import libreswan-3.29-6.el8

This commit is contained in:
CentOS Sources 2019-11-05 13:48:41 -05:00 committed by Andrew Lukoshko
commit 6034278a08
9 changed files with 3497 additions and 0 deletions

4
.gitignore vendored Normal file
View File

@ -0,0 +1,4 @@
SOURCES/ikev1_dsa.fax.bz2
SOURCES/ikev1_psk.fax.bz2
SOURCES/ikev2.fax.bz2
SOURCES/libreswan-3.29.tar.gz

4
.libreswan.metadata Normal file
View File

@ -0,0 +1,4 @@
b35cd50b8bc0a08b9c07713bf19c72d53bfe66bb SOURCES/ikev1_dsa.fax.bz2
861d97bf488f9e296cad8c43ab72f111a5b1a848 SOURCES/ikev1_psk.fax.bz2
fcaf77f3deae3d8e99cdb3b1f8abea63167a0633 SOURCES/ikev2.fax.bz2
492cd1cf18c06e47b2864a57a355a7f5393f80cc SOURCES/libreswan-3.29.tar.gz

View File

@ -0,0 +1,13 @@
diff -Naur libreswan-3.25-orig/programs/pluto/state.c libreswan-3.25/programs/pluto/state.c
--- libreswan-3.25-orig/programs/pluto/state.c 2019-07-03 15:52:47.246474906 -0400
+++ libreswan-3.25/programs/pluto/state.c 2019-07-03 15:54:37.671850020 -0400
@@ -1101,7 +1101,8 @@
#endif
/* If we are failed OE initiator, make shunt bare */
- if (IS_IKE_SA(st) && (c->policy & POLICY_OPPORTUNISTIC) &&
+ if (IS_IKE_SA(st) && c->newest_isakmp_sa == st->st_serialno &&
+ (c->policy & POLICY_OPPORTUNISTIC) &&
(st->st_state == STATE_PARENT_I1 || st->st_state == STATE_PARENT_I2)) {
ipsec_spi_t failure_shunt = shunt_policy_spi(c, FALSE /* failure_shunt */);
ipsec_spi_t nego_shunt = shunt_policy_spi(c, TRUE /* negotiation shunt */);

View File

@ -0,0 +1,68 @@
diff -Naur libreswan-3.28-orig/lib/libipsecconf/confread.c libreswan-3.28/lib/libipsecconf/confread.c
--- libreswan-3.28-orig/lib/libipsecconf/confread.c 2019-05-20 23:01:54.000000000 -0400
+++ libreswan-3.28/lib/libipsecconf/confread.c 2019-05-21 16:59:20.861415770 -0400
@@ -1273,13 +1273,16 @@
switch (conn->options[KNCF_IKEv2]) {
case fo_never:
- case fo_permit:
conn->policy |= POLICY_IKEV1_ALLOW;
/* clear any inherited default */
conn->policy &= ~POLICY_IKEV2_ALLOW;
break;
-
+ case fo_permit:
+ starter_error_append(perrl, "ikev2=permit is no longer accepted. Use ikev2=insist or ikev2=no|never");
+ return TRUE;
case fo_propose:
+ starter_error_append(perrl, "ikev2=propose or ikev2=yes is no longer accepted. Use ikev2=insist or ikev2=no|never");
+ return TRUE;
case fo_insist:
conn->policy |= POLICY_IKEV2_ALLOW;
/* clear any inherited default */
diff -Naur libreswan-3.28-orig/programs/configs/d.ipsec.conf/ikev2.xml libreswan-3.28/programs/configs/d.ipsec.conf/ikev2.xml
--- libreswan-3.28-orig/programs/configs/d.ipsec.conf/ikev2.xml 2019-05-20 23:01:54.000000000 -0400
+++ libreswan-3.28/programs/configs/d.ipsec.conf/ikev2.xml 2019-05-21 16:54:07.584141191 -0400
@@ -1,13 +1,15 @@
<varlistentry>
<term><emphasis remap='B'>ikev2</emphasis></term>
<listitem>
-<para>Whether to use IKEv1 (RFC 4301) or IKEv2 (RFC 7296) settings to be used.
-Currently the accepted values are <emphasis remap='B'>no</emphasis>(the default),
-signifying only IKEv1 is accepted, or <emphasis remap='B'>yes</emphasis>,
+<para>Wether to use IKEv1 (RFC 4301) or IKEv2 (RFC 7296) as the Internet Key Exchange (IKE) protcol.
+Currently the accepted values are <emphasis remap='B'>no</emphasis> (or <emphasis remap='B'>never</emphasis>)
+signifying only IKEv1 is accepted, or <emphasis remap='B'>insist</emphasis>(the default),
signifying only IKEv2 is accepted. Previous versions allowed the keywords
-<emphasis remap='B'>propose</emphasis> or <emphasis remap='B'>permit</emphasis>
-that would allow either IKEv1 or IKEv2, but this is no longer supported. The
-permit option is interpreted as no and the propose option is interpreted as yes.
+<emphasis remap='B'>propose</emphasis>, <emphasis remap='B'>yes</emphasis> or <emphasis remap='B'>permit</emphasis>
+that would allow either IKEv1 or IKEv2, but this is no longer supported and both options
+now cause the connection to fail to load. <emphasis remap='B'>WARNING:</emphasis> This behaviour differs from upstream
+libreswan, which only accepts <emphasis remap='B'>yes</emphasis> or <emphasis remap='B'>no</emphasis> where yes means
+the same as insist.
</para>
</listitem>
</varlistentry>
diff -Naur libreswan-3.28-orig/programs/whack/whack.c libreswan-3.28/programs/whack/whack.c
--- libreswan-3.28-orig/programs/whack/whack.c 2019-05-20 23:01:54.000000000 -0400
+++ libreswan-3.28/programs/whack/whack.c 2019-05-21 17:01:37.868865569 -0400
@@ -741,7 +741,7 @@
PS("ikev1-allow", IKEV1_ALLOW),
PS("ikev2-allow", IKEV2_ALLOW),
- PS("ikev2-propose", IKEV2_ALLOW), /* map onto allow */
+ /* not in RHEL8 PS("ikev2-propose", IKEV2_ALLOW),*/
PS("allow-narrowing", IKEV2_ALLOW_NARROWING),
#ifdef XAUTH_HAVE_PAM
@@ -1683,7 +1683,7 @@
/* --ikev1-allow */
case CDP_SINGLETON + POLICY_IKEV1_ALLOW_IX:
- /* --ikev2-allow (now also --ikev2-propose) */
+ /* --ikev2-allow */
case CDP_SINGLETON + POLICY_IKEV2_ALLOW_IX:
/* --allow-narrowing */

View File

@ -0,0 +1,38 @@
diff -Naur libreswan-3.29-orig/programs/show/show.in libreswan-3.29/programs/show/show.in
--- libreswan-3.29-orig/programs/show/show.in 2019-07-31 20:03:51.794714920 -0400
+++ libreswan-3.29/programs/show/show.in 2019-07-31 20:02:38.792224647 -0400
@@ -1,7 +1,7 @@
#!/usr/bin/python
import sys
-import commands
+import subprocess
import argparse
try:
import ipaddress
@@ -42,14 +42,14 @@
source = args.source
else:
getsrccmd = "ip -o ro get %s" % dest
- status, output = commands.getstatusoutput(getsrccmd)
+ output = subprocess.getoutput([getsrccmd])
try:
source = output.split("src")[1].strip().split(" ")[0]
except Exception:
sys.exit("failed to find source ip for destination %s" % dest)
if args.debug:
- print "Need to find matching IPsec policy for %s/32 <=> %s/32" % (source, dest)
+ print("Need to find matching IPsec policy for %s/32 <=> %s/32" % (source, dest))
if dest:
if "/" in source:
@@ -65,7 +65,7 @@
sys.exit(1)
ipxfrmcmd = 'ip -o xfrm pol | grep -v socket | grep "dir out"'
- status, output = commands.getstatusoutput(ipxfrmcmd)
+ output = subprocess.getoutput([ipxfrmcmd])
polsrc = ""
poldst = ""
for line in output.split("\n"):

