aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan
Commit message (Collapse)AuthorAgeFilesLines
...
* unit-tests: Fix memory leak in ntru testsTobias Brunner2014-03-271-3/+5
|
* unit-test: added missing TEST_FUNCTION macrosAndreas Steffen2014-03-221-8/+16
|
* openssl: Add default fallback when calculating fingerprints of RSA keysTobias Brunner2014-03-221-1/+15
| | | | | | We still try to calculate these directly as it can avoid a dependency on the pkcs1 or other plugins. But for e.g. PGPv3 keys we need to delegate the actual fingerprint calculation to the pgp plugin.
* Completed integration of ntru_crypto library into ntru pluginAndreas Steffen2014-03-2221-1711/+1227
|
* crypto-tester: Don't fail if key size is not supportedTobias Brunner2014-03-201-6/+3
| | | | | | | | The Blowfish and Twofish implementations provided by the gcrypt plugin only support specific key lengths, which we don't know when testing against vectors (either during unit tests or during algorithm registration). The on_create test with a specific key length will be skipped anyway, so there is no point in treating this failure differently.
* unit-tests: Add an option to increase the verbosity when running testsTobias Brunner2014-03-201-1/+9
| | | | | The TESTS_VERBOSITY option takes an integer from -1 to 4 that sets the default debug level.
* unit-tests: Add an option to run only a subset of all test suitesTobias Brunner2014-03-201-8/+54
| | | | | The TESTS_SUITES environment variable can contain a comma separated list of names of test suites to run.
* unit-tests: Actually verify registered algorithms against test vectorsTobias Brunner2014-03-202-5/+47
| | | | | | | | Previously, the {ns}.crypto_test.on_add option had to be enabled to actually test the algorithms, which we can't enforce for the tests in the test_runner as the option is already read when the crypto factory is initialized. Even so, we wouldn't want to do this for every unit test, which would be the result of enabling that option.
* unit-tests: Use TEST_FUNCTION macro in ntru testsTobias Brunner2014-03-201-34/+44
|
* unit-tests: Implement registered functions without __builtin_apply()Tobias Brunner2014-03-201-17/+17
| | | | | This makes the tests work with clang, which does not implement said builtin.
* unit-tests: Call functions with TEST_ prefix in ntru testTobias Brunner2014-03-201-36/+38
|
* unit-tests: Prefix imported testable functions with TEST_Tobias Brunner2014-03-201-3/+3
| | | | This avoids any clashes with existing functions in the monolithic build.
* unit-tests: Change how hashtable for testable functions is createdTobias Brunner2014-03-203-28/+49
| | | | | | | | Because GCC does not adhere to the priorities defined for constructors when building with --enable-monolithic (not sure if it was just luck that it worked in non-monolithic mode - anyway, it's not very portable) function registration would fail because the hashtable would not be created yet.
* unit-tests: Generate weak keys with gcrypt plugin (but quickly)Tobias Brunner2014-03-201-0/+3
|
* plugin-feature: Hash only the actually used feature argumentTobias Brunner2014-03-201-1/+31
| | | | | | | | Clang does not initialize padding in union members so hashing the complete "arg" union could lead to different hashes if the hashed plugin_feature_t does not have static storage duration. Fixes #549.
* array: Fix removal of elements in the second half of an arrayTobias Brunner2014-03-181-1/+1
| | | | | | | Memory beyond the end of the array was moved when array elements in the second half of an array were removed. Fixes #548.
* plugin-loader: Properly initialize modular plugin list if no plugins are enabledTobias Brunner2014-03-181-0/+1
|
* Implemented ntru_private_key classAndreas Steffen2014-03-1815-1381/+1429
|
* 11 bits are needed to encode a maximum index of 1086Andreas Steffen2014-03-151-1/+1
|
* Refactored NTRU parameter set selectionAndreas Steffen2014-03-073-40/+47
|
* Refactored ntru_param_setsAndreas Steffen2014-03-079-246/+175
|
* thread: Properly clean up meta data of main threadTobias Brunner2014-03-071-0/+2
|
* settings: Log all errors on level 1Tobias Brunner2014-03-041-4/+3
| | | | Closes #539.
