DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity
fwknop/ChangeLog.git
Michael Rash 36489b5222 append gdbm change to all changes since 2.6.2
2014-07-29 10:00:54 -04:00

1717 lines
62 KiB
Plaintext
Raw Blame History

commit 5befed6bae9228ab649e41217df21b5b32740fe0 (HEAD, refs/heads/master)
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jul 28 22:40:13 2014 -0400
removed gdbm/gdbm-devel dependencies for the RPM, bumped libfko to 2.0.3 for the RPM
fwknop.spec | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)
commit 96e16cf6f4b690fda1cb90b1bba6aba95bc8919d
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jul 28 22:28:46 2014 -0400
extended ChangeLog.git to include libfko version bump
ChangeLog.git | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
commit 71b97b6cad00223b2061309c2e87e2ede5a2da2f
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jul 28 21:46:32 2014 -0400
bumped libfko version to 2.0.3
lib/Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 67ca2f69ea8c59495e9b6a341d258eb2851e5828
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jul 27 23:20:55 2014 -0400
changes since 2.6.2 to ChangeLog.git
ChangeLog.git | 1676 +++++++++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 1627 insertions(+), 49 deletions(-)
commit 03000dde5dda307ea421d19181cf7638240d8fbc
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jul 27 23:03:11 2014 -0400
bumped version to 2.6.3 in preparation for release
ChangeLog | 2 +-
VERSION | 2 +-
configure.ac | 2 +-
fwknop.spec | 5 ++++-
4 files changed, 7 insertions(+), 4 deletions(-)
commit fa154259d5c425ad5f6e436a7353918225c797d9
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jul 27 22:56:15 2014 -0400
[test suite] added FreeBSD-10.0 and OpenBSD-5.5 compatibility tests
test/tests/os_compatibility.pl | 52 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 52 insertions(+)
commit 24ccf03a90b5338cc82d6fae2bef6f78145dcf06
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jul 27 22:40:04 2014 -0400
added configure_max_coverage.sh helper script
Makefile.am | 1 +
1 file changed, 1 insertion(+)
commit 655abf6f0bbf865addb07df6020b072203e30bb3
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jul 27 22:31:49 2014 -0400
[test suite] WGET_CMD and RESOLVE_HTTP_ONLY fwknoprc test coverage
Makefile.am | 1 +
test/conf/fwknoprc_hmac_http_only_resolve | 22 ++++++++++++++++++++++
test/conf/fwknoprc_hmac_https_resolve | 1 +
test/test-fwknop.pl | 4 ++++
test/tests/rijndael_hmac.pl | 12 ++++++++++++
5 files changed, 40 insertions(+)
commit 7f830e02391d6505063372c9eb2abd42b0802d1f
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jul 27 22:10:01 2014 -0400
revert gpg trustdb.gpg update from test suite
test/conf/client-gpg-no-pw/trustdb.gpg | Bin 1360 -> 1360 bytes
1 file changed, 0 insertions(+), 0 deletions(-)
commit b06447384e8d5f5c68efaf959c0d390daf984d94
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jul 27 22:03:58 2014 -0400
[client] have autoconf resolve the absolute path to wget for SSL IP resolution
client/cmd_opts.h | 3 +-
client/config_init.c | 48 ++++++++++++++++++++++++++++--
client/fwknop.8.in | 52 +++++++++++++++++++++++++++++++--
client/fwknop.c | 2 ++
client/fwknop_common.h | 3 +-
client/http_resolve_host.c | 31 +++++++++++++++-----
configure.ac | 22 ++++++++++++++
doc/fwknop.man.asciidoc | 23 ++++++++++++++-
test/conf/client-gpg-no-pw/trustdb.gpg | Bin 1360 -> 1360 bytes
test/tests/basic_operations.pl | 39 +++++++++++++++++++++++++
10 files changed, 207 insertions(+), 16 deletions(-)
commit 4fcd5b317a649645316e63eedf7f7dbf8ff0c565
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Jul 26 23:43:48 2014 -0400
[server] fix shift operation bug in SOURCE subnet processing spotted by Coverity
server/access.c | 4 +++-
test/tests/basic_operations.pl | 32 ++++++++++++++++++++++++++++++++
2 files changed, 35 insertions(+), 1 deletion(-)
commit 134f4c6cfb936d2a5d7932128ba7d0f51980057c
Merge: 2f9b920 59718f1
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Jul 25 17:44:27 2014 -0400
Merge branch 'libfiu_fault_injection'
Conflicts:
test/tests/rijndael_hmac_fuzzing.pl
commit 59718f1a3668683acf9c64b3e86ad66fadebdc84 (refs/heads/libfiu_fault_injection)
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Jul 25 17:42:06 2014 -0400
[client] Updated IP resolution mode -R to use SSL
External IP resolution via '-R' (or '--resolve-ip-http') is now done via SSL by
default. The IP resolution URL is now 'https://www.cipherdyne.org/cgi-gin/myip',
and a warning is generated in '-R' mode whenever a non-HTTPS URL is specified
(it is safer just to use the default). The fwknop client leverages 'wget' for
this operation since that is cleaner than having fwknop link against an SSL
library.
ChangeLog | 6 ++
Makefile.am | 1 +
client/cmd_opts.h | 3 +
client/config_init.c | 57 ++++++++++++-----
client/fwknop.8.in | 50 ++++++++++-----
client/fwknop.c | 21 +++++--
client/fwknop_common.h | 15 +++--
client/http_resolve_host.c | 112 +++++++++++++++++++++++++++++++---
doc/fwknop.man.asciidoc | 49 +++++++++------
test/conf/fwknoprc_hmac_https_resolve | 20 ++++++
test/test-fwknop.pl | 6 +-
test/tests/basic_operations.pl | 32 ++++++++--
test/tests/rijndael.pl | 31 +++++++++-
test/tests/rijndael_hmac.pl | 45 +++++++++++++-
14 files changed, 368 insertions(+), 80 deletions(-)
commit e1608b90fec440bf1b13b76b474a153d6091c2fe
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Jul 22 22:35:43 2014 -0400
[client] call freeaddrinfo() early after iterating through getaddrinfo() results
client/http_resolve_host.c | 20 ++++++++++++--------
client/spa_comm.c | 19 +++++++++++--------
2 files changed, 23 insertions(+), 16 deletions(-)
commit 5fadf56af42a6b320a5752cfb048df4697fb190e
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Jul 22 22:05:29 2014 -0400
added extras/coverity/ directory for Coverity script
extras/coverity/coverity_scan.sh | 10 ++++++++++
1 file changed, 10 insertions(+)
commit 666d150affdedc7604a729941422a42dbf9b73db
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Jul 22 22:04:44 2014 -0400
[client] make close() on socket handle more intuitive (resolves 'double close' bugs flagged by Coverity)
client/http_resolve_host.c | 15 ++++++++-------
client/spa_comm.c | 13 +++++--------
2 files changed, 13 insertions(+), 15 deletions(-)
commit 73490209f7d4a6d6c990da119cab2138387928b0
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Jul 22 18:56:12 2014 -0400
[test suite] add access.conf file path to a few basic tests
test/tests/basic_operations.pl | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
commit 3df08e3c0ebe48b06b6066ebfd549841f54a72f3
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Jul 22 18:48:54 2014 -0400
[test suite] handle PF on FreeBSD
test/test-fwknop.pl | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
commit eed3418996cc5de92b92bca20d980f3d700846a6
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Jul 22 18:40:29 2014 -0400
[test suite] update wrapper Makefile gcc -> cc
test/fko-wrapper/Makefile | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
commit 9470b3ce21b409c1258ed64561499b2a389bcd8b
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jul 21 23:59:44 2014 -0400
[test suite] README update to include --enable-complete mode
test/README | 13 +++++++++++++
1 file changed, 13 insertions(+)
commit 7df1186c66796f0d3b41ebfa95c3a2303e0ceaf1
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jul 21 23:55:08 2014 -0400
fixed several socket handle leaks under error conditions spotted by Coverity
client/http_resolve_host.c | 6 ++++--
client/spa_comm.c | 5 +++++
server/tcp_server.c | 14 +++++++++++++-
3 files changed, 22 insertions(+), 3 deletions(-)
commit 7d5b75886c94f1647276eebeb139ac36e299668b
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Jul 19 17:26:15 2014 -0400
added lcov coverage link
ChangeLog | 4 ++++
1 file changed, 4 insertions(+)
commit b2117e6fe7a3832ab9e4e7164a5b5f66397a8ef1
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Jul 19 17:18:59 2014 -0400
ChangeLog updates
ChangeLog | 47 +++++++++++++++++++++++++++++++++++------------
1 file changed, 35 insertions(+), 12 deletions(-)
commit 641866deffcd767b4f4a4cb439575e5e4479a49d
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Jul 19 16:40:59 2014 -0400
[server] minor update print -> fprintf for PF firewall interface
server/fw_util_pf.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
commit 764d9ca26da2b6359534b3faea537e288922ce5b
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Jul 19 16:30:53 2014 -0400
fix gcc -Wstrlcpy-strlcat-size warnings
client/config_init.c | 7 ++++---
client/fwknop.c | 7 ++++---
server/access.c | 2 +-
3 files changed, 9 insertions(+), 7 deletions(-)
commit ec54b4fd11c707fb11efd61a09c2e7a240286065
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Jul 19 16:30:00 2014 -0400
fixed README paths
Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 2012d2d7d1a15863323b9849a3c6a528dd13b810
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Jul 19 16:22:42 2014 -0400
fixed README paths
README | 1 +
1 file changed, 1 insertion(+)
commit 74428adae63f93c8e5679ce8ba0793e8e786f2ec
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Jul 18 20:54:11 2014 -0400
[server] Bug fix for PF firewalls without ALTQ support on FreeBSD.
