4 years agoopenssl: Properly handle flags in key usage extension
Tobias Brunner [Thu, 8 Jun 2017 11:35:47 +0000 (13:35 +0200)]
openssl: Properly handle flags in key usage extension

4 years agocharon-tkm: Return cloned host from tkm_kernel_sad_t::get_dst_host()
Tobias Brunner [Wed, 7 Jun 2017 13:46:26 +0000 (15:46 +0200)]
charon-tkm: Return cloned host from tkm_kernel_sad_t::get_dst_host()

When an expire is triggered while rekeying, the CHILD_SA might be deleted
while the returned host is still used to queue a rekey job for the CHILD_SA.

4 years agoconfigure: Use pkg-config to determine Ruby CFLAGS/LIBS
Tobias Brunner [Wed, 7 Jun 2017 14:22:11 +0000 (16:22 +0200)]
configure: Use pkg-config to determine Ruby CFLAGS/LIBS

4 years agonm: Version bump to 1.4.2
Tobias Brunner [Tue, 30 May 2017 12:36:17 +0000 (14:36 +0200)]
nm: Version bump to 1.4.2

4 years agoVersion bump to 5.5.3 5.5.3
Andreas Steffen [Mon, 29 May 2017 10:02:48 +0000 (12:02 +0200)]
Version bump to 5.5.3

4 years agoNEWS: Add info about CVE-2017-9022/23
Tobias Brunner [Fri, 26 May 2017 16:05:48 +0000 (18:05 +0200)]
NEWS: Add info about CVE-2017-9022/23

4 years agox509: nameConstraints sequence does not require a loop
Andreas Steffen [Fri, 5 May 2017 09:21:12 +0000 (11:21 +0200)]
x509: nameConstraints sequence does not require a loop

Fixes: CVE-2017-9023

4 years agounit-tests: Updated asn1-parser tests
Andreas Steffen [Fri, 5 May 2017 18:57:28 +0000 (20:57 +0200)]
unit-tests: Updated asn1-parser tests

4 years agoasn1-parser: Fix CHOICE parsing
Andreas Steffen [Fri, 5 May 2017 07:01:08 +0000 (09:01 +0200)]
asn1-parser: Fix CHOICE parsing

Fixes: CVE-2017-9023

4 years agogmp: Make sure the modulus is odd and the exponent not zero
Tobias Brunner [Wed, 29 Mar 2017 09:26:24 +0000 (11:26 +0200)]
gmp: Make sure the modulus is odd and the exponent not zero

Unlike mpz_powm() its secure replacement mpz_powm_sec() has the additional
requirement that the exponent must be > 0 and the modulus has to be odd.
Otherwise, it will crash with a floating-point exception.

Fixes: CVE-2017-9022
Fixes: 3e35a6e7a1b0 ("Use side-channel secured mpz_powm_sec of libgmp 5, if available")

4 years agoimv-swid: Fixed memory leak in http REST interface
Andreas Steffen [Mon, 29 May 2017 07:59:20 +0000 (09:59 +0200)]
imv-swid:  Fixed memory leak in http REST interface

4 years agoleak-detective: Whitelisted memory leaks in FHH IMCs and IMVs
Andreas Steffen [Sun, 28 May 2017 18:07:20 +0000 (20:07 +0200)]
leak-detective: Whitelisted memory leaks in FHH IMCs and IMVs

4 years agoimv-test: Fixed memory leak in server retry use case
Andreas Steffen [Sun, 28 May 2017 18:05:52 +0000 (20:05 +0200)]
imv-test: Fixed memory leak in server retry use case

4 years agolibtnccs: Fixed memory leak of global variables in libxml2
Andreas Steffen [Sun, 28 May 2017 11:51:28 +0000 (13:51 +0200)]
libtnccs: Fixed memory leak of global variables in libxml2

4 years agoike-cfg: Fix memory leak when matching against ranges
Tobias Brunner [Mon, 29 May 2017 08:49:57 +0000 (10:49 +0200)]
ike-cfg: Fix memory leak when matching against ranges

traffic_selector_t::to_subnet() always sets the net/host (unless the
address family was invalid).

