On the recently updated 2019 image, autoreconf is not found anymore, as
recent versions of msys2 don't ship autools with base-devel aymore, so
install the autotools package explicitly.
The commit mentioned below adds an AES-GCM default proposal for ESP. That
proposal does not include any ESN or non-ESN transform to indicate if
extended sequence numbers are supported.
A standards-compliant peer will include one or more ESN support transforms,
and will be unable to select this proposal due to a proposal mismatch.
Fix the default AES-GCM proposal by adding a NO_ESN algorithm. While ESN has
been supported in the Linux kernel for a while, having it in the default
proposal can be problematic with kernel-libipsec or on other platforms.
Fixes: c7bef954eec6 ("proposal: Add AES-GCM to the ESP default AEAD proposal")
Closesstrongswan/strongswan#868
strongSwan logs all syslog messages using LOG_INFO for historical reasons,
regardless of the strongSwan loglevel used producing the log message.
In some setups with advanced logging infrastructure, it may be feasible
to be more verbose when logging in strongSwan, but then filter messages
on the syslog server. While this may be possible by custom syslog filtering
rules matching the log level included with the log_level setting, this is
not super convenient.
So add a new map_level setting, which can map strongSwan loglevels to
syslog loglevels. By default this is disabled, keeping the existing
behavior. If enabled, it maps strongSwan loglevels to syslog loglevels
at a given syslog loglevel offset.
Closesstrongswan/strongswan#859
RFC3779 requires to validate the addrblocks of issuer certificates strictly,
that is, they must contain the extension and the claimed addrblock, up to
the root CA.
When working with third party root CAs that do not have the extension,
this makes using the plugin impossible. So add a depth setting that limits
the number of issuer certificates to check bottom-up towards the root CA.
A depth value of 0 disables any issuer check, the default value of -1
checks all issuers in the chain, keeping the existing behavior.
Closesstrongswan/strongswan#860
Without this, the authentication succeeded if the server sent an early
EAP-Success message for mutual, key-generating EAP methods like EAP-TLS,
which may be used in EAP-only scenarios but would complete without server
or client authentication. For clients configured for such EAP-only
scenarios, a rogue server could capture traffic after the tunnel is
established or even access hosts behind the client. For non-mutual EAP
methods, public key server authentication has been enforced for a while.
A server previously could also crash a client by sending an EAP-Success
immediately without initiating an actual EAP method.
Fixes: 0706c39cda52 ("added support for EAP methods not establishing an MSK")
Fixes: CVE-2021-45079
The logrotate function causes the apt history to be split into
several parts at arbitrary points in time. If history.log only
is parsed then some package installation changes stored in
zipped backup history files might get lost.
Thus sw-collector now searches all backup history files until
a date older than the current event stored in the collector.db
database is found, so that no entries get overlooked.
Using the trusted RSA or ECC Endorsement Key of the TPM 2.0 a
secure session is established via RSA public key encryption or
an ephemeral ECDH key exchange, respectively.
The session allows HMAC-based authenticated communication with
the TPM 2.0 and the exchanged parameters can be encrypted where
necessary to guarantee confidentiality.
Optionally load the legacy provider in OpenSSL 3 (enabled, by default) to
make algorithms like MD4 and DES available, which we require for
EAP-MSCHAPv2. Allow explicitly loading the fips provider via existing
fips_mode option. The loaded providers, whether influenced by the above
options or not, are logged.
Closesstrongswan/strongswan#759
We still require these algorithms for e.g. EAP-MSCHAPv2, so the option is
enabled, by default. To use other providers (e.g. fips or even custom
ones), the option can be disabled and the providers to load/activate can
be configured in openssl.cnf. For instance, the following has the same
effect as enabling the option:
openssl_conf = openssl_init
[openssl_init]
providers = providers
[providers]
default = activate
legacy = activate
[activate]
activate = yes
Improves handling failures during unit tests of libtls and includes a
change for the openssl plugin so it only announces ECDH groups for which
the library provides the required ECC curve.
Closesstrongswan/strongswan#752
Determined by whether the library provides curves for it or not.
For instance, in the OpenSSL 3 FIPS provider the Brainpool curves are
not included. And in the Fedora package several weak curves are
explicitly patched out and the Brainpool curves are omitted even in
non-FIPS mode.
In particular as server, the previous code might cause it to hang in
recv() if this case wasn't triggered by a close notify (followed by a
shutdown of the socket) but it e.g. failed processing a ServerHello and
responded with a fatal alert.
Fixes: 09fbaad6bd71 ("tls-socket: Don't fail reading if sending data failed")
This is useful for kernel implementations where the ordering of SAs
is unpredictable and the new SA might otherwise not be used until the
DELETE response has been received, which is not ideal as the responder
might not keep the old SA around that long. On Linux, it makes no
difference as we switch to the new outbound SA immediately because the
updated outbound policy references its SPI.
Use a Debian-based Docker container to run the unit tests for charon-tkm,
once without and once with TKM running. The container can also be used
locally to run the tests (see comments in the Dockerfile).
This way we can run many unit tests without having to run the TKM in the
background and as regular user. To run the other tests, TESTS_TKM can
optionally be defined when running `make check`.