With this commit PF rules are added correctly regardless of whether ALTQ support
is available or not. Thanks to Barry Allard for discovering and reporting this
issue. Closes issue #121 on github.
CREDITS | 4 ++++
ChangeLog | 4 ++++
server/fw_util_pf.h | 2 +-
3 files changed, 9 insertions(+), 1 deletion(-)
commit 51506db24c0683e45b7a7ad80c25d8b905c022ad
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Jul 11 22:41:32 2014 -0500
minor README.md summary update
README.md | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
commit 6fe1107bbf1d85072f71c934cd540b8367ebc932
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Jul 11 22:29:13 2014 -0500
minor README.md formating updates
Makefile.am | 2 +-
README.md | 76 +++++++++++++++++++++++++++++++++++++++++--------------------
2 files changed, 52 insertions(+), 26 deletions(-)
commit f7004cec62f1814493060a351e7b78af0e76deeb (refs/remotes/origin/libfiu_fault_injection)
Merge: 3bd1d07 3d504cf
Author: Michael Rash <michael.rash@gmail.com>
Date: Fri Jul 11 09:43:50 2014 -0500
Merge pull request #122 from steakknife/convert_readme
readme -> md
commit 3d504cfc17f82dc3e081106774cc4be355d81b18
Author: Barry Allard <barry.allard@gmail.com>
Date: Tue Jul 8 19:09:29 2014 -0700
readme -> md
Signed-off-by: Barry Allard <barry.allard@gmail.com>
README | 150 --------------------------------------------------------------
README.md | 123 +++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 123 insertions(+), 150 deletions(-)
commit 3bd1d0742e8f68d6a5f6b9e479a391ba605a2385
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jul 7 22:55:34 2014 -0500
[test suite] add --gpg-home-dir arg to GPG test
test/tests/gpg_no_pw.pl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 7e1346c49ad2dfd8118deae3c9dbb09a300a0bbb
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jul 7 22:50:24 2014 -0500
[test suite] add variable expansion and fwknopd override tests
Makefile.am | 3 +++
test/conf/override2_fwknopd.conf | 2 ++
test/conf/override_fwknopd.conf | 1 +
test/conf/var_expansion_fwknopd.conf | 2 ++
test/conf/var_expansion_invalid_fwknopd.conf | 2 ++
test/tests/basic_operations.pl | 30 ++++++++++++++++++++++++++++
6 files changed, 40 insertions(+)
commit 824ebe94f8b8c5c86034cad212309adbfeb35d4b
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jul 7 22:41:17 2014 -0500
[test suite] run interrupt signal test against foreground fwknopd process
test/test-fwknop.pl | 35 +++++++++++++++++++++++++++++------
1 file changed, 29 insertions(+), 6 deletions(-)
commit 1dccab0fc84f15ca5dd105538e033f883a0d91f7
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jul 7 22:37:08 2014 -0500
[server] handle signal vars in dedicated function
server/fwknopd.c | 99 ++++++++++++++++++++++++++++++--------------------------
1 file changed, 53 insertions(+), 46 deletions(-)
commit 3c0694841488381013de7e2f5947fb74aec1b41b
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jul 7 22:30:49 2014 -0500
[server] alert the user when config file variable expansion references invalid var
server/config_init.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
commit 0e5c4644fca4e8d9d9c39eb07a1a95fcc0b67c32
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jul 7 22:16:47 2014 -0500
[test suite] add GPG test for a manually altered SPA packet
test/tests/gpg_no_pw.pl | 31 +++++++++++++++++++++++++++++++
1 file changed, 31 insertions(+)
commit 1b47173906ff76d9a520eb2b756fa9e89e4b4b27
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jul 7 21:35:27 2014 -0500
[test suite] add SYSLOG_FACILITY tests
server/log_msg.c | 18 ++---
test/tests/basic_operations.pl | 164 +++++++++++++++++++++++++++++++++++++++++
2 files changed, 172 insertions(+), 10 deletions(-)
commit 5c54ef00ad271b71383d95c3ecb6d8a5d74dffdf
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jul 7 21:34:45 2014 -0500
[server] refactor main() into a more natural breakdown of functions
server/fwknopd.c | 413 ++++++++++++++++++++++++++++++-------------------------
1 file changed, 228 insertions(+), 185 deletions(-)
commit 9f2e01eb0114ee0cb0bc101dda036779c456915d
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jul 7 21:27:53 2014 -0500
[server] Fix uninitialized value usage after proper SPA authentication/decryption
Bug fix discovered with the libfiu fault injection tag
"fko_get_username_init" combined with valgrind analysis. This bug
is only triggered after a valid authenticated and decrypted SPA
packet is sniffed by fwknopd:
==11181== Conditional jump or move depends on uninitialised value(s)
==11181== at 0x113B6D: incoming_spa (incoming_spa.c:707)
==11181== by 0x11559F: process_packet (process_packet.c:211)
==11181== by 0x5270857: ??? (in /usr/lib/x86_64-linux-gnu/libpcap.so.1.4.0)
==11181== by 0x114BCC: pcap_capture (pcap_capture.c:270)
==11181== by 0x10F32C: main (fwknopd.c:195)
==11181== Uninitialised value was created by a stack allocation
==11181== at 0x113476: incoming_spa (incoming_spa.c:294)
ChangeLog | 13 +++++++++++++
server/incoming_spa.c | 18 +++++++++---------
2 files changed, 22 insertions(+), 9 deletions(-)
commit 5474ced90b2f272e4a1e97ddd863765839eafae6
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Jul 5 23:10:26 2014 -0500
[test suite] extend invalid sniff interface test to include promisc mode
test/tests/basic_operations.pl | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
commit 77eb1a763fb7a41a02b2a7ab3ee9844a76d54724
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Jul 5 22:44:40 2014 -0500
[test suite] add invalid sniff interface test
test/tests/basic_operations.pl | 9 +++++++++
1 file changed, 9 insertions(+)
commit f0285ae2b54940156a35ef0cd276cbd0a8c0954c
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Jul 4 20:05:54 2014 -0400
[test suite] add invalid gpg sig ID list
Makefile.am | 1 +
test/conf/gpg_invalid_sig_id_access.conf | 7 +++++++
test/test-fwknop.pl | 1 +
test/tests/gpg_no_pw.pl | 11 +++++++++++
4 files changed, 20 insertions(+)
commit ffa77a9e54653fdd3a411f672b586c0fd6a8b685
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Jul 4 19:54:56 2014 -0400
[test suite] add GPG_DISABLE_SIG test
Makefile.am | 1 +
test/conf/gpg_no_sig_verify_access.conf | 8 ++++++++
test/test-fwknop.pl | 1 +
test/tests/gpg_no_pw.pl | 13 +++++++++++++
4 files changed, 23 insertions(+)
commit a2ff2a396c99fb3f2ab41e2325a3e5bdf7971328
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jul 3 10:31:30 2014 -0400
[server] call clean_exit() upon check_dir_path() error
Makefile.am | 1 +
server/fwknopd.c | 18 ++++++++++--------
test/conf/invalid_run_dir_path_fwknopd.conf | 2 ++
test/test-fwknop.pl | 1 +
test/tests/basic_operations.pl | 10 ++++++++++
5 files changed, 24 insertions(+), 8 deletions(-)
commit 5ced103207865877eceaee2f29d36a0f8f3f7e47
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jul 3 10:17:52 2014 -0400
[test suite] minor test coverage addition for invalid locale setting
test/tests/basic_operations.pl | 11 +++++++++++
