Tobias Brunner [Tue, 22 Oct 2019 12:15:27 +0000 (14:15 +0200)]
Merge branch 'ipv6-addrs-mobike'
Address enumeration on Linux now ignores deprecated addresses and
whether temporary or permanent IPv6 addresses are included now depends
on the charon.prefer_temporary_addrs setting.
Tobias Brunner [Thu, 17 Oct 2019 11:09:54 +0000 (13:09 +0200)]
utils: Handle NULL consistently if memwipe() is implemented via explicit_bzero()
Our own implementation ignores NULL values, however, explicit_bzero()
can't handle that, as indicated by the `__nonnull ((1))` attribute in the
function's signature in string.h, and causes a segmentation fault. This
was noticed in one of the unit tests for NewHope. Since we usually use
memwipe() via chunk_clear(), which already ignores NULL pointers, this
is not that much of an issue in practice.
Fixes: 149d1bbb055a ("memory: Use explicit_bzero() as memwipe() if available")
Tobias Brunner [Thu, 17 Oct 2019 06:31:51 +0000 (08:31 +0200)]
travis: Switch to the Ubuntu 18.04 (bionic) image for tests
Do two full build tests on 16.04 (xenial) and the two for OpenSSL 1.0
also run there. Since 18.04 ships OpenSSL 1.1.1, which conflicts with
our custom built version, we skip that until OpenSSL 3.0 is released.
A workaround is required for an issue with sonarqube on bionic.
Tobias Brunner [Fri, 18 Oct 2019 14:53:35 +0000 (16:53 +0200)]
prf-plus: Fail after counter has wrapped around
The behavior is undefined if this happens (RFC 7296, section 2.13).
Instead of switching to the non-counter mode, or letting the counter
wrap, this makes it clear that the usage was not as intended.
Tobias Brunner [Tue, 15 Oct 2019 15:26:16 +0000 (17:26 +0200)]
Merge branch 'android-updates'
Makes the local identity configurable and includes a fix for Android 10,
plus a break-before-make reauth issue (not Android specific) and some
deprecation workarounds.
Tobias Brunner [Tue, 8 Oct 2019 13:34:00 +0000 (15:34 +0200)]
android: New release after making local identity configurable
This also includes a fix for Android 10 and some older fixes for
API level 28 compatibility and a crash on Huawei devices. The API
used to detect network changes is also replaced on newer Android
versions and an issue with DELETES received during break-before-make
reauthentication is also fixed.
Tobias Brunner [Mon, 14 Oct 2019 15:24:15 +0000 (17:24 +0200)]
ike-delete: Continue break-before-make reauth if server concurrently deletes SA
There seem to be servers around that, upon receiving a delete from the
client, instead of responding with an empty INFORMATIONAL, send a delete
themselves.
Tobias Brunner [Mon, 14 Oct 2019 13:03:10 +0000 (15:03 +0200)]
android: Replace deprecated CONNECTIVITY_ACTION on newer Android versions
It was deprecated in API level 28, registerNetworkCallback is available
since API level 21, but ConnectivityManager got some updates with 24
(e.g. default network handling) so we start using it then.
Tobias Brunner [Tue, 8 Oct 2019 13:51:18 +0000 (15:51 +0200)]
android: Don't use specific key types to select user certificates
Android 10 will honor the preselection and could, thus, hide some
installed certificates if we only pass "RSA". The dialog will also only
be shown if there are actually certificates installed (i.e. users will
have to do that manually outside of the app or via profile import).
Tobias Brunner [Tue, 8 Oct 2019 13:02:30 +0000 (15:02 +0200)]
android: Allow configuration of client identity for all authentication types
This replaces the drop-down box to select certificate identities with a
text field (in the advanced settings) with auto-completion for SANs
contained in the certificate.
The field is always shown and allows using an IKE identity different from
the username for EAP authentication (e.g. to configure a more complete
identity to select a specific config on the server).
kernel-pfkey: Pass ESN flag to kernel if ESN is enabled
This patch adds passing the ESN flag to the kernel if ESN was negotiated
and the appropriate flag is present in the kernel headers, which will
be the case in future FreeBSD releases.
Felix Kaiser [Fri, 4 Oct 2019 06:18:30 +0000 (23:18 -0700)]
vici: Use unique names for CHILD_SAs in the child-updown event too
The unique names were introduced for the list-sas command in commit 04c0219e55d9338b6492548c073189bfd3d5431b. However, the child-updown
event wasn't updated to match. Even though the documentation suggests
that the section name of the CHILD_SAs are the same in both messages.
The original name is already being returned in the "name" attribute,
so it'll still be available.
# A child-updown event before the change:
>>> for x in s.listen(["child-updown"]): print(json.dumps(x, sort_keys=True, indent=4, separators=(',', ': ')))
[
"child-updown",
{
"vti0": {
"child-sas": {
"vti0": { # <-- wrong: inconsistent with list-sas
...
# A child-updown event after the change:
>>> s = vici.Session()
>>> for x in s.listen(["child-updown"]): print(json.dumps(x, sort_keys=True, indent=4, separators=(',', ': ')))
[
"child-updown",
{
"vti0": {
"child-sas": {
"vti0-1": { # <-- fixed
openssl: Don't manually seed DRBG with OpenSSL 1.1.1
According to the documentation, it's generally not necessary to manually
seed OpenSSL's DRBG (and it actually can cause the daemon to lock up
during start up on systems with low entropy if OpenSSL is already trying
to seed it itself and holds the lock). While that might already have been
the case with earlier versions, it's not explicitly stated in their
documentation. So we keep the code for these versions.
