Branch :
| Author | Commit | Date | CI | Message |
|---|---|---|---|---|
| 8172eb65 | 2024-08-17 03:28:22 | Fix some memory leaks in the RADIUS part. ok tobhe | ||
| 3a580dd9 | 2024-08-08 03:58:53 | Fix a typo in log message. | ||
| ee519c7f | 2024-07-18 08:58:59 | Fix memory leaks and improve id handling of iked_radserver_req. original diff from markus ok tobhe | ||
| f294d01e | 2024-07-14 13:13:33 | Fail explicitly on unexptected imsg->hdr_type. Otherwise the following comparison is undefined. | ||
| 65246e30 | 2024-07-13 14:28:27 | NULL check must be inside the loop. found tobhe ok tobhe | ||
| 4fa86b90 | 2024-07-13 14:19:09 | Fix radius.c again^2. Cancel previous and revert the latest one (sent to tech@). | ||
| a07498b0 | 2024-07-13 14:08:53 | Fix radius.c again. Previous was old one. | ||
| 260e310e | 2024-07-13 12:58:51 | grammar/macro fixes for the radius text; | ||
| 37e26f97 | 2024-07-13 12:25:07 | Fix radius.c. Previous it was broken. | ||
| f36db9c4 | 2024-07-13 12:22:46 | Add RADIUS support. Authentication, accounting, and "Dynamic Authorization Extensions"(DAE) are supported. feedback markus stu ok tobhe | ||
| ce50f388 | 2024-07-01 14:15:15 | Enclose IPv6 address in a square bracket if the address is used with the port number. ok florian tobhe | ||
| a65418df | 2024-06-18 05:08:41 | iked: do not attempt to read multiple SANs No extension in a valid certificate appears more than once per RFC 5280 section 4.2. So don't go walking the extension stack and try to inspect multiple subject alternative names because crappy OpenSSL API encourages you to do so. Instead call the API in the only correct way possible and report multiple SANs in log_info(). This is unlikely to be hit since the extension caching in LibreSSL has rejected repeated OIDs in a cert for a long time. ok tobhe | ||
| ce7279d8 | 2024-05-21 05:00:47 | remove prototypes with no matching function and externs with no var partly checked by millert@ | ||
| 1e39d8b8 | 2024-04-25 14:24:54 | add fstat() call removed in 1.145 to avoid uninitialised var use ok tobhe@ | ||
| 38100d85 | 2024-04-13 15:58:10 | check group and world permissions of iked psk files Similar to the permission checks performed on iked.conf(5) due to the possibility of it containing inline psk strings, require psk files to not be group writable or world read-writable. ok tobhe@ | ||
| 3a5505f2 | 2024-04-13 12:11:08 | document "psk file path" notation; from josh rickmar ok tobhe | ||
| 2269e292 | 2024-04-09 15:48:01 | Sync removal of setsid(), setpgid() and a few dup2() from relayd. They are redundant since we call daemon() earlier. ok bluhm@ | ||
| 2a1b6222 | 2024-04-08 12:50:05 | Move daemon() after proc_setup() to sync with other proc.c daemons. | ||
| 49012907 | 2024-04-02 19:58:28 | Add check to make sure EAP header length matches expected payload length. ok markus@ yasuoka@ | ||
| 6805d3cd | 2024-03-24 00:14:19 | Remove radius.c which is added mistakenly and under review. | ||
| 142156d0 | 2024-03-24 00:05:01 | Allow zero-length identity response ok tobhe | ||
| 3e9ba4a2 | 2024-03-21 22:08:49 | Avoid redundant allocation in ikev2_prfplus() from markus@ | ||
| 2117af45 | 2024-03-02 16:16:07 | Trigger retransmission only for fragment 1/x, otherwise each received fragment can trigger retransmission of the full fragment queue. From RFC7383, 2.6.1: "[...] that even MUST only trigger a retransmission of the response message (fragmented or no) if the Fragment Number field in the received fragments is set to 1; otherwise, it MUST be ignored." from markus | ||
