Martin Willi
a51c48eeaa
settings: Allow spaces in time settings before the optional unit
2014-07-07 16:58:05 +02:00
Martin Willi
0058e26cb0
settings: Be more strict in converting settings to specific data types
...
As the behavior was inconsistent for empty strings or strings with characters
appended to a number, testing the code failed on some platforms. The new rules
are more strict, returning the default if additional characters or an empty
string was found for a setting.
2014-07-07 16:57:38 +02:00
Martin Willi
920d466f05
utils: Undefine mem{cpy,move,set} if set before defining them
...
Some platforms, such as OS X, use macros for these functions. Undefine them
to avoid compiler warnings.
2014-07-07 16:14:26 +02:00
Martin Willi
c1490c649a
enumerator: Enumerate glob(3) matches using gl_pathc
...
While glob should return a NULL terminated gl_pathv when having no matches,
at least on OS X this is not true when using GLOB_DOOFFS. Rely on the
number of matches returned in gl_pathc, which seems to be more reliable in
error cases.
2014-07-07 16:14:17 +02:00
Tobias Brunner
44870e5313
xauth-pam: Add workaround for null-terminated passwords
...
Fixes #631 .
2014-07-07 11:14:02 +02:00
Martin Willi
839951097c
kernel-netlink: Rename algorithm identifier from cast128 to cast5
...
Even if the XFRM identifier was named cast128 in the kernel before 2.6.31, it
actually never worked, because there is no such crypto algorithm.
The identifier has been changed to cast5 in
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=245acb87
to make it work, so we should use that.
Fixes #633 .
2014-07-04 10:18:12 +02:00
Tobias Brunner
118b2879aa
winhttp: Do not use countof() on pointer argument
2014-07-02 12:38:45 +02:00
Tobias Brunner
831045ef45
optionsfrom: Properly handle errors when determining file size
2014-07-02 12:38:45 +02:00
Tobias Brunner
e44223dbcc
windows: Fix off-by-one error in strerror_s_extended()
2014-07-02 12:38:45 +02:00
Tobias Brunner
0026600bfe
windows: accept() socket handle could theoretically be 0
2014-07-02 12:38:45 +02:00
Tobias Brunner
babe9e4f45
windows: Close correct socket when opening second socket fails in socketpair()
2014-07-02 12:38:44 +02:00
Tobias Brunner
0a26f39a71
windows: Make sure the string returned from ReadConsole() is null terminated
2014-07-02 12:38:44 +02:00
Tobias Brunner
32a262e7a1
windows: Remove useless assignment in put_thread()
2014-07-02 12:12:05 +02:00
Tobias Brunner
0e48f67562
backtrace: Remove name checks after SymFromAddr() calls
...
The Name member is an array whose address is always defined.
2014-07-02 12:11:59 +02:00
Tobias Brunner
fbe462e1b0
pts: Avoid integer overflow when reading file names in the old IMA format
2014-07-01 17:58:36 +02:00
Tobias Brunner
ecb55b4639
imv-attestation: Avoid memory leak when skipping unsupported work items
2014-07-01 17:58:36 +02:00
Tobias Brunner
530d87be1b
pts: Use memchr(3) instead of strchr(3) to extract hash algorithm name
...
The string read with read(2) might not be null terminated.
2014-07-01 17:58:36 +02:00
Tobias Brunner
f82d7aff85
swid: fgets(3) returns a pointer to the read string or NULL
2014-07-01 17:58:36 +02:00
Tobias Brunner
1be2b84124
parser-helper: Ensure file_next() does not remove the sentinel item
2014-07-01 17:58:36 +02:00
Martin Willi
6fb1283242
gcrypt: Use predefined pthread locking functions instead of custom hooks
...
Starting with libgcrypt 1.6, it seems that custom locking functions are not
supported anymore. Instead, the user has to select from one of the pre-defined
set of locking functions.
Given that we have a proper threading abstraction API with optional profiling
on all platforms, this is somewhat annoying. However, there does not seem to be
a way to use custom functions, and we have no other choice than using the
provided macro magic to support all libgcrypt versions.
Fixes #630 .
2014-07-01 12:23:19 +02:00
Tobias Brunner
28a79e4e0c
stroke: Don't log unspecified options of conn and ca sections
2014-06-30 13:29:26 +02:00
Tobias Brunner
e79dbda390
utils: Helper macros to define overloaded macros based on number of arguments
2014-06-30 13:29:26 +02:00
Tobias Brunner
ba2805c106
pki: Document --online option for pki --verify and all exit codes
2014-06-30 13:25:13 +02:00
Tobias Brunner
3986c1e3fd
autoconf: Replace --disable-tools option with --disable-scepclient
...
Since using a separate option for pki this was the only tool that was still
enabled by that option.