Fixes: 3070697f9f7c ("ike: support multiple addresses, ranges and subnets in IKE address config")

4 years agoNEWS: Added some news
Tobias Brunner [Fri, 26 May 2017 16:33:12 +0000 (18:33 +0200)]
NEWS: Added some news

4 years agoike: Apply retransmission_limit before applying the jitter
Tobias Brunner [Fri, 26 May 2017 16:16:40 +0000 (18:16 +0200)]
ike: Apply retransmission_limit before applying the jitter

4 years agoeap-sim-file: Remove redundant enumerator allocation
Tobias Brunner [Fri, 26 May 2017 14:42:59 +0000 (16:42 +0200)]
eap-sim-file: Remove redundant enumerator allocation

4 years agosql: Remove redundant enumerator allocation
Tobias Brunner [Fri, 26 May 2017 13:10:04 +0000 (15:10 +0200)]
sql: Remove redundant enumerator allocation

Interestingly, this doesn't show up in the regression tests because the
compiler removes the first assignment (and thus the allocation) due to
-O2 that's included in our default CFLAGS.

4 years agotesting: Add wrapper around service command
Tobias Brunner [Fri, 26 May 2017 14:24:35 +0000 (16:24 +0200)]
testing: Add wrapper around service command

When charon is started via service command LEAK_DETECTIVE_LOG is not set
because the command strips the environment.  Since we only want the
variable to be set during the automated test runs we can't just set it
in /etc/default/charon.  Instead, we do so in this wrapper when charon is
started and remove the variable again when it is stopped.

4 years agoFixed some typos, courtesy of codespell
Tobias Brunner [Fri, 26 May 2017 12:44:06 +0000 (14:44 +0200)]
Fixed some typos, courtesy of codespell

4 years agoapidoc: Add legacy README so links get properly resolved
Tobias Brunner [Wed, 24 May 2017 12:49:23 +0000 (14:49 +0200)]
apidoc: Add legacy README so links get properly resolved

Also reorders the input files so the READMEs are listed first in the
navigation menu on the left.

4 years agotesting: Added swanctl/rw-eap-md5-id-rsa scenario
Andreas Steffen [Fri, 19 May 2017 19:15:25 +0000 (21:15 +0200)]
testing: Added swanctl/rw-eap-md5-id-rsa scenario

4 years agoREADME: Converted to swanctl configuration scheme
Andreas Steffen [Thu, 11 May 2017 20:22:23 +0000 (22:22 +0200)]
README: Converted to swanctl configuration scheme

4 years agoMerge branch 'variadic-enumerators'
Tobias Brunner [Fri, 26 May 2017 11:57:57 +0000 (13:57 +0200)]
Merge branch 'variadic-enumerators'

This adds several changes to enumerator_t and linked_list_t to improve
portability.  In particular to Apple's ARM64 iOS platform, whose calling
convention for variadic and regular functions are different.  This means
that assigning a non-variadic function to a variadic function pointer,
as we did with our enumerator_t::enumerate() implementations and several
callbacks, will result in crashes as the called function will access the
arguments differently than the caller provided them.

To avoid this issue the enumerator_t interface is now fully variadic.
A new mandatory method is added, venumerate(), that takes a va_list with
the arguments provided while enumerating.  enumerate() is replaced with
a generic implementation that prepares a va_list and calls the
enumerator's venumerate() implementation.  As this allows passing the
arguments of one enumerator to another it avoids the five pointer hack
used by enumerator_create_nested() and enumerator_create_cleaner().
To simplify the implementation of venumerate() a helper macro is provided
that assigns values from a given va_list to local variables.

The signature of the callback passed to enumerator_create_filter() has
also changed significantly.  It's now required to enumerate over the
original enumerator in the callback as this avoids the previous in/out
pointer hack. The arguments to the outer enumerator are provided in a

Similar changes to avoid such five pointer hacks affect the signatures
of the callbacks for linked_list_t's invoke_function() and find_first()
methods.  For the latter the return type also changed from status_t to
bool, which is important as SUCCESS is defined as 0, so checks for ==
SUCCESS will now fail.