| ca9bf0ec | 2024-03-02 15:55:58 | Bump to OpenIKED 7.4 | ||
| 8e8f56e9 | 2024-02-15 20:10:45 | Introduce new IMSG_CTL_PROCREADY which is used to signal that all pipes are set up by child processes. The parent sends a ping to all children and only starts once it has received an acknowledgement from all of them. This fixes a race condition on process startup when the parent starts running before all children are ready. From markus@ | ||
| ac16f2e6 | 2024-02-15 19:11:00 | Delay enabling sockets until ikev2 process is ready. from markus@ | ||
| 48f91964 | 2024-02-15 19:04:12 | Remove unused control_socks queue. from markus@ | ||
| 3fdfc9aa | 2024-02-13 12:25:11 | Control startup of PROC_CERT and PROC_IKEV2. Currenly PROC_PARENT sends the configuration to both PROC_CERT and PROC_IKEV2 and finishes by sending IMSG_CTL_ACTIVE to PROC_IKEV2. However, when PROC_IKEV2 receives IMSG_CTL_ACTIVE it does not know the state of PROC_CERT: PROC_CERT might not have processed the initial configuration while PROC_IKEV2 already sends requests to PROC_CERT, causing failed requests, or even crashes (NULL deref of ca_certs). In order to make sure that PROC_CERT is ready before IMSG_CTL_ACTIVE is sent to PROC_IKEV2 that startup protocol is changed as follows: (1) PROC_PARENT sends configuration to both PROC_CERT and PROC_IKEV2 (2) PROC_PARENT sends IMSG_CTL_ACTIVE to PROC_CERT (3) PROC_CERT acks IMSG_CTL_ACTIVE by sending it back to PROC_PARENT (4) PROC_PARENT now knows that PROC_CERT is ready and has processed all messages from step (1) (5) PROC_PARENT sends IMSG_CTL_ACTIVE to PROC_IKEV2 and knows that IMSG_CTL_ACTIVE will be processed by PROC_IKEV2 after all messages from step (1) (6) PROC_IKEV2 can now assume that PROC_CERT is ready because it has already processed IMSG_CTL_ACTIVE from markus@ | ||
| 83dbb6ac | 2024-02-06 13:10:56 | Pass struct iked directly to ca_reset() instead of passing it via ps discussed with markus@ | ||
| aea1f3b7 | 2024-02-03 00:54:14 | fix off-by-one in bounds test found by "buffer overflow 'peerxfs' 6 <= 6" smatch error tobhe@ had a remote peer attempt a transform type of 6 and it is caught by earlier checks before getting here. ok tobhe@ | ||
| b8e36cff | 2024-02-03 00:38:08 | correct buffer size argument to snprintf in print_proto() found by "snprintf() is printing too much 8192 vs 1024" smatch error ok tobhe@ stsp@ | ||
| 0fbd6532 | 2024-01-24 10:09:07 | Use per connection peerid for control replies instead of 'broadcasting' replies for 'ikectl show sa' and similar control requests, we now assign a uniq peerid to each request and pass this peerid between the processes so the reply can be sent on the matching connection. from markus@ | ||
| fecd42b7 | 2024-01-17 08:25:02 | Convert to use imsg_get_fd() proc_forward_imsg() does not need to forward file descriptors so just use -1 there. In other places shuffle debug messages around or use a helper variable since imsg_get_fd() can only be called once. OK tb@ tobhe@ | ||
| 66dcd64f | 2024-01-15 21:37:58 | Add debug message for no policy found. In this case iked would just silently drop incomming connections. Thus, the user has a chance to figure out whats going on. ok tobhe@ | ||
| 73cd769d | 2024-01-15 15:29:00 | Include cert_partial_chain in iked_static instead of sending a separate message. from markus@ | ||
| c45f3621 | 2023-12-12 15:52:58 | ibuf_getdata() abuses the rpos from the ibuf. This is no longer allowed and breaks because ibuf_seek() now uses rpos itself. Now this is just ibuf_get_ibuf() with an extra allocation done. OK tobhe@ tb@ | ||