View File

@ -0,0 +1,770 @@
diff -Naur libreswan-3.29-orig/lib/libswan/ike_alg_aes.c libreswan-3.29/lib/libswan/ike_alg_aes.c
--- libreswan-3.29-orig/lib/libswan/ike_alg_aes.c 2019-06-10 10:22:04.000000000 -0400
+++ libreswan-3.29/lib/libswan/ike_alg_aes.c 2019-08-11 13:31:13.849294693 -0400
@@ -23,14 +23,21 @@
#include "constants.h" /* for BYTES_FOR_BITS() */
#include "ietf_constants.h"
+
#include "ike_alg.h"
+#include "ike_alg_encrypt.h"
+#include "ike_alg_integ.h"
+#include "ike_alg_prf.h"
+
#include "ike_alg_encrypt_nss_cbc_ops.h"
#include "ike_alg_encrypt_nss_ctr_ops.h"
#include "ike_alg_encrypt_nss_gcm_ops.h"
+#ifdef CKM_AES_XCBC_MAC
+#include "ike_alg_prf_nss_ops.h"
+#else
#include "ike_alg_prf_nss_xcbc_ops.h"
-#include "ike_alg_encrypt.h"
-#include "ike_alg_integ.h"
-#include "ike_alg_prf.h"
+#endif
+
#include "sadb.h"
const struct encrypt_desc ike_alg_encrypt_aes_cbc = {
@@ -313,6 +320,7 @@
.encrypt_kernel_audit_name = "AES_CCM_C",
};
+#ifdef USE_PRF_AES_XCBC
const struct prf_desc ike_alg_prf_aes_xcbc = {
.common = {
.name = "aes_xcbc",
@@ -326,14 +334,23 @@
},
.fips = false,
},
+#ifdef CKM_AES_XCBC_MAC
+ .nss = {
+ .mechanism = CKM_AES_XCBC_MAC,
+ },
+ .prf_ops = &ike_alg_prf_nss_ops,
+#else
+ /* XXX: NSS encryption algorithm used by custom XCBC */
.nss = {
.mechanism = CKM_AES_ECB,
},
+ .prf_ops = &ike_alg_prf_nss_xcbc_ops,
+#endif
.prf_key_size = BYTES_FOR_BITS(128),
.prf_output_size = BYTES_FOR_BITS(128),
- .prf_ops = &ike_alg_prf_nss_xcbc_ops,
.prf_ike_audit_name = "aes_xcbc",
};
+#endif
const struct integ_desc ike_alg_integ_aes_xcbc = {
.common = {
@@ -351,7 +368,7 @@
.integ_keymat_size = AES_XCBC_DIGEST_SIZE,
.integ_output_size = AES_XCBC_DIGEST_SIZE_TRUNC, /* XXX 96 */
.integ_ikev1_ah_transform = AH_AES_XCBC_MAC,
-#ifdef USE_XCBC
+#ifdef USE_PRF_AES_XCBC
.prf = &ike_alg_prf_aes_xcbc,
#endif
#ifdef SADB_X_AALG_AES_XCBC_MAC
diff -Naur libreswan-3.29-orig/lib/libswan/ike_alg.c libreswan-3.29/lib/libswan/ike_alg.c
--- libreswan-3.29-orig/lib/libswan/ike_alg.c 2019-06-10 10:22:04.000000000 -0400
+++ libreswan-3.29/lib/libswan/ike_alg.c 2019-08-11 13:31:13.850294706 -0400
@@ -478,7 +478,7 @@
&ike_alg_prf_sha2_384,
&ike_alg_prf_sha2_512,
#endif
-#ifdef USE_XCBC
+#ifdef USE_PRF_AES_XCBC
&ike_alg_prf_aes_xcbc,
#endif
};
diff -Naur libreswan-3.29-orig/lib/libswan/ike_alg_md5.c libreswan-3.29/lib/libswan/ike_alg_md5.c
--- libreswan-3.29-orig/lib/libswan/ike_alg_md5.c 2019-06-10 10:22:04.000000000 -0400
+++ libreswan-3.29/lib/libswan/ike_alg_md5.c 2019-08-11 13:31:13.851294720 -0400
@@ -26,7 +26,7 @@
#include "ike_alg_hash.h"
#include "ike_alg_prf.h"
#include "ike_alg_hash_nss_ops.h"
-#include "ike_alg_prf_hmac_ops.h"
+#include "ike_alg_prf_nss_ops.h"
#include "sadb.h"
const struct hash_desc ike_alg_hash_md5 = {
@@ -63,10 +63,13 @@
[IKEv2_ALG_ID] = IKEv2_PRF_HMAC_MD5,
},
},
+ .nss = {
+ .mechanism = CKM_MD5_HMAC,
+ },
.prf_key_size = MD5_DIGEST_SIZE,
.prf_output_size = MD5_DIGEST_SIZE,
.hasher = &ike_alg_hash_md5,
- .prf_ops = &ike_alg_prf_hmac_ops,
+ .prf_ops = &ike_alg_prf_nss_ops,
.prf_ike_audit_name = "md5",
};
diff -Naur libreswan-3.29-orig/mk/config.mk libreswan-3.29/mk/config.mk
--- libreswan-3.29-orig/mk/config.mk 2019-08-11 13:30:45.756906229 -0400
+++ libreswan-3.29/mk/config.mk 2019-08-11 13:31:13.852294734 -0400
@@ -239,6 +239,18 @@
NSS_UTIL_LDFLAGS ?= -lnssutil3
NSPR_LDFLAGS ?= -lnspr4
+# Use the NSS Key Derivation Function (KDF) instead of using the NSS
+# secure hash functions to build our own PRF. With this enabled,
+# libreswan itself no longer needs to be FIPS validated.
+# Requires NSS >= 3.44
+USE_NSS_PRF?=false
+ifeq ($(USE_NSS_PRF),true)
+NSSFLAGS+=-DUSE_NSS_PRF
+USE_NSS_AVA_COPY=false
+endif
+
+#
+#
# Use local copy of nss function CERT_CompareAVA
# See https://bugzilla.mozilla.org/show_bug.cgi?id=1336487
# This work-around is needed with nss versions before 3.30.
diff -Naur libreswan-3.29-orig/mk/userland-cflags.mk libreswan-3.29/mk/userland-cflags.mk
--- libreswan-3.29-orig/mk/userland-cflags.mk 2019-06-10 10:22:04.000000000 -0400
+++ libreswan-3.29/mk/userland-cflags.mk 2019-08-11 13:31:13.853294748 -0400
@@ -269,9 +269,10 @@
LIBTWOFISH= ${OBJDIRTOP}/lib/libcrypto/libtwofish/libtwofish.a
endif
-USE_XCBC ?= true
-ifeq ($(USE_XCBC),true)
-USERLAND_CFLAGS += -DUSE_XCBC
+# Requires NSS >= 3.44 or backport
+USE_PRF_AES_XCBC ?= true
+ifeq ($(USE_PRF_AES_XCBC),true)
+USERLAND_CFLAGS += -DUSE_PRF_AES_XCBC
endif
#
diff -Naur libreswan-3.29-orig/programs/pluto/crypt_symkey.c libreswan-3.29/programs/pluto/crypt_symkey.c
--- libreswan-3.29-orig/programs/pluto/crypt_symkey.c 2019-06-10 10:22:04.000000000 -0400
+++ libreswan-3.29/programs/pluto/crypt_symkey.c 2019-08-11 13:31:13.854294762 -0400
@@ -15,7 +15,6 @@
* for more details.
*/
-#include "libreswan.h"
#include "lswalloc.h"
#include "lswlog.h"
#include "ike_alg.h"
@@ -23,6 +22,7 @@
#include "crypto.h"
#include "lswfips.h"
#include "lswnss.h"
+#include "crypt_prf.h" /* hack */
#define SPACES " "
@@ -590,9 +590,51 @@
PK11SymKey *prf_key_from_symkey_bytes(const char *name,
const struct prf_desc *prf,
- size_t symkey_start_byte, size_t sizeof_symkey,
+ size_t symkey_start_byte, size_t symkey_size,
PK11SymKey *source_key)
{
+#ifdef CKM_AES_XCBC_MAC
+ if (prf->nss.mechanism == CKM_AES_XCBC_MAC &&
+ symkey_size != prf->prf_key_size) {
+ PK11SymKey *tmp = symkey_from_symkey("tmp", source_key,
+ CKM_VENDOR_DEFINED, /*flags*/0,
+ symkey_start_byte, symkey_size);
+ /*
+ * code lifted from ike_alg_prf_nss_xcbc_ops.c
+ */
+ size_t dkey_sz = sizeof_symkey(tmp);
+ if (dkey_sz < prf->prf_key_size) {
+ DBGF(DBG_CRYPT, "XCBC: Key %zd<%zd too small, padding with zeros",
+ dkey_sz, prf->prf_key_size);
+ /*
+ * right pad with zeros
+ */
+ chunk_t zeros = alloc_chunk(prf->prf_key_size - dkey_sz, "zeros");
+ append_symkey_chunk(&tmp, zeros);
+ freeanychunk(zeros);
+ } else {
+ pexpect(dkey_sz > prf->prf_key_size);
+ DBGF(DBG_CRYPT, "XCBC: Key %zd>%zd too big, rehashing to size",
+ dkey_sz, prf->prf_key_size);
+ /*
+ * put the key through the mac with a zero
+ * key; recursive
+ */
+ chunk_t zeros = alloc_chunk(prf->prf_key_size, "zeros");
+ PK11SymKey *zero_key = prf_key_from_bytes("zeros", prf, zeros.ptr, zeros.len);
+ freeanychunk(zeros);
+ struct crypt_prf *xmac = crypt_prf_init_symkey("xmac", prf, "zero", zero_key);
+ crypt_prf_update_symkey(xmac, "tmp", tmp);
+ PK11SymKey *tmp2 = crypt_prf_final_symkey(&xmac);
+ release_symkey(name, "tmp2", &tmp);
+ tmp = tmp2;
+ }
+ PK11SymKey *key = symkey_from_symkey(name, tmp, CKM_AES_XCBC_MAC, CKF_SIGN,
+ 0, prf->prf_key_size);
+ release_symkey(name, "tmp", &tmp);
+ return key;
+ }
+#endif
/*
* NSS expects a key's mechanism to match the NSS algorithm
* the key is intended for. If this is wrong then the
@@ -614,7 +656,7 @@
mechanism = prf->nss.mechanism;
}
return symkey_from_symkey(name, source_key, mechanism, flags,
- symkey_start_byte, sizeof_symkey);
+ symkey_start_byte, symkey_size);
}
/*
@@ -656,9 +698,13 @@
PK11SymKey *key_from_symkey_bytes(PK11SymKey *source_key,
size_t next_byte, size_t sizeof_key)
{
- return symkey_from_symkey("result", source_key,
- CKM_EXTRACT_KEY_FROM_KEY,
- 0, next_byte, sizeof_key);
+ if (sizeof_key == 0) {
+ return NULL;
+ } else {