4 years agolinked-list: Change return value of find_first() and signature of its callback
Tobias Brunner [Tue, 16 May 2017 10:11:24 +0000 (12:11 +0200)]
linked-list: Change return value of find_first() and signature of its callback

This avoids the unportable five pointer hack.

4 years agolinked-list: Change interface of callback for invoke_function()
Tobias Brunner [Mon, 15 May 2017 15:51:19 +0000 (17:51 +0200)]
linked-list: Change interface of callback for invoke_function()

This avoids the unportable five pointer hack.

4 years agolinked-list: invoke_offset() doesn't take any additional arguments anymore
Tobias Brunner [Mon, 15 May 2017 15:12:44 +0000 (17:12 +0200)]
linked-list: invoke_offset() doesn't take any additional arguments anymore

4 years agoChange interface for enumerator_create_filter() callback
Tobias Brunner [Fri, 12 May 2017 10:10:27 +0000 (12:10 +0200)]
Change interface for enumerator_create_filter() callback

This avoids the unportable 5 pointer hack, but requires enumerating in
the callback.

4 years agoMigrate all enumerators to venumerate() interface change
Tobias Brunner [Thu, 11 May 2017 07:17:02 +0000 (09:17 +0200)]
Migrate all enumerators to venumerate() interface change

4 years agoenumerator: Add venumerate() method to enumerator_t that takes a va_list
Tobias Brunner [Tue, 9 May 2017 14:59:37 +0000 (16:59 +0200)]
enumerator: Add venumerate() method to enumerator_t that takes a va_list

This will allow us to implement e.g. enumerator_cleaner without having to
use that unportable 5 pointer forwarding or having to define a callback for
each instance.

A generic implementation for enumerate() is provided so only venumerate()
has to be implemented, which may be simplified by using the VA_ARGS_VGET()

4 years agoutils: Add helper macros to read variadic arguments into local variables
Tobias Brunner [Wed, 3 May 2017 11:58:02 +0000 (13:58 +0200)]
utils: Add helper macros to read variadic arguments into local variables

4 years agotesting: Fix ikev2/two-certs scenario
Tobias Brunner [Fri, 26 May 2017 11:49:51 +0000 (13:49 +0200)]
testing: Fix ikev2/two-certs scenario

Since 6a8a44be88b0 the certificate received by the client is verified
first, before checking the cached certificates for any with matching
identities.  So we usually don't have to attempt to verify the signature
with wrong certificates first and can avoid this message.

4 years agoMerge branch 'sha-256-96'
Tobias Brunner [Fri, 26 May 2017 09:23:12 +0000 (11:23 +0200)]
Merge branch 'sha-256-96'

Adds an option to locally configure 96-bit truncation for HMAC-SHA256
when negotiated using the official algorithm identifier.  This is for
compatibility with peers that incorrectly use this shorter truncation
(like Linux does by default).

Fixes #1353.

4 years agovici: Make 96-bit truncation for SHA-256 configurable
Tobias Brunner [Wed, 10 May 2017 17:37:22 +0000 (19:37 +0200)]
vici: Make 96-bit truncation for SHA-256 configurable

4 years agostroke: Make 96-bit truncation for SHA-256 configurable
Tobias Brunner [Wed, 10 May 2017 17:32:53 +0000 (19:32 +0200)]
stroke: Make 96-bit truncation for SHA-256 configurable

4 years agochild-cfg: Optionally use 96-bit truncation for HMAC-SHA-256
Tobias Brunner [Wed, 10 May 2017 17:15:53 +0000 (19:15 +0200)]
child-cfg: Optionally use 96-bit truncation for HMAC-SHA-256

The correct truncation is 128-bit but some implementations insist on
using 96-bit truncation.  With strongSwan this can be negotiated using
an algorithm identifier from a private range.  But this doesn't work
with third-party implementations.  This adds an option to use 96-bit
truncation even if the official identifier is used.

