2 days agosocket-dynamic: Use IPv6-only mode for IPv6 sockets master
Tobias Brunner [Thu, 22 Sep 2022 15:36:38 +0000 (17:36 +0200)]
socket-dynamic: Use IPv6-only mode for IPv6 sockets

Same as the previous commit.

Fixes: 5f9ad62a8156 ("socket-dynamic: Don't set SO_REUSEADDR on IKE sockets anymore")

2 days agosocket-default: Use IPv6-only mode for IPv6 sockets
Tobias Brunner [Thu, 22 Sep 2022 15:33:52 +0000 (17:33 +0200)]
socket-default: Use IPv6-only mode for IPv6 sockets

Otherwise, we can't open a dedicated IPv4 socket on the same port as the
IPv6 socket already is set up do receive IPv4 packets (unless we'd again

Fixes: 83da13371292 ("socket-default: Don't set SO_REUSEADDR on IKE sockets anymore")

3 days agoandroid: Prevent FD leak from HttpURLConnection
Tobias Brunner [Fri, 22 Jul 2022 09:43:56 +0000 (11:43 +0200)]
android: Prevent FD leak from HttpURLConnection

The default is apparently "Connection: keep-alive", which somehow keeps
the socket around, which leaks file descriptors with every connection
that fetches OCSP and/or CRLs.  Over time that could result in the number
of FDs reaching a limit e.g. imposed by FD_SET().

Closes strongswan/strongswan#1160

3 days agoandroid: Update dependencies
Tobias Brunner [Fri, 22 Jul 2022 08:26:07 +0000 (10:26 +0200)]
android: Update dependencies

3 days agoandroid: Set compile-/targetSdkVersion to 32
Tobias Brunner [Fri, 22 Jul 2022 09:13:36 +0000 (11:13 +0200)]
android: Set compile-/targetSdkVersion to 32

3 days agoandroid: Fix "Format string ... is not valid format string..." error
Tobias Brunner [Fri, 22 Jul 2022 12:10:45 +0000 (14:10 +0200)]
android: Fix "Format string ... is not valid format string..." error

The linter complained that two of the strings don't actually contain any
printf-specifiers (i.e. don't expect any arguments) and therefore
shouldn't be used with String.format().

3 days agoandroid: Mark PendingIntents as immutable via FLAG_IMMUTABLE
Tobias Brunner [Fri, 22 Jul 2022 09:12:52 +0000 (11:12 +0200)]
android: Mark PendingIntents as immutable via FLAG_IMMUTABLE

Setting this or explicitly FLAG_MUTABLE is required when targeting
Android 12.

References strongswan/strongswan#1151

3 days agoandroid: Explicitly mark Activities/Services with intent-filter as exported
Tobias Brunner [Fri, 22 Jul 2022 09:11:14 +0000 (11:11 +0200)]
android: Explicitly mark Activities/Services with intent-filter as exported

Required when targeting Android 12.

3 days agoandroid: Move package namespace declaration from Manifest to build file
Tobias Brunner [Fri, 22 Jul 2022 08:22:05 +0000 (10:22 +0200)]
android: Move package namespace declaration from Manifest to build file

3 days agoandroid: Remove unused jni directory spec from sourceSets
Tobias Brunner [Fri, 22 Jul 2022 08:20:16 +0000 (10:20 +0200)]
android: Remove unused jni directory spec from sourceSets

3 days agoandroid: Update Gradle plugin
Tobias Brunner [Fri, 22 Jul 2022 08:20:04 +0000 (10:20 +0200)]
android: Update Gradle plugin

3 days agosocket-win: Don't set SO_REUSEADDR on IKE sockets anymore
Tobias Brunner [Tue, 6 Sep 2022 14:21:46 +0000 (16:21 +0200)]
socket-win: Don't set SO_REUSEADDR on IKE sockets anymore

Same as the change for socket-default in a previous commit.

3 days agosocket-dynamic: Don't set SO_REUSEADDR on IKE sockets anymore
Tobias Brunner [Tue, 6 Sep 2022 14:21:03 +0000 (16:21 +0200)]
socket-dynamic: Don't set SO_REUSEADDR on IKE sockets anymore

Same as the previous commit.

