krinfels [Wed, 26 Jun 2019 13:32:29 +0000 (15:32 +0200)]
libtpmtss: Protect TPM 2.0 context by mutex
Each private key object created to access a key residing in a TPM 2.0
creates a context structure used for communication with the TSS.
When multiple IKE SAs are established at the same time and using the
same private key, it is possible to make concurrent calls to the
TSS with the same context which results in multiple threads writing
to the same place in memory causing undefined behaviour.
Fix this by protecting calls to the TSS with a mutex unique for
each TPM 2.0 context object.
Sheena Mira-ato [Thu, 21 Mar 2019 03:28:08 +0000 (16:28 +1300)]
Add compile option to disable internal handling of fatal signals
By default, charon and its derivatives internally handle the SIGSEGV,
SIGILL, and SIGBUS signals raised by threads (segv_handler). Add a compile
option so that the signal handling can optionally be done externally.
Tobias Brunner [Thu, 16 May 2019 08:19:15 +0000 (10:19 +0200)]
ikev1: Do a rekey check before installing CHILD_SAs as responder
If CHILD_SAs are created while waiting for the third QM message we'd not
notice the redundancy and updown events would be triggered unevenly.
This is consistent with the behavior on the initiator, which already does
this check right before installation. Moving the existing check is not
possible due to the narrow hook and moving the installation changes which
peer installs the SAs first and could have other side-effects (e.g. in
error or conflict cases). Still, this might result in CHILD_SA state
discrepancies between the two peers.
SophieK [Tue, 21 May 2019 01:28:21 +0000 (09:28 +0800)]
Avoid enumerating certificates with non-matching key type
If the key type was specified but the ID was NULL or matched a subject, it
was possible that a certificate was returned that didn't actually match
the requested key type.
Tobias Brunner [Wed, 8 May 2019 12:57:03 +0000 (14:57 +0200)]
Merge branch 'build-certs'
Adds a script to generate the keys and certificates used for regression
tests dynamically. They are built with the pki version installed in the
root image so it's not necessary to have an up-to-date version with all
required plugins installed on the host system.
testing: Add wrapper script to build certificates in root image
This does not modify the root image but uses the strongSwan version
installed there (avoids build dependencies on version installed on the
host to use pki to generate all the keys and certificates).
Tobias Brunner [Tue, 7 May 2019 09:03:23 +0000 (11:03 +0200)]
starter: Remove IPsec stack detection
Checking specifically for /proc/net/pfkey is not ideal as af_key will
eventually be removed in Linux kernels. Support for KLIPS is long gone.
The detection also wasn't used for anything anymore (failures were just
ignored since the ports to BSD-based systems). And modprobing doesn't seem
to be necessary either (charon-systemd doesn't do that, for instance).
nonce: Allow overriding the RNG quality used to generate nonces
Usually, changing this won't be necessary (actually, some plugins
specifically use different DRGBs for RNG_WEAK in order to separate
the public nonces from random data used for e.g. DH).
But for experts with special plugin configurations this might be
more flexible and avoids code changes.
vici: Refactor how commands are called in the Ruby bindings
Also expose a method to call arbitrary commands, which allows calling not
yet wrapped commands. Exceptions are raised for all commands if the response
includes a negative "success" key (similar to how it's done in the Python
bindings).
Tobias Brunner [Fri, 29 Mar 2019 09:24:07 +0000 (10:24 +0100)]
testing: Use renamed systemd unit
While the alias is available after enabling the unit, we don't
actually do that in our testing environment (adding a symlink manually
would work too, then again, why not just use the proper name?).
Tobias Brunner [Fri, 29 Mar 2019 09:00:42 +0000 (10:00 +0100)]
init: Rename systemd units
Use strongswan-starter for the legacy unit and simply strongswan for the
modern one (strongswan-swanctl is configured as alias, which should
cause the installation of symlinks when the service is enabled via
systemctl).
Check for wolfssl/options.h because if it isn't included, checking other
headers will trigger a warning about hardening the wolfSSL build, which
will cause the check to fail with -Werror.
If the file doesn't exist because user_settings.h is used, the check may
be skipped by configuring with `ac_cv_header_wolfssl_options_h=yes`.
wolfssl: Fixes, code style changes and some refactorings
The main fixes are
* the generation of fingerprints for RSA, ECDSA, and EdDSA
* the encoding of ECDSA private keys
* calculating p and q for RSA private keys
* deriving the public key for raw Ed25519 private keys
Also, instead of numeric literals for buffer lengths ASN.1 related
constants are used.
Instead of assuming passwords are simply ASCII-encoded we now assume they are
provided UTF-8-encoded, which is quite likely nowadays. The UTF-8 byte
sequences are not validated, however, only valid code points are encoded
as UTF-16LE.
child-create: Make sure the mode selected by the responder is acceptable
Previously, the initiator would install the SA in transport mode if the
peer sent back the USE_TRANSPORT_MODE notify, even if that was not
requested originally.
message: Enforce encryption except for INFORMATIONALs
The only messages that are generally sent encrypted but could be sent
unencrypted are INFORMATIONALs (currently only used for IKEv1 and ME
connectivity checks). This should prevent issues if the keymat_t behaves
incorrectly and does not return an aead_t when it actually should.
ike-sa-manager: Extract IKE SPI labeling feature from charon-tkm
Might be useful for users of other daemons too. Note that compared to the
previous implementation in charon-tkm, the mask/label are applied in
network order.
projects / thirdparty / strongswan.git / log