4 years agoandroid-log: Link against liblog
Tobias Brunner [Fri, 26 May 2017 07:39:21 +0000 (09:39 +0200)]
android-log: Link against liblog

4 years agounit-tests: Fix test_chunk_eq() if arguments have side-effects
Tobias Brunner [Wed, 24 May 2017 07:34:17 +0000 (09:34 +0200)]
unit-tests: Fix test_chunk_eq() if arguments have side-effects

4 years agoMerge branch 'avoid-rekey-loss'
Tobias Brunner [Tue, 23 May 2017 16:49:13 +0000 (18:49 +0200)]
Merge branch 'avoid-rekey-loss'

This changes the behavior during IKEv2 CHILD_SA rekeyings to avoid
traffic loss.  When responding to a CREATE_CHILD_SA request to rekey a
CHILD_SA the responder already has everything available to install and
use the new CHILD_SA.  However, this could lead to lost traffic as the
initiator won't be able to process inbound packets until it processed the
CREATE_CHILD_SA response and updated the inbound SA.  To avoid this the
responder now only installs the new inbound SA and delays installing the
outbound SA until it receives the DELETE for the replaced CHILD_SA.  The
messages transporting these DELETEs could reach the peer before packets
sent with the deleted outbound SAs reach the respective peer.  To reduce
the chance of traffic loss due to this the inbound SA of the replaced
CHILD_SA is not removed for a configurable amount of seconds after
the DELETE has been processed.

Fixes #1291.

4 years agounit-tests: Check installed IPsec SAs in child-rekey tests
Tobias Brunner [Wed, 8 Mar 2017 14:47:58 +0000 (15:47 +0100)]
unit-tests: Check installed IPsec SAs in child-rekey tests

4 years agounit-tests: Add assert to check for installed IPsec SAs
Tobias Brunner [Wed, 8 Mar 2017 14:46:39 +0000 (15:46 +0100)]
unit-tests: Add assert to check for installed IPsec SAs

4 years agounit-tests: Migrate cached IPsec SAs to new IKE_SAs during rekeying
Tobias Brunner [Thu, 9 Mar 2017 09:59:31 +0000 (10:59 +0100)]
unit-tests: Migrate cached IPsec SAs to new IKE_SAs during rekeying

4 years agounit-tests: Keep track of installed IPsec SAs in mock kernel_ipsec_t implementation
Tobias Brunner [Wed, 8 Mar 2017 14:45:41 +0000 (15:45 +0100)]
unit-tests: Keep track of installed IPsec SAs in mock kernel_ipsec_t implementation

4 years agochild-delete: Delay the removal of the inbound SA of rekeyed CHILD_SAs
Tobias Brunner [Tue, 21 Mar 2017 15:03:54 +0000 (16:03 +0100)]
child-delete: Delay the removal of the inbound SA of rekeyed CHILD_SAs

After deleting a rekeyed CHILD_SA we uninstall the outbound SA but don't
destroy the CHILD_SA (and the inbound SA) immediately.  We delay it
a few seconds or until the SA expires to allow delayed packets to get
processed. The CHILD_SA remains in state CHILD_DELETING until it finally
gets destroyed.

4 years agodelete-child-sa-job: Add new constructor that takes the unique ID of a CHILD_SA
Tobias Brunner [Tue, 21 Mar 2017 14:56:02 +0000 (15:56 +0100)]
delete-child-sa-job: Add new constructor that takes the unique ID of a CHILD_SA

This makes sure we delete the right SA in case the addresses got updated
in the mean time.

