From fadffa6d6064b800ccc79142f57c79b50bd142758aea08bc05f19949c18a5d0d Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski Date: Mon, 5 Jan 2015 13:04:19 +0000 Subject: [PATCH 1/3] - Disallow brainpool elliptic curve groups in fips mode (bnc#856322). [* strongswan_fipsfilter.patch] - Applied an upstream fix for a denial-of-service vulnerability, which can be triggered by an IKEv2 Key Exchange payload, that contains the Diffie-Hellman group 1025 (bsc#910491,CVE-2014-9221). [+ 0006-strongswan-5.1.2-5.2.1_modp_custom.CVE-2014-9221.patch] - Adjusted whilelist of approved algorithms in fips mode (bsc#856322). [* strongswan_fipsfilter.patch] - Renamed patch file to match it's patch number: [- 0001-restore-registration-algorithm-order.bug897512.patch, + 0005-restore-registration-algorithm-order.bug897512.patch] OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=84 --- ...gistration-algorithm-order.bug897512.patch | 0 ....1.2-5.2.1_modp_custom.CVE-2014-9221.patch | 166 ++++++++++++++++++ strongswan.changes | 19 ++ strongswan.spec | 6 +- strongswan_fipsfilter.patch | 36 ++-- 5 files changed, 208 insertions(+), 19 deletions(-) rename 0001-restore-registration-algorithm-order.bug897512.patch => 0005-restore-registration-algorithm-order.bug897512.patch (100%) create mode 100644 0006-strongswan-5.1.2-5.2.1_modp_custom.CVE-2014-9221.patch diff --git a/0001-restore-registration-algorithm-order.bug897512.patch b/0005-restore-registration-algorithm-order.bug897512.patch similarity index 100% rename from 0001-restore-registration-algorithm-order.bug897512.patch rename to 0005-restore-registration-algorithm-order.bug897512.patch diff --git a/0006-strongswan-5.1.2-5.2.1_modp_custom.CVE-2014-9221.patch b/0006-strongswan-5.1.2-5.2.1_modp_custom.CVE-2014-9221.patch new file mode 100644 index 0000000..aa3ff37 --- /dev/null +++ b/0006-strongswan-5.1.2-5.2.1_modp_custom.CVE-2014-9221.patch @@ -0,0 +1,166 @@ +From a78ecdd47509626711a13481f53696e01d4b8c62 Mon Sep 17 00:00:00 2001 +From: Tobias Brunner +Date: Mon, 1 Dec 2014 17:21:59 +0100 +Subject: [PATCH] crypto: Define MODP_CUSTOM outside of IKE DH range +References: bsc#910491,CVE-2014-9221 +Upstream: yes + +Before this fix it was possible to crash charon with an IKE_SA_INIT +message containing a KE payload with DH group MODP_CUSTOM(1025). +Defining MODP_CUSTOM outside of the two byte IKE DH identifier range +prevents it from getting negotiated. + +Fixes CVE-2014-9221 in version 5.1.2 and newer. +--- + src/charon-tkm/src/tkm/tkm_diffie_hellman.c | 2 +- + src/libstrongswan/crypto/diffie_hellman.c | 11 ++++++----- + src/libstrongswan/crypto/diffie_hellman.h | 6 ++++-- + src/libstrongswan/plugins/gcrypt/gcrypt_dh.c | 2 +- + src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c | 2 +- + src/libstrongswan/plugins/ntru/ntru_ke.c | 2 +- + src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c | 2 +- + src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c | 2 +- + src/libstrongswan/plugins/pkcs11/pkcs11_dh.c | 2 +- + 9 files changed, 17 insertions(+), 14 deletions(-) + +diff --git a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c +index 67db5e6d87d6..836e0b7f088d 100644 +--- a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c ++++ b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c +@@ -41,7 +41,7 @@ struct private_tkm_diffie_hellman_t { + /** + * Diffie Hellman group number. + */ +- u_int16_t group; ++ diffie_hellman_group_t group; + + /** + * Diffie Hellman public value. +diff --git a/src/libstrongswan/crypto/diffie_hellman.c b/src/libstrongswan/crypto/diffie_hellman.c +index bada1c529951..ac106e9c4d45 100644 +--- a/src/libstrongswan/crypto/diffie_hellman.c ++++ b/src/libstrongswan/crypto/diffie_hellman.c +@@ -42,15 +42,16 @@ ENUM_NEXT(diffie_hellman_group_names, MODP_1024_160, ECP_512_BP, ECP_521_BIT, + "ECP_256_BP", + "ECP_384_BP", + "ECP_512_BP"); +-ENUM_NEXT(diffie_hellman_group_names, MODP_NULL, MODP_CUSTOM, ECP_512_BP, +- "MODP_NULL", +- "MODP_CUSTOM"); +-ENUM_NEXT(diffie_hellman_group_names, NTRU_112_BIT, NTRU_256_BIT, MODP_CUSTOM, ++ENUM_NEXT(diffie_hellman_group_names, MODP_NULL, MODP_NULL, ECP_512_BP, ++ "MODP_NULL"); ++ENUM_NEXT(diffie_hellman_group_names, NTRU_112_BIT, NTRU_256_BIT, MODP_NULL, + "NTRU_112", + "NTRU_128", + "NTRU_192", + "NTRU_256"); +-ENUM_END(diffie_hellman_group_names, NTRU_256_BIT); ++ENUM_NEXT(diffie_hellman_group_names, MODP_CUSTOM, MODP_CUSTOM, NTRU_256_BIT, ++ "MODP_CUSTOM"); ++ENUM_END(diffie_hellman_group_names, MODP_CUSTOM); + + + /** +diff --git a/src/libstrongswan/crypto/diffie_hellman.h b/src/libstrongswan/crypto/diffie_hellman.h +index 105db22f14d4..d5161d077bb2 100644 +--- a/src/libstrongswan/crypto/diffie_hellman.h ++++ b/src/libstrongswan/crypto/diffie_hellman.h +@@ -63,12 +63,14 @@ enum diffie_hellman_group_t { + /** insecure NULL diffie hellman group for testing, in PRIVATE USE */ + MODP_NULL = 1024, + /** MODP group with custom generator/prime */ +- MODP_CUSTOM = 1025, + /** Parameters defined by IEEE 1363.1, in PRIVATE USE */ + NTRU_112_BIT = 1030, + NTRU_128_BIT = 1031, + NTRU_192_BIT = 1032, +- NTRU_256_BIT = 1033 ++ NTRU_256_BIT = 1033, ++ /** internally used DH group with additional parameters g and p, outside ++ * of PRIVATE USE (i.e. IKEv2 DH group range) so it can't be negotiated */ ++ MODP_CUSTOM = 65536, + }; + + /** +diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c +index f418b941db86..299865da2e09 100644 +--- a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c ++++ b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c +@@ -35,7 +35,7 @@ struct private_gcrypt_dh_t { + /** + * Diffie Hellman group number + */ +- u_int16_t group; ++ diffie_hellman_group_t group; + + /* + * Generator value +diff --git a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c +index b74d35169f44..9936f7e4518f 100644 +--- a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c ++++ b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c +@@ -42,7 +42,7 @@ struct private_gmp_diffie_hellman_t { + /** + * Diffie Hellman group number. + */ +- u_int16_t group; ++ diffie_hellman_group_t group; + + /* + * Generator