Tobias Brunner [Fri, 26 May 2017 11:57:57 +0000 (13:57 +0200)]
Merge branch 'variadic-enumerators'
This adds several changes to enumerator_t and linked_list_t to improve
portability. In particular to Apple's ARM64 iOS platform, whose calling
convention for variadic and regular functions are different. This means
that assigning a non-variadic function to a variadic function pointer,
as we did with our enumerator_t::enumerate() implementations and several
callbacks, will result in crashes as the called function will access the
arguments differently than the caller provided them.
To avoid this issue the enumerator_t interface is now fully variadic.
A new mandatory method is added, venumerate(), that takes a va_list with
the arguments provided while enumerating. enumerate() is replaced with
a generic implementation that prepares a va_list and calls the
enumerator's venumerate() implementation. As this allows passing the
arguments of one enumerator to another it avoids the five pointer hack
used by enumerator_create_nested() and enumerator_create_cleaner().
To simplify the implementation of venumerate() a helper macro is provided
that assigns values from a given va_list to local variables.
The signature of the callback passed to enumerator_create_filter() has
also changed significantly. It's now required to enumerate over the
original enumerator in the callback as this avoids the previous in/out
pointer hack. The arguments to the outer enumerator are provided in a
va_list.
Similar changes to avoid such five pointer hacks affect the signatures
of the callbacks for linked_list_t's invoke_function() and find_first()
methods. For the latter the return type also changed from status_t to
bool, which is important as SUCCESS is defined as 0, so checks for ==
SUCCESS will now fail.
Tobias Brunner [Tue, 9 May 2017 14:59:37 +0000 (16:59 +0200)]
enumerator: Add venumerate() method to enumerator_t that takes a va_list
This will allow us to implement e.g. enumerator_cleaner without having to
use that unportable 5 pointer forwarding or having to define a callback for
each instance.
A generic implementation for enumerate() is provided so only venumerate()
has to be implemented, which may be simplified by using the VA_ARGS_VGET()
macro.
Tobias Brunner [Fri, 26 May 2017 11:49:51 +0000 (13:49 +0200)]
testing: Fix ikev2/two-certs scenario
Since 6a8a44be88b0 the certificate received by the client is verified
first, before checking the cached certificates for any with matching
identities. So we usually don't have to attempt to verify the signature
with wrong certificates first and can avoid this message.
Tobias Brunner [Fri, 26 May 2017 09:23:12 +0000 (11:23 +0200)]
Merge branch 'sha-256-96'
Adds an option to locally configure 96-bit truncation for HMAC-SHA256
when negotiated using the official algorithm identifier. This is for
compatibility with peers that incorrectly use this shorter truncation
(like Linux does by default).
Tobias Brunner [Wed, 10 May 2017 17:15:53 +0000 (19:15 +0200)]
child-cfg: Optionally use 96-bit truncation for HMAC-SHA-256
The correct truncation is 128-bit but some implementations insist on
using 96-bit truncation. With strongSwan this can be negotiated using
an algorithm identifier from a private range. But this doesn't work
with third-party implementations. This adds an option to use 96-bit
truncation even if the official identifier is used.
Tobias Brunner [Tue, 23 May 2017 16:49:13 +0000 (18:49 +0200)]
Merge branch 'avoid-rekey-loss'
This changes the behavior during IKEv2 CHILD_SA rekeyings to avoid
traffic loss. When responding to a CREATE_CHILD_SA request to rekey a
CHILD_SA the responder already has everything available to install and
use the new CHILD_SA. However, this could lead to lost traffic as the
initiator won't be able to process inbound packets until it processed the
CREATE_CHILD_SA response and updated the inbound SA. To avoid this the
responder now only installs the new inbound SA and delays installing the
outbound SA until it receives the DELETE for the replaced CHILD_SA. The
messages transporting these DELETEs could reach the peer before packets
sent with the deleted outbound SAs reach the respective peer. To reduce
the chance of traffic loss due to this the inbound SA of the replaced
CHILD_SA is not removed for a configurable amount of seconds after
the DELETE has been processed.