4 years agochild-sa: Remove state to track installation of half the SA again
Tobias Brunner [Tue, 21 Mar 2017 14:39:10 +0000 (15:39 +0100)]
child-sa: Remove state to track installation of half the SA again

4 years agounit-tests: Overload helper macro to check for outbound SA state
Tobias Brunner [Tue, 21 Mar 2017 14:35:30 +0000 (15:35 +0100)]
unit-tests: Overload helper macro to check for outbound SA state

4 years agochild-sa: Expose state of the outbound SA
Tobias Brunner [Tue, 21 Mar 2017 14:08:14 +0000 (15:08 +0100)]
child-sa: Expose state of the outbound SA

4 years agochild-sa: Add method to remove the outbound SA and policies
Tobias Brunner [Mon, 20 Mar 2017 12:35:56 +0000 (13:35 +0100)]
child-sa: Add method to remove the outbound SA and policies

4 years agochild-sa: Keep track whether the outbound SA has been installed or not
Tobias Brunner [Wed, 8 Mar 2017 08:40:40 +0000 (09:40 +0100)]
child-sa: Keep track whether the outbound SA has been installed or not

4 years agochild-delete: Track flags per individual CHILD_SA
Tobias Brunner [Tue, 21 Mar 2017 11:18:12 +0000 (12:18 +0100)]
child-delete: Track flags per individual CHILD_SA

4 years agoikev2: Delay installation of outbound SAs during rekeying on the responder
Tobias Brunner [Wed, 1 Mar 2017 17:02:38 +0000 (18:02 +0100)]
ikev2: Delay installation of outbound SAs during rekeying on the responder

The responder has all the information needed to install both SAs before
the initiator does.  So if the responder immediately installs the outbound
SA it might send packets using the new SA which the initiator is not yet
able to process.  This can be avoided by delaying the installation of the
outbound SA until the replaced SA is deleted.

4 years agochild-sa: Add log message for CHILD_SA state changes
Tobias Brunner [Wed, 1 Mar 2017 15:07:57 +0000 (16:07 +0100)]
child-sa: Add log message for CHILD_SA state changes

4 years agochild-sa: Add method to associate rekeyed CHILD_SAs with their replacement
Tobias Brunner [Tue, 28 Feb 2017 14:03:45 +0000 (15:03 +0100)]
child-sa: Add method to associate rekeyed CHILD_SAs with their replacement

4 years agochild-sa: Add methods that allow partial installation of CHILD_SA
Tobias Brunner [Tue, 28 Feb 2017 14:03:12 +0000 (15:03 +0100)]
child-sa: Add methods that allow partial installation of CHILD_SA

Using install() for the inbound SA and register_outbound() for the
outbound SA followed by install_policies(), will delay the installation of
the outbound SA as well as the installation of the outbound policies
in the kernel until install_outbound() is called later.

4 years agochild-sa: Add new state to track installation of only the inbound SA
Tobias Brunner [Tue, 28 Feb 2017 13:57:51 +0000 (14:57 +0100)]
child-sa: Add new state to track installation of only the inbound SA

4 years agochild-sa: Change API used to set/install policies
Tobias Brunner [Wed, 1 Mar 2017 13:40:15 +0000 (14:40 +0100)]
child-sa: Change API used to set/install policies

This way we only have to pass the traffic selectors once.

4 years agochild-sa: Split in- and outbound policy de-/installation
Tobias Brunner [Tue, 28 Feb 2017 13:44:38 +0000 (14:44 +0100)]
child-sa: Split in- and outbound policy de-/installation

Only install outbound fallback policies.

4 years agochild-create: Trigger NARROW_RESPONDER_POST hook before installing SAs
Tobias Brunner [Wed, 1 Mar 2017 11:34:22 +0000 (12:34 +0100)]
child-create: Trigger NARROW_RESPONDER_POST hook before installing SAs

This makes sure we use the same set of traffic selectors when installing
the SAs and installing the policies.

4 years agoMerge branch 'fuzzing'
Tobias Brunner [Tue, 23 May 2017 16:33:00 +0000 (18:33 +0200)]
Merge branch 'fuzzing'

Adds support for fuzzing the certificate parser provided by the default
plugins (x509, pem, gmp etc.) on Google's OSS-Fuzz infrastructure (or
generally with libFuzzer). Fixes several issues that were found while
fuzzing these plugins.

When building the libraries monolithically and statically the
plugin constructors are now hard-coded in each library so the plugin
code is not removed by the linker because it thinks none of their symbols
are ever referenced.