3 days agosocket-default: Don't set SO_REUSEADDR on IKE sockets anymore
Tobias Brunner [Tue, 6 Sep 2022 14:11:49 +0000 (16:11 +0200)]
socket-default: Don't set SO_REUSEADDR on IKE sockets anymore

This was originally required when pluto and charon both bound sockets to
the same port to send messages.  Pluto also received messages on them but
charon didn't and used a raw socket instead.  Since the removal of pluto
we don't need to set this option anymore, which might actually mask
mistakes like running charon and charon-systemd concurrently (that could
result in messages getting sent fine by both daemons but only received
by one).

Note that a failure to create/bind the sockets will not immediately
result in a shutdown of the daemon.  Instead, there will be an error
once the receiver tries to read any messages and also whenever the sender
attempts to send a request.

3 days agoMerge branch 'eap-vendor-id'
Tobias Brunner [Wed, 21 Sep 2022 11:37:18 +0000 (13:37 +0200)]
Merge branch 'eap-vendor-id'

Changes the type for EAP vendor IDs from uint32_t to pen_t, which has
explicitly been added to represent three-byte IANA-allocated Private
Enterprise Numbers (PEN), which the EAP RFC called "SMI Network
Management Private Enterprise Codes".

References strongswan/strongswan#581

3 days agoeap: Make sure eap_type_t is large enough to hold vendor-specific types
Tobias Brunner [Thu, 21 Jul 2022 11:37:01 +0000 (13:37 +0200)]
eap: Make sure eap_type_t is large enough to hold vendor-specific types

Unless compiled with `-fshort-enumes` that's usually the case already.

3 days agoeap: Print vendor (PEN) names for vendor-specific EAP methods
Tobias Brunner [Thu, 21 Jul 2022 11:19:56 +0000 (13:19 +0200)]
eap: Print vendor (PEN) names for vendor-specific EAP methods

3 days agoeap: Use pen_t instead of uint32_t for vendor ID
Tobias Brunner [Thu, 21 Jul 2022 11:06:56 +0000 (13:06 +0200)]
eap: Use pen_t instead of uint32_t for vendor ID

4 days agoVersion bump to 5.9.8dr4 5.9.8dr4
Andreas Steffen [Tue, 20 Sep 2022 14:37:44 +0000 (16:37 +0200)]
Version bump to 5.9.8dr4

4 days agopki: Base64 encoding of username:password in HTTP basic authentication
Andreas Steffen [Tue, 20 Sep 2022 06:49:40 +0000 (08:49 +0200)]
pki: Base64 encoding of username:password in HTTP basic authentication

4 days agopki: Always and implicitly use base64 encoding for EST requests/response
Martin Willi [Tue, 20 Sep 2022 05:47:25 +0000 (07:47 +0200)]
pki: Always and implicitly use base64 encoding for EST requests/response

Content-Transfer-Encoding is actually not a valid HTTP header, but a MIME
header, and must not be used. The original RFC7030 specifies this wrong,
and an errata discusses this issue.

The use of base64 encoding has been clarified in RFC8951, and the
recommendation is to always use/expect base64 encoding, but not send/expect
the Content-Transfer-Encoding header.

5 days agoscepclient: Remove documentation about removal of scepclient
Tobias Brunner [Wed, 14 Sep 2022 15:54:23 +0000 (17:54 +0200)]
scepclient: Remove documentation about removal of scepclient

There should be no need for such a persistent documentation on a removed
component in the repository.  The commit history is enough.  And besides
that, there is user-facing documentation about it in the docs and the

5 days agopki: Add SCEP utility functions and enums to Doxygen doc
Tobias Brunner [Wed, 14 Sep 2022 15:53:36 +0000 (17:53 +0200)]
pki: Add SCEP utility functions and enums to Doxygen doc

5 days agovici: Ignore NULL message in raise_event()
Tobias Brunner [Tue, 6 Sep 2022 14:32:47 +0000 (16:32 +0200)]
vici: Ignore NULL message in raise_event()

There are a lot of calls like this:

  this->dispatcher->raise_event(this->dispatcher, "...", 0,

However, if finalize() fails, e.g. because a previous call to add()
failed due to the size limit, it returns NULL.  This then caused a
segmentation fault in raise_event() when it interacted with that value.

Closes strongswan/strongswan#1278

5 days agoMerge branch 'ike-sa-flush'
Tobias Brunner [Tue, 20 Sep 2022 08:09:59 +0000 (10:09 +0200)]
Merge branch 'ike-sa-flush'

This fixes a race condition during shutdown between the main thread
flushing the IKE_SA manager and worker threads still creating IKE_SAs.

