Commit Graph

17314 Commits

Author SHA1 Message Date
Tobias Brunner 8ea13bbc5c lgtm: Add query to detect problematic uses of chunk_from_chars()
GCC 9+ and clang 4+ (partially) optimize out usages of
chunk_from_chars() if the value is read outside of the block where the
macro is used.  For instance:

```
chunk_t chunk = chunk_empty;
if (...)
{
	chunk = chunk_from_chars(0x01, 0x06);
}
/* do something with chunk */
```

The chunk_from_chars() macro expands to a chunk_t declaration, which is
technically only defined inside that block.

Still, with older GCC versions the fourth line was compiled to something
like this:

```
mov     WORD PTR [rsp+14], 1537 # 0x0106 in little-endian
lea     rdx, [rsp+14]
mov     ecx, 2
```

However, with GCC 9.1 and -O2 the first instruction might be omitted
(strangely the others usually were not, so the chunk pointed to whatever
was stored on the stack).  It's not easily reproducible, so there are
situations where the seemingly identical code is not optimized in this
way.

This query should detect such problematic uses of the macro (definition
and usage in different blocks).

References #3249.
2020-01-27 18:31:09 +01:00
Tobias Brunner 9c6ab71782 lgtm: Add config for a more complete build on lgtm.com 2020-01-27 18:00:49 +01:00
Tobias Brunner 3be430cc13 travis: Build on ARM64, IBM Power and IBM Z architectures
IBM Z is big-endian, IBM Power runs in little-endian mode.

Botan requires a fix for issues with GCC and amalgamation enabled (target
pragma ‘*’ is invalid) on ARM64 and IBM Power, while wolfSSL can't be
compiled successfully on IBM Z without an additional patch.

libunwind is not available for x390x, but since we explicitly disable
such backtraces it's not necessary anyway.
2020-01-22 15:10:09 +01:00
Tobias Brunner 3bc0c9807a sha3: Fix readLane() macro on big-endian platforms 2020-01-20 11:05:17 +01:00
Tobias Brunner b0b928dd0a Use Botan 2.13.0 for tests 2020-01-16 08:30:47 +01:00
Tobias Brunner ce4ed21fcb scepclient: Add missing short options (-i, -T) 2020-01-15 12:02:18 +01:00
Tobias Brunner dc4058ef16 Merge branch 'vici-pytest'
Adds tox.ini to test with tox (which is now used on Travis) and includes
the tests in the source distribution.
2020-01-14 16:53:53 +01:00
Tobias Brunner ecf161e517 vici: Move Python test dir and include it in sdist
This is the recommended location and import config as it allows running the
tests against installed versions of the package.  And while the test file
itself is automatically included in the source distribution this way, the
__init__.py file is not, so we still have to update MANIFEST.in.
2020-01-14 16:53:19 +01:00
Tobias Brunner 6352954807 travis: Run python tests with tox 2020-01-14 15:27:06 +01:00
Tobias Brunner b723431540 vici: Run Python tests via tox if available
Since we use the serial test harness we can't use AM_TESTS_ENVIRONMENT.
The script is necessary for out-of-tree builds.
2020-01-14 15:26:52 +01:00
Tobias Brunner 574621d80a vici: Fix several PEP8 issues 2020-01-14 15:26:32 +01:00
Tobias Brunner d5153c5897 vici: Add tox.ini to run tests with tox
Some of the interpreters might not be available on the host system, use
--skip-missing-interpreters to not fail in that case.
2020-01-14 15:26:29 +01:00
Tobias Brunner c170bb593b vici: List newer Python versions in setup.py 2020-01-14 10:48:53 +01:00
Tobias Brunner 282c57b131 travis: Bump wolfSSL to 4.3.0 2020-01-13 15:49:57 +01:00
Tobias Brunner 846dde91ae wolfssl: Undef RSA_PSS_SALT_LEN_DEFAULT as wolfSSL 4.3.0 defines it as enum 2020-01-13 15:49:57 +01:00
Tobias Brunner 83c8f887d9 Revert "travis: Add a workaround for a bug regarding libtool installed via Homebrew"
This reverts commit 1806ba0890 as the
workaround is not required anymore and now actually fails because
pre-installed tools have a dependency on libtool.
2019-12-19 11:42:12 +01:00
Andreas Steffen e5f18a46b7 Version bump to 5.8.2 2019-12-17 14:30:41 +01:00
Andreas Steffen b9eade0ca2 Version bump to 5.8.2rc2 2019-12-16 22:11:43 +01:00
Tobias Brunner a3166c8188 kernel-netlink: Use correct config option name for HW offloading check
Fixes: a605452c03 ("kernel-netlink: Check for offloading support in constructor")
2019-12-13 17:20:51 +01:00
Tobias Brunner 8d9a7fcae3 drbg: Fix Doxygen group in headers 2019-12-12 11:09:06 +01:00
Tobias Brunner a669145086 Fixed some typos, courtesy of codespell 2019-12-12 11:09:06 +01:00
Tobias Brunner 174bfe51f9 NEWS: Added some news for 5.8.2 2019-12-12 11:09:06 +01:00
Thomas Egerer cf18951efd openssl: Make some additional arguments const
Related to openssl 1.1.x changes.

