strongswan/strongswan_fipsfilter.patch

284 lines
9.0 KiB
Diff
Raw Normal View History

- Updated to strongSwan 5.2.2 providing the following changes: Changes in version 5.2.2: * Fixed a denial-of-service vulnerability triggered by an IKEv2 Key Exchange payload that contains the Diffie-Hellman group 1025. This identifier was used internally for DH groups with custom generator and prime. Because these arguments are missing when creating DH objects based on the KE payload an invalid pointer dereference occurred. This allowed an attacker to crash the IKE daemon with a single IKE_SA_INIT message containing such a KE payload. The vulnerability has been registered as CVE-2014-9221. * The left/rightid options in ipsec.conf, or any other identity in strongSwan, now accept prefixes to enforce an explicit type, such as email: or fqdn:. Note that no conversion is done for the remaining string, refer to ipsec.conf(5) for details. * The post-quantum Bimodal Lattice Signature Scheme (BLISS) can be used as an IKEv2 public key authentication method. The pki tool offers full support for the generation of BLISS key pairs and certificates. * Fixed mapping of integrity algorithms negotiated for AH via IKEv1. This could cause interoperability issues when connecting to older versions of charon. Changes in version 5.2.1: * The new charon-systemd IKE daemon implements an IKE daemon tailored for use with systemd. It avoids the dependency on ipsec starter and uses swanctl as configuration backend, building a simple and lightweight solution. It supports native systemd journal logging. * Support for IKEv2 fragmentation as per RFC 7383 has been added. Like IKEv1 fragmentation it can be enabled by setting fragmentation=yes in ipsec.conf. * Support of the TCG TNC IF-M Attribute Segmentation specification proposal. All attributes can be segmented. Additionally TCG/SWID Tag, TCG/SWID Tag ID and IETF/Installed Packages attributes can be processed incrementally on a per segment basis. OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=85
2015-01-05 15:41:37 +01:00
From 8f3f1bd6907df8221a93c849ed4b43474444e13b Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski <mt@suse.de>
- Updated to strongSwan 5.2.2 providing the following changes: Changes in version 5.2.2: * Fixed a denial-of-service vulnerability triggered by an IKEv2 Key Exchange payload that contains the Diffie-Hellman group 1025. This identifier was used internally for DH groups with custom generator and prime. Because these arguments are missing when creating DH objects based on the KE payload an invalid pointer dereference occurred. This allowed an attacker to crash the IKE daemon with a single IKE_SA_INIT message containing such a KE payload. The vulnerability has been registered as CVE-2014-9221. * The left/rightid options in ipsec.conf, or any other identity in strongSwan, now accept prefixes to enforce an explicit type, such as email: or fqdn:. Note that no conversion is done for the remaining string, refer to ipsec.conf(5) for details. * The post-quantum Bimodal Lattice Signature Scheme (BLISS) can be used as an IKEv2 public key authentication method. The pki tool offers full support for the generation of BLISS key pairs and certificates. * Fixed mapping of integrity algorithms negotiated for AH via IKEv1. This could cause interoperability issues when connecting to older versions of charon. Changes in version 5.2.1: * The new charon-systemd IKE daemon implements an IKE daemon tailored for use with systemd. It avoids the dependency on ipsec starter and uses swanctl as configuration backend, building a simple and lightweight solution. It supports native systemd journal logging. * Support for IKEv2 fragmentation as per RFC 7383 has been added. Like IKEv1 fragmentation it can be enabled by setting fragmentation=yes in ipsec.conf. * Support of the TCG TNC IF-M Attribute Segmentation specification proposal. All attributes can be segmented. Additionally TCG/SWID Tag, TCG/SWID Tag ID and IETF/Installed Packages attributes can be processed incrementally on a per segment basis. OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=85
2015-01-05 15:41:37 +01:00
Date: Mon, 5 Jan 2015 14:57:39 +0100
Subject: [PATCH] strongswan: filter algorithms for fips mode
References: fate#316931,bnc#856322
Accepting request 513652 from home:ndas:branches:network:vpn - Updated to strongSwan 5.3.5 providing the following changes: *Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation when verifying RSA signatures. More specifically, mpz_powm_sec() has two requirements regarding the passed exponent and modulus that the plugin did not enforce, if these are not met the calculation will result in a floating point exception that crashes the whole process. This vulnerability has been registered as CVE-2017-9022. Please refer to our blog for details. *Fixed a DoS vulnerability in the x509 plugin that was caused because the ASN.1 parser didn't handle ASN.1 CHOICE types properly, which could result in an infinite loop when parsing X.509 extensions that use such types. This vulnerability has been registered as CVE-2017-9023. Please refer to our blog for details. *The behavior during IKEv2 CHILD_SA rekeying has been changed in order to avoid traffic loss. When responding to a CREATE_CHILD_SA request to rekey a CHILD_SA the responder already has everything available to install and use the new CHILD_SA. However, this could lead to lost traffic as the initiator won't be able to process inbound packets until it processed the CREATE_CHILD_SA response and updated the inbound SA. To avoid this the responder now only installs the new inbound SA and delays installing the outbound SA until it receives the DELETE for the replaced CHILD_SA. *The messages transporting these DELETEs could reach the peer before packets sent with the deleted outbound SAs reach it. To reduce the chance of traffic loss due to this the inbound SA of the replaced CHILD_SA is not removed for a configurable amount of seconds (charon.delete_rekeyed_delay) after the DELETE has been processed. *The code base has been ported to Apple's ARM64 iOS platform, which required several changes regarding the use of variadic functions. This was necessary because the calling conventions for variadic and regular functions are different there. This means that assigning a non-variadic function to a variadic function pointer, as we did with our enumerator_t::enumerate() implementations and several callbacks, will result in crashes as the called function accesses the arguments differently than the OBS-URL: https://build.opensuse.org/request/show/513652 OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=99
2017-08-01 09:21:05 +02:00
From 818cd5f1b6455237a82f385b60a2513cdd9c5eef Mon Sep 17 00:00:00 2001
From: Nirmoy Das <ndas@suse.de>
Date: Mon, 17 Jul 2017 15:15:14 +0200
Subject: [PATCH] strongswan_fipsfilter
---
src/libcharon/config/proposal.c | 184 +++++++++++++++++++++++++++++++++++-----
1 file changed, 165 insertions(+), 19 deletions(-)
diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c
Accepting request 513652 from home:ndas:branches:network:vpn - Updated to strongSwan 5.3.5 providing the following changes: *Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation when verifying RSA signatures. More specifically, mpz_powm_sec() has two requirements regarding the passed exponent and modulus that the plugin did not enforce, if these are not met the calculation will result in a floating point exception that crashes the whole process. This vulnerability has been registered as CVE-2017-9022. Please refer to our blog for details. *Fixed a DoS vulnerability in the x509 plugin that was caused because the ASN.1 parser didn't handle ASN.1 CHOICE types properly, which could result in an infinite loop when parsing X.509 extensions that use such types. This vulnerability has been registered as CVE-2017-9023. Please refer to our blog for details. *The behavior during IKEv2 CHILD_SA rekeying has been changed in order to avoid traffic loss. When responding to a CREATE_CHILD_SA request to rekey a CHILD_SA the responder already has everything available to install and use the new CHILD_SA. However, this could lead to lost traffic as the initiator won't be able to process inbound packets until it processed the CREATE_CHILD_SA response and updated the inbound SA. To avoid this the responder now only installs the new inbound SA and delays installing the outbound SA until it receives the DELETE for the replaced CHILD_SA. *The messages transporting these DELETEs could reach the peer before packets sent with the deleted outbound SAs reach it. To reduce the chance of traffic loss due to this the inbound SA of the replaced CHILD_SA is not removed for a configurable amount of seconds (charon.delete_rekeyed_delay) after the DELETE has been processed. *The code base has been ported to Apple's ARM64 iOS platform, which required several changes regarding the use of variadic functions. This was necessary because the calling conventions for variadic and regular functions are different there. This means that assigning a non-variadic function to a variadic function pointer, as we did with our enumerator_t::enumerate() implementations and several callbacks, will result in crashes as the called function accesses the arguments differently than the OBS-URL: https://build.opensuse.org/request/show/513652 OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=99
