strongswan.git
6 years agoled: Use plugin features to register listener
Tobias Brunner [Sat, 8 Jun 2013 08:18:00 +0000 (10:18 +0200)]
led: Use plugin features to register listener

6 years agotest-vectors: Use plugin features
Tobias Brunner [Fri, 7 Jun 2013 17:35:24 +0000 (19:35 +0200)]
test-vectors: Use plugin features

6 years agorevocation: Use plugin features with soft dependencies on fetcher and en-/decoding
Tobias Brunner [Fri, 7 Jun 2013 17:31:51 +0000 (19:31 +0200)]
revocation: Use plugin features with soft dependencies on fetcher and en-/decoding

6 years agopadlock: Use plugin features to properly register algorithms
Tobias Brunner [Fri, 7 Jun 2013 17:23:11 +0000 (19:23 +0200)]
padlock: Use plugin features to properly register algorithms

6 years agopkcs11: Use plugin_features_add() in get_features()
Tobias Brunner [Fri, 7 Jun 2013 17:22:26 +0000 (19:22 +0200)]
pkcs11: Use plugin_features_add() in get_features()

6 years agoplugin-feature: Added helper function to extend arrays of plugin features
Tobias Brunner [Fri, 7 Jun 2013 17:19:22 +0000 (19:19 +0200)]
plugin-feature: Added helper function to extend arrays of plugin features

6 years agoconstraints: Use plugin features with soft dependency on X.509 decoding
Tobias Brunner [Fri, 7 Jun 2013 17:01:40 +0000 (19:01 +0200)]
constraints: Use plugin features with soft dependency on X.509 decoding

6 years agoblowfish: Use plugin features to properly register crypter
Tobias Brunner [Fri, 7 Jun 2013 16:57:15 +0000 (18:57 +0200)]
blowfish: Use plugin features to properly register crypter

6 years agoresolve: Use plugin features to register attribute handler
Tobias Brunner [Fri, 7 Jun 2013 16:54:36 +0000 (18:54 +0200)]
resolve: Use plugin features to register attribute handler

6 years agoattr: Use plugin features to register attribute provider
Tobias Brunner [Fri, 7 Jun 2013 16:52:33 +0000 (18:52 +0200)]
attr: Use plugin features to register attribute provider

6 years agoipseckey: Allow en-/disabling at runtime using plugin reload feature
Tobias Brunner [Fri, 7 Jun 2013 16:38:16 +0000 (18:38 +0200)]
ipseckey: Allow en-/disabling at runtime using plugin reload feature

6 years agoipseckey: Use plugin features and depend on RESOLVER
Tobias Brunner [Fri, 7 Jun 2013 16:22:41 +0000 (18:22 +0200)]
ipseckey: Use plugin features and depend on RESOLVER

Also fixed a double-free of the resolver instance.

6 years agounbound: Use plugin features and provide RESOLVER
Tobias Brunner [Fri, 7 Jun 2013 16:16:08 +0000 (18:16 +0200)]
unbound: Use plugin features and provide RESOLVER

6 years agoplugin-feature: Add feature for DNSSEC-enabled resolvers
Tobias Brunner [Fri, 7 Jun 2013 16:11:46 +0000 (18:11 +0200)]
plugin-feature: Add feature for DNSSEC-enabled resolvers

6 years agoha: Use plugin features to register listeners and attribute provider
Tobias Brunner [Fri, 7 Jun 2013 15:58:12 +0000 (17:58 +0200)]
ha: Use plugin features to register listeners and attribute provider

6 years agofarp: Use plugin features to register listener
Tobias Brunner [Fri, 7 Jun 2013 15:50:12 +0000 (17:50 +0200)]
farp: Use plugin features to register listener

6 years agoerror-notify: Use plugin features to register listener
Tobias Brunner [Fri, 7 Jun 2013 15:46:43 +0000 (17:46 +0200)]
error-notify: Use plugin features to register listener

6 years agoduplicheck: Use plugin features to register listener
Tobias Brunner [Fri, 7 Jun 2013 15:43:41 +0000 (17:43 +0200)]
duplicheck: Use plugin features to register listener