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
2019-12-11 13:09:04 +01:00
Tobias Brunner 8ee1242f14 libtpmtss: Convert RSA exponent to big-endian when provided by a TPM 2.0
While the TPM expects and returns the data in big-endian, the SAPI
implementation converts it to native-endianness.  As stated in the
SAPI specification (section 3.2):

  8. All SAPI data SHALL be in native-endian format.  This means that
     the SAPI implementation will do any endian conversion required for
     both inputs and outputs.

So to use the exponent in a chunk we have to convert it to big-endian again.

Fixes: 7533cedb9a ("libtpmtss: Read RSA public key exponent instead of assuming its value")
2019-12-10 15:19:32 +01:00
Tobias Brunner a84aeb01aa ikev2: Destroy IKE_SA if INVALID_SYNTAX notify is received in response
RFC 7296, section 2.21.3:

   If a peer parsing a request notices that it is badly formatted (after
   it has passed the message authentication code checks and window
   checks) and it returns an INVALID_SYNTAX notification, then this
   error notification is considered fatal in both peers, meaning that
   the IKE SA is deleted without needing an explicit Delete payload.
2019-12-09 12:26:54 +01:00
Tobias Brunner 10e0faf477 ikev2: Destroy IKE_SA when receiving invalid authenticated requests
RFC 7296, section 2.21.3:

   If a peer parsing a request notices that it is badly formatted (after
   it has passed the message authentication code checks and window
   checks) and it returns an INVALID_SYNTAX notification, then this
   error notification is considered fatal in both peers, meaning that
   the IKE SA is deleted without needing an explicit Delete payload.
2019-12-09 12:26:54 +01:00
Tobias Brunner 51ac22579d ikev2: Send INVALID_MAJOR_VERSION notify using the same exchange type and MID
This is per RFC 7296, section 1.5.
2019-12-09 12:26:54 +01:00
Tobias Brunner e3e0fe41ab sshkey: Rename variables that conflict with function argument 2019-12-09 11:34:30 +01:00
Tobias Brunner a6723ee3e0 chunk: Rename hash key variable to avoid conflicts with function arguments 2019-12-09 11:23:02 +01:00
Tobias Brunner d3ca9fcda4 attr: Remove unused/undeclared argument in provider constructor 2019-12-09 11:05:25 +01:00
Andreas Steffen c2d6ac1124 Version bump to 5.8.2rc1 2019-12-07 23:06:22 +01:00
Tobias Brunner 3d40bf6491 configure: Drop unnecessary gperf version check
While the check probably made sense when strongSwan 4.x was started, gperf
version 3.0.1 was released in 2003, so it's very unlikely that version 2.x
is still around anywhere.
2019-12-06 10:30:52 +01:00
Tobias Brunner 72373d940a configure: Abort if gperf is not found but generated files don't exist
When building from a tarball gperf is not required as the generated
files already exist, however, when building from the repository that's
not the case, so warn the user if gperf is not found.
2019-12-06 10:30:52 +01:00
Tobias Brunner 251ac44df3 configure: Declare GPERF and PERL as variables
These are documented in --help and will be cached.
2019-12-06 10:30:52 +01:00
Tobias Brunner c81a8a8f36 kernel-netlink: Properly compare routes for policies without gateway/netxhop
This happened when installing a duplicate bypass policy for a locally
connected subnet.  The destructor and the kernel-net part already
handle this correctly.
2019-12-06 10:28:13 +01:00
Tobias Brunner 6b347d5232 openssl: Ensure underlying hash algorithm is available during HMAC init
Without this we only would learn that the algorithm isn't actually
available (e.g. due to FIPS mode) when set_key() is called later, so there
isn't any automatic fallback to other implementations.

