This adds a symbol with the current version number to all existing
plugins (the PLUGIN_DEFINE() macro makes this easy). The version is
checked when a plugin is loaded from a file in order to prevent loading
old plugins from any previous build, which could cause all sorts of
issues.
References strongswan/strongswan#2835
This prevents loading plugins from older builds that can cause all sorts
of issues as they might access struct members in different locations.
We don't check the version for statically linked plugins.
When built with static plugins and constructors, we might still want to
be able to load external plugins.
Fixes: d860c26e9533 ("plugin-loader: Properly support compilation without dlopen()/dlsym() etc.")
If an uncompressed point is already unwrapped (incorrect but some tokens/
modules do this) and therefore still looks like an ASN.1 octet string,
there could be false positives with the previous checks that lead to
mangled points.
By ensuring that we unwrapped the complete ASN.1 chunk, we can already
reduce the false positive rate when the assumed length is smaller than
the chunk, which we previously accepted but isn't the case in correctly
encoded points.
And while we already checked that the first byte indicates a valid point
type/encoding, there could still be false positives. We can avoid those
with some checks on the length of the unwrapped point. In particular,
enforcing a multiple of 4/8 should fail for valid unwrapped points where
three bytes were removed in the process (ASN.1 tag and length, point
encoding).
Closesstrongswan/strongswan#2872
If an entry is added while we wait for a checked out SA in flush() (e.g.
due to an action performed by that SA), new entries might get inserted
before the one we wait for. If that was the first entry in the row, we
didn't correctly update the table and the new entries were basically lost
by overwriting the first entry in the row. As the SA count was still
increased but the new entries couldn't get enumerated, the daemon wasn't
terminated properly but was stuck in the loop in flush().
We keep MD5 enabled for now as we need it for TLS 1.0/1.1. Once we
remove that we can reconsider (although, it's also needed for EAP-MD5
and since MD4 is disabled as well, which means EAP-MSCHAPv2 won't
be available, we'd be left with only EAP-GTC for simple username/password
authentication, which nobody else supports).
This will allow us to compare new library versions against previous ones,
so we don't suddenly loose some algorithms like it happened with KDFs
recently after updating OpenSSL to 3.5.1.
If a unit test times out while generating a private key (e.g. because of
a lack of entropy), this avoids a deadlock by still releasing the read
lock that'd prevent acquiring the write lock when plugins are unloaded.
Closesstrongswan/strongswan#2850
Was apparently forgotten when support was added to the attr plugin
with 98a3ba8a5a16 ("attr: Add p-cscf keyword for P-CSCF server addresses").
For consistency, using an underscore like the `split*` options and not a
dash like in the attr plugin.
References strongswan/strongswan#2396
Apparently, some clients (e.g. native Android) just send an empty
EAP-Identity response. We silently ignored that previously and then
used the IKE identity for the actual EAP method. This change tries to
do something similar (i.e. don't fail if the response is empty), but by
assuming the IKE identity as EAP-Identity, we match that and possibly
can switch configs.
Closesstrongswan/strongswan#2833
Fixes: 2f2e4abe3c52 ("ikev2: Add support to switch peer configs based on EAP-Identities")
Avoid generating versioned shared objects which would need to be
installed along with the version-independent symlink by specifying
"-avoid-version" in the libtool LDFLAGS for the plugin. Avoid any
unwanted surprises by also specifying the "-module" option, making the
LDFLAGS consistent with all other libstrongswan plugins.
Closesstrongswan/strongswan#2844
Use watcher and non-blocking I/O for client connections to avoid issues
with clients that stay connected for a long time.
Closesstrongswan/strongswan#2827
This now adds some state (basically a message buffer), but simplifies
error handling as we don't have to handle two potential failure paths
and could avoid some potential issues by still calling the blocking
read_all().
It also fixes a memory leak when clients disconnect.
Performing a stream read_all call (which is a blocking read) from
within the accept callback has the issue that if a whitelist client is
still connected whilst a shutdown of the charon deamon is triggered
then that shutdown won't complete gracefully due to the accept task
never exiting.
So fix shutting down gracefully by using the socket watcher rather than
a blocking read upon connection accept. Fall back to a blocking read
for partial messages to avoid the complexity associated (i.e. storing
state) for incomplete reads, which shouldn't block and cause the
original problem if the client only sends whole messages.
With a long delay, the retransmit might not get sent before further tests
are evaluated on faster machines, while more retransmits should still allow
the scenario to succeed on slower ones.
Setting the salt to NULL now fails, so we set it to hash length's zeroes,
which is the default value for HKDF-Extract if no salt is passed.
Fixesstrongswan/strongswan#2828
