Andreas Steffen
a7047cda59
Cleaned up ntru-crypto library
2013-11-27 20:21:41 +01:00
Andreas Steffen
98c6421674
Implemented NIST SP 800-90A DRBG_HMAC with SHA-256
2013-11-27 20:21:41 +01:00
Andreas Steffen
9013973cc8
unit-tests: Added ntru wrong ciphertext test
2013-11-27 20:21:41 +01:00
Andreas Steffen
885e699b58
unit-tests: Added ntru entropy, retransmission and ciphertext tests
2013-11-27 20:21:41 +01:00
Andreas Steffen
802eaf3789
Any of the four NTRU parameter sets can be selected
2013-11-27 20:21:41 +01:00
Andreas Steffen
1f73969eb5
Make the NTRU parameter set configurable
2013-11-27 20:21:41 +01:00
Andreas Steffen
2c620cb089
unit-tests: first NTRU test case
2013-11-27 20:21:40 +01:00
Andreas Steffen
146ad86be5
Prototype implementation of IKE key exchange via NTRU encryption
2013-11-27 20:21:40 +01:00
Tobias Brunner
20a48e4be3
chunk: Fix signedness warnings caused by chunk_from_* macros
...
There are countless other such warnings because e.g. chunk_create() is called
with char*, but at least we prevent users from causing such warnings
inadvertently when using these macros.
2013-11-27 18:28:44 +01:00
Martin Willi
1cbe4e6ce4
tun-device: Include <linux/types.h> before <linux/if_tun.h>
...
Fixes a build error on CentOS 6.4.
2013-11-22 09:09:06 +01:00
Martin Willi
07ca25909b
printf-hook-builtin: Don't use %P to print uppercase hex pointers
...
We use %P as custom printf specifier for proposals.
2013-11-20 16:57:28 +01:00
Tobias Brunner
3bff80aee3
openssl: Verify that a peer's ECDH public value is a point on the elliptic curve
...
This check is mandated by RFC 6989. Since we don't reuse DH secrets,
it is mostly a sanity check.
2013-11-19 15:00:28 +01:00
Andreas Steffen
b63246c5db
Implemented libstrongswan.plugins.random.strong_equals_true option
2013-11-16 00:11:40 +01:00
Tobias Brunner
20c99edab9
android: Remove dependency on libvstr
2013-11-13 11:40:47 +01:00
Tobias Brunner
334f44cd29
unit-tests: Initialize tests with a callback
2013-11-06 10:31:07 +01:00
Tobias Brunner
8d2450d8b8
plugin-loader: Convenience function added to add plugin dirs in build tree
2013-11-06 10:31:07 +01:00
Martin Willi
09d0c9030a
unit-tests: Separate test runner to a library, reusable by other tests
...
Other users may make use of the noinst libtest.la helper library to implement
unit tests. For libstrongswan, tests.[ch] provide the configuration for test
runner to perform unit tests in a simple manner.
2013-11-06 10:31:07 +01:00
Martin Willi
5a3230a250
unit-tests: Use some include magic to define test suite constructors
...
Avoid editing of several files when creating test suites by using a single
header file to define test suite constructor functions.
