Tobias Brunner [Tue, 12 Dec 2023 17:08:05 +0000 (18:08 +0100)]
github: Use NDK version in build.gradle to build OpenSSL
Also fix the path to the sdkmanager (the old one was removed in the latest
images and the incorrect path caused a weird sudo error) and install
Java 17 as that's necessary for newer versions of the Gradle plugin.
Tobias Brunner [Tue, 12 Dec 2023 18:41:47 +0000 (19:41 +0100)]
android: Replace PowerMock with mechanism provided by newer Mockito versions
PowerMock isn't maintained anymore and causes issues with newer Java
versions. We only used it to mock static methods, which Mockito now
supports as well. Instead of using the try-with-resources construct,
this uses a @Before and @After method so we don't have to change all the
test methods.
Tobias Brunner [Tue, 12 Dec 2023 16:19:18 +0000 (17:19 +0100)]
android: Update Gradle plugin and build scripts and dependencies
This also references the NDK via ndkVersion and replaces the custom
ndk-build tasks. It also replaces the deprecated compileSdkVersion and
increases it because dependencies of updated dependencies require that.
targetSdkVersion is not yet updated because there might be some work
required for Android 14 compatibility.
Tobias Brunner [Mon, 15 Jan 2024 14:14:46 +0000 (15:14 +0100)]
github: Use newer gperf version on macOS
The gperf version that's already available on the system generates
function declarations with K&R syntax (separate arguments) for which newer
compilers produce a warning as C23 doesn't support that syntax anymore.
Tobias Brunner [Mon, 15 Jan 2024 12:39:32 +0000 (13:39 +0100)]
unit-tests: Use function pointers to test generic return_* helper functions
These functions are declared without arguments, passing arguments to them
causes warnings such as the following with newer compilers:
passing arguments to 'return_null' without a prototype is deprecated in all versions of C and is not supported in C2x [-Werror,-Wdeprecated-non-prototype]
We only use them via function pointers, which doesn't trigger any warnings
and hopefully continues to work.
Tobias Brunner [Wed, 10 Jan 2024 10:17:58 +0000 (11:17 +0100)]
curl: Fix issue with printf checks in newer curl versions
Newer curl versions (as used on macOS via Homebrew) add attributes like
__attribute__ ((format(printf, a, b)))
to their `curl_*printf*` functions, which fails if we redefine `printf`
as e.g. `builtin_printf` (pulled in via library.h). We could disable
these checks via CURL_NO_FMT_CHECKS, but reordering the headers should
do the trick as well.
Tobias Brunner [Wed, 10 Jan 2024 17:04:32 +0000 (18:04 +0100)]
Suppress compiler warnings with specific bison and compiler combinations
Bison generates code that only increases the yynerrs counter, it's never
read. This causes a warning in newer compilers (in particular clang).
Newer versions of bison mark yynerrs with __attribute__((unused)), but
at least on FreeBSD 14 that's not yet available.
Tobias Brunner [Mon, 8 Jan 2024 15:05:20 +0000 (16:05 +0100)]
leak-detective: Add implementation of malloc_usable_size()
systemd seems to use this and if we indirectly use libraries provided
by it, which can e.g. happen via getgrnam_r() and nss-systemd, this may
be called on pointers returned by leak detective's malloc(), which will
not point to the original start of the block and cause a segmentation
fault.
Tobias Brunner [Fri, 24 Nov 2023 16:41:51 +0000 (17:41 +0100)]
Merge branch 'ocsp-fixes'
Fixes a regression with handling OCSP error responses and adds a new
option to specify the length of nonces in OCSP requests. Also adds some
other improvements for OCSP handling and fuzzers for OCSP
requests/responses.
Tobias Brunner [Thu, 23 Nov 2023 17:10:08 +0000 (18:10 +0100)]
x509: Make length of nonces in OCSP requests configurable
Some servers might not support a length of 32 and return a malformed
request error. Lowering the value to the previous default of 16 could
help in that case.
