Tobias Brunner
472efd3809
leak-detective: Add an option to ignore frees of unknown memory blocks
...
This also changes how unknown/corrupted memory is handled in the free()
and realloc() hooks in general.
Incorporates changes provided by Thomas Egerer who ran into a similar
issue.
2018-09-12 16:25:00 +02:00
Tobias Brunner
9ee23d5efa
travis: Add Botan build
...
We build Botan directly from the master branch until 2.8.0 is released.
2018-09-12 16:25:00 +02:00
Tobias Brunner
c064a5288e
leak-detective: Whitelist some Botan functions
...
Due to the mangled C++ function names it's tricky to be more specific. The
"leaked" allocations are from a static hashtable containing EC groups.
There is another leak caused by the locking allocator singleton
(triggered by the first function that uses it, usually initialization of
a cipher, but could be a hasher in other test runners), but we can avoid
that with a Botan config option.
2018-09-12 16:25:00 +02:00
Tobias Brunner
304d4ca57a
botan: Adhere to configured DH exponent length
2018-09-12 16:25:00 +02:00
Tobias Brunner
bd267c863f
botan: Encode private keys as PKCS#8
...
Since we can now parse that encoding directly we can simplify the private
key export and stick to PKCS#8.
2018-09-12 16:25:00 +02:00
Tobias Brunner
607f10dca4
botan: Load public/private keys generically
...
Simplifies public key loading and this way unencrypted PKCS#8-encoded
keys can be loaded directly without pkcs8 plugin (code for encrypted
keys could probably later be added, if necessary).
It also simplifies the implementation of private_key_t::get_public_key()
a lot.
2018-09-12 16:25:00 +02:00
Tobias Brunner
72491b7843
botan: Encode curve OID and public key in EC private key
...
Without OID we can't generate an algorithmIdentifier when loading the
key again. And older versions of OpenSSL insist on a public key when
e.g. converting a key to PKCS#8.
Simply unwrapping the ECPrivateKey structure avoids log messages when
parsing other keys in the KEY_ANY case.
2018-09-12 16:25:00 +02:00
Tobias Brunner
ba7e74291e
pkcs1: Accept EC private keys without public key but make sure of an OID
2018-09-12 16:25:00 +02:00
Tobias Brunner
de2a24310c
botan: Fixes, code style changes plus some refactorings
...
Some changes rely on newly added FFI functions in Botan's master
branch.
2018-09-12 16:25:00 +02:00
René Korthaus
13f113f7a9
botan: Add MD5 support to Botan hasher
...
Support MD5 in the Botan plugin if supported by Botan.
MD5 is required for RADIUS and obviously EAP-MD5,
and also for non-PKCS#8 encoded, encrypted private keys.
2018-09-12 16:25:00 +02:00
René Korthaus
04ecaff6a9
unit-tests: Remove 768 bits RSA gen test
...
Botan only allows RSA generating keys >= 1,024 bits, which makes
the RSA test suite fail. It is questionable whether it makes
sense to test 768 bit RSA keys anymore. They are too weak
from today's perspective anyway.
2018-09-12 16:25:00 +02:00
René Korthaus
af26cc4d85
botan: Add Botan plugin to libstrongswan
2018-09-12 16:25:00 +02:00
Tobias Brunner
66c4735f99
dumm: Remove the Dynamic UML Mesh Modeler framework
...
This has been pretty much defunct for several years (requires a
specially patched UML-enabled guest kernel).
2018-09-12 15:53:55 +02:00
Tobias Brunner
948c42ab2e
android: Properly set log file path
2018-09-12 11:44:57 +02:00
Tobias Brunner
bd61236b4a
conf: Document new filelog configuration
2018-09-12 11:42:38 +02:00
Tobias Brunner
f6b4ba2a65
library: Return FALSE from library_init() if loaded settings are invalid
...
This way daemons won't start with config files that contain errors.
2018-09-11 18:30:18 +02:00
Tobias Brunner
71dca60c31
settings: Don't allow dots in section/key names anymore
...
This requires config changes if filelog is used with a path that
contains dots. This path must now be defined in the `path` setting of an
arbitrarily named subsection of `filelog`. Without that change the
whole strongswan.conf file will fail to load, which some users might
not notice immediately.
2018-09-11 18:30:18 +02:00
Tobias Brunner
85afe81e1f
ike-auth: Remove unnecessary case statement
2018-09-11 18:18:50 +02:00
Tobias Brunner
a0c302f878
vici: Remove unreachable code
...
If list is TRUE any type but VICI_LIST_END and VICI_LIST_ITEM (i.e.
including VICI_END) is already handled in the first block in this
function.
2018-09-11 18:18:50 +02:00
Tobias Brunner
954e75effa
vici: Lease enumerator is always defined
...
mem_pool_t always returns an enumerator.