value. +diff --git a/src/libstrongswan/plugins/ntru/ntru_ke.c b/src/libstrongswan/plugins/ntru/ntru_ke.c +index abaa22336221..e64f32b91d0e 100644 +--- a/src/libstrongswan/plugins/ntru/ntru_ke.c ++++ b/src/libstrongswan/plugins/ntru/ntru_ke.c +@@ -56,7 +56,7 @@ struct private_ntru_ke_t { + /** + * Diffie Hellman group number. + */ +- u_int16_t group; ++ diffie_hellman_group_t group; + + /** + * NTRU Parameter Set +diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c +index ff3382473666..1e68ac59b838 100644 +--- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c ++++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c +@@ -38,7 +38,7 @@ struct private_openssl_diffie_hellman_t { + /** + * Diffie Hellman group number. + */ +- u_int16_t group; ++ diffie_hellman_group_t group; + + /** + * Diffie Hellman object +diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c +index b487d59a59a3..50853d6f0bde 100644 +--- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c ++++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c +@@ -40,7 +40,7 @@ struct private_openssl_ec_diffie_hellman_t { + /** + * Diffie Hellman group number. + */ +- u_int16_t group; ++ diffie_hellman_group_t group; + + /** + * EC private (public) key +diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c +index 36cc284bf2b5..23b63d2386af 100644 +--- a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c ++++ b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c +@@ -47,7 +47,7 @@ struct private_pkcs11_dh_t { + /** + * Diffie Hellman group number. + */ +- u_int16_t group; ++ diffie_hellman_group_t group; + + /** + * Handle for own private value +-- +1.9.1 + diff --git a/strongswan.changes b/strongswan.changes index eb5afb9..cfb2771 100644 --- a/strongswan.changes +++ b/strongswan.changes @@ -1,3 +1,22 @@ +------------------------------------------------------------------- +Wed Dec 17 10:15:23 UTC 2014 - mt@suse.de + +- Disallow brainpool elliptic curve groups in fips mode (bnc#856322). + [* strongswan_fipsfilter.patch] + +------------------------------------------------------------------- +Thu Dec 11 10:21:01 UTC 2014 - mt@suse.de + +- Applied an upstream fix for a denial-of-service vulnerability, + which can be triggered by an IKEv2 Key Exchange payload, that + contains the Diffie-Hellman group 1025 (bsc#910491,CVE-2014-9221). + [+ 0006-strongswan-5.1.2-5.2.1_modp_custom.CVE-2014-9221.patch] +- Adjusted whilelist of approved algorithms in fips mode (bsc#856322). + [* strongswan_fipsfilter.patch] +- Renamed patch file to match it's patch number: + [- 0001-restore-registration-algorithm-order.bug897512.patch, + + 0005-restore-registration-algorithm-order.bug897512.patch] + ------------------------------------------------------------------- Tue Nov 25 11:22:06 UTC 2014 - mt@suse.de diff --git a/strongswan.spec b/strongswan.spec index 0807214..e99aee5 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -1,7 +1,7 @@ # # spec file for package strongswan # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -82,7 +82,8 @@ Patch2: %{name}_ipsec_service.patch Patch3: %{name}_fipscheck.patch Patch4: %{name}_fipsfilter.patch %endif -Patch5: 0001-restore-registration-algorithm-order.bug897512.patch +Patch5: 0005-restore-registration-algorithm-order.bug897512.patch +Patch6: 0006-strongswan-5.1.2-5.2.1_modp_custom.CVE-2014-9221.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: bison BuildRequires: curl-devel @@ -294,6 +295,7 @@ and the load testing plugin for IKEv2 daemon. %patch4 -p1 %endif %patch5 -p1 +%patch6 -p1 sed -e 's|@libexecdir@|%_libexecdir|g' \ < $RPM_SOURCE_DIR/strongswan.init.in \ > strongswan.init diff --git a/strongswan_fipsfilter.patch b/strongswan_fipsfilter.patch index 81eee37..3e4a2bd 100644 --- a/strongswan_fipsfilter.patch +++ b/strongswan_fipsfilter.patch @@ -1,5 +1,12 @@ +From aa709f291994a74271271b6dd61563cc3844e3ad Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski +Date: Tue, 16 Dec 2014 23:19:20 +0100 +Subject: [PATCH] strongswan: filter algorithms for fips mode + +References: fate#316931,bnc#856322 + diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c -index 2ecdb4f..85767ab 100644 +index 2ecdb4f..a858162 100644 --- a/src/libcharon/config/proposal.c +++ b/src/libcharon/config/proposal.c @@ -26,6 +26,11 @@ @@ -14,7 +21,7 @@ index 2ecdb4f..85767ab 100644 ENUM(protocol_id_names, PROTO_NONE, PROTO_IPCOMP, "PROTO_NONE", -@@ -185,6 +190,130 @@ METHOD(proposal_t, strip_dh, void, +@@ -185,6 +190,122 @@ METHOD(proposal_t, strip_dh, void, enumerator->destroy(enumerator); } @@ -104,24 +111,16 @@ index 2ecdb4f..85767ab 100644 + case DIFFIE_HELLMAN_GROUP: + switch (alg) + { -+ case MODP_1024_BIT: -+ case MODP_1536_BIT: + case MODP_2048_BIT: + case MODP_3072_BIT: + case MODP_4096_BIT: + case MODP_8192_BIT: -+ case MODP_1024_160: + case MODP_2048_224: + case MODP_2048_256: -+ case ECP_192_BIT: + case ECP_224_BIT: + case ECP_256_BIT: + case ECP_384_BIT: + case ECP_521_BIT: -+ case ECP_224_BP: -+ case ECP_256_BP: -+ case ECP_384_BP: -+ case ECP_512_BP: + return TRUE; + default: + break; @@ -145,7 +144,7 @@ index 2ecdb4f..85767ab 100644 /** * Select a matching proposal from this and other, insert into selected. */ -@@ -500,6 +629,11 @@ static bool add_string_algo(private_proposal_t *this, const char *alg) +@@ -500,6 +621,11 @@ static bool add_string_algo(private_proposal_t *this, const char *alg) return FALSE; } @@ -157,7 +156,7 @@ index 2ecdb4f..85767ab 100644 add_algorithm(this, token->type, token->algorithm, token->keysize); return TRUE; -@@ -639,6 +773,8 @@ static void proposal_add_supported_ike(private_proposal_t *this) +@@ -639,6 +765,8 @@ static void proposal_add_supported_ike(private_proposal_t *this) enumerator = lib->crypto->create_crypter_enumerator(lib->crypto); while (enumerator->enumerate(enumerator, &encryption, &plugin_name)) { @@ -166,7 +165,7 @@ index 2ecdb4f..85767ab 100644 switch (encryption) { case ENCR_AES_CBC: -@@ -665,6 +801,9 @@ static void proposal_add_supported_ike(private_proposal_t *this) +@@ -665,6 +793,9 @@ static void proposal_add_supported_ike(private_proposal_t *this) enumerator = lib->crypto->create_aead_enumerator(lib->crypto); while (enumerator->enumerate(enumerator, &encryption, &plugin_name)) { @@ -176,7 +175,7 @@ index 2ecdb4f..85767ab 100644 switch (encryption) { case ENCR_AES_CCM_ICV8: -@@ -690,6 +829,8 @@ static void proposal_add_supported_ike(private_proposal_t *this) +@@ -690,6 +821,8 @@ static void proposal_add_supported_ike(private_proposal_t *this) enumerator = lib->crypto->create_signer_enumerator(lib->crypto); while (enumerator->enumerate(enumerator, &integrity, &plugin_name)) { @@ -185,7 +184,7 @@ index 2ecdb4f..85767ab 100644 switch (integrity) { case AUTH_HMAC_SHA1_96: -@@ -710,6 +851,8 @@ static void proposal_add_supported_ike(private_proposal_t *this) +@@ -710,6 +843,8 @@ static void proposal_add_supported_ike(private_proposal_t *this) enumerator = lib->crypto->create_prf_enumerator(lib->crypto); while (enumerator->enumerate(enumerator, &prf, &plugin_name)) { @@ -194,7 +193,7 @@ index 2ecdb4f..85767ab 100644 switch (prf) { case PRF_HMAC_SHA1: -@@ -730,6 +873,8 @@ static void proposal_add_supported_ike(private_proposal_t *this) +@@ -730,6 +865,8 @@ static void proposal_add_supported_ike(private_proposal_t *this) enumerator = lib->crypto->create_dh_enumerator(lib->crypto); while (enumerator->enumerate(enumerator, &group, &plugin_name)) { @@ -203,7 +202,7 @@ index 2ecdb4f..85767ab 100644 switch (group) { case MODP_NULL: -@@ -776,31 +921,35 @@ proposal_t *proposal_create_default(protocol_id_t protocol) +@@ -776,31 +913,35 @@ proposal_t *proposal_create_default(protocol_id_t protocol) { private_proposal_t *this = (private_proposal_t*)proposal_create(protocol, 0); @@ -252,3 +251,6 @@ index 2ecdb4f..85767ab 100644 return &this->public; } +-- +2.2.0 + From 055879bc1c17c873f308fe6b504fe600109027e64a48793b6c6dea02e2710ca1 Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski Date: Mon, 5 Jan 2015 14:41:37 +0000 Subject: [PATCH 2/3] - Updated to strongSwan 5.2.2 providing the following changes: Changes in version 5.2.2: * Fixed a denial-of-service vulnerability triggered by an IKEv2 Key Exchange payload that contains the Diffie-Hellman group 1025. This identifier was used internally for DH groups with custom generator and prime. Because these arguments are missing when creating DH objects based on the KE payload an invalid pointer dereference occurred. This allowed an attacker to crash the IKE daemon with a single IKE_SA_INIT message containing such a KE payload. The vulnerability has been registered as CVE-2014-9221. * The left/rightid options in ipsec.conf, or any other identity in strongSwan, now accept prefixes to enforce an explicit type, such as email: or fqdn:. Note that no conversion is done for the remaining string, refer to ipsec.conf(5) for details. * The post-quantum Bimodal Lattice Signature Scheme (BLISS) can be used as an IKEv2 public key authentication method. The pki tool offers full support for the generation of BLISS key pairs and certificates. * Fixed mapping of integrity algorithms negotiated for AH via IKEv1. This could cause interoperability issues when connecting to older versions of charon. Changes in version 5.2.1: * The new charon-systemd IKE daemon implements an IKE daemon tailored for use with systemd. It avoids the dependency on ipsec starter and uses swanctl as configuration backend, building a simple and lightweight solution. It supports native systemd journal logging. * Support for IKEv2 fragmentation as per RFC 7383 has been added. Like IKEv1 fragmentation it can be enabled by setting fragmentation=yes in ipsec.conf. * Support of the TCG TNC IF-M Attribute Segmentation specification proposal. All attributes can be segmented. Additionally TCG/SWID Tag, TCG/SWID Tag ID and IETF/Installed Packages attributes can be processed incrementally on a per segment basis. OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=85 --- strongswan-5.1.3.tar.bz2 | 3 - strongswan-5.1.3.tar.bz2.sig | 14 ---- ....3-rpmlintrc => strongswan-5.2.2-rpmlintrc | 0 strongswan-5.2.2.tar.bz2 | 3 + strongswan-5.2.2.tar.bz2.sig | 14 ++++ strongswan.changes | 80 +++++++++++++++++++ strongswan.spec | 13 ++- strongswan_fipscheck.patch | 20 ++--- strongswan_fipsfilter.patch | 74 +++++++++-------- 9 files changed, 154 insertions(+), 67 deletions(-) delete mode 100644 strongswan-5.1.3.tar.bz2 delete mode 100644 strongswan-5.1.3.tar.bz2.sig rename strongswan-5.1.3-rpmlintrc => strongswan-5.2.2-rpmlintrc (100%) create mode 100644 strongswan-5.2.2.tar.bz2 create mode 100644 strongswan-5.2.2.tar.bz2.sig diff --git a/strongswan-5.1.3.tar.bz2 b/strongswan-5.1.3.tar.bz2 deleted file mode 100644 index b52ba2d..0000000 --- a/strongswan-5.1.3.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:84e46d5ce801e1b874e2bfba8d21dbd78b432e23b7fb1f4f2d637359e7a183a8 -size 3807212 diff --git a/strongswan-5.1.3.tar.bz2.sig b/strongswan-5.1.3.tar.bz2.sig deleted file mode 100644 index 7884d97..0000000 --- a/strongswan-5.1.3.tar.bz2.sig +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.11 (GNU/Linux) - -iQGcBAABAgAGBQJTS9jUAAoJEN9CwXCzTbp3E3cMAJuQv7IsG5XDNQB/Wcb66hLQ -2DSZN2zXRI2Ku5ONXDqnzCzyGRO84SOsGVzX9AQTHactr29B0n9rZxSCKZrm+ZRX -lMKu6UNsS+jSKhXkXfmDSilFnM7ap7tAlFUuH/7uz8LcG34643W5BOJH0oMq7Rx3 -WN/7/TbrYf1aE0s3C8tcJXc5OghkvAfsE0jBPWhwT7dwi5eczluPMyYYdGxg8zNP -LdBdoHTfnFRnMcL18SGwUYl09hj2YkZMoo+2Qt4I6WNy3yIINRIQluPSl2f91HHG -VXyzGLpC3W63WYxXhPmjdmkpaT9+kulF6WVhgt3i6VMOv6nSNitHs5/X0W6N5xuX -BhPmJRFmT0Oej3MJVxSKqUy89Ny3DyRmai5bERAFe+FOt9HN1UWqpK+qYFI+YQw/ -dMS9kviW2UhSq4BM9F9F+QrL66Bz0gc5+jXolm971FII62cV4i6n9U6veGPY9qkg -+Jcn6XpKOe2JXLsIeIMQgc0GitIaEHq/zdST/pn2Gw== -=NZ/K ------END PGP SIGNATURE----- diff --git a/strongswan-5.1.3-rpmlintrc b/strongswan-5.2.2-rpmlintrc similarity index 100% rename from strongswan-5.1.3-rpmlintrc rename to strongswan-5.2.2-rpmlintrc diff --git a/strongswan-5.2.2.tar.bz2 b/strongswan-5.2.2.tar.bz2 new file mode 100644 index 0000000..83aec16 --- /dev/null +++ b/strongswan-5.2.2.