2017-08-01 09:21:05 +02:00
index 6c71f78..0640140 100644
--- a/src/libcharon/config/proposal.c
+++ b/src/libcharon/config/proposal.c
Accepting request 513652 from home:ndas:branches:network:vpn - Updated to strongSwan 5.3.5 providing the following changes: *Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation when verifying RSA signatures. More specifically, mpz_powm_sec() has two requirements regarding the passed exponent and modulus that the plugin did not enforce, if these are not met the calculation will result in a floating point exception that crashes the whole process. This vulnerability has been registered as CVE-2017-9022. Please refer to our blog for details. *Fixed a DoS vulnerability in the x509 plugin that was caused because the ASN.1 parser didn't handle ASN.1 CHOICE types properly, which could result in an infinite loop when parsing X.509 extensions that use such types. This vulnerability has been registered as CVE-2017-9023. Please refer to our blog for details. *The behavior during IKEv2 CHILD_SA rekeying has been changed in order to avoid traffic loss. When responding to a CREATE_CHILD_SA request to rekey a CHILD_SA the responder already has everything available to install and use the new CHILD_SA. However, this could lead to lost traffic as the initiator won't be able to process inbound packets until it processed the CREATE_CHILD_SA response and updated the inbound SA. To avoid this the responder now only installs the new inbound SA and delays installing the outbound SA until it receives the DELETE for the replaced CHILD_SA. *The messages transporting these DELETEs could reach the peer before packets sent with the deleted outbound SAs reach it. To reduce the chance of traffic loss due to this the inbound SA of the replaced CHILD_SA is not removed for a configurable amount of seconds (charon.delete_rekeyed_delay) after the DELETE has been processed. *The code base has been ported to Apple's ARM64 iOS platform, which required several changes regarding the use of variadic functions. This was necessary because the calling conventions for variadic and regular functions are different there. This means that assigning a non-variadic function to a variadic function pointer, as we did with our enumerator_t::enumerate() implementations and several callbacks, will result in crashes as the called function accesses the arguments differently than the OBS-URL: https://build.opensuse.org/request/show/513652 OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=99
2017-08-01 09:21:05 +02:00
@@ -27,6 +27,11 @@
#include <crypto/prfs/prf.h>
#include <crypto/crypters/crypter.h>
#include <crypto/signers/signer.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <errno.h>
ENUM(protocol_id_names, PROTO_NONE, PROTO_IPCOMP,
"PROTO_NONE",
Accepting request 513652 from home:ndas:branches:network:vpn - Updated to strongSwan 5.3.5 providing the following changes: *Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation when verifying RSA signatures. More specifically, mpz_powm_sec() has two requirements regarding the passed exponent and modulus that the plugin did not enforce, if these are not met the calculation will result in a floating point exception that crashes the whole process. This vulnerability has been registered as CVE-2017-9022. Please refer to our blog for details. *Fixed a DoS vulnerability in the x509 plugin that was caused because the ASN.1 parser didn't handle ASN.1 CHOICE types properly, which could result in an infinite loop when parsing X.509 extensions that use such types. This vulnerability has been registered as CVE-2017-9023. Please refer to our blog for details. *The behavior during IKEv2 CHILD_SA rekeying has been changed in order to avoid traffic loss. When responding to a CREATE_CHILD_SA request to rekey a CHILD_SA the responder already has everything available to install and use the new CHILD_SA. However, this could lead to lost traffic as the initiator won't be able to process inbound packets until it processed the CREATE_CHILD_SA response and updated the inbound SA. To avoid this the responder now only installs the new inbound SA and delays installing the outbound SA until it receives the DELETE for the replaced CHILD_SA. *The messages transporting these DELETEs could reach the peer before packets sent with the deleted outbound SAs reach it. To reduce the chance of traffic loss due to this the inbound SA of the replaced CHILD_SA is not removed for a configurable amount of seconds (charon.delete_rekeyed_delay) after the DELETE has been processed. *The code base has been ported to Apple's ARM64 iOS platform, which required several changes regarding the use of variadic functions. This was necessary because the calling conventions for variadic and regular functions are different there. This means that assigning a non-variadic function to a variadic function pointer, as we did with our enumerator_t::enumerate() implementations and several callbacks, will result in crashes as the called function accesses the arguments differently than the OBS-URL: https://build.opensuse.org/request/show/513652 OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=99
2017-08-01 09:21:05 +02:00
@@ -190,6 +195,122 @@ METHOD(proposal_t, strip_dh, void,
enumerator->destroy(enumerator);
}
+static bool kernel_fips_enabled(void)
+{
+ char buf[1] = { '\0' };
+ int fd;
+
+ fd = open("/proc/sys/crypto/fips_enabled", O_RDONLY);
+ if (fd >= 0) {
+ while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR);
+ close(fd);
+ }
+ return buf[0] == '1';
+}
+
+static bool fips_enabled(void)
+{
+ static int enabled = -1;
+ if (enabled == -1)
+ enabled = kernel_fips_enabled();
+ return enabled;
+}
+
+static bool fips_filter(protocol_id_t protocol, transform_type_t type, u_int16_t alg)
+{
+ switch (protocol)
+ {
+ case PROTO_IKE:
+ case PROTO_ESP:
+ case PROTO_AH:
+ break;
+ default:
+ /* not applicable protocol */
+ return TRUE;
+ }
+
+ switch (type)
+ {
+ case ENCRYPTION_ALGORITHM:
+ switch (alg)
+ {
+ /* crypter */
+ case ENCR_3DES:
+ case ENCR_AES_CBC:
+ case ENCR_AES_CTR:
+ /* aead */
+ case ENCR_AES_GCM_ICV8:
+ case ENCR_AES_GCM_ICV12:
+ case ENCR_AES_GCM_ICV16:
+ case ENCR_AES_CCM_ICV8:
+ case ENCR_AES_CCM_ICV12:
+ case ENCR_AES_CCM_ICV16:
+ return TRUE;
+ default:
+ break;
+ }
+ break;
+ case INTEGRITY_ALGORITHM:
+ switch (alg)
+ {
+ case AUTH_HMAC_SHA1_96:
+ case AUTH_HMAC_SHA1_160:
+ case AUTH_HMAC_SHA2_256_96:
+ case AUTH_HMAC_SHA2_256_128:
+ case AUTH_HMAC_SHA2_384_192:
+ case AUTH_HMAC_SHA2_512_256:
+ case AUTH_AES_CMAC_96:
+ return TRUE;
+ default:
+ break;
+ }
+ break;
+ case PSEUDO_RANDOM_FUNCTION:
+ switch (alg)
+ {
+ case PRF_HMAC_SHA1:
+ case PRF_HMAC_SHA2_256:
+ case PRF_HMAC_SHA2_384:
+ case PRF_HMAC_SHA2_512:
+ case PRF_AES128_CMAC:
+ return TRUE;
+ default:
+ break;
+ }
+ break;
+ case DIFFIE_HELLMAN_GROUP:
+ switch (alg)
+ {
+ case MODP_2048_BIT:
+ case MODP_3072_BIT:
+ case MODP_4096_BIT:
+ case MODP_8192_BIT:
+ case MODP_2048_224:
+ case MODP_2048_256:
+ case ECP_224_BIT:
+ case ECP_256_BIT:
+ case ECP_384_BIT:
+ case ECP_521_BIT:
+ return TRUE;
+ default:
+ break;
+ }
+ break;
+ case EXTENDED_SEQUENCE_NUMBERS:
+ switch (alg)
+ {
+ case EXT_SEQ_NUMBERS:
+ case NO_EXT_SEQ_NUMBERS:
+ return TRUE;
+ default:
+ break;
+ }
+ default:
+ break;
+ }
+ return !fips_enabled();
+}
+
/**
* Select a matching proposal from this and other, insert into selected.