+ return symkey_from_symkey("result", source_key,
+ CKM_EXTRACT_KEY_FROM_KEY,
+ 0, next_byte, sizeof_key);
+ }
}
/*
diff -Naur libreswan-3.29-orig/programs/pluto/ikev1_prf.c libreswan-3.29/programs/pluto/ikev1_prf.c
--- libreswan-3.29-orig/programs/pluto/ikev1_prf.c 2019-06-10 10:22:04.000000000 -0400
+++ libreswan-3.29/programs/pluto/ikev1_prf.c 2019-08-11 13:31:13.855294776 -0400
@@ -17,8 +17,11 @@
* for more details.
*/
+#include "lswlog.h" /* for LSWLOG_PEXPECT() */
+
#include "ikev1_prf.h"
+#include "ike_alg.h"
#include "crypt_prf.h"
#include "crypt_symkey.h"
@@ -32,6 +35,25 @@
const chunk_t Nr,
/*const*/ PK11SymKey *dh_secret /* NSS doesn't do const */)
{
+#ifdef USE_NSS_PRF
+ CK_NSS_IKE_PRF_DERIVE_PARAMS ike_prf_params = {
+ .prfMechanism = prf_desc->nss.mechanism,
+ .bDataAsKey = CK_TRUE,
+ .bRekey = CK_FALSE,
+ .pNi = Ni.ptr,
+ .ulNiLen = Ni.len,
+ .pNr = Nr.ptr,
+ .ulNrLen = Nr.len,
+ };
+ SECItem params = {
+ .data = (unsigned char *)&ike_prf_params,
+ .len = sizeof(ike_prf_params),
+ };
+
+ return PK11_Derive(dh_secret, CKM_NSS_IKE_PRF_DERIVE, &params,
+ CKM_NSS_IKE1_PRF_DERIVE, CKA_DERIVE,
+ 0);
+#else
/* key = Ni|Nr */
chunk_t key = clone_chunk_chunk(Ni, Nr, "key = Ni|Nr");
struct crypt_prf *prf = crypt_prf_init_chunk("SKEYID sig",
@@ -42,6 +64,7 @@
crypt_prf_update_symkey(prf, "g^xy", dh_secret);
/* generate */
return crypt_prf_final_symkey(&prf);
+#endif
}
/*
@@ -51,6 +74,33 @@
chunk_t pre_shared_key,
chunk_t Ni, chunk_t Nr)
{
+#ifdef USE_NSS_PRF
+ PK11SymKey *psk = prf_key_from_bytes("psk", prf_desc,
+ pre_shared_key.ptr, pre_shared_key.len);
+ PK11SymKey *skeyid;
+ if (psk == NULL) {
+ return NULL;
+ }
+
+ CK_NSS_IKE_PRF_DERIVE_PARAMS ike_prf_params = {
+ .prfMechanism = prf_desc->nss.mechanism,
+ .bDataAsKey = CK_FALSE,
+ .bRekey = CK_FALSE,
+ .pNi = Ni.ptr,
+ .ulNiLen = Ni.len,
+ .pNr = Nr.ptr,
+ .ulNrLen = Nr.len,
+ };
+ SECItem params = {
+ .data = (unsigned char *)&ike_prf_params,
+ .len = sizeof(ike_prf_params),
+ };
+ skeyid = PK11_Derive(psk, CKM_NSS_IKE_PRF_DERIVE, &params,
+ CKM_NSS_IKE1_PRF_DERIVE, CKA_DERIVE,
+ 0 );
+ release_symkey("SKEYID psk", "psk", &psk);
+ return skeyid;
+#else
/* key = pre-shared-key */
struct crypt_prf *prf = crypt_prf_init_chunk("SKEYID psk", prf_desc,
"psk", pre_shared_key);
@@ -59,6 +109,7 @@
crypt_prf_update_chunk(prf, "Nr", Nr);
/* generate */
return crypt_prf_final_symkey(&prf);
+#endif
}
/*
@@ -69,6 +120,26 @@
PK11SymKey *dh_secret,
chunk_t cky_i, chunk_t cky_r)
{
+#ifdef USE_NSS_PRF
+ CK_NSS_IKE1_PRF_DERIVE_PARAMS ike1_prf_params = {
+ .prfMechanism = prf_desc->nss.mechanism,
+ .bHasPrevKey = CK_FALSE,
+ .hKeygxy = PK11_GetSymKeyHandle(dh_secret),
+ .pCKYi = cky_i.ptr,
+ .ulCKYiLen = cky_i.len,
+ .pCKYr = cky_r.ptr,
+ .ulCKYrLen = cky_r.len,
+ .keyNumber = 0,
+ };
+ SECItem params = {
+ .data = (unsigned char *)&ike1_prf_params,
+ .len = sizeof(ike1_prf_params),
+ };
+
+ return PK11_Derive(skeyid, CKM_NSS_IKE1_PRF_DERIVE, &params,
+ CKM_EXTRACT_KEY_FROM_KEY, CKA_DERIVE,
+ 0);
+#else
/* key = SKEYID */
struct crypt_prf *prf = crypt_prf_init_symkey("SKEYID_d", prf_desc,
"SKEYID", skeyid);
@@ -79,6 +150,7 @@
crypt_prf_update_byte(prf, "0", 0);
/* generate */
return crypt_prf_final_symkey(&prf);
+#endif
}
/*
@@ -89,6 +161,27 @@
PK11SymKey *skeyid_d, PK11SymKey *dh_secret,
chunk_t cky_i, chunk_t cky_r)
{
+#ifdef USE_NSS_PRF
+ CK_NSS_IKE1_PRF_DERIVE_PARAMS ike1_prf_params = {
+ .prfMechanism = prf_desc->nss.mechanism,
+ .bHasPrevKey = CK_TRUE,
+ .hKeygxy = PK11_GetSymKeyHandle(dh_secret),
+ .hPrevKey = PK11_GetSymKeyHandle(skeyid_d),
+ .pCKYi = cky_i.ptr,
+ .ulCKYiLen = cky_i.len,
+ .pCKYr = cky_r.ptr,
+ .ulCKYrLen = cky_r.len,
+ .keyNumber = 1,
+ };
+ SECItem params = {
+ .data = (unsigned char *)&ike1_prf_params,
+ .len = sizeof(ike1_prf_params),
+ };
+
+ return PK11_Derive(skeyid, CKM_NSS_IKE1_PRF_DERIVE, &params,
+ CKM_EXTRACT_KEY_FROM_KEY, CKA_DERIVE,
+ 0);
+#else
/* key = SKEYID */
struct crypt_prf *prf = crypt_prf_init_symkey("SKEYID_a", prf_desc,
"SKEYID", skeyid);
@@ -100,6 +193,7 @@
crypt_prf_update_byte(prf, "1", 1);
/* generate */
return crypt_prf_final_symkey(&prf);
+#endif
}
/*
@@ -110,6 +204,27 @@
PK11SymKey *skeyid_a, PK11SymKey *dh_secret,
chunk_t cky_i, chunk_t cky_r)
{
+#ifdef USE_NSS_PRF
+ CK_NSS_IKE1_PRF_DERIVE_PARAMS ike1_prf_params = {
+ .prfMechanism = prf_desc->nss.mechanism,
+ .bHasPrevKey = CK_TRUE,
+ .hKeygxy = PK11_GetSymKeyHandle(dh_secret),
+ .hPrevKey = PK11_GetSymKeyHandle(skeyid_a),
+ .pCKYi = cky_i.ptr,
+ .ulCKYiLen = cky_i.len,
+ .pCKYr = cky_r.ptr,
+ .ulCKYrLen = cky_r.len,
+ .keyNumber = 2,
+ };
+ SECItem params = {
+ .data = (unsigned char *)&ike1_prf_params,
+ .len = sizeof(ike1_prf_params),
+ };
+
+ return PK11_Derive(skeyid, CKM_NSS_IKE1_PRF_DERIVE, &params,
+ CKM_EXTRACT_KEY_FROM_KEY, CKA_DERIVE,
+ 0);
+#else
/* key = SKEYID */
struct crypt_prf *prf = crypt_prf_init_symkey("SKEYID_e", prf_desc,
"SKEYID", skeyid);
@@ -121,6 +236,7 @@
crypt_prf_update_byte(prf, "2", 2);
/* generate */
return crypt_prf_final_symkey(&prf);
+#endif
}
PK11SymKey *appendix_b_keymat_e(const struct prf_desc *prf_desc,
@@ -128,6 +244,20 @@
PK11SymKey *skeyid_e,
unsigned required_keymat)
{
+#ifdef USE_NSS_PRF
+ CK_MECHANISM_TYPE mechanism = prf_desc->nss.mechanism;
+ CK_MECHANISM_TYPE target = encrypter->nss.mechanism;
+ SECItem params = {
+ .data = (unsigned char *)&mechanism,
+ .len = sizeof(mechanism),
+ };
+ /* for when ENCRYPTER isn't NSS */
+ if (target == 0) target = CKM_EXTRACT_KEY_FROM_KEY;
+
+ return PK11_DeriveWithFlags(skeyid_e, CKM_NSS_IKE1_APP_B_PRF_DERIVE,
+ &params, target, CKA_ENCRYPT,
+ required_keymat, CKF_DECRYPT);
+#else
if (sizeof_symkey(skeyid_e) >= required_keymat) {
return encrypt_key_from_symkey_bytes("keymat", encrypter,
0, required_keymat,
@@ -160,4 +290,5 @@
keymat);
release_symkey(__func__, "keymat", &keymat);
return cryptkey;
+#endif
}
diff -Naur libreswan-3.29-orig/programs/pluto/ikev2_prf.c libreswan-3.29/programs/pluto/ikev2_prf.c
--- libreswan-3.29-orig/programs/pluto/ikev2_prf.c 2019-06-10 10:22:04.000000000 -0400
+++ libreswan-3.29/programs/pluto/ikev2_prf.c 2019-08-11 13:33:13.680951735 -0400
@@ -32,12 +32,44 @@
/*
* IKEv2 - RFC4306 2.14 SKEYSEED - calculation.
*/
+#ifdef USE_NSS_PRF
+static PK11SymKey *ikev2_prfplus_key_data(
+ const struct prf_desc *prf_desc,
+ PK11SymKey *key,
+ PK11SymKey *seed_key,
+ chunk_t seed_data,
+ size_t required_keymat)
+{
+ CK_NSS_IKE_PRF_PLUS_DERIVE_PARAMS ike_prf_plus_params = {
+ .pSeedData = seed_data.ptr,
+ .ulSeedDataLen = seed_data.len,
+ .prfMechanism = prf_desc->nss.mechanism,
+ };
+ if (seed_key == NULL) {
+ ike_prf_plus_params.bHasSeedKey = CK_FALSE;
+ } else {
+ ike_prf_plus_params.bHasSeedKey = CK_TRUE;
+ ike_prf_plus_params.hSeedKey = PK11_GetSymKeyHandle(seed_key);
+ }
+ SECItem params = {
+ .data = (unsigned char *)&ike_prf_plus_params,
+ .len = sizeof(ike_prf_plus_params),
+ };
+
+ return PK11_Derive(key, CKM_NSS_IKE_PRF_PLUS_DERIVE, &params,
+ CKM_EXTRACT_KEY_FROM_KEY, CKA_DERIVE,
+ required_keymat);
+}
+#endif
PK11SymKey *ikev2_prfplus(const struct prf_desc *prf_desc,
PK11SymKey *key,
PK11SymKey *seed,
size_t required_keymat)
{
+#ifdef USE_NSS_PRF
+ return ikev2_prfplus_key_data(prf_desc, key, seed, empty_chunk, required_keymat);