2013-11-06 10:31:07 +01:00
Martin Willi
d9d0eef92b
unit-tests: Check printing of strings having zero length
2013-11-06 10:31:07 +01:00
Martin Willi
61934203e2
unit-tests: Add some basic tests if PRI* printf specifiers work as expected
2013-11-06 10:31:06 +01:00
Martin Willi
a4cbda35ce
unit-tests: Add a semaphore wait cancel test
2013-11-06 10:31:06 +01:00
Martin Willi
fae1b85223
unit-tests: Add a semaphore absolute timed wait test
2013-11-06 10:31:06 +01:00
Martin Willi
a14935ea4b
unit-tests: Add a semaphore timed wait test case
2013-11-06 10:31:06 +01:00
Martin Willi
ffab2e0c95
unit-tests: Add a simple semaphore test
2013-11-06 10:31:06 +01:00
Martin Willi
b1bfe59560
unit-tests: Add a spinlock test case
2013-11-06 10:31:06 +01:00
Martin Willi
478dc0257c
unit-tests: Add a rwlock condvar thread cancel test
2013-11-06 10:31:05 +01:00
Martin Willi
b92c173b28
unit-tests: Add a rwlock condvar absolute timed wait test
2013-11-06 10:31:05 +01:00
Martin Willi
af19213c54
unit-tests: Add a rwlock condvar wait test
2013-11-06 10:31:05 +01:00
Martin Willi
1032f52d68
unit-tests: Add a rwlock condvar broadcast test
2013-11-06 10:31:05 +01:00
Martin Willi
f644b9e853
unit-tests: Add a rwlock condvar test
2013-11-06 10:31:05 +01:00
Martin Willi
dac31fe1a0
unit-tests: Add a rwlock test case
2013-11-06 10:31:05 +01:00
Martin Willi
8b25b5c36f
unit-tests: Add a condvar test where wait gets cancelled
2013-11-06 10:31:04 +01:00
Martin Willi
b7db393d01
unit-tests: Add a condvar test working on a recursive mutex
2013-11-06 10:31:04 +01:00
Martin Willi
8699a32b74
unit-tests: Add a condvar absolute timed wait test
2013-11-06 10:31:04 +01:00
Martin Willi
31f9f777b3
unit-tests: Add a condvar timed wait test
2013-11-06 10:31:04 +01:00
Martin Willi
9a0a891e6b
unit-tests: Add condvar broadcast test
2013-11-06 10:31:04 +01:00
Martin Willi
13183a74d4
unit-tests: Add a simple condvar test
2013-11-06 10:31:04 +01:00
Martin Willi
21df985148
unit-tests: Add a thread local storage cleanup test
2013-11-06 10:31:03 +01:00
Martin Willi
0b00e63e49
unit-tests: Add a thread local storage fuzzer test
2013-11-06 10:31:03 +01:00
Martin Willi
fd26b7ff1b
unit-tests: Add a thread cleanup pop test
2013-11-06 10:31:03 +01:00
Martin Willi
4aec0c5543
unit-tests: Add cleanup test cases for different thread exit situations
2013-11-06 10:31:03 +01:00
Martin Willi
e5b34086f1
unit-tests: Add a test for thread_cancellation_point()
2013-11-06 10:31:03 +01:00
Martin Willi
49e6848bd0
unit-tests: Add thread cancellability testing
2013-11-06 10:31:03 +01:00
Martin Willi
855747eab7
unit-tests: Add a simple thread_cancel() test
2013-11-06 10:31:02 +01:00
Martin Willi
c320c61160
unit-tests: Add thread_exit() tests to both join and detach test cases
2013-11-06 10:31:02 +01:00
Martin Willi
274e6beb00
unit-tests: Add a simple thread detach test
2013-11-06 10:31:02 +01:00
Martin Willi
5d4a882f45
unit-tests: Add a simple thread join() test
2013-11-06 10:31:02 +01:00
Martin Willi
b942528419
unit-tests: Add test suite for streams and services
2013-11-06 10:31:02 +01:00
Martin Willi
8eda87af86
unit-tests: Add a few test cases for watcher
2013-11-06 10:31:02 +01:00
Martin Willi
23b8f9bf86
unit-tests: Support testing multi-threaded code
2013-11-06 10:31:01 +01:00
Martin Willi
f23fd4c59b
unit-tests: Use a home-brew thread barrier to remove pthread dependency
2013-11-06 10:31:01 +01:00
Martin Willi
b74b8addf8
unit-tests: Show how many test vectors have failed on test failure
2013-11-06 10:31:01 +01:00
Martin Willi
b4d43a542f
unit-tests: Skip fmemopen() based printf() tests if not available
2013-11-06 10:31:01 +01:00
Martin Willi
45766923b8
unit-tests: Avoid name clash with clone() from <sched.h>
2013-11-06 10:31:01 +01:00
Martin Willi
1254ad01b9
unit-tests: Fix a compiler warning in identification tests
2013-11-06 10:31:01 +01:00
Martin Willi
382fa8b419
unit-tests: Clean up memory in new asn1 unit tests
...