*/
Accepting request 513652 from home:ndas:branches:network:vpn - Updated to strongSwan 5.3.5 providing the following changes: *Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation when verifying RSA signatures. More specifically, mpz_powm_sec() has two requirements regarding the passed exponent and modulus that the plugin did not enforce, if these are not met the calculation will result in a floating point exception that crashes the whole process. This vulnerability has been registered as CVE-2017-9022. Please refer to our blog for details. *Fixed a DoS vulnerability in the x509 plugin that was caused because the ASN.1 parser didn't handle ASN.1 CHOICE types properly, which could result in an infinite loop when parsing X.509 extensions that use such types. This vulnerability has been registered as CVE-2017-9023. Please refer to our blog for details. *The behavior during IKEv2 CHILD_SA rekeying has been changed in order to avoid traffic loss. When responding to a CREATE_CHILD_SA request to rekey a CHILD_SA the responder already has everything available to install and use the new CHILD_SA. However, this could lead to lost traffic as the initiator won't be able to process inbound packets until it processed the CREATE_CHILD_SA response and updated the inbound SA. To avoid this the responder now only installs the new inbound SA and delays installing the outbound SA until it receives the DELETE for the replaced CHILD_SA. *The messages transporting these DELETEs could reach the peer before packets sent with the deleted outbound SAs reach it. To reduce the chance of traffic loss due to this the inbound SA of the replaced CHILD_SA is not removed for a configurable amount of seconds (charon.delete_rekeyed_delay) after the DELETE has been processed. *The code base has been ported to Apple's ARM64 iOS platform, which required several changes regarding the use of variadic functions. This was necessary because the calling conventions for variadic and regular functions are different there. This means that assigning a non-variadic function to a variadic function pointer, as we did with our enumerator_t::enumerate() implementations and several callbacks, will result in crashes as the called function accesses the arguments differently than the OBS-URL: https://build.opensuse.org/request/show/513652 OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=99
2017-08-01 09:21:05 +02:00
@@ -611,6 +732,11 @@ static bool add_string_algo(private_proposal_t *this, const char *alg)
return FALSE;
}
+ if (!fips_filter(this->protocol, token->type, token->algorithm))
+ {
+ DBG1(DBG_CFG, "algorithm '%s' not permitted in fips mode", alg);
+ return FALSE;
+ }
add_algorithm(this, token->type, token->algorithm, token->keysize);
return TRUE;
Accepting request 513652 from home:ndas:branches:network:vpn - Updated to strongSwan 5.3.5 providing the following changes: *Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation when verifying RSA signatures. More specifically, mpz_powm_sec() has two requirements regarding the passed exponent and modulus that the plugin did not enforce, if these are not met the calculation will result in a floating point exception that crashes the whole process. This vulnerability has been registered as CVE-2017-9022. Please refer to our blog for details. *Fixed a DoS vulnerability in the x509 plugin that was caused because the ASN.1 parser didn't handle ASN.1 CHOICE types properly, which could result in an infinite loop when parsing X.509 extensions that use such types. This vulnerability has been registered as CVE-2017-9023. Please refer to our blog for details. *The behavior during IKEv2 CHILD_SA rekeying has been changed in order to avoid traffic loss. When responding to a CREATE_CHILD_SA request to rekey a CHILD_SA the responder already has everything available to install and use the new CHILD_SA. However, this could lead to lost traffic as the initiator won't be able to process inbound packets until it processed the CREATE_CHILD_SA response and updated the inbound SA. To avoid this the responder now only installs the new inbound SA and delays installing the outbound SA until it receives the DELETE for the replaced CHILD_SA. *The messages transporting these DELETEs could reach the peer before packets sent with the deleted outbound SAs reach it. To reduce the chance of traffic loss due to this the inbound SA of the replaced CHILD_SA is not removed for a configurable amount of seconds (charon.delete_rekeyed_delay) after the DELETE has been processed. *The code base has been ported to Apple's ARM64 iOS platform, which required several changes regarding the use of variadic functions. This was necessary because the calling conventions for variadic and regular functions are different there. This means that assigning a non-variadic function to a variadic function pointer, as we did with our enumerator_t::enumerate() implementations and several callbacks, will result in crashes as the called function accesses the arguments differently than the OBS-URL: https://build.opensuse.org/request/show/513652 OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=99
2017-08-01 09:21:05 +02:00
@@ -753,6 +879,9 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
- Updated to strongSwan 5.2.2 providing the following changes: Changes in version 5.2.2: * Fixed a denial-of-service vulnerability triggered by an IKEv2 Key Exchange payload that contains the Diffie-Hellman group 1025. This identifier was used internally for DH groups with custom generator and prime. Because these arguments are missing when creating DH objects based on the KE payload an invalid pointer dereference occurred. This allowed an attacker to crash the IKE daemon with a single IKE_SA_INIT message containing such a KE payload. The vulnerability has been registered as CVE-2014-9221. * The left/rightid options in ipsec.conf, or any other identity in strongSwan, now accept prefixes to enforce an explicit type, such as email: or fqdn:. Note that no conversion is done for the remaining string, refer to ipsec.conf(5) for details. * The post-quantum Bimodal Lattice Signature Scheme (BLISS) can be used as an IKEv2 public key authentication method. The pki tool offers full support for the generation of BLISS key pairs and certificates. * Fixed mapping of integrity algorithms negotiated for AH via IKEv1. This could cause interoperability issues when connecting to older versions of charon. Changes in version 5.2.1: * The new charon-systemd IKE daemon implements an IKE daemon tailored for use with systemd. It avoids the dependency on ipsec starter and uses swanctl as configuration backend, building a simple and lightweight solution. It supports native systemd journal logging. * Support for IKEv2 fragmentation as per RFC 7383 has been added. Like IKEv1 fragmentation it can be enabled by setting fragmentation=yes in ipsec.conf. * Support of the TCG TNC IF-M Attribute Segmentation specification proposal. All attributes can be segmented. Additionally TCG/SWID Tag, TCG/SWID Tag ID and IETF/Installed Packages attributes can be processed incrementally on a per segment basis. OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=85
2015-01-05 15:41:37 +01:00
enumerator = lib->crypto->create_aead_enumerator(lib->crypto);
while (enumerator->enumerate(enumerator, &encryption, &plugin_name))
{
- Updated to strongSwan 5.2.2 providing the following changes: Changes in version 5.2.2: * Fixed a denial-of-service vulnerability triggered by an IKEv2 Key Exchange payload that contains the Diffie-Hellman group 1025. This identifier was used internally for DH groups with custom generator and prime. Because these arguments are missing when creating DH objects based on the KE payload an invalid pointer dereference occurred. This allowed an attacker to crash the IKE daemon with a single IKE_SA_INIT message containing such a KE payload. The vulnerability has been registered as CVE-2014-9221. * The left/rightid options in ipsec.conf, or any other identity in strongSwan, now accept prefixes to enforce an explicit type, such as email: or fqdn:. Note that no conversion is done for the remaining string, refer to ipsec.conf(5) for details. * The post-quantum Bimodal Lattice Signature Scheme (BLISS) can be used as an IKEv2 public key authentication method. The pki tool offers full support for the generation of BLISS key pairs and certificates. * Fixed mapping of integrity algorithms negotiated for AH via IKEv1. This could cause interoperability issues when connecting to older versions of charon. Changes in version 5.2.1: * The new charon-systemd IKE daemon implements an IKE daemon tailored for use with systemd. It avoids the dependency on ipsec starter and uses swanctl as configuration backend, building a simple and lightweight solution. It supports native systemd journal logging. * Support for IKEv2 fragmentation as per RFC 7383 has been added. Like IKEv1 fragmentation it can be enabled by setting fragmentation=yes in ipsec.conf. * Support of the TCG TNC IF-M Attribute Segmentation specification proposal. All attributes can be segmented. Additionally TCG/SWID Tag, TCG/SWID Tag ID and IETF/Installed Packages attributes can be processed incrementally on a per segment basis. OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=85