Tobias Brunner [Tue, 21 Mar 2017 15:03:54 +0000 (16:03 +0100)]
child-delete: Delay the removal of the inbound SA of rekeyed CHILD_SAs
After deleting a rekeyed CHILD_SA we uninstall the outbound SA but don't
destroy the CHILD_SA (and the inbound SA) immediately. We delay it
a few seconds or until the SA expires to allow delayed packets to get
processed. The CHILD_SA remains in state CHILD_DELETING until it finally
gets destroyed.
Tobias Brunner [Wed, 1 Mar 2017 17:02:38 +0000 (18:02 +0100)]
ikev2: Delay installation of outbound SAs during rekeying on the responder
The responder has all the information needed to install both SAs before
the initiator does. So if the responder immediately installs the outbound
SA it might send packets using the new SA which the initiator is not yet
able to process. This can be avoided by delaying the installation of the
outbound SA until the replaced SA is deleted.
Tobias Brunner [Tue, 28 Feb 2017 14:03:12 +0000 (15:03 +0100)]
child-sa: Add methods that allow partial installation of CHILD_SA
Using install() for the inbound SA and register_outbound() for the
outbound SA followed by install_policies(), will delay the installation of
the outbound SA as well as the installation of the outbound policies
in the kernel until install_outbound() is called later.
Tobias Brunner [Tue, 23 May 2017 16:33:00 +0000 (18:33 +0200)]
Merge branch 'fuzzing'
Adds support for fuzzing the certificate parser provided by the default
plugins (x509, pem, gmp etc.) on Google's OSS-Fuzz infrastructure (or
generally with libFuzzer). Fixes several issues that were found while
fuzzing these plugins.
When building the libraries monolithically and statically the
plugin constructors are now hard-coded in each library so the plugin
code is not removed by the linker because it thinks none of their symbols
are ever referenced.
Tobias Brunner [Thu, 4 May 2017 14:16:33 +0000 (16:16 +0200)]
chunk: Correctly parse Base64 text where four = follow in a row
That's not correct Base64 but invalid data could trigger this. Since
outlen would get reduced four times, but is only ever increased three
times per iteration, this could result in an integer underflow and then
a potential buffer overflow.
Tobias Brunner [Wed, 3 May 2017 15:35:45 +0000 (17:35 +0200)]
processor: Move priority threads assignment to set_threads()
This avoids the evaluation of %N even if the thread pool is never used.
We need to avoid as many custom printf specifiers as possible when
fuzzing our code to avoid excessive log messages.
Add plugin constructor registration for all libraries that provide plugins
Unfortunately, we can't just add the generated C file to the sources in
Makefile.am as the linker would remove that object file when it notices
that no symbol in it is ever referenced. So we include it in the file
that contains the library initialization, which will definitely be
referenced by the executable.
This allows building an almost stand-alone static version of e.g. charon
when building with `--enable-monolithic --enable-static --disable-shared`
(without `--disable-shared` libtool will only build a version that links
the libraries dynamically). External libraries (e.g. gmp or openssl) are
not linked statically this way, though.
plugin-loader: Add facility to register plugin constructors
Enabled when building monolithically and statically.
This should allow us to work around the -whole-archive issue with
libtool. If the libraries register the plugin constructors they provide
they reference the constructors and will therefore prevent the linker from
removing these seemingly unused symbols from the final executable.
For use cases where dlsym() can be used, e.g. because the static libraries
are manually linked with -whole-archive (Linux) or -force-load (Apple),
this can be disabled by passing ss_cv_static_plugin_constructors=no to
the configure script.
Tobias Brunner [Mon, 13 Mar 2017 11:15:25 +0000 (12:15 +0100)]
kernel-netlink: Use total retransmit timeout as acquire timeout
By using the total retransmit timeout, modifications of timeout settings
automatically reflect on the value of xfrm_acq_expires. If set, the
value of xfrm_acq_expires configured by the user takes precedence over
the calculated value.
Thomas Egerer [Thu, 9 Mar 2017 17:26:35 +0000 (18:26 +0100)]
kernel-netlink: Try to add new inbound SA if update fails
When establishing a traffic-triggered CHILD_SA involves the setup of an
IKE_SA more than one exchange is required. As a result the temporary
acquire state may have expired -- even if the acquire expiration
(xfrm_acq_expires) time is set properly (165 by default). The expire
message sent by the kernel is not processed in charon since no trap can
be found by the trap manager.