4 years agotnc-ifmap: Null-terminate buffer to make sscanf()-calls safe
Tobias Brunner [Tue, 23 May 2017 10:37:05 +0000 (12:37 +0200)]
tnc-ifmap: Null-terminate buffer to make sscanf()-calls safe

4 years agolibimcv: Make sure the first argument to sscanf() is null-terminated
Tobias Brunner [Tue, 23 May 2017 10:24:01 +0000 (12:24 +0200)]
libimcv: Make sure the first argument to sscanf() is null-terminated

4 years agoasn1: Make sure the first argument to sscanf() is null-terminated
Tobias Brunner [Tue, 23 May 2017 10:19:48 +0000 (12:19 +0200)]
asn1: Make sure the first argument to sscanf() is null-terminated

4 years agox509: Fix leak when parsing CDPs if an invalid one follows valid ones
Tobias Brunner [Sat, 20 May 2017 11:04:56 +0000 (13:04 +0200)]
x509: Fix leak when parsing CDPs if an invalid one follows valid ones

4 years agopem: Ensure a value before checking Proc-Type in PEM header
Tobias Brunner [Fri, 5 May 2017 07:01:51 +0000 (09:01 +0200)]
pem: Ensure a value before checking Proc-Type in PEM header

4 years agochunk: Correctly parse Base64 text where four = follow in a row
Tobias Brunner [Thu, 4 May 2017 14:16:33 +0000 (16:16 +0200)]
chunk: Correctly parse Base64 text where four = follow in a row

That's not correct Base64 but invalid data could trigger this. Since
outlen would get reduced four times, but is only ever increased three
times per iteration, this could result in an integer underflow and then
a potential buffer overflow.

4 years agoconfigure: Don't modify CFLAGs if fuzzing is enabled
Tobias Brunner [Thu, 4 May 2017 14:10:00 +0000 (16:10 +0200)]
configure: Don't modify CFLAGs if fuzzing is enabled

Just rely on the flags passed by the build process.

4 years agoplugin-loader: Disable some logging output when building fuzz targets
Tobias Brunner [Wed, 3 May 2017 15:55:34 +0000 (17:55 +0200)]
plugin-loader: Disable some logging output when building fuzz targets

This avoids evaluating %N. An alternative would be to define a printf-hook
for plugin features.

4 years agox509: Manually print CRL/OCSP URIs when fuzzing
Tobias Brunner [Wed, 3 May 2017 16:10:17 +0000 (18:10 +0200)]
x509: Manually print CRL/OCSP URIs when fuzzing

This avoids a warning about the custom %Y printf specifier.

4 years agoprocessor: Move priority threads assignment to set_threads()
Tobias Brunner [Wed, 3 May 2017 15:35:45 +0000 (17:35 +0200)]
processor: Move priority threads assignment to set_threads()

This avoids the evaluation of %N even if the thread pool is never used.
We need to avoid as many custom printf specifiers as possible when
fuzzing our code to avoid excessive log messages.

4 years agofuzz: Change how fuzz_certs is built
Tobias Brunner [Mon, 1 May 2017 14:23:55 +0000 (16:23 +0200)]
fuzz: Change how fuzz_certs is built

We mainly do this because we have to create a self-contained executable
and it isn't so easy to actually get libtool to link e.g. libgmp

4 years agoAdd plugin constructor registration for all libraries that provide plugins
Tobias Brunner [Fri, 28 Apr 2017 15:49:50 +0000 (17:49 +0200)]
Add plugin constructor registration for all libraries that provide plugins

Unfortunately, we can't just add the generated C file to the sources in as the linker would remove that object file when it notices
that no symbol in it is ever referenced.  So we include it in the file
that contains the library initialization, which will definitely be
referenced by the executable.

This allows building an almost stand-alone static version of e.g. charon
when building with `--enable-monolithic --enable-static --disable-shared`
(without `--disable-shared` libtool will only build a version that links
the libraries dynamically).  External libraries (e.g. gmp or openssl) are
not linked statically this way, though.