Closes strongswan/strongswan#1252

5 days agoike-sa-manager: Make sure flush() removes entries that might get added concurrently
Tobias Brunner [Fri, 26 Aug 2022 14:14:30 +0000 (16:14 +0200)]
ike-sa-manager: Make sure flush() removes entries that might get added concurrently

Because flush() has to release the segment locks intermittently, threads
might add new entries (even with the change in the previous commit as the
IKE_SA might already be created, just not registered/checked in yet).

Since those entries are added to the front of the segment lists, the
enumerator in the previous step 2 didn't notice them and did not wait
for them to get checked in.  However, step 3 and 4 then proceeded to
delete and destroy the entry and IKE_SA, which could lead to a crash
once the other thread attempts to check in the already destroyed IKE_SA.

This change combines the three loops of steps 2-4 but then loops over
the whole table until it's actually empty.  This way we wait for and
destroy newly added entries.

5 days agoike-sa-manager: Prevent new IKE_SA from getting created when flush() is called
Tobias Brunner [Fri, 26 Aug 2022 13:33:22 +0000 (15:33 +0200)]
ike-sa-manager: Prevent new IKE_SA from getting created when flush() is called

Without ability to create SPIs, other threads are prevented from creating
new IKE_SAs while we are flushing existing IKE_SAs.  However, there could
still be IKE_SAs already created that might get checked in while the
segments are temporarily unlocked to wait for threads to check existing
SAs in.

5 days agoike-sa: Always set ike_cfg_t when setting peer_cfg_t
Tobias Brunner [Fri, 26 Aug 2022 15:29:00 +0000 (17:29 +0200)]
ike-sa: Always set ike_cfg_t when setting peer_cfg_t

This is more consistent and e.g. allows to properly take into account
some settings that are also relevant during IKE_AUTH (e.g. childless).

We also already use the peer_cfg_t's ike_cfg_t when rekeying,
reauthenticating and reestablishing an IKE_SA (and e.g. for DSCP).

Also changed are some IKEv1 cases where get_ike_cfg() is called before
set_peer_cfg() without taking a reference to the ike_cfg_t that might
get replaced/destroyed (none of the cases were problematic, though, but
it also wasn't necessary to keep the ike_cfg_t around).

Closes strongswan/strongswan#1238

5 days agocred-encoding: Avoid potential use after free when caching encodings
Tobias Brunner [Thu, 18 Aug 2022 10:04:39 +0000 (12:04 +0200)]
cred-encoding: Avoid potential use after free when caching encodings

The pattern currently is to call get_cache(), generate the encoding
if that failed and then store it with cache().  The latter adopts the
passed encoding and frees any stored encoding.  However, the latter means
that if two threads concurrently fail to get a cached encoding and then
both generate and store one, one of the threads might use an encoding
that was freed by the other thread.

Since encodings are not expected to change, we can avoid this issue by
not replacing an existing cache entry and instead return that (while
freeing the passed value instead of the cached one).

Closes strongswan/strongswan#1231

8 days agokernel-pfkey: Increase debug level of the "querying ..." log messages
Tobias Brunner [Fri, 16 Sep 2022 14:33:42 +0000 (16:33 +0200)]
kernel-pfkey: Increase debug level of the "querying ..." log messages

References strongswan/strongswan#1271

8 days agokernel-netlink: Increase debug level of the "querying [...]" log messages
Noel Kuntze [Fri, 2 Sep 2022 23:37:33 +0000 (01:37 +0200)]
kernel-netlink: Increase debug level of the "querying [...]" log messages

When watching the output of `swanctl -l` during debugging, the debug
messages in query_sa/policy() cause a lot of noise in the logs (level 2
for DBG_KNL still has actually useful information that we want to see
in the logs) and they're not very useful.

Compared to the messages in the functions above, the ones in update_sa()
and get_replay_state() are not seen often. But since there already is a
log message on level 2 in update_sa(), they're kinda redundant.

Closes strongswan/strongswan#1271

8 days agoMerge branch 'asan'
Tobias Brunner [Fri, 16 Sep 2022 13:28:16 +0000 (15:28 +0200)]
Merge branch 'asan'

Enables AddressSanitizer in most CI builds that don't use leak-detective.
For custom builds it can easily be enabled via --enable-asan.

