/legacy/fwknop/deps/Crypt-Rijndael/Rijndael.pm | 2 +-
perl/legacy/fwknop/fwknop | 2 +-
perl/legacy/fwknop/fwknop.h | 2 +-
perl/legacy/fwknop/fwknop_funcs.c | 2 +-
perl/legacy/fwknop/fwknop_serv | 2 +-
perl/legacy/fwknop/fwknopd | 2 +-
perl/legacy/fwknop/install.pl | 2 +-
perl/legacy/fwknop/knopmd.c | 2 +-
perl/legacy/fwknop/knoptm | 2 +-
perl/legacy/fwknop/knopwatchd.c | 2 +-
perl/legacy/fwknop/packaging/cd_rpmbuilder | 2 +-
perl/legacy/fwknop/test/base64_byte_frequency.pl | 2 +-
perl/legacy/fwknop/test/fwknop_test.pl | 2 +-
server/access.c | 2 +-
server/access.h | 2 +-
server/cmd_opts.h | 2 +-
server/config_init.c | 2 +-
server/config_init.h | 2 +-
server/extcmd.c | 2 +-
server/extcmd.h | 2 +-
server/fw_util.c | 2 +-
server/fw_util.h | 2 +-
server/fw_util_ipf.c | 2 +-
server/fw_util_ipf.h | 2 +-
server/fw_util_ipfw.c | 2 +-
server/fw_util_ipfw.h | 2 +-
server/fw_util_iptables.c | 2 +-
server/fw_util_iptables.h | 2 +-
server/fw_util_pf.c | 2 +-
server/fw_util_pf.h | 2 +-
server/fwknopd.c | 2 +-
server/fwknopd.h | 2 +-
server/fwknopd_common.h | 2 +-
server/fwknopd_errors.c | 2 +-
server/fwknopd_errors.h | 2 +-
server/incoming_spa.c | 2 +-
server/incoming_spa.h | 2 +-
server/log_msg.c | 2 +-
server/log_msg.h | 2 +-
server/pcap_capture.c | 2 +-
server/pcap_capture.h | 2 +-
server/process_packet.c | 2 +-
server/process_packet.h | 2 +-
server/replay_cache.c | 2 +-
server/replay_cache.h | 2 +-
server/sig_handler.c | 2 +-
server/sig_handler.h | 2 +-
server/tcp_server.c | 2 +-
server/tcp_server.h | 2 +-
server/utils.c | 2 +-
server/utils.h | 2 +-
win32/config.h | 2 +-
win32/getlogin.h | 2 +-
124 files changed, 124 insertions(+), 124 deletions(-)
commit ce10734c3a27257a83515b15538f04ddc57303a7
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jun 30 16:12:29 2013 -0400
Added LICENSE section and a link to the fwknop tutorial
README | 11 +++++++++++
1 file changed, 11 insertions(+)
commit a792e8bf4eacf59aaefb12281241cd563cc33ebe
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jun 30 15:55:01 2013 -0400
minor man page documentation updates (added twitter reference)
client/fwknop.8.in | 8 +++++---
doc/fwknop.man.asciidoc | 7 +++++--
doc/fwknopd.man.asciidoc | 7 +++++--
server/fwknopd.8.in | 8 +++++---
4 files changed, 20 insertions(+), 10 deletions(-)
commit f1e946cf02c5354b173f2dd5c74f6b8549a93202
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jun 30 15:52:47 2013 -0400
updated README to include the introduction from the fwknop man page
README | 93 +++++++++++++++++++++++++++++++++++++++++++++++++++---------------
1 file changed, 72 insertions(+), 21 deletions(-)
commit f55b89c867ab63aaf69daae0aec0c19f1c52d521 (tag: refs/tags/fwknop-2.5-pre3)
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jun 30 14:50:12 2013 -0400
[libfko] Have 'make install' run ldconfig if basic fwknop/fwknopd -h exec fails
This commit makes sure that if running 'fwknop -h' or 'fwknopd -h' appears to
fail then run ldconfig under the 'make install' step. George Herlin reported
that on some systems ldconfig was not automatically getting executed via the
autoconf Makefile config, and since fwknop/fwknopd depend on a shared library
(libfko), ldconfig needs to be executed by 'make install' if it wasn't already
done.
CREDITS | 3 +++
Makefile.am | 11 +++++++++++
2 files changed, 14 insertions(+)
commit 8ed088051e461c480b8b534a3830f0371a56e18a
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Jun 29 10:39:07 2013 -0400
[libfko] fix a few 'Overfull \hbox' errors in libfko .pdf generation
doc/libfko.texi | 25 ++++++++++++++-----------
1 file changed, 14 insertions(+), 11 deletions(-)
commit 5a4a8a5baa725c59ad3764f2eed563a1202805f1
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jun 27 22:15:39 2013 -0400
[server] convert several LOG_INFO messages to LOG_DEBUG
server/fw_util_ipfw.c | 26 +++++++++++++-------------
server/fw_util_iptables.c | 36 ++++++++++++++++++------------------
2 files changed, 31 insertions(+), 31 deletions(-)
commit 7eacb5ba5a0b1b4d094de5ce831624d20353c7e2
Merge: 5a0700e 47a7ffe
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jun 27 21:55:58 2013 -0400
Merge remote-tracking branch 'fjoncourt/master'
commit 5a0700eb469d86f659a8eae0bc7cd616508751e3
Author: Franck Joncourt <franck@debian.org>
Date: Tue Jun 25 22:04:54 2013 +0200
* Mentionned the VERBOSE variable in fwknopd.conf.
* Made sure the -v command line switch overrides the value of the
VERBOSE variable set in an fwknopd.conf file.
server/config_init.c | 8 ++------
server/fwknopd.conf | 7 +++++++
2 files changed, 9 insertions(+), 6 deletions(-)
commit 10fdbb509ccaa8dca454f2e1a19dfa93d3951c86
Author: Franck Joncourt <franck@debian.org>
Date: Tue Jun 25 21:56:53 2013 +0200
s/VERBOSITY/VERBOSE/g on the server side for consistency purposes.
server/cmd_opts.h | 2 +-
server/config_init.c | 8 ++++----
server/fwknopd_common.h | 2 +-
3 files changed, 6 insertions(+), 6 deletions(-)
commit 7fde3949daa0926b402f3184589270d1c8d64041
Author: Franck Joncourt <franck@debian.org>
Date: Mon Jun 24 23:15:50 2013 +0200
Fixed use of --verbose command line switch.
Set default log verbosity to LOG_INFO in the log_msg driver.
server/config_init.c | 44 ++++++++++++++++++++++++--------------------
server/log_msg.h | 2 +-
2 files changed, 25 insertions(+), 21 deletions(-)
commit 5db1eeb2686030ee6fa367b983ef916561c4dc77
Author: Franck Joncourt <franck@debian.org>
Date: Thu Jun 20 23:33:04 2013 +0200
Interim commit to add a VERBOSE variable to fwknopd.
client/config_init.c | 3 +++
server/cmd_opts.h | 1 +
server/config_init.c | 21 ++++++++++++++++++---
server/fwknopd_common.h | 1 +
4 files changed, 23 insertions(+), 3 deletions(-)
commit 25058f9d130dbc7ecbc415031a982b569adab50f
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jun 27 21:26:49 2013 -0400
[test suite] bug fix for rotate digest cache tests
When the test suite is executed with '--include "rotate"' then previous tests
aren't executed in order to create a new digest cache file. So, when init() is
called and a clean slate is established, there is nothing to rotate away. This
change creates the default digest cache data (comment line only) if the file
doesn't already exist for the rotate tests.
test/test-fwknop.pl | 8 ++++++++
1 file changed, 8 insertions(+)
commit 1a9c8914df18c6cc0ac43435b1ba645c01c634bd
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jun 27 21:26:31 2013 -0400
bumped VERSION file to fwknop-2.5
VERSION | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 37b624ac8b45093096492555ecfc3541ef462891
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jun 27 21:21:10 2013 -0400
bump version to 2.5, minor fwknopd -S exit status update
This commit bumps the fwknop version to 2.5 and sets the libfko version to 2.0 to
signal incompatibility with older libfko versions. Backwards compatibility is
maintained in SPA packet construction, but function prototypes in libfko-2.0 are
no longer compatible with older versions.
This commit also returns non-zero exit status under 'fwknopd --status' if there
is no existing fwknopd process. This is better than always exiting with a zero
status regardless of whether fwknopd is already running or not, and adds a level
of scriptability to --status usage. This change was suggested by George Herlin.
client/fwknop.8.in | 14 +++++++-------
configure.ac | 2 +-
doc/fwknop.man.asciidoc | 8 ++++----
doc/fwknopd.man.asciidoc | 5 +++--
fwknop.spec | 6 +++---
lib/fko.h | 2 +-
server/fwknopd.8.in | 6 +++---
server/fwknopd.c | 8 ++++++--
8 files changed, 28 insertions(+), 23 deletions(-)
commit 47a7ffe22bc82f8f60867979842d6147b0bc4bbf
Merge: 5413d1c d125146
Author: Franck Joncourt <franck@debian.org>
Date: Tue Jun 25 23:03:28 2013 +0200
Merge remote-tracking branch 'upstream/master'
commit 5413d1c48c9e37adada0b7c74018d7da5746d188
Author: Franck Joncourt <franck@debian.org>
Date: Tue Jun 25 22:04:54 2013 +0200
* Mentionned the VERBOSE variable in fwknopd.conf.
* Made sure the -v command line switch overrides the value of the
VERBOSE variable set in an fwknopd.conf file.
server/config_init.c | 8 ++------
server/fwknopd.conf | 7 +++++++
2 files changed, 9 insertions(+), 6 deletions(-)
commit 4525a7e57c1a9e0880e30c69688c569c9ab1ed45
Author: Franck Joncourt <franck@debian.org>
Date: Tue Jun 25 21:56:53 2013 +0200
s/VERBOSITY/VERBOSE/g on the server side for consistency purposes.
server/cmd_opts.h | 2 +-
server/config_init.c | 8 ++++----
server/fwknopd_common.h | 2 +-
3 files changed, 6 insertions(+), 6 deletions(-)
commit 07f96f86f8e61d7d57b1675d465d1b0d24ad09b0
Author: Franck Joncourt <franck@debian.org>
Date: Mon Jun 24 23:15:50 2013 +0200
Fixed use of --verbose command line switch.
Set default log verbosity to LOG_INFO in the log_msg driver.
server/config_init.c | 44 ++++++++++++++++++++++++--------------------
server/log_msg.h | 2 +-
2 files changed, 25 insertions(+), 21 deletions(-)
commit 2812897666092abb2887aa4d7012535629dbf17f
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Jun 21 21:37:23 2013 -0400
ChangeLog 2.5 updates
ChangeLog | 19 ++++++++++++++++++-
1 file changed, 18 insertions(+), 1 deletion(-)
commit d125146c37de1e31e1a59bc133c64c59ea22ea1e
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Jun 21 21:11:23 2013 -0400
[server] minor --help update to include cipherdyne.org URL
server/config_init.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
commit 371036bad0974e1968615be1ddabaa2cbf8405cd
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Jun 21 21:08:38 2013 -0400
[client] re-use encryption/HMAC keys in --test mode
The client --test mode decrypts SPA packet data as a final step, but get_keys()
was being called to re-acquire the encryption/HMAC keys. This commit reuses
the same keys that were supplied for SPA packet encryption/authentication
because the most important code to test is not get_keys() but rather libfko
encryption/decryption/authentication operations.
client/fwknop.c | 41 ++++++++---------------------------------
client/fwknop.h | 5 -----
server/fwknopd.h | 5 -----
3 files changed, 8 insertions(+), 43 deletions(-)
commit 6b132862fdb7503fba53c5da61992229a5f7db60
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jun 20 22:12:29 2013 -0400
[client] minor man page backwards compatibility wording tweak
client/fwknop.8.in | 6 +++---
doc/fwknop.man.asciidoc | 16 +++++++++-------
2 files changed, 12 insertions(+), 10 deletions(-)
commit 047513710aec6d20dd9f0d030854267c1db9f0ef
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jun 20 22:11:42 2013 -0400
[client] add GPG_NO_SIGNING_PW to --save-rc-stanza functionality
client/config_init.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
commit afd6f6b23c1f1b8906ae4eebe87f110a602c9d76
Author: Franck Joncourt <franck@debian.org>
Date: Thu Jun 20 23:33:04 2013 +0200
Interim commit to add a VERBOSE variable to fwknopd.
client/config_init.c | 3 +++
server/cmd_opts.h | 1 +
server/config_init.c | 21 ++++++++++++++++++---
server/fwknopd_common.h | 1 +
4 files changed, 23 insertions(+), 3 deletions(-)
commit 1d17c4093bbd0ae15808a8c3ffbf9f9811e31071
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Jun 19 23:47:04 2013 -0400
added fwknoprc gpg signing pw test conf files to Makefile.am
Makefile.am | 2 ++
1 file changed, 2 insertions(+)
commit 68acbaadc407b10d973f1157f9638088d620ea98
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Jun 19 23:42:58 2013 -0400
remove newline chars from log_msg() calls
client/config_init.c | 14 ++++++++--
client/fwknop.c | 2 +-
client/http_resolve_host.c | 2 +-
client/spa_comm.c | 4 +--
client/utils.c | 3 +-
server/access.c | 69 ++++++++++++++++++++++++++++++----------------
server/config_init.c | 36 ++++++++++++------------
server/fw_util_ipf.c | 3 +-
server/fw_util_ipfw.c | 26 +++++++++--------
server/fw_util_iptables.c | 17 ++++++------
server/fw_util_pf.c | 5 ++--
server/fwknopd.c | 8 +++---
server/incoming_spa.c | 7 +++--
server/log_msg.c | 2 +-
server/pcap_capture.c | 10 +++----
server/replay_cache.c | 6 ++--
server/tcp_server.c | 2 +-
server/utils.c | 10 +++----
18 files changed, 132 insertions(+), 94 deletions(-)
commit 13626a2a749046771268dc5b1be3431fc03ffa7d
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Jun 19 23:41:37 2013 -0400
[test suite] added tests for KEY synonym GPG_SIGNING_PW
test/conf/fwknoprc_gpg_signing_pw | 2 ++
test/conf/fwknoprc_named_gpg_signing_pw | 7 ++++++
test/test-fwknop.pl | 2 ++
test/tests/basic_operations.pl | 4 ++--
test/tests/gpg.pl | 40 +++++++++++++++++++++++++++++++++
test/tests/gpg_no_pw.pl | 2 +-
6 files changed, 54 insertions(+), 3 deletions(-)
commit 54c26ede6e250e19667aff6f9c4d6da5bff31d7e
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Jun 19 23:38:37 2013 -0400
[libfko] defensive coding update to quiet minor CLANG static analyzer false positives
lib/cipher_funcs.c | 3 +++
lib/fko_encryption.c | 10 +++++++---
2 files changed, 10 insertions(+), 3 deletions(-)
commit e3a2289d70f79b0527bad40bc674090cdfeee9d0
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Jun 19 23:37:19 2013 -0400
[client] man page update to include GPG_SIGNING_PW synonym for KEY variable in GPG mode
client/fwknop.8.in | 18 ++++++++++++++++--
doc/fwknop.man.asciidoc | 11 +++++++++++
2 files changed, 27 insertions(+), 2 deletions(-)
commit a2d16f8c5ee53360d95579c7640a0ff3967d4a69
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Jun 18 23:12:42 2013 -0400
[test suite] minor permission modification update to use %cf hash
test/test-fwknop.pl | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
commit 13173343ee0a4797abfba868117fe08fe3a10b92
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Jun 18 22:51:22 2013 -0400
[client] add GPG_ALLOW_NO_SIGNING_PW and --gpg-no-signing-pw
This change brings similar functionality to the client as the GPG_ALLOW_NO_PW
keyword in the server access.conf file. Although this option is less likely
to be used than the analogous server functionality, it stands to reason that
the client should offer this feature. The test suite has also been updated to
not use the --get-key option for the 'no password' GPG tests.
client/cmd_opts.h | 2 +
client/config_init.c | 110 +++++++++++++++++++++++++++++++++---------------
client/fwknop.8.in | 13 +++++-
client/fwknop.c | 23 +++++-----
client/fwknop_common.h | 1 +
doc/fwknop.man.asciidoc | 6 +++
test/test-fwknop.pl | 6 +++
test/tests/gpg_no_pw.pl | 61 ++++++++++-----------------
8 files changed, 135 insertions(+), 87 deletions(-)
commit 21dc87ace5f34637e4fb130910793694a1c39d1f
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Jun 18 22:50:10 2013 -0400
[test suite] bug fix for missing file permission mods noticed by Franck
test/test-fwknop.pl | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
commit 2014cf767a4f2aa9e87e0b4de47a1b60fa257e3d
Merge: afbf6d5 5667d8e
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Jun 18 22:48:33 2013 -0400
Merge remote-tracking branch 'fjoncourt/master'
New strategy for log_module from Franck, closes #89
commit 5667d8e151397955e25817f47dc42463a6397225
Author: Franck Joncourt <franck@debian.org>
Date: Tue Jun 18 22:12:41 2013 +0200
Fixed default verbosity to LOG_NOTICE rather than LOG_WARNING.
server/log_msg.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 2cc1ac65bc05d3a7fb8ffae60f8556e74665bc19
Author: Franck Joncourt <franck@debian.org>
Date: Mon Jun 17 12:31:07 2013 +0200
Replaced some uses of *fprintf(stderr* by *log_msg(LOG_ERR* in config_init.c
server/config_init.c | 30 +++++++++++++++---------------
1 file changed, 15 insertions(+), 15 deletions(-)
commit f418bc21872e7c34651bb4c4d2e3f6efccf395a1
Merge: 57cf6dc b0c9ed5
Author: Franck Joncourt <franck@debian.org>
Date: Sun Jun 16 22:28:26 2013 +0200
Merge remote-tracking branch 'upstream/master'
commit 57cf6dc4727703dedb3ff9ce489ce43201896ea2
Author: Franck Joncourt <franck@debian.org>
Date: Sun Jun 16 22:16:41 2013 +0200
s/fprintf(stderr/log_msg(LOG_ERR/
server/access.c | 120 +++++++++++++++++++++++-----------------------
server/fw_util_ipf.c | 2 +-
server/fw_util_ipfw.c | 14 +++---
server/fw_util_iptables.c | 8 ++--
server/fw_util_pf.c | 2 +-
server/fwknopd.c | 9 ++--
server/replay_cache.c | 15 +++---
server/utils.c | 10 ++--
8 files changed, 89 insertions(+), 91 deletions(-)
commit 84f870494941aed8549e302f2736d46a4f3eef37
Author: Franck Joncourt <franck@debian.org>
Date: Sun Jun 16 21:24:37 2013 +0200
Fix static_log_flag in the log_module.
server/log_msg.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 935565cd90d1cf0f8f2c2e9a435ec4e5b500348b
Author: Franck Joncourt <franck@debian.org>
Date: Sun Jun 16 21:16:25 2013 +0200
Fix log_msg().
* Added new constant LOG_WITHOUT_SYSLOG to be able to print messages to
stderr only.
* Renamed LOG_STDERR_MASK as LOG_VERBOSITY_MASK for a better understanding.
server/log_msg.c | 21 +++++++++++----------
server/log_msg.h | 7 ++++---
2 files changed, 15 insertions(+), 13 deletions(-)
commit b48295c69b2d5396689c4bf6d28a2cd70393d084
Author: Franck Joncourt <franck@debian.org>
Date: Sun Jun 16 19:12:06 2013 +0200
Interim commit to make the log_msg strategy.
* log_msg : New log_set_verbosity(): It sets the default verbosity for the
log module according to the verbose option set by the user through the command
line.
* Remove useless checks of the verbose option when log_msg() is invoked.
server/fw_util_ipfw.c | 74 +++++++++++++++++-------------------------
server/fw_util_iptables.c | 82 ++++++++++++++++++-----------------------------
server/fwknopd.c | 15 +++++----
server/incoming_spa.c | 24 ++++++--------
server/log_msg.c | 21 ++++++++++++
server/log_msg.h | 3 ++
server/pcap_capture.c | 2 +-
7 files changed, 103 insertions(+), 118 deletions(-)
commit afbf6d51c02f2148a96d20f447ede9c27bb0dcfa
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jun 16 08:27:29 2013 -0400
[client] minor man page backwards compatibility update to include better examples
client/fwknop.8.in | 32 +++++++++++++++++++++++++++++---
doc/fwknop.man.asciidoc | 28 ++++++++++++++++++++++++++--
2 files changed, 55 insertions(+), 5 deletions(-)
commit b0c9ed52ba32da6e9514f74a4037f03c3539f793
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Jun 15 21:20:39 2013 -0400
[test suite] bug fix for proper replay attack regex searching of test output, added several replay attack tests
test/test-fwknop.pl | 4 +---
test/tests/gpg.pl | 14 ++++++------
test/tests/gpg_hmac.pl | 18 +++++++++++++--
test/tests/gpg_no_pw.pl | 19 +++++++++++++---
test/tests/gpg_no_pw_hmac.pl | 18 ++++++++++++---
test/tests/rijndael_hmac.pl | 42 +++++++++++++++++++++++++++++++++++
test/tests/rijndael_replay_attacks.pl | 11 ++++-----
7 files changed, 103 insertions(+), 23 deletions(-)
commit 8155cf33315d1bb4a8827ed87d8e12a226c0bec6
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jun 13 21:23:59 2013 -0400
[server] ensure 'Rule added' log messages are generated when create_rule() is called
server/fw_util_iptables.c | 36 +++++++++++++++++-------------------
1 file changed, 17 insertions(+), 19 deletions(-)
commit c23d2d644f1ef116822fa418a2971a55c87210a7
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jun 13 21:22:58 2013 -0400
minor typo and format fixes
server/fwknopd.c | 2 +-
server/replay_cache.c | 4 +++-
2 files changed, 4 insertions(+), 2 deletions(-)
commit 1341601a663725896324aeb30d90e519e0648b71
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jun 13 21:21:40 2013 -0400
[server] when log_msg() is called fflush() output to stderr (when stderr is used)
server/log_msg.c | 1 +
1 file changed, 1 insertion(+)
commit 48b2213780fda6bc02b76bd013ae30dd56030165
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jun 13 21:20:11 2013 -0400
[client] truncate args save file with open()
client/fwknop.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit fc8a74131bbb804a73a9b6e49371e7393459d8c5
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Jun 12 23:10:19 2013 -0400
[test suite] minor OS compatibility test re-order
test/tests/os_compatibility.pl | 83 +++++++++++++++++++-----------------------
1 file changed, 38 insertions(+), 45 deletions(-)
commit ea0ecc8cbe9b02e481fbcabe80181ee804de0265
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Jun 12 23:09:55 2013 -0400
[libfko] BYTEORDER macro update to 4321 or 1234 if all other methods fail
lib/fko_common.h | 24 +++++++++++++++---------
1 file changed, 15 insertions(+), 9 deletions(-)
commit 12eab497c2ddc443cecf3248f75970ad47651f04
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Jun 11 22:01:23 2013 -0400
[test suite] added a few OS compatibility tests
Makefile.am | 1 +
test/test-fwknop.pl | 9 +++
test/tests/os_compatibility.pl | 159 +++++++++++++++++++++++++++++++++++++++++
3 files changed, 169 insertions(+)
commit ef8aa2e471548126ee921aff7328385dd7e1bbc0 (tag: refs/tags/fwknop-2.5-pre2)
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jun 10 22:38:55 2013 -0400
[test suite] minor bug fix to add 'iptables' to custom chain test titles
test/tests/rijndael_hmac.pl | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit 978ddda33773f7be96e7898fa5915ad9cf24ae9a
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jun 10 22:34:48 2013 -0400
bump version to 2.5-pre2
VERSION | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit ffeb285f7bf6856b2ce1c2f5bdbec0f06322f384
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jun 10 22:27:57 2013 -0400
[libfko] handle endian detection on PPC (and other) systems
Blair Zajac contributed a patch to handle endian detection on PPC systems
and issue a compile time error if it cannot be determined. This commit affects
the BYTEORDER macro.
CREDITS | 6 ++++++
lib/fko_common.h | 18 ++++++++++++++++--
2 files changed, 22 insertions(+), 2 deletions(-)
commit 5c7f5f1b0ba7d5241edb944c3bb024d610839c8b
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jun 10 21:45:26 2013 -0400
[libfko] use local strndup() if autoconf HAVE_STRNDUP not defined
Blair Zajac reported that strndup() is not available on some PPC systems, so
this commit switches to use the local lib/fko_util.c implementation similarly
to what is done for Windows systems.
lib/fko_util.c | 4 ++--
lib/fko_util.h | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
commit 63ecfd54f280fe4888af3777bc05249e92561226
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jun 10 21:21:52 2013 -0400
added missing test suite conf/ files to Makefile.am
Makefile.am | 5 +++++
1 file changed, 5 insertions(+)
commit f9df2f6ecaa3bb8b63139ac77e26f9db9fd43011
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jun 10 21:18:37 2013 -0400
[test suite] additional --save-rc-stanza tests for vars not printed in fwknop client decode output
test/test-fwknop.pl | 79 +++++++++++++++++++++++++++++++-----------
test/tests/basic_operations.pl | 78 +++++++++++++++++++++++++++++++++++++++++
2 files changed, 136 insertions(+), 21 deletions(-)
commit 0c19e5170a9ec5d2f0dfd943e05df514eb26684b
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jun 10 21:16:33 2013 -0400
[test suite] added backwards compatibility tests with a dual usage key in access.conf
Makefile.am | 1 +
test/conf/dual_key_legacy_iv_access.conf | 10 +++++++
test/test-fwknop.pl | 13 +++++++++
test/tests/rijndael_backwards_compatibility.pl | 37 ++++++++++++++++++++++++++
4 files changed, 61 insertions(+)
commit a3e06966b51b5a934af40351e4dd647201e31eb4
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jun 10 21:14:09 2013 -0400
[client] minor man page wording update for backwards compatibility section
client/fwknop.8.in | 6 +++---
doc/fwknop.man.asciidoc | 6 +++---
2 files changed, 6 insertions(+), 6 deletions(-)
commit 46dadecf5a0cc4b8722131dc71a0a148158ab7a3
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jun 9 16:00:46 2013 -0400
[client] minor man page tweak to use rc VERBOSE bool value (which is the default now)
client/fwknop.8.in | 2 +-
doc/fwknop.man.asciidoc | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
commit 056fd44c2416676d055e0232af22abfd59a8abbb
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jun 9 15:58:22 2013 -0400
[commit] default --verbose rc handling to bool Y/N values, but allow integers too when --verbose is given multiple times
client/config_init.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
commit dbfa2579a75ec488b538b7df49440ff9d59a2b88
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jun 9 15:57:16 2013 -0400
[client] minor man page tweak
client/fwknop.8.in | 6 +++---
doc/fwknop.man.asciidoc | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
commit 88e1e0e09951122ce8749659c5381a4ec9c80cdc
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jun 9 15:27:19 2013 -0400
[test suite] added tests for setting gpg recipient, signer, and homedir via the client rc file
test/conf/fwknoprc_gpg_args_hmac_key | 7 +++++++
test/conf/fwknoprc_gpg_args_no_pw_hmac_key | 7 +++++++
test/test-fwknop.pl | 2 ++
test/tests/gpg_hmac.pl | 21 +++++++++++++++++----
test/tests/gpg_no_pw_hmac.pl | 14 ++++++++++++++
5 files changed, 47 insertions(+), 4 deletions(-)
commit ac587f3c6387db6bfcd051ea031dbc007278fcca
Merge: 7a1bdea 3d688a5
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jun 9 14:33:29 2013 -0400
Merge branch 'master' of github.com:mrash/fwknop
commit 7a1bdea5140de8791d22125fca8a5b6eb50619ec
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jun 9 14:28:17 2013 -0400
[server] fix 'Use of untrusted string value' bug found by Coverity
This commit changes iptables policy parsing to re-use rule_exists() for fwknop
jump rule detection instead of using sscanf() against iptables policy list
output. Also, fwknop jump rules are now deleted from iptables policies in a
loop to ensure all are removed even if there are duplicates (even though this
should not happen under normal circumstances anyway).
server/fw_util.h | 1 +
server/fw_util_iptables.c | 72 ++++++++++---------------------
server/fw_util_iptables.h | 4 +-
test/conf/custom_input_chain_fwknopd.conf | 2 +
test/conf/custom_nat_chain_fwknopd.conf | 5 +++
test/test-fwknop.pl | 2 +
test/tests/rijndael_hmac.pl | 37 ++++++++++++++++
7 files changed, 73 insertions(+), 50 deletions(-)
commit 3d688a5a0801ce82624bdd54f5532ce844caa44a
Merge: 8b62984 e515ba4
Author: Michael Rash <michael.rash@gmail.com>
Date: Thu Jun 6 20:22:55 2013 -0700
Merge pull request #87 from fjoncourt/master
Fwknop manpage update (fd and stdin command)
commit f491c4169758a400b70ed5ccfd997a36354fe75f
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Jun 5 22:33:42 2013 -0400
[server] minor addition of IPT_CHK_RULE_ARGS macro for iptables -C usage
server/fw_util_iptables.c | 2 +-
server/fw_util_iptables.h | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
commit 866e0a95d51369f8cfc9c85baa9964b9c443adbf
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Jun 5 21:46:51 2013 -0400
[server] minor bug fix to switch iptables comment match check to built-in INPUT chain
server/fw_util_iptables.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
commit e515ba45feae4e562e3a62a3595f4382820751c9
Merge: 7dec268 8b62984
Author: Franck Joncourt <franck@debian.org>
Date: Wed Jun 5 21:47:41 2013 +0200
Merge remote-tracking branch 'upstream/master'
Conflicts:
client/fwknop.8.in
commit 7dec26852a9cf63ef686332df9aede7e12695f09
Author: Franck Joncourt <franck@debian.org>
Date: Wed Jun 5 21:38:26 2013 +0200
Updated fwknop manpage to document both the use of stdin and fd commands.
client/fwknop.8.in | 14 ++++++++++++--
doc/fwknop.man.asciidoc | 10 ++++++++++
2 files changed, 22 insertions(+), 2 deletions(-)
commit 17974a1c05c4ffa3ec76c60582d407ee18c7f93a
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Jun 4 22:17:59 2013 -0400
[server] comment additions regarding Coverity low priority TOCTOU issues
server/access.c | 14 ++++++++++++++
server/config_init.c | 6 ++++--
2 files changed, 18 insertions(+), 2 deletions(-)
commit 59eb7fcf0f0e1b1e305eca9f41a978a14872b133
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Jun 4 21:17:15 2013 -0400
[extras] update spa-entropy.pl script to point fwknop client in gpg mode to the no-pw homedir
extras/spa-entropy/spa-entropy.pl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 8b629848875fbc8f2fe84e7ddd259f15a7c59d28
Merge: 7c4beab 48a3f7a
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jun 3 21:59:26 2013 -0400
Merge branch 'gpgme_autoconf_macro'
This commit adds a new m4/gpgme.m4 to allow autogen.sh to work properly when
libgpgme is not installed. Closes #72.
commit 7c4beabea0c4be58d2e9b30bb27353cc0949df40
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jun 3 21:45:29 2013 -0400
a few HMAC doc updates to the libfko.texi file
doc/libfko.texi | 87 ++++++++++++++++++++++++++++++++++++++++++++-------------
1 file changed, 68 insertions(+), 19 deletions(-)
commit 69ba2d7a06556033e35cc0df5928bae39e1117d0
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jun 3 20:54:40 2013 -0400
fko-wrapper update to print fko_errstr() text, and to have one successful HMAC cycle
test/fko-wrapper/fko_wrapper.c | 113 ++++++++++++++++++++++++++---------------
1 file changed, 71 insertions(+), 42 deletions(-)
commit 66399fed1a47dfac0af636cfcdde92c1aa68eb4b
Merge: e7716b4 583e1e0
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jun 2 22:54:23 2013 -0400
Merge remote-tracking branch 'fjoncourt/master'
Closes #74 - allows a passphrase to be read from STDIN or from a file descriptor
via --fd.
commit e7716b49c6318fd242e25ddc7620560bfc6af9e2
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jun 2 22:08:54 2013 -0400
[test suite] minor bug fix to include the new legacy long key file in Makefile.am
Makefile.am | 1 +
1 file changed, 1 insertion(+)
commit 164888e075a671d3df6185b0e2b67ceb0f166518
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jun 2 21:19:19 2013 -0400
[test suite] added backwards compatibility test for truncated keys longer > 16 chars
test/conf/legacy_iv_long_key_access.conf | 4 ++++
test/test-fwknop.pl | 1 +
test/tests/rijndael_backwards_compatibility.pl | 27 ++++++++++++++++++++++++++
3 files changed, 32 insertions(+)
commit 583e1e02c77ae975c1b5bee8926206de78f66650
Merge: 9fce10a 1c8d247
Author: Franck Joncourt <franck@debian.org>
Date: Sun Jun 2 21:54:25 2013 +0200
Merge remote-tracking branch 'upstream/master'
Conflicts:
client/config_init.c
commit 9fce10abd8d37bc1bd58dfda05b82450d5ff343e
Author: Franck Joncourt <franck@debian.org>
Date: Sun Jun 2 21:36:17 2013 +0200
Adding support for reading encryption/key password from a file descriptor.
