Andreas Steffen
33a729fac2
libimcv: Corrected caption
2017-09-09 13:10:45 +02:00
Andreas Steffen
165d28174d
pt-tls-client: Introduced --options as a synonym for --optionsfrom
2017-09-09 10:31:02 +02:00
Andreas Steffen
94bdd463d8
sec-updater: Write to log only if at least one update is found.
2017-09-07 14:54:41 +02:00
Tobias Brunner
311d931aef
android: New release after adding OCSP, CRL cache and some other stuff
2017-09-04 11:27:40 +02:00
Tobias Brunner
82088028d8
testing: Reduce log level of SSH client
...
This should suppress the "Permanently added ... to the list of known
hosts" warnings that occasionally come up for no apparent reason.
2017-09-04 11:16:00 +02:00
Tobias Brunner
c353996191
ike: Reset local SPI if retrying to connect in state IKE_CONNECTING
...
In case we send retransmits for an IKE_SA_INIT where we propose a DH
group the responder will reject we might later receive delayed responses
that either contain INVALID_KE_PAYLOAD notifies with the group we already
use or, if we retransmitted an IKE_SA_INIT with the requested group but
then had to restart again, a KE payload with a group different from the
one we proposed. So far we didn't change the initiator SPI when
restarting the connection, i.e. these delayed responses were processed
and might have caused fatal errors due to a failed DH negotiation or
because of the internal retry counter in the ike-init task. Changing
the initiator SPI avoids that as we won't process the delayed responses
anymore that caused this confusion.
2017-09-04 11:16:00 +02:00
Tobias Brunner
eaedcf8c00
ike-sa-manager: Add method to change the initiator SPI of an IKE_SA
2017-09-04 11:16:00 +02:00
Tobias Brunner
bd371590ab
ike-init: Fail if DH group in KE payload does not match proposed group
2017-09-04 11:02:55 +02:00
Tobias Brunner
9c03e8c80b
Merge branch 'android-updates'
...
Caches CRLs in the app directory, adds support for OCSP, adds a button
to reconnect to the "already connected" dialog, only apply/configure app
selection on Android >= 5 (older versions don't support the API), and catches
some random exceptions.
2017-09-04 10:44:08 +02:00
Tobias Brunner
1926efadde
android: Add disconnect button to dialog if already connected to profile
2017-09-04 10:41:30 +02:00
Tobias Brunner
037b353d2c
android: Load x509 plugin to generate OCSP requests and parse responses
...
BoringSSL does not support OpenSSL's OCSP API.
2017-09-04 10:41:29 +02:00
Tobias Brunner
829cc56a53
android: Add support to POST data via SimpleFetcher
...
That's required for OCSP verification.
2017-09-04 10:41:29 +02:00
Tobias Brunner
6e39240a3e
android: Add option to clear cached CRLs
2017-09-04 10:41:29 +02:00
Tobias Brunner
0bebbae9e3
android: Cache CRLs in app directory
...
Fixes #2405 .
2017-09-04 10:41:25 +02:00
Tobias Brunner
3fe9a436ee
android: Pass absolute path to the app's data directory via JNI
2017-09-04 10:41:25 +02:00
Tobias Brunner
98ab757284
android: Hide app selection in profile editor on Android < 5
2017-09-04 10:41:25 +02:00
Tobias Brunner
0b4f7d646b
android: Only apply app filter on Android 5 and newer
2017-09-04 10:41:24 +02:00
Tobias Brunner
ac3189f792
android: Catch OutOfMemoryError when importing profiles
...
Not sure if this is actually caused because e.g. the file is too large
or due to some encoding issue.
2017-09-04 10:41:24 +02:00
Tobias Brunner
1a9261a923
android: Catch NullPointerException when parsing invalid certificates
2017-09-04 10:41:24 +02:00
Tobias Brunner
e59b78254a
android: Catch NullPointerException when calling VpnService.prepare()
...
According to the Play Console this occurs occasionally.
2017-09-04 10:41:24 +02:00
Andreas Steffen
d43b84dcb4
Version bump to 5.6.1dr1
2017-09-01 13:49:09 +02:00
Andreas Steffen
fc373b64a6
imv-os: Updated security update evaluation
2017-09-01 12:42:24 +02:00
Andreas Steffen
7b75c18696
libimcv: Updated database scheme
2017-09-01 11:19:40 +02:00
Andreas Steffen
b84817375d
sec-updater: Checks for security updates
...
sec-updater checks for security updates and backports in Debian/
Ubuntu repositories and sets the security flags in the strongTNC
policy database accordingly.
2017-09-01 11:19:40 +02:00
Andreas Steffen
076aac7069
imv-attestation: Fixed file hash measurements
...