4 years agoplugin-constructors: Add script to generate constructor registration
Tobias Brunner [Fri, 28 Apr 2017 15:46:57 +0000 (17:46 +0200)]
plugin-constructors: Add script to generate constructor registration

Using a Python script so this works in cross-compilation situations.

4 years agoplugin-loader: Add facility to register plugin constructors
Tobias Brunner [Fri, 28 Apr 2017 15:41:57 +0000 (17:41 +0200)]
plugin-loader: Add facility to register plugin constructors

Enabled when building monolithically and statically.

This should allow us to work around the -whole-archive issue with
libtool.  If the libraries register the plugin constructors they provide
they reference the constructors and will therefore prevent the linker from
removing these seemingly unused symbols from the final executable.

For use cases where dlsym() can be used, e.g. because the static libraries
are manually linked with -whole-archive (Linux) or -force-load (Apple),
this can be disabled by passing ss_cv_static_plugin_constructors=no to
the configure script.

4 years agoconfigure: Don't build static libraries by default
Tobias Brunner [Fri, 28 Apr 2017 13:39:01 +0000 (15:39 +0200)]
configure: Don't build static libraries by default

This way we can actually detect if someone wants to build strongSwan
statically because --enable-static has to be passed explicitly.

4 years agolibrary: Add compile option to disable memwipe() check
Tobias Brunner [Wed, 19 Apr 2017 08:40:40 +0000 (10:40 +0200)]
library: Add compile option to disable memwipe() check

4 years agofuzz: Make path to libFuzzer.a configurable
Tobias Brunner [Wed, 29 Mar 2017 09:32:25 +0000 (11:32 +0200)]
fuzz: Make path to libFuzzer.a configurable

4 years agopem: Don't read beyond line ends
Tobias Brunner [Wed, 29 Mar 2017 09:19:30 +0000 (11:19 +0200)]
pem: Don't read beyond line ends

4 years agox509: Fix leak if there is an empty CDP
Tobias Brunner [Wed, 29 Mar 2017 09:16:34 +0000 (11:16 +0200)]
x509: Fix leak if there is an empty CDP

4 years agox509: Fix leak if a certificate contains multiple authorityKeyIdentifiers
Tobias Brunner [Wed, 15 Mar 2017 10:16:35 +0000 (11:16 +0100)]
x509: Fix leak if a certificate contains multiple authorityKeyIdentifiers

4 years agofuzz: Add fuzzing boilerplate
Tobias Brunner [Wed, 8 Mar 2017 10:00:22 +0000 (11:00 +0100)]
fuzz: Add fuzzing boilerplate

4 years agotesting: Avoid expiration of allocated SPIs due to low retransmission settings
Tobias Brunner [Tue, 14 Mar 2017 16:02:26 +0000 (17:02 +0100)]
testing: Avoid expiration of allocated SPIs due to low retransmission settings

4 years agokernel-netlink: Use total retransmit timeout as acquire timeout
Tobias Brunner [Mon, 13 Mar 2017 11:15:25 +0000 (12:15 +0100)]
kernel-netlink: Use total retransmit timeout as acquire timeout

By using the total retransmit timeout, modifications of timeout settings
automatically reflect on the value of xfrm_acq_expires.  If set, the
value of xfrm_acq_expires configured by the user takes precedence over
the calculated value.

4 years agotask-manager: Add helper function to calculate the total retransmit timeout
Tobias Brunner [Mon, 13 Mar 2017 11:00:40 +0000 (12:00 +0100)]
task-manager: Add helper function to calculate the total retransmit timeout

4 years agoike: Use optional jitter to calculate retransmission timeouts
Tobias Brunner [Fri, 19 May 2017 14:14:40 +0000 (16:14 +0200)]
ike: Use optional jitter to calculate retransmission timeouts

Also adds an optional limit to avoid very high retransmission timeouts
with high numbers of retries.