* Added tests to the test suite.
* Updated the usage message.
* Fixed the password functions.
reference : mrash/fwknop#74
client/config_init.c | 24 ++++++++++++++----------
client/getpasswd.c | 32 +++++++++++++++++++-------------
client/utils.h | 3 +++
test/test-fwknop.pl | 1 +
test/tests/basic_operations.pl | 12 ++++++++++--
test/tests/rijndael.pl | 26 ++++++++++++++++++++++++++
6 files changed, 73 insertions(+), 25 deletions(-)
commit 2874205d05c7d51e38b653746f87760f6fd4bd7a
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jun 2 14:50:37 2013 -0400
started on libfko.texi function prototype and FKO error code documentation updates
doc/libfko.texi | 27 ++++++++++++++++++++++-----
1 file changed, 22 insertions(+), 5 deletions(-)
commit 491e25a6bdc4be4058eb79d4af17d92d3ad19bd4
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jun 2 14:29:37 2013 -0400
restored the NEWS file since autoconf seems to need it
NEWS | 65 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 65 insertions(+)
commit 382099e85aa0ca18b2d52ca422ac3faa819e4999
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jun 2 14:07:01 2013 -0400
Updated copyright dates, removed NEWS file in favor of the ChangeLog
AUTHORS | 2 +-
NEWS | 38 ---------------------------------
android/project/jni/fwknop/fko.h | 2 +-
android/project/jni/fwknop/fko_limits.h | 2 +-
client/cmd_opts.h | 2 +-
client/config_init.c | 2 +-
client/config_init.h | 2 +-
client/fwknop.c | 2 +-
client/fwknop.h | 2 +-
client/fwknop_common.h | 2 +-
client/getpasswd.c | 2 +-
client/getpasswd.h | 2 +-
client/http_resolve_host.c | 2 +-
client/log_msg.c | 2 +-
client/log_msg.h | 2 +-
client/spa_comm.c | 2 +-
client/spa_comm.h | 2 +-
client/utils.c | 2 +-
client/utils.h | 2 +-
common/common.h | 2 +-
common/netinet_common.h | 2 +-
iphone/Classes/libfwknop/fko_common.b | 2 +-
lib/base64.c | 2 +-
lib/base64.h | 2 +-
lib/cipher_funcs.c | 2 +-
lib/cipher_funcs.h | 2 +-
lib/digest.c | 2 +-
lib/digest.h | 2 +-
lib/fko.h | 2 +-
lib/fko_client_timeout.c | 2 +-
lib/fko_common.h | 2 +-
lib/fko_context.h | 2 +-
lib/fko_decode.c | 2 +-
lib/fko_digest.c | 2 +-
lib/fko_encode.c | 2 +-
lib/fko_encryption.c | 2 +-
lib/fko_error.c | 2 +-
lib/fko_funcs.c | 2 +-
lib/fko_limits.h | 2 +-
lib/fko_message.c | 2 +-
lib/fko_nat_access.c | 2 +-
lib/fko_rand_value.c | 2 +-
lib/fko_server_auth.c | 2 +-
lib/fko_state.h | 2 +-
lib/fko_timestamp.c | 2 +-
lib/fko_user.c | 2 +-
lib/fko_util.h | 2 +-
lib/gpgme_funcs.c | 2 +-
lib/gpgme_funcs.h | 2 +-
server/access.c | 2 +-
server/access.h | 2 +-
server/cmd_opts.h | 2 +-
server/config_init.c | 2 +-
server/config_init.h | 2 +-
server/extcmd.c | 2 +-
server/extcmd.h | 2 +-
server/fw_util.c | 2 +-
server/fw_util.h | 2 +-
server/fw_util_ipf.c | 2 +-
server/fw_util_ipf.h | 2 +-
server/fw_util_ipfw.c | 2 +-
server/fw_util_ipfw.h | 2 +-
server/fw_util_iptables.c | 2 +-
server/fw_util_iptables.h | 2 +-
server/fw_util_pf.h | 2 +-
server/fwknopd.c | 2 +-
server/fwknopd.h | 2 +-
server/fwknopd_common.h | 2 +-
server/fwknopd_errors.c | 2 +-
server/fwknopd_errors.h | 2 +-
server/incoming_spa.c | 2 +-
server/incoming_spa.h | 2 +-
server/log_msg.c | 2 +-
server/log_msg.h | 2 +-
server/pcap_capture.c | 2 +-
server/pcap_capture.h | 2 +-
server/process_packet.c | 2 +-
server/process_packet.h | 2 +-
server/replay_cache.c | 2 +-
server/replay_cache.h | 2 +-
server/sig_handler.c | 2 +-
server/sig_handler.h | 2 +-
server/tcp_server.c | 2 +-
server/tcp_server.h | 2 +-
server/utils.c | 2 +-
server/utils.h | 2 +-
86 files changed, 85 insertions(+), 123 deletions(-)
commit 1b41e606a7cd69c7a66da37c3aa78806a8f9efe5
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jun 2 13:51:25 2013 -0400
Added backwards compatibility section to the client man page
Added backwards compatibility section and new material on a 'quick start'
subsection for the EXAMPLES section.
client/fwknop.8.in | 128 +++++++++++++++++++++++++++++--------
doc/fwknop.man.asciidoc | 163 +++++++++++++++++++++++++++++++++++++++---------
2 files changed, 234 insertions(+), 57 deletions(-)
commit 1c8d247887cae8979f7381b5808aa2b4e50e8b07
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Jun 1 22:30:29 2013 -0400
ChangeLog update to mention the constant_runtime_cmp() change
CREDITS | 2 +-
ChangeLog | 8 ++++++++
2 files changed, 9 insertions(+), 1 deletion(-)
commit af88af3e512c3b61b6f1a8bf2a3657df44ae92ad
Merge: b95292e 54872ac
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Jun 1 22:23:35 2013 -0400
Merge branch 'hmac_timing_bug_fix'
Fixes #85
commit b95292ef906df0310728c7455c2599711fae1b7d
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Jun 1 22:10:32 2013 -0400
added fwknopd man page blurb for the ENABLE_PCAP_ANY_DIRECTION variable
doc/fwknopd.man.asciidoc | 11 +++++++++++
server/fwknopd.8.in | 9 +++++++--
2 files changed, 18 insertions(+), 2 deletions(-)
commit 54872acfc34542d4ab800d4126a153854228cf11 (refs/remotes/web/hmac_timing_bug_fix, refs/heads/hmac_timing_bug_fix)
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Jun 1 21:55:45 2013 -0400
Convert strncmp() calls to constant_runtime_cmp() at various places
This commit is a follow up to Ryman's report (#85) of a potential timing attack
that could be leveraged against fwknop when strncmp() is used to compare HMAC
digests. All strncmp() calls that do similar things have been replaced with a
new constant_runtime_cmp() function that mitigates this problem.
lib/cipher_funcs.c | 8 ++++----
lib/fko_decode.c | 2 +-
lib/fko_hmac.c | 31 +++----------------------------
lib/fko_util.c | 27 +++++++++++++++++++++++++++
lib/fko_util.h | 1 +
server/incoming_spa.c | 6 +++---
server/replay_cache.c | 3 ++-
7 files changed, 41 insertions(+), 37 deletions(-)
commit f3af0d48c5806c89fbc3a5ad35fe5dfabde6f645
Author: Franck Joncourt <franck@debian.org>
Date: Sat Jun 1 23:14:56 2013 +0200
Interim commit to be able to load key from file descriptor (fd 0 for example).
client/config_init.c | 7 ++++---
client/fwknop_common.h | 3 ++-
client/getpasswd.c | 52 +++++++++++++++++++++++++++++++-------------------
client/getpasswd.h | 2 +-
4 files changed, 39 insertions(+), 25 deletions(-)
commit 6706c539023f9a2dec1aed94f6e18ae1e7877c84 (refs/remotes/origin/hmac_timing_bug_fix)
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Jun 1 09:09:17 2013 -0400
[libfko] HMAC comparison timing bug fix
Ryman reported a timing attack bug in the HMAC comparison operation (#85) and
suggested a fix derived from YaSSL:
http://www.mail-archive.com/debian-bugs-rc@lists.debian.org/msg320402.html
CREDITS | 5 +++++
lib/fko_hmac.c | 28 +++++++++++++++++++++++++++-
2 files changed, 32 insertions(+), 1 deletion(-)
commit 0f0f73636f1a4c9292f01b1a2669e73984ec4d20
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri May 31 23:19:48 2013 -0400
[server] minor update to rename PCAP_ANY_DIRECTION -> ENABLE_PCAP_ANY_DIRECTION
server/cmd_opts.h | 6 +++---
server/config_init.c | 2 +-
server/fwknopd.conf | 2 +-
server/fwknopd_common.h | 4 ++--
4 files changed, 7 insertions(+), 7 deletions(-)
commit 9b2cd9e2e50ebbaed18e5cc86d302e3bfeb65b14
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri May 31 23:01:47 2013 -0400
[client] allow -D to be used in --save-rc-stanza mode if -n is not given
This change simplifies the fwknop client usage by allowing the -D argument to
be used as the stanza name if -n is not also specified in --save-rc-stanza
mode.
client/config_init.c | 17 +++++++++++------
client/fwknop.8.in | 6 +++++-
doc/fwknop.man.asciidoc | 4 +++-
3 files changed, 19 insertions(+), 8 deletions(-)
commit 32a6d05cdba45ac2f007450df6193ec9d3259548
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri May 31 22:47:06 2013 -0400
added HMAC digests section to libfko info doc
doc/libfko.texi | 86 +++++++++++++++++++++++++++++++++++++++++----------------
1 file changed, 62 insertions(+), 24 deletions(-)
commit 9cbb80d434eec1d90e40f0954fbe6be8cf9f69f1
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri May 31 21:36:49 2013 -0400
update man page in client/server directories to the latest
client/fwknop.8.in | 114 ++++++++++++++++++++++++++++------------------------
server/fwknopd.8.in | 18 +++++++--
2 files changed, 77 insertions(+), 55 deletions(-)
commit b4171fe90cd0198d8fc84e21ab8ddeb52139e5be
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu May 30 22:50:29 2013 -0400
[test suite] minor update to reduce logging noise in valgrind comparison test
test/test-fwknop.pl | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
commit b5c81468232ca5b171611af3e09fb418298054d1
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu May 30 22:42:13 2013 -0400
minor configure.ac typo fix for --help output
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 1e775350682b906d4c96e1a1a31f41dd5d578779
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu May 30 22:26:09 2013 -0400
minor documentation updates
doc/fwknop.man.asciidoc | 40 +++++++++++++++++++++++-----------------
doc/libfko.texi | 23 ++++++++++++++---------
2 files changed, 37 insertions(+), 26 deletions(-)
commit 0504627c2e2fd06ac94c7cdd823f82b22e4354c2
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu May 30 22:03:11 2013 -0400
[client] don't print keys to stdout in --save-rc-stanza --key-gen mode
This is a minor commit to not print keys to stdout when both --save-rc-stanza
and --key-gen are set on the command line.
client/config_init.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++--
client/fwknop.c | 32 +------------------------------
2 files changed, 52 insertions(+), 33 deletions(-)
commit 0001b37f44f3e61af8cab32cdc378d84932bacf7
Merge: 478f866 6d9f840
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed May 29 18:53:08 2013 -0400
Merge remote-tracking branch 'fjoncourt/save_rc_stanza'
This set of fixes from Franck allows for much better --save-rc-stanza
functionality - new SPA keys can automatically be saved to the fwknoprc
file when --key-gen and --save-rc-stanza are given, keys aren't overwritten
upon updating the arguments for an existing stanza, and more.
Conflicts:
client/config_init.c
commit 6d9f840ab7599603ba279d7c7abdb630c4728d04 (refs/remotes/fjoncourt/save_rc_stanza)
Author: Franck Joncourt <franck@debian.org>
Date: Wed May 29 14:06:57 2013 +0200
The -R command line switch is now handled in fwknoprc as RESOLVE_IP_HTTP variable.
client/config_init.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
commit cf6cb01f671859f1ded102faed885e17c5bcf323
Author: Franck Joncourt <franck@debian.org>
Date: Wed May 29 12:19:56 2013 +0200
Fixed ask_overwrite(). Generated keys are now stored in fwknoprc.
* ask_overwrite() : when the user inputs more than one char when prompted,
a second call to the function does not take the second char anymore.
We parse all of the chars until we reach an LF char and discard all of them
except the first one.
The overwrite is requested only when the user sets 'y', if there is anything
else we asssume 'N'.
* When -k is used on the command line along with the --save-rc-stanza, the
generated keys are also written in the stanza in fwknoprc.
client/config_init.c | 82 +++++++++++++++++++++++++++++++++++++++++++++++-----
client/fwknop.c | 13 ---------
2 files changed, 74 insertions(+), 21 deletions(-)
commit 82caa9a6a97ea633f15f75bb887168e4d6e14ded
Author: Franck Joncourt <franck@debian.org>
Date: Tue May 28 17:14:36 2013 +0200
The variables are now stored in a hash (variable name and position) rather than
an array containing only their name. It is now possible to sort them without
worrying about their position in the enumeration.
Improve variable naming for a better understanding (var_ndx becomes var_pos).
client/config_init.c | 314 +++++++++++++++++++++++++++++----------------------
1 file changed, 177 insertions(+), 137 deletions(-)
commit dedc4bc8aa10638b6f928a55e228374cd4d9f14d
Author: Franck Joncourt <franck@debian.org>
Date: Mon May 27 18:18:47 2013 +0200
Interim commit to handle bitmask with more than 32 positions.
client/config_init.c | 309 ++++++++++++++++++++++++++++++++++-----------------
1 file changed, 207 insertions(+), 102 deletions(-)
commit cc07d10d733c4ddc542de4726a9a09c67fed2af7
Author: Franck Joncourt <franck@debian.org>
Date: Sat May 25 21:56:01 2013 +0200
Set command line argument bitmask as a 64-bits value to be able to handle more arguments.
Interim commit to add the VERBOSE variable to be stored in the fwknoprc file when
-v is used with --save-rc-stanza. The VERBOSE variable is also read by fwknop
and the verbosity level is set accordingly.
client/config_init.c | 31 +++++++++++++++++++++++--------
client/log_msg.h | 2 ++
2 files changed, 25 insertions(+), 8 deletions(-)
commit 478f86669c62347d0e82f8a3df0211c275a40227
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu May 23 22:29:41 2013 -0400
minor Makefile.am update to set permissions on access.conf.inst and fwknopd.conf.inst files
Makefile.am | 6 ++++++
1 file changed, 6 insertions(+)
commit 67f96dc3d4ddee424952ec9dbf62ea24e584dee5
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu May 23 22:10:34 2013 -0400
[client] minor fix to set -R mode with a resolve URL is also set
The command line arg validation function also checks this.
client/config_init.c | 1 +
1 file changed, 1 insertion(+)
commit b9bd984768e1f48ac35a0064098ec0f32b42438c
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu May 23 22:02:43 2013 -0400
[test suite] bug fix on FreeBSD to just run the server for the active/expire sets not equal test
test/tests/rijndael.pl | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
commit 9a21bc11ba430312e121444d126ad8cc4aab9bb7
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed May 22 21:21:59 2013 -0400
[server] update access.conf comments to conform to no trailing semicolon or colon within the variable name
server/access.conf | 51 ++++++++++++++++++++++++++-------------------------
1 file changed, 26 insertions(+), 25 deletions(-)
commit 3bc28305c39ec58f36847bc060edc7debca67d17
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed May 22 21:20:42 2013 -0400
minor client man page wording update
doc/fwknop.man.asciidoc | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)
commit 47d235f4feba6ecc32b842a6a28ed7da2329cdd8
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue May 21 22:12:03 2013 -0400
[test suite] minor formatting update to access.conf files to mimic fwknoprc vars (no colon or trailing semicolon)
test/conf/android_access.conf | 6 +++---
test/conf/android_legacy_iv_access.conf | 8 ++++----
test/conf/base64_key_access.conf | 6 +++---
test/conf/cfb_mode_access.conf | 8 ++++----
test/conf/cmd_access.conf | 8 ++++----
test/conf/ctr_mode_access.conf | 8 ++++----
test/conf/default_access.conf | 6 +++---
test/conf/dual_key_usage_access.conf | 16 +++++++--------
test/conf/ecb_mode_access.conf | 8 ++++----
test/conf/expired_epoch_stanza_access.conf | 8 ++++----
test/conf/expired_stanza_access.conf | 8 ++++----
test/conf/force_nat_access.conf | 8 ++++----
test/conf/future_expired_stanza_access.conf | 8 ++++----
test/conf/fuzzing_open_ports_access.conf | 8 ++++----
test/conf/fuzzing_restrict_ports_access.conf | 10 +++++-----
test/conf/fuzzing_source_access.conf | 8 ++++----
test/conf/gpg_access.conf | 14 ++++++-------
test/conf/gpg_hmac_access.conf | 16 +++++++--------
test/conf/gpg_no_pw_access.conf | 12 +++++------
test/conf/gpg_no_pw_hmac_access.conf | 16 +++++++--------
test/conf/hmac_access.conf | 8 ++++----
test/conf/hmac_dual_key_usage_access.conf | 22 ++++++++++----------
test/conf/hmac_equal_keys_access.conf | 30 ++++++++++++++--------------
test/conf/hmac_force_nat_access.conf | 10 +++++-----
test/conf/hmac_get_key_access.conf | 8 ++++----
test/conf/hmac_invalid_type_access.conf | 10 +++++-----
test/conf/hmac_md5_access.conf | 10 +++++-----
test/conf/hmac_md5_long_key_access.conf | 10 +++++-----
test/conf/hmac_md5_short_key_access.conf | 10 +++++-----
test/conf/hmac_no_b64_access.conf | 8 ++++----
test/conf/hmac_no_b64_cygwin_access.conf | 8 ++++----
test/conf/hmac_sha1_access.conf | 10 +++++-----
test/conf/hmac_sha1_long_key_access.conf | 10 +++++-----
test/conf/hmac_sha1_short_key_access.conf | 10 +++++-----
test/conf/hmac_sha256_access.conf | 10 +++++-----
test/conf/hmac_sha256_long_key_access.conf | 10 +++++-----
test/conf/hmac_sha256_open_ports_access.conf | 12 +++++------
test/conf/hmac_sha256_short_key_access.conf | 10 +++++-----
test/conf/hmac_sha384_access.conf | 10 +++++-----
test/conf/hmac_sha384_long_key_access.conf | 10 +++++-----
test/conf/hmac_sha384_short_key_access.conf | 10 +++++-----
test/conf/hmac_sha512_access.conf | 10 +++++-----
test/conf/hmac_sha512_long_key_access.conf | 10 +++++-----
test/conf/hmac_sha512_short_key2_access.conf | 10 +++++-----
test/conf/hmac_sha512_short_key_access.conf | 10 +++++-----
test/conf/hmac_simple_keys_access.conf | 8 ++++----
test/conf/invalid_expire_access.conf | 8 ++++----
test/conf/invalid_source_access.conf | 12 +++++------
test/conf/ip_source_match_access.conf | 6 +++---
test/conf/legacy_iv_access.conf | 8 ++++----
test/conf/mismatch_open_ports_access.conf | 8 ++++----
test/conf/mismatch_user_access.conf | 8 ++++----
test/conf/multi_gpg_access.conf | 14 ++++++-------
test/conf/multi_gpg_no_pw_access.conf | 14 ++++++-------
test/conf/multi_source_match_access.conf | 6 +++---
test/conf/multi_stanzas_access.conf | 24 +++++++++++-----------
test/conf/no_multi_source_match_access.conf | 6 +++---
test/conf/no_source_match_access.conf | 6 +++---
test/conf/no_subnet_source_match_access.conf | 6 +++---
test/conf/ofb_mode_access.conf | 8 ++++----
test/conf/open_ports_access.conf | 8 ++++----
test/conf/require_src_access.conf | 10 +++++-----
test/conf/require_user_access.conf | 8 ++++----
test/conf/subnet_source_match_access.conf | 6 +++---
64 files changed, 321 insertions(+), 319 deletions(-)
commit cfbbac2654fd59f74334976292380deaade1ffe3
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue May 21 22:10:13 2013 -0400
man page updates - access.conf section now includes variable guidance
client/fwknop.8.in | 78 ++++++++++++++++-----
doc/fwknop.man.asciidoc | 115 +++++++++++++++++--------------
doc/fwknopd.man.asciidoc | 170 +++++++++++++++++++++++++++-------------------
server/fwknopd.8.in | 171 +++++++++++++++++++++++++++--------------------
4 files changed, 324 insertions(+), 210 deletions(-)
commit 52462e7dbaa8b525f986f43524549ead36e09325
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue May 21 22:00:15 2013 -0400
Use {0} initializer for all stack allocated char arrays
Lots of places in the code were already using {0} to initialize stack char
arrays, but memset() was being used as well. This commit removes all
unnecessary memset() calls against char arrays that are already initialized
via {0} (which sets all members to zero for such arrays).
client/config_init.c | 48 ++++++++++++++++++++--------------------------
client/fwknop.c | 25 ++++++++----------------
client/getpasswd.c | 2 --
client/http_resolve_host.c | 2 +-
client/spa_comm.c | 6 +++---
lib/cipher_funcs.c | 13 ++++---------
lib/fko_hmac.c | 2 --
lib/hmac.c | 13 -------------
server/access.c | 18 ++++++++---------
server/config_init.c | 4 ++--
server/extcmd.c | 2 +-
server/fw_util_ipf.c | 4 ++--
server/fw_util_ipfw.c | 4 ++--
server/fw_util_iptables.c | 14 +++++++-------
server/fw_util_pf.c | 10 +++++-----
server/fwknopd_common.h | 9 +++++----
server/incoming_spa.c | 2 +-
server/replay_cache.c | 6 +++---
server/tcp_server.c | 2 +-
server/utils.c | 3 +--
20 files changed, 76 insertions(+), 113 deletions(-)
commit 2e2e7fcc0eb9065aa40c5ea915ecb48a99bd9c51
Merge: fad0ef8 98e6314
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon May 20 21:57:42 2013 -0400
Merge remote-tracking branch 'fjoncourt/save_rc_stanza'
Closes issues #81 and #82 thanks to Franck.
commit 05585cab8a916eb734108fd93f32865b5ae8f8fd
Merge: 6c59c9a fad0ef8
Author: Franck Joncourt <franck@debian.org>
Date: Mon May 20 22:02:31 2013 +0200
Merge remote-tracking branch 'upstream/master'
commit 98e631451f34cff6713b51d0291a3ab626786ba8
Author: Franck Joncourt <franck@debian.org>
Date: Mon May 20 21:58:18 2013 +0200
Fixed stanza name in log message. We display the stanza we were looking for, not the current one.
client/config_init.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
commit 209b189f202d02134d2523f7479b240ab9863b1a
Merge: 5e3d9b6 fad0ef8
Author: Franck Joncourt <franck@debian.org>
Date: Mon May 20 11:08:33 2013 +0200
Merge remote-tracking branch 'upstream/master' into save_rc_stanza
commit fad0ef8690eba98279558b2984cbe72920262804
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun May 19 16:15:19 2013 -0400
[test suite] added 'equal keys' files
test/conf/fwknoprc_hmac_equal_keys | 4 ++++
test/conf/hmac_equal_keys_access.conf | 17 +++++++++++++++++
2 files changed, 21 insertions(+)
commit 5e3d9b6e0bdf661fea02f960b8db841afc48d56f
Author: Franck Joncourt <franck@debian.org>
Date: Sun May 19 22:00:51 2013 +0200
Do not assume two rc sections are separated by an empty line. (mrash/fwknop#81)
client/config_init.c | 68 +++++++++++++++++++++++++++++-----------------------
1 file changed, 38 insertions(+), 30 deletions(-)
commit dc2ff2119caa81a9a3187e95f51ed34544398749
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun May 19 15:50:16 2013 -0400
[client] finished documenting client command line options via the man page
doc/fwknop.man.asciidoc | 69 +++++++++++++++++++++++++++++++++++--------------
1 file changed, 50 insertions(+), 19 deletions(-)
commit 72ab0bf5d5b046d28004fea523a03ec6c1f50800
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun May 19 15:29:20 2013 -0400
[test suite] added client -f firewall timeout tests
test/tests/rijndael_hmac.pl | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
commit 16f96a3e5391d381048e2ea2331d4ab50a2b12d8
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun May 19 14:36:32 2013 -0400
[server] port list memory leak bug fix for OpenBSD/pf and FreeBSD/ipfw firewall interface code found by Coverity
server/access.c | 5 +++--
server/fw_util_ipfw.c | 3 +++
server/fw_util_pf.c | 4 ++++
3 files changed, 10 insertions(+), 2 deletions(-)
commit e31459bb1e4664482b5ccd49d9ff0326d63aabe5
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun May 19 14:12:58 2013 -0400
updated client and server man page material
client/fwknop.8.in | 503 +++++++++++++++++++++++++++++++++++-----------------
server/fwknopd.8.in | 59 ++++--
2 files changed, 381 insertions(+), 181 deletions(-)
commit 0cc5c3495ec30691e5d7e5b65de056e4ab2a7847
Merge: 0a279cc 4e5b960
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun May 19 12:57:36 2013 -0400
Merge branch 'master' of github.com:mrash/fwknop
commit 4e5b96054cf98af86cb5297faa4c668aee16843d
Merge: 96bbf7e 3e16d66
Author: Michael Rash <michael.rash@gmail.com>
Date: Sun May 19 09:57:07 2013 -0700
Merge pull request #80 from fjoncourt/fix-gpl2.0
[FTBS] Fixed gpl2.0.texi
commit 3e16d6694c07e8e92eaf590cb79b19dd4f729524 (refs/remotes/fjoncourt/fix-gpl2.0)
Author: Franck Joncourt <franck@debian.org>
Date: Sun May 19 17:14:35 2013 +0200
Fixed gpl2.0.texi to make it build.