6 years agocoupling: Use plugin features and soft depend on SHA1
Tobias Brunner [Fri, 7 Jun 2013 15:37:13 +0000 (17:37 +0200)]
coupling: Use plugin features and soft depend on SHA1

6 years agocertexpire: Use plugin features to register listener
Tobias Brunner [Fri, 7 Jun 2013 15:19:13 +0000 (17:19 +0200)]
certexpire: Use plugin features to register listener

6 years agoaddrblock: Use plugin features with soft dependency on X.509 decoding
Tobias Brunner [Fri, 7 Jun 2013 13:45:02 +0000 (15:45 +0200)]
addrblock: Use plugin features with soft dependency on X.509 decoding

6 years agodhcp: Use plugin features with dependency to RNG implementation
Tobias Brunner [Fri, 7 Jun 2013 13:35:47 +0000 (15:35 +0200)]
dhcp: Use plugin features with dependency to RNG implementation

6 years agosql: Use plugin features with dependency to database backend
Tobias Brunner [Fri, 7 Jun 2013 13:14:52 +0000 (15:14 +0200)]
sql: Use plugin features with dependency to database backend

6 years agoattr-sql: Use plugin features with dependency to database backend
Tobias Brunner [Fri, 7 Jun 2013 13:07:39 +0000 (15:07 +0200)]
attr-sql: Use plugin features with dependency to database backend

6 years agoplugin-feature: Function added to exactly compare plugin features
Tobias Brunner [Fri, 7 Jun 2013 12:44:52 +0000 (14:44 +0200)]
plugin-feature: Function added to exactly compare plugin features

6 years agoSocket plugins soft depend on the kernel-ipsec plugin feature
Tobias Brunner [Fri, 7 Jun 2013 12:41:12 +0000 (14:41 +0200)]
Socket plugins soft depend on the kernel-ipsec plugin feature

On most platforms calls to methods to bypass the IKE sockets and enabling
UDP decapsulation are required.

6 years agoMerge branch 'unit-tests'
Tobias Brunner [Tue, 11 Jun 2013 09:07:43 +0000 (11:07 +0200)]
Merge branch 'unit-tests'

Adds a test runner and several test suites for libstrongswan.
Also adds an option to produce a test coverage report.

Several bugs were fixed in the process and chunk_hash() was replaced
with an improved implementation based on SipHash-2-4 (with a randomly
allocated key to prevent hash flooding attacks).

6 years agoSuppress log messages during tests
Tobias Brunner [Wed, 5 Jun 2013 14:34:04 +0000 (16:34 +0200)]
Suppress log messages during tests

6 years agoRemove explicit leak detective checks as these are now done for all tests
Tobias Brunner [Wed, 5 Jun 2013 12:14:12 +0000 (14:14 +0200)]
Remove explicit leak detective checks as these are now done for all tests

6 years agoEnable leak detective for all test cases
Tobias Brunner [Wed, 5 Jun 2013 12:01:40 +0000 (14:01 +0200)]
Enable leak detective for all test cases

6 years agoAdded tests for bio_writer_t
Tobias Brunner [Tue, 4 Jun 2013 16:29:06 +0000 (18:29 +0200)]
Added tests for bio_writer_t

6 years agoEnsure buffer in bio_writer_t is properly increased
Tobias Brunner [Tue, 4 Jun 2013 15:29:40 +0000 (17:29 +0200)]
Ensure buffer in bio_writer_t is properly increased

The previous code was problematic if bufsize/increase was smaller than 8
and an u_int64_t was written when the buffer was too small.  Also, for
large chunks and small bufsizes realloc() was called several times
instead of just once.