| 8af78bff | 2023-11-24 14:43:00 | Empty IKEv2 DPD messages should not contain extra NONE payloads from markus@ | ||
| 203153b6 | 2023-11-10 08:03:02 | Always prefer group from initial KE payload as responder if supported. from markus@ | ||
| 705c0eb9 | 2023-09-02 18:36:30 | Make sure cert_type is not 0 to prevent leak of certid->id_buf. Found by David Linder ok patrick@ | ||
| f357fd05 | 2023-09-02 18:16:02 | Remove unneccessary id == NULL check after dereferencing it. id can never be NULL here. Found by tb@ | ||
| 3cd1d0b5 | 2023-08-14 12:02:02 | Improve error message when if_indextoname() fails. | ||
| 62220633 | 2023-08-14 11:55:03 | Add explicit NULL checks for sa_cp_addr and sa_cp_addr6. | ||
| 1c18b693 | 2023-08-11 11:24:55 | Add iked support for route based sec(4) tunnels. To use sec(4) instead of policy based tunnels, create a sec(4) interface and add 'iface secXX' to your policy config. sec(4) interfaces also support auto configuration for dynamic client IPs via 'request any' like all other interfaces. The config won't work without traffic selectors, 'from any to any' should work for now but I plan to make this optional in the future. ok dlg@ | ||
| eef6c82a | 2023-08-04 19:06:25 | Convert calls to ibuf_length() where it is clear that the ibuf is not NULL to ibuf_size(). In some cases it is clear that the ibuf pointer should just be checked for NULL since afterwards a new ibuf is allocated in its place. OK tb@ | ||
| dca9e784 | 2023-07-28 11:23:03 | Implement print_hexbuf() to hexdump the contents of an ibuf. OK tb@ | ||
| a699afca | 2023-07-28 07:31:38 | Use ibuf_data() instead of accessing the ibuf buf pointer directly. Also convert some ibuf_add(() calls to ibuf_add_buf() where appropriate. OK tobhe@ tb@ | ||
| f6f27851 | 2023-07-18 15:07:41 | Kill ibuf_cat() since there is now ibuf_add_buf() in the official API. OK tb@ tobhe@ | ||
| bd027751 | 2023-07-16 15:21:46 | Merge ibuf_get() with ibuf_getdata() and rename it to ibuf_getdata(). Also replace a ibuf_reserve() call with ibuf_add_zero() and remove a buf->buf == NULL check in ibuf_length() since it is not necessary. OK tobhe@ tb@ | ||
| a30a01d6 | 2023-06-28 14:10:24 | Add support to verify X509 chain from CERT payloads. Encode cert and intermediate CAs in new cert bundle object, so the information can be passed to the ca process in one step. Pass untrusted intermediates to X509_verify_cert(). From markus@ | ||
| 1fee06b0 | 2023-06-28 12:31:19 | Don't call daemon() after proc_init(), otherwise the child processes would lose their parent. ok tobhe@ | ||
| 8d3b03ab | 2023-06-25 08:07:04 | remove ca_sslinit() it's a noop; nowadays both LibreSSL and OpenSSL libcrypto and libssl initialize themselves automatically before doing anything. spotted by tb, ok tb tobhe | ||
| 19778535 | 2023-06-19 17:19:50 | Improve the ibuf API by adding these functions: Functions extending ibuf_add to work with more specific data types ibuf_add_buf, ibuf_add_zero, ibuf_add_n8, ibuf_add_n16, ibuf_add_n32, ibuf_add_n64 Functions replacing ibuf_seek where data at a specific offset is modified ibuf_set, ibuf_set_n8, ibuf_set_n16, ibuf_set_n32, ibuf_set_n64 Functions to check, get and set the filedescriptor stored on the ibuf ibuf_fd_avail, ibuf_fd_get, ibuf_fd_set and ibuf_data() to access the data buffer, to be used together with ibuf_size() On top of this add an optimized imsg_compose_ibuf() where an ibuf is wrapped into an imsg in an efficent way. Finally remove msgbuf_drain since it is not used by anything outside of the ibuf code. Because of this removal bump the major of libutil. Remove ibuf_data() in iked since the same function is now provided by libutil. OK tb@ | ||
