Tobias Brunner
67dc5d393c
tnc-ifmap: Get a reference to the client cert as it is also used in an auth config
2014-03-10 14:31:42 +01:00
Andreas Steffen
9483f8ec59
Version bump to 5.1.3dr1
2014-03-07 21:56:34 +01:00
Andreas Steffen
342bc6e545
Disable mandatory ECP support for attestion
2014-03-07 21:56:34 +01:00
Andreas Steffen
ac17ca1ad7
Refactored NTRU parameter set selection
2014-03-07 21:56:34 +01:00
Andreas Steffen
7befce8c3f
Refactored ntru_param_sets
2014-03-07 21:56:33 +01:00
Tobias Brunner
0d30d73eb9
thread: Properly clean up meta data of main thread
2014-03-07 18:28:38 +01:00
Tobias Brunner
d517a9893e
settings: Log all errors on level 1
...
Closes #539 .
2014-03-04 13:30:09 +01:00
Thomas Egerer
7acdebf6c0
settings: Avoid conf file parsing beyond allocated buffer
...
A valgrind analysis of libstrongswan revealed an invalid read of 1 in
the function starts_with(). A more thorough analysis proved this to be
true and showed that with a specially crafted config file (e.g. a single
'#'-character not followed by a newline), the parser might even
interpret the random memory contents following the allocated buffer as
part of the configuration file.
The way the parser is designed, it must be able to skip an inserted
'\0' and continue parsing. Since it is not able to skip two '\0'
characters, the 'fix' of allocating two more bytes than the size of the
parsed file and setting them to '\0' seems to be a safe bet.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
2014-03-03 17:27:58 +01:00
Tobias Brunner
af15c71bfb
configure: Fix autoreconf with older autotools
...
Older autoconf versions (e.g. on CentOS 6.5) produce an empty else block
for the removed empty argument, which the shell then trips over when
executing ./configure.
Fixes #536 .
2014-03-03 17:14:26 +01:00
Andreas Steffen
d6ce8da6c0
Optimize ntru_poly constructors some more
2014-02-27 23:06:51 +01:00
Andreas Steffen
1d252e9dec
Version bump to 5.1.2
2014-02-27 22:46:52 +01:00
Andreas Steffen
2bb793f131
Optimized initialisation of indices
2014-02-27 22:39:47 +01:00
Andreas Steffen
222b88a302
Added get_array() method to ntru_poly_t class
2014-02-27 22:08:22 +01:00
Andreas Steffen
d12a4a67bf
Defined ntru_poly_create_from_seed() and ntru_poly_create_from_data() constructors and built some unit tests for the latter)
2014-02-27 20:36:17 +01:00
Andreas Steffen
f87f28ec68
Optimized use of temporary arrays in polynomial multiplication
2014-02-27 15:22:59 +01:00
Andreas Steffen
bf24960cbe
Implement ring multiplication method
2014-02-27 15:22:58 +01:00
Tobias Brunner
bd1c9f1eac
conf: Fix out-of-tree build from distribution
...
It worked from the repository, where strongswan.conf.5.main is generated
in the build dir, but not from the distribution where it is located in
the source dir, so explicitly create it in the source dir.
2014-02-27 12:02:13 +01:00
Tobias Brunner
2ed241aeb3
utils: Add memrchr(3) replacement for platforms that don't support it
...
For instance, on Mac OS X memrchr(3) is not provided by the C library.
2014-02-26 11:05:07 +01:00
Tobias Brunner
625fc60154
Merge branch 'dirname'
...
Fixes the incorrect usage of dirname(3) in settings_t and stroke_cred_t,
and adds thread-safe variants of dirname(3) and basename(3).
2014-02-24 12:04:24 +01:00
Tobias Brunner
6b895d7b25
libpts: Use path_base|dirname()
2014-02-24 12:04:11 +01:00
Tobias Brunner
9222d58634
conftest: Use path_dirname()
2014-02-24 12:04:11 +01:00
Tobias Brunner
849e401b37
stroke: Use thread-safe dirname(3)
2014-02-24 12:04:11 +01:00
Tobias Brunner
18019a3b89
settings: Use thread-safe dirname(3)
2014-02-24 12:04:11 +01:00
Tobias Brunner
766141bc77
utils: Add thread-safe variants of dirname(3) and basename(3)
2014-02-24 12:04:11 +01:00
Tobias Brunner
ba10cd3c7f
utils: Move thread-safe strerror replacement to a separate file
...
