0e6f3a380a
configure: Add an option to enable all optional features/plugins
...
This has probably no real practical use, but it simplifies testing.
2014-03-20 15:29:27 +01:00
1c26ce2dc3
configure: Reorder and group feature options
2014-03-20 15:29:27 +01:00
48ac56e2aa
unit-tests: Generate weak keys with gcrypt plugin (but quickly)
2014-03-20 15:29:27 +01:00
fc4f8fc30e
tnc-pdp: Fix monolithic build
2014-03-20 15:29:27 +01:00
27b3358fed
plugin-feature: Hash only the actually used feature argument
...
Clang does not initialize padding in union members so hashing the
complete "arg" union could lead to different hashes if the hashed
plugin_feature_t does not have static storage duration.
Fixes #549 .
2014-03-20 13:42:57 +01:00
0b408faef1
Added TPMRA workitem support for [dummy] Trusted Boot measurements
2014-03-19 20:26:31 +01:00
0a8c399a21
pki: When dispatching commands, don't look beyond non-null-terminated array
2014-03-19 09:37:46 +01:00
87e53819a6
pki: Check length of commands array before accessing command in --help
...
As --help is counted as command as well, the array is not null-terminated
and we have to check for MAX_COMMANDS.
Fixes #550 .
2014-03-19 09:25:29 +01:00
c489c5881a
charon-nm: No additional secrets are required once a password has been entered
...
Recent versions of NM will call need_secrets() as long as it returns TRUE,
but then fail as the number of calls is limited by an assert.
Fixes #547 .
2014-03-18 14:53:40 +01:00
11f31ceb6a
array: Fix removal of elements in the second half of an array
...
Memory beyond the end of the array was moved when array elements in the
second half of an array were removed.
Fixes #548 .
2014-03-18 14:46:16 +01:00
0ab7d5f1f9
plugin-loader: Properly initialize modular plugin list if no plugins are enabled
2014-03-18 10:56:39 +01:00
337f0c8a2f
Implemented ntru_private_key class
2014-03-18 10:03:16 +01:00
3933798cb1
11 bits are needed to encode a maximum index of 1086
2014-03-15 19:22:16 +01:00
c683b389ba
Merged libstrongswan options into charon section
2014-03-15 14:07:34 +01:00
f2a3a01134
strongswan.conf is not needed on RADIUS server alice
2014-03-15 14:07:33 +01:00
67dc5d393c
tnc-ifmap: Get a reference to the client cert as it is also used in an auth config
2014-03-10 14:31:42 +01:00
9483f8ec59
Version bump to 5.1.3dr1
2014-03-07 21:56:34 +01:00
342bc6e545
Disable mandatory ECP support for attestion
2014-03-07 21:56:34 +01:00
ac17ca1ad7
Refactored NTRU parameter set selection
2014-03-07 21:56:34 +01:00
7befce8c3f
Refactored ntru_param_sets
2014-03-07 21:56:33 +01:00
0d30d73eb9
thread: Properly clean up meta data of main thread
2014-03-07 18:28:38 +01:00
d517a9893e
settings: Log all errors on level 1
...
Closes #539 .
2014-03-04 13:30:09 +01:00
7acdebf6c0
settings: Avoid conf file parsing beyond allocated buffer
...
A valgrind analysis of libstrongswan revealed an invalid read of 1 in
the function starts_with(). A more thorough analysis proved this to be
true and showed that with a specially crafted config file (e.g. a single
'#'-character not followed by a newline), the parser might even
interpret the random memory contents following the allocated buffer as
part of the configuration file.
The way the parser is designed, it must be able to skip an inserted
'\0' and continue parsing. Since it is not able to skip two '\0'
characters, the 'fix' of allocating two more bytes than the size of the
parsed file and setting them to '\0' seems to be a safe bet.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
2014-03-03 17:27:58 +01:00
af15c71bfb
configure: Fix autoreconf with older autotools
...
Older autoconf versions (e.g. on CentOS 6.5) produce an empty else block
for the removed empty argument, which the shell then trips over when
executing ./configure.