6 years agoAdded tests for bio_reader_t
Tobias Brunner [Tue, 4 Jun 2013 14:25:22 +0000 (16:25 +0200)]
Added tests for bio_reader_t

6 years agoAdd getter for the number of leaks to leak_detective_t
Tobias Brunner [Tue, 4 Jun 2013 14:21:48 +0000 (16:21 +0200)]
Add getter for the number of leaks to leak_detective_t

6 years agoAdded tests for utils/enum.c
Tobias Brunner [Mon, 3 Jun 2013 16:58:14 +0000 (18:58 +0200)]
Added tests for utils/enum.c

6 years agoGracefully handle NULL as argument for enum_from_name()
Tobias Brunner [Mon, 3 Jun 2013 16:45:57 +0000 (18:45 +0200)]
Gracefully handle NULL as argument for enum_from_name()

6 years agoAdditional tests for identification_t added
Tobias Brunner [Thu, 28 Mar 2013 15:53:07 +0000 (16:53 +0100)]
Additional tests for identification_t added

6 years agoFail DN parsing if OID is unterminated
Tobias Brunner [Mon, 3 Jun 2013 15:30:40 +0000 (17:30 +0200)]
Fail DN parsing if OID is unterminated

This is the case if the last OID is not followed by a = or if the string
starts with a =.

6 years agoFix DN printing if last RDN has an empty value
Tobias Brunner [Mon, 3 Jun 2013 14:41:45 +0000 (16:41 +0200)]
Fix DN printing if last RDN has an empty value

6 years agoFix DN parsing if last RDN has an empty value
Tobias Brunner [Mon, 3 Jun 2013 13:53:46 +0000 (15:53 +0200)]
Fix DN parsing if last RDN has an empty value

6 years agoFix output of ASN.1 GN
Tobias Brunner [Tue, 23 Apr 2013 10:06:54 +0000 (12:06 +0200)]
Fix output of ASN.1 GN

6 years agoUse chunk_from_str in identification_from_string
Tobias Brunner [Thu, 28 Mar 2013 15:50:36 +0000 (16:50 +0100)]
Use chunk_from_str in identification_from_string

We always have a non-empty string in those cases as "" is now handled
as ID_ANY.

6 years agoUse local variable in chunk_from_str()
Tobias Brunner [Thu, 28 Mar 2013 15:33:39 +0000 (16:33 +0100)]
Use local variable in chunk_from_str()

This allows using strdup() or other string functions as argument
without calling them twice.

6 years agoParse empty string as ID_ANY
Tobias Brunner [Thu, 28 Mar 2013 15:30:29 +0000 (16:30 +0100)]
Parse empty string as ID_ANY

6 years agoAdded tests for utils/utils.[ch]
Tobias Brunner [Thu, 28 Mar 2013 09:58:09 +0000 (10:58 +0100)]
Added tests for utils/utils.[ch]

6 years agoAllow memstr() to be called with NULL arguments
Tobias Brunner [Thu, 28 Mar 2013 13:12:53 +0000 (14:12 +0100)]
Allow memstr() to be called with NULL arguments

6 years agoRemoved unused clalloc() function
Tobias Brunner [Thu, 28 Mar 2013 10:03:26 +0000 (11:03 +0100)]
Removed unused clalloc() function

6 years agotimeval_add_ms() fixed
Tobias Brunner [Thu, 28 Mar 2013 09:25:11 +0000 (10:25 +0100)]
timeval_add_ms() fixed

1000000us are exactly 1s so.

6 years agoAdditional tests for chunk_t
Tobias Brunner [Wed, 27 Mar 2013 18:56:14 +0000 (19:56 +0100)]
Additional tests for chunk_t

6 years agoAlso capture coverage data for tests but filter them from the result
Tobias Brunner [Wed, 27 Mar 2013 16:41:04 +0000 (17:41 +0100)]
Also capture coverage data for tests but filter them from the result

Otherwise calls from test cases to static inline functions are not captured.

6 years agoAdd tests for lib->get|set
Tobias Brunner [Wed, 27 Mar 2013 15:35:28 +0000 (16:35 +0100)]
Add tests for lib->get|set

6 years agoRemove dead code in token enumerator
Tobias Brunner [Wed, 27 Mar 2013 15:15:10 +0000 (16:15 +0100)]
Remove dead code in token enumerator

Since we always search for the nearest separator (and strip them from
the front of the next token) there can't be any separators left at the
end of a token.