Tobias Brunner [Wed, 28 Aug 2019 07:53:19 +0000 (09:53 +0200)]
libipsec: Fix compiler warning with GCC 9
The compiler complains that "taking address of packed member ... of
class or structure 'ip6_hdr' may result in an unaligned pointer value".
We don't care if the address is aligned as we explicitly use untoh16()
to convert the read value.
Tobias Brunner [Fri, 23 Aug 2019 07:40:59 +0000 (09:40 +0200)]
Fix issue with $< automatic variable on FreeBSD
BSD make only evaluates $< for implicit rules, so building from the
repository won't work unless GNU make is installed and used, or we
replace affected uses like this.
Tobias Brunner [Fri, 16 Aug 2019 15:04:28 +0000 (17:04 +0200)]
android: Avoid crash related to TileService on Huawei devices
No idea when exactly this happens but on many Huawei devices (and
only on them) it seems that onStartListening is sometimes called after
onDestroy i.e. when the database was already closed. This caused an
InvalidStateException in getProfile via updateTile when retrieving the
current profile. It's possible that it happens during shutdown (there
have been similar reports related to TileService implementations) so
users might not even notice, but it pollutes the Play Console, so this
workaround now makes sure the database is open when updateTile is called.
Martin Willi [Mon, 15 Jul 2019 05:43:06 +0000 (07:43 +0200)]
Run gperf with --output-file instead of output redirection
When missing gperf, the redirection generates an empty file, which must
be manually removed after gperf has been installed. This is difficult
to diagnose, as the produced build error is cryptic.
Use --output-file of gperf instead to avoid creating an empty file if
gperf is missing. This still requires the user to re-run ./configure
after installing gperf, though.
Tobias Brunner [Thu, 22 Aug 2019 14:27:19 +0000 (16:27 +0200)]
asn1: Fix a compiler warning with GCC 9.1
Compiling with GCC 9.1, as e.g. happens on AppVeyor, results in the
following warning:
asn1/asn1.c: In function 'asn1_integer':
asn1/asn1.c:871:24: error: '<Ucb40>' may be used uninitialized in this function [-Werror=maybe-uninitialized]
871 | len = content.len + ((*content.ptr & 0x80) ? 1 : 0);
| ^~~~~~~~~~~~
Some experiments showed that the problem was the chunk_from_chars()
assignment. This might be because the temporary chunk_t that was assigned
to the variable was defined in a sub-block, so it might actually be
undefined later when *content.ptr is read.
It's currently not possible to configure our indentation scheme for
continuation lines (i.e. use 1-3 spaces to align with the upper line).
There is an issue open regarding this, see [1]. So we can't run e.g.
eclint over our codebase to detect issues without getting a lot of
false positives.
The main trigger was that this sets the preferred tab width in GitHub's
code browser.
krinfels [Wed, 26 Jun 2019 13:32:29 +0000 (15:32 +0200)]
libtpmtss: Protect TPM 2.0 context by mutex
Each private key object created to access a key residing in a TPM 2.0
creates a context structure used for communication with the TSS.
When multiple IKE SAs are established at the same time and using the
same private key, it is possible to make concurrent calls to the
TSS with the same context which results in multiple threads writing
to the same place in memory causing undefined behaviour.
Fix this by protecting calls to the TSS with a mutex unique for
each TPM 2.0 context object.
Sheena Mira-ato [Thu, 21 Mar 2019 03:28:08 +0000 (16:28 +1300)]
Add compile option to disable internal handling of fatal signals
By default, charon and its derivatives internally handle the SIGSEGV,
SIGILL, and SIGBUS signals raised by threads (segv_handler). Add a compile
option so that the signal handling can optionally be done externally.
Tobias Brunner [Thu, 16 May 2019 08:19:15 +0000 (10:19 +0200)]
ikev1: Do a rekey check before installing CHILD_SAs as responder
If CHILD_SAs are created while waiting for the third QM message we'd not
notice the redundancy and updown events would be triggered unevenly.
This is consistent with the behavior on the initiator, which already does
this check right before installation. Moving the existing check is not
possible due to the narrow hook and moving the installation changes which
peer installs the SAs first and could have other side-effects (e.g. in
error or conflict cases). Still, this might result in CHILD_SA state
discrepancies between the two peers.
SophieK [Tue, 21 May 2019 01:28:21 +0000 (09:28 +0800)]
Avoid enumerating certificates with non-matching key type
If the key type was specified but the ID was NULL or matched a subject, it
was possible that a certificate was returned that didn't actually match
the requested key type.
Tobias Brunner [Wed, 8 May 2019 12:57:03 +0000 (14:57 +0200)]
Merge branch 'build-certs'
Adds a script to generate the keys and certificates used for regression
tests dynamically. They are built with the pki version installed in the
root image so it's not necessary to have an up-to-date version with all
required plugins installed on the host system.
testing: Add wrapper script to build certificates in root image
This does not modify the root image but uses the strongSwan version
installed there (avoids build dependencies on version installed on the
host to use pki to generate all the keys and certificates).