Tobias Brunner
0e6f3a380a
configure: Add an option to enable all optional features/plugins
...
This has probably no real practical use, but it simplifies testing.
2014-03-20 15:29:27 +01:00
Tobias Brunner
1c26ce2dc3
configure: Reorder and group feature options
2014-03-20 15:29:27 +01:00
Tobias Brunner
48ac56e2aa
unit-tests: Generate weak keys with gcrypt plugin (but quickly)
2014-03-20 15:29:27 +01:00
Tobias Brunner
fc4f8fc30e
tnc-pdp: Fix monolithic build
2014-03-20 15:29:27 +01:00
Tobias Brunner
27b3358fed
plugin-feature: Hash only the actually used feature argument
...
Clang does not initialize padding in union members so hashing the
complete "arg" union could lead to different hashes if the hashed
plugin_feature_t does not have static storage duration.
Fixes #549 .
2014-03-20 13:42:57 +01:00
Andreas Steffen
0b408faef1
Added TPMRA workitem support for [dummy] Trusted Boot measurements
2014-03-19 20:26:31 +01:00
Martin Willi
0a8c399a21
pki: When dispatching commands, don't look beyond non-null-terminated array
2014-03-19 09:37:46 +01:00
Martin Willi
87e53819a6
pki: Check length of commands array before accessing command in --help
...
As --help is counted as command as well, the array is not null-terminated
and we have to check for MAX_COMMANDS.
Fixes #550 .
2014-03-19 09:25:29 +01:00
Tobias Brunner
c489c5881a
charon-nm: No additional secrets are required once a password has been entered
...
Recent versions of NM will call need_secrets() as long as it returns TRUE,
but then fail as the number of calls is limited by an assert.
Fixes #547 .
2014-03-18 14:53:40 +01:00
Tobias Brunner
11f31ceb6a
array: Fix removal of elements in the second half of an array
...
Memory beyond the end of the array was moved when array elements in the
second half of an array were removed.
Fixes #548 .
2014-03-18 14:46:16 +01:00
Tobias Brunner
0ab7d5f1f9
plugin-loader: Properly initialize modular plugin list if no plugins are enabled
2014-03-18 10:56:39 +01:00
Andreas Steffen
337f0c8a2f
Implemented ntru_private_key class
2014-03-18 10:03:16 +01:00
Andreas Steffen
3933798cb1
11 bits are needed to encode a maximum index of 1086
2014-03-15 19:22:16 +01:00
Andreas Steffen
c683b389ba
Merged libstrongswan options into charon section
2014-03-15 14:07:34 +01:00
Andreas Steffen
f2a3a01134
strongswan.conf is not needed on RADIUS server alice
2014-03-15 14:07:33 +01:00
Tobias Brunner
67dc5d393c
tnc-ifmap: Get a reference to the client cert as it is also used in an auth config
2014-03-10 14:31:42 +01:00
Andreas Steffen
9483f8ec59
Version bump to 5.1.3dr1
2014-03-07 21:56:34 +01:00
Andreas Steffen
342bc6e545
Disable mandatory ECP support for attestion
2014-03-07 21:56:34 +01:00
Andreas Steffen
ac17ca1ad7
Refactored NTRU parameter set selection
2014-03-07 21:56:34 +01:00
Andreas Steffen
7befce8c3f
Refactored ntru_param_sets
2014-03-07 21:56:33 +01:00
Tobias Brunner
0d30d73eb9
thread: Properly clean up meta data of main thread
2014-03-07 18:28:38 +01:00
Tobias Brunner
d517a9893e
settings: Log all errors on level 1
...
Closes #539 .
2014-03-04 13:30:09 +01:00
Thomas Egerer
7acdebf6c0
settings: Avoid conf file parsing beyond allocated buffer
...
A valgrind analysis of libstrongswan revealed an invalid read of 1 in
the function starts_with(). A more thorough analysis proved this to be
true and showed that with a specially crafted config file (e.g. a single
'#'-character not followed by a newline), the parser might even
interpret the random memory contents following the allocated buffer as
part of the configuration file.
The way the parser is designed, it must be able to skip an inserted
'\0' and continue parsing. Since it is not able to skip two '\0'
characters, the 'fix' of allocating two more bytes than the size of the
parsed file and setting them to '\0' seems to be a safe bet.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
2014-03-03 17:27:58 +01:00
Tobias Brunner
af15c71bfb
configure: Fix autoreconf with older autotools
...
Older autoconf versions (e.g. on CentOS 6.5) produce an empty else block
for the removed empty argument, which the shell then trips over when
executing ./configure.