6 years agoAdditional and improved enumerator_t tests
Tobias Brunner [Wed, 27 Mar 2013 14:35:19 +0000 (15:35 +0100)]
Additional and improved enumerator_t tests

6 years agoTest remove and remove_at of hashtable_t if all items are in the same bucket
Tobias Brunner [Wed, 27 Mar 2013 13:45:07 +0000 (14:45 +0100)]
Test remove and remove_at of hashtable_t if all items are in the same bucket

6 years agoAdd test cases for invoke_* and clone_* of linked_list_t
Tobias Brunner [Wed, 27 Mar 2013 13:10:12 +0000 (14:10 +0100)]
Add test cases for invoke_* and clone_* of linked_list_t

6 years agoImprove tests for linked_list_t.replace()
Tobias Brunner [Wed, 27 Mar 2013 12:27:19 +0000 (13:27 +0100)]
Improve tests for linked_list_t.replace()

6 years agoAdd additional tests for linked_list_t
Tobias Brunner [Wed, 27 Mar 2013 12:22:07 +0000 (13:22 +0100)]
Add additional tests for linked_list_t

6 years agoImproved test for linked_list_t.insert_before()
Tobias Brunner [Wed, 27 Mar 2013 12:21:52 +0000 (13:21 +0100)]
Improved test for linked_list_t.insert_before()

6 years agoEnable coverage report for libstrongswan
Tobias Brunner [Wed, 27 Mar 2013 10:54:09 +0000 (11:54 +0100)]
Enable coverage report for libstrongswan

6 years agoAdd --enable-coverage configure option
Tobias Brunner [Wed, 27 Mar 2013 10:03:56 +0000 (11:03 +0100)]
Add --enable-coverage configure option

This configure flag enables lcov [1] coverage generation and is intended
to be used with unit tests (--enable-unit-tests is implied).

A html coverage report can be generated by issuing the following command
in the toplevel build directory:

make coverage

[1] - http://ltp.sourceforge.net/coverage/lcov.php

Based on a patch by Adrian-Ken Rueegsegger.

6 years agoUse proper type for enumerator_t/linked_list_t tests
Tobias Brunner [Wed, 27 Mar 2013 10:24:14 +0000 (11:24 +0100)]
Use proper type for enumerator_t/linked_list_t tests

Worked with -O2 but not with -O0.

6 years agoConverted test for recursive mutex_t
Tobias Brunner [Wed, 27 Mar 2013 08:16:59 +0000 (09:16 +0100)]
Converted test for recursive mutex_t

6 years agoRandomly allocate chunk_hash() key during first use
Tobias Brunner [Tue, 26 Mar 2013 18:25:55 +0000 (19:25 +0100)]
Randomly allocate chunk_hash() key during first use

This avoids hash flooding attacks.

6 years agoReplace chunk_hash() with output from chunk_mac()
Tobias Brunner [Tue, 26 Mar 2013 18:24:24 +0000 (19:24 +0100)]
Replace chunk_hash() with output from chunk_mac()

The quality is way better, the calculation is a bit slower though.

The key is statically initialized to zero, which will be changed later
to prevent hash flooding.

6 years agoAdding chunk_mac() which calculates a 64-bit MAC using SipHash-2-4
Tobias Brunner [Tue, 26 Mar 2013 17:18:52 +0000 (18:18 +0100)]
Adding chunk_mac() which calculates a 64-bit MAC using SipHash-2-4

6 years agoConverted tests for chunk_t
Tobias Brunner [Tue, 26 Mar 2013 15:39:44 +0000 (16:39 +0100)]
Converted tests for chunk_t

6 years agoConverted and added tests for hashtable_t
Tobias Brunner [Tue, 26 Mar 2013 15:38:27 +0000 (16:38 +0100)]
Converted and added tests for hashtable_t

6 years agoConverted tests for identification_t
Tobias Brunner [Tue, 26 Mar 2013 13:52:33 +0000 (14:52 +0100)]
Converted tests for identification_t

6 years agoRemove obsolete enumerator/linked_list tests in unit_tester plugin
Tobias Brunner [Tue, 26 Mar 2013 12:13:33 +0000 (13:13 +0100)]
Remove obsolete enumerator/linked_list tests in unit_tester plugin

