NCL-2292 - Upgrade strongswan to 5.9.6

.appveyor.yml

@@ -30,6 +30,8 @@ install:
       IF "%IMG%" == "2019" set OPENSSL=OpenSSL-v111
       set OPENSSL_DIR=/c/%OPENSSL%-%TEST%
       C:\%OPENSSL%-%TEST%\bin\openssl.exe version -a
+  # newer versions of msys2 don't provide autotools via base-devel anymore
+  - IF "%IMG%" == "2019" %MSYS_SH% --login -c ". /etc/profile && pacman --noconfirm -S --needed autotools"
 
 build_script:
   - '%MSYS_SH% --login -c ". /etc/profile && cd $APPVEYOR_BUILD_FOLDER && ./scripts/test.sh deps"'

.cirrus.yml

@@ -3,9 +3,9 @@ task:
     - name: FreeBSD 13.0
       freebsd_instance:
         image_family: freebsd-13-0
-    - name: FreeBSD 12.2
+    - name: FreeBSD 12.3
       freebsd_instance:
-        image_family: freebsd-12-2
+        image_family: freebsd-12-3
 
   env:
     TESTS_REDUCED_KEYLENGTHS: yes

.github/workflows/lgtm.yml

@@ -31,7 +31,7 @@ jobs:
       - env:
           LGTM_TOKEN: ${{ secrets.LGTM_TOKEN }}
           LGTM_PROJECT: ${{ secrets.LGTM_PROJECT }}
-          BUILD_NUMBER: ${{ github.run_id }}
+          BUILD_NUMBER: ${{ github.run_number }}
           COMMIT_ID: ${{ github.sha }}
           COMMIT_BASE: ${{ github.event.before }}
         uses: ./.github/actions/default

.github/workflows/linux.yml

@@ -87,7 +87,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        test: [ botan, wolfssl, openssl, gcrypt ]
+        test: [ botan, wolfssl, openssl, openssl-3, gcrypt ]
         leak-detective: [ no, yes ]
     env:
       LEAK_DETECTIVE: ${{ matrix.leak-detective || 'no' }}

.lgtm/cpp-queries/chunk_from_chars.ql

@@ -18,7 +18,7 @@ class ChunkFromChars extends Expr {
     this = any(MacroInvocation mi |
       mi.getOutermostMacroAccess().getMacroName() = "chunk_from_chars"
       /* ignore global static uses of the macro */
-      and exists (Block b | mi.getExpr().getEnclosingBlock() = b)
+      and exists (BlockStmt b | mi.getExpr().getEnclosingBlock() = b)
     ).getExpr()
   }
 }
@@ -40,7 +40,7 @@ class ChunkFromCharsUsage extends DataFlow::Configuration {
   }
 }
 
-Block enclosingBlock(Block b) {
+BlockStmt enclosingBlock(BlockStmt b) {
   result = b.getEnclosingBlock()
 }
 

Android.mk

@@ -17,7 +17,7 @@ include $(CLEAR_VARS)
 # this is the list of plugins that are built into libstrongswan and charon
 # also these plugins are loaded by default (if not changed in strongswan.conf)
 strongswan_CHARON_PLUGINS := android-log openssl fips-prf random nonce pubkey \
-	pkcs1 pkcs8 pem xcbc hmac kernel-netlink socket-default android-dns \
+	pkcs1 pkcs8 pem xcbc hmac kdf kernel-netlink socket-default android-dns \
 	stroke eap-identity eap-mschapv2 eap-md5 eap-gtc
 
 ifneq ($(strongswan_BUILD_SCEPCLIENT),)

NEWS

@@ -1,3 +1,48 @@
+strongswan-5.9.6
+----------------
+
+- The IKEv2 key derivation, in particular prf+, has been modularized to simplify
+  certification (e.g. FIPS-140) via an already certified third-party library.
+  The botan, openssl and wolfssl plugins implement the key derivation for
+  HMAC-based PRFs via their respective HKDF implementation.  A generic
+  implementation is provided by the new kdf plugin.
+
+- Labeled IPsec with IKEv2 is supported in an SELinux and a proprietary simple
+  mode.  In SELinux mode, traffic that matches a trap policy with generic
+  context (e.g. system_u:object_r:ipsec_spd_t:s0) triggers the negotiation of
+  CHILD_SAs with a specific label.  With the simple mode, labels are not set on
+  SAs/policies but can be used as identifier to select specific child configs.
+
+- DoS protection has been improved:  COOKIE secrets are now switched based on a
+  time limit (2 min.), a new per-IP threshold (default 3) is used to trigger
+  them, and unprocessed IKE_SA_INITs are already counted as half-open IKE_SAs.
+
+- Initiating duplicate CHILD_SAs within the same IKE_SA is largely prevented.
+
+- Immediately initiating a CHILD_SA with trap policies is now possible via
+  `start_action=trap|start`.
+
+- If the source address is unknown when initiating an IKEv2 SA, a NAT situation
+  is now forced for IPv4 (for IPv6, NAT-T is disabled) to avoid causing
+  asymmetric enabling of UDP-encapsulation.
+
+- Installing unnecessary exclude routes for VPN servers on FreeBSD is avoided.
+
+- The new `map_level` option for syslog loggers allows mapping log levels
+  to syslog levels starting at the specified number.
+
+- The addrblock plugin allows limiting the validation depth of issuer addrblock
+  extensions.
+
+- The default AEAD ESP proposal (sent since 5.9.0) now includes `noesn` to make
+  it standards-compliant.
+
+- Individual CHILD_SAs can be queried via the `list-sas` vici command (or
+  `swanctl --list-sas ), either by unique ID or name.
+
+- Compatibility with OpenSSL 3.0 has been improved.
+
+
 strongswan-5.9.5
 ----------------
 

