Commit Graph

9774 Commits

Author SHA1 Message Date
Tobias Brunner 48ac56e2aa unit-tests: Generate weak keys with gcrypt plugin (but quickly) 2014-03-20 15:29:27 +01:00
Tobias Brunner fc4f8fc30e tnc-pdp: Fix monolithic build 2014-03-20 15:29:27 +01:00
Tobias Brunner 27b3358fed plugin-feature: Hash only the actually used feature argument
Clang does not initialize padding in union members so hashing the
complete "arg" union could lead to different hashes if the hashed
plugin_feature_t does not have static storage duration.

Fixes #549.
2014-03-20 13:42:57 +01:00
Andreas Steffen 0b408faef1 Added TPMRA workitem support for [dummy] Trusted Boot measurements 2014-03-19 20:26:31 +01:00
Martin Willi 0a8c399a21 pki: When dispatching commands, don't look beyond non-null-terminated array 2014-03-19 09:37:46 +01:00
Martin Willi 87e53819a6 pki: Check length of commands array before accessing command in --help
As --help is counted as command as well, the array is not null-terminated
and we have to check for MAX_COMMANDS.

Fixes #550.
2014-03-19 09:25:29 +01:00
Tobias Brunner c489c5881a charon-nm: No additional secrets are required once a password has been entered
Recent versions of NM will call need_secrets() as long as it returns TRUE,
but then fail as the number of calls is limited by an assert.

Fixes #547.
2014-03-18 14:53:40 +01:00
Tobias Brunner 11f31ceb6a array: Fix removal of elements in the second half of an array
Memory beyond the end of the array was moved when array elements in the
second half of an array were removed.

Fixes #548.
2014-03-18 14:46:16 +01:00
Tobias Brunner 0ab7d5f1f9 plugin-loader: Properly initialize modular plugin list if no plugins are enabled 2014-03-18 10:56:39 +01:00
Andreas Steffen 337f0c8a2f Implemented ntru_private_key class 2014-03-18 10:03:16 +01:00
Andreas Steffen 3933798cb1 11 bits are needed to encode a maximum index of 1086 2014-03-15 19:22:16 +01:00
Tobias Brunner 67dc5d393c tnc-ifmap: Get a reference to the client cert as it is also used in an auth config 2014-03-10 14:31:42 +01:00
Andreas Steffen 342bc6e545 Disable mandatory ECP support for attestion 2014-03-07 21:56:34 +01:00
Andreas Steffen ac17ca1ad7 Refactored NTRU parameter set selection 2014-03-07 21:56:34 +01:00
Andreas Steffen 7befce8c3f Refactored ntru_param_sets 2014-03-07 21:56:33 +01:00
Tobias Brunner 0d30d73eb9 thread: Properly clean up meta data of main thread 2014-03-07 18:28:38 +01:00
Tobias Brunner d517a9893e settings: Log all errors on level 1
Closes #539.
2014-03-04 13:30:09 +01:00
Thomas Egerer 7acdebf6c0 settings: Avoid conf file parsing beyond allocated buffer
A valgrind analysis of libstrongswan revealed an invalid read of 1 in
the function starts_with(). A more thorough analysis proved this to be
true and showed that with a specially crafted config file (e.g. a single
'#'-character not followed by a newline), the parser might even
interpret the random memory contents following the allocated buffer as
part of the configuration file.
The way the parser is designed, it must be able to skip an inserted
'\0' and continue parsing. Since it is not able to skip two '\0'
characters, the 'fix' of allocating two more bytes than the size of the
parsed file and setting them to '\0' seems to be a safe bet.