2018-09-11 18:18:50 +02:00
Tobias Brunner
55fb268b51
stroke: Lease enumerator is always defined
...
This function is only called for existing pools (under the protection of
a read lock).
2018-09-11 18:18:50 +02:00
Tobias Brunner
648709b392
smp: Remove unreachable initializer
...
Execution in this block will start with any of the case statements,
never with the initialization.
2018-09-11 18:18:49 +02:00
Tobias Brunner
23d756e4f0
eap-sim-pcsc: Fix leak in error case
2018-09-11 18:18:49 +02:00
Tobias Brunner
e2d8833f2b
travis: Add sonarcloud build
2018-09-11 18:18:43 +02:00
Tobias Brunner
f5481496d6
travis: Automatically retry install steps
...
There occasionally are network issues when fetching from Ubuntu/PPA
repos. Let's see if this is a possible fix.
2018-09-11 18:17:28 +02:00
Tobias Brunner
80e8845d36
swanctl: Allow passing a custom config file for each --load* command
...
Mainly for debugging, but could also be used to e.g. use a separate file
for connections and secrets.
2018-09-11 18:14:45 +02:00
Tobias Brunner
7257ba3b44
Merge branch 'ikev2-ppk'
...
Adds support for Postquantum Preshared Keys for IKEv2.
Fixes #2710 .
2018-09-10 18:05:12 +02:00
Tobias Brunner
d1c5e6816d
testing: Add some PPK scenarios
2018-09-10 18:04:23 +02:00
Tobias Brunner
755985867e
swanctl: Report the use of a PPK in --list-sas
...
If we later decide the PPK_ID would be helpful, printing this on a
separate line would probably make sense.
2018-09-10 18:03:30 +02:00
Tobias Brunner
c4d2fdd915
vici: Return PPK state of an IKE_SA
2018-09-10 18:03:27 +02:00
Tobias Brunner
e4d85011e4
ikev2: Mark IKE_SAs that used PPK during authentication
2018-09-10 18:03:18 +02:00
Tobias Brunner
6627706786
eap-authenticator: Add support for authentication with PPK
2018-09-10 18:03:03 +02:00
Tobias Brunner
18f8249415
pubkey-authenticator: Add support for authentication with PPK
2018-09-10 18:03:03 +02:00
Tobias Brunner
46bdeaf359
psk-authenticator: Add support for authentication with PPK
2018-09-10 18:03:03 +02:00
Tobias Brunner
a9e60c96dc
ike-auth: Add basic PPK support
...
Some of the work will have to be done in the authenticators.
2018-09-10 18:03:02 +02:00
Tobias Brunner
94f9f421bc
ike-auth: Replace `== NULL` with `!`
2018-09-10 18:03:02 +02:00
Tobias Brunner
7150fa7065
authenticator: Add optional method to set PPK
2018-09-10 18:03:02 +02:00
Tobias Brunner
600b106852
ike-init: Send USE_PPK notify as appropriate
2018-09-10 18:03:02 +02:00
Tobias Brunner
1fb46f7119
swanctl: Report PPK configuration in --list-conns
2018-09-10 18:03:02 +02:00
Tobias Brunner
7f94528061
vici: Make PPK related options configurable
2018-09-10 18:03:02 +02:00
Tobias Brunner
a2ff8b654d
peer-cfg: Add properties for PPK ID and whether PPK is required
2018-09-10 18:03:01 +02:00
Tobias Brunner
83dcc1f4cf
ike-sa: Add flag for PPK extension
2018-09-10 18:03:01 +02:00
Tobias Brunner
3fbc95cf54
keymat_v2: Add support for PPKs
2018-09-10 18:03:01 +02:00
Tobias Brunner
3703dff2aa
swanctl: Add support for PPKs
2018-09-10 18:03:01 +02:00
Tobias Brunner
1ec9382880
vici: Add support for PPKs
2018-09-10 18:03:01 +02:00
Tobias Brunner
bac3ca2324
shared-key: Add a new type for Postquantum Preshared Keys
...
Using a separate type allows us to easily check if we have any PPKs
available at all.
2018-09-10 18:03:01 +02:00
Tobias Brunner
0f423dda28
ikev2: Add notify types for Postquantum Preshared Keys
2018-09-10 18:03:00 +02:00
Tobias Brunner
5dff6de8eb
unit-tests: Add tests for peer_cfg_t::replace_child_cfgs()
2018-09-10 17:45:23 +02:00
Tobias Brunner
40ed812442
peer-cfg: Replace equal child configs with newly added ones
...
Otherwise, renamed child configs would still be known to the daemon
under their old name.
Fixes #2746 .
2018-09-10 17:45:07 +02:00
Andreas Steffen
375dfb9076
crypto: References to RFCs 8410 and 8420
2018-09-04 07:24:20 +02:00