6 years agoAdd tests combining linked_list_t and enumerators
Tobias Brunner [Tue, 26 Mar 2013 12:07:23 +0000 (13:07 +0100)]
Add tests combining linked_list_t and enumerators

6 years agoSome minor Doxygen fixes for linked_list_t
Tobias Brunner [Tue, 26 Mar 2013 11:36:51 +0000 (12:36 +0100)]
Some minor Doxygen fixes for linked_list_t

6 years agoAdd basic tests for linked_list_t
Tobias Brunner [Tue, 26 Mar 2013 11:18:44 +0000 (12:18 +0100)]
Add basic tests for linked_list_t

6 years agoRedirect test runner output to stderr
Tobias Brunner [Tue, 26 Mar 2013 09:49:08 +0000 (10:49 +0100)]
Redirect test runner output to stderr

This allows redirecting stdout of 'make check' to /dev/null.

6 years agoAdd tests for enumerator_t
Tobias Brunner [Tue, 26 Mar 2013 09:41:54 +0000 (10:41 +0100)]
Add tests for enumerator_t

6 years agoAdd test runner for unit tests in libstrongswan
Tobias Brunner [Tue, 26 Mar 2013 09:21:32 +0000 (10:21 +0100)]
Add test runner for unit tests in libstrongswan

6 years agotesting: Increase base image size so there is space for test results on winnetou
Tobias Brunner [Tue, 11 Jun 2013 09:01:26 +0000 (11:01 +0200)]
testing: Increase base image size so there is space for test results on winnetou

6 years agotesting: Ignore errors when searching for imcv log entries in daemon.log
Tobias Brunner [Mon, 10 Jun 2013 16:52:32 +0000 (18:52 +0200)]
testing: Ignore errors when searching for imcv log entries in daemon.log

6 years agoAdded missing string for full-length HMAC-SHA512 signer
Tobias Brunner [Mon, 10 Jun 2013 09:48:18 +0000 (11:48 +0200)]
Added missing string for full-length HMAC-SHA512 signer

6 years agoattr: Fix handling of invalid IPs listed after valid ones
Tobias Brunner [Wed, 5 Jun 2013 15:10:45 +0000 (17:10 +0200)]
attr: Fix handling of invalid IPs listed after valid ones

Invalid IPs listed after a valid one resulted in an attribute
of the same type but with invalid data.

6 years agoattr: fix a compiler warning that family is used uninitialized (seen with -Os)
Martin Willi [Wed, 5 Jun 2013 13:20:37 +0000 (15:20 +0200)]
attr: fix a compiler warning that family is used uninitialized (seen with -Os)

6 years agoStrictly memwipe_check() for magic only in the affected buffer
Martin Willi [Wed, 5 Jun 2013 12:37:05 +0000 (14:37 +0200)]
Strictly memwipe_check() for magic only in the affected buffer

Passing back the buffer address we memwipe() is not ideal, as it could, in
theory, change the behavior of the compiler and not-optimize memwipe(). But
as checking a larger stack is very difficult for different architectures
and compilers, we do it nonetheless for now.

6 years agoAllow memwipe() to be called with NULL argument
Tobias Brunner [Mon, 27 May 2013 16:41:16 +0000 (18:41 +0200)]
Allow memwipe() to be called with NULL argument

6 years agokernel-netlink: add outer addresses to policy when using BEET mode
Michael Rossberg [Wed, 22 May 2013 07:55:46 +0000 (09:55 +0200)]
kernel-netlink: add outer addresses to policy when using BEET mode

6 years agoopenssl: add support for IP addr blocks in X.509 certificates
Michael Rossberg [Wed, 22 May 2013 07:51:10 +0000 (09:51 +0200)]
openssl: add support for IP addr blocks in X.509 certificates

6 years agoMake plugins in standalone libimcv configurable
Andreas Steffen [Fri, 24 May 2013 10:56:21 +0000 (12:56 +0200)]
Make plugins in standalone libimcv configurable

6 years agohost-resolver: don't try to resolve a plain v4 address to an IPv6 address
Volker RĂ¼melin [Sun, 21 Apr 2013 13:10:39 +0000 (15:10 +0200)]
host-resolver: don't try to resolve a plain v4 address to an IPv6 address

Suppress 'Address family for hostname not supported' errors if a IPv6
client connects in a mixed IPv4/IPv6 environment.