A possible solution could be to track allocated SPIs. But since this is
a corner case and the tracking introduces quite a bit of overhead, it
seems much more sensible to add a new state if the update of a state
fails with NOT_FOUND.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
Tobias Brunner [Tue, 7 Feb 2017 08:57:09 +0000 (09:57 +0100)]
kernel-pfkey: Update SA addresses if supported by the kernel
Upcoming FreeBSD kernels will support updating the addresses of existing
SAs with new SADB_X_EXT_NEW_ADDRESS_SRC|DST extensions for the SADB_UPDATE
message.
kernel-netlink: Directly handle Netlink messages if thread pool is empty
During initialization of the plugins the thread pool is not yet
initialized so there is no watcher thread that could handle the queued
Netlink message and the main thread will wait indefinitely for a
response.
Martin Willi [Fri, 16 Sep 2016 12:50:07 +0000 (14:50 +0200)]
socket-default: Add an option to force the sending interface via IP_PKTINFO
On Linux, setting the source address is insufficient to force a packet to be
sent over a certain path. The kernel uses the best route to select the outgoing
interface, even if we set a source address of a lower priority interface. This
is not only true for interfaces attaching to the same subnet, but also for
unrelated interfaces; the kernel (at least on 4.7) sends out the packet on
whatever interface it sees fit, even if that network does not expect packets
from the source address we force to.
When a better interface becomes available, strongSwan sends its MOBIKE address
list update using the old source address. But the kernel sends that packet over
the new best interface. If that network drops packets having the unexpected
source address from the old path, the MOBIKE update fails and the SA finally
times out.
To enforce a specific interface for our packet, we explicitly set the interface
index from the interface where the source address is installed. According to
ip(7), this overrules the specified source address to the primary interface
address. As this could have side effects to installations using multiple
addresses on a single interface, we disable the option by default for now.
This also allows using IPv6 link-local addresses, which won't work if
the outbound interface is not set explicitly.
Tobias Brunner [Fri, 12 May 2017 07:15:24 +0000 (09:15 +0200)]
swanctl: Use returned key ID to track loaded private keys
There was a direct call to load_key() for unencrypted keys that didn't
remove the key ID from the hashtable, which caused keys to get unloaded
when --load-creds was called multiple times.
Thomas Egerer [Thu, 23 Mar 2017 08:43:06 +0000 (09:43 +0100)]
ike-sa-manager: Improve scalability of IKE_SA count checking
Much like in commit a68454b, we now use a global atomic counter to keep
track of the number of IKE_SAs currently registered. This should improve
scalability for a large number of segments even more.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
Tobias Brunner [Wed, 3 May 2017 08:01:12 +0000 (10:01 +0200)]
tun-device: Use next free TUN device on FreeBSD
While this API is documented as legacy (and there is a sysctl option to
disable it) the documentation also mentions that it will probably stay
enabled by default due to compatibility issues with existing applications.
With the previous approach only 255 devices could be opened then the
daemon had to be restarted.
Baruch Siach [Thu, 11 May 2017 11:04:47 +0000 (14:04 +0300)]
af-alg: Fix crypt() definition conflict
Rename the crypt() method to avoid conflict with POSIX crypt(). Fixes the
following build failure with musl libc:
In file included from ../../../../src/libstrongswan/utils/utils.h:53:0,
from ../../../../src/libstrongswan/library.h:101,
from af_alg_ops.h:24,
from af_alg_ops.c:16:
af_alg_ops.c:110:22: error: conflicting types for 'crypt'
METHOD(af_alg_ops_t, crypt, bool,
^
../../../../src/libstrongswan/utils/utils/object.h:99:13: note: in definition of macro 'METHOD'
static ret name(union {iface *_public; this;} \
^
In file included from af_alg_ops.c:18:0:
.../host/usr/x86_64-buildroot-linux-musl/sysroot/usr/include/unistd.h:144:7: note: previous declaration of 'crypt' was here
char *crypt(const char *, const char *);
^
projects / thirdparty / strongswan.git / log
