aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Improved legibility of swanctl CRL listings5.3.3dr1Andreas Steffen2015-07-221-1/+4
|
* testing: Updated loop ca certificatesAndreas Steffen2015-07-2212-25/+77
|
* testing: Added swanctl --list-authorities output to do-testsAndreas Steffen2015-07-221-1/+5
|
* testing: Updated all swanctl scenarios and added some new onesAndreas Steffen2015-07-22102-104/+1744
|
* tests: Introduced IPV6 flag in tests.confAndreas Steffen2015-07-2120-1/+77
|
* tests: Introduced SWANCTL flag in test.confAndreas Steffen2015-07-219-23/+57
|
* tests: fixed evaltest of swanctl/rw-cert scenarioAndreas Steffen2015-07-211-2/+2
|
* tests: fixed description of swanctl ip-pool scenariosAndreas Steffen2015-07-212-9/+8
|
* Version bump to 5.3.3dr1Andreas Steffen2015-07-211-1/+1
|
* vici: Certification Authority support added.Andreas Steffen2015-07-2119-15/+1553
| | | | | | CDP and OCSP URIs for a one or multiple certification authorities can be added via the VICI interface. swanctl allows to read definitions from a new authorities section.
* vici: Compute rekey_bytes and rekey_packets if life_bytes and life_packets ↵Andreas Steffen2015-07-201-6/+20
| | | | are defined
* testing: Do not attempt to start the test environment if hosts are still runningTobias Brunner2015-07-151-0/+1
|
* ike-sa-manager: Safely access the RNG instance with an rwlockTobias Brunner2015-07-141-5/+16
| | | | | | | | | | | Threads might still be allocating SPIs (e.g. triggered by an acquire or an inbound message) while the main thread calls flush(). If there is a context switch right after such a thread successfully checked this->rng in get_spi() and the main thread destroys the RNG instance right then, that worker thread will cause a segmentation fault when it continues and attempts to call get_bytes(). Fixes #1014.
* vici: Asynchronize debug loggingMartin Willi2015-07-121-1/+47
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The vici logger uses the listener_t.log() callback to raise vici events. When doing so, it holds the bus lock as reader while acquiring the vici socket mutex (1). If at the same time the vici socket enables a writer, that thread tries to lock the watcher mutex (2). The watcher thread uses debugging while holding the lock, i.e. acquires the bus read lock (3). (1) bus.rlock -> vici.lock! (2) vici.lock -> watcher.lock! (3) watcher.lock -> bus.rlock! This all actually would resolve just fine, as we have a shared read lock on the bus. However, under Windows we seem to have a strict writer preference when acquiring the rwlock (4). This results in blocking read locks until any pending write lock can be fulfilled, and makes the constellation deadlock. The relevant threads are: Thread (1) 6 0x71313d25 in wait_ at threading/windows/mutex.c:137 7 0x7054c8a2 in find_entry at vici_socket.c:201 8 0x7054d690 in send_ at vici_socket.c:624 9 0x7054f6c1 in send_op at vici_dispatcher.c:119 10 0x705502c1 in raise_event at vici_dispatcher.c:469 12 0x704c3878 in log_cb at bus/bus.c:332 13 0x712c7c3a in invoke_function at collections/linked_list.c:414 14 0x704c3a63 in vlog at bus/bus.c:400 15 0x704c3b36 in log_ at bus/bus.c:430 18 0x70508f1f in process_response at sa/ikev2/task_manager_v2.c:664 20 0x704f5430 in process_message at sa/ike_sa.c:1369 21 0x704e3823 in execute at processing/jobs/process_message_job.c:74 22 0x712e629f in process_job at processing/processor.c:235 Thread (2) 4 0x71313b61 in lock at threading/windows/mutex.c:66 5 0x712e81fd in add at processing/watcher.c:441 6 0x712e1ab9 in add_watcher at networking/streams/stream.c:213 7 0x712e1b4d in on_write at networking/streams/stream.c:237 8 0x7054d606 in _cb_enable_writer at vici_socket.c:609 9 0x712e5e34 in execute at processing/jobs/callback_job.c:77 10 0x712e629f in process_job at processing/processor.c:235 Thread (3) 3 0x71313f38 in read_lock at threading/windows/rwlock.c:74 4 0x704c3971 in vlog at bus/bus.c:373 5 0x704cc156 in dbg_bus at daemon.c:126 6 0x712e7bf9 in watch at processing/watcher.c:316 7 0x712e5e34 in execute at processing/jobs/callback_job.c:77 8 0x712e629f in process_job at processing/processor.c:235 Thread (4) 3 0x71313f70 in write_lock at threading/windows/rwlock.c:82 4 0x704c378b in remove_logger at bus/bus.c:290 5 0x704cb284 in listener_unregister at control/controller.c:166 6 0x713136cd in thread_cleanup_pop at threading/windows/thread.c:558 8 0x704cb94e in initiate at control/controller.c:435 9 0x70553996 in _cb_initiate at vici_control.c:187 12 0x7054d200 in _cb_process_queue at vici_socket.c:508 13 0x712e5e34 in execute at processing/jobs/callback_job.c:77 14 0x712e629f in process_job at processing/processor.c:235 To avoid such a situation, we dissolve the (1) lock sequence. It's actually never good practice to acquire shared locks during bus hooks, as it is problematic if we raise bus events while holding the lock. We do so by raising vici events for log message asynchronously, but of curse must keep log order as is using a synchronized queue.