1 file changed, 11 insertions(+)
commit fed2da3bb00a6a98a4d5a8d0753218f49417d846
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jul 3 08:52:48 2014 -0400
[test suite] additional valgrind suppression for pcap-file processing
test/valgrind_suppressions | 9 +++++++++
1 file changed, 9 insertions(+)
commit 43b770320ad5b38e9d1c97ebc1200a28ecdbe1b0
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jun 29 18:46:19 2014 -0400
[server] Require sig ID's or fingerprints when sigs are validated
When validating access.conf stanzas make sure that one of
GPG_REMOTE_ID or GPG_FINGERPRINT_ID is specified whenever GnuPG
signatures are to be verified for incoming SPA packets. Signature
verification is the default, and can only be disabled with
GPG_DISABLE_SIG but this is NOT recommended.
ChangeLog | 6 ++++++
Makefile.am | 1 +
server/access.c | 14 ++++++++++++++
test/conf/gpg_no_pw_no_fpr_access.conf | 5 +++++
test/test-fwknop.pl | 1 +
test/tests/basic_operations.pl | 10 ++++++++++
6 files changed, 37 insertions(+)
commit 77384a904e44e92db7c5240d1a31449543692b7c
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jun 29 17:07:55 2014 -0400
[server] add access.conf variable GPG_FINGERPRINT_ID
Add a new GPG_FINGERPRINT_ID variable to the access.conf file
so that full GnuPG fingerprints can be required for incoming SPA packets
in addition to the appreviated GnuPG signatures listed in GPG_REMOTE_ID.
From the test suite, an example fingerprint is
GPG_FINGERPRINT_ID 00CC95F05BC146B6AC4038C9E36F443C6A3FAD56
ChangeLog | 6 ++++
Makefile.am | 2 ++
server/access.c | 33 +++++++++++++++++++--
server/fwknopd_common.h | 2 ++
server/incoming_spa.c | 52 +++++++++++++++++++++++++++++----
test/conf/gpg_no_pw_bad_fpr_access.conf | 6 ++++
test/conf/gpg_no_pw_fpr_access.conf | 6 ++++
test/test-fwknop.pl | 9 ++++--
test/tests/gpg_no_pw.pl | 25 ++++++++++++++++
9 files changed, 132 insertions(+), 9 deletions(-)
commit 11b9732c1641cb6c972fbc5f32613b1d27fbe308
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jun 29 17:23:20 2014 -0400
[server] Call clean_exit() from daemon parent process
When becoming a daemon, make sure the fwknopd parent process calls
clean_exit() to release memory before calling exit().
server/fwknopd.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
commit e41e0f5aafba244e8d94965dd9e690c68a48fa4b
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Jun 24 22:54:27 2014 -0400
[test suite] added iptables OUTPUT chain test
Makefile.am | 1 +
test/conf/invalid_ipt_input_chain_2_fwknopd.conf | 1 -
test/conf/invalid_ipt_input_chain_3_fwknopd.conf | 1 -
test/conf/invalid_ipt_input_chain_4_fwknopd.conf | 1 -
test/conf/invalid_ipt_input_chain_5_fwknopd.conf | 1 -
test/conf/invalid_ipt_input_chain_6_fwknopd.conf | 1 -
test/conf/invalid_ipt_input_chain_fwknopd.conf | 1 -
test/conf/ipt_output_chain_fwknopd.conf | 2 ++
test/test-fwknop.pl | 1 +
test/tests/rijndael_hmac.pl | 12 ++++++++++++
10 files changed, 16 insertions(+), 6 deletions(-)
commit a4615a76b5e4975ca2f1c34f4c3d26bc086e7e58
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jun 23 18:27:22 2014 -0400
[test suite] add Rjindael HMAC --no-ipt-check-support test for udp/53
test/tests/rijndael_hmac.pl | 13 +++++++++++++
1 file changed, 13 insertions(+)
commit 125f99aa3bd1fe509f3cd6c9c5d990e26cedd120
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jun 23 18:21:29 2014 -0400
[test suite] updated --gdb mode to run the first found fwknop command from an output/*.test file
test/test-fwknop.pl | 3 +++
1 file changed, 3 insertions(+)
commit e0001e4a5d5bf68c004edf007cf589a3e4591b31
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jun 23 18:10:01 2014 -0400
[server] call clean_exit() on expand_acc_string_list() error
server/access.c | 33 ++++++++++++++++++++-------------
1 file changed, 20 insertions(+), 13 deletions(-)
commit 189d0ea0bca75cbc6d7e670102b10831ccb6a19b
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jun 23 18:02:57 2014 -0400
[server] call clean_exit() on add_acc_string() error
server/access.c | 120 +++++++++++++++++++++++++++++++++++++++++++-------------
1 file changed, 92 insertions(+), 28 deletions(-)
commit ff65274e28738e3bf14a54b2708112a8403c4352
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Jun 20 19:35:02 2014 -0400
[server] make sure clean_exit() is called on any add_acc_b64_string() errs
server/access.c | 31 ++++++++++++++++++++++---------
1 file changed, 22 insertions(+), 9 deletions(-)
commit fd0805c57ab0972d9a52c4b8f6abc7981fabd873
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Jun 20 19:22:35 2014 -0400
[server] minor memory leak fix for invalid FORCE_NAT var in access.conf
This commit fixes the following leak found by valgrind:
==6241== 568 bytes in 1 blocks are still reachable in loss record 1 of 1
==6241== at 0x4C2A2DB: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==6241== by 0x551537A: __fopen_internal (iofopen.c:73)
==6241== by 0x118C8E: parse_access_file (access.c:1143)
==6241== by 0x10F134: main (fwknopd.c:250)
server/access.c | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
commit 74440be6535b66d8585aac63c0efc1e170f70e96
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jun 16 23:08:50 2014 -0400
[server] minor pointer typo fix
server/fwknopd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 3557158620f3a576cf4a958a80f3534ea3e85edc
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jun 15 23:10:02 2014 -0400
[test suite] add valgrind suppressions for libfiu
test/valgrind_suppressions | 38 ++++++++++++++++++++++++++++++--------
1 file changed, 30 insertions(+), 8 deletions(-)
commit 389e55ddfcd5a8a2d7c75fdca905768a8318ed2a
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jun 15 10:55:19 2014 -0400
[test suite] consolidate valgrind success/failure criteria into a single function
test/test-fwknop.pl | 33 +++++++++++++++++++++------------
1 file changed, 21 insertions(+), 12 deletions(-)
commit 55a03f33927dd95719dbe0683a3b29b6d3501344
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jun 15 10:34:52 2014 -0400
[test suite] added suppressions to fko-wrapper/run_valgrind.sh
test/fko-wrapper/run_valgrind.sh | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
commit 487860725451f5f290b55b8cbe729af58f7d5413
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jun 15 10:21:21 2014 -0400
[libfko] removed fko_new_strdup() fault injection tag since fko_destroy() isn't called
lib/fko_funcs.c | 4 ----
test/fko-wrapper/fko_fault_injection.c | 3 +--
test/tests/fault_injection.pl | 9 ---------
3 files changed, 1 insertion(+), 15 deletions(-)
commit 054793fd9e79b5aa70c5be7759fec1e9e23a9108
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jun 15 09:48:37 2014 -0400
[server] check fiu_enable() return value in --fault-injection mode
server/fwknopd.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
commit 34f7ebd0829b3dd5545e120fe3e9af9cca7a7119
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jun 15 09:41:43 2014 -0400