8 days agogithub: Enable AddressSanitizer if leak-detective is disabled
Tobias Brunner [Tue, 13 Sep 2022 15:23:55 +0000 (17:23 +0200)]
github: Enable AddressSanitizer if leak-detective is disabled

At least for the tests where it is available and works.  It conflicts
with the instrumentation used by the coverage and fuzzing (and possibly
sonarcloud) tests, the toolchain for the Windows builds doesn't seem to
support it, and on FreeBSD the test executables hang due to a
compatibility issue with FreeBSD's qsort(), which has been fixed [1],
but that has not made it into the clang version in the base system.

For the custom OpenSSL build, debug symbols are enabled so we can
suppress some leaks properly.


9 days agoconfigure: Add an option to build with AddressSanitizer
Tobias Brunner [Thu, 15 Sep 2022 10:05:14 +0000 (12:05 +0200)]
configure: Add an option to build with AddressSanitizer

9 days agogithub: Use OpenSSL 3.0.5 for tests
Tobias Brunner [Tue, 13 Sep 2022 16:05:01 +0000 (18:05 +0200)]
github: Use OpenSSL 3.0.5 for tests

9 days agotun-device: Fix compiler warning
Tobias Brunner [Thu, 15 Sep 2022 08:49:42 +0000 (10:49 +0200)]
tun-device: Fix compiler warning

Only the second was reported by the compiler (depending on the version
and similarly to the previous commit only with AddressSanitizer active).
The strncpy() call for UTUN_CONTROL_NAME was simply wrong.

9 days agokernel-netlink: Fix compiler warnings with strncpy()
Tobias Brunner [Thu, 15 Sep 2022 08:08:10 +0000 (10:08 +0200)]
kernel-netlink: Fix compiler warnings with strncpy()

Normally, GCC sees that we terminate the destination with a zero byte.
However, when using `-fsanitize=address`, there seems to be additional
instrumentation code after strncpy() so GCC produces warnings like

‘__builtin_strncpy’ specified bound 16 equals destination size [-Wstringop-truncation]

9 days agoconfigure: Log if -Werror is enabled
Tobias Brunner [Tue, 13 Sep 2022 15:25:12 +0000 (17:25 +0200)]
configure: Log if -Werror is enabled

9 days agounit-tests: Don't link files from libimcv into the test executable
Tobias Brunner [Wed, 14 Sep 2022 14:03:57 +0000 (16:03 +0200)]
unit-tests: Don't link files from libimcv into the test executable

This causes odr-violation errors with libasan as some symbols will be
defined twice, once in the linked libimcv and once in the test
executable itself.

9 days agounit-tests: Use allocated listener instead of stack object in exchange tests
Thomas Egerer [Fri, 2 Sep 2022 11:54:05 +0000 (11:54 +0000)]
unit-tests: Use allocated listener instead of stack object in exchange tests

When using the statement expression and a stack object along with
clang-11 and libasan, we get quite a lot of errors about reading
invalid memory. This is due to clang making the actual listener_t local
to the block, such that the access outside of the macros using
_assert_payload is (correctly) considered an error.
By using a heap allocated object, we can destroy it once the listener
returns FALSE (cleaning up properly), and since bus_t does not touch the
listener after that, we don't get any errors from libasan.

Co-authored-by: Tobias Brunner <>
9 days agounit-tests: Don't use test data on stack for TLS socket tests
Tobias Brunner [Tue, 13 Sep 2022 14:10:55 +0000 (16:10 +0200)]
unit-tests: Don't use test data on stack for TLS socket tests

The stack of that function might not be valid anymore once data is read.

9 days agogcrypt: Return correct IV length (0) for ECB mode
Tobias Brunner [Tue, 13 Sep 2022 13:26:47 +0000 (15:26 +0200)]
gcrypt: Return correct IV length (0) for ECB mode

9 days agoaesni: Fix out-of-bound read when loading 192-bit AES keys
Tobias Brunner [Tue, 13 Sep 2022 13:16:47 +0000 (15:16 +0200)]
aesni: Fix out-of-bound read when loading 192-bit AES keys

9 days agoike-rekey: Correctly destroy colliding rekey task
Tobias Brunner [Tue, 13 Sep 2022 13:03:24 +0000 (15:03 +0200)]
ike-rekey: Correctly destroy colliding rekey task

Using DESTROY_IF() this way doesn't correctly check if the pointer
is set.