| 12336157 | 2023-06-17 22:33:34 | Fix leak of key.id_buf in pubkey auth case. from markus | ||
| a8c4b3e4 | 2023-06-16 10:28:43 | Now that print_host() is unused, rename it to print_addr() and simplify. ok claudio tobhe | ||
| d58c1766 | 2023-06-14 14:09:29 | Replace the last few print_host() calls with print_addr() ones. In most cases print_host(addr, buf, buflen) can be replaced with strlcpy(buf, print_addr(addr), buflen). Some code was never fully adjusted to the full power of print_host() and there are remnants of times well before print_host() supported multiple internal buffers. With and OK tb@ | ||
| 14e2a040 | 2023-06-13 12:34:12 | iked: introduce and use print_addr() The vast majority of print_host() callers cast the first argument (usually a sockaddr_storage *) to (struct sockaddr *) and pass both a NULL buffer and 0 length. Cast and useless arguments lead to awkward line wrapping in many places. Clean this up by introducing a helper. Make this helper take a void pointer, so all casts go away. ok claudio kn tobhe | ||
| 6f8f5de9 | 2023-06-13 08:45:41 | Fix FILE leak in error path. If flowf is NULL then fclose(spif) must be called. Split up the error check from if (spif == NULL || flowf == NULL) to individual checks since that is easier to read. Noticed by markus@, OK tb@ | ||
| c308a74e | 2023-06-12 09:02:31 | Use stdio open_memstream(3) to build up log strings instead of trying to abuse ibufs for that. Using stdio for this has the benefit of using any stdio function to build up strings including fprintf(). With and OK tb@ | ||
| 09afe4dc | 2023-06-06 16:09:35 | Use same pattern to work with offset by using a uint8_t pointer that is loaded with ibuf_data(). This is by no means better but allows to switch ibuf_data() to return void *. OK tb@ | ||
| 5001b11b | 2023-06-06 13:27:49 | Use ibuf_seek() instead of ibuf_data() + offset constructs. Effect is the same in these cases. OK tb@ | ||
| 37e80bc6 | 2023-05-30 08:41:15 | Replace the one use of ibuf_prepend() using a similar ibuf_new() + ibuf_cat() method but instead of overwriting ibuf internals replace the buf a level up. Users of ikev2_msg_send() are not allowed to hold and reuse a pointer to msg_data (which is another footgun to disarm at some point). OK tb@ | ||
| 56c4e216 | 2023-05-23 13:57:14 | Replace ibuf_advance() with ibuf_reserve(). OK tobhe@ tb@ kn@ | ||
| be2b38f5 | 2023-05-23 13:12:19 | Replace ibuf_release() with ibuf_free() since the former just calls the latter OK kn@ tb@ | ||
| 022b5824 | 2023-05-23 12:43:26 | There is no need to ibuf_zero() or memset() any buffers. More cleanup will follow. OK tobhe@ | ||
| 7205d30f | 2023-04-19 13:33:37 | remove duplicate includes | ||
| 959c447e | 2023-03-30 17:20:53 | i2d_ECDSA_SIG() may return a negative value in case of error. Do no use this as length in iked(8) _dsa_verify_prepare(). OK tobhe@ tb@ | ||
| 6c7adf91 | 2023-03-10 19:26:06 | Fix possible leak of spibuf and flowbuf in error case. ok patrick@ bluhm@ | ||
| 5b133f3f | 2023-03-08 04:43:04 | Delete obsolete /* ARGSUSED */ lint comments. ok miod@ millert@ | ||
| e8e9d77f | 2023-03-05 22:17:22 | Fix clean process shutdown by storing env globally like vmd and httpd do instead of getting it from p_ps. The old approach does not work anymore after the recent fork + exec update. ok patrick@ | ||