[test suite] added strtol_wrapper() fault injection tags
lib/fko_util.c | 10 ++++++++++
1 file changed, 10 insertions(+)
commit 42a20616b499003d59b21abba2ee6ce9431622e1
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Jun 14 21:27:18 2014 -0400
[libfko] additional fault injection additions with test suite support
lib/fko_funcs.c | 19 ++++----
lib/fko_hmac.c | 10 ++++
test/tests/fault_injection.pl | 103 ++++++++++++++++++++++++++++++++++++++++++
3 files changed, 123 insertions(+), 9 deletions(-)
commit c00a3e7b2670566c9a403e07a5a34df0fcda1811
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jun 12 20:29:54 2014 -0400
[test suite] additional fault injection tests
lib/fko_util.c | 11 ++++++++
test/tests/fault_injection.pl | 58 +++++++++++++++++++++++++++++++++++++++++++
2 files changed, 69 insertions(+)
commit 13ca6261b362382dd42b56cafadd903dcd851412
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jun 12 20:29:24 2014 -0400
[test suite] minor update to not parse crash messages out of crash test output file
test/test-fwknop.pl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 06ce514111ad9838eee1cf82955140099c78ffe5
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jun 12 00:02:18 2014 -0400
[test suite] add several fault injection tests
lib/fko_client_timeout.c | 2 +-
lib/fko_digest.c | 46 ++++++++
server/fw_util_iptables.c | 4 +
test/fko-wrapper/fko_wrapper.c | 8 +-
test/tests/fault_injection.pl | 243 ++++++++++++++++++++++++++++++++++++++++-
5 files changed, 294 insertions(+), 9 deletions(-)
commit d8b2ae370afcd211338bc91d880b61fbb83c0c77
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jun 12 00:01:58 2014 -0400
[test suite] always run crash check at the end of test run
test/test-fwknop.pl | 28 ++++++++++++++--------------
1 file changed, 14 insertions(+), 14 deletions(-)
commit e02750e6662204ad1020c4128e2e34c505e26ad6
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jun 12 00:01:12 2014 -0400
[server] skip firewall rules check in --test mode
server/pcap_capture.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
commit 410624a85828a23290bbac25c8ac3a8627660e22
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jun 12 00:00:40 2014 -0400
[libfko] free() temp buffer right after strdup() call, add libfiu fault injection tags
lib/fko_encode.c | 46 ++++++++++++++++++++++++++++------------------
1 file changed, 28 insertions(+), 18 deletions(-)
commit 816962982f631cd8e6d15dc40171a3755c263a18
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Jun 11 23:59:08 2014 -0400
[server] clean up fko_destroy() calls in main access stanza loop
server/incoming_spa.c | 57 ++++++---------------------------------------------
1 file changed, 6 insertions(+), 51 deletions(-)
commit b8ad48eaa97646b48a4debc4e4e7f49cc279c05d
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jun 9 21:50:55 2014 -0400
[test suite] added fiu-run fault injection tests against the fwknopd server
test/tests/fault_injection.pl | 56 +++++++++++++++++++++++++++++++++++++++++++
1 file changed, 56 insertions(+)
commit 8d31de729571be2e2bfc28e0889d904305c881ee
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jun 9 20:48:23 2014 -0400
[server] skip replay storage in --test mode (since we're not granting access anyway)
server/incoming_spa.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 70f70091b12f929f4dd56d2b783d7ea77a4b06f3
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jun 9 20:45:01 2014 -0400
[server] skip fw initialization and cleanup in --test mode
server/fwknopd.c | 17 ++++-------------
1 file changed, 4 insertions(+), 13 deletions(-)
commit 4ab677cfe0ac2bd99f2b7c84b1f17a6e84f2b440
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Jun 9 20:40:44 2014 -0400
[server] minor fwknopd --help output update
server/config_init.c | 19 ++++++++++++++++++-
1 file changed, 18 insertions(+), 1 deletion(-)
commit ffde9c3f1ae38d1a5c0f72ed3d721bc0bfaeaa16
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jun 8 23:09:55 2014 -0400
[libfko] bug fix to check strdup() return value
Using the 'fiu-run' fault injection binary, a couple of cases were
turned up with libfko does not properly check the strdup() return value.
This commit fixes these issues, and here is an illustration of the stack
trace for one such issue:
Core was generated by `../client/.libs/fwknop -A tcp/22 -a 127.0.0.2 -D
127.0.0.1 --get-key local_spa.'.
Program terminated with signal 11, Segmentation fault.
#0 __strnlen_sse2 () at ../sysdeps/x86_64/multiarch/../strnlen.S:34
34 ../sysdeps/x86_64/multiarch/../strnlen.S: No such file or directory.
(gdb) where
#0 __strnlen_sse2 () at ../sysdeps/x86_64/multiarch/../strnlen.S:34
#1 0x00007effa38189bc in _rijndael_encrypt (enc_key_len=<optimized out>, enc_key=<optimized out>, ctx=0x7effa5945750) at fko_encryption.c:141
#2 fko_encrypt_spa_data (ctx=0x7effa5945750, enc_key=<optimized out>, enc_key_len=<optimized out>) at fko_encryption.c:605
#3 0x00007effa381a2d6 in fko_spa_data_final (ctx=0x7effa5945750, enc_key=enc_key@entry=0x7fff3ff4aa10 "fwknoptest", enc_key_len=<optimized out>, hmac_key=hmac_key@entry=0x7fff3ff4aaa0 "", hmac_key_len=0) at fko_funcs.c:489
#4 0x00007effa405f2fb in main (argc=<optimized out>, argv=<optimized out>) at fwknop.c:449
lib/fko_encryption.c | 10 ++++++----
lib/fko_hmac.c | 8 ++++++--
2 files changed, 12 insertions(+), 6 deletions(-)
commit 989d48b7e97ebd8186f4b9ec364bc2389edcb623
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jun 8 20:22:19 2014 -0400
[test suite] make valgrind suppressions slightly more perscriptive
test/valgrind_suppressions | 46 ++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 46 insertions(+)
commit 7fb2f292bcd74c39772816d617912ad7febc351b
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jun 8 20:20:19 2014 -0400
[test suite] in valgrind mode, make tests fail whenever there are 'definitely' or 'indirectly' lost bytes in memory
test/test-fwknop.pl | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
commit 53a1e1bc0047b116807f715c326edad93c164c7e
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jun 8 20:19:03 2014 -0400
[client] minor bug fix for condition under which fiu_* functions are called for fault injection
client/fwknop.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
commit 82b05b95302744d1c1dba55b4e1792868114bf8d
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Jun 6 21:28:28 2014 -0400
[libfko] fko_new() bug fix to not leak memory under fko_set_... error conditions
This commit changes how fko_new() deals with FKO context initialization
to not set ctx->initval back to zero (uninitialized) imediately after
calling each fko_set_... function and before checking the fko_set_... return
value. The reason for this change is that fko_destroy() checks for
context initialization via ctx->initval before calling free() against
any heap allocated context member. So, if fko_set_... returns an error,
fko_destroy() (previous to this commit) would have no opportunity to
free such members.
