- Update from version 5.9.11 to 5.9.12
- Update of rootfile
- Changelog
5.9.12
Vulnerabilities
Fixed a vulnerability in charon-tkm (the TKM-backed version of the charon IKE
daemon) related to processing DH public values that can lead to a buffer
overflow and potentially remote code execution. This vulnerability has been
registered as CVE-2023-41913. Please refer to our blog for details.
New Feature Additions
The new pki --ocsp command produces OCSP responses based on certificate status
information provided by implementations of the new ocsp_responder_t interface
(#1958).
Two sources are currently available, the openxpki plugin that directly
accesses the OpenXPKI database and the command's --index argument, which
reads certificate status information from OpenSSL-style index.txt files
(multiple CAs are supported concurrently).
The new cert-enroll script handles the initial enrollment of an X.509 host
certificate with a PKI server via the EST or SCEP protocols.
Run as a systemd timer or via a crontab entry, the script checks the
expiration date of the host certificate daily. When a given deadline is
reached, the host certificate is automatically renewed via EST or SCEP
re-enrollment based on the possession of the old private key and the
matching certificate.
Added a global option (charon.reject_trusted_end_entity) to prevent peers
from authenticating with certificates that are locally trusted, in
particular, our own local certificate, which safeguards against accidental
reuse of certificates on multiple peers. As the name suggests, all trusted
end-entity certificates are rejected if enabled, so peer certificates can't
be configured explicitly anymore (e.g. via remote.certs in swanctl.conf).
The --priv argument for charon-cmd allows the use of any type of private key
(previously, only RSA keys were supported).
The openssl plugin now supports the nameConstraints extension in X.509
certificates (#1990).
Support for nameConstraints of type iPAddress are now supported by the x509,
openssl and constraints plugins (#1991).
Support for encoding subjectAlternativeName extensions of type
uniformResourceIdentifier in X.509 certificates has been added via the uri:
prefix (e.g. for URNs, #1983).
Support for password-less PKCS#12 and PKCS#8 files has been added (#1955).
Enhancements and Optimizations
Because of a relatively recent NIAP requirement (TD0527, Test 8b), loading of
certificates with ECDSA keys that explicitly encode the curve parameters is
rejected if possible. Explicit encoding is pretty rare to begin with and
e.g. wolfSSL already rejects such keys, by default. All crypto plugins that
support ECDSA enforce this by rejecting such public keys, except when using
older versions of OpenSSL (< 1.1.1h) or Botan (< 3.2.0) (#1949).
Make the NetworkManager plugin (charon-nm) actually use the XFRM interface it
creates since 5.9.10. This involves setting interface IDs on SAs and
policies, and installing routes via the interface. To avoid routing loops if
the remote traffic selectors include the VPN server, IKE and ESP packets are
marked to bypass the routing table that contains the routes via XFRM
interface (69e0c11).
If available, the plugin now also adopts the interface name configured in
connection.interface-name in a *.nmconnection file as name for the XFRM
interface instead of generating one randomly (e8f8d32).
The resolve plugin tries to maintain the order of DNS servers it installs via
resolvconf or resolv.conf (6440975, 8238ad4).
The kernel-libipsec plugin now always installs routes to remote networks even
if no address is found in the local traffic selectors, which allows
forwarding traffic from networks the VPN host is not part of (190d8cb).
Increased the default receive buffer size for Netlink sockets to 8 MiB
(doubled by the kernel to account for overhead) and simplified the
configuration (no need for a separate option to force overriding rmem_max).
It's now also set for event sockets, which previously could cause issues on
hosts with e.g. lots of route changes (#1757).
When issuing certificates, the subjectKeyIdentifier of the issuing
certificate, if available, is now copied as authorityKeyIdentifier, instead
of always generating a SHA-1 hash of the issuer's subjectPublicKey
(#1992, 6941dcb).
Explicitly request permission to display notifications on Android 13+
(ddf84c1), also enabled hardware acceleration for the Android-specific
OpenSSL build.
Fixes
Fixed issues while reestablishing multiple CHILD_SAs (e.g. after a DPD
timeout) that could cause a reqid to get assigned to multiple CHILD_SAs with
unrelated traffic selectors (#1855).
Fixed an issue in watcher_t with handling errors on sockets (e.g. if the
receive buffer is full), which caused an infinite loop if poll() only
signaled POLLERR as event (#1757).
Fixed an issue in the IKE_SA_INIT tracking code that was added with 5.9.6,
which did not correctly untrack invalid messages with non-zero message IDs
or SPIs (0b47357).
Fixed a regression introduced with 5.9.8 when handling IKE redirects during
IKE_AUTH (595fa07).
Fixed adding the XFRMA_REPLAY_ESN_VAL attribute twice when updating SAs in
the kernel-netlink plugin, which prevented MOBIKE updates if a large
anti-replay window was used (#1967).
Fixed a race condition in the kernel-pfroute plugin when adding virtual IPs
if the TUN device is activated after the address was already added
internally, which caused the installed route not to go via TUN device in
order to force the virtual IP as source address (#1807).
Fixed an issue in libtls that could cause the wrong ECDH group to get
instantiated (b5e4bf4).
Fixed the encoding of the CHILD_SA_NOT_FOUND notify if a CHILD_SA is not
found during rekeying. It was previously empty, now contains the SPI and
sets the protocol to the values received in the REKEY_SA notify (849c2c9).
Fixed a possible issue with MOBIKE in the Android client on certain devices
(#1691).
For Developers
The new ocsp_responder_t interface can be implemented to provide certificate
status information to the pki --ocsp command. Responders can be
(un-)registered via the ocsp_responders_t instance at lib->ocsp.
For the watcher_t component, WATCHER_EXCEPT has been removed as there is no
way to explicitly listen for errors on sockets and poll() actually can
return POLLERR for any FD and it might even be the only signaled event
(which caused an infinite loop previously). Now we simply notify the
registered callbacks. The error is then reported by e.g. recvfrom(), which
was already the case before if POLLERR was returned together with
e.g. POLLIN.
The reqids allocated for CHILD_SAs (including trap policies) via
kernel_interface_t::alloc_reqid() are now refcounted. When recreating a
CHILD_SA, a reference to the reqid can be requested via
child_sa_t::get_reqid_ref(). If another reference is required afterwards,
one can be acquired directly via kernel_interface_t::ref_reqid(). Each
reference has to be released via kernel_interface_t::release_reqid(), whose
interface was simplified.
The testing environment is now based on Debian 12 (bookworm), by default.
Also, when copying files to guests, the guest-specific files are now copied
after the default files, which allows overriding files per guest (fixes an
issue with winnetou's /etc/fstab and mounting the test results).
Refer to the 5.9.12 milestone for a list of all closed issues and pull requests.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
This also takes advantage of changed crypto plugins (see first
patch) and updates the rootfile.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Drop support for Padlock which is not in wide usage
any more and creates some rootfile trouble every time.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