Test runner checks for leaks when leak detective is enabled.
2013-11-06 10:31:00 +01:00
Martin Willi
712940d161
unit-tests: Pass linked_list->invoke* varargs as uintptr_t
...
Passing integers of unspecified length may result in passing an integer shorter
than uintptr_t. When reading them back, we might get more data than passed,
resulting in a failure.
2013-11-06 10:31:00 +01:00
Martin Willi
f7b8396af0
unit-tests: Initialize backtracing before printing any backtraces
2013-11-06 10:31:00 +01:00
Martin Willi
bbb62267e0
thread: Note that tread_cancellation_point temporarily activates cancelability
2013-11-06 10:31:00 +01:00
Martin Willi
7a13990964
backtrace: Support backtracing even if library is not initialized
...
But of course backtracing must be initialized anyway using backtrace_init().
2013-11-06 10:31:00 +01:00
Martin Willi
a5860cddae
unit-tests: Enable libstrongswan tests even if --enable-unit-tests not set
...
As we don't depend on the check framework anymore, we can enable the unit tests
by default. These are built/executed with "make check" only, so it makes no
sense to disable them.
2013-11-06 10:31:00 +01:00
Martin Willi
35e8eb93a0
unit-tests: Implement testing framework without "check"
2013-11-06 10:30:59 +01:00
Martin Willi
56866ecf3d
leak-detective: Call {gm,local}time_r() to allocate static buffer
...
On OS X Mavericks, these functions use a static allocation and are hard
to whitelist using other means.
2013-11-06 10:30:59 +01:00
Martin Willi
ef6d78d6ef
leak-detective: Register OS X specific hooks just once
...
If we initialize libstrongswan more than once in the same process, we may
not register the hooks twice.
2013-11-06 10:30:59 +01:00
Martin Willi
f192526c3f
leak-detective: Reset leak list during cleanup
...
This resets leak detective state should it get created/destroyed more than once.
2013-11-06 10:30:59 +01:00
Martin Willi
a426851f63
leak-detective: Use callback functions to report leaks and usage information
...
This is more flexible than printing reports to a FILE.
2013-11-06 10:30:59 +01:00
Martin Willi
9ae1140118
unit-tests: Move test suites to its own subfolder
2013-11-06 10:30:58 +01:00
Andreas Steffen
2da887da35
unit-tests: completed asn1_suite
2013-11-04 18:35:25 +01:00
Andreas Steffen
79b8a384b5
Updated test_runner.h with new suites
2013-11-03 21:34:42 +01:00
Andreas Steffen
7817d88e1a
unit-tests: 100% function coverage for asn1.c
2013-11-03 17:40:51 +01:00
Andreas Steffen
54bce665c4
unit-tests: 12 asn1 functions tested
2013-11-02 21:20:04 +01:00
Andreas Steffen
c3103700fc
Some minor refactoring in asn1.c
2013-11-02 21:17:46 +01:00
Andreas Steffen
1347c936bd
Do not free zero-length integer
2013-11-02 02:11:32 +01:00
Andreas Steffen
a40c4bc28c
unit-tests: Added tests for pen_type_t
2013-11-01 22:29:29 +01:00
Martin Willi
7f4a13fffb
identification: Properly check length before comparing for binary DN equality
...
Fixes CVE-2013-6075.
2013-10-31 21:57:07 +01:00
Martin Willi
ed3eb62723
unit-tests: Additionally do reverse match checking with empty identities
2013-10-31 21:57:07 +01:00
Martin Willi
e02b12e374
unit-tests: Test matching against some empty data identities
2013-10-31 21:57:07 +01:00
Martin Willi
df12b3a61f
unit-tests: Test for equality against some empty data identities
2013-10-31 21:57:07 +01:00
Martin Willi
c409be2506
unit-tests: Let identity equality test fail if a->equals(b) != b->equals(a)
2013-10-31 21:57:07 +01:00
Tobias Brunner
5ac29360fc
utils: Include stdio.h for fmemopen() replacement
...
This might now be required because Vstr is not necessarily required
anymore, which means stdio.h might not be pulled in by prinf_hook.h.
