chunk: Optionally clear mmap'd chunk before unmapping
This is mostly for the non-mmap case as with mmap available, access to the
unmapped memory isn't easily possible (e.g. opening the same area with
MAP_ANONYMOUS | MAP_UNINITIALIZED is usually prevented by the missing
CONFIG_MMAP_ALLOW_UNINITIALIZED option in most kernels).
testing: Allow DNS via TCP in net2net-dnscert scenario
New versions of Bind limit the maximum UDP message size to 1232 bytes,
which is the same that newer versions of libunbound propose as maximum via
EDNS in requests, so increasing the limit on the server wouldn't help.
Instead we allow DNS via TCP so the client can switch after receiving the
truncated UDP response.
openssl: Remove workaround for Brainpool ECDH curves for older OpenSSL versions
Using the workaround with the EVP interface, which we use to derive shared
keys since 74e02ff5e624 ("openssl: Mainly use EVP interface for ECDH"),
would actually require us to register the OIDs of these curves as NID.
Otherwise, the two EC_GROUPs used by private and public key objects
are not considered the same and the key derivation fails.
Since the curves are supported by OpenSSL since 1.0.2 it's probably rare to
find a version without them nowadays. One exception is the old BoringSSL
version we still use on Android, which defines the NIDs but not the curve
data. However, that version also lacks support to register OIDs as NIDs,
so the only option to support these groups there would be to got back to not
using the EVP interface, which isn't in anyone's interest. If there really
is a need for them there, we could probably patch BoringSSL or use OpenSSL.
The "openssl" alias now defaults to OpenSSL 3.0, which produces a lot of
deprecation warnings. To avoid build failures due to `-Werror`, stay with
OpenSSL 1.1 until we can get rid of these issues.
testing: Fix updown script in route-based/net2net-xfrmi-ike scenario
With the update to Python 3 the encoding of the values in vici messages
changed to bytestrings (the keys are properly decoded). And getting the
first CHILD_SA also needs a change.
The logger is now also initialized after daemonizing to avoid that opened
sockets are closed etc.
ike: Initiate new IKE_SA not until all children are queued
If there are many CHILD_SAs, the time between initiating the new IKE_SA
and checking it in might be longer (depending on what else is going on
in the daemon) than the retransmission timeout and no retransmits might
be sent afterwards for this SA (it will just linger around dead).
Calling initiate() last should avoid that (we do this similarly for MBB
reauthentication).
Tobias Brunner [Tue, 29 Jun 2021 13:25:48 +0000 (15:25 +0200)]
ike: Don't rekey IKE_SA while reauthenticating
If we are using make-before-break reauthentication, this could lead to
duplicates as the new IKE_SA wouldn't be able to delete the previous
one if it was replaced by a rekeying.
Tobias Brunner [Wed, 16 Jun 2021 11:54:18 +0000 (13:54 +0200)]
ike-delete: Don't call reestablish() when reauthenticating
If we initiated a make-before-break reauthentication and the peer
concurrently deletes the IKE_SA (e.g. because it uses break-before-make
reauthentication), we would create a duplicate IKE_SA (the condition forces
a recreation of all existing CHILD_SAs because reestablish() is also called
to complete a break-before-make reauthentication).
Tobias Brunner [Fri, 20 Aug 2021 09:42:39 +0000 (11:42 +0200)]
github: Remove github.ref from cache keys
According to the documentation for actions/cache, the lookup is already
scoped to the current branch (with fallback to any base branch including
the default branch).
Tobias Brunner [Fri, 20 Aug 2021 14:34:48 +0000 (16:34 +0200)]
libtpmtss: Initialize library from all users
Previously, only the tpm plugin initialized the library, so in order
to use a TPM 2.0 (a required TCTI library is loaded via init), it was
necessary to load it even if none of its actual features were used.
Tobias Brunner [Mon, 16 Aug 2021 08:50:01 +0000 (10:50 +0200)]
openssl: Use a longer key to test/initialize HMAC instances
OpenSSL enforces a minimum of 14 bytes (112 bits) on the key size when
used in FIPS-mode (as required by SP 800-131A). So by using an empty
string, instantiation always failed. 32 bytes (256 bits) should be safe
for now.
Adds a button to install user certificates and updates the target SDK
version for Android 11 (and the related deprecation fixes), which will
be mandatory later this year.
The release also includes an older commit that changed how DNS servers
are applied to TUN devices (cd10ae2ff050 ("android: Explicitly apply DNS
servers to the TUN device")).
This is required when targeting Android 11 (API 30) in order to see all
packages, which we use to allow selecting apps ex-/included from VPN
profiles and for the EAP-TNC use case.
As suggested by the Android docs, we use a global thread pool and handler
to avoid recreating them repeatedly. Four threads should be more than
enough as we only use this to load CA certificates when the app starts
initially and to load user certs when editing a profile.