The @appendixsubsec entries are substituted by @appendixsec entries.
doc/gpl-2.0.texi | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
commit 6c59c9ade80d905dbf597917fb55f80214a69631
Merge: cee5807 96bbf7e
Author: Franck Joncourt <franck@debian.org>
Date: Sun May 19 15:34:20 2013 +0200
Merge remote-tracking branch 'upstream/master'
commit 0a279ccbfcb0be44e4e82f9ced28641a8d5cc3ef
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat May 18 22:49:38 2013 -0400
[client] minor --verbose display update to say source port is 'OS assigned' when not otherwise set
client/spa_comm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 96bbf7e61abd9b0238392e79b412e332e3e95783
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat May 18 22:36:13 2013 -0400
[client] bug fix to separate out --named-config vs. --no-save-args command line args
client/config_init.c | 47 ++++++++++++++++++++++++++---------------------
client/fwknop.c | 2 +-
doc/fwknop.man.asciidoc | 2 +-
3 files changed, 28 insertions(+), 23 deletions(-)
commit 15b1382160d48b253d951eceadbe14a01034d55b
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat May 18 16:39:08 2013 -0400
[test suite] slurp openssl HMAC from file into single string (it may be binary data)
test/test-fwknop.pl | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
commit 61459c65f5a926a2740b067b47206be8c4c04c2c
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat May 18 12:13:50 2013 -0400
added test suite HMAC != enc key conf files
Makefile.am | 2 ++
1 file changed, 2 insertions(+)
commit 23a354fced4a32d083f4f854b5feb2ad6747cf18
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat May 18 12:10:18 2013 -0400
[client+server] ensure HMAC key and encryption passphrase are not the same
client/fwknop.c | 12 ++++++++++++
server/access.c | 30 +++++++++++++++++++++++++++++-
test/test-fwknop.pl | 3 +++
test/tests/rijndael_hmac.pl | 24 ++++++++++++++++++++++++
4 files changed, 68 insertions(+), 1 deletion(-)
commit 731ca0e038ecd9f3e7e4a4a138ef98dc021f37b6
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat May 18 10:51:49 2013 -0400
[client] added warning in --verbose mode if -s is used instead of -a or -R
client/config_init.c | 17 +++++++++++++----
1 file changed, 13 insertions(+), 4 deletions(-)
commit c02ec41ca099815c5422ed16c4e339afa604d8c4
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat May 18 08:34:20 2013 -0400
[test suite] minor bug fix to preserve the init file
test/test-fwknop.pl | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
commit cee5807debf3f49ed520ed8cfe648e9254ac62a1
Author: Franck Joncourt <franck@debian.org>
Date: Sat May 18 10:54:44 2013 +0200
First draft to be able to use stdin as an input for submitting fwknop key.
mrash/fwknop#74
client/cmd_opts.h | 4 ++
client/config_init.c | 7 +++
client/fwknop.c | 12 ++--
client/fwknop_common.h | 1 +
client/getpasswd.c | 168 +++++++++++++++++++++++++++++--------------------
client/getpasswd.h | 2 +-
6 files changed, 118 insertions(+), 76 deletions(-)
commit ebe1aec54250f5ae8fbacd84254f0b71a0d370c6
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri May 17 23:05:58 2013 -0400
continued man page updates in preparation for the 2.5 release
doc/fwknop.man.asciidoc | 175 +++++++++++++++++++++++++----------------------
doc/fwknopd.man.asciidoc | 69 ++++++++++++++-----
2 files changed, 146 insertions(+), 98 deletions(-)
commit 7cb23c75cca87d497215da27b6a263a694bc0b27
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri May 17 22:34:26 2013 -0400
[server] added check to ensure any existing fwknop jump rule is not duplicated at init
CREDITS | 4 +++
server/fw_util_iptables.c | 66 +++++++++++++++++++++++++++++++++++------------
2 files changed, 53 insertions(+), 17 deletions(-)
commit cabcaf2174b1a2e0c714f8a9ca56ff3ab2ed95d4
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri May 17 22:28:03 2013 -0400
[server] apply same logging policy for --fw-* modes as --foreground mode
server/log_msg.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
commit 45244114f82b4ab1453bbb7b22b7bb75d96b6df0
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri May 17 21:03:16 2013 -0400
[client] --key-gen bug fix to print keys to stdout
client/config_init.c | 5 ++++-
client/fwknop.c | 11 ++++++++++-
lib/fko_funcs.c | 10 ++++++++--
test/test-fwknop.pl | 27 ++++++++++++++++++---------
test/tests/rijndael.pl | 3 ++-
5 files changed, 42 insertions(+), 14 deletions(-)
commit b6562d3bf379fc5937e73e6c17eb03a7cade32fb
Merge: 2c8469e 95615c9
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed May 15 21:31:17 2013 -0400
Merge remote-tracking branch 'fjoncourt/master'
Closes issues #76 and #60.
commit 2c8469e95e219f42c0a206454d6d0919a7447e4c
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed May 15 21:17:39 2013 -0400
[client] man page update for GPG key signing material
doc/fwknop.man.asciidoc | 24 ++++++++++++++++++++++--
1 file changed, 22 insertions(+), 2 deletions(-)
commit a6f9f1d9ec23df5cb1e4f60234602e315f154349
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed May 15 20:59:29 2013 -0400
[client] completed fwknop client man page rc variable documentation
doc/fwknop.man.asciidoc | 203 ++++++++++++++++++++++++++++++++----------------
1 file changed, 138 insertions(+), 65 deletions(-)
commit 366255188adf06b8a9bc05fc554a89232ba6decb
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue May 14 23:28:45 2013 -0400
HMAC and PBKDF1 ChangeLog updates
ChangeLog | 24 +++++++++++++++---------
1 file changed, 15 insertions(+), 9 deletions(-)
commit e1a7011bf37413fb2d90907a48be80773c2efffd
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue May 14 23:22:03 2013 -0400
[docs] fwknop client man page update for HMAC material
doc/fwknop.man.asciidoc | 210 +++++++++++++++++++++++++++++-------------------
1 file changed, 129 insertions(+), 81 deletions(-)
commit 95615c90e2eb9a6e246709bce79bc7fedd609736
Merge: bb90a8b e73d13e
Author: Franck Joncourt <franck@debian.org>
Date: Tue May 14 22:15:19 2013 +0200
Merge remote-tracking branch 'upstream/master'
commit bb90a8bf7557bce71223ef66119a0dd98eecea91
Author: Franck Joncourt <franck@debian.org>
Date: Tue May 14 22:08:44 2013 +0200
Fixed gcc warnings on openbsd. - mrash/fwknop#60
client/getpasswd.c | 2 +-
lib/digest.c | 70 +++++++++++++++++-------------
lib/digest.h | 10 ++---
lib/fko_encode.c | 6 +--
lib/fko_rand_value.c | 6 ++-
lib/gpgme_funcs.c | 2 +-
server/utils.c | 120 ++++++++++++++++++++++++++++++---------------------
7 files changed, 127 insertions(+), 89 deletions(-)
commit e73d13e14086b00435f0248d8d8a7df0885a771f
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon May 13 23:11:33 2013 -0400
minor write_test_file() path bug fix
test/test-fwknop.pl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 4e5fb77dd046b99a629aa2da0349b0128fef92f5
Merge: fb80575 31d94d5
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon May 13 23:10:26 2013 -0400
Merge remote-tracking branch 'fjoncourt/master'
Merged update from Franck - closes issue #71.
commit fb80575209a8276767457b2c5fefaa42ea1aca23
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon May 13 20:52:14 2013 -0400
[server] minor memory leak bug fix during SPA digest calculation found by Coverity
server/incoming_spa.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 6a2bc3db2718ab06c07c93b208dbd072d0ba5560
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon May 13 20:48:23 2013 -0400
[server] minor memory leak bug fix during access.conf parsing found by Coverity
server/access.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
commit 8e31f8feb02585e1b110efd6e01228425bff11ce
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon May 13 20:42:07 2013 -0400
[server] varargs cleanup bug fix found by Coverity
server/log_msg.c | 3 +++
1 file changed, 3 insertions(+)
commit d60870740da90c2eca0a8910dd5cd616438ddabd
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon May 13 20:41:25 2013 -0400
[server] fix pointer NULL check after strdup() - found by Coverity
server/incoming_spa.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit 0c3da4bee4126ab96cabf35f45d2d02751d9e543
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon May 13 20:40:29 2013 -0400
[server] minor cosmetic (unnecessary NULL checks and one un-triggerable memory leak) found by Coverity
server/fw_util_iptables.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
commit cdd0a5f3f379627cd91ddf2cd597b30d11c5795b
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon May 13 20:38:39 2013 -0400
[server] minor memory leak bug fix during access.conf parsing found by Coverity
server/access.c | 1 +
1 file changed, 1 insertion(+)
commit 9dbb62ae1ef53fccdefa1894d09c422719d5af83
Merge: 31d94d5 c83bc15
Author: Franck Joncourt <franck@debian.org>
Date: Mon May 13 16:30:27 2013 +0200
Merge remote-tracking branch 'upstream/master'
commit 48a3f7a1797c557aa7babf13c7a2e5188016bb7b (refs/remotes/web/gpgme_autoconf_macro, refs/remotes/origin/gpgme_autoconf_macro, refs/heads/gpgme_autoconf_macro)
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun May 12 23:48:44 2013 -0400
added m4/gpgme.m4 file
Makefile.am | 1 +
1 file changed, 1 insertion(+)
commit c83bc15c5eb9d6597df17cd9b421ab818548b210 (tag: refs/tags/fwknop-2.5-pre1)
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun May 12 22:42:13 2013 -0400
bumped VERSION file to fwknop-2.5-pre1
VERSION | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 1144284913d78764e22742a45fe0cdaa0cb27fb7
Merge: c6b2c0d 3246c3c
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun May 12 22:31:18 2013 -0400
Merge branch 'master' into gpgme_autoconf_macro
commit 3246c3c6b0a40c380660f4885334c06e48213977
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun May 12 22:30:28 2013 -0400
[test suite] added hmac_get_key_access.conf file
test/conf/hmac_get_key_access.conf | 4 ++++
1 file changed, 4 insertions(+)
commit c6b2c0def42765f1124a0b43acdb8e04e8c071a2
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun May 12 22:25:16 2013 -0400
Added gpgme autoconf m4 macro to fix an undefined AM_PATH_GPGME error
For systems that don't have libgpgme installed, the addition of the m4/gpgme.m4
file fixes the following error when running the autogen.sh script:
configure.ac:313: error: possibly undefined macro: AC_DEFINE
If this token and others are legitimate, please use m4_pattern_allow.
See the Autoconf documentation.
configure.ac:326: error: possibly undefined macro: AM_PATH_GPGME
configure.ac:329: error: possibly undefined macro: AC_MSG_FAILURE
autogen.sh | 2 +-
m4/gpgme.m4 | 307 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 308 insertions(+), 1 deletion(-)
commit 09f073d393ea29c9ad22b72491e0cf97da058c1c
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun May 12 21:04:25 2013 -0400
Added blurb on Coverity to the ChangeLog
ChangeLog | 8 ++++++++
1 file changed, 8 insertions(+)
commit 838782f19810d38ef2ffe556426faaf6e49d42f5
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun May 12 20:57:19 2013 -0400
[test suite] added fko_destroy() calls to fko-wrapper
test/fko-wrapper/fko_wrapper.c | 127 ++++++++++++++++++++++++++++++++++++++---
1 file changed, 118 insertions(+), 9 deletions(-)
commit 1caf6035d9e475f3c98ee97e9c28996c7f5e54d6
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun May 12 20:54:44 2013 -0400
[server] fixed potential double-free condition found by Coverity
Within the access loop always call fko_destroy() right up front whenever
ctx != NULL to ensure a clean slate each time through the loop regardless of
what state may have been reached the previous time through the loop.
server/incoming_spa.c | 58 +++++++++++++++++++++++++--------------------------
1 file changed, 28 insertions(+), 30 deletions(-)
commit c555a35489b830b20f2270b91bace1e42d455e3e
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun May 12 20:54:04 2013 -0400
[client] set ctx=NULL after fko_destroy() calls
client/fwknop.c | 27 +++++++++++++++++++++++++++
client/getpasswd.c | 2 ++
2 files changed, 29 insertions(+)
commit d85c2e74ce06ac461bb84dd508f8a5562a0483c8
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun May 12 20:53:22 2013 -0400
[libfko] set ctx=NULL after fko_destroy(), add NULL check for encrypted msg pointer in fko_new_with_data()
lib/fko_funcs.c | 120 ++++++++++++++++++++++++++++++--------------------------
1 file changed, 65 insertions(+), 55 deletions(-)
commit 7b3c854a024c9778b4c16fea075e5a80a53c7ea2
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun May 12 20:49:00 2013 -0400
[libfko] added context initialized check to fko_decrypt_spa_data()
lib/fko_encryption.c | 3 +++
1 file changed, 3 insertions(+)
commit 6d0f970b3441b5980cff69eeb636963558b1e617
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun May 12 15:02:31 2013 -0400
[libfko] bug fix to apply ctx initialization check before attempting to use ctx->message_type in fko_set_spa_client_timeout()
lib/fko_client_timeout.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
commit 38395b04c69268004519a54efd3331e6e1c6583d
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun May 12 14:43:19 2013 -0400
[test suite] add -x to run_valgrind.sh fko-wrapper script
test/fko-wrapper/run_valgrind.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 3302dd42207d1aa40a3a90386aec8e6a34169c36
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun May 12 14:42:35 2013 -0400
[test suite] added -g to fko_wrapper Makefile for debugging symbols
test/fko-wrapper/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 31d94d50b1d841073d6c7160cfb83d7279d907cf
Author: Franck Joncourt <franck@debian.org>
Date: Sun May 12 17:35:19 2013 +0200
Added tests to validate the encryption mode for the client.
Renamed the CBC legacy VI encryption mode by legacy as mentionned in the man page.
lib/fko_util.c | 2 +-
test/tests/basic_operations.pl | 81 ++++++++++++++++++++++++++++++++++++++++++
2 files changed, 82 insertions(+), 1 deletion(-)
commit 160c21d6b63f79f12d5166c860aad05cc76aad87
Author: Franck Joncourt <franck@debian.org>
Date: Sun May 12 16:52:52 2013 +0200
Rewrite enc_mode_inttostr() and enc_mode_strtoint().
Make sure both functions works the same way and refer to the same
encryption mode string.
Updated the fwknop usage message to display the encryption mode.
client/config_init.c | 9 ++++
lib/fko_common.h | 4 ++
lib/fko_util.c | 130 ++++++++++++++++++++++++++++++---------------------
3 files changed, 90 insertions(+), 53 deletions(-)
commit a8410d8f2a6a77ae2be76a67f05af80f47927f9d
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat May 11 13:28:55 2013 -0400
[test suite] allow valgrind coverage test to run after --test-limit
test/test-fwknop.pl | 58 ++++++++++++++++++++++++++---------------------------
1 file changed, 28 insertions(+), 30 deletions(-)
commit 282b0198ecabc69b1aa9adc9bc839b6a9dea2967
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu May 9 22:43:05 2013 -0400
[libfko] changed 'state' context element to 'int' type to fix a 'extra high-order bits' bug found by Coverity
lib/fko_context.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit aafc3ac264e9e8b347ba6b3b3b487e94b03fe7ef
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu May 9 22:35:08 2013 -0400
[server] setsockopt() nad fcntl() return value checking (found by Coverity)
server/fwknopd.c | 7 ++++++-
server/tcp_server.c | 7 ++++++-
2 files changed, 12 insertions(+), 2 deletions(-)
commit 72e4edbf6a3b0c4bc361183b94e5495908e1e618
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu May 9 22:14:06 2013 -0400
[libfko] fixed remaining sizeof() usage bug in SHA256 code found by Coverity
lib/sha2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 62edf0910147435290c8fb8bc3d9d78c37ef1758
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu May 9 22:13:25 2013 -0400
[libfko] fixed remaining buffer constraints in lib/hmac.c code found by Coverity
lib/hmac.c | 52 ++++++++++++++++------------------------------------
1 file changed, 16 insertions(+), 36 deletions(-)
commit add518016c533c06fbdce5eb8a9adb5a903e178f
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu May 9 22:10:38 2013 -0400
[client] removed unnecessary array NULL check found by Coverity
client/config_init.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
commit 9046acaf22650b2c3f71185d8a1201647c431a7b
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu May 9 21:56:13 2013 -0400
[libfko] memory leak fixes found by Coverity
lib/fko_encryption.c | 7 +++++++
1 file changed, 7 insertions(+)
commit 8c09d38941485623a452b4f2c8fd3946482414d0
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu May 9 21:17:27 2013 -0400
various sizeof() usage and type bug fixes found by Coverity
client/config_init.c | 2 +-
client/fwknop.c | 14 +++++++-------
lib/fko_encryption.c | 6 ++++--
lib/hmac.c | 10 +++++-----
lib/md5.c | 3 ++-
lib/sha2.c | 10 +++++-----
server/fwknopd.c | 7 +++++--
7 files changed, 29 insertions(+), 23 deletions(-)
commit b92f892ae089679a80cb3ecc0217c5c0b8b700d8
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu May 9 21:11:45 2013 -0400
[test suite] minor bug fix for printing the number of test buckets to be executed
test/test-fwknop.pl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 9f9bbcbcdd8a47ee29bf60bb2f2728685bbc7aec
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed May 8 23:55:35 2013 -0400
fixed several resource leak conditions found by Coverity
client/config_init.c | 9 +++++----
client/spa_comm.c | 1 +
lib/fko_encryption.c | 23 ++++++++++++++++++++++-
lib/fko_user.c | 10 +++++++++-
server/fwknopd.c | 31 +++++++++++++++++--------------
5 files changed, 54 insertions(+), 20 deletions(-)
commit aaa28d4ab3437f3641aedf98074d8325ecec1196
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed May 8 23:44:13 2013 -0400
[server] double free bug fix in access.conf parsing routine caught by Coverity
server/access.c | 2 --
1 file changed, 2 deletions(-)
commit 3a1efd9321b428fc3dcebab18ee1d3453de4cab0
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue May 7 23:35:34 2013 -0400
[server] fixed several (non-exploitable) overflow conditions found by Coverity
lib/fko_encryption.c | 2 +-
lib/hmac.c | 60 +++++++++++++++++++++++++++++++++++++++-------------
2 files changed, 46 insertions(+), 16 deletions(-)
commit 8d980ae68646af35b531713b2d01bbf24e3a9468
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue May 7 23:02:49 2013 -0400
remove dead code caught by Coverity
client/fwknop.c | 2 +-
lib/cipher_funcs.c | 6 ++----
server/extcmd.c | 3 ---
3 files changed, 3 insertions(+), 8 deletions(-)
commit 50f0ee2f7db5d0d2290efa3fee10339318fa023f
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue May 7 22:52:35 2013 -0400
[server] bug fix for GPG 'nesting level does not match indentation' issue (discovered by Coverity)
server/incoming_spa.c | 2 ++
1 file changed, 2 insertions(+)
commit e1c6f04ef9658557fbfe99ff0953d206d8f0f0f5
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue May 7 21:43:38 2013 -0400
[client] fix missing 'break' in switch statement (discovered by Coverity)
client/config_init.c | 2 ++
1 file changed, 2 insertions(+)
commit 8f423e8b89915b0b1c6ae37b9d505d37f2c18315
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon May 6 22:23:59 2013 -0400
[server] added --pcap-any-direction along with config file support
From the config file comments:
This variable controls whether fwknopd is permitted to sniff SPA packets
regardless of whether they are received on the sniffing interface or sent
from the sniffing interface. In the later case, this can be useful to have
fwknopd sniff SPA packets that are forwarded through a system and destined
for a different network. If the sniffing interface is the egress interface
for such packets, then this variable will need to be set to "Y" in order for
fwknopd to see them. The default is "N" so that fwknopd only looks for SPA
packets that are received on the sniffin
PCAP_ANY_DIRECTION N;
server/cmd_opts.h | 3 +++
server/config_init.c | 3 +++
server/fwknopd.conf | 12 ++++++++++++
server/fwknopd_common.h | 9 +++++++++
server/pcap_capture.c | 3 ++-
test/test-fwknop.pl | 9 ++++++---
6 files changed, 35 insertions(+), 4 deletions(-)
commit 5aac3d978c8eadb81b10a055d176a950994f91ac
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon May 6 22:22:22 2013 -0400
minor typo fix
test/tests/rijndael.pl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit a9a143a85d54bf4443a1b6c9ef61d8e74cc55da0
Merge: d4577ab eb143db
Author: Franck Joncourt <franck@debian.org>
Date: Mon May 6 11:52:35 2013 +0200
Merge remote-tracking branch 'upstream/master'
commit d4577ab697414cddb1fdb9d3794249a7cb005ed4
Author: Franck Joncourt <franck@debian.org>
Date: Mon May 6 11:49:16 2013 +0200
Added new tests to the test suite to validate the --save-rc-stanza command line argument.
test/test-fwknop.pl | 2 +-
test/tests/basic_operations.pl | 223 ++++++++++++++++++++++++++++++++++++++---
2 files changed, 209 insertions(+), 16 deletions(-)
commit b3cbf1ecfa513647e03f207bf4ba7b16d0ffa2a8
Author: Franck Joncourt <franck@debian.org>
Date: Mon May 6 10:02:02 2013 +0200
Replaced printf() by log_msg().
client/fwknop.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
commit eb143db9a7f540f83ee538aff63f44e151c453dc
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun May 5 21:54:07 2013 -0400
[client] added --get-hmac-key to mirror --get-key, closes #68
ChangeLog | 4 ++++
Makefile.am | 1 +
client/cmd_opts.h | 2 ++
client/config_init.c | 17 ++++++++++++++++
client/fwknop.c | 30 +++++++++++++--------------
client/fwknop_common.h | 1 +
client/getpasswd.c | 28 ++++++++++++++++----------
client/getpasswd.h | 6 +++++-
doc/fwknop.man.asciidoc | 49 ++++++++++++++++++++++++++++++++-------------
test/test-fwknop.pl | 18 ++++++++++++++++-
test/tests/rijndael_hmac.pl | 18 +++++++++++++++++
11 files changed, 132 insertions(+), 42 deletions(-)
commit 83493a424c7c0d7e7e927b2384a55ec56b2dadbe
Merge: 314cc3e 0363a20
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun May 5 21:01:26 2013 -0400
Merge branch 'master' of github.com:mrash/fwknop
commit 314cc3eb23d9ef58790afe4f75530d8eb1558b14
Merge: 3c32839 63fed30
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun May 5 20:59:04 2013 -0400
Merge remote-tracking branch 'origin/win32_fixes'
This fixes issue #69 thanks to Damien.
commit 0363a2099a03a11d9d034381fb0a371f5f10ed92
Author: Damien S. Stuart <dstuart@dstuart.org>
Date: Sun May 5 20:44:47 2013 -0400
Regenerated the client and server manpage .in files from the asciidoc sources
client/fwknop.8.in | 125 ++++++++++++++++++++++++++++++++++++++++++----
server/fwknopd.8.in | 139 +++++++++++++++++++++++++++++++++++++++++++++-------
2 files changed, 236 insertions(+), 28 deletions(-)
commit 63fed301b82b8f92bc9a80fa7167743c2fd0cd54 (refs/remotes/origin/win32_fixes)
Merge: 2c1a911 c0c0941
Author: Damien S. Stuart <dstuart@dstuart.org>
Date: Sun May 5 20:37:02 2013 -0400
Merge branch 'win32_fixes' of ssh://github.com/mrash/fwknop into win32_fixes
commit 2c1a911a50982afc417f49bbd7f2c0122f6d6297
Author: Damien S. Stuart <dstuart@dstuart.org>
Date: Sun May 5 20:36:33 2013 -0400
Copied the win32 Visual Studio solution and project files to preserve a VS 2008 version.
win32/README.VISUAL_STUDIO | 26 ++
win32/fwknop-client.vcproj.vs2008 | 543 +++++++++++++++++++++++++++++++++++++
win32/libfko.sln.vs2008 | 44 +++
win32/libfko.vcproj.vs2008 | 558 ++++++++++++++++++++++++++++++++++++++
4 files changed, 1171 insertions(+)
commit c0c0941d5525375e5a5513e1d723c974ff030cf5
Author: Damien Stuart <dstuart@dstuart.org>
Date: Sun May 5 19:02:48 2013 -0400
Tweaked WIN32 conditional for using inet_ntoa instead of inet_ntop to apply only to versions below Vista (WINVER <= 0x0600)
client/utils.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
commit b84415c33cbff2f13448c89eb46820b04c63583c
Author: Damien Stuart <dstuart@dstuart.org>
Date: Sun May 5 16:37:18 2013 -0400
Use inet_aton on Windows (Older windows versions do not have enet_ntop).
client/utils.c | 20 +++++++++++++++++---
1 file changed, 17 insertions(+), 3 deletions(-)
commit 327257ef5fc7d5d5985c24b302bdccbeeee77259
Author: Franck Joncourt <franck@debian.org>
Date: Sun May 5 22:03:21 2013 +0200
Fixed command line arguments (key-base64-rijndael and key-base64-hmac).
The cmd_opts structure containing the command line args does not follow the
documentation. This update fix it.
client/cmd_opts.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit ea8a9419ed6f33607e0a73dbe8fd088e9e3574dd
Author: Franck Joncourt <franck@debian.org>
Date: Sun May 5 22:00:02 2013 +0200
Added force-stanza to the client documentation.
doc/fwknop.man.asciidoc | 4 ++++
1 file changed, 4 insertions(+)
commit f3da6853488109414928beba98fa9a411c3c41ac
Merge: 17a105f 5804e15
Author: Franck Joncourt <franck@debian.org>
Date: Sun May 5 21:47:21 2013 +0200
Merge remote-tracking branch 'upstream/master'
commit 17a105fd8a08e060ec667d825f524751effda522
Author: Franck Joncourt <franck@debian.org>
Date: Sun May 5 21:43:31 2013 +0200
Added GPG_SIGNER and GPG_RECIPIENT to the list of important variables.
client/config_init.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
commit b8145f6d7f1d7c545f2f98fce4e754273d3f1984
Author: Franck Joncourt <franck@debian.org>
Date: Sun May 5 21:13:26 2013 +0200
Added --force-stanza command line arg to avoid prompting the user.
client/cmd_opts.h | 2 ++
client/config_init.c | 14 ++++++++++++--
client/fwknop_common.h | 1 +
3 files changed, 15 insertions(+), 2 deletions(-)
commit 15d9c6197b3cc233c906e0901a291a6329297b71
Author: Damien Stuart <dstuart@dstuart.org>
Date: Sun May 5 13:20:20 2013 -0400
Fixes to get hmac_support and 2.5 changes working for the Windows lib and client builds.
client/spa_comm.c | 8 ++++----
client/utils.c | 2 ++
client/utils.h | 11 +++++++++--
common/common.h | 10 ++++++++++
lib/cipher_funcs.c | 2 +-
lib/fko_encryption.c | 2 +-
lib/fko_util.c | 22 ++++++++++++++++++++++
lib/fko_util.h | 4 ++++
win32/fwknop-client.vcproj | 24 ++++++++++++++++++++++++
win32/libfko.vcproj | 20 ++++++++++++++++++++
10 files changed, 97 insertions(+), 8 deletions(-)
commit 3c3283992c71291b9028121fe90e5381a5b3ef36
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat May 4 14:16:06 2013 -0400
(Franck Joncourt) patch to address sprintf() warnings for issue #60
client/http_resolve_host.c | 4 +++-
server/fw_util_iptables.c | 2 +-
2 files changed, 4 insertions(+), 2 deletions(-)
commit 9d8d1de60d1aece79ce5c5f700bfc1976bbc7e5e
Author: Franck Joncourt <franck@debian.org>
Date: Sat May 4 17:02:02 2013 +0200
Ask the user whether he wants to overwrite a variable in the updated rc file or not.
client/config_init.c | 42 +++++++++++++++++++++++++++++++-----------
1 file changed, 31 insertions(+), 11 deletions(-)
commit 5804e15859aee23e9af2fd4bd917c4c5fbc29372
Merge: d61d5b9 621e7b1
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat May 4 09:41:27 2013 -0400
Merge remote-tracking branch 'ag4ve/master'
(Shawn Wilson) This adds better source IP logging for fwknopd log messages.
