9d4fc8677f
Add implementation of the RC2 block cipher (RFC 2268)
2013-05-08 15:02:34 +02:00
c734c2d875
Extract function to convert ASN.1 INTEGER object to u_int64_t
2013-05-08 14:53:08 +02:00
4076e3ee91
Extract PKCS#5 handling from pkcs8 plugin to separate helper class
2013-05-08 14:53:08 +02:00
e07e489d5f
agent: Use sshkey plugin to parse keys, adds support for ECDSA
2013-05-07 17:08:31 +02:00
dd9e366814
sshkey: Add support for ECDSA keys
2013-05-07 17:08:31 +02:00
cc4408abcb
sshkey: Added builder for SSHKEY RSA keys
2013-05-07 15:38:28 +02:00
584d656b77
Add sshkey plugin stub that will parse RFC 4253 public keys
2013-05-07 14:08:51 +02:00
2af65b26d9
tun_device: add a getter for the address previously passed to set_address()
2013-05-06 16:10:11 +02:00
60babe0236
tun_device: add a getter for the underlying file descriptor
2013-05-06 16:10:11 +02:00
d947d0d61a
tun-device: use host_create_netmask() to calculate interface netmask
2013-05-06 16:10:11 +02:00
2d8a01d1c6
host: add a netmask constructor taking the number of network bits
2013-05-06 16:10:11 +02:00
4dc83e9fac
host: remove unused host_t.get_differences() method
2013-05-06 16:10:11 +02:00
7749eb0d2a
host: print %#H format specifiers not as %any, but with the port
2013-05-06 16:10:11 +02:00
344a4e54be
host: initialize sockaddr->sa_len if it is available
2013-05-06 16:10:11 +02:00
b0ccd14f2a
semaphore: similar to thread_create(), semaphore_create() is used by Mach
...
The compiler spits no warning, but the wrong symbol is used when calling
semaphore_create() from strongSwan. Override the name with a #define to force
the use of our semaphore_create().
2013-05-06 16:06:48 +02:00
69333acee0
settings: Add a set_default_str() to set a different default for a key
...
The value is set only if it is not configured in strongswan.conf or has
not been set() otherwise.
2013-05-06 15:28:27 +02:00
29324299fe
backtrace: use atos instead of addr2line on OS X to resolve source lines
2013-05-06 15:15:24 +02:00
83714577a9
backtrace: add an alternative stack unwinding implementation using libunwind
2013-05-06 15:15:24 +02:00
d8f6f0c01c
leak-detective: add support for OS X by hooking default malloc zone
2013-05-06 15:15:24 +02:00
50fbd32472
leak-detective: remove unused malloc call counters
2013-05-06 15:15:24 +02:00
3117824f55
leak-detective: align allocations on both 32 and 64-bit systems to 32 bytes
2013-05-06 15:15:24 +02:00
7e3f6299d5
leak-detective: call tzset() explicitly before enabling leak detective
...
tzset() is hard to whitelist on some systems, as there is no symbol involved.
Call tzset() explicitly before initialization to avoid false positives.
2013-05-06 15:15:24 +02:00
17211b6b9a
leak-detective: override malloc functions instead of using deprecated hooks
...
malloc hooks have become deprecated, and their use has always been problematic,
especially in multi-threaded applications. Replace the functionality by
overriding all malloc functions and query the system allocator functions
using dlsym() with RTLD_NEXT.
2013-05-06 15:15:24 +02:00
f932677f0c
Use the GEN silent rule when generating oid database with perl
2013-05-06 15:04:56 +02:00
9f1dfd88c8
Use the GEN silent rule when generating gperf files
2013-05-06 15:04:56 +02:00
2d7b55bf9b
openssl: Define a default for FIPS_MODE
2013-05-03 15:11:19 +02:00
9312fbc73d
In memwipe_check(), don't put magic on stack when calling do_magic()
...
Otherwise the magic might be on the stack while checking it.
2013-05-03 14:17:37 +02:00
1657b4ef26
Dump stack if memwipe() check fails
2013-05-03 11:41:51 +02:00
e6ba688a35
During libstrongswan initialization, check if memwipe() works as expected
2013-04-18 13:05:37 +02:00
f4de6496a2
support of OpenSSL FIPS-140-2 library
2013-04-16 12:37:04 +02:00
cf1696cab9
Allow SHA1_Init()/SHA1_Update() to fail if OpenSSL version >= 1.0
2013-04-10 18:10:30 +02:00
b52771fbb2
Check RSA_public_decrypt() length before constructing and comparing a chunk
...
If decryption fails, it returns -1. chunk_equals() should catch that error,
but be more explicit in error checking.
2013-04-10 18:10:30 +02:00
97d975b7bb
RSA_check_key() may return -1 if it fails
2013-04-10 18:10:30 +02:00
96a09ce226
RAND_bytes/RAND_pseudo_bytes returns -1 if it is not supported by RAND method
2013-04-10 18:10:30 +02:00
0faaab20cd
Check return value of ECDSA_Verify() correctly
2013-04-10 18:10:30 +02:00
53ac177cde
Properly handle situation if no resolver plugins are loaded
2013-04-01 13:44:04 +02:00
419a9a4fcd
Make some private functions in plugins static
...
Fixes monolithic build.
2013-03-27 07:32:55 +01:00
d307be7f6c
Add a method to replace all secrets in a mem_cred_t object
2013-03-20 15:27:34 +01:00
5e551da16b
Properly cleanup libmysql
...
Seems to work correctly with recent MySQL versions.
2013-03-19 16:33:07 +01:00
b4d172aa8e
Add Altiga Private Enterprise Numbers that Cisco uses in VPN 3000
2013-03-12 20:31:10 +01:00
2b1e2434e4
esc() is only used if dladdr(3) is available
2013-03-08 16:45:09 +01:00
486f4b5838
added some otherNames OIDs
2013-03-06 11:50:32 +01:00
b668f1417d
Don't invoke addr2line if dladdr() did not yield a filename
2013-03-04 15:50:21 +01:00
fe03f51302
backtrace_t.log() takes a NULL file pointer to log to registered dbg() hook
2013-03-04 15:45:03 +01:00
8b24863b1f
Don't use color escapes when printing backtraces to a non-TTY file
2013-03-04 15:07:03 +01:00
4d17427205
Add a utility function to resolve TTY color escape codes dynamically
2013-03-04 15:04:56 +01:00
c88104aa25
make TNC Access Requestor ID available to IMVs
2013-03-03 17:18:09 +01:00
c9418d4fd3
added getpwuid_r and initgroups to whitelist
2013-03-03 09:04:49 +01:00
11adf114c1
Fixed Doxygen comments after scanning complete src directory
2013-03-02 18:31:53 +01:00
4c969f7906
openssl: The EVP GCM interface requires at least OpenSSL 1.0.1
2013-03-01 16:57:45 +01:00
Tobias Brunner