6 years agotraffic-selector: inet_pton is successful only if it returns 1
Martin Willi [Thu, 16 May 2013 08:59:33 +0000 (10:59 +0200)]
traffic-selector: inet_pton is successful only if it returns 1

6 years agoupdown: pass IKE_SA unique ID in PLUTO_UNIQUEID
Emanuil Hristov [Wed, 17 Apr 2013 09:44:34 +0000 (12:44 +0300)]
updown: pass IKE_SA unique ID in PLUTO_UNIQUEID

6 years agocapabilities: leak-detective using dlsym() does not need CAP_SYS_NICE anymore
Martin Willi [Wed, 8 May 2013 12:58:59 +0000 (14:58 +0200)]
capabilities: leak-detective using dlsym() does not need CAP_SYS_NICE anymore

6 years agocapabilities: initialize supplementary groups only when doing a setuid()
Martin Willi [Wed, 8 May 2013 12:58:28 +0000 (14:58 +0200)]
capabilities: initialize supplementary groups only when doing a setuid()

6 years agoaf-alg: fix number of signers after adding untruncated HMAC-SHA-512 (1f2a34d6)
Martin Willi [Wed, 15 May 2013 14:42:03 +0000 (16:42 +0200)]
af-alg: fix number of signers after adding untruncated HMAC-SHA-512 (1f2a34d6)

6 years agoRaise LOCAL_AUTH_FAILED alert after receiving AUTHENTICATION_FAILURE
Martin Willi [Wed, 8 May 2013 09:03:33 +0000 (11:03 +0200)]
Raise LOCAL_AUTH_FAILED alert after receiving AUTHENTICATION_FAILURE

6 years agotesting: Set terminal title when logging in via SSH
Tobias Brunner [Wed, 15 May 2013 08:32:41 +0000 (10:32 +0200)]
testing: Set terminal title when logging in via SSH

Since we always log in as root use a simpler command prompt. And don't
store duplicate commands in the bash command history.

6 years agoopenssl: Only warn about unavailable FIPS mode if the user requested it
Tobias Brunner [Wed, 8 May 2013 13:23:14 +0000 (15:23 +0200)]
openssl: Only warn about unavailable FIPS mode if the user requested it

6 years agoMerge branch 'charon-cmd-pkcs12'
Tobias Brunner [Wed, 8 May 2013 13:19:38 +0000 (15:19 +0200)]
Merge branch 'charon-cmd-pkcs12'

Adds support for PKCS#12 files in charon-cmd and ipsec.secrets.

Also fixes the cleanup of the OpenSSL library in the openssl plugin.

6 years agostroke: Add second password if provided
Tobias Brunner [Wed, 17 Apr 2013 15:32:37 +0000 (17:32 +0200)]
stroke: Add second password if provided

6 years agoLoad pkcs7 plugin in charon (and while we are at it in nm)
Tobias Brunner [Wed, 17 Apr 2013 15:13:28 +0000 (17:13 +0200)]
Load pkcs7 plugin in charon (and while we are at it in nm)

6 years agostroke: Fail silently if another builder calls PW callback after giving up
Tobias Brunner [Wed, 17 Apr 2013 14:03:05 +0000 (16:03 +0200)]
stroke: Fail silently if another builder calls PW callback after giving up

Also reduced the number of tries to 3.

6 years agostroke: Cache passwords so the user is not prompted multiple times for the same password
Tobias Brunner [Wed, 17 Apr 2013 13:54:23 +0000 (15:54 +0200)]
stroke: Cache passwords so the user is not prompted multiple times for the same password

To verify/decrypt a PKCS#12 container a password might be needed
multiple times.  If it was entered correctly we don't want to bother the
user again with another password prompt.
The passwords for MAC creation and encryption could be different so the
user might be prompted multiple times after all.

6 years agostroke: Fix prompt and error messages in passphrase callback
Tobias Brunner [Wed, 17 Apr 2013 13:51:11 +0000 (15:51 +0200)]
stroke: Fix prompt and error messages in passphrase callback