| a7dbf4ae | 2023-03-04 22:22:50 | Sync proc.c from vmd(8) to enabled fork + exec for all processes. This gives each process a fresh and unique address space to further improve randomization of ASLR and stack protector. ok bluhm@ patrick@ | ||
| c1868907 | 2023-02-15 20:44:01 | proc_ispeer() is not used anywhere anymore so remove it everywhere. ok florian@ bluhm@ ok for vmd mlarkin@ | ||
| 6ce4deec | 2023-02-10 19:51:08 | Add support for configuring multiple name servers as roadwarrior client. This allows us to have a fallback in case one connection fails. Tested by Ryan Kavanagh ok patrick@ | ||
| 2eafc8b4 | 2023-02-08 20:10:34 | iked: remove another unused variable It is not entirely obvious if some logic was forgotten or if that variable was added for debug logging or... Be that as it may, as tobhe points out, this variable has been unused since the initial import of iked. The logic seems sound without it, so it has never served a purpose and can go. ok tobhe | ||
| 2b856d3a | 2023-02-08 19:59:10 | iked: garbage collect an unused counter variable to make clang 15 happier ok tobhe | ||
| 0d262a08 | 2022-12-06 09:07:33 | Print size_t with %zu. ok patrick@ | ||
| e84c6478 | 2022-12-04 11:54:31 | Rename sun to s_un for portability. ok patrick@ | ||
| 229c27f0 | 2022-12-03 22:34:35 | Consistently use uintXX_t from <stdint.h> instead of u_intXX_t. | ||
| 520fa7a1 | 2022-12-03 21:02:27 | Include endian.h where needed for betohXX functions. | ||
| f0ca6b40 | 2022-11-30 12:42:24 | Switch idiom of d2i_ECDSA_SIG() invocation Instead of the discouraged obj = NULL; d2i_ECDSA_SIG(&obj, ...); use the recommended obj = d2i_ECDSA_SIG(NULL, ...);. While it makes no difference here, it's better practice. suggested by & ok markus | ||
| 69083226 | 2022-11-26 17:12:11 | Bump to 7.2 | ||
| fe856664 | 2022-11-18 18:56:39 | Revert my last two changes. If csa_bundled is set, exactly two csas exist and they point to each other. Therefore childsa_free already sets the bundled csa pointer to NULL and it shouldn't be done after calling childsa_free. ok tobhe@ | ||
| fe6e03c1 | 2022-11-13 21:19:40 | Make sure csa->csa_bundled is NULL after freeing to prevent a possible use after free. ok tobhe@ | ||
| 0d1e2a2c | 2022-11-11 17:58:14 | Make sure csa->csa_bundled is NULL after freeing to prevent a possible use after free. ok tobhe@ | ||
| 68468697 | 2022-11-11 16:17:16 | In case of an invalid SA resp is passed to ikev2_msg_cleanup without initialization where the msg_parent field is accessed. ok tobhe | ||
| bac832a5 | 2022-11-07 22:39:52 | Free objects that were dynamically allocated in libcrypto with OPENSSL_free(). When linking against libressl, OPENSSL_malloc() is just a wrapper around malloc() so regular free() is safe. Other implementations allow switching to a different allocator where free() could result in a possible heap corruption. Report and initial fix by dropk1ck (gh #92) ok tb@ | ||
| 9c99ac36 | 2022-11-06 11:11:47 | Fix out-of-order string operations resulting in a wrongly calculated string size that could lead to a buffer overflow in ikev2_print_id(). Found by and fix from dropk1ck on github (issue #90) ok patrick@ mbuhl@ | ||
| ee76753a | 2022-10-24 15:52:39 | Fix DH group lookup when checking if PFS is required. Compare ID directly instead of calling group_get() and leaking the result. ok markus@ | ||