4 years agokernel-netlink: Try to add new inbound SA if update fails
Thomas Egerer [Thu, 9 Mar 2017 17:26:35 +0000 (18:26 +0100)]
kernel-netlink: Try to add new inbound SA if update fails

When establishing a traffic-triggered CHILD_SA involves the setup of an
IKE_SA more than one exchange is required. As a result the temporary
acquire state may have expired -- even if the acquire expiration
(xfrm_acq_expires) time is set properly (165 by default).  The expire
message sent by the kernel is not processed in charon since no trap can
be found by the trap manager.
A possible solution could be to track allocated SPIs.  But since this is
a corner case and the tracking introduces quite a bit of overhead, it
seems much more sensible to add a new state if the update of a state
fails with NOT_FOUND.

Signed-off-by: Thomas Egerer <>
4 years agokernel-pfkey: Update SA addresses if supported by the kernel
Tobias Brunner [Tue, 7 Feb 2017 08:57:09 +0000 (09:57 +0100)]
kernel-pfkey: Update SA addresses if supported by the kernel

Upcoming FreeBSD kernels will support updating the addresses of existing
SAs with new SADB_X_EXT_NEW_ADDRESS_SRC|DST extensions for the SADB_UPDATE

4 years agokernel-pfkey: Use new encap flag on Mac OS X when updating SAs
Tobias Brunner [Tue, 7 Feb 2017 08:55:50 +0000 (09:55 +0100)]
kernel-pfkey: Use new encap flag on Mac OS X when updating SAs

4 years agoreceiver: Restrict init limit to half-open SAs as responder
Thomas Egerer [Fri, 10 Mar 2017 09:45:48 +0000 (10:45 +0100)]
receiver: Restrict init limit to half-open SAs as responder

Signed-off-by: Thomas Egerer <>
4 years agoMerge branch 'hw-offload'
Tobias Brunner [Tue, 23 May 2017 15:00:04 +0000 (17:00 +0200)]
Merge branch 'hw-offload'

Allows enabling hardware offload for IPsec SAs as introduced by Linux 4.11
for specific hardware.

4 years agokernel-netlink: Update hardware offload attribute when SAs are updated
Tobias Brunner [Wed, 30 Nov 2016 09:46:21 +0000 (10:46 +0100)]
kernel-netlink: Update hardware offload attribute when SAs are updated

4 years agokernel-netlink: Base SA update on correct message in multi-message response
Tobias Brunner [Wed, 30 Nov 2016 09:27:10 +0000 (10:27 +0100)]
kernel-netlink: Base SA update on correct message in multi-message response

4 years agovici: Make hardware offload configurable
Tobias Brunner [Mon, 20 Jun 2016 13:29:47 +0000 (15:29 +0200)]
vici: Make hardware offload configurable

4 years agochild-sa: Optionally enable hardware offload for CHILD_SAs
Tobias Brunner [Mon, 20 Jun 2016 13:27:22 +0000 (15:27 +0200)]
child-sa: Optionally enable hardware offload for CHILD_SAs

4 years agochild-cfg: Add flag to enable hardware offload
Tobias Brunner [Mon, 20 Jun 2016 13:24:49 +0000 (15:24 +0200)]
child-cfg: Add flag to enable hardware offload

4 years agochild-cfg: Use flags for boolean options
Tobias Brunner [Wed, 10 May 2017 17:04:25 +0000 (19:04 +0200)]
child-cfg: Use flags for boolean options

Makes it potentially easier to add new flags.

4 years agokernel-netlink: Enable hardware offloading if configured for an SA
Tobias Brunner [Mon, 20 Jun 2016 13:14:40 +0000 (15:14 +0200)]
kernel-netlink: Enable hardware offloading if configured for an SA

4 years agokernel-ipsec: Add flag to enable hardware offloading for an IPsec SA
Tobias Brunner [Mon, 20 Jun 2016 12:59:38 +0000 (14:59 +0200)]
kernel-ipsec: Add flag to enable hardware offloading for an IPsec SA

4 years agoinclude: Update xfrm.h to include hardware offloading extensions
Tobias Brunner [Mon, 20 Jun 2016 12:55:53 +0000 (14:55 +0200)]
include: Update xfrm.h to include hardware offloading extensions