Fixes: 7ffeed01c0d7 ("ike-rekey: Remove collision task type checks")

9 days agotest-runner: Clean up collected run times
Tobias Brunner [Tue, 13 Sep 2022 12:55:30 +0000 (14:55 +0200)]
test-runner: Clean up collected run times

9 days agotest-runner: Properly clean up allocated test suites
Martin Willi [Wed, 8 Apr 2015 08:20:23 +0000 (10:20 +0200)]
test-runner: Properly clean up allocated test suites

9 days agounit-tests: Disable AddressSanitizer for threading cleanup function
Martin Willi [Wed, 8 Apr 2015 08:18:31 +0000 (10:18 +0200)]
unit-tests: Disable AddressSanitizer for threading cleanup function

As the cleanup function reads from the correct address on the parent frame,
it is currently unclear why AddressSanitizer complains about that pointer

9 days agounit-tests: Exclude memory checks after-free from AddressSanitizer
Martin Willi [Wed, 8 Apr 2015 08:16:13 +0000 (10:16 +0200)]
unit-tests: Exclude memory checks after-free from AddressSanitizer

We explicitly test the memory we free()d if that got properly wiped, so suppress
the warning from AddressSanitizer.

9 days agoutils: Define ADDRESS_SANITIZER_EXCLUDE to exclude a function from sanitizer
Martin Willi [Wed, 15 Apr 2015 12:21:38 +0000 (14:21 +0200)]
utils: Define ADDRESS_SANITIZER_EXCLUDE to exclude a function from sanitizer

9 days agoutils: Support __has_feature() macro on non-LLVM compilers by returning 0
Martin Willi [Wed, 15 Apr 2015 12:20:52 +0000 (14:20 +0200)]
utils: Support __has_feature() macro on non-LLVM compilers by returning 0

10 days agopki: Correctly use int as precision specifier when printing PEM certificate
Tobias Brunner [Wed, 14 Sep 2022 15:36:43 +0000 (17:36 +0200)]
pki: Correctly use int as precision specifier when printing PEM certificate

12 days agounit-tests: Add environment variable to only run specific iterations
Tobias Brunner [Mon, 22 Aug 2022 09:48:29 +0000 (11:48 +0200)]
unit-tests: Add environment variable to only run specific iterations

Helpful when running with increased verbosity and only specific iterations

2 weeks agoVersion bumpt to 5.9.8dr3 5.9.8dr3
Andreas Steffen [Wed, 7 Sep 2022 04:38:42 +0000 (06:38 +0200)]
Version bumpt to 5.9.8dr3

2 weeks agolibstrongswan: Encode RSA-PSS algorithmIdentifier variant
Andreas Steffen [Tue, 6 Sep 2022 19:10:36 +0000 (21:10 +0200)]
libstrongswan: Encode RSA-PSS algorithmIdentifier variant

Some third party IKEv2 products expect an RSA-PSS ASN.1
algorithmIdentifier with an explicit trailerField value (CONTEXT3)
instead of the DEFAULT value if the trailerField is missing.

The setting charon.rsa_pss_trailerfield = yes enables the explicit

2 weeks agotesting: Fixed two issues
Andreas Steffen [Mon, 5 Sep 2022 05:07:00 +0000 (07:07 +0200)]
testing: Fixed two issues

2 weeks agotesting: Add missing kernel config for 5.19
Tobias Brunner [Tue, 6 Sep 2022 14:56:31 +0000 (16:56 +0200)]
testing: Add missing kernel config for 5.19

The config went missing when 057b3806aad4 ("Version bump to 5.9.8dr1")
changed the default kernel version.

2 weeks agounit-tests: Let the TLS server thread close its own socket
Tobias Brunner [Tue, 6 Sep 2022 13:31:41 +0000 (15:31 +0200)]
unit-tests: Let the TLS server thread close its own socket

Closing the socket from the main thread, while the server thread is
still in accept() (or is just about to enter it), seems to
occasionally cause a deadlock on macOS.

2 weeks agotesting: Add missing css dir to distribution tarballs
Boi Sletterink [Thu, 1 Sep 2022 09:48:43 +0000 (11:48 +0200)]
testing: Add missing css dir to distribution tarballs

Add the css dir to the EXTRA_DIST variable in the Makefile for the test
environment. This dir was missing when generating distribution tarballs.
Adding it enables successful builds of the test environment from the
dist tarballs.