Closes #70.
commit 9f43f7a6ff994d5515469e109c005352b0f17332
Merge: f217506 d61d5b9
Author: Franck Joncourt <franck@debian.org>
Date: Sat May 4 15:34:34 2013 +0200
Merge remote-tracking branch 'upstream/master'
commit f2175062347a1b300d4b71440fd257d7e0ab4c02
Author: Franck Joncourt <franck@debian.org>
Date: Sat May 4 15:33:03 2013 +0200
Fixed names of function for better understanding.
client/config_init.c | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
commit d61d5b964ea50356aff3474718be9ef1c24a7012
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri May 3 23:17:24 2013 -0400
[test suite] added Cygwin client compatibility tests
Makefile.am | 1 +
test/conf/hmac_no_b64_cygwin_access.conf | 4 ++++
test/test-fwknop.pl | 1 +
test/tests/rijndael.pl | 19 +++++++++++++++++++
test/tests/rijndael_backwards_compatibility.pl | 12 ++++++++++++
test/tests/rijndael_hmac.pl | 21 +++++++++++++++++++++
6 files changed, 58 insertions(+)
commit 589a68b97bc9c84d4f24dd8015a30901aac087b8
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri May 3 20:56:05 2013 -0400
[test suite] additional iptables init/exit 'no flush' tests
test/tests/gpg.pl | 43 +++++++++++++++++++++++++++++++++
test/tests/gpg_no_pw.pl | 58 +++++++++++++++++++++++++++++++++++++++++++++
test/tests/rijndael_hmac.pl | 44 ++++++++++++++++++++++++++++++++++
3 files changed, 145 insertions(+)
commit df5f2d3ac07d0ed42b7c8989fc7bf653b513b911
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri May 3 20:55:20 2013 -0400
[test suite] minor update to not count HMAC OpenSSL tests against non-ascii HMAC keys when the hexkey option is not supported
test/test-fwknop.pl | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
commit 621e7b1c6d4b3033bb1825a7389143d91ae1666c (refs/remotes/ag4ve/master)
Merge: 9dc1d26 c086105
Author: Shawn Wilson <swilson@korelogic.com>
Date: Fri May 3 12:28:49 2013 -0400
Merge branch 'master' of github.com:ag4ve/fwknop
Pull in forked upstream
commit 5f06cefb0286ee3337767ff321c972af7da908fe
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri May 3 08:35:24 2013 -0400
[test suite] added check for test script inclusion in Makefile.am
Makefile.am | 1 +
test/test-fwknop.pl | 25 +++++++++++++++++++++----
2 files changed, 22 insertions(+), 4 deletions(-)
commit 84768dda6fd6828d30e6cf26a4a107a9aaf5fb59
Author: Franck Joncourt <franck@debian.org>
Date: Fri May 3 13:49:32 2013 +0200
Continued implementing a way to not overwrite KEY.. variables with --save-rc-stanza
mrash/fwknop#67
client/config_init.c | 159 +++++++++++++++++++++++++++++++--------------------
1 file changed, 98 insertions(+), 61 deletions(-)
commit c086105eb1b473c68f1d7677320c6564c4478806
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu May 2 22:29:51 2013 -0400
[server] added tests on Linux systems for the iptables FLUSH_IPT_* vars
test/test-fwknop.pl | 256 +++++++++++++++++++++++++++++-------------------
test/tests/gpg.pl | 4 +-
test/tests/gpg_no_pw.pl | 4 +-
test/tests/rijndael.pl | 62 +++++++++++-
4 files changed, 221 insertions(+), 105 deletions(-)
commit 2297dfd8c2c2a953efde72cd3051d21858c167f4
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu May 2 22:26:21 2013 -0400
[server] minor memory leak bug fix for invalid date processing
Bug fix to ensure to release memory when invalid access stanza dates are set
and fwknopd has to exit. This leak was caught with the test suite in
--enable-valgrind mode based on the following output:
==31947== 568 bytes in 1 blocks are still reachable in loss record 1 of 1
==31947== at 0x4C2CD7B: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==31947== by 0x52EE42A: __fopen_internal (iofopen.c:73)
==31947== by 0x1116A2: parse_access_file (access.c:909)
==31947== by 0x10BAD5: main (fwknopd.c:194)
server/access.c | 24 ++++++++++++++++--------
1 file changed, 16 insertions(+), 8 deletions(-)
commit c71ce885be0c5d389aa37bbe2246704d584d575c
Author: Franck Joncourt <franck@debian.org>
Date: Thu May 2 23:58:28 2013 +0200
First attempt to not ovewrite some configuration variables with --save-rc-stanza.
At this time it only does not overwrite the KEY and HMAC variable without asking the user
what he wants to do.
client/config_init.c | 153 +++++++++++++++++++++++++++++++++++----------------
1 file changed, 107 insertions(+), 46 deletions(-)
commit 56ef34738edd53a2b7abafd7926f03af62b47251
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed May 1 23:55:34 2013 -0400
[test suite] add new test files to Makefile.am
Makefile.am | 6 ++++++
test/conf/no_flush_exit_fwknopd.conf | 1 +
test/conf/no_flush_init_fwknopd.conf | 1 +
test/conf/no_flush_init_or_exit_fwknopd.conf | 2 ++
4 files changed, 10 insertions(+)
commit 9dc1d26d6af5f02213a2f1385077c9189fb062d3
Author: Shawn Wilson <swilson@korelogic.com>
Date: Wed May 1 10:59:48 2013 -0400
fixed more typos
server/incoming_spa.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
commit e50d776ff7aa7b7990e8dede1db8684aab5e79c5
Author: Shawn Wilson <swilson@korelogic.com>
Date: Wed May 1 10:42:13 2013 -0400
correct variable name typo
server/incoming_spa.c | 50 +++++++++++++++++++++++++-------------------------
1 file changed, 25 insertions(+), 25 deletions(-)
commit 52e35b735d6b534705cf104774052dd495a3f627
Author: Shawn Wilson <swilson@korelogic.com>
Date: Wed May 1 10:31:44 2013 -0400
add ip address to messages where appropriate
server/incoming_spa.c | 94 +++++++++++++++++++++++++--------------------------
1 file changed, 47 insertions(+), 47 deletions(-)
commit 23de2d6b5faf73318e105dc84977b262337ba312
Author: Franck Joncourt <franck@debian.org>
Date: Wed May 1 15:52:01 2013 +0200
Removed duplicate variable in the test suite (fake_spoof_ip/spoof_ip).
test/test-fwknop.pl | 3 +--
test/tests/rijndael.pl | 2 +-
2 files changed, 2 insertions(+), 3 deletions(-)
commit fca497f0d85ac583675797ec35eebc25dfa86be6
Author: Franck Joncourt <franck@debian.org>
Date: Wed May 1 15:13:42 2013 +0200
New tests for rc file processing (SPA_SOURCE_PORT, FW_TIMEOUT).
Added spa source port variable to dump_transmit_options() and renamed port
to destination port.
client/spa_comm.c | 12 +++++++++---
test/tests/basic_operations.pl | 37 +++++++++++++++++++++++++++++++++++--
2 files changed, 44 insertions(+), 5 deletions(-)
commit 209c0f16da9ca6bd677fc2378bafb2bd52c5d738
Author: Franck Joncourt <franck@debian.org>
Date: Wed May 1 14:33:35 2013 +0200
Protocol string is set has const char in fko_protocol_t.
client/utils.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit 0f2487776206ea078693dd558879b1d6935dd6bb
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed May 1 08:21:11 2013 -0400
[test suite] minor comment addition so this isn't a zero-byte file
test/conf/default_fwknopd.conf | 1 +
1 file changed, 1 insertion(+)
commit d93648cf99f0a307f5a9cd18b0620e02d586abcd
Author: Franck Joncourt <franck@debian.org>
Date: Tue Apr 30 22:22:03 2013 +0200
Moved/Created proto_intostr() and proto_strtoint() to utils.c.
This allows to update dump_transmit_options() to use the log module to dump data.
client/config_init.c | 75 +++--------------------------------------------
client/spa_comm.c | 39 +++++++-----------------
client/utils.c | 83 ++++++++++++++++++++++++++++++++++++++++++++++++++++
client/utils.h | 14 +++++----
common/common.h | 4 +++
5 files changed, 110 insertions(+), 105 deletions(-)
commit 10a4e1f675096b325e959b1ae8bec7a15aac5ee1
Author: Franck Joncourt <franck@debian.org>
Date: Tue Apr 30 15:37:08 2013 +0200
Updated the TParam typedef to conform to the fko_cli_options_t typedef.
client/config_init.c | 27 +++++++++++++++------------
1 file changed, 15 insertions(+), 12 deletions(-)
commit 2110790a304934633742b39c02a8c8385cbcde73
Author: Franck Joncourt <franck@debian.org>
Date: Tue Apr 30 13:54:58 2013 +0200
Added new rc file processing tests for the SPA_SERVER_PORT.
client/config_init.c | 2 +-
test/tests/basic_operations.pl | 22 ++++++++++++++++++++++
2 files changed, 23 insertions(+), 1 deletion(-)
commit 90175250e5683bf75707c8f5330120562cdbc7f4
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Apr 29 22:14:39 2013 -0400
[client] add USE_HMAC handling to parse_rc_param()
client/config_init.c | 6 ++++++
1 file changed, 6 insertions(+)
commit 892ee15ff9e574d78e716f87e89fa822e708a398
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Apr 29 21:52:07 2013 -0400
ChangeLog and credits updates for Franck
CREDITS | 3 +++
ChangeLog | 3 +++
2 files changed, 6 insertions(+)
commit df5066447d48f1d09300784b306602866c66abef
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Apr 29 21:43:21 2013 -0400
Started on --save-rc-stanza tests, client bug fix for HMAC verification in --test mode
client/config_init.c | 38 ++++++++++----------
client/fwknop.c | 15 +++-----
test/test-fwknop.pl | 27 ++++++++++++++-
test/tests/basic_operations.pl | 78 ++++++++++++++++++++++++++++++++++++++++++
4 files changed, 127 insertions(+), 31 deletions(-)
commit b53699ef9246f905461a56bdb54fd0d342f4e0c5
Author: Franck Joncourt <franck@debian.org>
Date: Mon Apr 29 22:53:06 2013 +0200
Added tests for the SPA_SERVER_PROTO variable from an rc file.
test/tests/basic_operations.pl | 56 +++++++++++++++++++++++++++++++++++++++++-
1 file changed, 55 insertions(+), 1 deletion(-)
commit 36202d8c66488be645af8aba80b377550c26e745
Merge: 7a71938 ea5bb69
Author: Franck Joncourt <franck@debian.org>
Date: Mon Apr 29 22:21:18 2013 +0200
Merge remote-tracking branch 'upstream/master'
commit 7a719389ca48cda8f1f3d8ef1faab1a5d8ee52bf
Author: Franck Joncourt <franck@debian.org>
Date: Mon Apr 29 22:18:29 2013 +0200
Integrated the log module in the whol client source code.
perror() is also replaced by log_msg()
client/fwknop.c | 116 ++++++++++++++++++++++-----------------------
client/getpasswd.c | 4 +-
client/http_resolve_host.c | 40 ++++++++--------
client/spa_comm.c | 89 +++++++++++++++++-----------------
client/utils.c | 15 +++---
5 files changed, 131 insertions(+), 133 deletions(-)
commit ea5bb6937a79ffb70b307b4bf16ee1c17bc04c1e
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Apr 28 21:52:14 2013 -0400
[test suite] add client rc file processing tests (digest only for now, more coming)
test/test-fwknop.pl | 114 +++++++++++++++++++++++++++++++++++++++++
test/tests/basic_operations.pl | 56 ++++++++++++++++++++
2 files changed, 170 insertions(+)
commit b719c06769cb5367fb4998abb3451d2a75bae337
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Apr 28 21:51:16 2013 -0400
[client] ensure to set HMAC mode by default only when an HMAC key is used
client/config_init.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
commit 486f0ea52f6375c529f081143e0729e37fa77cb5
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Apr 27 22:41:17 2013 -0400
[test suite] restore gpg directories after test suite runs
Makefile.am | 1 +
test/conf/client-gpg-no-pw/trustdb.gpg | Bin 1360 -> 1360 bytes
test/conf/client-gpg/trustdb.gpg | Bin 1360 -> 1360 bytes
test/conf/gpg_dirs_orig.tar.gz | Bin 0 -> 3876 bytes
test/conf/server-gpg-no-pw/trustdb.gpg | Bin 1360 -> 1360 bytes
test/conf/server-gpg/trustdb.gpg | Bin 1360 -> 1360 bytes
test/test-fwknop.pl | 17 +++++++++++++++++
7 files changed, 18 insertions(+)
commit dd05975217767104092189270f8470cca83df4e2
Merge: 12a6e9e b04de68
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Apr 27 22:26:38 2013 -0400
Merge remote-tracking branch 'fjoncourt/master'
This merges changes from Franck Joncourt for issues #55 (log module for fwknop)
and #64 (hostname resolution not working for -P icmp spoofing).
commit 12a6e9e93a739494a985620619878a4a7983558c
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Apr 27 20:41:12 2013 -0400
Convert most strlcat() calls to use destination bound from sizeof()
This commit helps to ensure correctness of strlcat() calls in support of fixing
issue #2.
client/fwknop.c | 6 +++---
server/config_init.c | 10 +++++-----
2 files changed, 8 insertions(+), 8 deletions(-)
commit b04de687ce6e9bcb43cb558dee6b2a5606e4d147
Author: Franck Joncourt <franck@debian.org>
Date: Sat Apr 27 23:31:40 2013 +0200
Fixed hostname resolution while spoof ip is used.
mrash/fwknop#64
client/fwknop.c | 76 --------------------------------
client/spa_comm.c | 21 ++++++---
client/utils.c | 77 +++++++++++++++++++++++++++++++++
client/utils.h | 5 +++
test/conf/client-gpg-no-pw/trustdb.gpg | Bin 1360 -> 1360 bytes
test/conf/client-gpg/trustdb.gpg | Bin 1360 -> 1360 bytes
test/conf/server-gpg-no-pw/trustdb.gpg | Bin 1360 -> 1360 bytes
test/conf/server-gpg/trustdb.gpg | Bin 1360 -> 1360 bytes
test/test-fwknop.pl | 11 ++---
test/tests/rijndael.pl | 14 ++++++
10 files changed, 118 insertions(+), 86 deletions(-)
commit 0bf0d8f8766dbe4c55b8c789e8b167977d85b25c
Merge: 6063679 0ec547e
Author: Franck Joncourt <franck@debian.org>
Date: Sat Apr 27 22:38:27 2013 +0200
Merge remote-tracking branch 'upstream/master'
commit 6063679c6da2179acd058945f1620b7780b112e7
Author: Franck Joncourt <franck@debian.org>
Date: Sat Apr 27 22:19:40 2013 +0200
Continue implementing the log_msg module.
client/config_init.c | 2 +-
client/config_init.h | 8 ++++----
client/log_msg.c | 44 ++++++++++++++++++++++++++------------------
3 files changed, 31 insertions(+), 23 deletions(-)
commit b3f55bf1aba4ba5f80660223492f66fe2be9f4fe
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Apr 27 14:59:30 2013 -0400
Convert most strlcpy() calls to use destination bound from sizeof()
This commit helps to ensure correctness of strlcpy() calls in support of fixing
issue #2.
client/config_init.c | 88 +++++++++++++++++++++++-----------------------
client/fwknop.c | 4 +--
client/http_resolve_host.c | 18 +++++-----
client/spa_comm.c | 3 +-
server/config_init.c | 10 +++---
server/fw_util_ipf.c | 2 +-
server/fw_util_ipfw.c | 4 +--
server/fw_util_iptables.c | 14 ++++----
server/fw_util_pf.c | 6 ++--
server/fwknopd.c | 7 ++--
10 files changed, 79 insertions(+), 77 deletions(-)
commit 6b095d948d6c4a84ed3d3aaa8158436b1c0d442e
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Apr 27 12:56:50 2013 -0400
[test suite] minor openssl verification update to print base64 decode flag value
test/test-fwknop.pl | 1 +
1 file changed, 1 insertion(+)
commit eb727e1271ad09eee12c7e12499434cc00158d8e
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Apr 26 21:56:26 2013 -0400
removed roadmap.org file in favor of using github milestones
Makefile.am | 2 --
roadmap.org | 69 -------------------------------------------------------------
2 files changed, 71 deletions(-)
commit 6036619b1c7c094224cce7f86a21e0c64b0e5ee9
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Apr 26 21:47:49 2013 -0400
removed todo.org file in favor of using github issues
todo.org | 179 ---------------------------------------------------------------
1 file changed, 179 deletions(-)
commit 2396193e06558016357451ae9c97f43e913d4079
Author: Franck Joncourt <franck@debian.org>
Date: Fri Apr 26 17:16:05 2013 +0200
Replaced all references to *fprintf(stderr,* by log_msg() in config_init.c
client/config_init.c | 155 +++++++++++++++++++++++++++------------------------
client/log_msg.c | 2 +
2 files changed, 83 insertions(+), 74 deletions(-)
commit 65d0517a9c9fe7905a240f0c483082950fbbcd52
Author: Franck Joncourt <franck@debian.org>
Date: Fri Apr 26 16:18:08 2013 +0200
Inverted log level enumeration
client/Makefile.am | 3 ++-
client/config_init.c | 3 +++
client/fwknop.c | 3 +++
client/fwknop_common.h | 1 +
client/log_msg.c | 15 +++++----------
client/log_msg.h | 13 +++++++------
6 files changed, 21 insertions(+), 17 deletions(-)
commit bb70a9752f93e843ad7f859c3cd899f10f938f91
Author: Franck Joncourt <franck@debian.org>
Date: Fri Apr 26 14:08:25 2013 +0200
Ajout du module log_msg pour le client
client/log_msg.c | 111 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
client/log_msg.h | 48 ++++++++++++++++++++++++
2 files changed, 159 insertions(+)
commit 0ec547e04d5bfda5558051eab719e8e7e4f88fcf
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Apr 25 21:32:02 2013 -0400
[server] another minor CLANG static analyzer fix
server/utils.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit a6e8919728998f4aa2490d8e7b3342e2d27f10fd
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Apr 25 21:29:37 2013 -0400
[server] fix minor CLANG static analyzer bugs
These are simple logic fixes that would not have impacted run time to address
the following warnings generated by the CLANG static analyzer:
incoming_spa.c:433:17: warning: Value stored to 'attempted_decrypt' is never read
attempted_decrypt = 1;
^ ~
incoming_spa.c:647:13: warning: Value stored to 'acc' is never read
acc = acc->next;
^ ~~~~~~~~~
server/incoming_spa.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
commit bf889f7b6e0b9c6b2970574f1d3af38af3857c4e
Author: Franck Joncourt <franck@debian.org>
Date: Thu Apr 25 23:03:02 2013 +0200
Used args enumeration for both the update_rc() and add_rc_param().
Updated fwknop client to refer to the fwknop args enumeration rather
than the config variable names directly. This should make easier to
handle future changes of the variable name.
New function to validate a string matches a YES pattern in the configuration
file : is_yes_str().
The parse_rc_param() only returns at the end of the function, unless a fatal
error has been encountered.
client/config_init.c | 139 +++++++++++++++++++++++++++++++++------------------
1 file changed, 90 insertions(+), 49 deletions(-)
commit 5e82adbf3fb45487fa749eb3abe4b5f876d39ae9
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Apr 23 21:56:41 2013 -0400
[test suite] added GPG password required HMAC tests, added --disable-valgrind argument
test/conf/fwknoprc_gpg_hmac_key | 3 +
test/conf/gpg_hmac_access.conf | 8 +++
test/test-fwknop.pl | 29 ++++++++--
test/tests/gpg_hmac.pl | 124 ++++++++++++++++++++++++++++++++++++++++
4 files changed, 160 insertions(+), 4 deletions(-)
commit 4ea683678b7dd9975d5b048046ab4e6e5450f064
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Apr 22 20:59:32 2013 -0400
[test suite] added gpg_no_pw_hmac_access.conf file
test/conf/gpg_no_pw_hmac_access.conf | 8 ++++++++
1 file changed, 8 insertions(+)
commit f02cc0ddd251321daa1cb63f683356d5931bded2
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Apr 22 20:45:59 2013 -0400
Added HMAC support to GPG encryption modes, closes #58
ChangeLog | 5 +-
Makefile.am | 1 +
lib/cipher_funcs.c | 35 +++++++++++
lib/cipher_funcs.h | 1 +
lib/fko_context.h | 1 +
lib/fko_encryption.c | 22 +------
lib/fko_hmac.c | 25 ++++++--
server/access.c | 20 ++++--
server/incoming_spa.c | 3 +-
test/test-fwknop.pl | 28 +++++++--
test/tests/gpg_no_pw_hmac.pl | 115 ++++++++++++++++++++++++++++++++++
test/tests/rijndael_replay_attacks.pl | 2 -
12 files changed, 219 insertions(+), 39 deletions(-)
commit 2f72960e0fb91b1e257a24461f30263f3b9c0f7a
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Apr 21 21:13:15 2013 -0400
[test suite] clean command tmp files before and after each test
test/test-fwknop.pl | 28 ++++++++++++++++++++++------
1 file changed, 22 insertions(+), 6 deletions(-)
commit 08add2fd48e23a259fd6a80ee765fa3668711201
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Apr 21 20:48:42 2013 -0400
[server] minor function prototype convention update for create_rule()
server/fw_util_iptables.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
commit 6c1b755beae3133aab427f8242403e04bfde247f
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Apr 20 15:31:26 2013 -0400
[test suite] removed unnecessary comment lines from test config files
test/conf/default_fwknopd.conf | 4 --
test/conf/disable_aging_fwknopd.conf | 4 --
test/conf/disable_aging_nat_fwknopd.conf | 4 --
test/conf/dual_key_usage_access.conf | 1 -
test/conf/fwknoprc_default_hmac_base64_key | 69 ------------------------
test/conf/fwknoprc_hmac_invalid_type | 69 ------------------------
test/conf/fwknoprc_hmac_key2 | 69 ------------------------
test/conf/fwknoprc_hmac_md5_key | 69 ------------------------
test/conf/fwknoprc_hmac_md5_long_key | 69 ------------------------
test/conf/fwknoprc_hmac_md5_short_key | 69 ------------------------
test/conf/fwknoprc_hmac_sha1_key | 69 ------------------------
test/conf/fwknoprc_hmac_sha1_long_key | 69 ------------------------
test/conf/fwknoprc_hmac_sha1_short_key | 69 ------------------------
test/conf/fwknoprc_hmac_sha256_key | 69 ------------------------
test/conf/fwknoprc_hmac_sha256_long_key | 69 ------------------------
test/conf/fwknoprc_hmac_sha256_short_key | 69 ------------------------
test/conf/fwknoprc_hmac_sha384_key | 69 ------------------------
test/conf/fwknoprc_hmac_sha384_long_key | 69 ------------------------
test/conf/fwknoprc_hmac_sha384_short_key | 69 ------------------------
test/conf/fwknoprc_hmac_sha512_key | 69 ------------------------
test/conf/fwknoprc_hmac_sha512_long_key | 69 ------------------------
test/conf/fwknoprc_hmac_sha512_short_key | 69 ------------------------
test/conf/fwknoprc_hmac_simple_keys | 69 ------------------------
test/conf/fwknoprc_invalid_base64_key | 70 -------------------------
test/conf/fwknoprc_named_key | 70 -------------------------
test/conf/fwknoprc_with_default_base64_key | 69 ------------------------
test/conf/fwknoprc_with_default_key | 69 ------------------------
test/conf/fwknoprc_with_named_key | 70 -------------------------
test/conf/hmac_dual_key_usage_access.conf | 1 -
test/conf/hmac_simple_keys_access.conf | 2 -
test/conf/icmp_pcap_filter_fwknopd.conf | 4 --
test/conf/invalid_source_access.conf | 1 -
test/conf/ipfw_active_expire_equal_fwknopd.conf | 4 --
test/conf/local_nat_fwknopd.conf | 4 --
test/conf/multi_stanzas_access.conf | 3 --
test/conf/multi_stanzas_with_broken_keys.conf | 4 --
test/conf/nat_fwknopd.conf | 4 --
test/conf/tcp_pcap_filter_fwknopd.conf | 4 --
test/conf/tcp_server_fwknopd.conf | 4 --
39 files changed, 1707 deletions(-)
commit f0036f7f22a315571fd4ba10102de2f3db4a5f4f
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Apr 20 11:12:04 2013 -0400
[client] set HMAC mode whenever any HMAC option is given, add --key-hmac arg
client/cmd_opts.h | 2 ++
client/config_init.c | 32 +++++++++++++++++++++++++++++++-
doc/fwknop.man.asciidoc | 12 +++++++++++-
3 files changed, 44 insertions(+), 2 deletions(-)
commit 387b6e40d3a4fc5cf8b5d69b959a3a5af31b6abb
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Apr 20 11:09:48 2013 -0400
[test suite] updated non-based64 keys in non-base64 key files
test/conf/fwknoprc_hmac_key2 | 4 ++--
test/conf/hmac_no_b64_access.conf | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
commit e447ef57c0f2d70d3f8d0eda80c43aeeb0a8bb4a
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Apr 20 11:04:53 2013 -0400
[test suite] bug fix to properly extract 'KEY' variable for Rijndael key information
test/test-fwknop.pl | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
commit 9a366c2d677ee28c4c5db096f2f1f377b3cf2a7a
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Apr 19 19:43:15 2013 -0400
[test suite] consolidated client/server interaction result variables into client_server_interaction()
test/test-fwknop.pl | 260 ++++++++++++++++++++++---------------------------
test/tests/rijndael.pl | 2 +
2 files changed, 120 insertions(+), 142 deletions(-)
commit f010d88016f570e26e19bf32e3ff9494262cf436
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Apr 19 19:42:06 2013 -0400
removed trailing semicolon from KEY value
test/conf/fwknoprc_named_key | 2 +-
test/conf/fwknoprc_with_named_key | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
commit d356d07bb8c57aec240168c1c433116eb47b15dc
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Apr 18 22:17:18 2013 -0400
minor typo fix in ChangeLog file
ChangeLog | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 39115c6dde3019c54b31f3b31533bbc5e80ccb23
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Apr 18 21:15:00 2013 -0400
added Ruhsam Bernhard to the credits file
CREDITS | 6 ++++++
1 file changed, 6 insertions(+)
commit 77c876c1108a2be36d7a6a6fc152d32a4396b3b8 (refs/remotes/web/hmac_support, refs/remotes/origin/hmac_support, refs/remotes/ag4ve/hmac_support, refs/heads/hmac_support)
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Apr 18 20:53:37 2013 -0400
credits and changelog updates
CREDITS | 11 +++++++++++
ChangeLog | 17 +++++++++++++++++
2 files changed, 28 insertions(+)
commit a61939c005e2b09d6800e2171f607c9d1948f022
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Apr 17 23:50:51 2013 -0400
[test suite] Reorganize client/server interactions to be more rigorous
This is a significant commit that alters how the test suite interacts with the
fwknop client and server by looking for indications that SPA packets are
actually received. This is done by first waiting for 'main event loop' in
fwknopd log output to ensure that fwknopd is ready to receive packets, sending
the SPA packet(s), and then watching for for 'SPA Packet from IP' in fwknopd
output. This is an improvement over the previous strategy that was only based
on timeout values since it works identically regardless of whether fwknop is
being run under valgrind or when the test suite is run on an embedded system
with very limited resources. Another check is run for fwknopd receiving the
SIGTERM signal to shutdown via 'fwknopd -K', and that failing, the test suite
manually kills the process (though this should be rarely needed).
The above strategy is the result of discussions with George Herlin who proposed
the verification-based approach to test suite operations.