+#else
uint8_t count = 1;
/* T1(prfplus) = prf(KEY, SEED|1) */
@@ -66,6 +98,7 @@
}
release_symkey(__func__, "old_t[final]", &old_t);
return prfplus;
+#endif
}
/*
@@ -77,6 +110,33 @@
const chunk_t Ni, const chunk_t Nr,
PK11SymKey *dh_secret)
{
+
+#ifdef USE_NSS_PRF
+ int is_aes_prf = 0;
+ switch (prf_desc->common.id[IKEv2_ALG_ID]) {
+ case IKEv2_PRF_AES128_CMAC:
+ case IKEv2_PRF_AES128_XCBC:
+ is_aes_prf = 1;
+ }
+
+ CK_NSS_IKE_PRF_DERIVE_PARAMS ike_prf_params = {
+ .prfMechanism = prf_desc->nss.mechanism,
+ .bDataAsKey = CK_TRUE,
+ .bRekey = CK_FALSE,
+ .pNi = Ni.ptr,
+ .ulNiLen = is_aes_prf ? BYTES_FOR_BITS(64) : Ni.len,
+ .pNr = Nr.ptr,
+ .ulNrLen = is_aes_prf ? BYTES_FOR_BITS(64) : Nr.len,
+ };
+ SECItem params = {
+ .data = (unsigned char *)&ike_prf_params,
+ .len = sizeof(ike_prf_params),
+ };
+
+ return PK11_Derive(dh_secret, CKM_NSS_IKE_PRF_DERIVE, &params,
+ CKM_NSS_IKE_PRF_PLUS_DERIVE, CKA_DERIVE,
+ 0);
+#else
/*
* 2.14. Generating Keying Material for the IKE SA
*
@@ -117,6 +177,7 @@
crypt_prf_update_symkey(prf, "g^ir", dh_secret);
/* generate */
return crypt_prf_final_symkey(&prf);
+#endif
}
/*
@@ -127,6 +188,26 @@
PK11SymKey *new_dh_secret,
const chunk_t Ni, const chunk_t Nr)
{
+#ifdef USE_NSS_PRF
+ CK_NSS_IKE_PRF_DERIVE_PARAMS ike_prf_params = {
+ .prfMechanism = prf_desc->nss.mechanism,
+ .bDataAsKey = CK_FALSE,
+ .bRekey = CK_TRUE,
+ .hNewKey = PK11_GetSymKeyHandle(new_dh_secret),
+ .pNi = Ni.ptr,
+ .ulNiLen = Ni.len,
+ .pNr = Nr.ptr,
+ .ulNrLen = Nr.len,
+ };
+ SECItem params = {
+ .data = (unsigned char *)&ike_prf_params,
+ .len = sizeof(ike_prf_params),
+ };
+
+ return PK11_Derive(SK_d_old, CKM_NSS_IKE_PRF_DERIVE, &params,
+ CKM_NSS_IKE_PRF_PLUS_DERIVE, CKA_DERIVE,
+ 0);
+#else
/* key = SK_d (old) */
struct crypt_prf *prf = crypt_prf_init_symkey("ike sa rekey skeyseed", prf_desc,
"SK_d (old)", SK_d_old);
@@ -141,6 +222,7 @@
crypt_prf_update_chunk(prf, "Nr", Nr);
/* generate */
return crypt_prf_final_symkey(&prf);
+#endif
}
/*
@@ -152,6 +234,17 @@
const ike_spis_t *SPIir,
size_t required_bytes)
{
+#ifdef USE_NSS_PRF
+ chunk_t seed_data;
+ PK11SymKey *prf_plus;
+
+ seed_data = clone_chunk_chunk(Ni, Nr, "seed_data = Ni || Nr");
+ append_chunk_bytes("seed_data = Nir || SPIi", &seed_data, &SPIir->initiator, sizeof(SPIir->initiator));
+ append_chunk_bytes("seed_data = Nir || SPIir", &seed_data, &SPIir->responder, sizeof(SPIir->responder));
+ prf_plus = ikev2_prfplus_key_data(prf_desc, skeyseed, NULL, seed_data, required_bytes);
+ freeanychunk(seed_data);
+ return prf_plus;
+#else
PK11SymKey *data = symkey_from_chunk("data", Ni);
append_symkey_chunk(&data, Nr);
append_symkey_bytes(&data, &SPIir->initiator, sizeof(SPIir->initiator));
@@ -161,6 +254,7 @@
required_bytes);
release_symkey(__func__, "data", &data);
return prfplus;
+#endif
}
/*
@@ -172,6 +266,24 @@
const chunk_t Ni, const chunk_t Nr,
size_t required_bytes)
{
+ if (required_bytes == 0) {
+ /*
+ * For instance esp=null-none. Caller should
+ * interpret NULL to mean empty (NSS doesn't create
+ * zero length keys).
+ */
+ dbg("No CHILD SA KEMAT is required");
+ return NULL;
+ }
+#ifdef USE_NSS_PRF
+ chunk_t seed_data;
+ PK11SymKey *prf_plus;
+
+ seed_data = clone_chunk_chunk(Ni, Nr, "seed_data = Ni || Nr");
+ prf_plus = ikev2_prfplus_key_data(prf_desc, SK_d, new_dh_secret, seed_data, required_bytes);
+ freeanychunk(seed_data);
+ return prf_plus;
+#else
PK11SymKey *data;
if (new_dh_secret == NULL) {
data = symkey_from_chunk("data", Ni);
@@ -185,4 +297,5 @@
required_bytes);
release_symkey(__func__, "data", &data);
return prfplus;
+#endif
}
diff -Naur libreswan-3.29-orig/programs/pluto/ikev2_psk.c libreswan-3.29/programs/pluto/ikev2_psk.c
--- libreswan-3.29-orig/programs/pluto/ikev2_psk.c 2019-06-10 10:22:04.000000000 -0400
+++ libreswan-3.29/programs/pluto/ikev2_psk.c 2019-08-11 13:31:13.858294817 -0400
@@ -181,6 +181,36 @@
PK11SymKey *prf_psk;
{
+ static const char psk_key_pad_str[] = "Key Pad for IKEv2"; /* RFC 4306 2:15 */
+#ifdef USE_NSS_PRF
+ CK_NSS_IKE_PRF_DERIVE_PARAMS ike_prf_params;
+ SECItem params;
+ CK_MECHANISM_TYPE prf_mech = st->st_oakley.ta_prf->nss.mechanism;
+ PK11SymKey *pss_key = prf_key_from_bytes("pss", st->st_oakley.ta_prf,
+ pss->ptr, pss->len);
+ if (pss_key == NULL) {
+ if (libreswan_fipsmode()) {
+ PASSERT_FAIL("FIPS: failure creating %s PRF context for digesting PSK",
+ st->st_oakley.ta_prf->common.name);
+ }
+ loglog(RC_LOG_SERIOUS,
+ "failure creating %s PRF context for digesting PSK",
+ st->st_oakley.ta_prf->common.name);
+ return FALSE;
+ }
+
+ ike_prf_params.prfMechanism = prf_mech;
+ ike_prf_params.bDataAsKey = CK_FALSE;
+ ike_prf_params.bRekey = CK_FALSE;
+ ike_prf_params.pNi = (CK_BYTE_PTR) psk_key_pad_str;
+ ike_prf_params.ulNiLen = sizeof(psk_key_pad_str) - 1;
+ ike_prf_params.pNr = NULL;
+ ike_prf_params.ulNrLen = 0;
+ params.data = (unsigned char *)&ike_prf_params;
+ params.len = sizeof(ike_prf_params);
+ prf_psk = PK11_Derive(pss_key, CKM_NSS_IKE_PRF_DERIVE, &params, prf_mech, CKA_SIGN, 0);
+ release_symkey("psk pss_key", "pss_key", &pss_key);
+#else
struct crypt_prf *prf =
crypt_prf_init_chunk("<prf-psk> = prf(<psk>,\"Key Pad for IKEv2\")",
st->st_oakley.ta_prf,
@@ -196,12 +226,11 @@
return FALSE;
}
- static const char psk_key_pad_str[] = "Key Pad for IKEv2"; /* RFC 4306 2:15 */
-
crypt_prf_update_bytes(prf, psk_key_pad_str, /* name */
psk_key_pad_str,
sizeof(psk_key_pad_str) - 1);
prf_psk = crypt_prf_final_symkey(&prf);
+#endif
}
/* calculate outer prf */
diff -Naur libreswan-3.29-orig/programs/pluto/plutomain.c libreswan-3.29/programs/pluto/plutomain.c
--- libreswan-3.29-orig/programs/pluto/plutomain.c 2019-06-10 10:22:04.000000000 -0400
+++ libreswan-3.29/programs/pluto/plutomain.c 2019-08-11 13:31:13.859294831 -0400
@@ -189,6 +189,11 @@
#ifdef NSS_IPSEC_PROFILE
" (IPsec profile)"
#endif
+#ifdef USE_NSS_PRF
+ " (NSS-PRF)"
+#else
+ " (native-PRF)"
+#endif
#ifdef USE_DNSSEC
" DNSSEC"
#endif
diff -Naur libreswan-3.29-orig/programs/pluto/prf_test_vectors.c libreswan-3.29/programs/pluto/prf_test_vectors.c
--- libreswan-3.29-orig/programs/pluto/prf_test_vectors.c 2019-06-10 10:22:04.000000000 -0400
+++ libreswan-3.29/programs/pluto/prf_test_vectors.c 2019-08-11 13:31:13.860294845 -0400
@@ -34,6 +34,7 @@
* Ref: https://tools.ietf.org/html/rfc4435: Test Vectors
*/
+#ifdef USE_PRF_AES_XCBC
const struct prf_test_vectors aes_xcbc_prf_tests = {
.prf = &ike_alg_prf_aes_xcbc,
.tests = {
@@ -105,6 +106,10 @@
.message = "0x000102030405060708090a0b0c0d0e0f10111213",
.prf_output = "0x47f51b4564966215b8985c63055ed308",
},
+ /*
+ * XXX: for some reason NSS explodes when trying to
+ * create a non-standard AES_XCBC_MAC key.
+ */
{
.description = "Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)",
.key = "0x00010203040506070809",
@@ -124,7 +129,9 @@
}
},
};
+#endif
+/* So far we only have AES_XCBC PRF test vectors :/ */
static bool test_prf_vector(const struct prf_desc *prf,
const struct prf_test_vector *test)
{
@@ -137,7 +144,6 @@
: alloc_chunk(test->message_size, __func__);
chunk_t prf_output = decode_to_chunk(__func__, test->prf_output);
-
/* chunk interface */
struct crypt_prf *chunk_prf = crypt_prf_init_chunk("PRF chunk interface", prf,
"key", chunk_key);