* Merge branch 'chapoly'Martin Willi2015-07-1244-32/+2657
|\ | | | | | | | | Add ChaCha20/Poly1305 AEAD support in IKEv2 and libipsec ESP through the chapoly plugin, and in kernel ESP SAs starting with Linux 4.2.
| * NEWS: Add ChaCha20/Poly1305 newsMartin Willi2015-07-121-0/+8
| |
| * testing: Enable AESNI/PCLMULQD in moon/sun guests, if supportedMartin Willi2015-07-122-0/+10
| |
| * testing: Do not overwrite kernel configuration if it already existsMartin Willi2015-07-121-1/+4
| | | | | | | | | | This allows us to do changes to the kernel configuration using menuconfig and friends, and update the kernel with make-testing.
| * testing: Extract and patch each kernel version only onceMartin Willi2015-07-121-8/+11
| | | | | | | | | | | | This allows us to do modifications to the kernel tree and rebuild that kernel using make-testing. We can even have a git kernel tree in a directory to do kernel development.
| * testing: Build with --enable-chapolyMartin Willi2015-07-121-0/+1
| |
| * libipsec: Add a unit-test for ESP encryption using ChaCha20Poly1305Martin Willi2015-07-123-0/+139
| |
| * libipsec: Add a unit-test test runnerMartin Willi2015-07-126-8/+94
| |
| * unit-tests: Add a IKEv2 message encryption test caseMartin Willi2015-07-123-0/+140
| | | | | | | | | | It uses the ChaCha20Poly1305 test vectors from draft-ietf-ipsecme-chacha20-poly1305-06.
| * unit-tests: Increase failure message buffer to hold larger hex dumpsMartin Willi2015-07-122-2/+2
| |
| * unit-tests: Forward variable argument list in TEST_SUITE_DEPENDMartin Willi2015-07-125-10/+10
| | | | | | | | | | For some plugin features, such as crypters or AEADs, we have some additional feature arguments, such as the key size.
| * unit-tests: Load libstrongswan plugins in libcharon testsMartin Willi2015-07-122-0/+16
| |
| * chapoly: Process two Poly1305 blocks in parallel in SSSE3 driverMartin Willi2015-07-121-85/+291
| | | | | | | | | | | | | | | | | | | | By using a derived key r^2 we can improve performance, as we can do loop unrolling and slightly better utilize SIMD instructions. Overall ChaCha20-Poly1305 performance increases by ~12%. Converting integers to/from our 5-word representation in SSE does not seem to pay off, so we work on individual words.
| * chapoly: Process four ChaCha20 blocks in parallel in SSSE3 driverMartin Willi2015-07-121-16/+207
| | | | | | | | | | As we don't have to shuffle the state in each ChaCha round, overall performance for ChaCha20-Poly1305 increases by ~40%.
| * chapoly: Add an SSSE3 based driverMartin Willi2015-06-294-1/+514
| | | | | | | | | | | | | | | | | | | | | | | | | | We always build the driver on x86/x64, but enable it only if SSSE3 support is detected during runtime. Poly1305 uses parallel 32-bit multiplication operands yielding a 64-bit result, for which two can be done in parallel in SSE. This is minimally faster than multiplication with 64-bit operands, and also works on 32-bit builds not having a __int128 result type. On a 32-bit architecture, this is more than twice as fast as the portable driver, and on 64-bit it is ~30% faster.