Other things this commit changes is the ability to detect whether OpenSSL
supports the 'hexkey:<key>' style specification for HMAC keys (an older version
of FreeBSD doesn't support this) and falls back to the '-hmac <key>' method if
not.
test/test-fwknop.pl | 441 ++++++++++++++++++++++++++++++++++++----------------
1 file changed, 310 insertions(+), 131 deletions(-)
commit b17cb08ddc9707771f7a67ae55d8f7a51f990d88
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Apr 17 23:27:54 2013 -0400
fixed two type mismatch compilation warnings for the perl FKO extension
perl/FKO/FKO.xs | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit d785dcbe6264ddf37ef709ff01551d813ec21851
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Apr 15 22:02:19 2013 -0400
[test suite] added tests/python_fko.pl for python tests
Makefile.am | 1 +
1 file changed, 1 insertion(+)
commit cbf751e8ddd513ed953d2f8fd64864e6c3211d98
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Apr 12 21:50:47 2013 -0400
[test suite] check for fwknopd ready to receive packets
This commit was inspired through conversations with George Herlin.
test/test-fwknop.pl | 39 +++++++++++++++++++++++++++++++++++----
1 file changed, 35 insertions(+), 4 deletions(-)
commit 87fc50bb317573511af09e25b1b39009fc9b6f43
Merge: c112cb4 fbd38d8
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Apr 12 21:16:20 2013 -0400
Merge remote-tracking branch 'fjoncourt/hmac_support' into hmac_support
This commit from Franck Joncourt closes #43
commit fbd38d805b2fca970369c16fe3cd936272288165
Author: Franck Joncourt <franck@debian.org>
Date: Fri Apr 12 14:48:26 2013 +0200
Added some else statements and their comments.
client/fwknop.c | 10 ++++++++++
1 file changed, 10 insertions(+)
commit d988f95a46994de722424c63faebb4537315becd
Author: Franck Joncourt <franck@debian.org>
Date: Thu Apr 11 13:36:58 2013 +0200
Fixed test-fwknop.pl to remove any references to my test files.
test/test-fwknop.pl | 3 ---
1 file changed, 3 deletions(-)
commit 9faa625d956ac0a9da881d008055840d7ba2713f
Author: Franck Joncourt <franck@debian.org>
Date: Thu Apr 11 13:08:36 2013 +0200
Removed tests.
test/tests/client_nat.pl | 24 ------------------------
1 file changed, 24 deletions(-)
commit c112cb4811f435091466556aa5a11a812d0263c5
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Apr 10 23:31:58 2013 -0400
[test suite] get hmac iptables duplicated and sha512 long key tests to pass
client/fwknop.c | 3 ++-
test/test-fwknop.pl | 21 +++++++++++++--------
test/tests/rijndael_hmac.pl | 12 +++++-------
3 files changed, 20 insertions(+), 16 deletions(-)
commit fd767a1f47937c64c60a2a79066d23a0b34a827f
Author: Franck Joncourt <franck@debian.org>
Date: Wed Apr 10 16:06:06 2013 +0200
Resolve ip address in all of tha nat modes (mrash/fwknop#43).
client/fwknop.c | 155 +++++++++++++++++++++++++++++++++++++++++++++--------
test/local_spa.key | 1 -
2 files changed, 133 insertions(+), 23 deletions(-)
commit 8f3e6a4ed104527e14dcc124fc8940e7730d1dc4
Merge: ed2d6ec 05ced0a
Author: Franck Joncourt <franck@debian.org>
Date: Wed Apr 10 15:12:54 2013 +0200
Merge remote-tracking branch 'upstream/hmac_support' into hmac_support
commit 378305a8ab2732a812e3de9a50967088f1daf71a
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Apr 9 22:48:54 2013 -0400
[test suite] added perl FKO Rijndael key test with embedded NULL char
test/test-fwknop.pl | 74 +++++++++++++++++++++++++++++++++++++++++--
test/tests/perl_FKO_module.pl | 9 ++++++
2 files changed, 80 insertions(+), 3 deletions(-)
commit b45a1b07ad2210443a84b0dcf959a03e3712e358
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Apr 9 21:28:32 2013 -0400
minor var naming/spacing update
test/test-fwknop.pl | 123 +++++++++++++++++++++++++---------------------------
1 file changed, 60 insertions(+), 63 deletions(-)
commit 05ced0a5143b0296b480c1c4e834e494880ca615
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Apr 8 22:14:06 2013 -0400
add HMAC_KEY variable support to access.conf (alternative to HMAC_KEY_BASE64)
Makefile.am | 2 ++
server/access.c | 13 +++++++
test/conf/fwknoprc_hmac_key2 | 73 +++++++++++++++++++++++++++++++++++++++
test/conf/hmac_no_b64_access.conf | 4 +++
test/test-fwknop.pl | 2 ++
test/tests/rijndael_hmac.pl | 18 ++++++++++
6 files changed, 112 insertions(+)
commit 748715acf83c8baee7d3d37295306c59fd7e00f7
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Apr 8 20:45:14 2013 -0400
[test suite] added python->C HMAC test
Makefile.am | 1 +
test/conf/hmac_sha512_short_key2_access.conf | 5 +++
test/fko-python.py | 6 +--
test/test-fwknop.pl | 55 ++++++++++++++++++++++++++++
test/tests/python_fko.pl | 12 ++++++
5 files changed, 76 insertions(+), 3 deletions(-)
commit 57773993e4de17823084cd3fe93d122a0607d687
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Apr 7 20:57:35 2013 -0400
[test suite] don't remove output/ directory in --list mode, closes #53
test/test-fwknop.pl | 58 +++++++++++++++++++++++++++--------------------------
1 file changed, 30 insertions(+), 28 deletions(-)
commit cccab3c22bba7466f498a061d5f9d0493d76daef
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Apr 7 16:28:33 2013 -0400
[test suite] restore --diff mode, fixes #52
test/test-fwknop.pl | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
commit a59b5acc991e8e097005f9636f9f36275385ff29
Merge: 4f9fbe4 8f667c1
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Apr 7 15:11:09 2013 -0400
Merge patch from Franck in support of issue #43
commit 4f9fbe4549258c4e1e80e4236f24ca875a7f4dbd
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Apr 7 13:33:42 2013 -0400
[test suite] NAT name resolution tests
This commit adds tests for NAT name resolution in support of issue #43.
test/tests/rijndael.pl | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 52 insertions(+)
commit ed2d6ec8eaa3624e79697acc653ab59ef3845dd5
Author: Franck Joncourt <franck@debian.org>
Date: Sun Apr 7 19:00:38 2013 +0200
Added tests to the test suite in order to check the update.
test/local_spa.key | 1 +
test/test-fwknop.pl | 3 +++
test/tests/client_nat.pl | 24 ++++++++++++++++++++++++
3 files changed, 28 insertions(+)
commit 8f667c17acc1dd95bf2596ecb87998db09f95834
Author: Franck Joncourt <franck@debian.org>
Date: Sat Apr 6 22:59:59 2013 +0200
Fixed Nat mode not resolving hostname to IP's.
Linked mrash/fwknop#43
client/fwknop.c | 114 ++++++++++++++++++++++++++++++++++++++++++++++++++------
1 file changed, 102 insertions(+), 12 deletions(-)
commit fcac5ca413df89e2e766e3a78554ada1564bfaed
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Apr 1 23:02:45 2013 -0400
[test suite] minor encryption key variable name update
test/test-fwknop.pl | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
commit 98d5b6d8a02bc03d01dbf849f088db224f6e6145
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Apr 1 23:01:45 2013 -0400
added 'legacy' initialization vector text to man pages
doc/fwknop.man.asciidoc | 6 +++++-
doc/fwknopd.man.asciidoc | 6 +++++-
2 files changed, 10 insertions(+), 2 deletions(-)
commit 9ee21aae127d351d14ff81c981729e3d82f2b9a9
Merge: 6b845cc fb18b77
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Mar 29 20:45:30 2013 -0400
Merge branch 'hmac_support' of ssh://192.168.10.1/home/mbr/git/bare_repos/fwknop into hmac_support
commit fb18b778d191316bf78c962d9478c605b31f3757
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Mar 29 20:44:48 2013 -0400
added test/fko-python.py test script
Makefile.am | 1 +
1 file changed, 1 insertion(+)
commit 08c9cc0938d6cad9e059a920e9a4bcbecae810b9
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Mar 29 20:42:44 2013 -0400
HMAC function rename for consistency
Make sure that HMAC function names conform to previously established get_*,
set_* naming convention.
client/fwknop.c | 2 +-
lib/fko.h | 4 ++--
lib/fko_funcs.c | 2 +-
lib/fko_hmac.c | 6 +++---
perl/FKO/FKO.xs | 6 +++---
perl/FKO/lib/FKO.pm | 6 +++---
python/fko.py | 8 ++++----
python/fkomodule.c | 16 ++++++++--------
server/utils.c | 2 +-
test/fko-python.py | 37 +++++++++++++++++++++++++++++++++++++
test/fko-wrapper/fko_wrapper.c | 2 +-
11 files changed, 64 insertions(+), 27 deletions(-)
commit d6b4a2a1c3f52853cd959817c93511f6c2070db1
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Mar 28 20:42:12 2013 -0400
added fuzzing tests for long Rijndael and HMAC keys
test/test-fwknop.pl | 124 ++++++++++++++++++++++++++++++++++++++++--
test/tests/perl_FKO_module.pl | 15 +++++
2 files changed, 134 insertions(+), 5 deletions(-)
commit 6ecf6514c9ec47fd3d3cc9aae0c626ec16d33e85
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Mar 24 21:04:18 2013 -0400
Enforce Rijndael and HMAC key length maximum sizes
This commit fixes a couple of overflow conditions for Rijndael and HMAC keys
that are larger than anticipated maximums. In the case of Rijndael, PKCS#5 1.5
is supported up to key sizes of 32 bytes or smaller (and maintains compatibility
with OpenSSL, and future versions will support PKCS#5 2.0 (PBKDF2) while allowing
for larger key sizes. HMAC keys may be up to 128 bytes even for digest
algorithms such as SHA256 that have block sizes that are smaller than this.
lib/fko.h | 2 ++
lib/fko_encryption.c | 6 ++++++
lib/fko_error.c | 6 ++++++
lib/fko_hmac.c | 6 ++++++
4 files changed, 20 insertions(+)
commit 08ab1cf8e1ebb0217e060a67226357a02b982c33
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Mar 23 08:56:22 2013 -0400
remove execute bit
client/config_init.c | 0
1 file changed, 0 insertions(+), 0 deletions(-)
commit 6b845cce432fe61e3cccbbd850048a921b983626
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Mar 23 08:53:48 2013 -0400
remove execute bit
client/config_init.c | 0
1 file changed, 0 insertions(+), 0 deletions(-)
commit 6ca996a1731562ce2aca07d97757b6a5a3f2e437
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Mar 22 22:34:10 2013 -0400
[test suite] minor spacing update
test/test-fwknop.pl | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
commit 112dc6959e58f5f34961c261a0eba2a635369c77
Merge: 42cfc58 11ba153
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Mar 21 21:58:05 2013 -0400
Merge remote-tracking branch 'fjoncourt/hmac_support' into hmac_support
commit 42cfc58e20db72b7bdcff848e0e6a9838028e923
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Mar 21 21:55:18 2013 -0400
[perl FKO] add HMAC support along with test suite HMAC verification (closes #16)
perl/FKO/FKO.xs | 43 ++++++++++++
perl/FKO/lib/FKO.pm | 54 ++++++++++++++-
test/test-fwknop.pl | 149 ++++++++++++++++++++++++++++++++++++++++--
test/tests/perl_FKO_module.pl | 9 +++
4 files changed, 249 insertions(+), 6 deletions(-)
commit d677e18e2527be218aadfae96d7cbcd75d0c68d2
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Mar 21 21:48:38 2013 -0400
minor ChangeLog wording update for HMAC section
ChangeLog | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
commit 11ba15383227e763377fcd5cb4b2f31f880010a0
Merge: 4b63181 49c956d
Author: Franck Joncourt <franck@debian.org>
Date: Wed Mar 20 22:33:45 2013 +0100
Merge remote-tracking branch 'upstream/hmac_support' into hmac_support
commit 4b6318138746b851dc07bf00556f5d99364cceac
Author: Franck Joncourt <franck@debian.org>
Date: Wed Mar 20 22:31:58 2013 +0100
Updated fwknop documentation.
client/config_init.c | 2 +-
doc/fwknop.man.asciidoc | 33 +++++++++++++++++++++++++++++++++
2 files changed, 34 insertions(+), 1 deletion(-)
commit b6bd8a8e8cf426c8da97b9a8409e27225c48bd65
Author: Franck Joncourt <franck@debian.org>
Date: Wed Mar 20 21:38:52 2013 +0100
Fixed issue when trying to save options for a new stanza.
client/config_init.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
commit 49c956dafc423bc7a2440e53589748a3c1287598
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Mar 19 21:23:36 2013 -0400
[test suite] added two basic tests for installation and operations of the python fko extension
test/test-fwknop.pl | 70 ++++++++++++++++++++++++++++++++++++++++++++++++
test/tests/python_fko.pl | 17 ++++++++++++
2 files changed, 87 insertions(+)
commit b92fcce648ba64ffcb54a8e6c3586c3b6965dc3c
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Mar 19 21:22:32 2013 -0400
[python extension] minor function name updates
python/README | 2 +-
python/fko.py | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
commit 8c3cab02699926d4df9a1e71eed9e25102bed90c
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Mar 19 21:15:45 2013 -0400
[python extension] update key_gen() parse tuple format arg to handle hmac_type integer
python/fkomodule.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit e4689892ef152674e25c647ad0665539bf34e852
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Mar 19 21:09:11 2013 -0400
[client] minor http resolve update to include URL in error output
client/http_resolve_host.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
commit ab40e300226484bb445680daad2e57dfa099b6ea
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Mar 18 21:49:00 2013 -0400
minor typo fix
test/test-fwknop.pl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit d8090a81430ec7b91d7aa4572ea4b6d0ee56c2cd
Author: Franck Joncourt <franck@debian.org>
Date: Mon Mar 18 22:06:31 2013 +0100
Allowed an fwknoprc stanza (-n) to be overriden by arguments from the command line.
Added a sanity check to make sure the -n option is used with the --save-rc-stanza option.
client/config_init.c | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
commit 817a719a9c4e8de4992b3136abcac6caa2eee47b
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Mar 17 23:03:48 2013 -0400
[python module] update fko_new_with_data() call to include hmac_type
python/fkomodule.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
commit 92af5b53beff297dffa06280f557a208d1f49c05
Merge: 247edec d299f1d
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Mar 17 23:02:57 2013 -0400
Merge remote-tracking branch 'fjoncourt/python_binding' into hmac_support
commit 247edec004eabd81fab9eed5cb06a7e5d9a554a8
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Mar 17 22:48:29 2013 -0400
minor hmac prototype update to add const qualifier
lib/hmac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 066e90d955e98b20c260626a8921348e82dde125
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Mar 17 22:42:52 2013 -0400
[test suite] added hmac_force_nat_access.conf file to Makefile.am
Makefile.am | 1 +
1 file changed, 1 insertion(+)
commit c7b5611fa4947f4d0dd0086b140e6390d0db6d43
Merge: 7e784df b9046df
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Mar 17 21:34:23 2013 -0400
Merge remote-tracking branch 'fjoncourt/hmac_support' into hmac_support
Significant merge from Franck Joncourt to add the ability to save command line
args to ~/.fwknoprc stanzas. This merge is in support of #4.
Conflicts:
lib/fko_util.c
lib/fko_util.h
commit d299f1de665bb8b0e0443637d873cdddcae57df6 (refs/remotes/fjoncourt/python_binding)
Author: Franck Joncourt <franck@debian.org>
Date: Sun Mar 17 12:03:07 2013 +0100
Add ne wdirective to setup.py in order to be able to build the python binding
without having libfko installed on the system.
python/setup.py | 2 ++
1 file changed, 2 insertions(+)
commit 7e784df3870373f055a2f0f8d818829501bcb1c0
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Mar 16 14:43:15 2013 -0400
[server] allow long Rijndael command messages
This change allows SPA clients to include long messages in command mode and
generally allows decryption operations to dictate success/failure instead of
SPA packet length to gate decryption attempts. Closes #40.
server/incoming_spa.c | 39 +++++++++++++++++++++++++++++++--------
1 file changed, 31 insertions(+), 8 deletions(-)
commit 1de5e370e1f4b1464bfcd94c7ff4c76bbc1922bc
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Mar 16 14:40:08 2013 -0400
[test suite] added 'server_conf' hash key verification
test/test-fwknop.pl | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
commit 4bdb71315a049e072f95e3426fe9c149ca763586
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Mar 16 14:38:20 2013 -0400
[client] --nat-rand-port bug fix
Bug fix for --nat-rand-port mode to ensure that the port to be
NAT'd is properly defined so that the fwknopd server will NAT
connnections to this port instead of applying the NAT operation to the
port that is to be accessed via -A. This change also prints the
randomly assigned port to stdout regardless of whether --verbose mode is
used (since it not then the user will have no idea which port is
actually going to be NAT'd on the fwknopd side).
ChangeLog | 18 +-
Makefile.am | 1 +
client/fwknop.c | 212 ++++++++++++++----
test/conf/fwknoprc_hmac_sha512_long_key | 73 ++++++
test/conf/hmac_force_nat_access.conf | 5 +
test/conf/hmac_sha256_open_ports_access.conf | 6 +
test/conf/hmac_sha512_long_key_access.conf | 5 +
test/test-fwknop.pl | 4 +
test/tests/rijndael.pl | 89 +++++++-
test/tests/rijndael_hmac.pl | 318 +++++++++++++++++++++++++++
10 files changed, 678 insertions(+), 53 deletions(-)
commit 253ccb7cea76d4b6f381998b7c00c785674b138f
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Mar 14 22:26:44 2013 -0400
added encryption type/mode and message type string representations for FKO context diplay output
client/fwknop.c | 15 ++++++++++---
lib/fko_util.c | 65 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
lib/fko_util.h | 3 +++
server/utils.c | 20 ++++++++++++++++--
4 files changed, 98 insertions(+), 5 deletions(-)
commit b9046df64de2472fa59a318a99f86b6ef2eaa78e
Author: Franck Joncourt <franck@debian.org>
Date: Thu Mar 14 22:39:36 2013 +0100
Remove useless comment.
client/config_init.c | 3 ---
1 file changed, 3 deletions(-)
commit 212075094cf2b5380e85af34145917921639423d
Author: Franck Joncourt <franck@debian.org>
Date: Thu Mar 14 22:16:37 2013 +0100
Added the possibility to parse only sedction in a fwknoprc file and
not only the whole file - more.
client/config_init.c | 270 +++++++++++----------------------------------------
1 file changed, 57 insertions(+), 213 deletions(-)
commit 366536055fd18600c879f4147b4612ce2f056d97
Author: Franck Joncourt <franck@debian.org>
Date: Wed Mar 13 07:13:50 2013 +0100
Added the possibility to parse only sedction in a fwknoprc file and not only the whole file
client/config_init.c | 193 ++++++++++++++++++++++++++++++++++++++++++++++++---
1 file changed, 185 insertions(+), 8 deletions(-)
commit aa36f3ffee347c67218be36d5cf851be8b46cffc
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Mar 12 23:25:53 2013 -0400
bug fix to remove hmac_sha512_long_key_access.conf file (doesn't exist) from Makefile.am
Makefile.am | 1 -
1 file changed, 1 deletion(-)
commit 3ef3ab29c87f307d10dccf2d9857dd4aacc687de
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Mar 12 23:20:12 2013 -0400
[test suite] 'key_file' hash key update for HMAC SHA384 test
test/tests/rijndael_hmac.pl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 0b9f25362e231e4a072fdfddd60ad673107e1b47
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Mar 12 23:10:09 2013 -0400
[test suite] minor bug fix for HMAC SHA384 default key test rc file path
test/tests/rijndael_hmac.pl | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
commit 9e32cdd6d92555aff99653cba67b1518f2c7d310
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Mar 12 22:50:37 2013 -0400
[test suite] added files to Makefile.am and added a test to verify this
Makefile.am | 33 +++++++++++++++++++++++++++++++++
test/test-fwknop.pl | 43 +++++++++++++++++++++++++++++++++++++++++++
2 files changed, 76 insertions(+)
commit 55d188ed1f6a04d3c89ce0df8ddb768247a77e7f
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Mar 12 22:18:43 2013 -0400
[test suite] added HMAC key tests
test/conf/fwknoprc_hmac_md5_key | 73 ++++++++++++
test/conf/fwknoprc_hmac_md5_long_key | 73 ++++++++++++
test/conf/fwknoprc_hmac_md5_short_key | 73 ++++++++++++
test/conf/fwknoprc_hmac_sha1_key | 73 ++++++++++++
test/conf/fwknoprc_hmac_sha1_long_key | 73 ++++++++++++
test/conf/fwknoprc_hmac_sha1_short_key | 73 ++++++++++++
test/conf/fwknoprc_hmac_sha256_key | 73 ++++++++++++
test/conf/fwknoprc_hmac_sha256_long_key | 73 ++++++++++++
test/conf/fwknoprc_hmac_sha256_short_key | 73 ++++++++++++
test/conf/fwknoprc_hmac_sha384_key | 73 ++++++++++++
test/conf/fwknoprc_hmac_sha384_long_key | 73 ++++++++++++
test/conf/fwknoprc_hmac_sha384_short_key | 73 ++++++++++++
test/conf/hmac_md5_access.conf | 2 +-
test/conf/hmac_md5_long_key_access.conf | 5 +
test/conf/hmac_md5_short_key_access.conf | 5 +
test/conf/hmac_sha1_long_key_access.conf | 5 +
test/conf/hmac_sha1_short_key_access.conf | 5 +
test/conf/hmac_sha256_access.conf | 5 +
test/conf/hmac_sha256_long_key_access.conf | 5 +
test/conf/hmac_sha256_short_key_access.conf | 5 +
test/conf/hmac_sha384_access.conf | 2 +-
test/conf/hmac_sha384_long_key_access.conf | 5 +
test/conf/hmac_sha384_short_key_access.conf | 5 +
test/test-fwknop.pl | 165 +++++++++++++++++-----------
test/tests/rijndael_hmac.pl | 151 ++++++++++++++++++++++++-
25 files changed, 1172 insertions(+), 69 deletions(-)
commit fe22423a44f09c41d1e7452c216d07a6a8f4c020
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Mar 12 22:17:41 2013 -0400
[libfko] bug fix to maintain OpenSSL compatibility for HMAC keys longer than associated block size
lib/hmac.c | 168 ++++++++++++++++++++++++++++++++++++-------------------------
lib/hmac.h | 2 +
2 files changed, 102 insertions(+), 68 deletions(-)
commit 402a545cb29b04420cb17c722f103bd27c316a4d
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Mar 11 23:12:56 2013 -0400
convert standard hmac access.conf file for HMAC SHA512 to use key size of 128 bytes
test/conf/fwknoprc_hmac_sha512_key | 73 +++++++++++++++++++++++++++++
test/conf/fwknoprc_hmac_sha512_short_key | 73 +++++++++++++++++++++++++++++
test/conf/hmac_sha512_access.conf | 2 +-
test/conf/hmac_sha512_short_key_access.conf | 5 ++
4 files changed, 152 insertions(+), 1 deletion(-)
commit bf6cc6c6059ca1759c8724432c57d3e19ab068ff
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Mar 11 23:02:07 2013 -0400
--key-gen bug fix to allow --key-len and --hmac-key-len values to apply to generated key lengths
lib/fko_funcs.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit 02d0255a7cc8de78b82398b88bccba12c43152a4
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Mar 11 22:55:00 2013 -0400
update base64 key char arrays to use MAX_B64_KEY_LEN macro
client/fwknop_common.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit 6478d2b892850960e0c68bd5e0d8bd25896c775d
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Mar 11 22:54:10 2013 -0400
minor fix to remove extraneous memset() call
client/fwknop.c | 1 -
1 file changed, 1 deletion(-)
commit 70c17be91603b2236d4366a1181466f8e5d99546
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Mar 11 22:50:02 2013 -0400
added MAX_B64_KEY_LEN for full length SHA512 keys
client/config_init.c | 4 ++--
client/fwknop_common.h | 1 +
2 files changed, 3 insertions(+), 2 deletions(-)
commit 4ef2a1ec57e33f36eec2fb44e70597990fc34902
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Mar 11 22:41:08 2013 -0400
fix fko_new_with_data() call to include the hmac type
test/fko-wrapper/fko_wrapper.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
commit 6e7a56067bcdce14bfdd2a4a8dd4955fc225dd29
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Mar 11 21:13:20 2013 -0400
[perl FKO module] add hmac_type to fko_new_with_data() calls
perl/FKO/FKO.xs | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
commit 343bd449d4d826668a816fe3b840582b401fa545
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Mar 10 21:59:39 2013 -0400
HMAC MD5 bug fix to ensure to set the MD5 block length to 64
lib/md5.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit bd2af22691da42dc65db89946ef0876632db5734
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Mar 10 21:58:52 2013 -0400
[test suite] set HMAC_DIGEST_TYPE to md5 for HMAC MD5 test
test/conf/hmac_md5_access.conf | 1 +
1 file changed, 1 insertion(+)
commit 3598fc7d7d6af540c5e75c23ac20649e833060dd
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Mar 10 18:56:19 2013 -0400
added missing hmac_md5() function to hmac.h
lib/hmac.h | 2 ++
1 file changed, 2 insertions(+)
commit 7274f6724eb46bd74315db64a3f3a21e8722f4f4
Merge: dc0ce29 19cf0d5
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Mar 10 18:12:41 2013 -0400
Merge branch 'hmac_support' of github.com:mrash/fwknop into hmac_support
commit 19cf0d51fde2db386637537dd1c4c8b42dda084b
Merge: 744e002 0529d23
Author: Damien Stuart <dstuart@dstuart.org>
Date: Sun Mar 10 17:17:39 2013 -0400
Merge branch 'hmac_support' of github.com:mrash/fwknop into hmac_support
commit 744e002779158911a0e4b9fb6bf53f7fafce4f2c
Author: Damien Stuart <dstuart@dstuart.org>
Date: Sun Mar 10 17:17:19 2013 -0400
Removed tmp lib and include dirs from the python module setup.py file.
python/setup.py | 2 --
1 file changed, 2 deletions(-)
commit dc0ce294777763c5211bdd241a31ee6a4bc2d045
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Mar 10 16:37:34 2013 -0400
bug fix to anticipate OpenSSL HMAC output that spans multiple lines (as in SHA512)
test/test-fwknop.pl | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
commit c5b5cba72968bc39e76f80a4f47063640ef9e92a
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Mar 10 16:30:06 2013 -0400
Added HMAC MD5 support (need test suite validation still)
lib/fko_hmac.c | 6 ++++-
lib/hmac.c | 82 +++++++++++++++++++++++++++++++++++++++++++++++++++++++---
lib/md5.h | 6 +++--
3 files changed, 87 insertions(+), 7 deletions(-)
commit 977ee18c3f75966de0be52cce54eace40c0185ef
Author: Franck Joncourt <franck@debian.org>
Date: Sun Mar 10 20:55:19 2013 +0100
New function bool_to_yesno.
client/config_init.c | 45 ++++++++++++++++++++++++++++++---------------
1 file changed, 30 insertions(+), 15 deletions(-)
commit 0529d235958364de42c3d806ce02da2e52f36a17
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Mar 10 15:13:34 2013 -0400
remove minor debugging statement
server/access.c | 1 -
1 file changed, 1 deletion(-)
commit 6882ac57ec9bfc945d29304df11fe60dc70b8d5a
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Mar 10 14:56:39 2013 -0400
add HMAC-SHA1 support
lib/fko_hmac.c | 6 ++++-
lib/hmac.c | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
lib/hmac.h | 2 ++
lib/sha1.h | 2 ++
4 files changed, 83 insertions(+), 1 deletion(-)
commit 7821e83dfc818b69ffe8ad867d9de42729ccd308
Merge: 22dde8e 6fa3be3
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Mar 10 14:32:07 2013 -0400
Merge branch 'hmac_support' of github.com:mrash/fwknop into hmac_support
Conflicts:
client/fwknop.c
lib/fko_hmac.c
commit 22dde8eb351fb2ad01e0f6d532c787a19e1e44ae
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Mar 10 14:26:05 2013 -0400
SPA with HMAC SHA256 and SHA384 now works
This is a fairly significant commit that lays the groundwork for getting
selectable HMAC modes working for both the client and server. One libfko API
change was required so that the hmac_type is passed into fko_new_with_data().