README.md

@@ -8,8 +8,9 @@ This document is just a short introduction of the strongSwan **swanctl** command
 which uses the modern [**vici**](src/libcharon/plugins/vici/README.md) *Versatile
 IKE Configuration Interface*. The deprecated **ipsec** command using the legacy
 **stroke** configuration interface is described [**here**](README_LEGACY.md).
-For more detailed information consult the man pages and
-[**our wiki**](https://wiki.strongswan.org).
+For more detailed information consult the man pages, our new
+[**documentation site**](https://docs.strongswan.org) and the legacy
+[**wiki**](https://wiki.strongswan.org).
 
 
 ## Quickstart ##

SECURITY.md

@@ -3,7 +3,7 @@
 ## Reporting a Vulnerability
 
 Please report any security-relevant flaw to [email protected]. Whenever
-possible encrypt your email with the [PGP key](https://pgp.key-server.io/0x1EB41ECF25A536E4)
+possible encrypt your email with the [PGP key](https://download.strongswan.org/STRONGSWAN-SECURITY-PGP-KEY)
 with key ID 0x1EB41ECF25A536E4.
 
 ## Severity Classification

conf/options/charon-logging.opt

@@ -70,3 +70,14 @@ charon.syslog.<facility>.ike_name = no
 
 charon.syslog.<facility>.log_level = no
 	Add the log level of each message after the subsystem (e.g. [IKE2]).
+
+charon.syslog.<facility>.map_level = -1
+	Map strongSwan specific loglevels to syslog loglevels.
+
+	The default setting of -1 passes all messages to syslog using a log
+	level of LOG_INFO. A non-negative value maps the strongSwan specific
+	loglevels (0..4) to the syslog level starting at the specified number.
+	For example, a value of 5 (LOG_NOTICE) maps strongSwan loglevel 0 to
+	LOG_NOTICE, level 1 to LOG_INFO, and levels 2, 3 and 4 to LOG_DEBUG.
+	This allows (additional) filtering of log messages on the syslog
+	server.

conf/options/charon.opt

@@ -28,7 +28,8 @@ charon.accept_unencrypted_mainmode_messages = no
 	example, some SonicWall boxes).
 
 charon.block_threshold = 5
-	Maximum number of half-open IKE_SAs for a single peer IP.
+	Maximum number of half-open IKE_SAs (including unprocessed IKE_SA_INITs)
+	for a single peer IP.
 
 charon.cert_cache = yes
 	Whether relations in validated certificate chains should be cached in
@@ -69,8 +70,13 @@ charon.cisco_unity = no
 charon.close_ike_on_child_failure = no
 	Close the IKE_SA if setup of the CHILD_SA along with IKE_AUTH failed.
 
-charon.cookie_threshold = 10
-	Number of half-open IKE_SAs that activate the cookie mechanism.
+charon.cookie_threshold = 30
+	Number of half-open IKE_SAs (including unprocessed IKE_SA_INITs) that
+	activate the cookie mechanism.
+
+charon.cookie_threshold_ip = 3
+	Number of half-open IKE_SAs (including unprocessed IKE_SA_INITs) for a
+	single peer IP that activate the cookie	mechanism.
 
 charon.crypto_test.bench = no
 	Benchmark crypto algorithms and order them by efficiency.

conf/plugins/addrblock.opt

@@ -6,3 +6,17 @@ charon.plugins.addrblock.strict = yes
 	to no, subject certificates issued without the addrblock extension are
 	accepted without any traffic selector checks and no policy is enforced
 	by the plugin.
+
+charon.plugins.addrblock.depth = -1
+	How deep towards the root CA to validate issuer cert addrblock extensions.
+
+	RFC3779 requires that all addrblocks claimed by a certificate must be
+	contained in the addrblock extension of the issuer certificate, up to
+	the root CA. The default depth setting of -1 enforces this.
+
+	In practice, third party (root) CAs may not contain the extension, making
+	the addrblock extension unusable under such CAs. By limiting the validation
+	depth, only a certain level of issuer certificates are validated for proper
+	addrblock extensions: A depth of 0 does not check any issuer certificate
+	extensions, a depth of 1 only the direct issuer of the end entity
+	certificate is checkend, and so on.