For some utils _GNU_SOURCE might be needed but that conflicts with the
signature of strerror_r(3).
2014-02-24 12:04:10 +01:00
Tobias Brunner
aa693d763a
stroke: Use dirname(3) correctly
2014-02-24 12:04:10 +01:00
Tobias Brunner
caf1770905
settings: Use dirname(3) correctly
...
dirname(3) may return a pointer to a statically allocated buffer.
So freeing the returned value can result to undefined behavior. This was
noticed on FreeBSD where it caused very strange crashes.
It is also not thread-safe, which will be addressed later.
2014-02-24 12:03:49 +01:00
Andreas Steffen
a21d4096e5
Use logical AND function
2014-02-23 16:44:32 +01:00
Martin Willi
1c667bce3f
pki: Make cmds array static, ensuring that it is zero-initialized
...
As pki --help relies on a zero-terminated array, make the actually non-public
cmds array static to ensure initialization.
2014-02-20 11:45:51 +01:00
Andreas Steffen
e80014f1e8
index limit can be easily computed
2014-02-19 20:18:53 +01:00
Tobias Brunner
ab13364c65
uclibc only defines strndup(3) if _GNU_SOURCE is defined
...
References #516 .
2014-02-19 16:11:47 +01:00
Tobias Brunner
09417da49c
sshkey: uclibc only defines fmemopen(3) if _GNU_SOURCE is defined
...
Fixes #516 .
2014-02-19 15:55:20 +01:00
Tobias Brunner
6122bfd2eb
coverage: Apparently not all shells can expand {src,scripts}
...
One example is ash.
2014-02-19 15:53:59 +01:00
Tobias Brunner
435aed8287
pki: Fix minor resource leak on failure to read the private key in --req
2014-02-18 16:46:25 +01:00
Tobias Brunner
5a04056295
stroke: Use proper modifiers to print size_t arguments
2014-02-18 16:46:25 +01:00
Andreas Steffen
6dd05e0d58
Created ntru_poly class for sparse trinary polynomials
2014-02-18 16:17:38 +01:00
Tobias Brunner
65ee857a88
android: Don't limit number to packets during EAP-TTLS
2014-02-18 11:32:37 +01:00
Tobias Brunner
7867ae42ab
lookip: Properly return from disconnect callback job
...
References #518 .
2014-02-18 11:21:51 +01:00
Tobias Brunner
21cfbce0c2
Doxygen: Sort group names alphabetically
2014-02-18 10:45:51 +01:00
Tobias Brunner
4ab38d98a7
Fixed some typos
2014-02-18 10:36:25 +01:00
Tobias Brunner
86865da388
plugin-loader: Escape <ns> in comment as Doxygen sees this as XML tag
2014-02-18 10:18:54 +01:00
Tobias Brunner
1281c297d9
unit-tests: Ignore tests not test_runner
2014-02-18 10:09:30 +01:00
Tobias Brunner
e1af4d88a6
conf: Ignore generated strongswan.conf.5.main
2014-02-18 10:08:54 +01:00
Andreas Steffen
a334ac80ae
Added ikev2/lookip scenario
2014-02-17 12:04:21 +01:00
Andreas Steffen
8f57961f4c
Version bump to 5.1.2rc2
2014-02-17 12:02:23 +01:00
Martin Willi
961409b668
lookip: Disconnect asynchronously to avoid dead-locking watcher unregistration
...
While it really would be desirable to allow stream destruction during on_read()
callbacks, this does not work anymore since e49b2998
. Until we have a proper
solution for this issue, use asynchronous disconnects for the only user doing
so.
Fixes #518 .
2014-02-17 09:48:55 +01:00
Andreas Steffen
1f9e4d029e
Fixed a minor vulnerability in which a malformed ASN.1 length field could cause a crash of the charon daemon if the verbose debug level 3 (raw hex dump) for the asn subsystem is enabled.
2014-02-14 15:06:57 +01:00
Tobias Brunner
5645ad2976
conf: Fix installation on FreeBSD
...
Apparently, the -t option for install is not portable.
2014-02-13 13:53:25 +01:00
Andreas Steffen
f03441c4dd
pacman.sh creates /etc/pts/dists directory if it doesn't exist yet
2014-02-13 13:21:47 +01:00
Tobias Brunner
c2d5add6ce
NEWS: Add strongswan.conf changes and IPComp fixes
2014-02-13 11:47:13 +01:00