Tobias Brunner [Thu, 23 Nov 2023 15:52:55 +0000 (16:52 +0100)]
x509: Correctly parse responderId as ASN.1 CHOICE in OCSP response
The two OPTs that were used previously allowed to omit it completely (hence
the fallback to ID_ANY), but that's invalid, so it's better to fail
parsing.
Tobias Brunner [Thu, 23 Nov 2023 10:32:15 +0000 (11:32 +0100)]
x509: Correctly handle missing responder ID when parsing OCSP response errors
The has_issuer() and issued_by() methods relied on it to be defined, so
if the OCSP response wasn't successful (i.e. OCSP status indicates an
error and no OCSP response is parsed), a null-pointer dereference was
caused if the caller checked if the OCSP response was issued by a
specific certificate.
That's a side-effect of the referenced commit. Previously, error codes
caused the OCSP response to not get parsed successfully, which technically
wasn't correct as it's well formed and successfully parsed, it's just
indicating an error state.
Fixes: 00ab8d62c089 ("x509: Support generation of OCSP responses")
charon-tkm: Validate DH public key to fix potential buffer overflow
Seems this was forgotten in the referenced commit and actually could lead
to a buffer overflow. Since charon-tkm is untrusted this isn't that
much of an issue but could at least be easily exploited for a DoS attack
as DH public values are set when handling IKE_SA_INIT requests.
Fixes: 0356089d0f94 ("diffie-hellman: Verify public DH values in backends") Fixes: CVE-2023-41913
Instead of the CA certificate's subjectKeyIdentifier erroneously
the CA's authorityKeyIdentifier was used as the authorityKeyIdentfier
of the certificate to be issued. This might work with a root CA
where the authorityKeyIdentifier equals its subjectKeyIdentfier
but introduces a severe regression when an intermediate CA is used.
Tobias Brunner [Mon, 13 Nov 2023 11:51:47 +0000 (12:51 +0100)]
Merge branch 'ocsp-responder-index'
Adds support for multiple OCSP responders in `pki --ocsp` and one that
is based on OpenSSL-style index.txt files. The parser for these files
also accepts simplified files that only specify the status, serial number
and optional revocation date/reason. The OCSP test scenarios are also
updated to use this OCSP responder including one that shows the multi-CA
capabilities of the --ocsp command and the --index option.
Tobias Brunner [Tue, 31 Oct 2023 08:28:33 +0000 (09:28 +0100)]
testing: Use pki --ocsp as OCSP responder
The only exception is the ikev2/ocsp-no-signer-cert scenario as the
pki command won't sign an OCSP response with a certificate that isn't
the CA certificate or marked as an OCSP signer.
Tobias Brunner [Mon, 30 Oct 2023 16:34:51 +0000 (17:34 +0100)]
library: Add manager for OCSP responders
Registered OCSP responders should return VALIDATION_SKIPPED for issuer
certificates they are not responsible for. However, VALIDATION_FAILED is
currently treated the same way, so that's fine as well.
Tobias Brunner [Mon, 13 Nov 2023 11:42:00 +0000 (12:42 +0100)]
Merge branch 'ocsp-responder'
Implements a new --ocsp command for the pki tool that can produce OCSP
responses based on information provided by a plugin. A first plugin
that accesses the OpenXPKI database is also added.
The openxpki plugin directly access the certificates table in
the OpenXPKI's MariaDB in order to retrieve the status of an
issued X.509 certificate based on its serial number.
Tobias Brunner [Tue, 7 Nov 2023 16:39:51 +0000 (17:39 +0100)]
kernel-netlink: Don't add replay state twice when updating SAs
The kernel includes the XFRMA_REPLAY_ESN_VAL attribute when dumping
SAs since it was added with 2.6.39. So we basically added this attribute
twice to the message sent to the kernel, potentially exceeding the
message buffer if the window size is large.
The XFRMA_REPLAY_VAL attribute is only dumped since 3.19, so that might
still be relevant (Google seems to maintain a 3.18 kernel) and since we
have to query the current lifetime stats anyway, we can just avoid adding
this attribute twice.