This allows the server to set the hmac_type via access.conf stanzas. The
effort in this commit will be extended to allow HMAC MD5, SHA1, and SHA512
also function properly.
client/fwknop.c | 4 +-
lib/fko.h | 2 +-
lib/fko_error.c | 2 +-
lib/fko_funcs.c | 15 +++++++-
lib/fko_hmac.c | 81 +++++++++++++++++++++++++++++++--------
server/access.c | 13 ++++++-
server/incoming_spa.c | 6 +--
test/conf/hmac_sha1_access.conf | 1 +
test/conf/hmac_sha384_access.conf | 1 +
test/test-fwknop.pl | 2 +-
test/tests/rijndael_hmac.pl | 26 +++++++------
11 files changed, 114 insertions(+), 39 deletions(-)
commit 6fa3be393c02dfd9725690a84900f519bfa7659f
Author: Damien Stuart <dstuart@dstuart.org>
Date: Sun Mar 10 13:21:24 2013 -0400
Renamed fko_set_hmac_type to fko_set_spa_hmac_type. Incorporated libfko changes and additions to the fko python module code.
client/fwknop.c | 4 +-
fwknop.spec | 2 +-
lib/fko.h | 4 +-
lib/fko_hmac.c | 4 +-
perl/FKO/FKO.xs | 2 +-
python/fko.py | 255 ++++++++++++++++++++++----
python/fkomodule.c | 407 +++++++++++++++++++++++++++++++++++++++--
python/setup.py | 6 +-
test/fko-wrapper/fko_wrapper.c | 4 +-
9 files changed, 631 insertions(+), 57 deletions(-)
commit 8a2bc732b76b5a265cc38890e0c0eee1a1170ce6
Author: Franck Joncourt <franck@debian.org>
Date: Sun Mar 10 18:17:08 2013 +0100
Fixed data format for some arguments in fwknoprc when they are saved.
client/config_init.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
commit 6f45b2c3b15c40ab57e503cb148d6e9781cae240
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Mar 9 23:27:08 2013 -0500
added HMAC SHA384 and SHA512 support, bug fix to allow shorter HMAC key lengths than associated digest block size
client/fwknop.c | 4 +-
lib/fko_hmac.c | 2 +-
lib/fko_util.c | 19 +++++++
lib/fko_util.h | 1 +
lib/hmac.c | 167 ++++++++++++++++++++++++++++++++++++++++++++++++++++++--
lib/hmac.h | 6 +-
6 files changed, 191 insertions(+), 8 deletions(-)
commit f9fa3c2b6d2df719a826771d3935f535799eade4
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Mar 9 23:25:59 2013 -0500
[test suite] derive HMAC digest type from client display context output
test/test-fwknop.pl | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
commit 6741cfc22b6f4bb174aa7c8160da0882ea90bf29
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Mar 9 16:47:42 2013 -0500
convert HMAC functions to static where possible
lib/hmac.c | 44 +++++++++++++++++++++++++++++---------------
lib/hmac.h | 13 -------------
2 files changed, 29 insertions(+), 28 deletions(-)
commit 3ff39dfab48c587005781027589a8a8605b34ca5
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Mar 9 16:41:32 2013 -0500
[test suite] minor variable conversion to 'our' vars
test/test-fwknop.pl | 64 ++++++++++++++++++++++++++---------------------------
1 file changed, 32 insertions(+), 32 deletions(-)
commit c5163fcc24a1ef22c4540044aaacc9c9063741ff
Author: Franck Joncourt <franck@debian.org>
Date: Sat Mar 9 12:39:05 2013 +0100
Added new parameters HMAC_DIGEST_TYPE to the save capability.
client/config_init.c | 7 ++++++-
lib/fko_util.c | 45 +++++++++++++++++++++++++++++++++++++++++++++
lib/fko_util.h | 1 +
3 files changed, 52 insertions(+), 1 deletion(-)
commit c2ef7f224ad067251b5c6b4790a2465be943139f
Author: Franck Joncourt <franck@debian.org>
Date: Sat Mar 9 12:17:17 2013 +0100
Moved static functions from the client to the fko_util.c file.
client/config_init.c | 128 ---------------------------------------------------
lib/fko_util.c | 94 +++++++++++++++++++++++++++++++++++++
lib/fko_util.h | 22 +++++----
3 files changed, 106 insertions(+), 138 deletions(-)
commit 469f9a5f395ec56dc23e7ef14561abb38fbb7a43
Merge: 053db37 1a39047
Author: Franck Joncourt <franck@debian.org>
Date: Sat Mar 9 11:54:45 2013 +0100
Merge remote-tracking branch 'upstream/hmac_support' into hmac_support
Conflicts:
client/cmd_opts.h
client/config_init.c
commit 1a39047b925666bc90436ea72b090a29790710d3
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Mar 8 22:12:19 2013 -0500
ensure to close access.conf file ptr when an error condition is found and exit() is going to be called
server/access.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
commit 8b5cf3446fe33dba185d6399c510a76f2243eed7
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Mar 8 22:05:11 2013 -0500
[test suite] minor bug fix for command line definition for invalid HMAC test
test/tests/rijndael_hmac.pl | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
commit d13eba7d133bfdc03ffe8e59a752c6e20db1cb23
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Mar 8 21:48:19 2013 -0500
[test suite] minor category/subcategory update for fuzzing tests
test/tests/rijndael_fuzzing.pl | 28 ++++++++++++++--------------
1 file changed, 14 insertions(+), 14 deletions(-)
commit 7fe5c55fcfc8e90207fc6e0ef9e29e9d50a6d420
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Mar 8 21:10:45 2013 -0500
[test suite] added various hmac verification conf files
test/conf/fwknoprc_hmac_invalid_type | 73 +++++++++++++++++++++++++++++++++
test/conf/hmac_invalid_type_access.conf | 5 +++
test/conf/hmac_md5_access.conf | 4 ++
test/conf/hmac_sha1_access.conf | 4 ++
test/conf/hmac_sha384_access.conf | 4 ++
test/conf/hmac_sha512_access.conf | 5 +++
6 files changed, 95 insertions(+)
commit d4362b7b3858fefe066b52f9dcdaa026dca4b802
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Mar 8 21:09:51 2013 -0500
[test suite] import test definitions from tests/*.pl files
Makefile.am | 26 +-
test/test-fwknop.pl | 2970 ++----------------------
test/tests/basic_operations.pl | 187 ++
test/tests/build_security.pl | 145 ++
test/tests/gpg.pl | 217 ++
test/tests/gpg_no_pw.pl | 172 ++
test/tests/perl_FKO_module.pl | 196 ++
test/tests/preliminaries.pl | 73 +
test/tests/rijndael.pl | 992 ++++++++
test/tests/rijndael_backwards_compatibility.pl | 98 +
test/tests/rijndael_cmd_exec.pl | 21 +
test/tests/rijndael_fuzzing.pl | 312 +++
test/tests/rijndael_hmac.pl | 261 +++
test/tests/rijndael_replay_attacks.pl | 39 +
14 files changed, 2911 insertions(+), 2798 deletions(-)
commit 44d05a691668b49804555694166f11cf033465ba
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Mar 7 23:14:48 2013 -0500
interim commit for supporting multiple HMAC digest types (# 45)
client/cmd_opts.h | 10 +-
client/config_init.c | 75 ++++--
client/fwknop.c | 18 +-
client/fwknop_common.h | 7 +-
extras/spa-entropy/spa-entropy.pl | 6 +-
lib/fko.h | 20 +-
lib/fko_context.h | 2 +-
lib/fko_funcs.c | 40 ++-
lib/fko_hmac.c | 25 +-
lib/fko_util.c | 36 +++
lib/fko_util.h | 2 +
lib/sha2.h | 2 +
perl/FKO/FKO.xs | 6 +-
server/access.c | 12 +
server/fwknopd_common.h | 1 +
test/conf/fwknoprc_default_hmac_base64_key | 5 +-
test/fko-wrapper/fko_wrapper.c | 4 +-
test/test-fwknop.pl | 378 ++++++++---------------------
18 files changed, 320 insertions(+), 329 deletions(-)
commit 39ca73a245e40f93f144a55be91f53821e75269a
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Mar 5 23:29:46 2013 -0500
[test suite] added OpenSSL HMAC verification (closes #39)
Makefile.am | 2 +
client/fwknop.c | 2 +
lib/fko_hmac.c | 2 +
lib/hmac.c | 2 +
test/conf/fwknoprc_hmac_simple_keys | 72 ++++++++++++
test/conf/hmac_simple_keys_access.conf | 6 +
test/test-fwknop.pl | 194 +++++++++++++++++++++++++++++----
7 files changed, 257 insertions(+), 23 deletions(-)
commit 053db37c0dd711ff7c189fb84f498af859cb7a4c
Author: Franck Joncourt <franck@debian.org>
Date: Tue Mar 5 21:01:38 2013 +0100
Added more command line switches in order for the user to be able to specify the Rijndael, Rijndael base64 and HMAC key.
client/cmd_opts.h | 6 ++++++
client/config_init.c | 58 +++++++++++++++++++++++++++++++++++++++++++++++++---
2 files changed, 61 insertions(+), 3 deletions(-)
commit a09392b08debce847f71fa1a87b084d858050bd0
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Mar 3 17:56:02 2013 -0500
[test suite] better reporting of test title matching for valgrind coverage test
test/test-fwknop.pl | 97 ++++++++++++++++++++++++++++-------------------------
1 file changed, 52 insertions(+), 45 deletions(-)
commit 5c182c1722ff328515b06505d075c8b6792bba1b
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Mar 3 16:21:46 2013 -0500
[test suite] added HMAC dual usage test
Makefile.am | 1 +
test/conf/hmac_dual_key_usage_access.conf | 11 +++++++++++
test/test-fwknop.pl | 20 ++++++++++++++++++++
3 files changed, 32 insertions(+)
commit e064e39284102908bfd478fe120fb0b5b85279c5 (refs/remotes/web/hmac_header_fixes, refs/remotes/origin/hmac_header_fixes, refs/remotes/ag4ve/hmac_header_fixes, refs/heads/hmac_header_fixes)
Merge: 374c573 1dc47f8
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Mar 3 14:36:21 2013 -0500
Merge branch 'hmac_header_fixes' into hmac_support
commit 1dc47f80d8e33e8d38473870efb2611728d2a22b
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Mar 3 14:29:08 2013 -0500
Fix byte order warning
This commit fixes a byte order warning for both sha1.c and md5.c like so:
sha1.c:127:6: warning: #warning Undetermined or unsupported Byte Order... We will try LITTLE_ENDIAN [-Wcpp]
Also removed a couple of header includes that appear not be needed.
client/fwknop.c | 1 -
client/fwknop_common.h | 1 -
lib/cipher_funcs.h | 1 -
lib/md5.c | 1 +
lib/sha1.c | 1 +
5 files changed, 2 insertions(+), 3 deletions(-)
commit 38a803fb71d463a3e20227f03d7cff64f85e578b
Author: Franck Joncourt <franck@debian.org>
Date: Sun Mar 3 18:41:31 2013 +0100
* Added KEY, KEY_BASE64 and HMAC_KEY_BASE64 definitions to the save capability.
* Allowed section to be found during an update of fwknoprc even if there are somes spaces before the stanza.
* Allowed the user to strike the ENTER key to overwrite the section as it will be done with the 'Y' char.
client/config_init.c | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
commit 374c573c89309c31e875dc1d6738f63d459554ce
Merge: d94513e b86e48d
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Mar 3 00:35:39 2013 -0500
Merge branch 'hmac_header_fixes' into hmac_support
commit b86e48dd66c3e7a6160cf932639418d1c2325cd3
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Mar 2 23:16:26 2013 -0500
remove a couple of unnecessary header includes
client/fwknop.c | 3 ---
server/access.c | 1 -
server/incoming_spa.c | 1 -
3 files changed, 5 deletions(-)
commit d27c3e3b09410101f88db05bdf05dc02fc0403a5
Merge: 8731f02 f9e1ae4
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Mar 2 22:41:15 2013 -0500
Merge branch 'hmac_header_fixes' of github.com:mrash/fwknop into hmac_header_fixes
commit d94513ee00d64f1686cda7eb5f6a2eb3825776ec
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Mar 2 22:38:26 2013 -0500
[test suite] started adding HMAC equivalent tests for all existing tests
test/test-fwknop.pl | 153 ++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 153 insertions(+)
commit f9e1ae4859ac850ede8e980bb96d64189eb7fefe
Merge: 73b1931 c1baa7e
Author: Damien Stuart <dstuart@dstuart.org>
Date: Sat Mar 2 17:22:50 2013 -0500
Merge my working branch 'hmac_support' into hmac_header_fixes
commit c1baa7e12f3663ebecb481fe51b8ae92255cebb0
Merge: 6ecf81b 839cc41
Author: Damien Stuart <dstuart@dstuart.org>
Date: Sat Mar 2 17:08:55 2013 -0500
Merge branch 'hmac_support' of github.com:mrash/fwknop into hmac_support
commit 6ecf81b16e601b92f67487cee2ef4c303f733b2e
Author: Damien Stuart <dstuart@dstuart.org>
Date: Sat Mar 2 17:03:20 2013 -0500
First round if refactoring to clean up header dependencies.
client/fwknop.c | 28 +++++++++++++++++++++++-----
client/fwknop_common.h | 1 +
client/utils.h | 3 ---
common/common.h | 1 +
configure.ac | 2 +-
lib/base64.c | 1 +
lib/base64.h | 2 --
lib/cipher_funcs.c | 1 +
lib/cipher_funcs.h | 2 +-
lib/digest.c | 2 ++
lib/digest.h | 10 ----------
lib/fko.h | 15 ++++++---------
lib/fko_common.h | 6 ------
lib/fko_context.h | 4 ++++
lib/fko_encryption.c | 35 +++++++++++++++++++++++++++++++----
lib/fko_hmac.c | 17 +++++++++++++++--
lib/fko_util.c | 25 +------------------------
lib/fko_util.h | 2 --
lib/gpgme_funcs.h | 5 ++++-
lib/md5.h | 3 ++-
lib/rijndael.c | 1 +
lib/rijndael.h | 3 +--
lib/sha1.h | 3 ++-
lib/sha2.h | 5 ++++-
server/access.c | 1 +
server/incoming_spa.c | 1 +
server/utils.h | 3 ---
27 files changed, 104 insertions(+), 78 deletions(-)
commit 58ba7717e61d1471b86cc4ac070f871ff4f02d15
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Mar 2 14:13:47 2013 -0500
[test suite] minor category renaming
test/test-fwknop.pl | 294 +++++++++++++++++++++++++++-------------------------
1 file changed, 150 insertions(+), 144 deletions(-)
commit 1de684ab167543f14fcf3046086d5b9aacba90d2
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Mar 2 11:15:19 2013 -0500
[test suite] minor spacing fix for hmac_access.conf file
test/conf/hmac_access.conf | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit e4b6f566192aaebd927046c663f572e1b97d8da4
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Mar 2 11:10:48 2013 -0500
[test suite] minor valgrind coverage dir import status message
test/test-fwknop.pl | 35 +++++++++++++++++++++--------------
1 file changed, 21 insertions(+), 14 deletions(-)
commit a00de31f5a73750eee6a46ceb50d300f2432f528
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Mar 2 10:47:03 2013 -0500
[test suite] use find_command() for valgrind path
test/test-fwknop.pl | 43 +++++++++++++++++++++----------------------
1 file changed, 21 insertions(+), 22 deletions(-)
commit 1e01d59c918b7d6e015e9874981109c09ec8aedc
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Mar 2 10:18:05 2013 -0500
[test suite] added elapsed time display
test/test-fwknop.pl | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
commit 8731f02005f50a52482211128a5dd0bb050bfeb4
Merge: 73b1931 839cc41
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Mar 1 22:35:19 2013 -0500
Merge branch 'hmac_support' into hmac_header_fixes
commit 839cc416039ca10d42f36071587d4b1ad3bd1fbe
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Mar 1 22:11:22 2013 -0500
remove unused vars for pf/ipfw/ipf firewalls until NAT is supported for them
server/fw_util_ipf.c | 9 ---------
server/fw_util_ipfw.c | 9 ---------
server/fw_util_pf.c | 9 ---------
3 files changed, 27 deletions(-)
commit bf94e79a3b85ae1f662b580822dd3d99e2b803fc
Merge: 22316b7 bf99082
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Mar 1 21:58:08 2013 -0500
merged bf990821ffcb44aba4c82a476e0309b49837ebb7 for #20
commit 73b1931bd874c9c4315825dfc913bf39139f3085
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Feb 28 22:25:04 2013 -0500
minor clean up for get_keys() base64 decoded key length
client/fwknop.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
commit ffcb77552b44833765020a0c04f5232343c02146
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Feb 28 21:47:43 2013 -0500
Remove lib/fko.h dependency on rijndael.h
client/config_init.c | 21 ---------------------
client/fwknop.c | 11 ++++++++++-
lib/cipher_funcs.c | 24 ++++++++++++++++++------
lib/fko.h | 17 ++++++++---------
lib/fko_encryption.c | 5 ++---
lib/fko_funcs.c | 3 +--
lib/fko_util.c | 23 +++++++++++++++++++++++
lib/fko_util.h | 1 +
server/access.c | 23 -----------------------
9 files changed, 63 insertions(+), 65 deletions(-)
commit 22316b796cc38824bf699898b6148719204b54f5
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Feb 28 21:42:53 2013 -0500
added test/fko-wrapper/ files for the test suite
Makefile.am | 3 +++
1 file changed, 3 insertions(+)
commit e38fb835d0622125f514561c9c34f52f1ff54cd7
Author: Franck Joncourt <franck@debian.org>
Date: Thu Feb 28 22:53:08 2013 +0100
Added save capability for a specific stanza in fwknoprc.
client/config_init.c | 655 +++++++++++++++++++++++++++++++++++++++++++++++--
client/fwknop_common.h | 1 +
2 files changed, 633 insertions(+), 23 deletions(-)
commit 9c1b1d531d28dc32cbf7935e4a59d629ad2ac38c
Merge: bdb32cf bf99082
Author: Damien Stuart <dstuart@dstuart.org>
Date: Mon Feb 25 21:46:09 2013 -0500
Merging fixes_for_2.0.4 into hmac_support
commit db7f3e2b3c53c27f64663fff5c926238cc7bdea6
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Feb 25 16:50:12 2013 -0500
Added fko_set_spa_encryption_mode() multi-call test to fko-wrapper
test/fko-wrapper/fko_wrapper.c | 5 +++++
1 file changed, 5 insertions(+)
commit bf990821ffcb44aba4c82a476e0309b49837ebb7 (refs/remotes/origin/fixes_for_2.0.4, refs/remotes/ag4ve/fixes_for_2.0.4)
Author: Damien Stuart <dstuart@dstuart.org>
Date: Sun Feb 24 18:09:13 2013 -0500
Fixed broken configure options for forcing a particular firewall type and path.
configure.ac | 33 +++++++++++++++++++++++++++++----
1 file changed, 29 insertions(+), 4 deletions(-)
commit 2f1768fcc4c287a3a26d844fafec9197d8ae1db8
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Feb 22 20:51:48 2013 -0500
minor CREDITS file formatting update
CREDITS | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit bdb32cf634760bb22d376ea371a0be6951ce0612
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Feb 21 22:47:40 2013 -0500
added decryption tests to fko-wrapper
test/fko-wrapper/fko_wrapper.c | 96 +++++++++++++++++++++++++++++++++++++++---
1 file changed, 89 insertions(+), 7 deletions(-)
commit 6c2b657bfe6991224c665bc4c8e93fdcad8262b7
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Feb 21 22:44:33 2013 -0500
[libfko] free dynamically allocated resources for multiple libfko fcn calls
lib/fko_decode.c | 25 ++++++++++++++++++++++++-
lib/fko_encryption.c | 3 +++
lib/fko_funcs.c | 9 ++++++---
lib/fko_hmac.c | 3 +++
4 files changed, 36 insertions(+), 4 deletions(-)
commit 2b54cb94f540d2db9d8cd4db37e61ed893f1bffb
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Feb 21 07:36:33 2013 -0500
memory leak bug fix for fko_new() to allow multiple calls without requiring external fko_destroy() call
lib/fko_funcs.c | 3 +++
1 file changed, 3 insertions(+)
commit 74fe3c633049b53bdb92f2d65ed589a05accf9c4
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Feb 21 07:35:53 2013 -0500
added fko-wrapper memory validation test
test/test-fwknop.pl | 71 +++++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 69 insertions(+), 2 deletions(-)
commit 3ce7a77df35eb2277a71767deb1dcc22cc8886d8
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Feb 21 07:33:52 2013 -0500
added global function call number var for fko-wrapper
test/fko-wrapper/fko_wrapper.c | 36 +++++++++++++++++++++---------------
1 file changed, 21 insertions(+), 15 deletions(-)
commit 52f40fea3cc0a84a0db9dad853b8abbc5bdd78cb
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Feb 21 07:32:55 2013 -0500
added 'clean' stanza for fko-wrapper Makefile
test/fko-wrapper/Makefile | 3 +++
1 file changed, 3 insertions(+)
commit 0ae954cb1769f9b064a84440f5d518457db57da3
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Feb 20 23:06:40 2013 -0500
completed fko_wrapper Rijndael encryption usage
test/fko-wrapper/Makefile | 2 +-
test/fko-wrapper/fko_wrapper.c | 29 +++++++++++++++++++++++++++--
2 files changed, 28 insertions(+), 3 deletions(-)
commit cae795f6fdea27ada3f94e6a23d4e4eb530ea814
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Feb 20 22:55:26 2013 -0500
allow encryption routines to be called multiple times for the same context (deallocate memory from previous calls)
lib/fko_encryption.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
commit 5b00d1756f590c5003bc2a027faeb3110eaa836c
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Feb 20 21:20:09 2013 -0500
set fko_ctx_t opaque pointers to NULL
client/fwknop.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
commit c70ad5f12f4684389a895aaf7ec3cf8ef6be5f7b
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Feb 20 21:05:47 2013 -0500
added fko-wrapper Makefile
test/fko-wrapper/Makefile | 3 +++
1 file changed, 3 insertions(+)
commit e4a5b79750faa14224671e8242028e1eaa501b52
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Feb 20 21:00:46 2013 -0500
Added fko-wrapper that the test suite will be able to use for valgrind operations
The fko_wrapper.c code is designed to call libfko functions multiple times in
order to allow valgrind to test re-execution conditions. This ensures that
libfko code frees memory from previous calls before leaking memory.
test/fko-wrapper/fko_wrapper.c | 74 ++++++++++++++++++++++++++++++++++++++++
test/fko-wrapper/run_valgrind.sh | 3 ++
2 files changed, 77 insertions(+)
commit 33e1c19bb265df2f4b956447e016e3cf4226a8fc
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Feb 20 20:45:40 2013 -0500
Make sure valgrind is stopped after each test in --enable-valgrind mode, closes #38
This commit uses pgrep + killall (if available) to ensure that valgrind is not
running after each test.
test/test-fwknop.pl | 33 ++++++++++++++++++++++-----------
1 file changed, 22 insertions(+), 11 deletions(-)
commit a413c6cf94afd1fcd0000f03f75ecd2a904220a9
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Feb 19 23:11:01 2013 -0500
Continue atoi() replacement with strtol() wrapper, closes issue #21
This commit completes the conversion to the strtol() wrapper function in order
to remove all atoi() calls. In addition, variable max values are enforced
using more broadly defined RCHK_* values.
client/config_init.c | 37 +++++--------
client/fwknop.c | 2 +-
client/http_resolve_host.c | 6 +-
client/spa_comm.c | 6 +-
lib/fko_decode.c | 2 +-
lib/fko_util.c | 6 +-
server/access.c | 7 ++-
server/config_init.c | 2 +-
server/config_init.h | 16 ------
server/fw_util_ipfw.c | 135 +++++++++++++++++++++++++++++++--------------
server/fw_util_iptables.c | 6 +-
server/fwknopd.c | 2 +-
server/fwknopd_common.h | 24 +++++++-
server/incoming_spa.c | 2 +-
server/pcap_capture.c | 6 +-
15 files changed, 155 insertions(+), 104 deletions(-)
commit 6a475bbe5407b076a3c1425009efbeb93427618e
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Feb 18 22:22:44 2013 -0500
Continued atoi() replacement with strtol() wrapper (issue #21)
This commit replaces a few additional atoi() calls with the strtol() wrapper
function, and also fixes a bug where access SOURCE IP/mask combinations would
not be accepted when the string length was a long as something like
'123.123.123.123/255.255.255.255'.
server/access.c | 37 +++++++++++++++++++++++--------------
server/access.h | 4 +++-
test/conf/multi_stanzas_access.conf | 2 +-
3 files changed, 27 insertions(+), 16 deletions(-)
commit 3f05f81ac68d0845983b4470410f200495e3a401
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Feb 18 19:54:50 2013 -0500
memory leak bug fix in fko_set_rand_value()
Bug fix for the following error caught by the test suite (in the [Rijndael SPA]
[client+server] random SPA port (tcp/22 ssh) test):
==24257== 17 bytes in 1 blocks are definitely lost in loss record 1 of 1
==24257== at 0x4C2B3F8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==24257== by 0x4E38B9B: fko_set_rand_value (fko_rand_value.c:114)
==24257== by 0x4E37FE0: fko_new (fko_funcs.c:75)
==24257== by 0x10AE52: main (fwknop.c:113)
lib/fko_rand_value.c | 6 ++++++
1 file changed, 6 insertions(+)
commit 1afc8db96a0e2cd8abdf2cd5994ab3ab385a4e73
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Feb 18 19:32:53 2013 -0500
Added strtol_wrapper() libfko utility function for atoi() replacement (#21)
This commit replaces most atoi() calls (which don't report errors) with a strtol()
wrapper function for stronger string -> integer conversion validation.
client/config_init.c | 75 ++++++++++++++++++++++++----------------------
client/fwknop.c | 20 +++++++++++--
client/http_resolve_host.c | 6 ++--
client/spa_comm.c | 10 +++++--
common/Makefile.am | 2 +-
lib/fko.h | 5 ++++
lib/fko_decode.c | 24 +++++++++++----
lib/fko_util.c | 52 +++++++++++++++++++++++++++++++-
lib/fko_util.h | 2 ++
server/config_init.c | 38 ++++++++++++++++++-----
server/fw_util_iptables.c | 52 +++++++++++++++++++++++++-------
server/fwknopd.c | 25 ++++++++++------
server/incoming_spa.c | 15 +++++++++-
server/pcap_capture.c | 36 +++++++++++++++++-----
server/tcp_server.c | 11 +++++--
15 files changed, 285 insertions(+), 88 deletions(-)
commit 934e6760537b1438358dc5b12ae81543d2104843
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Feb 18 19:22:48 2013 -0500
minor cleanup to put --enable-all flags in one place
test/test-fwknop.pl | 12 +++---------
1 file changed, 3 insertions(+), 9 deletions(-)
commit 500a395cb6577e2d17ff9e23b6de19c9665635a6
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Feb 17 21:43:16 2013 -0500
apply const to pf and ipfw firewall function prototypes
server/fw_util_ipfw.c | 13 +++++++------
server/fw_util_pf.c | 13 +++++++------
2 files changed, 14 insertions(+), 12 deletions(-)
commit 0b4cbbedfb2a6588243e6a71b354e42f08c257ff
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Feb 17 21:38:03 2013 -0500
added fwknoprc* files
Makefile.am | 6 ++++++
1 file changed, 6 insertions(+)
commit 7735e8ce7a7e4c82718b743bcc3de60c08394eb6
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Feb 17 12:02:48 2013 -0500
minor comment typ fix
client/fwknop.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit ff285961e806c06376802e49cedff3b9b087497a
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Feb 15 07:58:49 2013 -0500
Added --save-args-file and --no-save-args text to fwknop man page
doc/fwknop.man.asciidoc | 8 ++++++++
1 file changed, 8 insertions(+)
commit aab3ba3b0cca99fdbd97efd4219990a76d04d7ce
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Feb 14 22:50:14 2013 -0500
added --save-args-file and corresponding tests to the fwknop client
client/cmd_opts.h | 3 +-
client/config_init.c | 8 +-
client/fwknop.c | 232 +++++++++++++++++++++++++++----------------------
client/fwknop_common.h | 1 +
test/test-fwknop.pl | 25 +++++-
5 files changed, 160 insertions(+), 109 deletions(-)
commit 280dbbfe103fb52661dcc228d3db47cb031dae85
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Feb 12 23:26:08 2013 -0500
added test for client --save-packet <file> argument
test/test-fwknop.pl | 23 ++++++++++++++++++++++-
1 file changed, 22 insertions(+), 1 deletion(-)
commit ce18de4f841c522e4fcb73dcb04b404d2b2642ad
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Feb 12 22:39:39 2013 -0500
make libfko pointers constant where possible
lib/fko.h | 66 +++++++++++++++++++++--------------------------
lib/fko_encryption.c | 22 +++++++++-------
lib/fko_funcs.c | 18 ++++++-------
lib/fko_hmac.c | 4 +--
lib/fko_message.c | 2 +-
lib/fko_nat_access.c | 2 +-
lib/fko_rand_value.c | 2 +-
lib/fko_server_auth.c | 2 +-
lib/fko_user.c | 16 ++++++------
server/fw_util.h | 13 +++++-----
server/fw_util_iptables.c | 52 +++++++++++++++++++++----------------
server/fwknopd.c | 13 +++++-----
12 files changed, 108 insertions(+), 104 deletions(-)
commit 4daedde364c0c938e813fb0f5bc05c7ca3a0f0f0
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Feb 12 22:18:16 2013 -0500
updated untested function list for Linux systems
test/test-coverage/iptables/zero_called_functions | 42 +++--------------------
1 file changed, 5 insertions(+), 37 deletions(-)
commit 67c09c8a1f50dc1fa87cf7e28998579e7ff59136
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Feb 12 22:08:42 2013 -0500
Added test-coverage/README file
test/test-coverage/README | 15 +++++++++++++++
1 file changed, 15 insertions(+)
commit f14fb4cb766f26f9984fb5019ed177b35fe18757
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Feb 12 22:06:35 2013 -0500
use same test execution strategy for --enable-profile-coverage-check as --enable-valgrind
test/test-fwknop.pl | 30 ++++++++++++++++--------------
1 file changed, 16 insertions(+), 14 deletions(-)
commit 98ed91a36f5c7278c9a4c0a2fd8d8527dce907b7
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Feb 11 23:17:52 2013 -0500
updated ownership determination to use the test suite owner instead of the configure script
test/test-fwknop.pl | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
commit 67f92e7647911083d8bc7553c19fcf630235be77
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Feb 10 15:04:33 2013 -0500
added the roadmap.org file
Makefile.am | 1 +
1 file changed, 1 insertion(+)
commit 381487569c4ba0ad5c90e58c9a532977a15acced
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Feb 10 15:01:06 2013 -0500
added the roadmap.org file to define the upcoming fwknop road map
roadmap.org | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 69 insertions(+)
commit b820bbbe4b5fedeb88e7798cfdddec722936c34c
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Feb 10 14:57:44 2013 -0500
Minor memory leak bug fix in --rotate-digest-cache mode
This commit fixes a minor memory leak for the digest cache file path in
--rotate-digest-cache mode in the replay_cache_init() function. The leak was
caught by valgrind, and a new test was added to the test suite for it. Here
is the valgrind warning:
==29021== 21 bytes in 1 blocks are definitely lost in loss record 2 of 2
==29021== at 0x4C2B3F8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29021== by 0x1103AA: replay_cache_init (replay_cache.c:96)
==29021== by 0x10BB8C: main (fwknopd.c:254)
server/replay_cache.c | 8 +++++++-
test/test-fwknop.pl | 52 +++++++++++++++++++++++++++++++++++++++++++++++++--
2 files changed, 57 insertions(+), 3 deletions(-)
commit 7face3eec9bbfa8a2df7b96cf078a418cb940e95
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Feb 2 22:37:17 2013 -0500
ensure matching test file comparison for valgrind test
test/test-fwknop.pl | 30 ++++++++++++++++++------------
1 file changed, 18 insertions(+), 12 deletions(-)
commit 7bfaee9aef7893b08c7cdcbb9af7ae424ff4fbf5
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Feb 2 22:06:45 2013 -0500
Make valgrind test fail for new flagged functions
In --enable-valgrind mode, this commit adds the ability to compare current test
result output with any previous test suite execution. Whenever valgrind flags
a new function or if an existing flagged function has a greater number of
calls, then the final valgrind test will fail. This allows a greater level of
valgrind validation to take place for new code in an automated fashion. For
example, if a change to a piece of code introduces a memory handling problem of
the sort that valgrind can detect, then the final test will fail like so:
# ./test-fwknop.pl --include "complete cycle.*HMAC" --enable-valgrind --test-limit 1
[+] Starting the fwknop test suite...