This bug was found with fault injection testing provided by libfiu
together with valgrind. Specifically the following test suite command
exposes the problem (from the test/ directory):
./test-fwknop.pl --enable-complete --include "fault injection.*libfko"
In the resulting output/2.test file valgrind reports the following:
==27941== LEAK SUMMARY:
==27941== definitely lost: 264 bytes in 1 blocks
==27941== indirectly lost: 28 bytes in 3 blocks
==27941== possibly lost: 0 bytes in 0 blocks
==27941== still reachable: 1,099 bytes in 12 blocks
==27941== suppressed: 0 bytes in 0 blocks
After this commit is applied, this changes to:
==7137== LEAK SUMMARY:
==7137== definitely lost: 0 bytes in 0 blocks
==7137== indirectly lost: 0 bytes in 0 blocks
==7137== possibly lost: 0 bytes in 0 blocks
==7137== still reachable: 1,099 bytes in 12 blocks
==7137== suppressed: 0 bytes in 0 blocks
Note that 'definitely lost' in valgrind output means there is a real
memory leak that needs to be fixed whereas 'still reachable' is most
likely not a real problem according to:
http://valgrind.org/docs/manual/faq.html#faq.deflost
lib/fko_funcs.c | 37 ++++++++-----------------------------
1 file changed, 8 insertions(+), 29 deletions(-)
commit dfeecf5c293af02bca9c830052bc85ea7e0279e4
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jun 5 23:13:01 2014 -0400
[test suite] additional fix for duplicate fault injection tags
test/fko-wrapper/fko_fault_injection.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
commit 1b4d7f5b1935d4882db1c85d95676f51e446fd3b
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jun 5 23:10:41 2014 -0400
[test suite] minor fix for duplicate fault injection tags
test/fko-wrapper/fko_fault_injection.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
commit 6d1d66fe032c33894252d3b88253255f68019a4c
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Jun 5 23:05:49 2014 -0400
add --fault-injection-tag support to the client/server/libfko
This is a significant commit to add the ability to leverage libfko fault
injections from both the fwknop client and server command lines via a
new option '--fault-injection-tag <tag name>'. This option is used by
the test suite with the tests/fault_injection.pl tests.
client/cmd_opts.h | 3 +
client/config_init.c | 9 +
client/fwknop.8.in | 12 +-
client/fwknop.c | 29 +++
client/fwknop_common.h | 3 +
common/common.h | 4 +
doc/fwknop.man.asciidoc | 7 +
doc/fwknopd.man.asciidoc | 9 +
lib/fko_client_timeout.c | 11 ++
lib/fko_funcs.c | 22 +++
lib/fko_message.c | 19 ++
lib/fko_nat_access.c | 21 +++
lib/fko_server_auth.c | 12 ++
lib/fko_timestamp.c | 9 +
lib/fko_user.c | 9 +
server/cmd_opts.h | 5 +-
server/config_init.c | 8 +
server/fwknopd.8.in | 12 +-
server/fwknopd.c | 30 +++
server/fwknopd_common.h | 1 +
test/test-fwknop.pl | 63 ++++++-
test/tests/fault_injection.pl | 427 ++++++++++++++++++++++++++++++++++++++++++
22 files changed, 717 insertions(+), 8 deletions(-)
commit 6a0af8ed8ef1b585a346475005c81c062e81ab4b
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun Jun 1 22:30:54 2014 -0400
[test suite] added coverage_diff.py
This commit adds support for diff'ing before and after gcov/lcov results
to see when new function/line coverage is added by the test suite. Here
is an example of its output:
Sun Jun 1 22:28:00 2014 CMD: ./coverage_diff.py
[+] Coverage: /home/mbr/git/fwknop.git/server/config_init.c
[+] new 'fcns' coverage: usage()
[+] new 'lines' coverage: 1015
[+] new 'lines' coverage: 1017
[+] new 'lines' coverage: 1019
[+] new 'lines' coverage: 1059
[+] new 'lines' coverage: 979
[+] Coverage: /home/mbr/git/fwknop.git/server/fw_util_iptables.c
[+] new 'lines' coverage: 560
[+] new 'lines' coverage: 561
test/coverage_diff.py | 77 +++++++++++++++++++++++++++++++++++++++++++++++++++
test/test-fwknop.pl | 5 ++++
2 files changed, 82 insertions(+)
commit 040b7b10a002d2f9b98a5b73c7b846ca61edbe5c
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon May 26 23:15:09 2014 -0400
[test suite] add shell escape for /usr/include/* wildcard on lcov command line
test/test-fwknop.pl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 2e150d47a7d905f4cbf7e3c0188343b45d87b471
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon May 26 23:06:14 2014 -0400
restore trustdb.gpg files
test/conf/client-gpg-no-pw/trustdb.gpg | Bin 1360 -> 1360 bytes
test/conf/server-gpg-no-pw/trustdb.gpg | Bin 1360 -> 1360 bytes
2 files changed, 0 insertions(+), 0 deletions(-)
commit 2697bd260ce821c7be632cfd87e381805a7db1a0
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon May 26 22:53:44 2014 -0400
[test suite] fix LD_LIBRARY_PATH for fiu-run execution against fko-wrapper binaries
test/conf/client-gpg-no-pw/trustdb.gpg | Bin 1360 -> 1360 bytes
test/conf/server-gpg-no-pw/trustdb.gpg | Bin 1360 -> 1360 bytes
test/test-fwknop.pl | 4 +++-
3 files changed, 3 insertions(+), 1 deletion(-)
commit ed58dcb635b7d3b0f89b3f3191aa903fa18d0d76
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon May 26 21:28:19 2014 -0400
Revert "add gcc '-pg' flag in --enable-profile-coverage mode"
This reverts commit bbe5626566d617317f2d25f5650f2299c95f2c9f because -pg
is needed for gprof, not gcov, and valgrind is incompatible with -pg.