2015-01-05 15:41:37 +01:00
+ if (!fips_filter(PROTO_IKE, ENCRYPTION_ALGORITHM, encryption))
+ continue;
+
- Updated to strongSwan 5.2.2 providing the following changes: Changes in version 5.2.2: * Fixed a denial-of-service vulnerability triggered by an IKEv2 Key Exchange payload that contains the Diffie-Hellman group 1025. This identifier was used internally for DH groups with custom generator and prime. Because these arguments are missing when creating DH objects based on the KE payload an invalid pointer dereference occurred. This allowed an attacker to crash the IKE daemon with a single IKE_SA_INIT message containing such a KE payload. The vulnerability has been registered as CVE-2014-9221. * The left/rightid options in ipsec.conf, or any other identity in strongSwan, now accept prefixes to enforce an explicit type, such as email: or fqdn:. Note that no conversion is done for the remaining string, refer to ipsec.conf(5) for details. * The post-quantum Bimodal Lattice Signature Scheme (BLISS) can be used as an IKEv2 public key authentication method. The pki tool offers full support for the generation of BLISS key pairs and certificates. * Fixed mapping of integrity algorithms negotiated for AH via IKEv1. This could cause interoperability issues when connecting to older versions of charon. Changes in version 5.2.1: * The new charon-systemd IKE daemon implements an IKE daemon tailored for use with systemd. It avoids the dependency on ipsec starter and uses swanctl as configuration backend, building a simple and lightweight solution. It supports native systemd journal logging. * Support for IKEv2 fragmentation as per RFC 7383 has been added. Like IKEv1 fragmentation it can be enabled by setting fragmentation=yes in ipsec.conf. * Support of the TCG TNC IF-M Attribute Segmentation specification proposal. All attributes can be segmented. Additionally TCG/SWID Tag, TCG/SWID Tag ID and IETF/Installed Packages attributes can be processed incrementally on a per segment basis. OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=85
2015-01-05 15:41:37 +01:00
switch (encryption)
{
Accepting request 513652 from home:ndas:branches:network:vpn - Updated to strongSwan 5.3.5 providing the following changes: *Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation when verifying RSA signatures. More specifically, mpz_powm_sec() has two requirements regarding the passed exponent and modulus that the plugin did not enforce, if these are not met the calculation will result in a floating point exception that crashes the whole process. This vulnerability has been registered as CVE-2017-9022. Please refer to our blog for details. *Fixed a DoS vulnerability in the x509 plugin that was caused because the ASN.1 parser didn't handle ASN.1 CHOICE types properly, which could result in an infinite loop when parsing X.509 extensions that use such types. This vulnerability has been registered as CVE-2017-9023. Please refer to our blog for details. *The behavior during IKEv2 CHILD_SA rekeying has been changed in order to avoid traffic loss. When responding to a CREATE_CHILD_SA request to rekey a CHILD_SA the responder already has everything available to install and use the new CHILD_SA. However, this could lead to lost traffic as the initiator won't be able to process inbound packets until it processed the CREATE_CHILD_SA response and updated the inbound SA. To avoid this the responder now only installs the new inbound SA and delays installing the outbound SA until it receives the DELETE for the replaced CHILD_SA. *The messages transporting these DELETEs could reach the peer before packets sent with the deleted outbound SAs reach it. To reduce the chance of traffic loss due to this the inbound SA of the replaced CHILD_SA is not removed for a configurable amount of seconds (charon.delete_rekeyed_delay) after the DELETE has been processed. *The code base has been ported to Apple's ARM64 iOS platform, which required several changes regarding the use of variadic functions. This was necessary because the calling conventions for variadic and regular functions are different there. This means that assigning a non-variadic function to a variadic function pointer, as we did with our enumerator_t::enumerate() implementations and several callbacks, will result in crashes as the called function accesses the arguments differently than the OBS-URL: https://build.opensuse.org/request/show/513652 OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=99
2017-08-01 09:21:05 +02:00
case ENCR_AES_GCM_ICV16:
@@ -806,6 +935,9 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
- Updated to strongSwan 5.2.2 providing the following changes: Changes in version 5.2.2: * Fixed a denial-of-service vulnerability triggered by an IKEv2 Key Exchange payload that contains the Diffie-Hellman group 1025. This identifier was used internally for DH groups with custom generator and prime. Because these arguments are missing when creating DH objects based on the KE payload an invalid pointer dereference occurred. This allowed an attacker to crash the IKE daemon with a single IKE_SA_INIT message containing such a KE payload. The vulnerability has been registered as CVE-2014-9221. * The left/rightid options in ipsec.conf, or any other identity in strongSwan, now accept prefixes to enforce an explicit type, such as email: or fqdn:. Note that no conversion is done for the remaining string, refer to ipsec.conf(5) for details. * The post-quantum Bimodal Lattice Signature Scheme (BLISS) can be used as an IKEv2 public key authentication method. The pki tool offers full support for the generation of BLISS key pairs and certificates. * Fixed mapping of integrity algorithms negotiated for AH via IKEv1. This could cause interoperability issues when connecting to older versions of charon. Changes in version 5.2.1: * The new charon-systemd IKE daemon implements an IKE daemon tailored for use with systemd. It avoids the dependency on ipsec starter and uses swanctl as configuration backend, building a simple and lightweight solution. It supports native systemd journal logging. * Support for IKEv2 fragmentation as per RFC 7383 has been added. Like IKEv1 fragmentation it can be enabled by setting fragmentation=yes in ipsec.conf. * Support of the TCG TNC IF-M Attribute Segmentation specification proposal. All attributes can be segmented. Additionally TCG/SWID Tag, TCG/SWID Tag ID and IETF/Installed Packages attributes can be processed incrementally on a per segment basis. OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=85
2015-01-05 15:41:37 +01:00
enumerator = lib->crypto->create_crypter_enumerator(lib->crypto);
while (enumerator->enumerate(enumerator, &encryption, &plugin_name))
{
- Updated to strongSwan 5.2.2 providing the following changes: Changes in version 5.2.2: * Fixed a denial-of-service vulnerability triggered by an IKEv2 Key Exchange payload that contains the Diffie-Hellman group 1025. This identifier was used internally for DH groups with custom generator and prime. Because these arguments are missing when creating DH objects based on the KE payload an invalid pointer dereference occurred. This allowed an attacker to crash the IKE daemon with a single IKE_SA_INIT message containing such a KE payload. The vulnerability has been registered as CVE-2014-9221. * The left/rightid options in ipsec.conf, or any other identity in strongSwan, now accept prefixes to enforce an explicit type, such as email: or fqdn:. Note that no conversion is done for the remaining string, refer to ipsec.conf(5) for details. * The post-quantum Bimodal Lattice Signature Scheme (BLISS) can be used as an IKEv2 public key authentication method. The pki tool offers full support for the generation of BLISS key pairs and certificates. * Fixed mapping of integrity algorithms negotiated for AH via IKEv1. This could cause interoperability issues when connecting to older versions of charon. Changes in version 5.2.1: * The new charon-systemd IKE daemon implements an IKE daemon tailored for use with systemd. It avoids the dependency on ipsec starter and uses swanctl as configuration backend, building a simple and lightweight solution. It supports native systemd journal logging. * Support for IKEv2 fragmentation as per RFC 7383 has been added. Like IKEv1 fragmentation it can be enabled by setting fragmentation=yes in ipsec.conf. * Support of the TCG TNC IF-M Attribute Segmentation specification proposal. All attributes can be segmented. Additionally TCG/SWID Tag, TCG/SWID Tag ID and IETF/Installed Packages attributes can be processed incrementally on a per segment basis. OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=85