Fixes: 63f35993d9fb ("testing: Use sans-serif font for test results")
Closes strongswan/strongswan#1266

2 weeks agoipsec: Remove scepclient from usage output
Tobias Brunner [Mon, 5 Sep 2022 17:12:57 +0000 (19:12 +0200)]
ipsec: Remove scepclient from usage output

2 weeks agostarter: Fix comment for debug function
Tobias Brunner [Mon, 5 Sep 2022 17:12:23 +0000 (19:12 +0200)]
starter: Fix comment for debug function

2 weeks agoconf: Remove config snippet for scepclient
Tobias Brunner [Mon, 5 Sep 2022 17:11:58 +0000 (19:11 +0200)]
conf: Remove config snippet for scepclient

2 weeks agoconfigure: Remove AC_SUBST for unused variable
Tobias Brunner [Mon, 5 Sep 2022 17:10:03 +0000 (19:10 +0200)]
configure: Remove AC_SUBST for unused variable

2 weeks agoandroid: Remove scepclient from old top-level
Tobias Brunner [Mon, 5 Sep 2022 17:09:31 +0000 (19:09 +0200)]
android: Remove scepclient from old top-level

2 weeks agogithub: Remove --enable-scepclient from macOS build options
Tobias Brunner [Mon, 5 Sep 2022 15:14:52 +0000 (17:14 +0200)]
github: Remove --enable-scepclient from macOS build options

2 weeks agounit-tests: Make TLS echo server cancelable
Tobias Brunner [Mon, 5 Sep 2022 15:10:21 +0000 (17:10 +0200)]
unit-tests: Make TLS echo server cancelable

Seems to be required on macOS (libtls tests didn't run before the recent
implicit enabling via pki).  Other platforms apparently let accept() fail
if the socket is shutdown/closed in teardown_creds(), macOS apparently
doesn't do that.

2 weeks agolibtls: Fix encoding of TLS 1.3 certificate extension as server
Tobias Brunner [Mon, 5 Sep 2022 11:06:20 +0000 (13:06 +0200)]
libtls: Fix encoding of TLS 1.3 certificate extension as server

Same as 9664ef4ba60f ("libtls: Fixed encoding of TLS 1.3 certificate
extension") but for the server.

2 weeks agoUse wolfSSL 5.5.0 for tests
Tobias Brunner [Mon, 5 Sep 2022 09:11:49 +0000 (11:11 +0200)]
Use wolfSSL 5.5.0 for tests

3 weeks agoVersion bump to 5.9.8dr2 5.9.8dr2
Andreas Steffen [Fri, 2 Sep 2022 04:32:13 +0000 (06:32 +0200)]
Version bump to 5.9.8dr2

3 weeks agopki: pki --req can use old certreq as template
Andreas Steffen [Mon, 29 Aug 2022 08:34:58 +0000 (10:34 +0200)]
pki: pki --req can use old certreq as template

When an X.509 certificate has to be renewed it is helpful to use
the old PKCS#10 certificate request as a template, so that the
distinguishedName (DN), the subjectAlternativeName (SAN) and
a certificate profile name don't have to be typed-in again.

The old public key in the existing certreq is replaced with the
new key and the signature is re-generated using the new private key.

3 weeks agopki: Fixed memory leak in pki --scep
Andreas Steffen [Sun, 28 Aug 2022 09:42:13 +0000 (11:42 +0200)]
pki: Fixed memory leak in pki --scep

4 weeks agopki: Fixed filenames in pki --estca/--scepca man pages
Andreas Steffen [Fri, 26 Aug 2022 14:43:58 +0000 (16:43 +0200)]
pki: Fixed filenames in pki --estca/--scepca man pages

4 weeks agoconnmark: Fix wrong plugin name in log message
Noel Kuntze [Sat, 20 Aug 2022 23:08:28 +0000 (01:08 +0200)]
connmark: Fix wrong plugin name in log message

Closes strongswan/strongswan#1244

4 weeks agoVersion bump to 5.9.8dr1 5.9.8dr1
Andreas Steffen [Fri, 26 Aug 2022 10:32:04 +0000 (12:32 +0200)]
Version bump to 5.9.8dr1

4 weeks agotesting: Fixed typo of mfg1 to mgf1 plugin
Andreas Steffen [Fri, 26 Aug 2022 10:31:33 +0000 (12:31 +0200)]
testing: Fixed typo of mfg1 to mgf1 plugin

4 weeks agoMerge branch 'pki-scep'
Andreas Steffen [Fri, 26 Aug 2022 10:19:17 +0000 (12:19 +0200)]
Merge branch 'pki-scep'