configure.ac | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit ddaf0134d6d6b42284047ee6b543a6258c61e34d
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon May 26 15:54:12 2014 -0400
use fiu.h instead of fiu-local.h
common/common.h | 2 +-
lib/fko_common.h | 2 +-
test/fko-wrapper/fko_basic.c | 6 ++++++
test/fko-wrapper/fko_fault_injection.c | 2 +-
test/tests/fault_injection.pl | 4 ++--
5 files changed, 11 insertions(+), 5 deletions(-)
commit e893ecad21d2152edd3e9e661eedb3f0d0bd9ac2
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon May 26 15:09:02 2014 -0400
[test suite] added first test to run fwknop client underneath fiu-run for libc fault injection
test/tests/fault_injection.pl | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
commit a1f1e4b32891f710f52cd6b486bf026fde77d50d
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon May 26 14:18:27 2014 -0400
[test suite] in --enable-fuzzing-interfaces mode create fko-wrapper/send_spa_payloads file if it does exist
test/test-fwknop.pl | 14 ++++++++++++++
1 file changed, 14 insertions(+)
commit 237602114fc20d55187d797e3f1d553bf12684ae
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon May 26 08:40:26 2014 -0400
[test suite] minor fko_wrapper comment update
test/fko-wrapper/fko_wrapper.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
commit 15aff82980c7b093f231c8218ff5d84553e79dc0
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon May 26 08:39:44 2014 -0400
client/server added libfiu header files in --enable-libfiu-support mode
common/common.h | 5 +++++
1 file changed, 5 insertions(+)
commit 55ae7d509576c1279ba9b7b90f33eb7a6a88bbbc
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun May 25 22:10:43 2014 -0400
[test suite] auto-generate fko-wrapper/fuzz_spa_payload file with spa_fuzzing.py if necessary in --enable-complete/--enable-fuzzing-interfaces mode
test/test-fwknop.pl | 26 +++++++++++++++++++++++---
test/tests/rijndael_hmac_fuzzing.pl | 2 +-
2 files changed, 24 insertions(+), 4 deletions(-)
commit 23e8dcfddd16c687563b45dae8f7bcd608b1c27b
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun May 25 16:23:40 2014 -0400
[test suite] added configure_max_coverage.sh for --enable-complete mode
test/configure_max_coverage.sh | 13 +++++++++++++
1 file changed, 13 insertions(+)
commit fa53cc62e14e9c235bffe64e22d383b95d59ce35
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun May 25 15:50:09 2014 -0400
[test suite] SPA packet fuzzer minor comment additions to clearly define SPA packet types
test/spa_fuzzing.py | 36 +++++++++++++++++++++++++++++++++---
1 file changed, 33 insertions(+), 3 deletions(-)
commit d625a24a87e541295f3457867e8933bcd3eb54e5
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun May 25 15:08:31 2014 -0400
[test suite] added fko_new_with_data() call with SPA data that is too short
test/fko-wrapper/fko_wrapper.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
commit 00ea2ce0efffb0a5fadab8ada3b873a07cb1068f
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun May 25 12:37:35 2014 -0400
[test suite] added --enable-complete option for fuzzing, fault injection, and code coverage
test/test-fwknop.pl | 21 +++++++++++++++------
1 file changed, 15 insertions(+), 6 deletions(-)
commit de03ed702ea30748e876bf2cdbe22aa75f25c69b
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat May 24 17:55:57 2014 -0400
[test suite] added the ability to run fiu-run fault injection binary against fwknop
test/test-fwknop.pl | 36 +++++++++++++++++++++++++++++++++++-
1 file changed, 35 insertions(+), 1 deletion(-)
commit 597a3d395363af43c3a46617649c6f786aa69dbb
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat May 24 15:12:07 2014 -0400
[libfko] added fault injections for remaining ...set...() functions called by fko_new()
lib/fko_digest.c | 7 +++++++
lib/fko_encryption.c | 16 ++++++++++++++++
lib/fko_message.c | 8 ++++++++
lib/fko_timestamp.c | 8 ++++++++
test/fko-wrapper/fko_fault_injection.c | 28 ++++++++++++++++++++++++++--
5 files changed, 65 insertions(+), 2 deletions(-)
commit 5f227cfa488e28bba60376e7f10c387cc0c3f9c5
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat May 24 14:47:10 2014 -0400
[libfko] added fault injections for fko_set_username()
lib/fko_user.c | 14 ++++++++++++++
test/fko-wrapper/fko_fault_injection.c | 13 ++++++++++---
2 files changed, 24 insertions(+), 3 deletions(-)
commit 17f325ecebd69d7421f590c0fcf00058a8cc6990
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat May 24 14:01:49 2014 -0400
[libfko] added fault injections for fko_set_rand_value()
lib/fko_rand_value.c | 20 ++++++++++++++++++++
test/fko-wrapper/fko_fault_injection.c | 16 ++++++++++++++--
2 files changed, 34 insertions(+), 2 deletions(-)
commit 35ad8323928ebdf07fad38bed22e65f099dfae02
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat May 24 10:14:28 2014 -0400
[libfko] started on libfiu fault injection code
lib/fko_common.h | 4 ++++
lib/fko_funcs.c | 9 +++++++
test/fko-wrapper/fko_fault_injection.c | 43 +++++++++++++++++++---------------
3 files changed, 37 insertions(+), 19 deletions(-)
commit 2f9b92068d7239e9a617e21b4cb8febbaf06f436 (refs/remotes/origin/master, refs/remotes/origin/HEAD)
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri May 23 18:55:06 2014 -0400
[test suite] added tests/rijndael_hmac_fuzzing.pl file
test/tests/rijndael_hmac_fuzzing.pl | 11 +++++++++++
1 file changed, 11 insertions(+)
commit 23997b62aac680a97d3040806786cd5f6e738d61
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri May 23 18:50:47 2014 -0400
[test suite] add hmac_fuzzing_access.conf file
test/conf/hmac_fuzzing_access.conf | 5 +++++
1 file changed, 5 insertions(+)
commit 8d61a8cf7fab4cf0caeed0e1bffe4de4e9c86fa3
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri May 23 18:55:06 2014 -0400
[test suite] added tests/rijndael_hmac_fuzzing.pl file
test/tests/rijndael_hmac_fuzzing.pl | 11 +++++++++++
1 file changed, 11 insertions(+)
commit 0a82c68451b3ea6543fc1a97409212b1b8402841
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri May 23 18:50:47 2014 -0400
[test suite] add hmac_fuzzing_access.conf file
test/conf/hmac_fuzzing_access.conf | 5 +++++
1 file changed, 5 insertions(+)
commit cf3f41821b43d4a87367ffd899b81e5bd5862568
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu May 22 08:36:11 2014 -0500
[test suite] add fault injection tests
Makefile.am | 1 +
test/test-fwknop.pl | 43 ++++++++++++++++++++++++++++++++-----------
test/tests/fault_injection.pl | 37 +++++++++++++++++++++++++++++++++++--
3 files changed, 68 insertions(+), 13 deletions(-)
commit a65fff7e7b9689bdae06a7791c573097a7a83b2d
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu May 22 08:30:36 2014 -0500
[test suite] make fko_wrapper binary path absolute
test/tests/basic_operations.pl | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit c5e8eee74325ed7ce01c025cc820fea3e6c2e04a
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu May 22 08:29:06 2014 -0500
[test suite] make fko_wrapper binary path absolute
test/tests/rijndael_fuzzing.pl | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit a2f2777e9f9e89a5af484d0df68437dfc23f2a62
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu May 22 08:24:16 2014 -0500
[test suite] add fko_basic.c file to the FKO wrapper
Makefile.am | 3 ++-
test/fko-wrapper/fko_basic.c | 19 +++++++++++++++++++
2 files changed, 21 insertions(+), 1 deletion(-)
commit bbe5626566d617317f2d25f5650f2299c95f2c9f
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu May 22 08:19:45 2014 -0500
add gcc '-pg' flag in --enable-profile-coverage mode
configure.ac | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit 8666788a16bd206a5a14562e2cccb873015b89d4
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed May 21 09:12:20 2014 -0400
[test suite] minor line counter addition for file_find_regex()
test/test-fwknop.pl | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
commit 02389932bc23db025b13a07665858ed50fe48b6a
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed May 21 08:27:31 2014 -0400
added --enable-libfiu-support to build fwknop with fault injection support
configure.ac | 19 ++++++++++++++++++-
1 file changed, 18 insertions(+), 1 deletion(-)
commit 84821438bdfedabaac16185308ec65149fdf31b9
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue May 20 21:20:10 2014 -0400
[test suite] started on support for libfiu fault injection tests
test/fko-wrapper/Makefile | 6 +-
test/fko-wrapper/fko_fault_injection.c | 34 +++++++++++
test/fko-wrapper/run.sh | 7 +++
test/fko-wrapper/run_valgrind.sh | 6 +-
test/test-fwknop.pl | 105 ++++++++++++++++++---------------
test/tests/basic_operations.pl | 18 ++++++
test/tests/fault_injection.pl | 21 +++++++
test/tests/rijndael_fuzzing.pl | 10 +++-
8 files changed, 154 insertions(+), 53 deletions(-)
commit 55582c31f8bd661408dc3b11f46ad7808d5ea784
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat May 10 23:16:32 2014 -0400
[test suite] expand libfko username coverage testing by adding undef LOGNAME env variable test
test/tests/basic_operations.pl | 9 +++++++++
1 file changed, 9 insertions(+)
commit d5e5961ca1cad0f62e280a51d8b38b9c76bc8e6e
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri May 9 21:13:48 2014 -0400
[test suite] stronger valgrind test requirements
This commit adds a couple of suppressions for known issues that valgrind
finds in libcap, and then makes a significant change to how the test
suite deals with any valgrind errors (in --enable-valgrind mode) that
are outside of these suppressions. That is, any new valgrind errors
that are discovered will cause the test that triggers them to fail.