| ac3a6947 | 2022-10-10 11:33:55 | Move enabling the policy refcounting from policy_ref() to config_free_policy(). In config_free_policy() the refcounting is unchanged and each SA linked to the policy will trigger a call to policy_ref() and increase the references as before the change. This allows unconditional calls to policy_ref() and policy_unref() and the callers no longer have to check if IKED_POLICY_REFCNT is set. From and ok markus@ | ||
| f336206e | 2022-09-21 22:32:10 | Distinguish between retransmit ok and nothing to retransmit. This makes sure ikes_retransmit_response events don't also increase the ikes_msg_rcvd_busy counter. ok markus@ | ||
| b41cc0c8 | 2022-09-19 20:54:02 | Add iked connection statistics for successful and failed connections, common error types and other events that help analyze errors in larger setups. The counters can be printed with 'ikectl show stats'. ok bluhm@ patrick@ from and ok markus@ | ||
| 5c4cedf2 | 2022-09-14 13:07:49 | Compare 'srcnat' when comparing policies. Fixes a bug where policy lookup could not differentiate between similar policies that only differ in srcnat. Also include srcnat when logging flows or policies. ok markus@ | ||
| dd682bce | 2022-07-22 20:31:39 | add missing full stop; | ||
| 87148674 | 2022-07-22 15:53:33 | Include an OpenIKED Vendor ID payload in the initial handshake. This will make it easier to handle interoperability problems with older versions in the future. The ID is constructed from the string "OpenIKED-" followed by the version number. Sending of the vendor ID payload can be disabled by specifying "set novendorid" in iked.conf(5). ok markus@ bluhm@ | ||
| 1c738e03 | 2022-07-22 15:33:53 | Fix potential leak of reply in error case. From markus@ ok bluhm@ | ||
| 73d6dc34 | 2022-07-18 19:32:16 | Check if there is a locally cached nameserver to send before responding to RTP_PROPOSAL_SOLICIT. Fixes a crash when resolvd is restarted but no name server is set. | ||
| 055943a1 | 2022-07-08 19:51:11 | Support sending certificate chains with intermediate CAs in multiple CERT payloads. Local certificate chains as required with LetsEncrypt certs will work between iked and other IKEv2 implementations, iked to iked connections won't work yet because of missing support to receive multiple CERT payloads. from Katsuhiro Ueno tested by and ok sthen@ | ||
| cdb427a2 | 2022-07-04 09:23:15 | Ignore any CERT payload after the first instead of failing the exchange when more than one is received. The first CERT is always the leaf certificate, additional payloads can be used to send intermediate certs which iked can not handle at the moment. This fixes exchanges where the certificate chain is still valid because matching intermediate certs are available locally in /etc/iked. Reported and tested by Loïc Revest <l.revest (at) apc.fr> ok mbuhl@ | ||
| 09a7f173 | 2022-07-04 08:39:55 | Fix error in the comparison of the Child SA nonces to decide which SA shall be deleted. ni should be set to the minimum nonce for the exchange intitiated by us while nr should be the smaller of the nonces of the simultaneous exchange initiated by the peer, which is stored in sa_simulat. This fixes the ni < nr comparison below and makes sure our Child SA is only deleted in the correct case as specified in RFC 7296. Reported by and fix from Sibar Soumi <sibar.soumi (at) achelos.de> ok mbuhl@ | ||
| 5da130bc | 2022-05-28 18:51:16 | Since 'sa' can be freed inside the loop, RB_FOREACH_SAFE is required. ok tobhe@ | ||
| 77afb469 | 2022-05-17 14:49:22 | Move towards OpenIKED 7.1 |