The introduction of file versions broke file hash measurements.
This has been fixed by using a generic product versions having an
empty package name.
2017-09-01 10:51:15 +02:00
Tobias Brunner
66805c7b32
ike-cfg: Fix memory leak when checking for configured address
2017-08-29 16:25:42 +02:00
Andreas Steffen
d2a89e9407
sw-collector.8: Some cleanups
2017-08-25 11:28:06 +02:00
Tobias Brunner
062a34e722
kernel-netlink: Set usable state whenever an interface appears
...
If an interface is renamed we already have an entry (based on the
ifindex) allocated but previously only set the usable state once
based on the original name.
Fixes #2403 .
2017-08-23 12:10:39 +02:00
Tobias Brunner
b7ad5f777f
libimcv: Updated Android.mk after move of swid-gen(-info)
2017-08-21 12:17:02 +02:00
Tobias Brunner
0d11d7b110
coverage: Use absolute path when removing paths with lcov
...
There is a bug in some versions of lcov that causes it to fail writing
to files via relative paths after it issued warnings (e.g. due to
negative counts in the tracefile).
2017-08-21 11:14:08 +02:00
Tobias Brunner
9cf2920512
traffic-selector: Use single buffer for both address families
...
The generic field of size 0 in the union that was used previously
triggered index-out-of-bounds errors with the UBSAN sanitizer that's
used on OSS-Fuzz. Since the two family specific union members don't
really provide any advantage, we can just use a single buffer for both
families to avoid the errors.
2017-08-17 12:34:40 +02:00
Tobias Brunner
936db031c7
testing: Make removal of SWID tags work with different releases
...
The regid.2004-03.org.strongswan directory might not exist in new images.
2017-08-16 10:51:15 +02:00
Tobias Brunner
bf31485e1e
fuzzing: Also run input that previously caused crashes
2017-08-15 10:35:20 +02:00
Tobias Brunner
17840fa18e
configure: Detect mpz_powm_sec() when built with -Werror
2017-08-15 10:35:20 +02:00
Tobias Brunner
7421884da1
travis: Use the same ASAN_OPTIONS as used by OSS-Fuzz
2017-08-15 10:35:20 +02:00
Tobias Brunner
ed13c60c4f
plugin-loader: Move indent variables into !USE_FUZZING block
...
This avoids compile errors on Travis.
2017-08-15 10:35:20 +02:00
Tobias Brunner
1ce2721d90
travis: Run fuzz targets
2017-08-15 10:35:20 +02:00
Tobias Brunner
9f2e74cfbb
fuzzing: Run local fuzz targets on given corpora during `make check`
...
The base directory of the corpora must be set in FUZZING_CORPORA.
2017-08-15 10:35:20 +02:00
Tobias Brunner
be1beea7a4
fuzzing: Add driver to run fuzz targets on a given list of files
...
This is enabled if the path to libFuzzer.a is not specified when running
the configure script.
2017-08-15 10:35:20 +02:00
Adrian-Ken Rueegsegger
c15dbfaf08
charon-tkm: Build fix for kernel SAD tests
...
Commit 7729577... added a flag to the get_esa_id function but the unit
tests were not adjusted.
2017-08-14 18:35:37 +02:00
Andreas Steffen
9cc37212c6
Version bump to 5.6.0
2017-08-14 10:07:47 +02:00
Tobias Brunner
7cc4a92d0b
NEWS: Add info about CVE-2017-11185
2017-08-14 08:49:33 +02:00
Tobias Brunner
ef5c37fcdf
gmp: Fix RSA signature verification for m >= n
...
By definition, m must be <= n-1, we didn't enforce that and because
mpz_export() returns NULL if the passed value is zero a crash could have
been triggered with m == n.
Fixes CVE-2017-11185.
2017-08-14 08:49:33 +02:00
Andreas Steffen
d35183e33e
Version bump to 5.6.0rc2
2017-08-09 14:23:28 +02:00
Andreas Steffen
e658fd475a
sw-collector: Moved info class to libimcv
2017-08-09 13:28:00 +02:00
Tobias Brunner
f237bfcb9e
NEWS: Added some news
2017-08-08 20:05:30 +02:00
Tobias Brunner
e66c3d41bc
conf: Descriptions of several settings updated
2017-08-08 17:28:01 +02:00
Tobias Brunner
eb3239b921
libimcv: Cast chunk length to int when printing as string
2017-08-08 15:32:08 +02:00
Tobias Brunner
cbade9b6b9
sw-collector: Cast chunk length to int when printing as string
2017-08-08 15:31:56 +02:00
Tobias Brunner
0392f76804
sw-collector: Fix memory leak after failing to open DB
2017-08-08 15:30:44 +02:00