2015-01-05 15:41:37 +01:00
+ if (!fips_filter(PROTO_IKE, ENCRYPTION_ALGORITHM, encryption))
+ continue;
+
switch (encryption)
{
case ENCR_AES_CBC:
Accepting request 513652 from home:ndas:branches:network:vpn - Updated to strongSwan 5.3.5 providing the following changes: *Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation when verifying RSA signatures. More specifically, mpz_powm_sec() has two requirements regarding the passed exponent and modulus that the plugin did not enforce, if these are not met the calculation will result in a floating point exception that crashes the whole process. This vulnerability has been registered as CVE-2017-9022. Please refer to our blog for details. *Fixed a DoS vulnerability in the x509 plugin that was caused because the ASN.1 parser didn't handle ASN.1 CHOICE types properly, which could result in an infinite loop when parsing X.509 extensions that use such types. This vulnerability has been registered as CVE-2017-9023. Please refer to our blog for details. *The behavior during IKEv2 CHILD_SA rekeying has been changed in order to avoid traffic loss. When responding to a CREATE_CHILD_SA request to rekey a CHILD_SA the responder already has everything available to install and use the new CHILD_SA. However, this could lead to lost traffic as the initiator won't be able to process inbound packets until it processed the CREATE_CHILD_SA response and updated the inbound SA. To avoid this the responder now only installs the new inbound SA and delays installing the outbound SA until it receives the DELETE for the replaced CHILD_SA. *The messages transporting these DELETEs could reach the peer before packets sent with the deleted outbound SAs reach it. To reduce the chance of traffic loss due to this the inbound SA of the replaced CHILD_SA is not removed for a configurable amount of seconds (charon.delete_rekeyed_delay) after the DELETE has been processed. *The code base has been ported to Apple's ARM64 iOS platform, which required several changes regarding the use of variadic functions. This was necessary because the calling conventions for variadic and regular functions are different there. This means that assigning a non-variadic function to a variadic function pointer, as we did with our enumerator_t::enumerate() implementations and several callbacks, will result in crashes as the called function accesses the arguments differently than the OBS-URL: https://build.opensuse.org/request/show/513652 OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=99
2017-08-01 09:21:05 +02:00
@@ -850,6 +982,9 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
- Updated to strongSwan 5.2.2 providing the following changes: Changes in version 5.2.2: * Fixed a denial-of-service vulnerability triggered by an IKEv2 Key Exchange payload that contains the Diffie-Hellman group 1025. This identifier was used internally for DH groups with custom generator and prime. Because these arguments are missing when creating DH objects based on the KE payload an invalid pointer dereference occurred. This allowed an attacker to crash the IKE daemon with a single IKE_SA_INIT message containing such a KE payload. The vulnerability has been registered as CVE-2014-9221. * The left/rightid options in ipsec.conf, or any other identity in strongSwan, now accept prefixes to enforce an explicit type, such as email: or fqdn:. Note that no conversion is done for the remaining string, refer to ipsec.conf(5) for details. * The post-quantum Bimodal Lattice Signature Scheme (BLISS) can be used as an IKEv2 public key authentication method. The pki tool offers full support for the generation of BLISS key pairs and certificates. * Fixed mapping of integrity algorithms negotiated for AH via IKEv1. This could cause interoperability issues when connecting to older versions of charon. Changes in version 5.2.1: * The new charon-systemd IKE daemon implements an IKE daemon tailored for use with systemd. It avoids the dependency on ipsec starter and uses swanctl as configuration backend, building a simple and lightweight solution. It supports native systemd journal logging. * Support for IKEv2 fragmentation as per RFC 7383 has been added. Like IKEv1 fragmentation it can be enabled by setting fragmentation=yes in ipsec.conf. * Support of the TCG TNC IF-M Attribute Segmentation specification proposal. All attributes can be segmented. Additionally TCG/SWID Tag, TCG/SWID Tag ID and IETF/Installed Packages attributes can be processed incrementally on a per segment basis. OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=85
2015-01-05 15:41:37 +01:00
enumerator = lib->crypto->create_signer_enumerator(lib->crypto);
while (enumerator->enumerate(enumerator, &integrity, &plugin_name))
{
- Updated to strongSwan 5.2.2 providing the following changes: Changes in version 5.2.2: * Fixed a denial-of-service vulnerability triggered by an IKEv2 Key Exchange payload that contains the Diffie-Hellman group 1025. This identifier was used internally for DH groups with custom generator and prime. Because these arguments are missing when creating DH objects based on the KE payload an invalid pointer dereference occurred. This allowed an attacker to crash the IKE daemon with a single IKE_SA_INIT message containing such a KE payload. The vulnerability has been registered as CVE-2014-9221. * The left/rightid options in ipsec.conf, or any other identity in strongSwan, now accept prefixes to enforce an explicit type, such as email: or fqdn:. Note that no conversion is done for the remaining string, refer to ipsec.conf(5) for details. * The post-quantum Bimodal Lattice Signature Scheme (BLISS) can be used as an IKEv2 public key authentication method. The pki tool offers full support for the generation of BLISS key pairs and certificates. * Fixed mapping of integrity algorithms negotiated for AH via IKEv1. This could cause interoperability issues when connecting to older versions of charon. Changes in version 5.2.1: * The new charon-systemd IKE daemon implements an IKE daemon tailored for use with systemd. It avoids the dependency on ipsec starter and uses swanctl as configuration backend, building a simple and lightweight solution. It supports native systemd journal logging. * Support for IKEv2 fragmentation as per RFC 7383 has been added. Like IKEv1 fragmentation it can be enabled by setting fragmentation=yes in ipsec.conf. * Support of the TCG TNC IF-M Attribute Segmentation specification proposal. All attributes can be segmented. Additionally TCG/SWID Tag, TCG/SWID Tag ID and IETF/Installed Packages attributes can be processed incrementally on a per segment basis. OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=85
2015-01-05 15:41:37 +01:00
+ if (!fips_filter(PROTO_IKE, INTEGRITY_ALGORITHM, integrity))
+ continue;
+
switch (integrity)
{
Accepting request 513652 from home:ndas:branches:network:vpn - Updated to strongSwan 5.3.5 providing the following changes: *Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation when verifying RSA signatures. More specifically, mpz_powm_sec() has two requirements regarding the passed exponent and modulus that the plugin did not enforce, if these are not met the calculation will result in a floating point exception that crashes the whole process. This vulnerability has been registered as CVE-2017-9022. Please refer to our blog for details. *Fixed a DoS vulnerability in the x509 plugin that was caused because the ASN.1 parser didn't handle ASN.1 CHOICE types properly, which could result in an infinite loop when parsing X.509 extensions that use such types. This vulnerability has been registered as CVE-2017-9023. Please refer to our blog for details. *The behavior during IKEv2 CHILD_SA rekeying has been changed in order to avoid traffic loss. When responding to a CREATE_CHILD_SA request to rekey a CHILD_SA the responder already has everything available to install and use the new CHILD_SA. However, this could lead to lost traffic as the initiator won't be able to process inbound packets until it processed the CREATE_CHILD_SA response and updated the inbound SA. To avoid this the responder now only installs the new inbound SA and delays installing the outbound SA until it receives the DELETE for the replaced CHILD_SA. *The messages transporting these DELETEs could reach the peer before packets sent with the deleted outbound SAs reach it. To reduce the chance of traffic loss due to this the inbound SA of the replaced CHILD_SA is not removed for a configurable amount of seconds (charon.delete_rekeyed_delay) after the DELETE has been processed. *The code base has been ported to Apple's ARM64 iOS platform, which required several changes regarding the use of variadic functions. This was necessary because the calling conventions for variadic and regular functions are different there. This means that assigning a non-variadic function to a variadic function pointer, as we did with our enumerator_t::enumerate() implementations and several callbacks, will result in crashes as the called function accesses the arguments differently than the OBS-URL: https://build.opensuse.org/request/show/513652 OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=99