Tobias Brunner [Mon, 13 Nov 2023 11:34:32 +0000 (12:34 +0100)]
Merge branch 'uri-san'
Adds support to encode SANs of type uniformResourceIdentifier in
certificates. They currently don't have any use in strongSwan, but
might be required for other applications.
Tobias Brunner [Mon, 6 Nov 2023 17:39:11 +0000 (18:39 +0100)]
x509: Use issuer certificate's subjectKeyIdentifier if available
Instead of just generating an authorityKeyIdentifier based on the
issuer's public key, this allows CA certificates to be issued by a
different tool that doesn't use a SHA-1 hash of the subjectPublicKey
for the subjectKeyIdentifier.
Tobias Brunner [Mon, 13 Nov 2023 11:23:43 +0000 (12:23 +0100)]
Merge branch 'x509-ipaddress-constraints'
Adds support for nameConstraints of type iPAddress, which represent a
subnet, to the x509, openssl and constraints plugins. SANs of type
iPAddress are matched against such constraints.
Tobias Brunner [Mon, 13 Nov 2023 11:02:25 +0000 (12:02 +0100)]
Merge branch 'reqid-refcount'
This fixes issues with CHILD_SAs getting reestablished concurrently.
We intend to reuse the reqid of the previous CHILD_SA, however, previously
the reqids were released and up for reassignment to any other CHILD_SA
or trap policy. This could cause the reqid to get associated with
completely different traffic selectors, as the reestablished CHILD_SA
would eventually get the requested reqid because the traffic selectors
explicitly don't have to match (to allow narrowing for CHILD_SAs based
on trap policies).
Tobias Brunner [Mon, 2 Oct 2023 14:21:28 +0000 (16:21 +0200)]
ike-sa: Correctly maintain allocated reqid when recreating CHILD_SA
Maintaining the reqid when recreating a CHILD_SA from scratch night not
strictly be necessary as we usually don't have to replace any temporary
states in the kernel. However, there could be concurrent acquires that
might actually make it necessary (we use the reqid to keep track of
acquires and it's also part of the duplicate check).
Tobias Brunner [Mon, 2 Oct 2023 14:02:08 +0000 (16:02 +0200)]
child-rekey: Only set reqid on new CHILD_SA if it was allocated dynamically
Keeping a reference ensures that if the old SA expires before the new
one is installed, the previous reqid isn't reallocated to a concurrently
established CHILD_SA with different selectors.
Tobias Brunner [Mon, 2 Oct 2023 13:47:02 +0000 (15:47 +0200)]
child-sa: Keep a reference to the previous reqid
The reference is kept until the reqid is either confirmed (i.e.
re-allocated) or replaced by a different reqid, which happens only once
we know the final traffic selectors, or the SA is destroyed without
installing it.
Tobias Brunner [Mon, 2 Oct 2023 11:59:23 +0000 (13:59 +0200)]
kernel-interface: Use reqid as sole key in hash table
Every reqid is allocated once, we don't store the same reqid with e.g.
different marks or interface IDs that would make it necessary to make
them part of the key in that table (that's different in the other table).
To preserve the current behavior, that is, allocating a new reqid if e.g.
the marks are different, the additional selector values (which will
result in an additional policy in the Linux kernel) are compared after
the initial lookup.
Tobias Brunner [Wed, 31 May 2023 12:39:05 +0000 (14:39 +0200)]
credential-manager: Add option to reject trusted end-entity certificates
This allows preventing peers from authenticating with certificates
that are locally trusted, in particular, our own local certificate (which
safeguards against accidental reuse of certificates on multiple peers).
On the other hand, if this option is enabled, end-entity certificates
for peers can't be configured anymore explicitly (e.g. via remote.certs
in swanctl.conf).
Tobias Brunner [Thu, 5 Oct 2023 08:27:18 +0000 (10:27 +0200)]
tls-server: Also change DH group when selecting a different EC curve
If we initially selected a group the peer doesn't support (e.g. because
curve25519 is the first ECDH group provided by plugins), then found
a supported curve, we previously still instantiated a DH object for the
original group and might have formatted the parameters incorrectly.
projects / thirdparty / strongswan.git / log