2013-10-29 16:18:35 +01:00
Tobias Brunner
60ddf6284f
Use exact mask when calling umask(2)
...
Due to the previous negation the high bits of the mask were set, which
at least some versions of the Android build system prevent with a compile-time
check.
2013-10-29 16:01:55 +01:00
Tobias Brunner
1dd58b0e21
Fixed some typos
2013-10-29 11:44:23 +01:00
Martin Willi
9df621d21f
utils: Fix check for fmemopen() fallback implementation
2013-10-24 15:58:49 +02:00
Martin Willi
8465514157
unit-tests: Set sa_len in sockaddr template data, if required
2013-10-24 15:37:21 +02:00
Martin Willi
e71c57467c
printf-hook-builtin: Don't rely on isinf() return value signedness
...
Many systems don't return a negative value for negative infinities; so do
a separate check.
2013-10-24 15:37:20 +02:00
Martin Willi
5ce3c9b15a
watcher: Rebuild fdset when select() fails
...
This should make sure we refresh the fdset if a user closes an FD it just
removed. Some selects() seem to complain about the bad FD before signaling the
notification pipe.
2013-10-24 15:37:20 +02:00
Martin Willi
1a20a22d09
rwlock: Disable thread cancelability while waiting in (fallback) rwlock
...
An rwlock wait is not a thread cancellation point. As a canceled thread
would not have released the mutex, the rwlock would have been left in unusable
state.
2013-10-24 14:53:53 +02:00
Martin Willi
181d071363
rwlock: Don't use buggy pthread_rwlock on OS X
...
Recursive read locks don't seem to work properly, at least on 10.9.
2013-10-24 14:53:47 +02:00
Martin Willi
2077d996a9
utils: Provide a fmemopen(3) fallback using BSD funopen()
2013-10-24 13:17:05 +02:00
Tobias Brunner
71c9565a3a
pki: Replace BUILD_FROM_FD with passing a chunk via BUILD_BLOB
...
This allows more than one builder to try parsing the data read from STDIN.
2013-10-23 17:20:39 +02:00
Tobias Brunner
46cded2627
chunk: Add helper function to create a chunk from data read from a file descriptor
2013-10-23 17:20:39 +02:00
Martin Willi
b08292a520
semaphore: Support cancellation in wait functions of semaphore fallback
...
Semaphore wait functions should be a thread cancellation point, but did
not properly release the mutex in the fallback implementation.
2013-10-23 16:08:40 +02:00
Martin Willi
47c76c1b05
rwlock: Re-acquire rwlock even if condvar wait times out
...
A caller expects that the associated rwlock is held, whether the condvar
gets signaled or the wait times out.
2013-10-23 11:52:26 +02:00
Tobias Brunner
000235f1c5
traffic-selector: Print ICMP[v6] message type and code in a more readable way
2013-10-17 16:57:39 +02:00
Tobias Brunner
4bebe45abb
traffic-selector: Store ICMP[v6] message type and code properly
...
We now store them as defined in RFC 4301, section 4.4.1.1.
2013-10-17 16:57:39 +02:00
Tobias Brunner
d6a1960d34
traffic-selector: Move class to its own Doxygen group
2013-10-17 16:57:38 +02:00
Tobias Brunner
606aae3aa1
openssl: Add workaround if ECC Brainpool curves are not defined
2013-10-17 13:36:08 +02:00
Tobias Brunner
3c29d2822f
openssl: Add support for ECC Brainpool curves for DH, if defined by OpenSSL
...
OpenSSL does not include them in releases before 1.0.2.
2013-10-17 13:36:08 +02:00
Andreas Steffen
cca372465d
ecc: Added ECC Brainpool ECDH groups as registered with IANA
2013-10-17 11:57:04 +02:00
Tobias Brunner
be97277bdb
unit-tests: Make test for bio_writer_t more portable
2013-10-17 11:44:03 +02:00
Tobias Brunner
812ae898bf
utils: Add utility function to calculate padding length
2013-10-17 10:25:34 +02:00
Tobias Brunner
dd438ee22c
Doxygen fixes
2013-10-15 11:25:55 +02:00
Andreas Steffen
6623dfa84d
Revert refactoring which broke CentOS build
2013-10-13 19:56:04 +02:00
Tobias Brunner
0f6f7ba22c
ccm: Add missing comma in get_iv_gen method signature
2013-10-11 17:42:25 +02:00
Tobias Brunner
bfeb8b5c47
iv-gen: Add missing header files to Makefile.am
2013-10-11 17:42:05 +02:00
Tobias Brunner
0c6f6c4e34
iv_gen: Mask sequential IVs with a random salt
...
