botan: Adhere to configured DH exponent length
[strongswan.git] / src / libstrongswan / library.c
index f694509..ad5d9ab 100644 (file)
@@ -1,7 +1,7 @@
 /*
- * Copyright (C) 2009-2016 Tobias Brunner
+ * Copyright (C) 2009-2018 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -26,6 +26,7 @@
 #include <collections/hashtable.h>
 #include <utils/backtrace.h>
 #include <selectors/traffic_selector.h>
+#include <crypto/proposal/proposal.h>
 
 #define CHECKSUM_LIBRARY IPSEC_LIB_DIR"/libchecksum.so"
 
@@ -53,7 +54,7 @@ struct private_library_t {
        /**
         * Integrity check failed?
         */
-       bool integrity_failed;
+       bool init_failed;
 
 #ifdef LEAK_DETECTIVE
        /**
@@ -94,6 +95,13 @@ void library_add_namespace(char *ns)
 }
 
 /**
+ * Register plugins if built statically
+ */
+#ifdef STATIC_PLUGIN_CONSTRUCTORS
+#include "plugin_constructors.c"
+#endif
+
+/**
  * library instance
  */
 library_t *lib = NULL;
@@ -175,13 +183,13 @@ void library_deinit()
                this->public.integrity->destroy(this->public.integrity);
        }
 
-#ifdef LEAK_DETECTIVE
        if (lib->leak_detective)
        {
                lib->leak_detective->report(lib->leak_detective, detailed);
                lib->leak_detective->destroy(lib->leak_detective);
                lib->leak_detective = NULL;
        }
+#ifdef LEAK_DETECTIVE
        if (this->ld_out && this->ld_out != stderr)
        {
                fclose(this->ld_out);
@@ -241,6 +249,8 @@ static bool equals(char *a, char *b)
  */
 #define MEMWIPE_WIPE_WORDS 16
 
+#ifndef NO_CHECK_MEMWIPE
+
 /**
  * Write magic to memory, and try to clear it with memwipe()
  */
@@ -281,6 +291,8 @@ static bool check_memwipe()
        return TRUE;
 }
 
+#endif
+
 /*
  * see header file
  */
@@ -294,7 +306,7 @@ bool library_init(char *settings, const char *namespace)
        {       /* already initialized, increase refcount */
                this = (private_library_t*)lib;
                ref_get(&this->ref);
-               return !this->integrity_failed;
+               return !this->init_failed;
        }
 
        chunk_hash_seed();
@@ -358,11 +370,20 @@ bool library_init(char *settings, const char *namespace)
                                         PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_END);
        pfh->add_handler(pfh, 'R', traffic_selector_printf_hook,
                                         PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_END);
+       pfh->add_handler(pfh, 'P', proposal_printf_hook,
+                                        PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_END);
 
        this->objects = hashtable_create((hashtable_hash_t)hash,
                                                                         (hashtable_equals_t)equals, 4);
 
-       this->public.settings = settings_create(this->public.conf);
+       this->public.settings = settings_create(NULL);
+       if (!this->public.settings->load_files(this->public.settings,
+                                                                                  this->public.conf, FALSE))
+       {
+               DBG1(DBG_LIB, "abort initialization due to invalid configuration");
+               this->init_failed = TRUE;
+       }
+
        /* add registered aliases */
        for (i = 0; i < ns_count; ++i)
        {
@@ -387,10 +408,12 @@ bool library_init(char *settings, const char *namespace)
        this->public.streams = stream_manager_create();
        this->public.plugins = plugin_loader_create();
 
+#ifndef NO_CHECK_MEMWIPE
        if (!check_memwipe())
        {
                return FALSE;
        }
+#endif
 
        if (lib->settings->get_bool(lib->settings,
                                                                "%s.integrity_test", FALSE, lib->ns))
@@ -400,15 +423,15 @@ bool library_init(char *settings, const char *namespace)
                if (!lib->integrity->check(lib->integrity, "libstrongswan", library_init))
                {
                        DBG1(DBG_LIB, "integrity check of libstrongswan failed");
-                       this->integrity_failed = TRUE;
+                       this->init_failed = TRUE;
                }
 #else /* !INTEGRITY_TEST */
                DBG1(DBG_LIB, "integrity test enabled, but not supported");
-               this->integrity_failed = TRUE;
+               this->init_failed = TRUE;
 #endif /* INTEGRITY_TEST */
        }
 
        diffie_hellman_init();
 
-       return !this->integrity_failed;
+       return !this->init_failed;
 }