Fixes #536 .
2014-03-03 17:14:26 +01:00
Andreas Steffen
d6ce8da6c0
Optimize ntru_poly constructors some more
2014-02-27 23:06:51 +01:00
Andreas Steffen
1d252e9dec
Version bump to 5.1.2
2014-02-27 22:46:52 +01:00
Andreas Steffen
2bb793f131
Optimized initialisation of indices
2014-02-27 22:39:47 +01:00
Andreas Steffen
222b88a302
Added get_array() method to ntru_poly_t class
2014-02-27 22:08:22 +01:00
Andreas Steffen
d12a4a67bf
Defined ntru_poly_create_from_seed() and ntru_poly_create_from_data() constructors and built some unit tests for the latter)
2014-02-27 20:36:17 +01:00
Andreas Steffen
f87f28ec68
Optimized use of temporary arrays in polynomial multiplication
2014-02-27 15:22:59 +01:00
Andreas Steffen
bf24960cbe
Implement ring multiplication method
2014-02-27 15:22:58 +01:00
Tobias Brunner
bd1c9f1eac
conf: Fix out-of-tree build from distribution
...
It worked from the repository, where strongswan.conf.5.main is generated
in the build dir, but not from the distribution where it is located in
the source dir, so explicitly create it in the source dir.
2014-02-27 12:02:13 +01:00
Tobias Brunner
2ed241aeb3
utils: Add memrchr(3) replacement for platforms that don't support it
...
For instance, on Mac OS X memrchr(3) is not provided by the C library.
2014-02-26 11:05:07 +01:00
Tobias Brunner
625fc60154
Merge branch 'dirname'
...
Fixes the incorrect usage of dirname(3) in settings_t and stroke_cred_t,
and adds thread-safe variants of dirname(3) and basename(3).
2014-02-24 12:04:24 +01:00
Tobias Brunner
6b895d7b25
libpts: Use path_base|dirname()
2014-02-24 12:04:11 +01:00
Tobias Brunner
9222d58634
conftest: Use path_dirname()
2014-02-24 12:04:11 +01:00
Tobias Brunner
849e401b37
stroke: Use thread-safe dirname(3)
2014-02-24 12:04:11 +01:00
Tobias Brunner
18019a3b89
settings: Use thread-safe dirname(3)
2014-02-24 12:04:11 +01:00
Tobias Brunner
766141bc77
utils: Add thread-safe variants of dirname(3) and basename(3)
2014-02-24 12:04:11 +01:00
Tobias Brunner
ba10cd3c7f
utils: Move thread-safe strerror replacement to a separate file
...
For some utils _GNU_SOURCE might be needed but that conflicts with the
signature of strerror_r(3).
2014-02-24 12:04:10 +01:00
Tobias Brunner
aa693d763a
stroke: Use dirname(3) correctly
2014-02-24 12:04:10 +01:00
Tobias Brunner
caf1770905
settings: Use dirname(3) correctly
...
dirname(3) may return a pointer to a statically allocated buffer.
So freeing the returned value can result to undefined behavior. This was
noticed on FreeBSD where it caused very strange crashes.
It is also not thread-safe, which will be addressed later.
2014-02-24 12:03:49 +01:00
Andreas Steffen
a21d4096e5
Use logical AND function
2014-02-23 16:44:32 +01:00
Martin Willi
1c667bce3f
pki: Make cmds array static, ensuring that it is zero-initialized
...
As pki --help relies on a zero-terminated array, make the actually non-public
cmds array static to ensure initialization.
2014-02-20 11:45:51 +01:00
Andreas Steffen
e80014f1e8
index limit can be easily computed
2014-02-19 20:18:53 +01:00
Tobias Brunner
ab13364c65
uclibc only defines strndup(3) if _GNU_SOURCE is defined
...
References #516 .
2014-02-19 16:11:47 +01:00
Tobias Brunner
09417da49c
sshkey: uclibc only defines fmemopen(3) if _GNU_SOURCE is defined
...
Fixes #516 .
2014-02-19 15:55:20 +01:00
Tobias Brunner
6122bfd2eb
coverage: Apparently not all shells can expand {src,scripts}
...
One example is ash.
2014-02-19 15:53:59 +01:00
Tobias Brunner
435aed8287
pki: Fix minor resource leak on failure to read the private key in --req
2014-02-18 16:46:25 +01:00
Tobias Brunner
5a04056295
stroke: Use proper modifiers to print size_t arguments
2014-02-18 16:46:25 +01:00