Tobias Brunner
9d4fc8677f
Add implementation of the RC2 block cipher (RFC 2268)
2013-05-08 15:02:34 +02:00
Tobias Brunner
c734c2d875
Extract function to convert ASN.1 INTEGER object to u_int64_t
2013-05-08 14:53:08 +02:00
Tobias Brunner
4076e3ee91
Extract PKCS#5 handling from pkcs8 plugin to separate helper class
2013-05-08 14:53:08 +02:00
Tobias Brunner
e07e489d5f
agent: Use sshkey plugin to parse keys, adds support for ECDSA
2013-05-07 17:08:31 +02:00
Tobias Brunner
dd9e366814
sshkey: Add support for ECDSA keys
2013-05-07 17:08:31 +02:00
Tobias Brunner
cc4408abcb
sshkey: Added builder for SSHKEY RSA keys
2013-05-07 15:38:28 +02:00
Tobias Brunner
584d656b77
Add sshkey plugin stub that will parse RFC 4253 public keys
2013-05-07 14:08:51 +02:00
Martin Willi
2af65b26d9
tun_device: add a getter for the address previously passed to set_address()
2013-05-06 16:10:11 +02:00
Martin Willi
60babe0236
tun_device: add a getter for the underlying file descriptor
2013-05-06 16:10:11 +02:00
Martin Willi
d947d0d61a
tun-device: use host_create_netmask() to calculate interface netmask
2013-05-06 16:10:11 +02:00
Martin Willi
2d8a01d1c6
host: add a netmask constructor taking the number of network bits
2013-05-06 16:10:11 +02:00
Martin Willi
4dc83e9fac
host: remove unused host_t.get_differences() method
2013-05-06 16:10:11 +02:00
Martin Willi
7749eb0d2a
host: print %#H format specifiers not as %any, but with the port
2013-05-06 16:10:11 +02:00
Martin Willi
344a4e54be
host: initialize sockaddr->sa_len if it is available
2013-05-06 16:10:11 +02:00
Martin Willi
b0ccd14f2a
semaphore: similar to thread_create(), semaphore_create() is used by Mach
...
The compiler spits no warning, but the wrong symbol is used when calling
semaphore_create() from strongSwan. Override the name with a #define to force
the use of our semaphore_create().
2013-05-06 16:06:48 +02:00
Martin Willi
69333acee0
settings: Add a set_default_str() to set a different default for a key
...
The value is set only if it is not configured in strongswan.conf or has
not been set() otherwise.
2013-05-06 15:28:27 +02:00
Martin Willi
29324299fe
backtrace: use atos instead of addr2line on OS X to resolve source lines
2013-05-06 15:15:24 +02:00
Martin Willi
83714577a9
backtrace: add an alternative stack unwinding implementation using libunwind
2013-05-06 15:15:24 +02:00
Martin Willi
d8f6f0c01c
leak-detective: add support for OS X by hooking default malloc zone
2013-05-06 15:15:24 +02:00
Martin Willi
50fbd32472
leak-detective: remove unused malloc call counters
2013-05-06 15:15:24 +02:00
Martin Willi
3117824f55
leak-detective: align allocations on both 32 and 64-bit systems to 32 bytes
2013-05-06 15:15:24 +02:00
Martin Willi
7e3f6299d5
leak-detective: call tzset() explicitly before enabling leak detective
...
tzset() is hard to whitelist on some systems, as there is no symbol involved.
Call tzset() explicitly before initialization to avoid false positives.
2013-05-06 15:15:24 +02:00
Martin Willi
17211b6b9a
leak-detective: override malloc functions instead of using deprecated hooks
...
malloc hooks have become deprecated, and their use has always been problematic,
especially in multi-threaded applications. Replace the functionality by
overriding all malloc functions and query the system allocator functions
using dlsym() with RTLD_NEXT.
