summaryrefslogtreecommitdiff
path: root/sbin/iked
AgeCommit message (Collapse)Author
2022-11-13Make sure csa->csa_bundled is NULL after freeing to prevent aMoritz Buhl
possible use after free. ok tobhe@
2022-11-11Make sure csa->csa_bundled is NULL after freeing to prevent aMoritz Buhl
possible use after free. ok tobhe@
2022-11-11In case of an invalid SA resp is passed to ikev2_msg_cleanup withoutMoritz Buhl
initialization where the msg_parent field is accessed. ok tobhe
2022-11-07Free objects that were dynamically allocated in libcrypto with OPENSSL_free().Tobias Heider
When linking against libressl, OPENSSL_malloc() is just a wrapper around malloc() so regular free() is safe. Other implementations allow switching to a different allocator where free() could result in a possible heap corruption. Report and initial fix by dropk1ck (gh #92) ok tb@
2022-11-06Fix out-of-order string operations resulting in a wrongly calculatedTobias Heider
string size that could lead to a buffer overflow in ikev2_print_id(). Found by and fix from dropk1ck on github (issue #90) ok patrick@ mbuhl@
2022-10-24Fix DH group lookup when checking if PFS is required. Compare IDTobias Heider
directly instead of calling group_get() and leaking the result. ok markus@
2022-10-10Move enabling the policy refcounting from policy_ref() to config_free_policy().Tobias Heider
In config_free_policy() the refcounting is unchanged and each SA linked to the policy will trigger a call to policy_ref() and increase the references as before the change. This allows unconditional calls to policy_ref() and policy_unref() and the callers no longer have to check if IKED_POLICY_REFCNT is set. From and ok markus@
2022-09-21Distinguish between retransmit ok and nothing to retransmit. This makesTobias Heider
sure ikes_retransmit_response events don't also increase the ikes_msg_rcvd_busy counter. ok markus@
2022-09-19Add iked connection statistics for successful and failed connections, commonTobias Heider
error types and other events that help analyze errors in larger setups. The counters can be printed with 'ikectl show stats'. ok bluhm@ patrick@ from and ok markus@
2022-09-14Compare 'srcnat' when comparing policies. Fixes a bug where policy lookup couldTobias Heider
not differentiate between similar policies that only differ in srcnat. Also include srcnat when logging flows or policies. ok markus@
2022-07-22add missing full stop;Jason McIntyre
2022-07-22Include an OpenIKED Vendor ID payload in the initial handshake. This willTobias Heider
make it easier to handle interoperability problems with older versions in the future. The ID is constructed from the string "OpenIKED-" followed by the version number. Sending of the vendor ID payload can be disabled by specifying "set novendorid" in iked.conf(5). ok markus@ bluhm@
2022-07-22Fix potential leak of reply in error case.Tobias Heider
From markus@ ok bluhm@
2022-07-18Check if there is a locally cached nameserver to send before respondingTobias Heider
to RTP_PROPOSAL_SOLICIT. Fixes a crash when resolvd is restarted but no name server is set.
2022-07-08Support sending certificate chains with intermediate CAs in multiple CERTTobias Heider
payloads. Local certificate chains as required with LetsEncrypt certs will work between iked and other IKEv2 implementations, iked to iked connections won't work yet because of missing support to receive multiple CERT payloads. from Katsuhiro Ueno tested by and ok sthen@
2022-07-04Ignore any CERT payload after the first instead of failing the exchangeTobias Heider
when more than one is received. The first CERT is always the leaf certificate, additional payloads can be used to send intermediate certs which iked can not handle at the moment. This fixes exchanges where the certificate chain is still valid because matching intermediate certs are available locally in /etc/iked. Reported and tested by Loïc Revest <l.revest (at) apc.fr> ok mbuhl@
2022-07-04Fix error in the comparison of the Child SA nonces to decide whichTobias Heider
SA shall be deleted. ni should be set to the minimum nonce for the exchange intitiated by us while nr should be the smaller of the nonces of the simultaneous exchange initiated by the peer, which is stored in sa_simulat. This fixes the ni < nr comparison below and makes sure our Child SA is only deleted in the correct case as specified in RFC 7296. Reported by and fix from Sibar Soumi <sibar.soumi (at) achelos.de> ok mbuhl@
2022-05-28Since 'sa' can be freed inside the loop, RB_FOREACH_SAFE is required.Gerhard Roth
ok tobhe@
2022-05-17Move towards OpenIKED 7.1Tobias Heider
2022-05-08Move ikev2_reset_alive_timer() to a place where it makes more sense. The ideaTobias Heider
is to renew the timer every time sc_alive_timeout is reset after loading a new config. ok patrick@
2022-04-13IKED_LIFETIME_BYTES is > 2GB, and potentially used in strange place,Theo de Raadt
it should really be marked ULL ok bluhm tobhe
2022-04-13Document sntrup761x25519 key exchange.Tobias Heider
2022-04-11Fix leak of esnxf if esn ore noesn are configured explicitly.Tobias Heider
2022-03-16Make sure contents of vroute messages are aligned properly.Tobias Heider
Fixes address autoconfiguration on octeon. Found by and ok mbuhl@
2022-03-14Improve retransmission of message fragments. RFC 7383 states that loss ofTobias Heider
a single fragment results in a retransmit of all fragments belonging to the same message. Instead of treating each fragment as message with seperate retransmit timer, keep only a single timer for all fragments of a message and retransmit all fragments in order on timeout. Improves reliability in case of packet loss when fragmentation is enabled. Found by and diff from Daniel Herzinger ok patrick@
2022-02-13SKEEYSEED -> SKEYSEEDmbuhl
2022-02-06remove please from manual pagesJonathan Gray
ok jmc@ sthen@ millert@
2022-01-28When it's the possessive of 'it', it's spelled "its", without thePhilip Guenther
apostrophe.