View File

@ -0,0 +1,301 @@
diff -Naur libreswan-3.29-orig/programs/pluto/ikev1.c libreswan-3.29/programs/pluto/ikev1.c
--- libreswan-3.29-orig/programs/pluto/ikev1.c 2019-06-26 22:03:27.801184503 -0400
+++ libreswan-3.29/programs/pluto/ikev1.c 2019-06-27 13:26:11.443969779 -0400
@@ -2675,6 +2675,12 @@
passert(st != NULL);
pexpect(!state_is_busy(st));
+ if (result > STF_OK) {
+ if (st != NULL) {
+ linux_audit_conn(md->st, IS_IKE_SA_ESTABLISHED(md->st) ? LAK_CHILD_FAIL : LAK_PARENT_FAIL);
+ }
+ }
+
switch (result) {
case STF_OK:
{
diff -Naur libreswan-3.29-orig/programs/pluto/ikev1_quick.c libreswan-3.29/programs/pluto/ikev1_quick.c
--- libreswan-3.29-orig/programs/pluto/ikev1_quick.c 2019-06-26 22:03:27.803184531 -0400
+++ libreswan-3.29/programs/pluto/ikev1_quick.c 2019-06-27 13:23:53.787080070 -0400
@@ -1663,6 +1663,9 @@
if (!install_inbound_ipsec_sa(st))
return STF_INTERNAL_ERROR; /* ??? we may be partly committed */
+ /* we only audit once for IPsec SA's, we picked the inbound SA */
+ linux_audit_conn(st, LAK_CHILD_START);
+
/* encrypt message, except for fixed part of header */
if (!ikev1_encrypt_message(&rbody, st)) {
diff -Naur libreswan-3.29-orig/programs/pluto/ikev2.c libreswan-3.29/programs/pluto/ikev2.c
--- libreswan-3.29-orig/programs/pluto/ikev2.c 2019-06-10 10:22:04.000000000 -0400
+++ libreswan-3.29/programs/pluto/ikev2.c 2019-06-27 13:25:16.529215928 -0400
@@ -3204,6 +3204,13 @@
lswlog_v2_stf_status(buf, result);
}
+ /* audit log failures - success is audit logged in ikev2_ike_sa_established() */
+ if (result > STF_OK) {
+ if (st != NULL) {
+ linux_audit_conn(st, IS_IKE_SA_ESTABLISHED(st) ? LAK_CHILD_FAIL : LAK_PARENT_FAIL);
+ }
+ }
+
switch (result) {
case STF_SUSPEND:
diff -Naur libreswan-3.29-orig/programs/pluto/ikev2_child.c libreswan-3.29/programs/pluto/ikev2_child.c
--- libreswan-3.29-orig/programs/pluto/ikev2_child.c 2019-06-10 10:22:04.000000000 -0400
+++ libreswan-3.29/programs/pluto/ikev2_child.c 2019-06-27 13:23:53.788080084 -0400
@@ -102,6 +102,10 @@
return STF_OK;
}
+/*
+ * The caller could have done the linux_audit_conn() call, except one case
+ * here deletes the state before returning an STF error
+ */
stf_status ikev2_child_sa_respond(struct msg_digest *md,
pb_stream *outpbs,
enum isakmp_xchg_types isa_xchg)
diff -Naur libreswan-3.29-orig/programs/pluto/ikev2_parent.c libreswan-3.29/programs/pluto/ikev2_parent.c
--- libreswan-3.29-orig/programs/pluto/ikev2_parent.c 2019-06-10 10:22:04.000000000 -0400
+++ libreswan-3.29/programs/pluto/ikev2_parent.c 2019-06-27 13:23:53.789080097 -0400
@@ -239,6 +239,7 @@
c->newest_isakmp_sa = ike->sa.st_serialno;
v2_schedule_replace_event(&ike->sa);
ike->sa.st_viable_parent = TRUE;
+ linux_audit_conn(&ike->sa, LAK_PARENT_START);
pstat_sa_established(&ike->sa);
}
@@ -1581,6 +1582,24 @@
libreswan_log("IKE_AUTH response contained an unknown error notification (%d)", n);
} else {
libreswan_log("IKE_AUTH response contained the error notification %s", name);
+ /*
+ * There won't be a child state transition, so log if error is child related.
+ * see RFC 7296 Section 1.2
+ */
+ switch(n) {
+ case v2N_NO_PROPOSAL_CHOSEN:
+ case v2N_SINGLE_PAIR_REQUIRED:
+ case v2N_NO_ADDITIONAL_SAS:
+ case v2N_INTERNAL_ADDRESS_FAILURE:
+ case v2N_FAILED_CP_REQUIRED:
+ case v2N_TS_UNACCEPTABLE:
+ case v2N_INVALID_SELECTORS:
+ /* fallthrough */
+ linux_audit_conn(st, LAK_CHILD_FAIL);
+ break;
+ default:
+ break;
+ }
}
}
}
@@ -3063,10 +3082,6 @@
ikev2_ike_sa_established(pexpect_ike_sa(st), md->svm,
STATE_PARENT_R2);
-#ifdef USE_LINUX_AUDIT
- linux_audit_conn(st, LAK_PARENT_START);
-#endif
-
if (LHAS(st->hidden_variables.st_nat_traversal, NATED_HOST)) {
/* ensure we run keepalives if needed */
if (c->nat_keepalive)
@@ -3801,10 +3816,6 @@
ikev2_ike_sa_established(pexpect_ike_sa(pst), md->svm,
STATE_PARENT_I3);
-#ifdef USE_LINUX_AUDIT
- linux_audit_conn(st, LAK_PARENT_START);
-#endif
-
if (LHAS(st->hidden_variables.st_nat_traversal, NATED_HOST)) {
/* ensure we run keepalives if needed */
if (c->nat_keepalive)
diff -Naur libreswan-3.29-orig/programs/pluto/kernel.c libreswan-3.29/programs/pluto/kernel.c
--- libreswan-3.29-orig/programs/pluto/kernel.c 2019-06-10 10:22:04.000000000 -0400
+++ libreswan-3.29/programs/pluto/kernel.c 2019-06-27 13:23:53.790080111 -0400
@@ -3334,7 +3334,8 @@
}
#ifdef USE_LINUX_AUDIT
- linux_audit_conn(st, LAK_CHILD_START);
+ if (inbound_also)
+ linux_audit_conn(st, LAK_CHILD_START);
#endif
statetime_stop(&start, "%s()", __func__);
@@ -3378,8 +3379,13 @@
{
#ifdef USE_LINUX_AUDIT
/* XXX in IKEv2 we get a spurious call with a parent st :( */
- if (IS_CHILD_SA(st))
- linux_audit_conn(st, LAK_CHILD_DESTROY);
+ if (IS_CHILD_SA(st)) {
+ /* child destruction already logged for STATE_CHILDSA_DEL state */
+ if (st->st_esp.present || st->st_ah.present) {
+ /* ESP or AH means this was an established IPsec SA */
+ linux_audit_conn(st, LAK_CHILD_DESTROY);
+ }
+ }
#endif
switch (kern_interface) {
case USE_KLIPS:
diff -Naur libreswan-3.29-orig/programs/pluto/linux_audit.c libreswan-3.29/programs/pluto/linux_audit.c
--- libreswan-3.29-orig/programs/pluto/linux_audit.c 2019-06-10 10:22:04.000000000 -0400
+++ libreswan-3.29/programs/pluto/linux_audit.c 2019-06-27 13:24:21.474460154 -0400
@@ -176,12 +176,16 @@
zero(&cipher_str); /* OK: no pointer fields */
zero(&spi_str); /* OK: no pointer fields */