2013-05-06 15:15:24 +02:00
Martin Willi
f932677f0c
Use the GEN silent rule when generating oid database with perl
2013-05-06 15:04:56 +02:00
Martin Willi
9f1dfd88c8
Use the GEN silent rule when generating gperf files
2013-05-06 15:04:56 +02:00
Tobias Brunner
2d7b55bf9b
openssl: Define a default for FIPS_MODE
2013-05-03 15:11:19 +02:00
Martin Willi
9312fbc73d
In memwipe_check(), don't put magic on stack when calling do_magic()
...
Otherwise the magic might be on the stack while checking it.
2013-05-03 14:17:37 +02:00
Martin Willi
1657b4ef26
Dump stack if memwipe() check fails
2013-05-03 11:41:51 +02:00
Martin Willi
e6ba688a35
During libstrongswan initialization, check if memwipe() works as expected
2013-04-18 13:05:37 +02:00
Andreas Steffen
f4de6496a2
support of OpenSSL FIPS-140-2 library
2013-04-16 12:37:04 +02:00
Martin Willi
cf1696cab9
Allow SHA1_Init()/SHA1_Update() to fail if OpenSSL version >= 1.0
2013-04-10 18:10:30 +02:00
Martin Willi
b52771fbb2
Check RSA_public_decrypt() length before constructing and comparing a chunk
...
If decryption fails, it returns -1. chunk_equals() should catch that error,
but be more explicit in error checking.
2013-04-10 18:10:30 +02:00
Martin Willi
97d975b7bb
RSA_check_key() may return -1 if it fails
2013-04-10 18:10:30 +02:00
Martin Willi
96a09ce226
RAND_bytes/RAND_pseudo_bytes returns -1 if it is not supported by RAND method
2013-04-10 18:10:30 +02:00
Martin Willi
0faaab20cd
Check return value of ECDSA_Verify() correctly
2013-04-10 18:10:30 +02:00
Tobias Brunner
53ac177cde
Properly handle situation if no resolver plugins are loaded
2013-04-01 13:44:04 +02:00
Tobias Brunner
419a9a4fcd
Make some private functions in plugins static
...
Fixes monolithic build.
2013-03-27 07:32:55 +01:00
Tobias Brunner
d307be7f6c
Add a method to replace all secrets in a mem_cred_t object
2013-03-20 15:27:34 +01:00
Tobias Brunner
5e551da16b
Properly cleanup libmysql
...
Seems to work correctly with recent MySQL versions.
2013-03-19 16:33:07 +01:00
Martin Willi
b4d172aa8e
Add Altiga Private Enterprise Numbers that Cisco uses in VPN 3000
2013-03-12 20:31:10 +01:00
Tobias Brunner
2b1e2434e4
esc() is only used if dladdr(3) is available
2013-03-08 16:45:09 +01:00
Andreas Steffen
486f4b5838
added some otherNames OIDs
2013-03-06 11:50:32 +01:00
Martin Willi
b668f1417d
Don't invoke addr2line if dladdr() did not yield a filename
2013-03-04 15:50:21 +01:00
Martin Willi
fe03f51302
backtrace_t.log() takes a NULL file pointer to log to registered dbg() hook
2013-03-04 15:45:03 +01:00
Martin Willi
8b24863b1f
Don't use color escapes when printing backtraces to a non-TTY file
2013-03-04 15:07:03 +01:00
Martin Willi
4d17427205
Add a utility function to resolve TTY color escape codes dynamically
2013-03-04 15:04:56 +01:00
Andreas Steffen
c88104aa25
make TNC Access Requestor ID available to IMVs
2013-03-03 17:18:09 +01:00
Andreas Steffen
c9418d4fd3
added getpwuid_r and initgroups to whitelist
2013-03-03 09:04:49 +01:00
Tobias Brunner
11adf114c1
Fixed Doxygen comments after scanning complete src directory
2013-03-02 18:31:53 +01:00
Tobias Brunner
4c969f7906
openssl: The EVP GCM interface requires at least OpenSSL 1.0.1
2013-03-01 16:57:45 +01:00