args: --include complete cycle.*HMAC --enable-valgrind --test-limit 1
Saved results from previous run to: output.last/
[Rijndael SPA] [client+server] complete cycle + HMAC (tcp/22 ssh)...pass (1)
[valgrind output] [flagged functions] ..............................fail (2)
[+] 1/1/2 tests passed/failed/executed
The newly flagged functions will be written to the corresponding test file:
# cat output/2.test
[+] TEST: [valgrind output] [flagged functions]~
[-] 1.test (client) '[+] TEST: [Rijndael SPA] [client+server] complete cycle + HMAC (tcp/22 ssh)' --> NEW valgrind flagged function: main
[-] 1.test (client) '[+] TEST: [Rijndael SPA] [client+server] complete cycle + HMAC (tcp/22 ssh)' --> NEW valgrind flagged function: fko_spa_data_final
[-] 1.test (client) '[+] TEST: [Rijndael SPA] [client+server] complete cycle + HMAC (tcp/22 ssh)' --> NEW valgrind flagged function: strdup
[-] 1.test (client) '[+] TEST: [Rijndael SPA] [client+server] complete cycle + HMAC (tcp/22 ssh)' --> NEW valgrind flagged function: fko_new
[-] 1.test (client) '[+] TEST: [Rijndael SPA] [client+server] complete cycle + HMAC (tcp/22 ssh)' --> NEW valgrind flagged function: fko_encrypt_spa_data
[-] 1.test (client) '[+] TEST: [Rijndael SPA] [client+server] complete cycle + HMAC (tcp/22 ssh)' --> NEW valgrind flagged function: fko_encode_spa_data
[-] 1.test (client) '[+] TEST: [Rijndael SPA] [client+server] complete cycle + HMAC (tcp/22 ssh)' --> NEW valgrind flagged function: fko_calculate_hmac
[-] 1.test (client) '[+] TEST: [Rijndael SPA] [client+server] complete cycle + HMAC (tcp/22 ssh)' --> NEW valgrind flagged function: fko_set_username
[-] 1.test (client) '[+] TEST: [Rijndael SPA] [client+server] complete cycle + HMAC (tcp/22 ssh)' --> NEW valgrind flagged function: fko_set_rand_value
[-] 1.test (client) '[+] TEST: [Rijndael SPA] [client+server] complete cycle + HMAC (tcp/22 ssh)' --> NEW valgrind flagged function: fko_set_spa_message
[-] 1.test (client) '[+] TEST: [Rijndael SPA] [client+server] complete cycle + HMAC (tcp/22 ssh)' --> NEW valgrind flagged function: set_digest
[-] 1.test New and/or greater number of valgrind flagged function calls
test/test-fwknop.pl | 214 ++++++++++++++++++++++++++++++++++++++--------------
1 file changed, 159 insertions(+), 55 deletions(-)
commit 4824b74d93f3b44a9b233c7bd474c1f0ceaa2ea4
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jan 31 22:19:21 2013 -0500
bug fix for iptables duplicate rules test to account for rules that may have a different time stamp
test/test-fwknop.pl | 22 +++++++++++++++++-----
1 file changed, 17 insertions(+), 5 deletions(-)
commit 6d233a9427622352775a2d59d9b29800eb3a8e3e
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jan 31 21:20:04 2013 -0500
make sure test message strings are unique across all tests
test/test-fwknop.pl | 23 ++++++++++++++++++-----
1 file changed, 18 insertions(+), 5 deletions(-)
commit c31c924a4541700e6a1a1eb9bd6ce82e1f9e7651
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Jan 30 21:13:44 2013 -0500
minor spacing fix
lib/sha2.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
commit 13018a5c42dfd50345bbd34cbd6e14857086b50e
Merge: fa56f95 fcf9f43
Author: Michael Rash <michael.rash@gmail.com>
Date: Wed Jan 30 18:04:50 2013 -0800
Merge pull request #19 from fjoncourt/hmac_support
Fixed gcc warning for the md5 driver.
commit fa56f951b422cb42c9be99234df24d0b9c51403b
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Jan 29 21:57:38 2013 -0500
[test suite] bug fix for 'set_legacy_iv' mode in perl_fko_module_complete_cycle()
test/test-fwknop.pl | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
commit f1793a61d6d26378f9be5d662a81d02596d41bc6
Merge: efe6e9f 1a8520d
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Jan 29 21:52:15 2013 -0500
Merge remote-tracking branch 'fjoncourt/hmac_support' into hmac_support
Applied fix from Franck Joncourt for the 'warning: dereferencing type-punned
pointer will break strict-aliasing rules [-Wstrict-aliasing]' error in the
MD5 digest code.
commit fcf9f43c5ba0e11214d31c515854543c21d7bd63
Author: Franck Joncourt <franck@debian.org>
Date: Mon Jan 28 21:47:57 2013 +0100
Fixed gcc warnings for the sha2 driver.
lib/sha2.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
commit efe6e9f23b32c5376b9696ffd60cb78b683bf761
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jan 27 22:22:52 2013 -0500
more legacy IV mode tests with the perl FKO module
test/test-fwknop.pl | 49 ++++++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 44 insertions(+), 5 deletions(-)
commit 4cb139c6744f1c92fe03561c8007eb00c4ddb8ca
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jan 27 20:37:48 2013 -0500
added fuzzing test counters with summary output
test/test-fwknop.pl | 28 ++++++++++++++++++++++------
1 file changed, 22 insertions(+), 6 deletions(-)
commit 2ecb278d8ee3e922647066254d8195afca3e0db4
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jan 27 14:18:25 2013 -0500
added legacy IV tests for perl FKO client -> C server
test/test-fwknop.pl | 48 ++++++++++++++++++++++++++++++++++++++++++------
1 file changed, 42 insertions(+), 6 deletions(-)
commit 0109d64e545f5c2d124c2aff4e5691b46fb3ace3
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jan 27 14:03:26 2013 -0500
added encryption_mode() support to perl FKO module
perl/FKO/FKO.xs | 21 +++++++++++++++++++++
perl/FKO/lib/FKO.pm | 16 ++++++++++++++++
perl/FKO/lib/FKO_Constants.pl | 23 +++++++++++++++++++++++
test/test-fwknop.pl | 1 +
4 files changed, 61 insertions(+)
commit b537c9e451a6b7e97bcf63a76d18b3246a622222
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jan 27 13:30:26 2013 -0500
ensure test/conf/ files are included
Makefile.am | 27 ++++++++++++++++++---------
1 file changed, 18 insertions(+), 9 deletions(-)
commit e7eb02f82df2949c1a9092745b771fa8ffaf6723
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jan 27 13:18:29 2013 -0500
Maintain backwards compatibility with old "zero padding" code
[libfko] Added the ability to maintain backwards compatibility with the
now deprecated "zero padding" strategy in AES mode that was a hold over
from the old perl fwknop implementation. This enables the backwards
compatiblity tests to continue to pass in the test suite.
ChangeLog | 3 +++
lib/cipher_funcs.c | 20 +++++++++--------
lib/fko.h | 1 +
server/access.c | 2 ++
test/conf/android_legacy_iv_access.conf | 4 ++++
test/conf/legacy_iv_access.conf | 4 ++++
test/test-fwknop.pl | 38 ++++++++++++++++++---------------
7 files changed, 46 insertions(+), 26 deletions(-)
commit 8a5b700c3007239c81a069b390f0dfc5ce1d8552
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jan 27 10:54:20 2013 -0500
openssl tests to use '-pass file:' method for setting passphrase
test/test-fwknop.pl | 105 +++++++++++++++++++++++++++++++++++++++++++---------
1 file changed, 87 insertions(+), 18 deletions(-)
commit 98c16005da147e4885abb6e95ea3e3ce0d207468
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jan 27 10:53:07 2013 -0500
memset() AES buffers to zero
lib/cipher_funcs.c | 5 +++++
1 file changed, 5 insertions(+)
commit 1618dc2a7c2f8c0c5b4808225e579f23778e4b68
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Jan 26 20:45:56 2013 -0500
minor typo spelling fix
test/conf/fwknoprc_default_hmac_base64_key | 2 +-
test/conf/fwknoprc_invalid_base64_key | 2 +-
test/conf/fwknoprc_named_key | 2 +-
test/conf/fwknoprc_with_default_base64_key | 2 +-
test/conf/fwknoprc_with_default_key | 2 +-
test/conf/fwknoprc_with_named_key | 2 +-
6 files changed, 6 insertions(+), 6 deletions(-)
commit 1a8520d659c6488be5eff6c8bad30bf7f01614d3
Author: Franck Joncourt <franck@debian.org>
Date: Sat Jan 26 22:23:18 2013 +0100
Fixed gcc warning for the md5 driver.
md5.c: In function 'MD5Final':
md5.c:166:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
md5.c:167:5: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
Debian Gnu/Linux on i386 build against 2.0.4 :
https://buildd.debian.org/status/fetch.php?pkg=fwknop&arch=i386&ver=2.0.4-1&stamp=1358610541
lib/md5.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit 1d35c33d5214345118836146713b8c6fff8d211d
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Jan 25 21:44:24 2013 -0500
[test suite] added --enable-openssl-checks
Added --enable-openssl-checks to send all SPA packets encrypted via libfko
through the OpenSSL library to ensure that the libfko usage of AES is always
compatible with OpenSSL. This ensures that the fwknop usage of AES is properly
implemented as verified by the OpenSSL library, which is a frequently audited
high profile crypto engine. If a vulnerability is discovered in OpenSSL and a
change is made, then the --enable-openssl-checks mode will allow the test suite
to discover this in a automated fashion for fwknop.
ChangeLog | 8 ++
lib/cipher_funcs.c | 43 ++++++----
test/test-fwknop.pl | 241 ++++++++++++++++++++++++++++++++++++++++++++++++++--
todo.org | 15 ++++
4 files changed, 286 insertions(+), 21 deletions(-)
commit e6e695bc2efe09634cda917ba33eb296302fc2b5
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Jan 22 22:47:40 2013 -0500
minor todo.org updates
todo.org | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
commit fbbcae3a0db81336f45b45e3c4698a79f113c393
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Jan 22 22:20:54 2013 -0500
[libfko] Don't trundate > 16 byte Rijndael keys
Significant bug fix to honor the full encryption key length for
user-supplied Rijndael keys > 16 bytes long. Previous to this bug fix,
only the first 16 bytes of a key were actually used in the encryption/
decryption process even if the supplied key was longer. The result was
a weakening of expected security for users that had keys > 16 bytes,
although this is probably not too common. Note that "passphrase" is
perhaps technically a better word for "user-supplied key" in this
context since Rijndael in CBC mode derives a real encryption/decryption
key from the passphrase through a series of applications of md5 against
the passphrase and a random salt. This issue was reported by Michael T.
Dean. Closes issue #18 on github.
CREDITS | 4 +++
ChangeLog | 11 +++++++
lib/cipher_funcs.c | 42 ++++++++++++++------------
lib/rijndael.h | 10 +++----
test/test-fwknop.pl | 85 +++++++++++++++++++++++++++++++++++++++++++++++++++++
5 files changed, 128 insertions(+), 24 deletions(-)
commit fde5ec8ed99a37717af756618c7fb36ed62a4b69
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jan 20 22:43:29 2013 -0500
minor todo.org updates
todo.org | 5 +++++
1 file changed, 5 insertions(+)
commit 7d82b3ef30b57240d81af443a973be7a92269dbc
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jan 20 22:01:29 2013 -0500
minor ChangeLog and todo.org updates for the coming HMAC feature
ChangeLog | 4 +++-
todo.org | 14 ++++++++++----
2 files changed, 13 insertions(+), 5 deletions(-)
commit 6c72e7a90849b847fc03bea038a83397340d3d50
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jan 20 18:51:34 2013 -0500
added test for b0a4c045e6862e4359fe6530934f456a2e61703d (ensure iptables rules not duplicated)
test/test-fwknop.pl | 61 +++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 61 insertions(+)
commit fd41308ce55db47ddc7ae54237a55a283526437e
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jan 20 15:31:55 2013 -0500
added info for Franck's latest contribution
CREDITS | 3 +++
1 file changed, 3 insertions(+)
commit b0a4c045e6862e4359fe6530934f456a2e61703d
Merge: 160a9e5 0fda88c
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jan 20 15:22:47 2013 -0500
Merge remote-tracking branch 'fjoncourt/master' into hmac_support
This merges in code from Franck Joncourt to ensure that duplicate iptables
rules are not created for SPA packets that are themselves different but arrive
at the same time and that request exactly the same access. This is done by
using the 'iptables -C' functionality to determine whether a duplicate rule
already exists before adding a new one.
commit 160a9e5565ffdec56e528a4412bbf0cbcef7963a
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jan 20 14:27:27 2013 -0500
perl FKO module HMAC compatibility
lib/fko_funcs.c | 13 +++++++++++--
perl/FKO/FKO.xs | 26 ++++++++++++++++++--------
perl/FKO/lib/FKO.pm | 38 +++++++++++++++++++++++---------------
perl/FKO/lib/FKO_Constants.pl | 18 ++++++++++++++++++
test/test-fwknop.pl | 28 ++++++++++++++--------------
5 files changed, 84 insertions(+), 39 deletions(-)
commit 47f20ea30cc07b1a4b2b3aff6da259b7320f0782
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Jan 19 18:36:52 2013 -0500
merged in the fixes_for_2.0.4 branch
client/Makefile.am | 2 +-
common/Makefile.am | 8 ++++++++
lib/Makefile.am | 15 +++------------
server/Makefile.am | 2 +-
4 files changed, 13 insertions(+), 14 deletions(-)
commit fc4825b3310f9a9675ea18fea870904628ae59e8
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Jan 19 18:17:29 2013 -0500
added backwards compatibility test for 2.0.4 client->server
test/test-fwknop.pl | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
commit 437a05dac66e05e875431d1a705ad19c2a4eac54
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Jan 19 16:27:34 2013 -0500
interim commit towards FKO compatibility with HMAC code
perl/FKO/FKO.xs | 31 ++++++++++++++++++++-----------
1 file changed, 20 insertions(+), 11 deletions(-)
commit 307cb84323c0dd699ff2e30e5cee07da933bc352
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Jan 18 22:11:32 2013 -0500
port strlen bugfix
client/spa_comm.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit 47ea800889f272fc1d64f85da81659a4aa49b273
Merge: 55fa484 10c1906
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Jan 18 18:24:45 2013 -0500
merged in fwknop-2.0.4 changes
commit 0fda88cfcac4d99bcb3d0f1e20d405ae1e5b6d9d
Author: Franck Joncourt <franck@debian.org>
Date: Thu Jan 17 21:46:13 2013 +0100
* Avoid duplicate rules with the same timestamp.
server/fw_util_iptables.c | 305 ++++++++++++++++++++++++----------------------
server/fw_util_iptables.h | 10 +-
2 files changed, 165 insertions(+), 150 deletions(-)
commit ecc9a62a23faa3688c5b63849e4f12109beffef5 (refs/remotes/fjoncourt/fixes_for_2.0.4)
Author: Damien Stuart <dstuart@dstuart.org>
Date: Sun Jan 13 22:28:34 2013 -0500
Add AM_CPPFLAGS to common/Makefile.am
common/Makefile.am | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
commit b7b4e857be15c2f34ada9d63c988fc3d4debcc6f
Author: Damien Stuart <dstuart@dstuart.org>
Date: Sun Jan 13 22:16:30 2013 -0500
Change to how strlcpy and strlcat are handled
Put strlcpy and strlcat object files back in the source group in lib.
Moved libfko_util.a to the common directory (though sources remain in
lib). Client and server code looks to common dir for libfko-util.
This fixes issue with strlcpy showing as undefined symbol when perl FKO
module is loaded.
client/Makefile.am | 2 +-
common/Makefile.am | 6 ++++++
lib/Makefile.am | 11 +----------
server/Makefile.am | 2 +-
4 files changed, 9 insertions(+), 12 deletions(-)
commit 10c19063df27f0bc60f86bc1c3498be498f3a0d3
Author: Damien Stuart <dstuart@dstuart.org>
Date: Sun Dec 23 10:28:30 2012 -0500
Fixed parallel build issue
Added explicit dependency directives to Makefile.am to address errors
when running a parallel build.
lib/Makefile.am | 20 ++++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
commit 516b75f41c738b9e88fa836d93600d6bb23d4f2e
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Dec 13 21:09:47 2012 -0500
removed openbsd/pkg/ directory
extras/openbsd/pkg/DESCR | 14 --------------
extras/openbsd/pkg/PFRAG.shared | 2 --
extras/openbsd/pkg/PLIST | 11 -----------
extras/openbsd/pkg/fwknopd.rc | 9 ---------
4 files changed, 36 deletions(-)
commit 0d19065ecc4c4f1a34c85b27302c98bc2e6adfe7
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Dec 13 21:07:53 2012 -0500
added fwknop-2.0.4 OpenBSD port from Vlad Glagolev
ChangeLog | 4 +++
extras/openbsd/fwknop-2.0.4/Makefile | 46 ++++++++++++++++++++++++++++
extras/openbsd/fwknop-2.0.4/distinfo | 5 +++
extras/openbsd/fwknop-2.0.4/pkg/DESCR | 14 +++++++++
extras/openbsd/fwknop-2.0.4/pkg/PFRAG.shared | 2 ++
extras/openbsd/fwknop-2.0.4/pkg/PLIST | 11 +++++++
extras/openbsd/fwknop-2.0.4/pkg/fwknopd.rc | 9 ++++++
7 files changed, 91 insertions(+)
commit 0e89efb40e3bd94c2a871f54289e35672ab29371
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Dec 13 21:05:31 2012 -0500
moved openbsd/* to openbsd/fwknop-2.0.3/ now that Vlad Glagolev has contributed an fwknop-2.0.4 OpenBSD port
extras/openbsd/distinfo | 5 ---
extras/openbsd/fwknop-2.0.3/Makefile | 46 ++++++++++++++++++++++
extras/openbsd/fwknop-2.0.3/distinfo | 5 +++
.../fwknop-2.0.3/patches/patch-lib_fko_decode_c | 14 +++++++
.../patches/patch-server_replay_cache_c | 27 +++++++++++++
extras/openbsd/patches/patch-lib_fko_decode_c | 14 -------
extras/openbsd/patches/patch-server_replay_cache_c | 27 -------------
7 files changed, 92 insertions(+), 46 deletions(-)
commit 55fa4841f24f13c1db84fa76a02d106298c057ec
Merge: 5daaca0 40ac28d
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Sep 3 22:32:44 2012 -0400
another merge from master
commit 5daaca01ea30bec306cdd96085e4efc8e384d082
Merge: b643848 d739331
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Aug 31 21:43:55 2012 -0400
merged master 2.0.3 changes
commit b643848e057eb72085c9bc690a30fe434944437f
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Aug 19 22:27:04 2012 -0400
added --hmac-mode to spa-entropy.pl
extras/spa-entropy/spa-entropy.pl | 28 ++++++++++++++++++++++------
1 file changed, 22 insertions(+), 6 deletions(-)
commit e80a6de5f7dda2fbe0c0f9e4e1df2e951921511b
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Aug 19 10:43:30 2012 -0400
Memory leak bug fix discovered through the "altered HMAC test"
This commit fixes a memory leak caught with valgrind in the "altered HMAC
test":
[+] fwknop functions (unique view):
- 9 : ???
- 4 : main
- 4 : pcap_capture
- 2 : incoming_spa
- 2 : fko_new_with_data
- 2 : fko_verify_hmac
+ 7 : ???
+ 2 : pcap_capture
+ 2 : main
1 : pcap_compile
- 1 : strdup
- 1 : fko_calculate_hmac
- 1 : add_salted_str
[+] fwknop functions (with call line numbers):
- 9 : ??? (in /usr/lib/x86_64-linux-gnu/libpcap.so.1.1.1)
- 4 : main (fwknopd.c:299)
- 2 : fko_new_with_data (fko_funcs.c:220)
- 2 : pcap_capture (pcap_capture.c:226)
- 2 : incoming_spa (incoming_spa.c:378)
- 1 : add_salted_str (cipher_funcs.c:298)
- 1 : strdup (strdup.c:43)
- 1 : fko_verify_hmac (fko_hmac.c:78)
- 1 : fko_verify_hmac (fko_hmac.c:92)
- 1 : pcap_capture (pcap_capture.c:105)
+ 7 : ??? (in /usr/lib/x86_64-linux-gnu/libpcap.so.1.1.1)
+ 2 : main (fwknopd.c:299)
1 : pcap_compile (in /usr/lib/x86_64-linux-gnu/libpcap.so.1.1.1)
1 : pcap_capture (pcap_capture.c:97)
- 1 : fko_calculate_hmac (fko_hmac.c:169)
+ 1 : pcap_capture (pcap_capture.c:105)
lib/fko_funcs.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit 6199180c6971e08fdb52242deaed127c8d4af92c
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Aug 18 16:29:08 2012 -0400
minor paren's syntax bug fix
server/incoming_spa.c | 2 ++
1 file changed, 2 insertions(+)
commit 6392e5891e626393e553eb032405424f5311be21
Merge: 8d6bc05 6de386b
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Aug 18 16:26:06 2012 -0400
Merge branch 'master' into hmac_support
commit 8d6bc052952b9b99f4d0898038df78c946aef64b
Merge: 47795d4 38feb8d
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Aug 17 21:19:52 2012 -0400
merged from master
commit 47795d41e29feabe4824b7436d376cd71b56e406
Merge: c374a7d 27ccfe3
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Aug 10 22:30:07 2012 -0400
merged from master
commit c374a7df27c9baf37e6c0c43b284886588b59d15
Merge: eb5176c e70739d
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Aug 5 13:26:43 2012 -0400
Merge branch 'master' into hmac_support
commit eb5176cf6058fd5bec254767a511665066bf0691
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Aug 3 21:20:21 2012 -0400
[test suite] added --enable-all arg
test/test-fwknop.pl | 8 ++++++++
1 file changed, 8 insertions(+)
commit f7084721b76df36551c72a5603c91c7488d1da0e
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Aug 2 23:24:38 2012 -0400
added 'altered HMAC' tests to ensure HMAC verification happens properly
test/test-fwknop.pl | 134 ++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 134 insertions(+)
commit 30acf93b727ab5b9c03dd052c59dfc466689edc7
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Aug 2 22:55:54 2012 -0400
Memory leak fix for HMAC verification
This commit commit fixes a memory leak in the HMAC verification code found with
the test suite running in valgrind mode. Here is the './test-fwknop.pl --diff'
output showing fko_verify_hmac() removed from the flagged functions list:
[+] fwknop functions (unique view):
- 8 : ???
- 3 : main
- 3 : pcap_capture
- 1 : incoming_spa
+ 7 : ???
+ 2 : pcap_capture
+ 2 : main
1 : pcap_compile
- 1 : fko_new_with_data
- 1 : strndup
- 1 : fko_verify_hmac
[+] fwknop functions (with call line numbers):
- 8 : ??? (in /usr/lib/x86_64-linux-gnu/libpcap.so.1.1.1)
- 3 : main (fwknopd.c:299)
- 1 : fko_new_with_data (fko_funcs.c:220)
- 1 : pcap_capture (pcap_capture.c:105)
- 1 : incoming_spa (incoming_spa.c:376)
- 1 : strndup (strndup.c:46)
+ 7 : ??? (in /usr/lib/x86_64-linux-gnu/libpcap.so.1.1.1)
+ 2 : main (fwknopd.c:299)
1 : pcap_compile (in /usr/lib/x86_64-linux-gnu/libpcap.so.1.1.1)
- 1 : pcap_capture (pcap_capture.c:226)
1 : pcap_capture (pcap_capture.c:97)
- 1 : fko_verify_hmac (fko_hmac.c:54)
+ 1 : pcap_capture (pcap_capture.c:105)
lib/fko_hmac.c | 7 +++++++
1 file changed, 7 insertions(+)
commit 3d9e96af564a915096f29c8d779c3c8128269635
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Aug 2 22:46:52 2012 -0400
Memory leak fix in client test mode
This commit fixes the following memory leak found with the test suite running
in valgrind mode:
HEAP SUMMARY:
in use at exit: 217 bytes in 3 blocks
total heap usage: 27 allocs, 24 frees, 5,260 bytes allocated
44 bytes in 1 blocks are definitely lost in loss record 1 of 3
at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x50CB861: strndup (strndup.c:46)
by 0x4E3A4D4: fko_verify_hmac (fko_hmac.c:54)
by 0x4E394DD: fko_new_with_data (fko_funcs.c:220)
by 0x10B3A7: main (fwknop.c:408)
44 bytes in 1 blocks are definitely lost in loss record 2 of 3
at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x50CB801: strdup (strdup.c:43)
by 0x4E3A3FC: fko_calculate_hmac (fko_hmac.c:162)
by 0x4E3A552: fko_verify_hmac (fko_hmac.c:86)
by 0x4E394DD: fko_new_with_data (fko_funcs.c:220)
by 0x10B3A7: main (fwknop.c:408)
129 bytes in 1 blocks are definitely lost in loss record 3 of 3
at 0x4C2B7B2: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x4E36A03: add_salted_str (cipher_funcs.c:298)
by 0x4E3A587: fko_verify_hmac (fko_hmac.c:75)
by 0x4E394DD: fko_new_with_data (fko_funcs.c:220)
by 0x10B3A7: main (fwknop.c:408)
LEAK SUMMARY:
definitely lost: 217 bytes in 3 blocks
indirectly lost: 0 bytes in 0 blocks
possibly lost: 0 bytes in 0 blocks
still reachable: 0 bytes in 0 blocks
suppressed: 0 bytes in 0 blocks
lib/fko_funcs.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit cba6478258c32c9106646e1cca62d300b53f6c46
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Aug 2 22:29:54 2012 -0400
Memory leak bug fix for rc file parsing of invalid data
This commit fixes the following (found with the test suite in valgrind mode):
568 bytes in 1 blocks are still reachable in loss record 1 of 1
at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x50B1C9A: __fopen_internal (iofopen.c:76)
by 0x10D0CD: process_rc (config_init.c:516)
by 0x10D645: config_init (config_init.c:752)
by 0x10AB13: main (fwknop.c:70)
client/config_init.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
commit c37047ac93d57ebeec0d58bf2c7120cf67783eba
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Aug 2 22:00:05 2012 -0400
Memory leak bug fix in --key-gen mode
This commit fixes the following memory caught with the test suite in valgrind
mode:
HEAP SUMMARY:
in use at exit: 285 bytes in 4 blocks
total heap usage: 11 allocs, 7 frees, 3,179 bytes allocated
5 bytes in 1 blocks are indirectly lost in loss record 1 of 4
at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x50CB801: strdup (strdup.c:43)
by 0x4E3A7B2: fko_set_username (fko_user.c:96)
by 0x4E39628: fko_new (fko_funcs.c:86)
by 0x10AB54: main (fwknop.c:83)
7 bytes in 1 blocks are indirectly lost in loss record 2 of 4
at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x4E395D7: fko_new (fko_funcs.c:62)
by 0x10AB54: main (fwknop.c:83)
17 bytes in 1 blocks are indirectly lost in loss record 3 of 4
at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x4E3A06A: fko_set_rand_value (fko_rand_value.c:114)
by 0x4E39605: fko_new (fko_funcs.c:75)
by 0x10AB54: main (fwknop.c:83)
285 (256 direct, 29 indirect) bytes in 1 blocks are definitely lost in loss record 4 of 4
at 0x4C29DB4: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x4E395BA: fko_new (fko_funcs.c:46)
by 0x10AB54: main (fwknop.c:83)
LEAK SUMMARY:
definitely lost: 256 bytes in 1 blocks
indirectly lost: 29 bytes in 3 blocks
possibly lost: 0 bytes in 0 blocks
still reachable: 0 bytes in 0 blocks
suppressed: 0 bytes in 0 blocks
client/fwknop.c | 20 +++++++++++---------
1 file changed, 11 insertions(+), 9 deletions(-)
commit b8ed3a60d9a4d2e191f43a11240210672553c5d6
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Aug 2 21:56:45 2012 -0400
excluded HMAC random verification from --enable-valgrind mode (too slow for 100 client executions)
test/test-fwknop.pl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 84b9c775c037ec079bb43dcdf7b8e93517937534
Merge: 1528697 7061b7b
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Aug 1 23:41:00 2012 -0400
Merge branch 'master' into hmac_support
commit 1528697aaa7d322c4dd8becd9ca90c2131e54568
Merge: a8bb425 5fd3343
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Aug 1 23:05:51 2012 -0400
merged replay prefix and IP resolve tests
commit a8bb42569c807becef2bd96238601e6adf5db909
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jul 29 23:35:32 2012 -0400
[test suite] minor compile bug fix
test/test-fwknop.pl | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit afc71b7df3d992ed6f3add8760fbd64b46c7cd31
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jul 29 23:31:15 2012 -0400
Replay attack bug fix (encryption prefixes)
Ensure that an attacker cannot force a replay attack by intercepting an
SPA packet and the replaying it with the base64 version of "Salted__"
(for Rindael) or the "hQ" prefix (for GnuPG). This is an important fix.