| * configure: Check if building against a x86/x64 architectureMartin Willi2015-06-291-0/+16
| | | | | | | | This allows us to include compiler flags specific for them, such as MMX/SSE.
| * chapoly: Add a ChaCha20/Poly1305 driver implemented in portable CMartin Willi2015-06-294-0/+488
| |
| * chapoly: Provide a generic ChaCha20/Poly1305 AEAD supporting driver backendsMartin Willi2015-06-299-0/+683
| |
| * test-vectors: Add some initial ChaCha20/Poly1305 AEAD test vectorMartin Willi2015-06-293-0/+112
| |
| * kernel-netlink: Add ChaCha20-Poly1305 AEAD supportMartin Willi2015-06-291-0/+2
| |
| * libipsec: Create AEAD with four byte salt for ChaCha20-Poly1305Martin Willi2015-06-291-0/+1
| |
| * ikev2: Derive additional 4 byte CHILD_SA nonce keymat for ChaCha20-Poly1305Martin Willi2015-06-291-0/+1
| |
| * ikev2: Use four byte salt for ChaCha20-Poly1305 AEADMartin Willi2015-06-291-0/+1
| |
| * proposal: Add a chacha20poly1305 proposal keywordMartin Willi2015-06-291-0/+1
| |
| * crypter: Define a ChaCha20/Poly1305 AEAD algorithm identifierMartin Willi2015-06-293-3/+7
|/
* capabilities: Handle ERANGE in user and group lookupsTobias Brunner2015-06-231-12/+48
| | | | | | | | | | | | | | As it turns out, getpwnam_r, getgrnam_r, and friends will return ERANGE if _any_ user or group on the system is larger than will fit into the scratch buffer you pass to them. This reworks the resolve_uid and resolve_gid methods plus init_supplementary_groups to use a variable-size buffer that is grown until the results fit. Based on a patch by Evan Broder. Closes strongswan/strongswan#12.
* osx: Version bump to 5.3.2-1Martin Willi2015-06-181-1/+1
|
* osx: Use CodeSignOnCopy for privileged helper, as suggested by XCodeMartin Willi2015-06-181-2/+2
|
* charon-xpc: Use DNS non-append/replace mode in osx-attr pluginMartin Willi2015-06-181-0/+2
|
* osx-attr: Optionally replace existing DNS server instead of appending themMartin Willi2015-06-181-3/+27
|
* Remove accidentally added stamp-h1Tobias Brunner2015-06-151-1/+0
| | | | Was added in bc4748832395 ("Add a return value to prf_t.get_bytes()").
* settings: Fix out-of-tree buildTobias Brunner2015-06-111-1/+1
| | | | | The header file was created in the source directory before, where it wasn't found by the generated C files in the build directory.
* stroke: Add missing include for UINT16_MAXTobias Brunner2015-06-092-0/+2
| | | | | | Fixes the build on FreeBSD. Fixes #988.
* Version bump to 5.3.25.3.2Andreas Steffen2015-06-081-1/+1
|
* NEWS: Add info about CVE-2015-4171Tobias Brunner2015-06-051-0/+10
|
* ikev2: Enforce remote authentication config before proceeding with own ↵Martin Willi2015-06-051-0/+44
| | | | | | | | | | | | | | | | | | | | | | | | authentication Previously the constraints in the authentication configuration of an initiator were enforced only after all authentication rounds were complete. This posed a problem if an initiator used EAP or PSK authentication while the responder was authenticated with a certificate and if a rogue server was able to authenticate itself with a valid certificate issued by any CA the initiator trusted. Because any constraints for the responder's identity (rightid) or other aspects of the authentication (e.g. rightca) the initiator had were not enforced until the initiator itself finished its authentication such a rogue responder was able to acquire usernames and password hashes from the client. And if a client supported EAP-GTC it was even possible to trick it into sending plaintext passwords. This patch enforces the configured constraints right after the responder's authentication successfully finished for each round and before the initiator starts with its own authentication. Fixes CVE-2015-4171.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 12:47:44 +0000