* settings: Avoid conf file parsing beyond allocated bufferThomas Egerer2014-03-031-2/+2
| | | | | | | | | | | | | | | A valgrind analysis of libstrongswan revealed an invalid read of 1 in the function starts_with(). A more thorough analysis proved this to be true and showed that with a specially crafted config file (e.g. a single '#'-character not followed by a newline), the parser might even interpret the random memory contents following the allocated buffer as part of the configuration file. The way the parser is designed, it must be able to skip an inserted '\0' and continue parsing. Since it is not able to skip two '\0' characters, the 'fix' of allocating two more bytes than the size of the parsed file and setting them to '\0' seems to be a safe bet. Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* Optimize ntru_poly constructors some more5.1.2Andreas Steffen2014-02-271-26/+24
|
* Optimized initialisation of indicesAndreas Steffen2014-02-271-50/+39
|
* Added get_array() method to ntru_poly_t classAndreas Steffen2014-02-276-157/+90
|
* Defined ntru_poly_create_from_seed() and ntru_poly_create_from_data() ↵Andreas Steffen2014-02-276-138/+220
| | | | constructors and built some unit tests for the latter)
* Optimized use of temporary arrays in polynomial multiplicationAndreas Steffen2014-02-272-24/+24
|
* Implement ring multiplication methodAndreas Steffen2014-02-274-113/+245
|
* utils: Add memrchr(3) replacement for platforms that don't support itTobias Brunner2014-02-263-1/+81
| | | | For instance, on Mac OS X memrchr(3) is not provided by the C library.
* settings: Use thread-safe dirname(3)Tobias Brunner2014-02-241-5/+3
|
* utils: Add thread-safe variants of dirname(3) and basename(3)Tobias Brunner2014-02-243-4/+144
|
* utils: Move thread-safe strerror replacement to a separate fileTobias Brunner2014-02-247-99/+145
| | | | | For some utils _GNU_SOURCE might be needed but that conflicts with the signature of strerror_r(3).
* settings: Use dirname(3) correctlyTobias Brunner2014-02-241-4/+4
| | | | | | | | dirname(3) may return a pointer to a statically allocated buffer. So freeing the returned value can result to undefined behavior. This was noticed on FreeBSD where it caused very strange crashes. It is also not thread-safe, which will be addressed later.
* index limit can be easily computedAndreas Steffen2014-02-196-54/+28
|
* uclibc only defines strndup(3) if _GNU_SOURCE is definedTobias Brunner2014-02-191-2/+2
| | | | References #516.
* sshkey: uclibc only defines fmemopen(3) if _GNU_SOURCE is definedTobias Brunner2014-02-191-0/+1
| | | | Fixes #516.
* Created ntru_poly class for sparse trinary polynomialsAndreas Steffen2014-02-189-440/+575
|
* Fixed some typosTobias Brunner2014-02-183-6/+6
|
* plugin-loader: Escape <ns> in comment as Doxygen sees this as XML tagTobias Brunner2014-02-181-2/+2
|
* unit-tests: Ignore tests not test_runnerTobias Brunner2014-02-181-1/+1
|
* lookip: Disconnect asynchronously to avoid dead-locking watcher unregistrationMartin Willi2014-02-171-3/+2
| | | | | | | | | While it really would be desirable to allow stream destruction during on_read() callbacks, this does not work anymore since e49b2998. Until we have a proper solution for this issue, use asynchronous disconnects for the only user doing so. Fixes #518.
* Fixed a minor vulnerability in which a malformed ASN.1 length field could ↵5.1.2rc1Andreas Steffen2014-02-141-0/+1
| | | | cause a crash of the charon daemon if the verbose debug level 3 (raw hex dump) for the asn subsystem is enabled.
* printf-hook-glibc: printf.h on FreeBSD 10 does not include stdargs.hTobias Brunner2014-02-131-1/+1
|
* array: Fix compilation on FreeBSDTobias Brunner2014-02-131-2/+2
|
* settings: Add support to enumerate sections and key/value pairs with fallbacksTobias Brunner2014-02-123-45/+187
|
* settings: Implement subsections and key/value pairs with sorted arraysTobias Brunner2014-02-121-68/+74
| | | | | | Is a bit more memory efficient (also due to lazy instantiation) and lookups for sections with lots of subsections/keys (e.g. charon.plugins) are faster.
* array: Add fallback for qsort_r using thread-local valueTobias Brunner2014-02-123-2/+49
| | | | Cygwin for example does not support qsort_r.
* plugin-loader: Optionally use load option in each plugin section to load pluginsTobias Brunner2014-02-122-4/+144
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This now works because all plugins use the same config namespace. If <ns>.load_modular is true, the list of plugins to load is determined via the value of the <ns>.plugins.<name>.load options. Using includes the following is possible: charon { load_modular = yes plugins { include strongswan.d/charon/*.conf } } charon-cmd { load_modular = yes plugins { include strongswan.d/charon-cmd/*.conf } } Where each .conf file would contain something like: <name> { load = yes <option> = <value> } To increase the priority of individual plugins load = <priority> can be used (the default is 1). For instance, to use openssl instead of the built-in crypto plugins set in strongswan.d/charon/openssl.conf: openssl { load = 10 } If two plugins have the same priority their order in the default plugin list is preserved. Plugins not found in that list are ordered alphabetically before other plugins with the same priority.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 01:54:49 +0000