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:cf2fbfdf200a5eced796f00dc11fea67ce477d38c54d5f073ac6c51618b172f4 +size 4169095 diff --git a/strongswan-5.2.2.tar.bz2.sig b/strongswan-5.2.2.tar.bz2.sig new file mode 100644 index 0000000..93fa0e0 --- /dev/null +++ b/strongswan-5.2.2.tar.bz2.sig @@ -0,0 +1,14 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQGcBAABAgAGBQJUn/PYAAoJEN9CwXCzTbp3+PML/2IJQEI240BwPOpXEGrJ0jnR +Mmq7qXD3QLnUtpyX2/dXVV6X6PzdXiCubOj9m59VNSD6Qsr5W3d44rg90Vf9VxX6 +5nwAWP9fWl1L8xKtC93dyPAe8eet9tMqIf6QY5LYCmKRXi9aotoARiyEjKRUsWdy +O+nDS43PrwjcgHcV+dVbpA1FyFSwoX2zoDu0d1MMzOb+b8np9+2SdtsNVKaIqW5c +39PphkQgpqBqM1nkO0LUydsdCpE+/Xq4yNP77eSio7b6b2eyAjD9gBlNsE4FHoU0 +gyDKgdcOIPYmS8VD2J4efxQDjGpj6VV4wvXAo9tE7x/joIFT+Eg9LsD42l7yReaY +G/G87HVgA0DH67lBjoMfkhZcHCSTofM4cm7eOC7s48PF4HvnAM1L5bH7UzoehV9c +YvIUO/Q+7on6nvnW4AYUVXc/fAq7IUB6hYYCX6CHsb1U7gkEa7NseLwcoLmbMIfB +QaziGo6KHG4XFTdlu1LrQBip8NdJZh7v7fYJd/sFjA== +=bacU +-----END PGP SIGNATURE----- diff --git a/strongswan.changes b/strongswan.changes index cfb2771..84ad58f 100644 --- a/strongswan.changes +++ b/strongswan.changes @@ -1,3 +1,83 @@ +------------------------------------------------------------------- +Mon Jan 5 14:38:46 UTC 2015 - mt@suse.de + +- Updated to strongSwan 5.2.2 providing the following changes: + Changes in version 5.2.2: + * Fixed a denial-of-service vulnerability triggered by an IKEv2 Key Exchange + payload that contains the Diffie-Hellman group 1025. This identifier was + used internally for DH groups with custom generator and prime. Because + these arguments are missing when creating DH objects based on the KE + payload an invalid pointer dereference occurred. This allowed an attacker + to crash the IKE daemon with a single IKE_SA_INIT message containing such + a KE payload. The vulnerability has been registered as CVE-2014-9221. + * The left/rightid options in ipsec.conf, or any other identity in + strongSwan, now accept prefixes to enforce an explicit type, such as + email: or fqdn:. Note that no conversion is done for the remaining string, + refer to ipsec.conf(5) for details. + * The post-quantum Bimodal Lattice Signature Scheme (BLISS) can be used as + an IKEv2 public key authentication method. The pki tool offers full + support for the generation of BLISS key pairs and certificates. + * Fixed mapping of integrity algorithms negotiated for AH via IKEv1. + This could cause interoperability issues when connecting to older versions + of charon. + Changes in version 5.2.1: + * The new charon-systemd IKE daemon implements an IKE daemon tailored for + use with systemd. It avoids the dependency on ipsec starter and uses + swanctl as configuration backend, building a simple and lightweight + solution. It supports native systemd journal logging. + * Support for IKEv2 fragmentation as per RFC 7383 has been added. Like IKEv1 + fragmentation it can be enabled by setting fragmentation=yes in ipsec.conf. + * Support of the TCG TNC IF-M Attribute Segmentation specification proposal. + All attributes can be segmented. Additionally TCG/SWID Tag, TCG/SWID Tag ID + and IETF/Installed Packages attributes can be processed incrementally on a + per segment basis. + * The new ext-auth plugin calls an external script to implement custom IKE_SA + authorization logic, courtesy of Vyronas Tsingaras. + * For the vici plugin a ruby gem has been added to allow ruby applications to + control or monitor the IKE daemon. The vici documentation has been updated + to include a description of the available operations and some simple + examples using both the libvici C interface and the ruby gem. + Changes in version 5.2.0: + * strongSwan has been ported to the Windows platform. Using a MinGW toolchain, + many parts of the strongSwan codebase run natively on Windows 7 / 2008 R2 + and newer releases. charon-svc implements a Windows IKE service based on + libcharon, the kernel-iph and kernel-wfp plugins act as networking and IPsec + backend on the Windows platform. socket-win provides a native IKE socket + implementation, while winhttp fetches CRL and OCSP information using the + WinHTTP API. + * The new vici plugin provides a Versatile IKE Configuration Interface for + charon. Using the stable IPC interface, external applications can configure, + control and monitor the IKE daemon. Instead of scripting the ipsec tool + and generating ipsec.conf, third party applications can use the new interface + for more control and better reliability. + * Built upon the libvici client library, swanctl implements the first user of + the VICI interface. Together with a swanctl.conf configuration file, + connections can be defined, loaded and managed. swanctl provides a portable, + complete IKE configuration and control interface for the command line. + The first six swanctl example scenarios have been added. + * The SWID IMV implements a JSON-based REST API which allows the exchange + of SWID tags and Software IDs with the strongTNC policy manager. + * The SWID IMC can extract all installed packages from the dpkg (Debian, + Ubuntu, Linux Mint etc.), rpm (Fedora, RedHat, OpenSUSE, etc.), or + pacman (Arch Linux, Manjaro, etc.) package managers, respectively, using + the swidGenerator (https://github.com/strongswan/swidGenerator) which + generates SWID tags according to the new ISO/IEC 19770-2:2014 standard. + * All IMVs now share the access requestor ID, device ID and product info + of an access requestor via a common imv_session object. + * The Attestation IMC/IMV pair supports the IMA-NG measurement format + introduced with the Linux 3.13 kernel. + * The aikgen tool generates an Attestation Identity Key bound to a TPM. + * Implemented the PT-EAP transport protocol (RFC 7171) for Trusted Network + Connect. + * The ipsec.conf replay_window option defines connection specific IPsec + replay windows. Original patch courtesy of Zheng Zhong and Christophe + Gouault from 6Wind. +- Adjusted file lists and removed obsolete patches + [- 0005-restore-registration-algorithm-order.bug897512.patch, + - 0006-strongswan-5.1.2-5.2.1_modp_custom.CVE-2014-9221.patch] +- Adopted/Merged fipscheck patches + [* strongswan_fipscheck.patch, strongswan_fipsfilter.patch] + ------------------------------------------------------------------- Wed Dec 17 10:15:23 UTC 2014 - mt@suse.de diff --git a/strongswan.spec b/strongswan.spec index e99aee5..7e6acc0 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -17,7 +17,7 @@ Name: strongswan -Version: 5.1.3 +Version: 5.2.2 Release: 0 %define upstream_version %{version} %define strongswan_docdir %{_docdir}/%{name} @@ -82,8 +82,6 @@ Patch2: %{name}_ipsec_service.patch Patch3: %{name}_fipscheck.patch Patch4: %{name}_fipsfilter.patch %endif -Patch5: 0005-restore-registration-algorithm-order.bug897512.patch -Patch6: 0006-strongswan-5.1.2-5.2.1_modp_custom.CVE-2014-9221.