+ ip_address_buf raddr_buf;
+ const char *raddr = ipstr(&c->spd.that.host_addr, &raddr_buf);
+
switch (op) {
case LAK_PARENT_START:
case LAK_PARENT_DESTROY:
+ case LAK_PARENT_FAIL:
initiator = (st->st_original_role == ORIGINAL_INITIATOR) || IS_PHASE1_INIT(st->st_state);
snprintf(head, sizeof(head), "op=%s direction=%s %s connstate=%lu ike-version=%s auth=%s",
- op == LAK_PARENT_START ? "start" : "destroy",
+ op == LAK_PARENT_DESTROY ? "destroy" : "start", /* fail to start logged under op=start */
initiator ? "initiator" : "responder",
conn_encode,
st->st_serialno,
@@ -191,7 +195,8 @@
st->st_oakley.auth, &esb));
snprintf(prfname, sizeof(prfname), "%s",
- st->st_oakley.ta_prf->prf_ike_audit_name);
+ st->st_oakley.ta_prf == NULL ? "none" :
+ st->st_oakley.ta_prf->prf_ike_audit_name);
if (st->st_oakley.ta_integ == &ike_alg_integ_none) {
if (st->st_ike_version == IKEv1) {
@@ -220,18 +225,21 @@
}
snprintf(cipher_str, sizeof(cipher_str),
- "cipher=%s ksize=%d integ=%s prf=%s pfs=%s",
- st->st_oakley.ta_encrypt->encrypt_ike_audit_name,
+ "cipher=%s ksize=%d integ=%s prf=%s pfs=%s raddr=%s",
+ st->st_oakley.ta_encrypt == NULL ? "none" :
+ st->st_oakley.ta_encrypt->encrypt_ike_audit_name,
st->st_oakley.enckeylen,
integname, prfname,
- st->st_oakley.ta_dh->common.name);
+ st->st_oakley.ta_dh == NULL ? "none" :
+ st->st_oakley.ta_dh->common.name, raddr);
break;
case LAK_CHILD_START:
case LAK_CHILD_DESTROY:
+ case LAK_CHILD_FAIL:
{
snprintf(head, sizeof(head), "op=%s %s connstate=%lu, satype=%s samode=%s",
- op == LAK_CHILD_START ? "start" : "destroy",
+ op == LAK_CHILD_DESTROY ? "destroy" : "start", /* fail to start logged under op=start */
conn_encode,
st->st_serialno,
st->st_esp.present ? "ipsec-esp" : (st->st_ah.present ? "ipsec-ah" : "ipsec-policy"),
@@ -274,7 +282,7 @@
/* note: each arg appears twice because it is printed two ways */
snprintf(spi_str, sizeof(spi_str),
- "in-spi=%" PRIu32 "(0x%08" PRIu32 ") out-spi=%" PRIu32 "(0x%08" PRIu32 ") in-ipcomp=%" PRIu32 "(0x%08" PRIu32 ") out-ipcomp=%" PRIu32 "(0x%08" PRIu32 ")",
+ "in-spi=%" PRIu32 "(0x%08" PRIu32 ") out-spi=%" PRIu32 "(0x%08" PRIu32 ") in-ipcomp=%" PRIu32 "(0x%08" PRIu32 ") out-ipcomp=%" PRIu32 "(0x%08" PRIu32 ") raddr=%s",
ntohl(pi->attrs.spi),
ntohl(pi->attrs.spi),
ntohl(pi->our_spi),
@@ -282,7 +290,8 @@
ntohl(st->st_ipcomp.attrs.spi), /* zero if missing */
ntohl(st->st_ipcomp.attrs.spi), /* zero if missing */
ntohl(st->st_ipcomp.our_spi), /* zero if missing */
- ntohl(st->st_ipcomp.our_spi)); /* zero if missing */
+ ntohl(st->st_ipcomp.our_spi), /* zero if missing */
+ raddr);
break;
}
default:
@@ -290,21 +299,18 @@
}
free(conn_encode); /* allocated by audit_encode_nv_string() */
- ip_address_buf laddr_buf;
- const char *laddr = ipstr(&c->spd.this.host_addr, &laddr_buf);
-
- ip_address_buf raddr_buf;
- const char *raddr = ipstr(&c->spd.that.host_addr, &raddr_buf);
-
- snprintf(audit_str, sizeof(audit_str), "%s %s %s laddr=%s",
+ snprintf(audit_str, sizeof(audit_str), "%s %s %s",
head,
cipher_str,
- spi_str,
- laddr);
+ spi_str);
+
+ ip_address_buf laddr_buf;
+ const char *laddr = ipstr(&c->spd.this.host_addr, &laddr_buf);
- linux_audit((op == LAK_CHILD_START || op == LAK_CHILD_DESTROY) ?
+ linux_audit((op == LAK_CHILD_START || op == LAK_CHILD_DESTROY || op == LAK_CHILD_FAIL) ?
AUDIT_CRYPTO_IPSEC_SA : AUDIT_CRYPTO_IKE_SA,
- audit_str, raddr, AUDIT_RESULT_OK);
+ audit_str, laddr,
+ (op == LAK_PARENT_FAIL || op == LAK_CHILD_FAIL) ? AUDIT_RESULT_FAIL : AUDIT_RESULT_OK);
}
#if __GNUC__ >= 7
#pragma GCC diagnostic pop
diff -Naur libreswan-3.29-orig/programs/pluto/log.h libreswan-3.29/programs/pluto/log.h
--- libreswan-3.29-orig/programs/pluto/log.h 2019-06-10 10:22:04.000000000 -0400
+++ libreswan-3.29/programs/pluto/log.h 2019-06-27 13:23:53.791080125 -0400
@@ -174,7 +174,9 @@
LAK_PARENT_START,
LAK_CHILD_START,
LAK_PARENT_DESTROY,
- LAK_CHILD_DESTROY
+ LAK_CHILD_DESTROY,
+ LAK_PARENT_FAIL,
+ LAK_CHILD_FAIL
};
extern void linux_audit_init(void);
extern void linux_audit(const int type, const char *message,
diff -Naur libreswan-3.29-orig/programs/pluto/retry.c libreswan-3.29/programs/pluto/retry.c
--- libreswan-3.29-orig/programs/pluto/retry.c 2019-06-10 10:22:04.000000000 -0400
+++ libreswan-3.29/programs/pluto/retry.c 2019-06-27 13:25:27.536367032 -0400
@@ -123,6 +123,10 @@
set_cur_state(st); /* ipsecdoi_replace would reset cur_state, set it again */
pstat_sa_failed(st, REASON_TOO_MANY_RETRANSMITS);
+
+ /* placed here because IKEv1 doesn't do a proper state change to STF_FAIL/STF_FATAL */
+ linux_audit_conn(st, IS_IKE_SA(st) ? LAK_PARENT_FAIL : LAK_CHILD_FAIL);
+
delete_state(st);
/* note: no md->st to clear */
}
diff -Naur libreswan-3.29-orig/programs/pluto/state.c libreswan-3.29/programs/pluto/state.c
--- libreswan-3.29-orig/programs/pluto/state.c 2019-06-10 10:22:04.000000000 -0400
+++ libreswan-3.29/programs/pluto/state.c 2019-06-27 13:23:53.792080138 -0400
@@ -875,6 +875,16 @@
#ifdef USE_LINUX_AUDIT
/*
+ * IKEv2 IKE failures are logged in the state transition conpletion.
+ * IKEv1 IKE failures do not go through a transition, so we catch
+ * these in delete_state()
+ */
+ if (IS_IKE_SA(st) && st->st_ike_version == IKEv1 &&
+ !IS_IKE_SA_ESTABLISHED(st)) {
+ linux_audit_conn(st, LAK_PARENT_FAIL);
+ }
+
+ /*
* only log parent state deletes, we log children in
* ipsec_delete_sa()
*/

