Tobias Brunner
a2eb581781
capabilities: Move global capabilities_t instance to libstrongswan
2013-06-25 17:16:32 +02:00
Martin Willi
bc1c92c9e9
Strictly memwipe_check() for magic only in the affected buffer
...
Passing back the buffer address we memwipe() is not ideal, as it could, in
theory, change the behavior of the compiler and not-optimize memwipe(). But
as checking a larger stack is very difficult for different architectures
and compilers, we do it nonetheless for now.
2013-06-05 15:02:18 +02:00
Martin Willi
9312fbc73d
In memwipe_check(), don't put magic on stack when calling do_magic()
...
Otherwise the magic might be on the stack while checking it.
2013-05-03 14:17:37 +02:00
Martin Willi
1657b4ef26
Dump stack if memwipe() check fails
2013-05-03 11:41:51 +02:00
Martin Willi
e6ba688a35
During libstrongswan initialization, check if memwipe() works as expected
2013-04-18 13:05:37 +02:00
Reto Guadagnini
b1505b345b
Added manager for DNS resolvers
2013-02-19 11:57:21 +01:00
Martin Willi
1e5e1fb685
libstrongswan can be initialized more than once
2012-11-14 10:14:31 +01:00
Tobias Brunner
f05b427265
Moved debug.[ch] to utils folder
2012-10-24 16:00:51 +02:00
Tobias Brunner
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
Tobias Brunner
2e7cc07ecd
Moved host_t and host_resolver_t to a new networking subfolder
2012-10-24 15:06:18 +02:00
Tobias Brunner
b4f6c39e55
Terminate unused resolver threads after a timeout
2012-10-18 12:26:00 +02:00
Tobias Brunner
292d8f41c3
Resolve hosts by DNS name in separate threads so we can cancel them
...
getaddrinfo(3) may block a long time so proper termination of the daemon may
block if DNS servers are not reachable.
getaddrinfo(3) is an optional cancellation point in posix threads so it
might still block a shutdown but at least on Android (with the signal based
pthread_cancel implementation) it works, on Linux starter will kill charon
anyway after a while.
2012-10-18 10:57:55 +02:00
Tobias Brunner
4c57c63062
Added possibility to register custom proposal keywords
...
Keyword lookup and registration are handled via the new lib->proposal object.
2012-09-13 15:44:46 +02:00
Martin Willi
4c6c934635
With --enable-bfd-backtraces, use binutils libbfd to resolve backtraces
...
The invocation of addr2line to resolve backtrace source locations
is slow and cumbersome. When using libbfd directly, we can eliminate
the overhead of the process invocation. Even better, we can cache
library symbol names, bringing wicked fast lookups. As a neat bonus,
we can resolve static function names.
2012-07-13 13:23:29 +02:00
Tobias Brunner
a5951a2861
Make sure the certificate cache is flushed when plugins are unloaded.
...
This avoids segmentation faults when plugins implementing cert_t are
already unloaded when the cache is flushed during destruction.
2011-12-15 12:20:09 +01:00
Tobias Brunner
8fde0b669b
Destroy objects hashtable after plugin_manager.
...
If plugins are not explicitly unloaded before library_deinit is called
there could have been a segfault because some plugins might unregister
objects during unloading/destruction.
2011-10-26 17:39:12 +02:00
Martin Willi
2ce569cc35
Provide generic object registration by name on libstrongswan
2011-08-08 13:19:02 +02:00
Tobias Brunner
60d62b9e5c
Don't install the libraries directly in lib/.
...
Instead use a subdirectory (prefix/lib/ipsec by default). Also moved the
plugins from libexec to a subdirectory of that dir.
2011-07-05 14:42:14 +02:00
Martin Willi
f37e8252a3
Make leak detective public
2011-05-16 15:22:21 +02:00
Tobias Brunner
e18556e9e9
Moved scheduler and thread pool to libstrongswan.
2010-09-02 19:04:18 +02:00
Martin Willi
da9724e6d0
Renamed key_encod{ing,der}_t and constants, prepare for generic credential encoding
2010-07-13 11:29:35 +02:00
Martin Willi
2ccc02a4fd
Moved credential manager to libstrongswan
2010-07-13 10:26:07 +02:00
Martin Willi
5493ffde0b
traffic_selector_t is gone into libstrongswan, migrate printf hook registration, too.