2021-12-23fix off by one in bounds testJonathan Gray
ok tobhe@
2021-12-14Move raw pubkey bytes to EVP_PKEY conversion to common function.Tobias Heider
ok markus@
2021-12-13Fix asprintf() error check. Portable code should check the returnTheo Buehler
value for -1, not buf == NULL. ok tobhe
2021-12-13Fix a few leaks due to X509_NAME_oneline(name, NULL, 0) dynamicallyTheo Buehler
allocating a buffer. ok tobhe
2021-12-13Avoid a potential double free in group_free()Theo Buehler
In the unlikely event that EC_KEY_check_key() in ec_init() fails, the group would be freed twice: once in ec_init(), and later in group_free(). ok tobhe
2021-12-13Cleanup libcrypto memory management. Remove redundant NULL checksTobias Heider
before calling *_free() functions. Use 'get0' functions where it makes sense to avoid some frees. Feedback and ok tb@
2021-12-09Properly enable NAT-T without udpencap if mobike was negotiated without NAT.Tobias Heider
Fixes a bug where iked sent zero-prefixed NAT-T messages on port 500 causing parsing errors. ok markus@ patrick@
2021-12-09Move switch to NAT-T port and udpencap activation to ikev2_enable_natt().Tobias Heider
ok patrick@
2021-12-08The /etc/iked/certs/ directory is used for both local and peerTobias Heider
certificates. Check if we have a matching key before using a certificate as local to prevent cryptic error messages later when the signature is checked. ok markus@ patrick@
2021-12-07Fix locally stored peer certificates in /etc/iked/certs as documented inTobias Heider
iked(8). Local certificates are always trusted and preferred over certs received over the wire. ok patrick@ markus@
2021-12-06Logging received addresses and DNS configuration only makes sense forTobias Heider
the initiator. ok patrick@
2021-12-04Send out dstid as initiator if configured. This makes it easier forTobias Heider
the responder to match the correct policy if multiple are available. ok patrick@
2021-12-01whitespace cleanup during review readTheo de Raadt
2021-11-30whitespaceTobias Heider
2021-11-29add -V to usage(), and list it before -v in both SYNOPSIS and theJason McIntyre
options list;
2021-11-29Add command line option to show the versionTobias Heider
ok patrick@
2021-11-29sys/param.h was included for MAX(), MIN() and roundup(). make localTheo de Raadt
copies of MAXIMUM() and MINIMUM() like we have done in 50+ other places, and also include a roundup() ok jsg
2021-11-27Rename msg_id to msg_peerid now that we also have msg_localid.Tobias Heider
ok patrick@
2021-11-26A peer sends both his local id and remote id he expects us to be. So far wePatrick Wildt
have only looked at the peer's local id, so that we can find a policy with the matching dstid set. Hence dstid is involved in the decision making. While we do send out our local id, which the peer will use to verify his policies, we do not yet make a decision based on the id the peer expects us to have. If you have two policies configured with only srcid set, we will always pick the same. To be able to choose a policy that matches the peer's expectations, save the local id the peer expects us to have and use it during policy lookup. ok tobhe@
2021-11-26Fix ikev2_child_sa_rekey() warnings. The SPI can't be printed without aTobias Heider
parent SA.
2021-11-25Remove unused variable fd.Tobias Heider
2021-11-25Silence unitialized variable warnings.Tobias Heider