File diff suppressed because it is too large Load Diff

469
SPECS/libreswan.spec Normal file
View File

@ -0,0 +1,469 @@
%global _hardened_build 1
# These are rpm macros and are 0 or 1
%global with_efence 0
%global with_development 0
%global with_cavstests 1
# Libreswan config options
%global libreswan_config \\\
FINALLIBEXECDIR=%{_libexecdir}/ipsec \\\
FINALMANDIR=%{_mandir} \\\
FIPSPRODUCTCHECK=%{_sysconfdir}/system-fips \\\
INC_RCDEFAULT=%{_initrddir} \\\
INC_USRLOCAL=%{_prefix} \\\
INITSYSTEM=systemd \\\
NSS_HAS_IPSEC_PROFILE=true \\\
USE_DNSSEC=true \\\
USE_FIPSCHECK=true \\\
USE_LABELED_IPSEC=true \\\
USE_LDAP=true \\\
USE_LIBCAP_NG=true \\\
USE_LIBCURL=true \\\
USE_LINUX_AUDIT=true \\\
USE_NM=true \\\
USE_SECCOMP=true \\\
USE_XAUTHPAM=true \\\
USE_KLIPS=false \\\
USE_NSS_PRF=true \\\
USE_PRF_AES_XCBC=true \\\
%{nil}
#global prever rc1
Name: libreswan
Summary: IPsec implementation with IKEv1 and IKEv2 keying protocols
# version is generated in the release script
Version: 3.29
Release: %{?prever:0.}6%{?prever:.%{prever}}%{?dist}
License: GPLv2
Url: https://libreswan.org/
Source0: https://download.libreswan.org/%{?prever:with_development/}%{name}-%{version}%{?prever}.tar.gz
%if 0%{with_cavstests}
Source1: https://download.libreswan.org/cavs/ikev1_dsa.fax.bz2
Source2: https://download.libreswan.org/cavs/ikev1_psk.fax.bz2
Source3: https://download.libreswan.org/cavs/ikev2.fax.bz2
%endif
Patch1: libreswan-3.28-maintain-different-v1v2-split.patch
Patch2: libreswan-3.29-CVE-2019-10155-testing.patch
Patch3: libreswan-3.29-1723957-audit.patch
Patch4: libreswan-3.25-1724200-halfopen-shunt.patch
Patch5: libreswan-3.29-1699318-show.patch
Patch6: libreswan-3.29-1714331-nss-kdf.patch
Group: System Environment/Daemons
BuildRequires: bison flex pkgconfig
BuildRequires: systemd systemd-units systemd-devel
Requires(post): coreutils bash systemd
Requires(preun): systemd
Requires(postun): systemd
BuildRequires: pkgconfig hostname
# minimum version for support for rhbz#1651314
BuildRequires: nss-tools nss-devel >= 3.44.0-8
Requires: nss >= 3.44.0-8
BuildRequires: nspr-devel
BuildRequires: pam-devel
BuildRequires: libevent-devel
BuildRequires: unbound-devel >= 1.6.0-6 ldns-devel
BuildRequires: libseccomp-devel
BuildRequires: libselinux-devel
BuildRequires: fipscheck-devel
Requires: fipscheck%{_isa}
Buildrequires: audit-libs-devel
BuildRequires: libcap-ng-devel
BuildRequires: openldap-devel curl-devel
%if 0%{with_efence}
BuildRequires: ElectricFence
%endif
BuildRequires: xmlto
Requires: nss-tools, nss-softokn
Requires: iproute >= 2.6.8
Requires: unbound-libs >= 1.6.6
%description
Libreswan is a free implementation of IKE/IPsec for Linux. IPsec is
the Internet Protocol Security and uses strong cryptography to provide
both authentication and encryption services. These services allow you
to build secure tunnels through untrusted networks. Everything passing
through the untrusted net is encrypted by the ipsec gateway machine and
decrypted by the gateway at the other end of the tunnel. The resulting
tunnel is a virtual private network or VPN.
This package contains the daemons and userland tools for setting up
Libreswan.
Libreswan also supports IKEv2 (RFC7296) and Secure Labeling
Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04
%prep
%setup -q -n libreswan-%{version}%{?prever}
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
pathfix.py -i %{__python3} -pn programs/verify/verify.in programs/show/show.in \
testing/cert_verify/usage_test testing/pluto/ikev1-01-fuzzer/cve-2015-3204.py \
testing/pluto/ikev2-15-fuzzer/send_bad_packets.py testing/x509/dist_certs.py \
programs/_unbound-hook/_unbound-hook.in
# replace unsupported KLIPS README
echo "KLIPS is not supported with RHEL8" > README.KLIPS
# linking to freebl is not needed
sed -i "s/-lfreebl //" mk/config.mk
# enable crypto-policies support
sed -i "s:#[ ]*include \(.*\)\(/crypto-policies/back-ends/libreswan.config\)$:include \1\2:" programs/configs/ipsec.conf.in
%build
%if 0%{with_efence}
%global efence "-lefence"
%endif
#796683: -fno-strict-aliasing
make %{?_smp_mflags} \
%if 0%{with_development}
USERCOMPILE="-g -DGCC_LINT %(echo %{optflags} | sed -e s/-O[0-9]*/ /) %{?efence} -fPIE -pie -fno-strict-aliasing -Wformat-nonliteral -Wformat-security" \
%else
USERCOMPILE="-g -DGCC_LINT %{optflags} %{?efence} -fPIE -pie -fno-strict-aliasing -Wformat-nonliteral -Wformat-security" \
%endif
USERLINK="-g -pie -Wl,-z,relro,-z,now %{?efence}" \
%{libreswan_config} \
programs
FS=$(pwd)
# Add generation of HMAC checksums of the final stripped binaries
%define __spec_install_post \
%{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \
%{__os_install_post} \
fipshmac -d %{buildroot}%{_libdir}/fipscheck %{buildroot}%{_libexecdir}/ipsec/pluto \
%{nil}
%install
make \
DESTDIR=%{buildroot} \
%{libreswan_config} \
install
FS=$(pwd)
rm -rf %{buildroot}/usr/share/doc/libreswan
install -d -m 0755 %{buildroot}%{_rundir}/pluto
# used when setting --perpeerlog without --perpeerlogbase
install -d -m 0700 %{buildroot}%{_localstatedir}/log/pluto/peer
install -d %{buildroot}%{_sbindir}
install -d %{buildroot}%{_sysconfdir}/sysctl.d
install -m 0644 packaging/fedora/libreswan-sysctl.conf \
%{buildroot}%{_sysconfdir}/sysctl.d/50-libreswan.conf
mkdir -p %{buildroot}%{_libdir}/fipscheck
echo "include %{_sysconfdir}/ipsec.d/*.secrets" \
> %{buildroot}%{_sysconfdir}/ipsec.secrets
rm -fr %{buildroot}%{_sysconfdir}/rc.d/rc*
# remove testing binaries
rm -fr %{buildroot}%{_libexecdir}/ipsec/*check
%if 0%{with_cavstests}
%check
# There is an elaborate upstream testing infrastructure which we do not
# run here - it takes hours and uses kvm
# We only run the CAVS tests.
cp %{SOURCE1} %{SOURCE2} %{SOURCE3} .
bunzip2 *.fax.bz2
: starting CAVS test for IKEv2
%{buildroot}%{_libexecdir}/ipsec/cavp -v2 ikev2.fax | \
diff -u ikev2.fax - > /dev/null
: starting CAVS test for IKEv1 RSASIG
%{buildroot}%{_libexecdir}/ipsec/cavp -v1dsa ikev1_dsa.fax | \
diff -u ikev1_dsa.fax - > /dev/null
: starting CAVS test for IKEv1 PSK
%{buildroot}%{_libexecdir}/ipsec/cavp -v1psk ikev1_psk.fax | \
diff -u ikev1_psk.fax - > /dev/null
: CAVS tests passed
# Some of these tests will show ERROR for negative testing - it will exit on real errors
%{buildroot}%{_libexecdir}/ipsec/algparse -tp || { echo prooposal test failed; exit 1; }
%{buildroot}%{_libexecdir}/ipsec/algparse -ta || { echo algorithm test failed; exit 1; }
: Algorithm parser tests passed
# self test for pluto daemon - this also shows which algorithms it allows in FIPS mode
tmpdir=$(mktemp -d /tmp/libreswan-XXXXX)
certutil -N -d sql:$tmpdir --empty-password
%{buildroot}%{_libexecdir}/ipsec/pluto --selftest --nssdir $tmpdir --rundir $tmpdir
: pluto self-test passed - verify FIPS algorithms allowed is still compliant with NIST
%endif
%post
%systemd_post ipsec.service
%preun
%systemd_preun ipsec.service
%postun
%systemd_postun_with_restart ipsec.service
%files
%doc CHANGES COPYING CREDITS README* LICENSE
%doc docs/*.* docs/examples
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.conf
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ipsec.secrets
%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d
%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d/policies
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.d/policies/*
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysctl.d/50-libreswan.conf
%attr(0700,root,root) %dir %{_localstatedir}/log/pluto
%attr(0700,root,root) %dir %{_localstatedir}/log/pluto/peer
%attr(0755,root,root) %dir %{_rundir}/pluto
%attr(0644,root,root) %{_tmpfilesdir}/libreswan.conf
%attr(0644,root,root) %{_unitdir}/ipsec.service
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/pluto
%{_sbindir}/ipsec
%{_libexecdir}/ipsec
%attr(0644,root,root) %doc %{_mandir}/*/*
%{_libdir}/fipscheck/pluto.hmac
%changelog
* Tue Aug 13 2019 Paul Wouters <pwouters@redhat.com> - 3.29-6
- Resolves: rhbz#1714331 support NSS based IKE KDF's [require updated nss for rhbz 1738689, memleak fix]
* Thu Aug 08 2019 Paul Wouters <pwouters@redhat.com> - 3.29-5
- Resolves: rhbz#1714331 support NSS based IKE KDF's so libreswan does not need FIPS certification
* Thu Aug 01 2019 Paul Wouters <pwouters@redhat.com> - 3.29-4
- Resolves: rhbz#1699318 'ipsec show' has python3 invalid syntax
* Thu Jul 04 2019 Paul Wouters <pwouters@redhat.com> - 3.29-3
- Resolves: rhbz#1725205 XFRM policy for OE/32 peer is deleted when shunts for previous half-open state expire
* Thu Jun 27 2019 Paul Wouters <pwouters@redhat.com> - 3.29-2
- Resolves: rhbz#1723957 libreswan is missing linux audit calls for failed IKE SAs and failed IPsec SAs required for Common Criteria
* Mon Jun 10 2019 Paul Wouters <pwouters@redhat.com> - 3.29-1
- Resolves: rhbz#1712555 libreswan rebase to 3.29
* Tue May 28 2019 Paul Wouters <pwouters@redhat.com> - 3.28-2
- Resolves: rhbz#1713734: barf: shell syntax error in barf diagnostic tool
* Tue May 21 2019 Paul Wouters <pwouters@redhat.com> - 3.28-1
- Resolves: rhbz#1712555 libreswan rebase to 3.28
- Resolves: rhbz#1683706 Libreswan shows incorrect error messages
- Resolves: rhbz#1706180 Remove last usage of old (unused) PF_KEY API
- Resolves: rhbz#1677045 Opportunistic IPsec instances of /32 groups or auto=start that receive delete won't restart