2014-06-30 13:25:13 +02:00
Tobias Brunner
45f647c9cd
checksum: Fix checksum generation for pki if tools are disabled
2014-06-30 13:25:13 +02:00
Tobias Brunner
2eef43f3ee
swid: Fix parameter documentation in Doxygen comments
2014-06-30 13:16:17 +02:00
Tobias Brunner
e351169900
windows: Fix parameter name in Doxygen comment
2014-06-30 13:16:17 +02:00
Tobias Brunner
aad072d517
enum: Replace þ with p in Doxygen comments
2014-06-30 13:16:17 +02:00
Tobias Brunner
3b16c2b55d
libvici: Add missing argument to Doxygen comment
2014-06-30 13:16:16 +02:00
Tobias Brunner
cc7c4c3dbd
starter: Add starter group and fix formatting of conf_parser_section_t enum
...
Make use of the Markdown support in recent Doxygen versions.
2014-06-30 13:16:16 +02:00
Tobias Brunner
1bd175a9ef
swanctl: Fix Doxygen group assignment
2014-06-30 13:16:16 +02:00
Tobias Brunner
ed01c1afff
Fixed some typos
2014-06-30 13:16:16 +02:00
Andreas Steffen
644fc4e1ff
Added Android 4.4.4 to IMV database
2014-06-27 08:27:28 +02:00
Tobias Brunner
f22add05f6
kernel-pfkey: Use address in TS to determine interface for shunt routes
2014-06-26 18:13:17 +02:00
Tobias Brunner
60f5fb2318
kernel-pfkey: Use subnet and prefix when determining nexthop for shunt policy routes
...
This is basically the same as 88f125f560
.
2014-06-26 18:13:09 +02:00
Tobias Brunner
b451303a6c
kernel-pfkey: Install routes for shunt policies
2014-06-26 18:12:05 +02:00
Tobias Brunner
04ff5e58e3
starter: Ingore %default conn and ca sections
2014-06-26 12:23:05 +02:00
Andreas Steffen
d96328fbc4
Updated build-database.sh to 3.13.0-30-generic Ubuntu kernel
2014-06-26 11:09:25 +02:00
Tobias Brunner
4431e1e04d
updown: Force subnet address to be numeric
2014-06-25 16:17:15 +02:00
Martin Willi
07b57e203b
windows: Include <sys/stat.h> explicitly before overloading memset()/memcpy()
...
fstat() in newer MinGWs is defined as non-static inline. With our new static
inline memset()/memcpy() overloads, this raises a warning. To avoid it,
explicitly include <sys/stat.h> once before defining these overloads.
2014-06-25 16:09:42 +02:00
Martin Willi
fc8ca5f2f2
eap-radius: Increase buffer for accounting attributes to maximum attribute size
...
Fixes #624 .
2014-06-25 13:11:34 +02:00
Tobias Brunner
cd6b2af33e
kernel-netlink: Cast IPv6 address blobs to the proper type
...
On Android these macros are defined as functions.
2014-06-24 15:53:25 +02:00
Tobias Brunner
3e4ce88633
android: Define HAVE_DLADDR as plugin loader checks for it
2014-06-24 15:53:25 +02:00
Tobias Brunner
5195416d90
android: Update Android.mk files to match changes due to the Windows port
...
Makes them easier to compare to the original Makefile.am.
2014-06-24 15:53:25 +02:00
Martin Willi
866514c70c
charon: Set CLOEXEC flag on daemon PID file and /dev/(u)random source FDs
...
On Fedora, SELinux complains about these open file descriptors when the
updown script invokes iptables. While it seems difficult to set the flag
on all file descriptors, this at least fixes those covered by the SELinux
policy.
As these two cases are in code executed while the daemon is still single
threaded, we avoid the use of atomic but not fully portable fdopen("e") or
open(O_CLOEXEC) calls.
Fixes #519 .
2014-06-24 15:26:38 +02:00
Tobias Brunner
6d4654b9f9
utils: Add wrappers for memcpy(3), memmove(3) and memset(3)
...
These wrappers guarantee that calls to these functions are noops if the
number of bytes is 0, as calling them with NULL pointers is undefined
according to the C standard, even if the number of bytes is 0 (most
implementations probably ignore the pointers anyway in this case, but
lets make sure).
2014-06-24 15:11:27 +02:00
Tobias Brunner
bb91109af8
pki: Also check for MAX_COMMANDS when building getopt_long arguments
...
Completes 87e53819a6
and 0a8c399a21
.
2014-06-24 15:11:27 +02:00
Andreas Steffen
d82aa931db
Auxiliary swid_tagstats table boosts performance
2014-06-23 13:32:50 +02:00
Tobias Brunner
aba9ef542e
unit-tests: Add tests for DH factory
2014-06-20 16:21:55 +02:00
Tobias Brunner
94dbbd8079
crypto-factory: Only sort RNGs by algorithm identifier
...
Others remain in the order in which they were added, grouped by
algorithm identifier and sorted by benchmarking speed, if provided.
2014-06-20 16:21:55 +02:00