Previous to this commit, the final valgrind "flagged functions" test
attmpted to do this by comparing valgrind output across test runs. This
worked well enough for a while, but this latest commit enforces a
stricter stance for valgrind validation of the fwknop code base.
test/test-fwknop.pl | 188 ++++++++++++++++++++++++++-------------------
test/valgrind_suppressions | 28 ++++++-
2 files changed, 134 insertions(+), 82 deletions(-)
commit 7cb8ad95280f09fceaaee1488b54fc15e75f3ff5
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri May 9 20:53:32 2014 -0400
[fko-wrapper] add missing fko_destroy() call
test/fko-wrapper/fko_wrapper.c | 2 ++
1 file changed, 2 insertions(+)
commit 22ad9044cdd2d5da86e23534c5d8acf1ee4cb397
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri May 9 20:51:29 2014 -0400
[test suite] python fuzzer pkt_id counter minor bug fix
test/spa_fuzzing.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
commit 3e0c983bbd0d13ec7354e86678951f3d3a832c22
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri May 9 07:57:46 2014 -0400
[test suite] add lib path and valgrind string to server start/stop cycle tests
test/test-fwknop.pl | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
commit 2b5029a4eed188986e0e6d810d5161d6542727b8
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri May 9 07:49:57 2014 -0400
[test suite] add SIGINT, SIGUSR1, and SIGUSR2 signals to restart cycle test for code coverage
test/test-fwknop.pl | 24 +++++++++++++++++++++---
test/tests/basic_operations.pl | 1 -
2 files changed, 21 insertions(+), 4 deletions(-)
commit 33234183dfe8cca858d83f0ce81df14b8eb2ba1e
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon May 5 01:15:20 2014 -0400
[test stuie] fko-wrapper PKT_ID generation + send fuzzing packets back through fko_new_with_data() cycle
test/fko-wrapper/fko_wrapper.c | 50 ++++++++++++++++++++++++++++++++++++++++--
1 file changed, 48 insertions(+), 2 deletions(-)
commit 0c544f2690640719da243ffbdd7b0d8560673945
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon May 5 23:51:21 2014 -0400
[server] add --test mode to enable broader fuzzing coverage
ChangeLog | 5 +++++
doc/fwknopd.man.asciidoc | 6 ++++++
server/cmd_opts.h | 3 ++-
server/config_init.c | 3 +++
server/fwknopd.8.in | 13 +++++++++++--
server/incoming_spa.c | 24 +++++++++++++++++++++++-
6 files changed, 50 insertions(+), 4 deletions(-)
commit 64a4642c479e9d0bd2434b86dcf1f0ca3b0883fb
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon May 5 23:11:32 2014 -0400
[server] minor fix to remove unnecessary opts.status check
server/fwknopd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 7d1ad9a4fa2b12d9a6754432e880f88519f8d2ee
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon May 5 23:05:02 2014 -0400
add new test suite conf files
Makefile.am | 2 ++
1 file changed, 2 insertions(+)
commit 16b391109183c8f4d76359ed9fd3aa8bbc4ea706
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon May 5 23:01:44 2014 -0400
[test suite] Rijndael HMAC fuzzing support and a few minor test additions
test/spa_fuzzing.py | 188 +++++++++++++++++++++++++++++------------
test/test-fwknop.pl | 107 +++++++++++++++++++++++
test/tests/basic_operations.pl | 23 ++++-
3 files changed, 264 insertions(+), 54 deletions(-)
commit 02ed5f5ad4aab6b9734f30ca58633dc1431f46cd
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun May 4 09:17:27 2014 -0400
[server] add --exit-parse-config option, man page updates (minor formatting change)
client/fwknop.8.in | 10 +-
doc/fwknop.man.asciidoc | 300 +++++++++++++++++++++++------------------------
doc/fwknopd.man.asciidoc | 208 ++++++++++++++++----------------
server/cmd_opts.h | 2 +
server/config_init.c | 4 +
server/fwknopd.8.in | 17 ++-
server/fwknopd.c | 6 +
server/fwknopd_common.h | 1 +
server/fwknopd_errors.h | 1 +
9 files changed, 296 insertions(+), 253 deletions(-)
commit d7e9ae578b0e41555f6260d848d6f2566bce315c
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun May 4 09:16:39 2014 -0400
[test suite] add digest cache rewrite feature for test coverage, add config line and pcap filter validation tests
test/test-fwknop.pl | 7 +++-
test/tests/basic_operations.pl | 78 ++++++++++++++++++++++++++++++++++++++++++
2 files changed, 84 insertions(+), 1 deletion(-)
commit 24f9c582bb1fa9b6074a0f97698c9139ed298590
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sun May 4 09:15:44 2014 -0400
[test suite] add multi-port access request to python fuzzer
test/spa_fuzzing.py | 1 +
1 file changed, 1 insertion(+)
commit 5f24fc8c5ff9900199838dda47d9b7b21c70da25
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Apr 29 23:50:54 2014 -0400
[server] add --dump-serv-err-codes for test coverage
server/cmd_opts.h | 4 +++-
server/config_init.c | 4 ++++
server/fwknopd_errors.c | 20 ++++++++++++++++++++
test/tests/basic_operations.pl | 10 ++++++++++
4 files changed, 37 insertions(+), 1 deletion(-)
commit 11f3e9b8d3ed919e13b9c22d6c94745919028ddf
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Apr 29 23:41:01 2014 -0400
[server] add test coverage for tcp server when FUZZING_INTERFACES is defined
server/fwknopd.c | 14 +++-----------
server/incoming_spa.c | 3 +++
server/tcp_server.c | 38 +++++++++++++++++++++++++-------------
3 files changed, 31 insertions(+), 24 deletions(-)
commit fb21e3a575954b7898eececa0c1c2a39ea88283a
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Apr 29 23:25:31 2014 -0400
[server] bug fix to handle SPA packets via http
ChangeLog | 5 ++++
Makefile.am | 2 ++
server/incoming_spa.c | 5 +++-
test/conf/spa_over_http.pcap | Bin 0 -> 1846 bytes
test/conf/spa_over_http_fwknopd.conf | 1 +
test/test-fwknop.pl | 2 ++
test/tests/basic_operations.pl | 52 +++++++++++++++++++++++++++++++++++
test/tests/rijndael_hmac.pl | 14 ++++++++++
8 files changed, 80 insertions(+), 1 deletion(-)
commit 6dde30bc91e20d57891e27ecda3aa0116f33d02b
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Apr 29 20:54:01 2014 -0400
[test suite] significant test coverage update
This commit adds a lot of test coverage support as guided by gcov +
lcov.