configure.ac

@@ -19,7 +19,7 @@
 #  initialize & set some vars
 # ============================
 
-AC_INIT([strongSwan],[5.9.5])
+AC_INIT([strongSwan],[5.9.6])
 AM_INIT_AUTOMAKE(m4_esyscmd([
 	echo tar-ustar
 	echo subdir-objects
@@ -148,6 +148,7 @@ ARG_ENABL_SET([gcrypt],         [enables the libgcrypt plugin.])
 ARG_DISBL_SET([gmp],            [disable GNU MP (libgmp) based crypto implementation plugin.])
 ARG_DISBL_SET([curve25519],     [disable Curve25519 Diffie-Hellman plugin.])
 ARG_DISBL_SET([hmac],           [disable HMAC crypto implementation plugin.])
+ARG_DISBL_SET([kdf],            [disable KDF (prf+) implementation plugin.])
 ARG_ENABL_SET([md4],            [enable MD4 software implementation plugin.])
 ARG_DISBL_SET([md5],            [disable MD5 software implementation plugin.])
 ARG_ENABL_SET([mgf1],           [enable the MGF1 software implementation plugin.])
@@ -323,6 +324,7 @@ ARG_ENABL_SET([python-eggs],    [enable build of provided python eggs.])
 ARG_ENABL_SET([python-eggs-install],[enable installation of provided python eggs.])
 ARG_ENABL_SET([perl-cpan],      [enable build of provided perl CPAN module.])
 ARG_ENABL_SET([perl-cpan-install],[enable installation of provided CPAN module.])
+ARG_ENABL_SET([selinux],        [enable SELinux support for labeled IPsec.])
 ARG_ENABL_SET([tss-trousers],   [enable the use of the TrouSerS Trusted Software Stack])
 ARG_ENABL_SET([tss-tss2],       [enable the use of the TSS 2.0 Trusted Software Stack])
 
@@ -668,7 +670,7 @@ AC_CHECK_FUNC(
 	]
 )
 
-AC_CHECK_FUNCS(prctl mallinfo getpass closefrom getpwnam_r getgrnam_r getpwuid_r chown)
+AC_CHECK_FUNCS(prctl mallinfo mallinfo2 getpass closefrom getpwnam_r getgrnam_r getpwuid_r chown)
 AC_CHECK_FUNCS(fmemopen funopen mmap memrchr setlinebuf strptime dirfd sigwaitinfo explicit_bzero)
 
 AC_CHECK_FUNC([syslog], [
@@ -1250,6 +1252,13 @@ if test x$capabilities = xlibcap; then
 	AC_DEFINE([CAPABILITIES_LIBCAP], [], [have libpcap library])
 fi
 
