The functional reference created by ENGINE_init() was never released,
only the structural one created by ENGINE_by_id(). The functional
reference includes an implicit structural reference, which is also
released by ENGINE_finish().
Closesstrongswan/strongswan#119.
Makes sure to adopt active and queued Quick Mode tasks if the peer
reauthenticates the IKE_SA while creating lots of CHILD_SAs.
Closesstrongswan/strongswan#117.
This is particularly important for higher number of segments, but even
with small numbers there is a significant difference. For instance,
with 4 segments the fourth segment had no IPs assigned with the old
code, no matter how large the pool, because none of the eight bits used
for the segment check hashed/mapped to it.
Upcoming versions of FreeBSD will include an SADB_X_EXT_SA2 extension in
acquires that contains the reqid set on the matching policy. This allows
handling acquires even when no policies are installed (e.g. to work with
FreeBSD's implementation of VTI interfaces, which manage policies
themselves).
Same issue with signature malleability as with Ed25519 and apparently
OpenSSL doesn't even explicitly verify that the most significant 10 bits
are all zero.
As per RFC 8032, section 5.1.7 (and section 8.4) we have to make sure s, which
is the scalar in the second half of the signature value, is smaller than L.
Without that check, L can be added to most signatures at least once to create
another valid signature for the same public key and message.
This could be problematic if, for instance, a blacklist is based on hashes
of certificates. A new certificate could be created with a different
signature (without knowing the signature key) by simply adding L to s.
Currently, both OpenSSL 1.1.1 and Botan 2.8.0 are vulnerable to this, which is
why the unit test currently only warns about it.
OpenSSL 1.1.1 introduces DRGBs and provides two sources (same security
profile etc. but separate internal state), which allows us to use one for
RNG_WEAK (e.g. for nonces that are directly publicly visible) and the other
for stronger random data like keys.
While X25519 was already added with 1.1.0a, its use would be a lot more
complicated, as the helpers like EVP_PKEY_new_raw_public_key() were only
added in 1.1.1, which also added X448.
In case a subnet is moved from one interface to another the policies can
remain as is but the route has to change. This currently doesn't happen
automatically and there is no option to update the policy or route so
removing and reinstalling the policies is the only option.
Fixes#2820.
The peer might not have seen the CREATE_CHILD_SA response yet, receiving a
DELETE for the SA could then trigger it to abort the rekeying, causing
the deletion of the newly established SA (it can't know whether the
DELETE was sent due to an expire or because the user manually deleted
it). We just treat this SA as if we received a DELETE for it. This is
not an ideal situation anyway, as it causes some traffic to get dropped,
so it should usually be avoided by setting appropriate soft and hard limits.
References #2815.
Because the file is not available on all platforms the inclusion comes
after the user options in order to disable including it. But that means
the inclusion also follows after the defined scanner states, which are
generated as simple #defines to numbers. If the included unistd.h e.g.
uses variables in function definitions with the same names this could
result in compilation errors.
Interactive mode has to be disabled too as it relies on isatty() from
unistd.h. Since we don't use the scanners interactively, this is not a
problem and might even make the scanners a bit faster.
Fixes#2806.
The sonarcloud build runs a long time now (the win32/64 builds are also
a lot slower on xenial), which increases the overall time a build takes
because we can't run these before regular matrix jobs run. So we do a
manual matrix expansion to control the order of jobs (slower first).
This also removes the TEST=default build with GCC as that's basically
what TEST=dist does (except for forcing the printf implementation)
On Nov 12, the scanner was updated and now takes a lot more time (about
3 times as much). Using two threads reduces it a bit (by about 25%).
Using even more threads doesn't help or even increases the time again.
The automatically determined path for systemd units is an absolute system
path that doesn't respect $(prefix). That's a problem for make distcheck,
which is usually ran as regular user and it's not expected to have any
impact on the system (it does a local install in a subdir). To avoid
these issues we override the configure flags used by make distcheck and
set the path to one relative to the specified prefix.
According to gcrypt.h these callbacks are not used anymore since
version 1.6 and with clang these actually cause deprecation warnings
that let the build on travis (-Werror) fail.