4 weeks agoleak_detective: Whitelist botan_privkey_load_rsa_pkcs1()
Andreas Steffen [Thu, 25 Aug 2022 08:48:55 +0000 (10:48 +0200)]
leak_detective: Whitelist botan_privkey_load_rsa_pkcs1()

4 weeks agolibtls: the signature unit tests use scheme-specific credentials
Andreas Steffen [Wed, 24 Aug 2022 13:06:12 +0000 (15:06 +0200)]
libtls: the signature unit tests use scheme-specific credentials

4 weeks agolibtls: call create_public_enumerator() with key_type
Andreas Steffen [Wed, 24 Aug 2022 10:01:51 +0000 (12:01 +0200)]
libtls: call create_public_enumerator() with key_type

4 weeks agolibtls: enforce correct signature scheme for ECDSA keys
Andreas Steffen [Tue, 23 Aug 2022 21:52:39 +0000 (23:52 +0200)]
libtls: enforce correct signature scheme for ECDSA keys

4 weeks agolibtls: unit tests with crypto libs need additional plugins
Andreas Steffen [Mon, 22 Aug 2022 12:33:00 +0000 (14:33 +0200)]
libtls: unit tests with crypto libs need additional plugins

In order for libtls to run with the gcrypt libraryi, additionally the
random, pem, gcm, hmac, kdf, x509, constraints, and the curve2519
plugins are needed.

The botan library additionally need the hmac (for HMAC_MD5), x509 and
constraints plugins.

The wolfssl library additionally need the pkcs1, pkcs8, x509 and constraints

4 weeks agolibtls: Fixed encoding of TLS 1.3 certificate extension
Andreas Steffen [Mon, 22 Aug 2022 12:27:48 +0000 (14:27 +0200)]
libtls: Fixed encoding of TLS 1.3 certificate extension

4 weeks agopki: use libtls for pki --est|--estca
Andreas Steffen [Mon, 22 Aug 2022 10:42:09 +0000 (12:42 +0200)]
pki: use libtls for pki --est|--estca

4 weeks agopki: --est adds --keyid and --certid options
Andreas Steffen [Sun, 21 Aug 2022 13:21:22 +0000 (15:21 +0200)]
pki: --est adds --keyid and --certid options

With the --keyid option private keys stored on a smartcard or in
a TPM 2.0 can be used for public key based client authentication.

With the --certid option the corresponding client certificate
can reside on a smartcard or a TPM 2.0.

4 weeks agopki: Optimize certificate download for --scep and --est
Andreas Steffen [Sun, 21 Aug 2022 09:13:53 +0000 (11:13 +0200)]
pki: Optimize certificate download for --scep and --est

4 weeks agolibtls: unit tests run with default plugins
Andreas Steffen [Fri, 19 Aug 2022 15:18:52 +0000 (17:18 +0200)]
libtls: unit tests run with default plugins

The gcm plugin has been added to the default plugins and all
certificate types are loaded to allow the libtls socket unit
tests to run with the strongSwan default plugins.

4 weeks agolibtls: Send empty cert payload upon cert request
Andreas Steffen [Fri, 19 Aug 2022 15:09:02 +0000 (17:09 +0200)]
libtls: Send empty cert payload upon cert request

Currently when a TLS client doesn't have a certificate, it doesn't
send a certficiate payload upon receiving a certificate request
from the TLS server. According to the TLS 1.2 and 1.3 RFCs an
empty certificate payload must be sent.

4 weeks agopki: use libtls for pki --est
Andreas Steffen [Fri, 19 Aug 2022 00:04:58 +0000 (02:04 +0200)]
pki: use libtls for pki --est

4 weeks agopki: Created pki --est man page
Andreas Steffen [Tue, 16 Aug 2022 13:24:02 +0000 (15:24 +0200)]
pki: Created pki --est man page

4 weeks agopki: Enroll an X.509 certificate with an EST server
Andreas Steffen [Mon, 15 Aug 2022 19:16:11 +0000 (21:16 +0200)]
pki: Enroll an X.509 certificate with an EST server

4 weeks agopki: Created pki --estca man page
Andreas Steffen [Sun, 14 Aug 2022 02:51:23 +0000 (04:51 +0200)]
pki: Created pki --estca man page

4 weeks agopki: Clean up SCEP functions
Andreas Steffen [Sun, 14 Aug 2022 02:29:44 +0000 (04:29 +0200)]
pki: Clean up SCEP functions