2010-06-07 15:06:09 +02:00
Martin Willi
091d178060
Option to skip slow addr2line resolution in leak-detective
2010-05-20 17:37:18 +02:00
Tobias Brunner
8b0e09103b
Adding DBG_LIB to all calls of libstrongswan's version of DBG*.
2010-04-06 12:47:40 +02:00
Tobias Brunner
567d3f1463
Attributes moved from libstrongswan to libhydra.
...
The attribute_manager_t instance is now located on the new hydra object
instead of the lib object.
2010-03-24 18:53:10 +01:00
Tobias Brunner
fac3bfa5cd
Fixing some includes by replacing <> with "".
...
I changed only the includes needed to fix the build on Android, which has an utils.h system header file, but we should probably change all the local includes in libstrongswan to "" and relative paths.
2010-03-02 10:38:58 +01:00
Tobias Brunner
4a5a5dd290
Using the thread wrapper in charon, libstrongswan and their plugins.
2009-12-23 17:03:41 +01:00
Andreas Steffen
930443afff
moved attribute_manager to libstrongswan
2009-10-13 13:46:27 +02:00
Martin Willi
7daf5226b7
removed trailing spaces ([[:space:]]+$)
2009-09-04 13:46:09 +02:00
Martin Willi
d9b24887a4
added a facility to hand out fingerprinting/key encoding to the pkcs1/pgp/... plugins
2009-08-26 11:23:51 +02:00
Martin Willi
acd4afc997
announce integrity testing only once
2009-07-21 14:58:14 +02:00
Martin Willi
cfe508d911
indicate use if integrity testing at startup
2009-06-22 15:47:18 +02:00
Martin Willi
bef508755b
build integrity_checker.c only if --enable-integrity-test set
2009-06-22 15:47:17 +02:00
Martin Willi
6a8c8815fe
check on-disk and loaded segment integrity of libstrongswan
2009-06-22 15:47:17 +02:00
Martin Willi
a0fc89798a
library initialization fails if libstrongswan checksum is invalid
2009-06-22 15:47:17 +02:00
Martin Willi
0179d4684a
integrity checker accepts an option checksum library on construction
2009-06-22 15:47:17 +02:00
Martin Willi
059c479a2f
check integrity of libstrongswan
2009-06-22 15:47:17 +02:00
Martin Willi
960e0c1040
check integrity of plugins before loading
2009-06-22 15:47:17 +02:00
Martin Willi
28a0728b67
make use of the crypto_tester in the crypto_factory
...
libstrongswan.crypto.test.on_add to test algorithms during initialization
libstrongswan.crypto.test.on_create to test algorithms on each instantiation
2009-06-11 15:55:48 +02:00
Tobias Brunner
8c5d72cd0b
removing svn keyword $Id$ from all files
2009-04-30 13:19:35 +00:00
Tobias Brunner
d24a74c5b4
merging changes from portability branch back to trunk
...
important change for developers: %Y replaces %D to print identities!
2009-04-30 11:37:54 +00:00
Tobias Brunner
d25ce3701e
printf hooks refactored to increase portability (i.e. support for platforms without glibc-compatible customizable printf - the Vstr string library is currently required on such platforms).
2009-03-12 18:07:32 +00:00
Martin Willi
e609b1cda2
capability API to allow plugin-controlled capability set
2008-08-28 16:27:48 +00:00
Martin Willi
a9184df36b
do not build leak_detective.o if not enabled
2008-04-04 11:38:16 +00:00
Martin Willi
552cc11b1f
merged the modularization branch (credentials) back to trunk
2008-03-13 14:14:44 +00:00
Martin Willi
ee61471113
implemented RFC4478 (repeated authentication)
...
changed %V printf handler to take a time delta, %#V now takes two arguments
2007-11-20 12:06:40 +00:00
Andreas Steffen
203e15fe03
fixed delta time format: 2 seconds, 1 second, 0 seconds
2007-03-28 05:37:20 +00:00
Martin Willi
f27f6296e6
merged EAP framework from branch into trunk
...
includes a lot of other modifications
2007-02-12 15:56:47 +00:00
Martin Willi
7006a51efc
removed my time_t printf handler patch, applied the one of andreas (64bit save)
2007-02-08 15:22:21 +00:00