This makes it harder to attack a HA setup, even if the sequence numbers were
not fully in sync.
2013-10-11 15:55:40 +02:00
Tobias Brunner
e8229ad558
iv_gen: Provide external sequence number (IKE, ESP)
...
This prevents duplicate sequential IVs in case of a HA failover.
2013-10-11 15:55:40 +02:00
Tobias Brunner
50bd28d549
iv_gen: aead_t implementations provide an IV generator
2013-10-11 15:55:40 +02:00
Tobias Brunner
b3e1eb2afe
iv_gen: Add IV generator that allocates IVs sequentially
2013-10-11 15:55:40 +02:00
Tobias Brunner
53d1f2dbfd
iv_gen: Add IV generator that allocates IVs randomly
...
Uses RNG_WEAK as the code currently does elsewhere to allocate IVs.
2013-10-11 15:55:40 +02:00
Tobias Brunner
403057aa5a
crypto: Add generic interface for IV generators
2013-10-11 15:55:40 +02:00
Tobias Brunner
b38f7f703b
apidoc: Move mac_prf to prf Doxygen group
2013-10-11 15:55:40 +02:00
Tobias Brunner
6ecf1aab35
unbound: Add support for DLV (DNSSEC Lookaside Validation)
...
Fixes #392 .
2013-10-11 15:45:25 +02:00
Tobias Brunner
434e530f75
ipsec_types: Add utility function to parse mark_t from strings
2013-10-11 15:32:44 +02:00
Tobias Brunner
b283a6e9ef
database: Add support for serializable transactions
2013-10-11 15:29:10 +02:00
Tobias Brunner
fad11d602d
sqlite: Implement transaction handling
2013-10-11 15:16:05 +02:00
Tobias Brunner
f3cb889c9b
mysql: Implement transaction handling
2013-10-11 15:16:04 +02:00
Tobias Brunner
947b76cda8
database: Add interface to handle transactions
2013-10-11 15:16:04 +02:00
Tobias Brunner
5f6a40827e
mysql: Ensure connections are properly released in multi-threaded environments
2013-10-11 15:16:04 +02:00
Tobias Brunner
ec91f15e3b
crypto-factory: Try next available RNG implementation if constructor fails
2013-10-11 15:13:25 +02:00
Tobias Brunner
2e22333fbc
crypto-factory: Order entries by algorithm identifier and (optionally) speed
2013-10-11 15:13:25 +02:00
Tobias Brunner
e2c9a03d15
Remove HASH_PREFERRED, usages are replaced with HASH_SHA1, which is required for IKEv2 anyway
2013-10-11 15:13:25 +02:00
Tobias Brunner
3473cbab9c
vstr: Forward actual field width
...
fmt_field_width is a flag that indicates if a field width
is defined in obj_field_width.
2013-10-11 15:12:16 +02:00
Martin Willi
fc566632da
unit-tests: support testing when leak-detective has not been enabled
2013-10-11 15:12:16 +02:00
Martin Willi
795cbb98c6
printf-hook-builtin: Print NaN/Infinity floating point values as such
2013-10-11 11:06:09 +02:00
Martin Willi
8af9bf70f5
printf-hook-builtin: Correctly round up floating point values
2013-10-11 11:06:09 +02:00
Martin Willi
edc7a3d02f
printf-hook-builtin: Add some preliminary floating point support
...
This minimalistic implementation has no aspiration for completeness or
accuracy, and just provides what we need.
2013-10-11 11:06:09 +02:00
Martin Willi
7e6a4cdc84
printf-hook-builtin: Support GNU %m specifier
2013-10-11 11:06:09 +02:00
Martin Willi
cabe5c0ff4
printf-hook-builtin: Add a new "builtin" backend using its own printf() routines
...