The following comment was added into the fwknopd code:
/* Ignore any SPA packets that contain the Rijndael or GnuPG prefixes
* since an attacker might have tacked them on to a previously seen
* SPA packet in an attempt to get past the replay check. And, we're
* no worse off since a legitimate SPA packet that happens to include
* a prefix after the outer one is stripped off won't decrypt properly
* anyway because libfko would not add a new one.
*/
lib/cipher_funcs.h | 9 ---------
lib/fko.h | 8 ++++++++
server/incoming_spa.c | 14 ++++++++++++++
test/test-fwknop.pl | 30 ++++++++++++++++++++++++++++++
4 files changed, 52 insertions(+), 9 deletions(-)
commit fd30a3491d6201736095846cb45ffaa808d29ee2
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jul 29 21:57:05 2012 -0400
minor variable rename LENGTH -> LEN, STRING_LENGTH -> STR_LEN
client/fwknop.c | 2 +-
lib/digest.c | 40 ++++++++++-----------
lib/digest.h | 10 +++---
lib/fko_decode.c | 12 +++----
lib/fko_digest.c | 20 +++++------
lib/fko_funcs.c | 6 ++--
lib/fko_hmac.c | 16 ++++-----
lib/fko_util.c | 10 +++---
lib/hmac.c | 10 +++---
lib/hmac.h | 4 +--
lib/md5.h | 2 +-
lib/sha1.h | 4 +--
lib/sha2.c | 106 +++++++++++++++++++++++++++----------------------------
lib/sha2.h | 62 ++++++++++++++++----------------
14 files changed, 152 insertions(+), 152 deletions(-)
commit a9cbd60327374e61791ff4ea8fe50c03981739a0
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jul 29 21:34:08 2012 -0400
[libfko] first HMAC-SHA256 implementation (includes test suite support)
lib/cipher_funcs.c | 37 ++++++++++++++++++++
lib/cipher_funcs.h | 1 +
lib/fko_context.h | 1 +
lib/fko_encryption.c | 22 ++----------
lib/fko_hmac.c | 56 ++++++++++++++++++++++++++++--
lib/fko_util.c | 2 ++
test/conf/fwknoprc_default_hmac_base64_key | 2 +-
test/test-fwknop.pl | 26 +++++++++++---
8 files changed, 119 insertions(+), 28 deletions(-)
commit df0f0b7f61c136e32ae51bbd595e576028f47305
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jul 29 21:31:44 2012 -0400
[libfko] minor memory leak fix for user detection (corner case)
lib/fko_user.c | 4 ++++
1 file changed, 4 insertions(+)
commit 6d379aba6e9eac17599f99c90b9458f2e6bce006
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Jul 28 00:08:30 2012 -0400
[server] replay attack detection memory leak bug fix
This commit fixes the following memory leak found with valgrind:
44 bytes in 1 blocks are definitely lost in loss record 2 of 2
at 0x482BE68: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
by 0x490EA50: strdup (strdup.c:43)
by 0x10CD69: incoming_spa (incoming_spa.c:162)
by 0x10E000: process_packet (process_packet.c:200)
by 0x4862E63: ??? (in /usr/lib/i386-linux-gnu/libpcap.so.1.1.1)
by 0x4865667: pcap_dispatch (in /usr/lib/i386-linux-gnu/libpcap.so.1.1.1)
by 0x10DABF: pcap_capture (pcap_capture.c:226)
by 0x10A798: main (fwknopd.c:299)
server/incoming_spa.c | 4 ++++
1 file changed, 4 insertions(+)
commit b760f4aad3faaa713ca8097414752ba2ad854326
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Jul 27 23:59:03 2012 -0400
[test suite] exempted valgrind collection test from --test-limit
test/test-fwknop.pl | 25 +++++++++++++------------
1 file changed, 13 insertions(+), 12 deletions(-)
commit c6cef8982a854f4671173964fe18cc82dc38594f
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Jul 27 23:25:32 2012 -0400
[libfko] validate incoming plaintext lengths
lib/fko_encryption.c | 29 +++++++++++++++++++----------
lib/fko_limits.h | 6 +++++-
lib/fko_util.c | 11 +++++++++++
lib/fko_util.h | 1 +
4 files changed, 36 insertions(+), 11 deletions(-)
commit 482e6f974c4022b15909f648af94f013adcd4580
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Jul 27 21:29:26 2012 -0400
added msg_hmac_len and removed additional strlen() calls
lib/fko_context.h | 1 +
lib/fko_encryption.c | 12 ++++++++++--
lib/fko_funcs.c | 2 +-
lib/fko_hmac.c | 8 ++++++--
4 files changed, 18 insertions(+), 5 deletions(-)
commit 10195cf29a41dc64e3cbfc429656618dca55d973
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Jul 27 18:16:37 2012 -0400
[libfko] added encrypted_msg_len and replaced additional strlen() calls
lib/cipher_funcs.h | 3 +++
lib/fko_context.h | 1 +
lib/fko_encryption.c | 51 ++++++++++++++++++++++-----------------------------
lib/fko_funcs.c | 17 ++++++++++++++---
4 files changed, 40 insertions(+), 32 deletions(-)
commit a6ea3f6935b84c17fd4dc3db1ec73c57038f8a11
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Jul 27 18:08:23 2012 -0400
[test suite] minor bug fix for file existence check
test/test-fwknop.pl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit d0cb2c6ad5cd464303faceb9a5aec5ee0d8da810
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Jul 27 13:30:29 2012 -0400
[test suite] added 100 key uniqueness test for --key-gen mode
test/test-fwknop.pl | 44 ++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 42 insertions(+), 2 deletions(-)
commit ab52476bfc8d3843a54493ea1bb46fc6009df157
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Jul 27 13:05:29 2012 -0400
[test suite] [client] added --key-gen and --key-gen-file tests
client/config_init.c | 7 +++++++
client/fwknop.c | 21 ++++++++++++++++++++-
test/test-fwknop.pl | 45 +++++++++++++++++++++++++++++----------------
3 files changed, 56 insertions(+), 17 deletions(-)
commit 16348aaccd74281f38a74b40a456984ca002e5cb
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Jul 27 02:06:58 2012 -0400
replace strlen() call with strnlen() and MAX_SPA_ENCODED_MSG_SIZE bound
lib/fko_encode.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
commit 8471d8aae6f835ad91f2cd2ade5e28646c70f59f
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Jul 27 02:01:43 2012 -0400
semicolon syntax buf fix
lib/fko_encode.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit d561fdd4d7f7847b5ca85f362039b925ca440ed0
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jul 26 18:01:36 2012 -0400
added lib/fko_util.c with basic length checking functions
lib/Makefile.am | 6 ++---
lib/fko_decode.c | 3 +--
lib/fko_encode.c | 2 +-
lib/fko_encryption.c | 22 +++++++++++++----
lib/fko_util.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++++
lib/fko_util.h | 3 +++
6 files changed, 92 insertions(+), 11 deletions(-)
commit bdb6cc0eb12be6744081902a7ddd62da338de6ac
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jul 26 15:00:32 2012 -0400
Added digest_len and raw_digest_len fields and replaced strlen() calls
lib/fko_context.h | 2 ++
lib/fko_digest.c | 15 ++++++++++-----
lib/fko_encryption.c | 4 ++--
3 files changed, 14 insertions(+), 7 deletions(-)
commit 3f05a6d25a74a1ced03574bdf457b84eceb5b546
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jul 26 14:53:45 2012 -0400
[test suite] added sha384 and digest type arg tests
test/test-fwknop.pl | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
commit 4f1c5b55a4d9f1ab7c7072b674ebdf7dba4eabc2
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jul 26 12:52:25 2012 -0400
[test suite] added --test-limit argument
test/test-fwknop.pl | 6 ++++++
1 file changed, 6 insertions(+)
commit e733f4aa4fa1d4431175f4600a4755ce179bcf72
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jul 26 12:21:24 2012 -0400
have encryption calls use encoded_msg_len
lib/fko_encryption.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
commit 661991b74787711ec49676828427fd305c6bf8bb
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jul 26 04:09:06 2012 -0400
complete cycle tests for client-set digest types
test/test-fwknop.pl | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 52 insertions(+)
commit 838829f2bb91758d87137d4344aa7a1ad25bc0d3
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jul 26 00:10:28 2012 -0400
added a new encoded_msg_len to cut down on strlen() calls within libfko
lib/fko_context.h | 1 +
lib/fko_decode.c | 27 +++++++++++++--------------
lib/fko_digest.c | 16 +++++++++++-----
lib/fko_encode.c | 5 +++++
lib/fko_encryption.c | 28 ++++++++++++++++++++--------
5 files changed, 50 insertions(+), 27 deletions(-)
commit c51a85523f4153cbade24da7f7d6475a23f83723
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Jul 25 23:38:41 2012 -0400
Added valgrind individual test diff results.
A new output/valgrind-coverage directory was added to test suite results, and valgrind
output is compared in --diff mode using data in this directory.
test/test-fwknop.pl | 296 ++++++++++++++++++++++++++++++++--------------------
1 file changed, 180 insertions(+), 116 deletions(-)
commit 50436837393efe90e7e627d16c1b7edb88ecfbe0
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Jul 24 17:50:17 2012 -0400
[test suite] bug fix after merge to account for new file_find_regex() API
test/test-fwknop.pl | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
commit 175374337d12b1935ca8c02e585fa54121cebfc0
Merge: 29fe16d c6b6746
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Jul 24 17:10:00 2012 -0400
merged crypto_update after fwknop-2.0.1 merge to crypto_update from master
commit c6b674617c096ad7f4180ef8d0b5ad107962040e
Merge: 7145cdd 8e26cca
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Jul 24 16:19:48 2012 -0400
completed merge from master after fwknop-2.0.1 release
commit 29fe16d29ff23649a8acd360334c6b5ac83392aa
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Jul 10 22:16:54 2012 -0400
post-merge fix after merged crypto_update branch changes
server/incoming_spa.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
commit d7c4572521bf0d8b1f822f1c639092dc7bdaf690
Merge: 47e3927 7145cdd
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Jul 10 22:03:56 2012 -0400
merged test suite changes from the crypto_update branch
commit 47e39272edcdd20b226c77c45704041be25a38ad
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Jul 10 21:44:06 2012 -0400
Make encrypt/decrypt code accept integer key lengths instead of using strlen()
Now that encryptions keys and hmac keys may be acquired from /dev/random with
--key-gen (and base64 encoded), they may contain NULL bytes. This emphasizes
the need to not leverage code that assumes C-style strings when making use of
key information.
client/fwknop.c | 40 ++++++++++++++++++++++++++++++----------
lib/cipher_funcs.c | 39 +++++++++++++++++++++------------------
lib/cipher_funcs.h | 6 ++++--
lib/fko.h | 35 +++++++++++++++++++++++------------
lib/fko_encryption.c | 21 ++++++++++++---------
lib/fko_funcs.c | 24 +++++++++++++-----------
lib/fko_hmac.c | 9 ++++++---
lib/rijndael.c | 4 ++--
lib/rijndael.h | 5 +++--
server/access.c | 36 ++++++++++++++++++++++++++++++++----
server/fwknopd_common.h | 2 ++
server/incoming_spa.c | 34 ++++------------------------------
12 files changed, 152 insertions(+), 103 deletions(-)
commit 7145cdd8a154d086ec3879edfe2d2fcf3cbae64e (refs/remotes/web/crypto_update, refs/remotes/origin/crypto_update, refs/remotes/fjoncourt/crypto_update, refs/remotes/ag4ve/crypto_update, refs/heads/crypto_update)
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Jul 10 08:30:11 2012 -0400
Merge from master minor bug fix to include default encryption mode
When getting raw digest for replay attack detection specify the default
encryption mode (which doesn't actually get used when passing a NULL key).
server/incoming_spa.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit e5004dc829f64d15cd5652d49437c3a6ae17d700
Merge: dc8a034 86fde0d
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Jul 10 08:23:16 2012 -0400
Merge branch 'master' into crypto_update
commit dc8a034a4d3a953482bc84a85fe0fe99d8e284e6
Merge: adbc6a8 bc2e41f
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jul 8 22:00:13 2012 -0400
merged usage() information from master
commit 92e403a242d8d2bf63dc2427caa91085f80d9cba
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jul 2 23:50:45 2012 -0400
added initial HMAC-SHA256 support for the client side
client/cmd_opts.h | 2 +
client/config_init.c | 3 +
client/fwknop.c | 159 +++++++++++++++++++++--------
client/fwknop_common.h | 3 +
client/getpasswd.c | 4 +-
lib/Makefile.am | 4 +-
lib/fko.h | 26 ++++-
lib/fko_context.h | 2 +
lib/fko_encryption.c | 21 +++-
lib/fko_error.c | 3 +
lib/fko_funcs.c | 59 +++++++++--
lib/fko_hmac.c | 114 +++++++++++++++++++++
lib/fko_state.h | 1 +
lib/hmac.c | 80 +++++++++++++++
lib/hmac.h | 54 ++++++++++
server/access.c | 3 +
server/fwknopd_common.h | 1 +
server/incoming_spa.c | 30 ++++--
test/conf/fwknoprc_default_hmac_base64_key | 72 +++++++++++++
test/conf/fwknoprc_invalid_base64_key | 73 +++++++++++++
test/conf/fwknoprc_named_key | 73 +++++++++++++
test/test-fwknop.pl | 28 ++++-
22 files changed, 741 insertions(+), 74 deletions(-)
commit 3095f0ee436540776f185ce7b6a3b7f6e059af45
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Jun 27 23:06:17 2012 -0400
Added key generation support with --key-gen
Added --key-gen to allow KEY_BASE64 and HMAC_KEY_BASE64 keys to be created from
reading random data from /dev/random. These keys can be placed within server
access.conf files and corresponding client .fwknoprc files for SPA
communications. The HMAC key is not used yet with this commit, but that is
coming.
client/cmd_opts.h | 6 +-
client/config_init.c | 103 +++++++++++++++-----
client/fwknop.c | 24 ++++-
client/fwknop_common.h | 15 ++-
client/getpasswd.c | 8 +-
client/utils.c | 23 ++++-
client/utils.h | 1 +
lib/base64.c | 2 +-
lib/cipher_funcs.c | 2 +-
lib/cipher_funcs.h | 1 +
lib/fko.h | 3 +
lib/fko_funcs.c | 35 +++++++
server/access.c | 50 ++++++++++
server/fwknopd_common.h | 2 +
server/incoming_spa.c | 17 ++++
server/utils.c | 2 +-
server/utils.h | 2 +-
test/conf/base64_key_access.conf | 3 +
test/conf/fwknoprc_with_default_base64_key | 71 ++++++++++++++
test/conf/fwknoprc_with_default_key | 71 ++++++++++++++
test/conf/fwknoprc_with_named_key | 73 ++++++++++++++
test/test-fwknop.pl | 149 +++++++++++++++++++++++++++++
22 files changed, 625 insertions(+), 38 deletions(-)
commit 20e3e3b6e54688858144e000513b1ae5f3504ed7
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Jun 23 15:41:58 2012 -0400
added test for client --show-last functionality
test/test-fwknop.pl | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
commit adbc6a8f39e43bed7adc29949ed3c56d06cbefb0
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Jun 23 15:13:03 2012 -0400
Bug fix to not force asymmetric gpg decryption
fwknopd access stanzas can have both Rijndael and GnuPG keys, so this
commit fixes a bug where any gpg info would force only gpg decryption
attempts even if a Rijndael key is provided in the stanza.
server/access.c | 1 -
server/incoming_spa.c | 2 +-
2 files changed, 1 insertion(+), 2 deletions(-)
commit c6a2680be2b4a61266506847de69ba44c6ad32e1
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jun 17 13:57:06 2012 -0400
added test for invalid SOURCE access lines
test/conf/invalid_source_access.conf | 7 +++++++
test/test-fwknop.pl | 15 +++++++++++++++
2 files changed, 22 insertions(+)
commit 5f8e3f4a7d145670594a98802a776a26be66d577
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jun 17 13:42:23 2012 -0400
Bug fix to throw out invalid access.conf SOURCE entries
This commit causes fwknopd to exit whenever an invalid SOURCE entry is seen
such as ":ANY". Previous to this commit, valgrind threw the following errors
with ":ANY" as an access.conf SOURCE entry:
Invalid read of size 8
at 0x117695: free_acc_source_list (access.c:512)
by 0x1177E3: free_acc_stanza_data (access.c:564)
by 0x117C67: free_acc_stanzas (access.c:654)
by 0x10E32E: free_configs (config_init.c:106)
by 0x10D085: main (fwknopd.c:376)
Address 0x5a80658 is 8 bytes inside a block of size 16 free'd
at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x116AE0: add_source_mask (access.c:255)
by 0x116D57: expand_acc_source (access.c:303)
by 0x117A82: expand_acc_ent_lists (access.c:620)
by 0x119570: parse_access_file (access.c:1043)
by 0x10C77E: main (fwknopd.c:193)
Invalid free() / delete / delete[] / realloc()
at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x1176A8: free_acc_source_list (access.c:514)
by 0x1177E3: free_acc_stanza_data (access.c:564)
by 0x117C67: free_acc_stanzas (access.c:654)
by 0x10E32E: free_configs (config_init.c:106)
by 0x10D085: main (fwknopd.c:376)
Address 0x5a80650 is 0 bytes inside a block of size 16 free'd
at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x116AE0: add_source_mask (access.c:255)
by 0x116D57: expand_acc_source (access.c:303)
by 0x117A82: expand_acc_ent_lists (access.c:620)
by 0x119570: parse_access_file (access.c:1043)
by 0x10C77E: main (fwknopd.c:193)
HEAP SUMMARY:
in use at exit: 8 bytes in 1 blocks
total heap usage: 1,659 allocs, 1,659 frees, 238,310 bytes allocated
server/access.c | 20 ++++++++------------
1 file changed, 8 insertions(+), 12 deletions(-)
commit 10d380d1933d9060d8b1a5b3db4f31cea7390396
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jun 14 20:43:57 2012 -0400
Test suite support for function coverage testing via gcov
Added --enable-profile-coverage to the configure script to have the fwknop
binaries compiled with gcc profiling support in order to see which functions
get executed by the test suite via gcov. The last test executed by the test
suite under --enable-profile-coverage contains all fwknop functions that
were not executed under the test run (function execution totals are
cumlative).
configure.ac | 14 ++++
test/test-coverage/iptables/zero_called_functions | 79 +++++++++++++++++++++++
test/test-fwknop.pl | 62 +++++++++++++++++-
3 files changed, 154 insertions(+), 1 deletion(-)
commit e3761b8bff47600374803443a97493488bc8b4da
Merge: 71690a1 fcf40b5
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon May 28 14:24:02 2012 -0400
merged minor updates from master
commit 71690a1de45b273789af4e26a01594e9d5150eff
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Feb 13 13:56:24 2012 -0500
bug fix to ensure to pick up proper entropy min/max values
extras/spa-entropy/spa-entropy.pl | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
commit 65cd9b0038c6e92ff4a36aea652b0d65afda897a
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Feb 13 12:48:58 2012 -0500
updated to local_spa.key from the test suite directory
extras/spa-entropy/spa-entropy.pl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 0c9946160ce241e9a2c3226e7d0dab64b6bb7910
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Feb 12 20:52:17 2012 -0500
ensure CBC is the default symmetric encryption mode
extras/spa-entropy/spa-entropy.pl | 40 ++++++++++++++++++++++++++++-----------
1 file changed, 29 insertions(+), 11 deletions(-)
commit 8fd83f5a3f8b1c745b2e932bcaff7f8d850a8b9d
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Feb 10 15:59:26 2012 -0500
updated docs to reference the default AES encryption mode of CBC
doc/fwknop.man.asciidoc | 12 +++++-------
doc/fwknopd.man.asciidoc | 10 +++-------
2 files changed, 8 insertions(+), 14 deletions(-)
commit de41b0a1ec93fd0e2a913e0c57b495fb2cbbefd1
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Feb 10 15:10:19 2012 -0500
bugfix to ensure that incoming SPA data in AES mode is a multiple of the Rjindael blocksize (16)
lib/cipher_funcs.c | 4 ++--
lib/fko_encryption.c | 9 +++++++++
2 files changed, 11 insertions(+), 2 deletions(-)
commit 6dbe523052161d8553b09a9dad0890d1e7ec0995
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Feb 10 15:09:27 2012 -0500
added test suite support for AES CTR, OFB, CFB, and ECB encryption modes
client/config_init.c | 2 +-
server/access.c | 2 +-
test/conf/cfb_mode_access.conf | 4 +++
test/conf/ctr_mode_access.conf | 4 +++
test/conf/ofb_mode_access.conf | 4 +++
test/test-fwknop.pl | 63 ++++++++++++++++++++++++++++++++++++++++++
6 files changed, 77 insertions(+), 2 deletions(-)
commit 6130099b75bee3984757787269bb1e6d24fd1b1b
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Feb 10 13:38:30 2012 -0500
minor header addition for spa-entropy.pl
extras/spa-entropy/spa-entropy.pl | 8 ++++++++
1 file changed, 8 insertions(+)
commit 79a5265be0404b487cd448a6b6f490bfd7459b2c
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Feb 9 15:23:07 2012 -0500
updated to not base64 decode encrypted packet data by default (can override with --base64-decode)
extras/spa-entropy/spa-entropy.pl | 43 +++++++++++++--------------------------
1 file changed, 14 insertions(+), 29 deletions(-)
commit aeb96c502ef5ae8420689cb583142d342d2f5d49
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Feb 9 14:56:18 2012 -0500
added --gpg entropy measurement, added sensible gnuplot yrange calculations
extras/spa-entropy/spa-entropy.pl | 23 ++++++++++++++++++++---
1 file changed, 20 insertions(+), 3 deletions(-)
commit 280b8c56f0d73488aab23c0396e63b1a7dbbf072 (refs/heads/spa_entropy)
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Feb 8 14:29:33 2012 -0500
switched CBC mode test (which is the default Rjindael encryption mode) to ECB mode
test/conf/cbc_mode_access.conf | 4 ----
test/conf/ecb_mode_access.conf | 4 ++++
test/test-fwknop.pl | 8 ++++----
3 files changed, 8 insertions(+), 8 deletions(-)
commit bcb0fcfc1adc78cc39ebf9d5b89965bda4522016
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Feb 8 14:16:42 2012 -0500
Re-worked encryption/decryption handling
For SPA packets encrypted with Rjindael, fwknop has always used CBC mode
even though ECB mode is mentioned in a couple of places. This change makes
more transparent use of block_encrypt() and block_decrypt() to ensure that
the appropriate mode is used. The default is CBC mode, but others can be
selected as well (-M <mode> for the fwknop client, and ENCRYPTION_MODE in
access.conf for the fwknopd server).
lib/cipher_funcs.c | 66 ++++++++++------------------------------------------
lib/fko.h | 2 +-
lib/fko_encryption.c | 36 ++++++++++++++--------------
3 files changed, 32 insertions(+), 72 deletions(-)
commit efcefdfb811859b2d957d5e48cdaf5a43f7b34d3
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Feb 8 14:15:36 2012 -0500
update display_ctx() to show the entire plaintext data on one line
client/fwknop.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
commit 193e1799e608cb33bb1c4145c1d4812feaaccdd8
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Feb 6 15:19:03 2012 -0500
made default openssl encryption mode 'aes-256-ecb'
extras/spa-entropy/spa-entropy.pl | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit c68358eabd7b2d1d21d82f35200dcc24f920edc5
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Feb 6 15:12:31 2012 -0500
added the ability to encrypt fwknop client plaintext data with openssl
extras/spa-entropy/spa-entropy.pl | 379 +++++++++++++++++++++++++++-----------
1 file changed, 273 insertions(+), 106 deletions(-)
commit a7cb3bf62b54294a9fa5856c9a90b2c5c9fdcc53
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jan 29 22:07:06 2012 -0500
added spa-entropy/ directory for measuring entropy across SPA packets
extras/spa-entropy/spa-entropy.pl | 209 ++++++++++++++++++++++++++++++++++++++
1 file changed, 209 insertions(+)
commit 53a6d72cd2cea4a14bfb3f1b65f5dd50116f6795
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jan 29 17:31:12 2012 -0500
added test suite support for CBC mode Rijndael tcp/22 test
lib/cipher_funcs.c | 5 +++--
lib/rijndael.h | 6 +++---
test/conf/cbc_mode_access.conf | 4 ++++
test/test-fwknop.pl | 16 ++++++++++++++++
4 files changed, 26 insertions(+), 5 deletions(-)
commit 4c3d2188a1b94c5d33ac34d348e8d48eac858f00
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Jan 24 20:26:21 2012 -0500
Update to make AES encryption modes selectable
This is a significant update to allow AES encryption modes to be selected on a
per-key basis. For now, only ECB and CBC (recommended) modes are supported.
The default is ECB modes in order to maintain backwards compatibility with the
older perl version of fwknop and the Crypt::CBC CPAN module. This will likely
be changed to use CBC mode by default because of its better security
properties.
In the access.conf file on the server side, there is a new configuration
variable "ENCRYPTION_MODE" that controls the mode for the corresponding AES
key. On the client side, a new command line argument "--encryption-mode"
controls how the client encrypts SPA packets.
client/cmd_opts.h | 4 +++-
client/config_init.c | 50 ++++++++++++++++++++++++++++++++++++++++++++----
client/fwknop.c | 31 ++++++++++++++++++++++++++++--
client/fwknop_common.h | 3 ++-
doc/fwknop.man.asciidoc | 25 ++++++++++++++++++------
doc/fwknopd.man.asciidoc | 9 +++++++++
lib/cipher_funcs.c | 15 +++++++++------
lib/cipher_funcs.h | 6 ++++--
lib/fko.h | 22 ++++++++++++++++++++-
lib/fko_context.h | 1 +
lib/fko_encryption.c | 45 +++++++++++++++++++++++++++++++++++++++----
lib/fko_funcs.c | 29 +++++++++++++++++++++++++---
lib/fko_state.h | 3 ++-
server/access.c | 43 ++++++++++++++++++++++++++++++++++++++---
server/fwknopd_common.h | 1 +
server/incoming_spa.c | 6 ++++--
16 files changed, 257 insertions(+), 36 deletions(-)
View Git Blame Copy Permalink