2017-08-01 09:21:05 +02:00
case AUTH_HMAC_SHA2_256_128:
@@ -905,6 +1040,9 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
enumerator = lib->crypto->create_prf_enumerator(lib->crypto);
while (enumerator->enumerate(enumerator, &prf, &plugin_name))
{
+ if (!fips_filter(PROTO_IKE, PSEUDO_RANDOM_FUNCTION, prf))
+ continue;
- Updated to strongSwan 5.2.2 providing the following changes: Changes in version 5.2.2: * Fixed a denial-of-service vulnerability triggered by an IKEv2 Key Exchange payload that contains the Diffie-Hellman group 1025. This identifier was used internally for DH groups with custom generator and prime. Because these arguments are missing when creating DH objects based on the KE payload an invalid pointer dereference occurred. This allowed an attacker to crash the IKE daemon with a single IKE_SA_INIT message containing such a KE payload. The vulnerability has been registered as CVE-2014-9221. * The left/rightid options in ipsec.conf, or any other identity in strongSwan, now accept prefixes to enforce an explicit type, such as email: or fqdn:. Note that no conversion is done for the remaining string, refer to ipsec.conf(5) for details. * The post-quantum Bimodal Lattice Signature Scheme (BLISS) can be used as an IKEv2 public key authentication method. The pki tool offers full support for the generation of BLISS key pairs and certificates. * Fixed mapping of integrity algorithms negotiated for AH via IKEv1. This could cause interoperability issues when connecting to older versions of charon. Changes in version 5.2.1: * The new charon-systemd IKE daemon implements an IKE daemon tailored for use with systemd. It avoids the dependency on ipsec starter and uses swanctl as configuration backend, building a simple and lightweight solution. It supports native systemd journal logging. * Support for IKEv2 fragmentation as per RFC 7383 has been added. Like IKEv1 fragmentation it can be enabled by setting fragmentation=yes in ipsec.conf. * Support of the TCG TNC IF-M Attribute Segmentation specification proposal. All attributes can be segmented. Additionally TCG/SWID Tag, TCG/SWID Tag ID and IETF/Installed Packages attributes can be processed incrementally on a per segment basis. OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=85
2015-01-05 15:41:37 +01:00
+
switch (prf)
{
case PRF_HMAC_SHA1:
Accepting request 513652 from home:ndas:branches:network:vpn - Updated to strongSwan 5.3.5 providing the following changes: *Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation when verifying RSA signatures. More specifically, mpz_powm_sec() has two requirements regarding the passed exponent and modulus that the plugin did not enforce, if these are not met the calculation will result in a floating point exception that crashes the whole process. This vulnerability has been registered as CVE-2017-9022. Please refer to our blog for details. *Fixed a DoS vulnerability in the x509 plugin that was caused because the ASN.1 parser didn't handle ASN.1 CHOICE types properly, which could result in an infinite loop when parsing X.509 extensions that use such types. This vulnerability has been registered as CVE-2017-9023. Please refer to our blog for details. *The behavior during IKEv2 CHILD_SA rekeying has been changed in order to avoid traffic loss. When responding to a CREATE_CHILD_SA request to rekey a CHILD_SA the responder already has everything available to install and use the new CHILD_SA. However, this could lead to lost traffic as the initiator won't be able to process inbound packets until it processed the CREATE_CHILD_SA response and updated the inbound SA. To avoid this the responder now only installs the new inbound SA and delays installing the outbound SA until it receives the DELETE for the replaced CHILD_SA. *The messages transporting these DELETEs could reach the peer before packets sent with the deleted outbound SAs reach it. To reduce the chance of traffic loss due to this the inbound SA of the replaced CHILD_SA is not removed for a configurable amount of seconds (charon.delete_rekeyed_delay) after the DELETE has been processed. *The code base has been ported to Apple's ARM64 iOS platform, which required several changes regarding the use of variadic functions. This was necessary because the calling conventions for variadic and regular functions are different there. This means that assigning a non-variadic function to a variadic function pointer, as we did with our enumerator_t::enumerate() implementations and several callbacks, will result in crashes as the called function accesses the arguments differently than the OBS-URL: https://build.opensuse.org/request/show/513652 OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=99
2017-08-01 09:21:05 +02:00
@@ -964,6 +1102,9 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
while (enumerator->enumerate(enumerator, &group, &plugin_name))
{
+ if (!fips_filter(PROTO_IKE, DIFFIE_HELLMAN_GROUP, group))
+ continue;
- Updated to strongSwan 5.2.2 providing the following changes: Changes in version 5.2.2: * Fixed a denial-of-service vulnerability triggered by an IKEv2 Key Exchange payload that contains the Diffie-Hellman group 1025. This identifier was used internally for DH groups with custom generator and prime. Because these arguments are missing when creating DH objects based on the KE payload an invalid pointer dereference occurred. This allowed an attacker to crash the IKE daemon with a single IKE_SA_INIT message containing such a KE payload. The vulnerability has been registered as CVE-2014-9221. * The left/rightid options in ipsec.conf, or any other identity in strongSwan, now accept prefixes to enforce an explicit type, such as email: or fqdn:. Note that no conversion is done for the remaining string, refer to ipsec.conf(5) for details. * The post-quantum Bimodal Lattice Signature Scheme (BLISS) can be used as an IKEv2 public key authentication method. The pki tool offers full support for the generation of BLISS key pairs and certificates. * Fixed mapping of integrity algorithms negotiated for AH via IKEv1. This could cause interoperability issues when connecting to older versions of charon. Changes in version 5.2.1: * The new charon-systemd IKE daemon implements an IKE daemon tailored for use with systemd. It avoids the dependency on ipsec starter and uses swanctl as configuration backend, building a simple and lightweight solution. It supports native systemd journal logging. * Support for IKEv2 fragmentation as per RFC 7383 has been added. Like IKEv1 fragmentation it can be enabled by setting fragmentation=yes in ipsec.conf. * Support of the TCG TNC IF-M Attribute Segmentation specification proposal. All attributes can be segmented. Additionally TCG/SWID Tag, TCG/SWID Tag ID and IETF/Installed Packages attributes can be processed incrementally on a per segment basis. OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=85
2015-01-05 15:41:37 +01:00
+
switch (group)
{
case MODP_NULL:
Accepting request 513652 from home:ndas:branches:network:vpn - Updated to strongSwan 5.3.5 providing the following changes: *Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation when verifying RSA signatures. More specifically, mpz_powm_sec() has two requirements regarding the passed exponent and modulus that the plugin did not enforce, if these are not met the calculation will result in a floating point exception that crashes the whole process. This vulnerability has been registered as CVE-2017-9022. Please refer to our blog for details. *Fixed a DoS vulnerability in the x509 plugin that was caused because the ASN.1 parser didn't handle ASN.1 CHOICE types properly, which could result in an infinite loop when parsing X.509 extensions that use such types. This vulnerability has been registered as CVE-2017-9023. Please refer to our blog for details. *The behavior during IKEv2 CHILD_SA rekeying has been changed in order to avoid traffic loss. When responding to a CREATE_CHILD_SA request to rekey a CHILD_SA the responder already has everything available to install and use the new CHILD_SA. However, this could lead to lost traffic as the initiator won't be able to process inbound packets until it processed the CREATE_CHILD_SA response and updated the inbound SA. To avoid this the responder now only installs the new inbound SA and delays installing the outbound SA until it receives the DELETE for the replaced CHILD_SA. *The messages transporting these DELETEs could reach the peer before packets sent with the deleted outbound SAs reach it. To reduce the chance of traffic loss due to this the inbound SA of the replaced CHILD_SA is not removed for a configurable amount of seconds (charon.delete_rekeyed_delay) after the DELETE has been processed. *The code base has been ported to Apple's ARM64 iOS platform, which required several changes regarding the use of variadic functions. This was necessary because the calling conventions for variadic and regular functions are different there. This means that assigning a non-variadic function to a variadic function pointer, as we did with our enumerator_t::enumerate() implementations and several callbacks, will result in crashes as the called function accesses the arguments differently than the OBS-URL: https://build.opensuse.org/request/show/513652 OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=99
2017-08-01 09:21:05 +02:00
@@ -1004,6 +1145,10 @@ proposal_t *proposal_create_default(protocol_id_t protocol)
{
private_proposal_t *this = (private_proposal_t*)proposal_create(protocol, 0);
+#define fips_add_algorithm(this, type, alg, len) \
+ if (fips_filter(this->protocol, type, alg)) \
+ add_algorithm(this, type, alg, len);
- Updated to strongSwan 5.2.2 providing the following changes: Changes in version 5.2.2: * Fixed a denial-of-service vulnerability triggered by an IKEv2 Key Exchange payload that contains the Diffie-Hellman group 1025. This identifier was used internally for DH groups with custom generator and prime. Because these arguments are missing when creating DH objects based on the KE payload an invalid pointer dereference occurred. This allowed an attacker to crash the IKE daemon with a single IKE_SA_INIT message containing such a KE payload. The vulnerability has been registered as CVE-2014-9221. * The left/rightid options in ipsec.conf, or any other identity in strongSwan, now accept prefixes to enforce an explicit type, such as email: or fqdn:. Note that no conversion is done for the remaining string, refer to ipsec.conf(5) for details. * The post-quantum Bimodal Lattice Signature Scheme (BLISS) can be used as an IKEv2 public key authentication method. The pki tool offers full support for the generation of BLISS key pairs and certificates. * Fixed mapping of integrity algorithms negotiated for AH via IKEv1. This could cause interoperability issues when connecting to older versions of charon. Changes in version 5.2.1: * The new charon-systemd IKE daemon implements an IKE daemon tailored for use with systemd. It avoids the dependency on ipsec starter and uses swanctl as configuration backend, building a simple and lightweight solution. It supports native systemd journal logging. * Support for IKEv2 fragmentation as per RFC 7383 has been added. Like IKEv1 fragmentation it can be enabled by setting fragmentation=yes in ipsec.conf. * Support of the TCG TNC IF-M Attribute Segmentation specification proposal. All attributes can be segmented. Additionally TCG/SWID Tag, TCG/SWID Tag ID and IETF/Installed Packages attributes can be processed incrementally on a per segment basis. OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=85
2015-01-05 15:41:37 +01:00
+
switch (protocol)
{
case PROTO_IKE:
Accepting request 513652 from home:ndas:branches:network:vpn - Updated to strongSwan 5.3.5 providing the following changes: *Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation when verifying RSA signatures. More specifically, mpz_powm_sec() has two requirements regarding the passed exponent and modulus that the plugin did not enforce, if these are not met the calculation will result in a floating point exception that crashes the whole process. This vulnerability has been registered as CVE-2017-9022. Please refer to our blog for details. *Fixed a DoS vulnerability in the x509 plugin that was caused because the ASN.1 parser didn't handle ASN.1 CHOICE types properly, which could result in an infinite loop when parsing X.509 extensions that use such types. This vulnerability has been registered as CVE-2017-9023. Please refer to our blog for details. *The behavior during IKEv2 CHILD_SA rekeying has been changed in order to avoid traffic loss. When responding to a CREATE_CHILD_SA request to rekey a CHILD_SA the responder already has everything available to install and use the new CHILD_SA. However, this could lead to lost traffic as the initiator won't be able to process inbound packets until it processed the CREATE_CHILD_SA response and updated the inbound SA. To avoid this the responder now only installs the new inbound SA and delays installing the outbound SA until it receives the DELETE for the replaced CHILD_SA. *The messages transporting these DELETEs could reach the peer before packets sent with the deleted outbound SAs reach it. To reduce the chance of traffic loss due to this the inbound SA of the replaced CHILD_SA is not removed for a configurable amount of seconds (charon.delete_rekeyed_delay) after the DELETE has been processed. *The code base has been ported to Apple's ARM64 iOS platform, which required several changes regarding the use of variadic functions. This was necessary because the calling conventions for variadic and regular functions are different there. This means that assigning a non-variadic function to a variadic function pointer, as we did with our enumerator_t::enumerate() implementations and several callbacks, will result in crashes as the called function accesses the arguments differently than the OBS-URL: https://build.opensuse.org/request/show/513652 OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=99
2017-08-01 09:21:05 +02:00
@@ -1014,31 +1159,32 @@ proposal_t *proposal_create_default(protocol_id_t protocol)
- Updated to strongSwan 5.2.2 providing the following changes: Changes in version 5.2.2: * Fixed a denial-of-service vulnerability triggered by an IKEv2 Key Exchange payload that contains the Diffie-Hellman group 1025. This identifier was used internally for DH groups with custom generator and prime. Because these arguments are missing when creating DH objects based on the KE payload an invalid pointer dereference occurred. This allowed an attacker to crash the IKE daemon with a single IKE_SA_INIT message containing such a KE payload. The vulnerability has been registered as CVE-2014-9221. * The left/rightid options in ipsec.conf, or any other identity in strongSwan, now accept prefixes to enforce an explicit type, such as email: or fqdn:. Note that no conversion is done for the remaining string, refer to ipsec.conf(5) for details. * The post-quantum Bimodal Lattice Signature Scheme (BLISS) can be used as an IKEv2 public key authentication method. The pki tool offers full support for the generation of BLISS key pairs and certificates. * Fixed mapping of integrity algorithms negotiated for AH via IKEv1. This could cause interoperability issues when connecting to older versions of charon. Changes in version 5.2.1: * The new charon-systemd IKE daemon implements an IKE daemon tailored for use with systemd. It avoids the dependency on ipsec starter and uses swanctl as configuration backend, building a simple and lightweight solution. It supports native systemd journal logging. * Support for IKEv2 fragmentation as per RFC 7383 has been added. Like IKEv1 fragmentation it can be enabled by setting fragmentation=yes in ipsec.conf. * Support of the TCG TNC IF-M Attribute Segmentation specification proposal. All attributes can be segmented. Additionally TCG/SWID Tag, TCG/SWID Tag ID and IETF/Installed Packages attributes can be processed incrementally on a per segment basis. OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=85
2015-01-05 15:41:37 +01:00
}
break;
case PROTO_ESP:
Accepting request 513652 from home:ndas:branches:network:vpn - Updated to strongSwan 5.3.5 providing the following changes: *Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation when verifying RSA signatures. More specifically, mpz_powm_sec() has two requirements regarding the passed exponent and modulus that the plugin did not enforce, if these are not met the calculation will result in a floating point exception that crashes the whole process. This vulnerability has been registered as CVE-2017-9022. Please refer to our blog for details. *Fixed a DoS vulnerability in the x509 plugin that was caused because the ASN.1 parser didn't handle ASN.1 CHOICE types properly, which could result in an infinite loop when parsing X.509 extensions that use such types. This vulnerability has been registered as CVE-2017-9023. Please refer to our blog for details. *The behavior during IKEv2 CHILD_SA rekeying has been changed in order to avoid traffic loss. When responding to a CREATE_CHILD_SA request to rekey a CHILD_SA the responder already has everything available to install and use the new CHILD_SA. However, this could lead to lost traffic as the initiator won't be able to process inbound packets until it processed the CREATE_CHILD_SA response and updated the inbound SA. To avoid this the responder now only installs the new inbound SA and delays installing the outbound SA until it receives the DELETE for the replaced CHILD_SA. *The messages transporting these DELETEs could reach the peer before packets sent with the deleted outbound SAs reach it. To reduce the chance of traffic loss due to this the inbound SA of the replaced CHILD_SA is not removed for a configurable amount of seconds (charon.delete_rekeyed_delay) after the DELETE has been processed. *The code base has been ported to Apple's ARM64 iOS platform, which required several changes regarding the use of variadic functions. This was necessary because the calling conventions for variadic and regular functions are different there. This means that assigning a non-variadic function to a variadic function pointer, as we did with our enumerator_t::enumerate() implementations and several callbacks, will result in crashes as the called function accesses the arguments differently than the OBS-URL: https://build.opensuse.org/request/show/513652 OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=99
2017-08-01 09:21:05 +02:00
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128);
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192);
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256);
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_3DES, 0);
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
- add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
+ fips_add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128);
+ fips_add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192);
+ fips_add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256);
+ fips_add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_3DES, 0);
+ fips_add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256);
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0);
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0);
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0);
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
+ fips_add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
break;
case PROTO_AH:
Accepting request 513652 from home:ndas:branches:network:vpn - Updated to strongSwan 5.3.5 providing the following changes: *Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation when verifying RSA signatures. More specifically, mpz_powm_sec() has two requirements regarding the passed exponent and modulus that the plugin did not enforce, if these are not met the calculation will result in a floating point exception that crashes the whole process. This vulnerability has been registered as CVE-2017-9022. Please refer to our blog for details. *Fixed a DoS vulnerability in the x509 plugin that was caused because the ASN.1 parser didn't handle ASN.1 CHOICE types properly, which could result in an infinite loop when parsing X.509 extensions that use such types. This vulnerability has been registered as CVE-2017-9023. Please refer to our blog for details. *The behavior during IKEv2 CHILD_SA rekeying has been changed in order to avoid traffic loss. When responding to a CREATE_CHILD_SA request to rekey a CHILD_SA the responder already has everything available to install and use the new CHILD_SA. However, this could lead to lost traffic as the initiator won't be able to process inbound packets until it processed the CREATE_CHILD_SA response and updated the inbound SA. To avoid this the responder now only installs the new inbound SA and delays installing the outbound SA until it receives the DELETE for the replaced CHILD_SA. *The messages transporting these DELETEs could reach the peer before packets sent with the deleted outbound SAs reach it. To reduce the chance of traffic loss due to this the inbound SA of the replaced CHILD_SA is not removed for a configurable amount of seconds (charon.delete_rekeyed_delay) after the DELETE has been processed. *The code base has been ported to Apple's ARM64 iOS platform, which required several changes regarding the use of variadic functions. This was necessary because the calling conventions for variadic and regular functions are different there. This means that assigning a non-variadic function to a variadic function pointer, as we did with our enumerator_t::enumerate() implementations and several callbacks, will result in crashes as the called function accesses the arguments differently than the OBS-URL: https://build.opensuse.org/request/show/513652 OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=99
2017-08-01 09:21:05 +02:00
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
- add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0);
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0);
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0);
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
+ fips_add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
break;
default:
break;
}
+#undef fips_add_algorithm
return &this->public;
}
--
Accepting request 513652 from home:ndas:branches:network:vpn - Updated to strongSwan 5.3.5 providing the following changes: *Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation when verifying RSA signatures. More specifically, mpz_powm_sec() has two requirements regarding the passed exponent and modulus that the plugin did not enforce, if these are not met the calculation will result in a floating point exception that crashes the whole process. This vulnerability has been registered as CVE-2017-9022. Please refer to our blog for details. *Fixed a DoS vulnerability in the x509 plugin that was caused because the ASN.1 parser didn't handle ASN.1 CHOICE types properly, which could result in an infinite loop when parsing X.509 extensions that use such types. This vulnerability has been registered as CVE-2017-9023. Please refer to our blog for details. *The behavior during IKEv2 CHILD_SA rekeying has been changed in order to avoid traffic loss. When responding to a CREATE_CHILD_SA request to rekey a CHILD_SA the responder already has everything available to install and use the new CHILD_SA. However, this could lead to lost traffic as the initiator won't be able to process inbound packets until it processed the CREATE_CHILD_SA response and updated the inbound SA. To avoid this the responder now only installs the new inbound SA and delays installing the outbound SA until it receives the DELETE for the replaced CHILD_SA. *The messages transporting these DELETEs could reach the peer before packets sent with the deleted outbound SAs reach it. To reduce the chance of traffic loss due to this the inbound SA of the replaced CHILD_SA is not removed for a configurable amount of seconds (charon.delete_rekeyed_delay) after the DELETE has been processed. *The code base has been ported to Apple's ARM64 iOS platform, which required several changes regarding the use of variadic functions. This was necessary because the calling conventions for variadic and regular functions are different there. This means that assigning a non-variadic function to a variadic function pointer, as we did with our enumerator_t::enumerate() implementations and several callbacks, will result in crashes as the called function accesses the arguments differently than the OBS-URL: https://build.opensuse.org/request/show/513652 OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=99
2017-08-01 09:21:05 +02:00
2.13.2