Fixes #536 .
2014-03-03 17:14:26 +01:00
d6ce8da6c0
Optimize ntru_poly constructors some more
2014-02-27 23:06:51 +01:00
1d252e9dec
Version bump to 5.1.2
2014-02-27 22:46:52 +01:00
2bb793f131
Optimized initialisation of indices
2014-02-27 22:39:47 +01:00
222b88a302
Added get_array() method to ntru_poly_t class
2014-02-27 22:08:22 +01:00
d12a4a67bf
Defined ntru_poly_create_from_seed() and ntru_poly_create_from_data() constructors and built some unit tests for the latter)
2014-02-27 20:36:17 +01:00
f87f28ec68
Optimized use of temporary arrays in polynomial multiplication
2014-02-27 15:22:59 +01:00
bf24960cbe
Implement ring multiplication method
2014-02-27 15:22:58 +01:00
bd1c9f1eac
conf: Fix out-of-tree build from distribution
...
It worked from the repository, where strongswan.conf.5.main is generated
in the build dir, but not from the distribution where it is located in
the source dir, so explicitly create it in the source dir.
2014-02-27 12:02:13 +01:00
2ed241aeb3
utils: Add memrchr(3) replacement for platforms that don't support it
...
For instance, on Mac OS X memrchr(3) is not provided by the C library.
2014-02-26 11:05:07 +01:00
625fc60154
Merge branch 'dirname'
...
Fixes the incorrect usage of dirname(3) in settings_t and stroke_cred_t,
and adds thread-safe variants of dirname(3) and basename(3).
2014-02-24 12:04:24 +01:00
6b895d7b25
libpts: Use path_base|dirname()
2014-02-24 12:04:11 +01:00
9222d58634
conftest: Use path_dirname()
2014-02-24 12:04:11 +01:00
849e401b37
stroke: Use thread-safe dirname(3)
2014-02-24 12:04:11 +01:00
18019a3b89
settings: Use thread-safe dirname(3)
2014-02-24 12:04:11 +01:00
766141bc77
utils: Add thread-safe variants of dirname(3) and basename(3)
2014-02-24 12:04:11 +01:00
ba10cd3c7f
utils: Move thread-safe strerror replacement to a separate file
...
For some utils _GNU_SOURCE might be needed but that conflicts with the
signature of strerror_r(3).
2014-02-24 12:04:10 +01:00
aa693d763a
stroke: Use dirname(3) correctly
2014-02-24 12:04:10 +01:00
caf1770905
settings: Use dirname(3) correctly
...
dirname(3) may return a pointer to a statically allocated buffer.
So freeing the returned value can result to undefined behavior. This was
noticed on FreeBSD where it caused very strange crashes.
It is also not thread-safe, which will be addressed later.
2014-02-24 12:03:49 +01:00
a21d4096e5
Use logical AND function
2014-02-23 16:44:32 +01:00
1c667bce3f
pki: Make cmds array static, ensuring that it is zero-initialized
...
As pki --help relies on a zero-terminated array, make the actually non-public
cmds array static to ensure initialization.
2014-02-20 11:45:51 +01:00
e80014f1e8
index limit can be easily computed
2014-02-19 20:18:53 +01:00
ab13364c65
uclibc only defines strndup(3) if _GNU_SOURCE is defined
...
References #516 .
2014-02-19 16:11:47 +01:00
09417da49c
sshkey: uclibc only defines fmemopen(3) if _GNU_SOURCE is defined
...
Fixes #516 .
2014-02-19 15:55:20 +01:00
6122bfd2eb
coverage: Apparently not all shells can expand {src,scripts}
...
One example is ash.
2014-02-19 15:53:59 +01:00
435aed8287
pki: Fix minor resource leak on failure to read the private key in --req
2014-02-18 16:46:25 +01:00
5a04056295
stroke: Use proper modifiers to print size_t arguments
2014-02-18 16:46:25 +01:00
Tobias Brunner