Overloads printf C library functions by a self-contained implementation,
based on klibc. Does not yet feature all the required default formatters,
including those for floating point values.
2013-10-11 11:06:02 +02:00
Martin Willi
ebca34d782
printf-hook: Add some basic printf() string/integer test functions
2013-10-11 11:05:37 +02:00
Martin Willi
243048248b
printf-hook: Move glibc/vstr printf hook backends to separate files
2013-10-11 11:05:30 +02:00
Tobias Brunner
c8f34ba7b6
openssl: Properly log FIPS mode when enabled via openssl.conf
...
Enabling FIPS mode twice will fail, so if it is enabled in openssl.conf
it should be disabled in strongswan.conf (or the other way around).
Either way, we should log whether FIPS mode is enabled or not.
References #412 .
2013-09-27 09:24:03 +02:00
Tobias Brunner
ed72f2d65e
printf-hook: Write to output stream instead of the FD directly when using Vstr
...
This avoids problems when other stdio functions are used (fputs,
fwrite) as writes via Vstr/FD were always unbuffered.
2013-09-24 08:44:00 +02:00
Tobias Brunner
075e80368b
sshkey: Add support for parsing keys from files
2013-09-13 15:23:49 +02:00
Tobias Brunner
b2a5317596
sshkey: Add encoding for ECDSA keys
2013-09-13 15:23:49 +02:00
Tobias Brunner
d6b3cc87ca
openssl: Add support for generic encoding of EC public keys
2013-09-13 15:23:49 +02:00
Tobias Brunner
f40e9f4d16
sshkey: Add encoder for RSA keys
2013-09-13 15:23:49 +02:00
Tobias Brunner
3b939e20a9
openssl: Add generic RSA public key encoding
2013-09-13 15:23:49 +02:00
Tobias Brunner
b5cc7053c8
openssl: Add helper function to convert BIGNUMs to chunks
2013-09-13 15:23:49 +02:00
Tobias Brunner
9af44ef5d9
Build all shared libraries with -no-undefined and link them properly
...
The flag is required to convince libtool on Cygwin to build DLLs. But on
Windows these shared libraries can not have undefined symbols, so we have to
link them explicitly to the libraries they reference.
For plugins this is currently not done, so only the monolithic build is
supported. The plugin loader wouldn't be able to load DLLs anyway, as
it tries to load files that don't exist on Cygwin.
2013-09-12 01:44:49 +02:00
Tobias Brunner
bf32cdfbf6
tun_device: Add warning if TUN devices are not supported by platform
2013-09-12 01:44:49 +02:00
Andreas Steffen
7bda0f0c8b
Added tzset memory leak to whitelist
2013-08-28 22:51:17 +02:00
Tobias Brunner
f0c54e8c15
chunk: Print chunks without separator if + modifier is used
2013-08-24 16:22:51 +02:00
Tobias Brunner
32a145fdbd
utils: Add case-insensitive version of strpfx()
2013-08-24 16:22:51 +02:00
Martin Willi
a24515c515
backtrace: rename clone() method clashing with system call
...
Fixes #376 .
2013-08-09 09:13:39 +02:00
Tobias Brunner
ed0efaef4c
host: Properly initialize struct sockaddr_in[6] when parsing strings
...
Otherwise struct members like sin6_flowinfo or sin6_scope_id might be
set to bogus values.
2013-07-31 22:16:58 +02:00
Tobias Brunner
b3393c88c1
asn1: Fix handling of invalid ASN.1 length in is_asn1()
...
Fixes CVE-2013-5018.
2013-07-31 22:16:58 +02:00
Martin Willi
83a0b74da8
keychain: be less verbose when loading certificates
2013-07-31 11:41:16 +02:00
Martin Willi
84044f9c73
utils: add round_up/down() helper functions
2013-07-29 09:00:48 +02:00
Tobias Brunner
1f2d9c7688
watcher: Made notify array initialization compatible with older GCC versions
2013-07-25 16:57:42 +02:00