Also added the --no-ipt-check-support option to fwknopd (this is only
useful in practice on older Linux distros where 'iptables -C' is not
available, but it helps with test coverage).
doc/fwknopd.man.asciidoc | 5 +
server/access.c | 2 +-
server/cmd_opts.h | 54 ++--
server/config_init.c | 3 +
server/fw_util_iptables.c | 5 +-
server/fwknopd.8.in | 64 +++--
server/fwknopd_common.h | 2 +
test/conf/gpg_hmac_access.conf | 2 +-
test/conf/gpg_no_pw_hmac_access.conf | 2 +-
test/test-fwknop.pl | 11 +-
test/tests/basic_operations.pl | 500 ++++++++++++++++++++++++++++++++++-
test/tests/rijndael_hmac.pl | 13 +
12 files changed, 609 insertions(+), 54 deletions(-)
commit 40e14fc4002d00d63f55591ef58fc1ca323f9222
Merge: 964f28e 9901d8a
Author: Michael Rash <mbr@cipherdyne.org>
Date: Mon Apr 28 23:00:16 2014 -0400
Merge branch 'spa_encoding_fuzzing'
commit 9901d8a76a75e8d2bb5088fe92cc370f084e85cb (refs/remotes/origin/spa_encoding_fuzzing, refs/heads/spa_encoding_fuzzing)
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Apr 26 23:04:44 2014 -0400
[libfko/test suite] add the FUZZING_INTERFACES macro
Add a new fko_set_encoded_data() function gated by #define
FUZZING_INTERFACES to allow encryption and authentication to be bypassed
for fuzzing purposes (and only fuzzing purposes). The fko-wrapper code
has been extended to process data in the
test/fko-wrapper/fuzz_spa_payloads file, which is created by the new
python fuzzer. Typical workflow is:
$ cd test/fko-wrapper
$ ../spa_fuzzer.py > fuzz_spa_payloads
$ make fuzzing
(as root):
./test-fwknop.pl --enable-profile-coverage --enable-fuzzing-interfaces --enable-all --include wrapper
[+] Starting the fwknop test suite...
args: --enable-profile-coverage --enable-fuzzing-interfaces --enable-all --include wrapper
Saved results from previous run to: output.last/
Valgrind mode enabled, will import previous coverage from:
output.last/valgrind-coverage/
[+] Total test buckets to execute: 2
[Rijndael] [fko-wrapper] multiple libfko calls (with valgrind)......pass (1)
[Rijndael] [fko-wrapper] multiple libfko calls......................pass (2)
[profile coverage] gcov profile coverage............................pass (3)
[valgrind output] [flagged functions] ..............................pass (4)
Run time: 5.85 minutes
[+] 0/0/0 OpenSSL tests passed/failed/executed
[+] 0/0/0 OpenSSL HMAC tests passed/failed/executed
[+] 4/0/4 test buckets passed/failed/executed
configure.ac | 14 +++++
lib/fko.h | 2 +
lib/fko_encode.c | 4 +-
test/conf/client-gpg-no-pw/trustdb.gpg | Bin 1360 -> 1360 bytes
test/fko-wrapper/Makefile | 3 ++
test/fko-wrapper/fko_wrapper.c | 90 +++++++++++++++++++++++++++++++++
6 files changed, 112 insertions(+), 1 deletion(-)
commit e1dde1733a3b7f5512fdb2c104f56e0c45d52589
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Apr 26 23:01:47 2014 -0400
[test suite] python fuzzer - more field length variations to hit MAX_SPA_MESSAGE_SIZE
test/spa_fuzzing.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
commit 91a60b8d91afd7bc11902151a0ea8995ead31a70
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Apr 26 22:35:57 2014 -0400
[test suite] libfko wrapper is already called in Rijndael tests
test/test-fwknop.pl | 7 -------
1 file changed, 7 deletions(-)
commit 367424ece5aaf0b0f4c9926e32b36b6d53e36d3a
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Apr 26 22:03:32 2014 -0400
[test suite] python fuzzer - account for base64 strings that have stripped '=' chars
test/spa_fuzzing.py | 86 +++++++++++++++++++++++++++++------------------------
1 file changed, 47 insertions(+), 39 deletions(-)
commit e00add778ed7f04791d8f9380da766deaa8e5874
Author: Michael Rash <mbr@cipherdyne.org>
Date: Sat Apr 26 17:03:47 2014 -0400
[test suite] python fuzzer - add fuzzing fields to original fields (interim commit)
test/spa_fuzzing.py | 51 ++++++++++++++++++++++++++++++++++++++++++---------
1 file changed, 42 insertions(+), 9 deletions(-)
commit 1deccfd0053f5e4649dce697de7cd662a4cb47ec
Author: Michael Rash <mbr@cipherdyne.org>
Date: Thu Apr 24 22:11:04 2014 -0400
[test suite] python fuzzer - break out fuzzing sections into dedicated functions
test/spa_fuzzing.py | 198 +++++++++++++++++++++++++++++++++++-----------------
1 file changed, 134 insertions(+), 64 deletions(-)
commit 4b11232249a89e4b917779546f6beee2d9e17a91
Author: Michael Rash <mbr@cipherdyne.org>
Date: Wed Apr 23 23:31:37 2014 -0400
[test suite] add command mode SPA payload and splicing tests to python fuzzer
test/spa_fuzzing.py | 10 ++++++++++
1 file changed, 10 insertions(+)
commit b9e2a42c5c55286017020d5048e76f375aac060f
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Apr 22 23:48:13 2014 -0400
[test suite] support multiple initial SPA payloads in the python fuzzer
test/spa_fuzzing.py | 121 +++++++++++++++++++++++++++++-----------------------
1 file changed, 68 insertions(+), 53 deletions(-)
commit cd8a2493a7d0679bc2c7e02d49ed46c3831972bf
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Apr 22 23:20:06 2014 -0400
[test suite] python fuzzer additional tests
test/spa_fuzzing.py | 65 ++++++++++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 60 insertions(+), 5 deletions(-)
commit b28b8b5de124828f6987f26fc824a0a989c4f5b7
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Apr 22 21:58:09 2014 -0400
[libfko] fix double free bug in SPA parser
This commit fixes a double free condition discovered through the new
python SPA payload fuzzer. This bug could be triggered in fwknopd with
a malicious SPA payload but only when GnuPG is used. When Rijndael is
used for SPA packet encryption, this bug cannot be triggered due to an
length/format check towards the end of _rijndael_decrypt(). It should
be noted that only a person in possession of the correct encryption and
authentication GnuPG keys could trigger this bug.
lib/fko_decode.c | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)
commit beb8df46432d46afe1b60bed132b03285fd86f0e
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Apr 22 21:00:16 2014 -0400
[test suite] add python SPA packet payload fuzzer
test/spa_fuzzing.py | 61 +++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 61 insertions(+)
commit 63a59bf48b2cbea3755bb774b2007ffd8d881c54
Author: Michael Rash <mbr@cipherdyne.org>
Date: Tue Apr 22 20:58:03 2014 -0400
[test suite] add --enable-fuzzing-interfaces, fix profile coverage file handling
test/test-fwknop.pl | 135 +++++++++++++++++++++++-----------------------------
1 file changed, 59 insertions(+), 76 deletions(-)
commit f4a8c0fda84ec5ebafb68506ff0059f3dbeae396
Author: Michael Rash <mbr@cipherdyne.org>
Date: Fri Apr 18 21:39:54 2014 -0400
[libfko] for fuzzing purposes, added fko_set_encoded_data() to bypass encryption and authentication for SPA payloads
lib/fko.h | 2 ++
lib/fko_encode.c | 70 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 72 insertions(+)
View Git Blame Copy Permalink