4 weeks agopki: Get CA certs via EST (RFC 7030)
Andreas Steffen [Sat, 13 Aug 2022 10:31:44 +0000 (12:31 +0200)]
pki: Get CA certs via EST (RFC 7030)

4 weeks agopkcs10: Support of Microsoft CertTypeExtension
Andreas Steffen [Wed, 10 Aug 2022 22:21:28 +0000 (00:21 +0200)]
pkcs10: Support of Microsoft CertTypeExtension

The msCertificateTypeExtension OID ( can
be used in a PKCS#10 certificate request to define a certificate
profile. It consists of an UTF8 string.

pki: profile option

4 weeks agoscepclient: Removal and replacement by pki subcommands
Andreas Steffen [Tue, 9 Aug 2022 08:15:36 +0000 (10:15 +0200)]
scepclient: Removal and replacement by pki subcommands

The "ipsec scepclient" tool has been removed and replaced by the
pki subcommands "pki --scep" and "pki --scepca" which implement the
new SCEP RFC 8894 standard that was released in September 2020 and
which supports trusted "certificate renewal" based on the existing
client certificate.

4 weeks agopki: Additional pki.scep options for strongswan.conf
Andreas Steffen [Tue, 9 Aug 2022 05:38:06 +0000 (07:38 +0200)]
pki: Additional pki.scep options for strongswan.conf

4 weeks agopki: Created pki --scep man page
Andreas Steffen [Sat, 6 Aug 2022 10:23:09 +0000 (12:23 +0200)]
pki: Created pki --scep man page

4 weeks agopki: Enroll an X.509 certificate with a SCEP server
Andreas Steffen [Mon, 1 Aug 2022 09:57:41 +0000 (11:57 +0200)]
pki: Enroll an X.509 certificate with a SCEP server

4 weeks agopki: Created pki --scepca man page
Andreas Steffen [Sat, 30 Jul 2022 12:21:50 +0000 (14:21 +0200)]
pki: Created pki --scepca man page

5 weeks agopki: Get CA certs via SCEP
Andreas Steffen [Fri, 29 Jul 2022 04:48:41 +0000 (06:48 +0200)]
pki: Get CA certs via SCEP

5 weeks agowolfssl: Rename `encrypt` methods to avoid conflicts with system headers
Fabrice Fontaine [Mon, 8 Aug 2022 07:52:19 +0000 (09:52 +0200)]
wolfssl: Rename `encrypt` methods to avoid conflicts with system headers

Rename `encrypt` methods to avoid the following build failure when wolfSSL
is built with --enable-opensslextra:

In file included from ../../../../src/libstrongswan/utils/utils.h:59,
                 from ../../../../src/libstrongswan/library.h:101,
                 from wolfssl_common.h:29,
                 from wolfssl_aead.c:23:
wolfssl_aead.c:90:16: error: conflicting types for 'encrypt'; have '_Bool(union <anonymous>,  chunk_t,  chunk_t,  chunk_t,  chunk_t *)'
   90 | METHOD(aead_t, encrypt, bool,
      |                ^~~~~~~
../../../../src/libstrongswan/utils/utils/object.h:99:20: note: in definition of macro 'METHOD'
   99 |         static ret name(union {iface *_public; this;} \
      |                    ^~~~
In file included from /home/autobuild/autobuild/instance-5/output-1/host/powerpc64le-buildroot-linux-musl/sysroot/usr/include/wolfssl/wolfcrypt/wc_port.h:573,
                 from /home/autobuild/autobuild/instance-5/output-1/host/powerpc64le-buildroot-linux-musl/sysroot/usr/include/wolfssl/wolfcrypt/types.h:35,
                 from /home/autobuild/autobuild/instance-5/output-1/host/powerpc64le-buildroot-linux-musl/sysroot/usr/include/wolfssl/wolfcrypt/logging.h:33,
                 from /home/autobuild/autobuild/instance-5/output-1/host/powerpc64le-buildroot-linux-musl/sysroot/usr/include/wolfssl/ssl.h:35,
                 from wolfssl_common.h:64,
                 from wolfssl_aead.c:23:
/home/autobuild/autobuild/instance-5/output-1/host/powerpc64le-buildroot-linux-musl/sysroot/usr/include/unistd.h:149:6: note: previous declaration of 'encrypt' with type 'void(char *, int)'
  149 | void encrypt(char *, int);
      |      ^~~~~~~

Closes strongswan/strongswan#1201