+if test x$selinux = xtrue; then
+	PKG_CHECK_MODULES(selinux, [libselinux])
+	AC_SUBST(selinux_CFLAGS)
+	AC_SUBST(selinux_LIBS)
+	AC_DEFINE([USE_SELINUX], [], [build with support for SELinux])
+fi
+
 if test x$integrity_test = xtrue; then
 	AC_MSG_CHECKING([for dladdr()])
 	AC_COMPILE_IFELSE(
@@ -1473,7 +1482,6 @@ ADD_PLUGIN([acert],                [s charon])
 ADD_PLUGIN([pubkey],               [s charon pki cmd aikgen])
 ADD_PLUGIN([pkcs1],                [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen fuzz])
 ADD_PLUGIN([pkcs7],                [s charon scepclient pki scripts nm cmd])
-ADD_PLUGIN([pkcs8],                [s charon scepclient pki scripts manager medsrv attest nm cmd])
 ADD_PLUGIN([pkcs12],               [s charon scepclient pki scripts cmd])
 ADD_PLUGIN([pgp],                  [s charon])
 ADD_PLUGIN([dnskey],               [s charon pki])
@@ -1486,6 +1494,7 @@ ADD_PLUGIN([openssl],              [s charon scepclient pki scripts manager meds
 ADD_PLUGIN([wolfssl],              [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
 ADD_PLUGIN([gcrypt],               [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
 ADD_PLUGIN([botan],                [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
+ADD_PLUGIN([pkcs8],                [s charon scepclient pki scripts manager medsrv attest nm cmd])
 ADD_PLUGIN([af-alg],               [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
 ADD_PLUGIN([fips-prf],             [s charon nm cmd])
 ADD_PLUGIN([gmp],                  [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen fuzz])
@@ -1496,6 +1505,7 @@ ADD_PLUGIN([chapoly],              [s charon scripts nm cmd])
 ADD_PLUGIN([xcbc],                 [s charon nm cmd])
 ADD_PLUGIN([cmac],                 [s charon nm cmd])
 ADD_PLUGIN([hmac],                 [s charon pki scripts nm cmd])
+ADD_PLUGIN([kdf],                  [s charon pki scripts nm cmd])
 ADD_PLUGIN([ctr],                  [s charon scripts nm cmd])
 ADD_PLUGIN([ccm],                  [s charon scripts nm cmd])
 ADD_PLUGIN([gcm],                  [s charon scripts nm cmd])
@@ -1519,6 +1529,7 @@ ADD_PLUGIN([kernel-pfkey],         [c charon starter nm cmd])
 ADD_PLUGIN([kernel-pfroute],       [c charon starter nm cmd])
 ADD_PLUGIN([kernel-syscfg],        [c charon starter nm cmd])
 ADD_PLUGIN([kernel-netlink],       [c charon starter nm cmd])
+ADD_PLUGIN([selinux],              [c charon starter nm cmd])
 ADD_PLUGIN([resolve],              [c charon cmd])
 ADD_PLUGIN([save-keys],            [c])
 ADD_PLUGIN([socket-default],       [c charon nm cmd])
@@ -1651,6 +1662,7 @@ AM_CONDITIONAL(USE_DNSKEY, test x$dnskey = xtrue)
 AM_CONDITIONAL(USE_SSHKEY, test x$sshkey = xtrue)
 AM_CONDITIONAL(USE_PEM, test x$pem = xtrue)
 AM_CONDITIONAL(USE_HMAC, test x$hmac = xtrue)
+AM_CONDITIONAL(USE_KDF, test x$kdf = xtrue)
 AM_CONDITIONAL(USE_CMAC, test x$cmac = xtrue)
 AM_CONDITIONAL(USE_XCBC, test x$xcbc = xtrue)
 AM_CONDITIONAL(USE_MYSQL, test x$mysql = xtrue)
@@ -1768,6 +1780,7 @@ AM_CONDITIONAL(USE_ATTR, test x$attr = xtrue)
 AM_CONDITIONAL(USE_ATTR_SQL, test x$attr_sql = xtrue)
 AM_CONDITIONAL(USE_WINDOWS_DNS, test x$windows_dns = xtrue)
 AM_CONDITIONAL(USE_COUNTERS, test x$counters = xtrue)
+AM_CONDITIONAL(USE_SELINUX, test x$selinux = xtrue)
 
 #  other options
 # ---------------
@@ -1917,6 +1930,7 @@ AC_CONFIG_FILES([
 	src/libstrongswan/plugins/random/Makefile
 	src/libstrongswan/plugins/nonce/Makefile
 	src/libstrongswan/plugins/hmac/Makefile
+	src/libstrongswan/plugins/kdf/Makefile
 	src/libstrongswan/plugins/xcbc/Makefile
 	src/libstrongswan/plugins/x509/Makefile
 	src/libstrongswan/plugins/revocation/Makefile
@@ -2073,6 +2087,7 @@ AC_CONFIG_FILES([
 	src/libcharon/plugins/attr/Makefile
 	src/libcharon/plugins/attr_sql/Makefile
 	src/libcharon/plugins/windows_dns/Makefile
+	src/libcharon/plugins/selinux/Makefile
 	src/libcharon/tests/Makefile
 	src/libtpmtss/Makefile
 	src/libtpmtss/plugins/tpm/Makefile

scripts/malloc_speed.c

@@ -18,9 +18,9 @@
 #include <library.h>
 #include <utils/debug.h>
 
-#ifdef HAVE_MALLINFO
+#if defined(HAVE_MALLINFO2) || defined (HAVE_MALLINFO)
 #include <malloc.h>
-#endif /* HAVE_MALLINFO */
+#endif
 
 static void start_timing(struct timespec *start)
 {
@@ -38,12 +38,15 @@ static double end_timing(struct timespec *start)
 
 static void print_mallinfo()
 {
-#ifdef HAVE_MALLINFO
+#ifdef HAVE_MALLINFO2
+	struct mallinfo2 mi = mallinfo2();
+	printf("malloc: sbrk %zu, mmap %zu, used %zu, free %zu\n",
+		   mi.arena, mi.hblkhd, mi.uordblks, mi.fordblks);
+#elif defined(HAVE_MALLINFO)
 	struct mallinfo mi = mallinfo();
-
 	printf("malloc: sbrk %d, mmap %d, used %d, free %d\n",
 		   mi.arena, mi.hblkhd, mi.uordblks, mi.fordblks);
-#endif /* HAVE_MALLINFO */
+#endif
 }
 
 #define ALLOCS 1024