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
2014-03-03 17:27:58 +01:00
Andreas Steffen d6ce8da6c0 Optimize ntru_poly constructors some more 2014-02-27 23:06:51 +01:00
Andreas Steffen 2bb793f131 Optimized initialisation of indices 2014-02-27 22:39:47 +01:00
Andreas Steffen 222b88a302 Added get_array() method to ntru_poly_t class 2014-02-27 22:08:22 +01:00
Andreas Steffen d12a4a67bf Defined ntru_poly_create_from_seed() and ntru_poly_create_from_data() constructors and built some unit tests for the latter) 2014-02-27 20:36:17 +01:00
Andreas Steffen f87f28ec68 Optimized use of temporary arrays in polynomial multiplication 2014-02-27 15:22:59 +01:00
Andreas Steffen bf24960cbe Implement ring multiplication method 2014-02-27 15:22:58 +01:00
Tobias Brunner 2ed241aeb3 utils: Add memrchr(3) replacement for platforms that don't support it
For instance, on Mac OS X memrchr(3) is not provided by the C library.
2014-02-26 11:05:07 +01:00
Tobias Brunner 6b895d7b25 libpts: Use path_base|dirname() 2014-02-24 12:04:11 +01:00
Tobias Brunner 9222d58634 conftest: Use path_dirname() 2014-02-24 12:04:11 +01:00
Tobias Brunner 849e401b37 stroke: Use thread-safe dirname(3) 2014-02-24 12:04:11 +01:00
Tobias Brunner 18019a3b89 settings: Use thread-safe dirname(3) 2014-02-24 12:04:11 +01:00
Tobias Brunner 766141bc77 utils: Add thread-safe variants of dirname(3) and basename(3) 2014-02-24 12:04:11 +01:00
Tobias Brunner ba10cd3c7f utils: Move thread-safe strerror replacement to a separate file
For some utils _GNU_SOURCE might be needed but that conflicts with the
signature of strerror_r(3).
2014-02-24 12:04:10 +01:00
Tobias Brunner aa693d763a stroke: Use dirname(3) correctly 2014-02-24 12:04:10 +01:00
Tobias Brunner caf1770905 settings: Use dirname(3) correctly
dirname(3) may return a pointer to a statically allocated buffer.
So freeing the returned value can result to undefined behavior. This was
noticed on FreeBSD where it caused very strange crashes.

It is also not thread-safe, which will be addressed later.
2014-02-24 12:03:49 +01:00
Andreas Steffen a21d4096e5 Use logical AND function 2014-02-23 16:44:32 +01:00
Martin Willi 1c667bce3f pki: Make cmds array static, ensuring that it is zero-initialized
As pki --help relies on a zero-terminated array, make the actually non-public
cmds array static to ensure initialization.
2014-02-20 11:45:51 +01:00
Andreas Steffen e80014f1e8 index limit can be easily computed 2014-02-19 20:18:53 +01:00
Tobias Brunner ab13364c65 uclibc only defines strndup(3) if _GNU_SOURCE is defined
References #516.
2014-02-19 16:11:47 +01:00
Tobias Brunner 09417da49c sshkey: uclibc only defines fmemopen(3) if _GNU_SOURCE is defined
Fixes #516.
2014-02-19 15:55:20 +01:00
Tobias Brunner 435aed8287 pki: Fix minor resource leak on failure to read the private key in --req 2014-02-18 16:46:25 +01:00
Tobias Brunner 5a04056295 stroke: Use proper modifiers to print size_t arguments 2014-02-18 16:46:25 +01:00
Andreas Steffen 6dd05e0d58 Created ntru_poly class for sparse trinary polynomials 2014-02-18 16:17:38 +01:00
Tobias Brunner 65ee857a88 android: Don't limit number to packets during EAP-TTLS 2014-02-18 11:32:37 +01:00
Tobias Brunner 7867ae42ab lookip: Properly return from disconnect callback job
References #518.
2014-02-18 11:21:51 +01:00
Tobias Brunner 4ab38d98a7 Fixed some typos 2014-02-18 10:36:25 +01:00
Tobias Brunner 86865da388 plugin-loader: Escape <ns> in comment as Doxygen sees this as XML tag 2014-02-18 10:18:54 +01:00
Tobias Brunner 1281c297d9 unit-tests: Ignore tests not test_runner 2014-02-18 10:09:30 +01:00
Martin Willi 961409b668 lookip: Disconnect asynchronously to avoid dead-locking watcher unregistration
While it really would be desirable to allow stream destruction during on_read()
callbacks, this does not work anymore since e49b2998. Until we have a proper
solution for this issue, use asynchronous disconnects for the only user doing
so.

Fixes #518.
2014-02-17 09:48:55 +01:00
Andreas Steffen 1f9e4d029e Fixed a minor vulnerability in which a malformed ASN.1 length field could cause a crash of the charon daemon if the verbose debug level 3 (raw hex dump) for the asn subsystem is enabled. 2014-02-14 15:06:57 +01:00
Andreas Steffen f03441c4dd pacman.sh creates /etc/pts/dists directory if it doesn't exist yet 2014-02-13 13:21:47 +01:00
Tobias Brunner 6477e64a8d printf-hook-glibc: printf.h on FreeBSD 10 does not include stdargs.h 2014-02-13 10:46:52 +01:00