- Resolves: rhbz#1686990 IKEv1 traffic interruption when responder deletes SAs 60 seconds before EVENT_SA_REPLACE
- Resolves: rhbz#1608353 /usr/sbin/ipsec part of the libreswan packages still invokes commands that were deprecated a decade ago
- Resolves: rhbz#1699318 'ipsec show' has python3 invalid syntax
- Resolves: rhbz#1679394 libreswan using NSS IPsec profiles regresses when critical flags are set causing validation failure
* Thu Feb 21 2019 Paul Wouters <pwouters@redhat.com> - 3.27-9
- Resolves: rhbz#1648776 limit connections to be ikev1only or ikev2only and make ikev2only the default [man page update]
* Fri Feb 15 2019 Paul Wouters <pwouters@redhat.com> - 3.27-8
- Resolves: rhbz#1664101 system wide crypto policies causing IKE_INIT packet fragmentation
* Tue Feb 05 2019 Paul Wouters <pwouters@redhat.com> - 3.27-7
- Resolves: rhbz#1671793 proessing ISAKMP_NEXT_D with additional payloads causes dangling pointer to deleted state
* Fri Feb 01 2019 Paul Wouters <pwouters@redhat.com> - 3.27-6
- Resolves: rhbz#1668342 SELinux prevents libreswan from using some outbound ports causing DNS resolution failures at connection at load time
* Thu Jan 10 2019 Paul Wouters <pwouters@redhat.com> - 3.27-5
- Resolves: rhbz#1664522 libreswan 3.25 in FIPS mode is incorrectly rejecting X.509 public keys that are >= 3072 bits
* Mon Dec 10 2018 Paul Wouters <pwouters@redhat.com> - 3.27-4
- Resolves: rhbz#1657846 libreswan no longer needs to provide openswan in rhel8
- Resolves: rhbz#1643388 libreswan: Unable to verify certificate with non-empty Extended Key Usage which does not include serverAuth or clientAuth
- Resolves: rhbz#1657854 remove userland support for deprecated KLIPS IPsec stack support
* Sun Dec 09 2018 Paul Wouters <pwouters@redhat.com> - 3.27-3
- Resolves: rhbz#1648776 limit connections to be ikev1only or ikev2only and make ikev2only the default
* Thu Nov 08 2018 Paul Wouters <pwouters@redhat.com> - 3.27-2
- Resolves: rhbz#1645137 Libreswan segfaults when it loads configuration file with more then 5 connections
* Mon Oct 08 2018 Paul Wouters <pwouters@redhat.com> - 3.27-1
- Resolves: rhbz#1566574 Rebase to libreswan 3.27
* Mon Sep 17 2018 Paul Wouters <pwouters@redhat.com> - 3.26-1
- Resolves: rhbz#1566574 Rebase to libreswan 3.26
- Resolves: rhbz#1527037 libreswan IPSEC implementation: should follow the policies of system-wide crypto policy
- Resolves: rhbz#1375779 [IKEv2 Conformance] Test IKEv2.EN.R.1.1.6.7: Sending INVALID_KE_PAYLOAD failed
- Resolves: rhbz#1085758 [TAHI][IKEv2] IKEv2.EN.I.1.2.1.1: Can't observe CREATE_CHILD_SA request for rekey
- Resolves: rhbz#1053048 [TAHI][IKEv2] IKEv2.EN.I.1.2.4.1-7: libreswan doesn't sent CREATE_CHILD_SA after IKE_SA Lifetime timeout
* Mon Aug 13 2018 Paul Wouters <pwouters@redhat.com> - 3.25-4
- Resolves: rhbz#1590823 libreswan: Use Python 3 in RHEL 8
* Wed Aug 01 2018 Charalampos Stratakis <cstratak@redhat.com> - 3.25-3.1
- Rebuild for platform-python
* Mon Jul 09 2018 Paul Wouters <pwouters@redhat.com> - 3.25-3
- Cleanup shebangs for python3
- Use the same options via macro for make programs and make install
- Remove old ifdefs
- Sync up patches to new upstream version
- Add Requires: for unbound-libs >= 1.6.6
- Enable crypto-policies support
- Make rundir world readable for easier permission granting for socket
* Tue Jun 26 2018 Charalampos Stratakis <cstratak@redhat.com> - 3.23-2.2
- Make python shebangs point to python3
* Fri Jun 22 2018 Troy Dawson <tdawson@redhat.com> - 3.23-2.1
- Fix python shebangs (#1580773)
* Mon Feb 19 2018 Paul Wouters <pwouters@redhat.com> - 3.23-2
- Support crypto-policies package
- Pull in some patches from upstream and IANA registry updates
- gcc7 format-truncate fixes and workarounds
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.23-1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Jan 25 2018 Paul Wouters <pwouters@redhat.com> - 3.23-1
- Updated to 3.23 - support for MOBIKE, PPK, CMAC, nic offload and performance improvements
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 3.22-1.1
- Rebuilt for switch to libxcrypt
* Mon Oct 23 2017 Paul Wouters <pwouters@redhat.com> - 3.22-1
- Updated to 3.22 - many bugfixes, and unbound ipsecmod support
* Wed Aug 9 2017 Paul Wouters <pwouters@redhat.com> - 3.21-1
- Updated to 3.21
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.20-1.2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.20-1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Tue Mar 14 2017 Paul Wouters <pwouters@redhat.com> - 3.20-1
- Updated to 3.20
* Fri Mar 03 2017 Paul Wouters <pwouters@redhat.com> - 3.20-0.1.dr4
- Update to 3.20dr4 to test mozbz#1336487 export CERT_CompareAVA
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.19-1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Fri Feb 03 2017 Paul Wouters <pwouters@redhat.com> - 3.19-2
- Resolves: rhbz#1392191 libreswan: crash when OSX client connects
- Improved uniqueid and session replacing support
- Test Buffer warning fix on size_t
- Re-introduce --configdir for backwards compatibility
* Sun Jan 15 2017 Paul Wouters <pwouters@redhat.com> - 3.19-1
- Updated to 3.19 (see download.libreswan.org/CHANGES)
* Mon Dec 19 2016 Miro Hrončok <mhroncok@redhat.com> - 3.18-1.1
- Rebuild for Python 3.6
* Fri Jul 29 2016 Paul Wouters <pwouters@redhat.com> - 3.18-1
- Updated to 3.18 for CVE-2016-5391 rhbz#1361164 and VTI support
- Remove support for /etc/sysconfig/pluto (use native systemd instead)
* Thu May 05 2016 Paul Wouters <pwouters@redhat.com> - 3.17-2
- Resolves: rhbz#1324956 prelink is gone, /etc/prelink.conf.d/* is no longer used
* Thu Apr 07 2016 Paul Wouters <pwouters@redhat.com> - 3.17-1
- Updated to 3.17 for CVE-2016-3071
- Disable LIBCAP_NG as it prevents unbound-control from working properly
- Temporarilly disable WERROR due to a few minor known issues
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 3.16-1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Fri Dec 18 2015 Paul Wouters <pwouters@redhat.com> - 3.16-1
- Updated to 3.16 (see https://download.libreswan.org/CHANGES)
* Tue Aug 11 2015 Paul Wouters <pwouters@redhat.com> - 3.15-1
- Updated to 3.15 (see http://download.libreswan.org/CHANGES)
- Resolves: rhbz#CVE-2015-3240 IKE daemon restart when receiving a bad DH gx
- NSS database creation moved from spec file to service file
- Run CAVS tests on package build
- Added BuildRequire systemd-units and xmlto
- Bumped minimum required nss to 3.16.1
- Install tmpfiles
- Install sysctl file
- Update doc files to include
* Mon Jul 13 2015 Paul Wouters <pwouters@redhat.com> - 3.13-2
- Resolves: rhbz#1238967 Switch libreswan to use python3
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.13-1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Mon Jun 01 2015 Paul Wouters <pwouters@redhat.com> - 3.13-1
- Updated to 3.13 for CVE-2015-3204
* Fri Nov 07 2014 Paul Wouters <pwouters@redhat.com> - 3.12-1
- Updated to 3.12 Various IKEv2 fixes
* Wed Oct 22 2014 Paul Wouters <pwouters@redhat.com> - 3.11-1
- Updated to 3.11 (many fixes, including startup fixes)
- Resolves: rhbz#1144941 libreswan 3.10 upgrade breaks old ipsec.secrets configs
- Resolves: rhbz#1147072 ikev1 aggr mode connection fails after libreswan upgrade
- Resolves: rhbz#1144831 Libreswan appears to start with systemd before all the NICs are up and running
* Tue Sep 09 2014 Paul Wouters <pwouters@redhat.com> - 3.10-3
- Fix some coverity issues, auto=route on bootup and snprintf on 32bit machines
* Mon Sep 01 2014 Paul Wouters <pwouters@redhat.com> - 3.10-1
- Updated to 3.10, major bugfix release, new xauth status options
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.9-1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Thu Jul 10 2014 Paul Wouters <pwouters@redhat.com> - 3.9-1
- Updated to 3.9. IKEv2 enhancements, ESP/IKE algo enhancements
- Mark libreswan-fips.conf as config file
- attr modifier for man pages no longer needed
- BUGS file no longer exists upstream
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.8-1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sat Jan 18 2014 Paul Wouters <pwouters@redhat.com> - 3.8-1
- Updated to 3.8, fixes rhbz#CVE-2013-6467 (rhbz#1054102)
* Wed Dec 11 2013 Paul Wouters <pwouters@redhat.com> - 3.7-1
- Updated to 3.7, fixes CVE-2013-4564
- Fixes creating a bogus NSS db on startup (rhbz#1005410)
* Thu Oct 31 2013 Paul Wouters <pwouters@redhat.com> - 3.6-1
- Updated to 3.6 (IKEv2, MODECFG, Cisco interop fixes)
- Generate empty NSS db if none exists
* Mon Aug 19 2013 Paul Wouters <pwouters@redhat.com> - 3.5-3
- Add a Provides: for openswan-doc
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.5-1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Mon Jul 15 2013 Paul Wouters <pwouters@redhat.com> - 3.5-2
- Added interop patch for (some?) Cisco VPN clients sending 16 zero
bytes of extraneous IKE data
- Removed fipscheck_version
* Sat Jul 13 2013 Paul Wouters <pwouters@redhat.com> - 3.5-1
- Updated to 3.5
* Thu Jun 06 2013 Paul Wouters <pwouters@redhat.com> - 3.4-1
- Updated to 3.4, which only contains style changes to kernel coding style
- IN MEMORIAM: June 3rd, 2013 Hugh Daniel
* Mon May 13 2013 Paul Wouters <pwouters@redhat.com> - 3.3-1
- Updated to 3.3, which resolves CVE-2013-2052
* Sat Apr 13 2013 Paul Wouters <pwouters@redhat.com> - 3.2-1
- Initial package for Fedora