Tobias Brunner [Mon, 28 Jun 2021 12:26:52 +0000 (14:26 +0200)]
android: Set compile-/targetSdkVersion to 30
This will be mandatory for new apps in August and for existing apps
in November. However, several classes like AsyncTask are now deprecated
so this needs some work to avoid warnings and problems in the future.
Tobias Brunner [Wed, 30 Jun 2021 13:16:47 +0000 (15:16 +0200)]
testing: Use specific versions of swidGenerator and strongTNC
This way we get updated versions automatically (referencing "master"
required manually deleting the downloaded archives and the unpacked
directories). It also allows switching versions when working in different
branches (note that REV can also be set to a commit ID, e.g. to test
changes before tagging them later and merging the branch).
Tobias Brunner [Tue, 22 Jun 2021 14:49:40 +0000 (16:49 +0200)]
testing: Build wolfSSL from the Git repository
Use the same configure options etc. for both builds (no need for the cert
options as we don't use TLS or X.509 parsing) and switch to a Git commit
that includes the SHA-3 OID fix (it's actually the fix itself).
Tobias Brunner [Thu, 17 Jun 2021 15:03:39 +0000 (17:03 +0200)]
testing: Migrate ikev2/host2host-transport-nat scenario to vici
This also restores the test as it was before the referenced commit so it
again, as written in the description, demonstrates that venus is unable
to ping sun without IPsec tunnel.
Fixes: f27fb58ae0ec ("testing: Update description and test evaluation of host2host-transport-nat")
Tobias Brunner [Thu, 10 Jun 2021 14:41:01 +0000 (16:41 +0200)]
testing: Migrate MOBIKE tests to vici
Note that the mobike-nat test has been removed as it basically did the same
as the mobike-virtual-ip-nat test. Instead, the mobike-nat-mapping scenario
is added, which simulates a NAT router restart.
Tobias Brunner [Fri, 7 May 2021 13:32:49 +0000 (15:32 +0200)]
vici: Signal waiting threads when skipping disconnected connections
If two threads are waiting in find_entry() and remove_entry(),
respectively, and the former is woken first, the latter remains stuck
as it won't get signaled.
Tobias Brunner [Fri, 7 May 2021 08:53:57 +0000 (10:53 +0200)]
vici: Signal waiting threads when removing a connection entry
If there are threads waiting in find_entry() and one in remove_entry()
and the latter is woken first by a thread calling put_entry(), the
former threads would remain stuck as they get never signaled.
Tobias Brunner [Thu, 10 Jun 2021 09:34:37 +0000 (11:34 +0200)]
kernel-netlink: Don't wait for VIPs to disappear during de-initialization
This can happen if an IKE_SA is terminated forcefully shortly before
terminating the daemon. The thread that handles the terminate command
will call checkin_and_destroy(), which unregisters the IKE_SA from the
manager before destroying it. The main thread that calls flush() on the
IKE_SA manager won't wait for this SA (its entry is already gone), so
the processor and in turn the watcher job/thread might get canceled
before the first thread started deleting the VIP. It would then wait
indefinitely for a signal that can never be sent.
There is still a small chance the thread hangs in wait() if the state check
happens right before the watcher is canceled and it wasn't yet able to
deliver the event from the kernel, we counter that by rechecking the state
after a while.
Tobias Brunner [Thu, 20 May 2021 14:52:49 +0000 (16:52 +0200)]
pkcs11: Change how unavailable attributes like CKA_TRUSTED are handled
If a PKCS#11 library/token doesn't provide one or more attributes via
C_GetAttributeValue(), we get back CKR_ATTRIBUTE_TYPE_INVALID (similar
for protected attributes where CKR_ATTRIBUTE_SENSITIVE is returned).
This is not an error as the spec demands that all attributes have been
processed with the unavailable attributes having set their length
field to CK_UNAVAILABLE_INFORMATION.
We use this to handle the CKA_TRUSTED attribute, which some tokens
apparently don't support. We previously used a version check to remove
the attribute from the call but even the latest spec doesn't make the
attribute mandatory (it's just in a list of "common" attributes for
CKO_CERTIFICATE objects, without a default value), so there are current
tokens that don't support it and prevent us from enumerating certificates.
Tobias Brunner [Tue, 8 Jun 2021 13:33:36 +0000 (15:33 +0200)]
receiver: Avoid division by 0 after system start if CLOCK_MONOTONIC is used
Depending on how CLOCK_MONOTONIC is implemented, time_monotonic() might
return 0 within 1 second after the system is started. If that's the
case, we just default to 0 for now to avoid a crash (doesn't "hide" the
system time, but it's only the uptime anyway in this case).
projects / thirdparty / strongswan.git / log