Fixes #3284.
2019-12-06 10:27:24 +01:00
Tobias Brunner 96b8fa72b3 Merge branch 'ca-identity-constraint'
This adds a new constraint for vici/swanctl.conf that enforces that the
certificate chain of the remote peer contains a CA certificate with a
specific identity.

This is similar to the existing CA constraints, but doesn't require that
the CA certificate is locally installed, for instance, intermediate CA
certificates received by the peers.

Wildcard identity matching (e.g. "..., OU=Research, CN=*") could also be
used for the latter, but requires trust in the intermediate CA to only
issue certificates with legitimate subject DNs (e.g. the "Sales" CA must
not issue certificates with "OU=Research").  With the new constraint
that's not necessary as long as a path length constraint prevents
intermediate CAs from issuing further intermediate CAs.
2019-12-06 10:23:59 +01:00
Tobias Brunner ae9b748a77 vici: Log certificate constraints for loaded configs 2019-12-06 10:07:47 +01:00
Martin Willi f95d512251 testing: Use identity based CA restrictions in rw-hash-and-url-multi-level
This is a prominent example where the identity based CA constraint is
benefical. While the description of the test claims a strict binding
of the client to the intermediate CA, this is not fully true if CA operators
are not fully trusted: A rogue OU=Sales intermediate may issue certificates
containing a OU=Research.

By binding the connection to the CA, we can avoid this, and using the identity
based constraint still allows moon to receive the intermediate over IKE
or hash-and-url.
2019-12-06 10:07:47 +01:00
Martin Willi 026024bc02 swanctl: Include ca_id property in list-conns command 2019-12-06 10:07:46 +01:00
Martin Willi 55fc514ed2 swanctl: Document the remote ca_id option for identity based CA constraints 2019-12-06 10:07:46 +01:00
Martin Willi 3c71a3201f vici: Introduce a ca_id option identity based CA certificate constraints 2019-12-06 10:07:46 +01:00
Martin Willi c70201f1e3 auth-cfg: Add support for identity based CA authentication constraints
Enforcing CA based constraints previously required the CA certificate file
to be locally installed. This is problematic from a maintencance perspective
when having many intermediate CAs, and is actually redundant if the client
sends its intermediate cert in the request.

The alternative was to use Distinguished Name matching in the subject
identity to indirectly check for the issuing CA by some RDN field, such as OU.
However, this requires trust in the intermediate CA to issue only certificates
with legitime subject identities.

This new approach checks for an intermediate CA by comparing the issuing
identity. This does not require trust in the intermediate, as long as
a path len constraint prevents that intermediate to issue further
intermediate certificates.
2019-12-06 10:07:46 +01:00
Tobias Brunner 7035340b21 farp: Ignore SAs with 0.0.0.0/0 remote traffic selector
This is mostly to avoid hijacking the local LAN if the farp plugin is
inadvertently active on a roadwarrior.

Fixes #3116.
2019-12-06 10:06:16 +01:00
Tobias Brunner 202c204785 farp: Only cache IPv4 traffic selectors
Since ARP is IPv4 only there is no point caching IPv6 traffic
selectors/CHILD_SAs.
2019-12-06 09:58:29 +01:00
Tobias Brunner dc1e02e1de Merge branch 'ocsp-nonce'
This makes sure the nonce sent in an OCSP request is contained in the
response (it also fixes parsing the nonce, which didn't matter so far
as it was never used)
2019-12-06 09:53:26 +01:00
Tobias Brunner 27756b081c revocation: Check that nonce in OCSP response matches 2019-12-06 09:52:30 +01:00
Tobias Brunner cd0e4d5297 x509: Correctly parse nonce in OCSP response
Fixes: d7dc677ee5 ("x509: Correctly encode nonce in OCSP request")
2019-12-06 09:52:30 +01:00
Tobias Brunner 5333db58ac x509: Add getter for nonce in OCSP request/response implementations 2019-12-06 09:50:55 +01:00
Tobias Brunner 5b23427b37 credentials: Add getter for nonce in OCSP request and response interface 2019-12-06 09:50:55 +01:00