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: bison BuildRequires: curl-devel @@ -294,8 +292,6 @@ and the load testing plugin for IKEv2 daemon. %patch3 -p0 %patch4 -p1 %endif -%patch5 -p1 -%patch6 -p1 sed -e 's|@libexecdir@|%_libexecdir|g' \ < $RPM_SOURCE_DIR/strongswan.init.in \ > strongswan.init @@ -645,10 +641,11 @@ fi %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon-logging.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/imcv.conf +%config(noreplace) %attr(600,root,root) %{strongswan_configs}/pki.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/pool.conf +%config(noreplace) %attr(600,root,root) %{strongswan_configs}/scepclient.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/starter.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/tnc.conf -%config(noreplace) %attr(600,root,root) %{strongswan_configs}/tools.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/addrblock.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/aes.conf %if %{with afalg} @@ -951,10 +948,11 @@ fi %{strongswan_templates}/config/strongswan.d/charon-logging.conf %{strongswan_templates}/config/strongswan.d/charon.conf %{strongswan_templates}/config/strongswan.d/imcv.conf +%{strongswan_templates}/config/strongswan.d/pki.conf %{strongswan_templates}/config/strongswan.d/pool.conf +%{strongswan_templates}/config/strongswan.d/scepclient.conf %{strongswan_templates}/config/strongswan.d/starter.conf %{strongswan_templates}/config/strongswan.d/tnc.conf -%{strongswan_templates}/config/strongswan.d/tools.conf %{strongswan_templates}/database/imv/data.sql %{strongswan_templates}/database/imv/tables.sql @@ -984,6 +982,7 @@ fi %dir %{strongswan_templates}/database %dir %{strongswan_templates}/database/sql %{strongswan_templates}/config/plugins/mysql.conf +%{strongswan_templates}/database/imv/tables-mysql.sql %{strongswan_templates}/database/sql/mysql.sql %endif diff --git a/strongswan_fipscheck.patch b/strongswan_fipscheck.patch index b49cbd0..18839be 100644 --- a/strongswan_fipscheck.patch +++ b/strongswan_fipscheck.patch @@ -1,6 +1,6 @@ --- src/ipsec/_ipsec.in -+++ src/ipsec/_ipsec.in 2014/11/07 11:28:25 -@@ -44,6 +44,26 @@ export IPSEC_DIR IPSEC_BINDIR IPSEC_SBIN ++++ src/ipsec/_ipsec.in +@@ -44,6 +44,26 @@ export IPSEC_DIR IPSEC_BINDIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_SCR IPSEC_DISTRO="Institute for Internet Technologies and Applications\nUniversity of Applied Sciences Rapperswil, Switzerland" @@ -26,8 +26,8 @@ + case "$1" in '') - echo "Usage: $IPSEC_SCRIPT command argument ..." -@@ -166,6 +186,7 @@ rereadall|purgeocsp|listcounters|resetco + echo "$IPSEC_SCRIPT command [arguments]" +@@ -155,6 +175,7 @@ rereadall|purgeocsp|listcounters|resetcounters) shift if [ -e $IPSEC_CHARON_PID ] then @@ -35,7 +35,7 @@ $IPSEC_STROKE "$op" "$@" rc="$?" fi -@@ -175,6 +196,7 @@ purgeike|purgecrls|purgecerts) +@@ -164,6 +185,7 @@ purgeike|purgecrls|purgecerts) rc=7 if [ -e $IPSEC_CHARON_PID ] then @@ -43,7 +43,7 @@ $IPSEC_STROKE "$1" rc="$?" fi -@@ -208,6 +230,7 @@ route|unroute) +@@ -197,6 +219,7 @@ route|unroute) fi if [ -e $IPSEC_CHARON_PID ] then @@ -51,7 +51,7 @@ $IPSEC_STROKE "$op" "$1" rc="$?" fi -@@ -217,6 +240,7 @@ secrets) +@@ -206,6 +229,7 @@ secrets) rc=7 if [ -e $IPSEC_CHARON_PID ] then @@ -59,7 +59,7 @@ $IPSEC_STROKE rereadsecrets rc="$?" fi -@@ -224,6 +248,7 @@ secrets) +@@ -213,6 +237,7 @@ secrets) ;; start) shift @@ -67,7 +67,7 @@ if [ -d /var/lock/subsys ]; then touch /var/lock/subsys/ipsec fi -@@ -297,6 +322,7 @@ up) +@@ -286,6 +311,7 @@ up) rc=7 if [ -e $IPSEC_CHARON_PID ] then @@ -75,7 +75,7 @@ $IPSEC_STROKE up "$1" rc="$?" fi -@@ -332,6 +358,11 @@ esac +@@ -325,6 +351,11 @@ esac cmd="$1" shift diff --git a/strongswan_fipsfilter.patch b/strongswan_fipsfilter.patch index 3e4a2bd..94b5db0 100644 --- a/strongswan_fipsfilter.patch +++ b/strongswan_fipsfilter.patch @@ -1,12 +1,12 @@ -From aa709f291994a74271271b6dd61563cc3844e3ad Mon Sep 17 00:00:00 2001 +From 8f3f1bd6907df8221a93c849ed4b43474444e13b Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski -Date: Tue, 16 Dec 2014 23:19:20 +0100 +Date: Mon, 5 Jan 2015 14:57:39 +0100 Subject: [PATCH] strongswan: filter algorithms for fips mode References: fate#316931,bnc#856322 diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c -index 2ecdb4f..a858162 100644 +index e59dcd9..f07f4a2 100644 --- a/src/libcharon/config/proposal.c +++ b/src/libcharon/config/proposal.c @@ -26,6 +26,11 @@ @@ -144,7 +144,7 @@ index 2ecdb4f..a858162 100644 /** * Select a matching proposal from this and other, insert into selected. */ -@@ -500,6 +621,11 @@ static bool add_string_algo(private_proposal_t *this, const char *alg) +@@ -502,6 +623,11 @@ static bool add_string_algo(private_proposal_t *this, const char *alg) return FALSE; } @@ -156,63 +156,69 @@ index 2ecdb4f..a858162 100644 add_algorithm(this, token->type, token->algorithm, token->keysize); return TRUE; -@@ -639,6 +765,8 @@ static void proposal_add_supported_ike(private_proposal_t *this) - enumerator = lib->crypto->create_crypter_enumerator(lib->crypto); - while (enumerator->enumerate(enumerator, &encryption, &plugin_name)) - { -+ if (!fips_filter(PROTO_IKE, ENCRYPTION_ALGORITHM, encryption)) -+ continue; - switch (encryption) +@@ -643,6 +769,9 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead) + enumerator = lib->crypto->create_aead_enumerator(lib->crypto); + while (enumerator->enumerate(enumerator, &encryption, &plugin_name)) { - case ENCR_AES_CBC: -@@ -665,6 +793,9 @@ static void proposal_add_supported_ike(private_proposal_t *this) - enumerator = lib->crypto->create_aead_enumerator(lib->crypto); - while (enumerator->enumerate(enumerator, &encryption, &plugin_name)) - { -+ if (!fips_filter(PROTO_IKE, ENCRYPTION_ALGORITHM, encryption)) -+ continue; ++ if (!fips_filter(PROTO_IKE, ENCRYPTION_ALGORITHM, encryption)) ++ continue; + - switch (encryption) + switch (encryption) + { + case ENCR_AES_CCM_ICV8: +@@ -675,6 +804,9 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead) + enumerator = lib->crypto->create_crypter_enumerator(lib->crypto); + while (enumerator->enumerate(enumerator, &encryption, &plugin_name)) { - case ENCR_AES_CCM_ICV8: -@@ -690,6 +821,8 @@ static void proposal_add_supported_ike(private_proposal_t *this) - enumerator = lib->crypto->create_signer_enumerator(lib->crypto); - while (enumerator->enumerate(enumerator, &integrity, &plugin_name)) - { -+ if (!fips_filter(PROTO_IKE, INTEGRITY_ALGORITHM, integrity)) -+ continue; - switch (integrity) ++ if (!fips_filter(PROTO_IKE, ENCRYPTION_ALGORITHM, encryption)) ++ continue; ++ + switch (encryption) + { + case ENCR_AES_CBC: +@@ -706,6 +838,9 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead) + enumerator = lib->crypto->create_signer_enumerator(lib->crypto); + while (enumerator->enumerate(enumerator, &integrity, &plugin_name)) { - case AUTH_HMAC_SHA1_96: -@@ -710,6 +843,8 @@ static void proposal_add_supported_ike(private_proposal_t *this) ++ if (!fips_filter(PROTO_IKE, INTEGRITY_ALGORITHM, integrity)) ++ continue; ++ + switch (integrity) + { + case AUTH_HMAC_SHA1_96: +@@ -727,6 +862,9 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead) enumerator = lib->crypto->create_prf_enumerator(lib->crypto); while (enumerator->enumerate(enumerator, &prf, &plugin_name)) { + if (!fips_filter(PROTO_IKE, PSEUDO_RANDOM_FUNCTION, prf)) + continue; ++ switch (prf) { case PRF_HMAC_SHA1: -@@ -730,6 +865,8 @@ static void proposal_add_supported_ike(private_proposal_t *this) +@@ -747,6 +885,9 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead) enumerator = lib->crypto->create_dh_enumerator(lib->crypto); while (enumerator->enumerate(enumerator, &group, &plugin_name)) { + if (!fips_filter(PROTO_IKE, DIFFIE_HELLMAN_GROUP, group)) + continue; ++ switch (group) { case MODP_NULL: -@@ -776,31 +913,35 @@ proposal_t *proposal_create_default(protocol_id_t protocol) +@@ -795,6 +936,10 @@ proposal_t *proposal_create_default(protocol_id_t protocol) { private_proposal_t *this = (private_proposal_t*)proposal_create(protocol, 0); +#define fips_add_algorithm(this, type, alg, len) \ + if (fips_filter(this->protocol, type, alg)) \ + add_algorithm(this, type, alg, len); ++ switch (protocol) { case PROTO_IKE: - proposal_add_supported_ike(this); +@@ -805,25 +950,28 @@ proposal_t *proposal_create_default(protocol_id_t protocol) + } break; case PROTO_ESP: - add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128); @@ -247,10 +253,12 @@ index 2ecdb4f..a858162 100644 default: break; } ++ +#undef fips_add_algorithm ++ return &this->public; } -- -2.2.0 +2.2.1 From 8a2afb449d7864a724c3eff467ba9d4d4091ae3e0c98d698531645a39b67e703 Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski Date: Wed, 18 Feb 2015 12:24:33 +0000 Subject: [PATCH 3/3] removed obsolete patch files [deletion noted in changelog already] OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=86 --- ...gistration-algorithm-order.bug897512.patch | 413 ------------------ ....1.2-5.2.1_modp_custom.CVE-2014-9221.patch | 166 ------- 2 files changed, 579 deletions(-) delete mode 100644 0005-restore-registration-algorithm-order.bug897512.patch delete mode 100644 0006-strongswan-5.1.2-5.2.1_modp_custom.CVE-2014-9221.patch diff --git a/0005-restore-registration-algorithm-order.bug897512.patch b/0005-restore-registration-algorithm-order.bug897512.patch deleted file mode 100644 index eb4ad60..0000000 --- a/0005-restore-registration-algorithm-order.bug897512.patch +++ /dev/null @@ -1,413 +0,0 @@ -From 76ad8a6f4c83c999b9eb6d1a3506b1a8e593307e Mon Sep 17 00:00:00 2001 -From: Tobias Brunner -Date: Fri, 20 Jun 2014 16:22:15 +0200 -Subject: [PATCH] Merge branch 'algorithm-order' -Upstream: yes -References: bsc#897512 - -Restores the behavior we had before 2e22333fb (except for RNGs), that is, -algorithms are stored in the registration order again. Which is not optimal -as we must rely on plugins to register them in a sensible order, but ordering -them by identifier definitely caused weaker algorithms to be proposed first -in the default proposal, which was even worse. ---- - src/libstrongswan/crypto/crypto_factory.c | 18 +- - src/libstrongswan/tests/Makefile.am | 1 + - .../tests/suites/test_crypto_factory.c | 312 +++++++++++++++++++++ - src/libstrongswan/tests/tests.h | 1 + - 4 files changed, 327 insertions(+), 5 deletions(-) - create mode 100644 src/libstrongswan/tests/suites/test_crypto_factory.c - -diff --git a/src/libstrongswan/crypto/crypto_factory.c b/src/libstrongswan/crypto/crypto_factory.c -index 6dea30e..96fbc0d 100644 ---- a/src/libstrongswan/crypto/crypto_factory.c -+++ b/src/libstrongswan/crypto/crypto_factory.c -@@ -392,10 +392,10 @@ METHOD(crypto_factory_t, create_dh, diffie_hellman_t*, - /** - * Insert an algorithm entry to a list - * -- * Entries are sorted by algorithm identifier (which is important for RNGs) -- * while maintaining the order in which algorithms were added, unless they were -+ * Entries maintain the order in which algorithms were added, unless they were - * benchmarked and speed is provided, which then is used to order entries of - * the same algorithm. -+ * An exception are RNG entries, which are sorted by algorithm identifier. - */ - static void add_entry(private_crypto_factory_t *this, linked_list_t *list, - int algo, const char *plugin_name, -@@ -403,6 +403,7 @@ static void add_entry(private_crypto_factory_t *this, linked_list_t *list, - { - enumerator_t *enumerator; - entry_t *entry, *current; -+ bool sort = (list == this->rngs), found = FALSE; - - INIT(entry, - .algo = algo, -@@ -415,12 +416,19 @@ static void add_entry(private_crypto_factory_t *this, linked_list_t *list, - enumerator = list->create_enumerator(list); - while (enumerator->enumerate(enumerator, ¤t)) - { -- if (current->algo > algo) -+ if (sort && current->algo > algo) - { - break; - } -- else if (current->algo == algo && speed && -- current->speed < speed) -+ else if (current->algo == algo) -+ { -+ if (speed > current->speed) -+ { -+ break; -+ } -+ found = TRUE; -+ } -+ else if (found) - { - break; - } -diff --git a/src/libstrongswan/tests/Makefile.am b/src/libstrongswan/tests/Makefile.am -index 331a548..0bdf2b3 100644 ---- a/src/libstrongswan/tests/Makefile.am -+++ b/src/libstrongswan/tests/Makefile.am -@@ -42,6 +42,7 @@ tests_SOURCES = tests.h tests.c \ - suites/test_host.c \ - suites/test_hasher.c \ - suites/test_crypter.c \ -+ suites/test_crypto_factory.c \ - suites/test_pen.c \ - suites/test_asn1.c \ - suites/test_asn1_parser.c \ -diff --git a/src/libstrongswan/tests/suites/test_crypto_factory.c b/src/libstrongswan/tests/suites/test_crypto_factory.c -new file mode 100644 -index 0000000..94f45da ---- /dev/null -+++ b/src/libstrongswan/tests/suites/test_crypto_factory.c -@@ -0,0 +1,312 @@ -+/* -+ * Copyright (C) 2014 Tobias Brunner -+ * Hochschule fuer Technik Rapperswil -+ * -+ * This program is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License as published by the -+ * Free Software Foundation; either version 2 of the License, or (at your -+ * option) any later version. See . -+ * -+ * This program is distributed in the hope that it will be useful, but -+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * for more details. -+ */ -+ -+#include "test_suite.h" -+ -+#include -+ -+static rng_t *rng_create(rng_quality_t quality) -+{ -+ rng_quality_t *q = malloc_thing(rng_quality_t); -+ *q = quality; -+ return (rng_t*)q; -+} -+ -+static rng_t *rng_create_weak(rng_quality_t quality) -+{ -+ ck_assert(quality == RNG_WEAK); -+ return rng_create(RNG_WEAK); -+} -+ -+static rng_t *rng_create_strong(rng_quality_t quality) -+{ -+ ck_assert(quality <= RNG_STRONG); -+ return rng_create(RNG_STRONG); -+} -+ -+static rng_t *rng_create_true(rng_quality_t quality) -+{ -+ ck_assert(quality <= RNG_TRUE); -+ return rng_create(RNG_TRUE); -+} -+ -+static rng_t *rng_create_true_second(rng_quality_t quality) -+{ -+ fail("should never be called"); -+ return rng_create(RNG_TRUE); -+} -+ -+static rng_quality_t rng_weak = RNG_WEAK; -+static rng_quality_t rng_strong = RNG_STRONG; -+static rng_quality_t rng_true = RNG_TRUE; -+ -+static struct { -+ rng_quality_t *exp_weak; -+ rng_quality_t *exp_strong; -+ rng_quality_t *exp_true; -+ struct { -+ rng_quality_t *q; -+ rng_constructor_t create; -+ } data[4]; -+} rng_data[] = { -+ { NULL, NULL, NULL, { -+ { NULL, NULL } -+ }}, -+ { &rng_weak, NULL, NULL, { -+ { &rng_weak, rng_create_weak }, -+ { NULL, NULL } -+ }}, -+ { &rng_strong, &rng_strong, NULL, { -+ { &rng_strong, rng_create_strong }, -+ { NULL, NULL } -+ }}, -+ { &rng_true, &rng_true, &rng_true, { -+ { &rng_true, rng_create_true }, -+ { NULL, NULL } -+ }}, -+ { &rng_true, &rng_true, &rng_true, { -+ { &rng_true, rng_create_true }, -+ { &rng_true, rng_create_true_second }, -+ { NULL, NULL } -+ }}, -+ { &rng_weak, &rng_true, &rng_true, { -+ { &rng_weak, rng_create_weak }, -+ { &rng_true, rng_create_true }, -+ { NULL, NULL } -+ }}, -+ { &rng_weak, &rng_strong, &rng_true, { -+ { &rng_true, rng_create_true }, -+ { &rng_strong, rng_create_strong }, -+ { &rng_weak, rng_create_weak }, -+ { NULL, NULL } -+ }}, -+ { &rng_weak, &rng_strong, &rng_true, { -+ { &rng_weak, rng_create_weak }, -+ { &rng_strong, rng_create_strong }, -+ { &rng_true, rng_create_true }, -+ { NULL, NULL } -+ }}, -+}; -+ -+static void verify_rng(crypto_factory_t *factory, rng_quality_t request, -+ rng_quality_t *expected) -+{ -+ rng_quality_t *res; -+ -+ res = (rng_quality_t*)factory->create_rng(factory, request); -+ if (!expected) -+ { -+ ck_assert(!res); -+ } -+ else -+ { -+ ck_assert(res); -+ ck_assert_int_eq(*expected, *res); -+ free(res); -+ } -+} -+ -+START_TEST(test_create_rng) -+{ -+ crypto_factory_t *factory; -+ int i; -+ -+ factory = crypto_factory_create(); -+ for (i = 0; rng_data[_i].data[i].q; i++) -+ { -+ ck_assert(factory->add_rng(factory, *rng_data[_i].data[i].q, "test", -+ rng_data[_i].data[i].create)); -+ } -+ verify_rng(factory, RNG_WEAK, rng_data[_i].exp_weak); -+ verify_rng(factory, RNG_STRONG, rng_data[_i].exp_strong); -+ verify_rng(factory, RNG_TRUE, rng_data[_i].exp_true); -+ for (i = 0; rng_data[_i].data[i].q; i++) -+ { -+ factory->remove_rng(factory, rng_data[_i].data[i].create); -+ } -+ factory->destroy(factory); -+} -+END_TEST -+ -+static diffie_hellman_t *dh_create(char *plugin) -+{ -+ return (diffie_hellman_t*)plugin; -+} -+ -+static diffie_hellman_t *dh_create_modp1024(diffie_hellman_group_t group, ...) -+{ -+ ck_assert(group == MODP_1024_BIT); -+ return dh_create("plugin1"); -+} -+ -+static diffie_hellman_t *dh_create_modp1024_second(diffie_hellman_group_t group, -+ ...) -+{ -+ ck_assert(group == MODP_1024_BIT); -+ return dh_create("plugin2"); -+} -+ -+static diffie_hellman_t *dh_create_modp2048(diffie_hellman_group_t group, ...) -+{ -+ ck_assert(group == MODP_2048_BIT); -+ return dh_create("plugin1"); -+} -+ -+static diffie_hellman_t *dh_create_modp2048_second(diffie_hellman_group_t group, -+ ...) -+{ -+ ck_assert(group == MODP_2048_BIT); -+ return dh_create("plugin2"); -+} -+ -+static struct { -+ char *exp1024; -+ char *exp2048; -+ struct { -+ diffie_hellman_group_t g; -+ dh_constructor_t create; -+ char *plugin; -+ } data[4]; -+} dh_data[] = { -+ { NULL, NULL, { -+ { MODP_NONE, NULL, NULL } -+ }}, -+ { "plugin1", NULL, { -+ { MODP_1024_BIT, dh_create_modp1024, "plugin1" }, -+ { MODP_NONE, NULL, NULL } -+ }}, -+ { "plugin1", NULL, { -+ { MODP_1024_BIT, dh_create_modp1024, "plugin1" }, -+ { MODP_1024_BIT, dh_create_modp1024_second, "plugin2" }, -+ { MODP_NONE, NULL, NULL } -+ }}, -+ { "plugin2", NULL, { -+ { MODP_1024_BIT, dh_create_modp1024_second, "plugin2" }, -+ { MODP_1024_BIT, dh_create_modp1024, "plugin1" }, -+ { MODP_NONE, NULL, NULL } -+ }}, -+ { "plugin1", "plugin1", { -+ { MODP_1024_BIT, dh_create_modp1024, "plugin1" }, -+ { MODP_2048_BIT, dh_create_modp2048, "plugin1" }, -+ { MODP_NONE, NULL } -+ }}, -+ { "plugin1", "plugin1", { -+ { MODP_2048_BIT, dh_create_modp2048, "plugin1" }, -+ { MODP_1024_BIT, dh_create_modp1024, "plugin1" }, -+ { MODP_NONE, NULL } -+ }}, -+ { "plugin1", "plugin1", { -+ { MODP_2048_BIT, dh_create_modp2048, "plugin1" }, -+ { MODP_2048_BIT, dh_create_modp2048_second, "plugin2" }, -+ { MODP_1024_BIT, dh_create_modp1024, "plugin1" }, -+ { MODP_NONE, NULL } -+ }}, -+ { "plugin1", "plugin2", { -+ { MODP_2048_BIT, dh_create_modp2048_second, "plugin2" }, -+ { MODP_2048_BIT, dh_create_modp2048, "plugin1" }, -+ { MODP_1024_BIT, dh_create_modp1024, "plugin1" }, -+ { MODP_NONE, NULL } -+ }}, -+}; -+ -+static void verify_dh(crypto_factory_t *factory, diffie_hellman_group_t request, -+ char *expected) -+{ -+ char *plugin; -+ -+ plugin = (char*)factory->create_dh(factory, request); -+ if (!expected) -+ { -+ ck_assert(!plugin); -+ } -+ else -+ { -+ ck_assert(plugin); -+ ck_assert_str_eq(expected, plugin); -+ } -+} -+ -+START_TEST(test_create_dh) -+{ -+ enumerator_t *enumerator; -+ crypto_factory_t *factory; -+ diffie_hellman_group_t group; -+ char *plugin; -+ int i, len = 0; -+ -+ -+ factory = crypto_factory_create(); -+ for (i = 0; dh_data[_i].data[i].g != MODP_NONE; i++) -+ { -+ ck_assert(factory->add_dh(factory, dh_data[_i].data[i].g, -+ dh_data[_i].data[i].plugin, -+ dh_data[_i].data[i].create)); -+ } -+ verify_dh(factory, MODP_1024_BIT, dh_data[_i].exp1024); -+ verify_dh(factory, MODP_2048_BIT, dh_data[_i].exp2048); -+ -+ len = countof(dh_data[_i].data); -+ enumerator = factory->create_dh_enumerator(factory); -+ for (i = 0; enumerator->enumerate(enumerator, &group, &plugin) && i < len;) -+ { -+ ck_assert_int_eq(dh_data[_i].data[i].g, group); -+ while (dh_data[_i].data[i].g == group) -+ { /* skip other entries by the same group */ -+ i++; -+ } -+ switch (group) -+ { -+ case MODP_1024_BIT: -+ ck_assert(dh_data[_i].exp1024); -+ ck_assert_str_eq(dh_data[_i].exp1024, plugin); -+ break; -+ case MODP_2048_BIT: -+ ck_assert(dh_data[_i].exp2048); -+ ck_assert_str_eq(dh_data[_i].exp2048, plugin); -+ break; -+ default: -+ fail("unexpected DH group"); -+ break; -+ } -+ } -+ ck_assert(!enumerator->enumerate(enumerator)); -+ ck_assert_int_eq(dh_data[_i].data[i].g, MODP_NONE); -+ enumerator->destroy(enumerator); -+ -+ for (i = 0; dh_data[_i].data[i].g != MODP_NONE; i++) -+ { -+ factory->remove_dh(factory, dh_data[_i].data[i].create); -+ } -+ factory->destroy(factory); -+} -+END_TEST -+ -+Suite *crypto_factory_suite_create() -+{ -+ Suite *s; -+ TCase *tc; -+ -+ s = suite_create("crypto-factory"); -+ -+ tc = tcase_create("create_rng"); -+ tcase_add_loop_test(tc, test_create_rng, 0, countof(rng_data)); -+ suite_add_tcase(s, tc); -+ -+ tc = tcase_create("create_dh"); -+ tcase_add_loop_test(tc, test_create_dh, 0, countof(dh_data)); -+ suite_add_tcase(s, tc); -+ -+ return s; -+} -diff --git a/src/libstrongswan/tests/tests.h b/src/libstrongswan/tests/tests.h -index 82a5137..ab0f642 100644 ---- a/src/libstrongswan/tests/tests.h -+++ b/src/libstrongswan/tests/tests.h -@@ -35,6 +35,7 @@ TEST_SUITE(host_suite_create) - TEST_SUITE(printf_suite_create) - TEST_SUITE(hasher_suite_create) - TEST_SUITE(crypter_suite_create) -+TEST_SUITE(crypto_factory_suite_create) - TEST_SUITE(pen_suite_create) - TEST_SUITE(asn1_suite_create) - TEST_SUITE(asn1_parser_suite_create) --- -2.1.2 - diff --git a/0006-strongswan-5.1.2-5.2.1_modp_custom.CVE-2014-9221.patch b/0006-strongswan-5.1.2-5.2.1_modp_custom.CVE-2014-9221.patch deleted file mode 100644 index aa3ff37..0000000 --- a/0006-strongswan-5.1.2-5.2.1_modp_custom.CVE-2014-9221.patch +++ /dev/null @@ -1,166 +0,0 @@ -From a78ecdd47509626711a13481f53696e01d4b8c62 Mon Sep 17 00:00:00 2001 -From: Tobias Brunner -Date: Mon, 1 Dec 2014 17:21:59 +0100 -Subject: [PATCH] crypto: Define MODP_CUSTOM outside of IKE DH range -References: bsc#910491,CVE-2014-9221 -Upstream: yes - -Before this fix it was possible to crash charon with an IKE_SA_INIT -message containing a KE payload with DH group MODP_CUSTOM(1025). -Defining MODP_CUSTOM outside of the two byte IKE DH identifier range -prevents it from getting negotiated. - -Fixes CVE-2014-9221 in version 5.1.2 and newer. ---- - src/charon-tkm/src/tkm/tkm_diffie_hellman.c | 2 +- - src/libstrongswan/crypto/diffie_hellman.c | 11 ++++++----- - src/libstrongswan/crypto/diffie_hellman.h | 6 ++++-- - src/libstrongswan/plugins/gcrypt/gcrypt_dh.c | 2 +- - src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c | 2 +- - src/libstrongswan/plugins/ntru/ntru_ke.c | 2 +- - src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c | 2 +- - src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c | 2 +- - src/libstrongswan/plugins/pkcs11/pkcs11_dh.c | 2 +- - 9 files changed, 17 insertions(+), 14 deletions(-) - -diff --git a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c -index 67db5e6d87d6..836e0b7f088d 100644 ---- a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c -+++ b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c -@@ -41,7 +41,7 @@ struct private_tkm_diffie_hellman_t { - /** - * Diffie Hellman group number. - */ -- u_int16_t group; -+ diffie_hellman_group_t group; - - /** - * Diffie Hellman public value. -diff --git a/src/libstrongswan/crypto/diffie_hellman.c b/src/libstrongswan/crypto/diffie_hellman.c -index bada1c529951..ac106e9c4d45 100644 ---- a/src/libstrongswan/crypto/diffie_hellman.c -+++ b/src/libstrongswan/crypto/diffie_hellman.c -@@ -42,15 +42,16 @@ ENUM_NEXT(diffie_hellman_group_names, MODP_1024_160, ECP_512_BP, ECP_521_BIT, - "ECP_256_BP", - "ECP_384_BP", - "ECP_512_BP"); --ENUM_NEXT(diffie_hellman_group_names, MODP_NULL, MODP_CUSTOM, ECP_512_BP, -- "MODP_NULL", -- "MODP_CUSTOM"); --ENUM_NEXT(diffie_hellman_group_names, NTRU_112_BIT, NTRU_256_BIT, MODP_CUSTOM, -+ENUM_NEXT(diffie_hellman_group_names, MODP_NULL, MODP_NULL, ECP_512_BP, -+ "MODP_NULL"); -+ENUM_NEXT(diffie_hellman_group_names, NTRU_112_BIT, NTRU_256_BIT, MODP_NULL, - "NTRU_112", - "NTRU_128", - "NTRU_192", - "NTRU_256"); --ENUM_END(diffie_hellman_group_names, NTRU_256_BIT); -+ENUM_NEXT(diffie_hellman_group_names, MODP_CUSTOM, MODP_CUSTOM, NTRU_256_BIT, -+ "MODP_CUSTOM"); -+ENUM_END(diffie_hellman_group_names, MODP_CUSTOM); - - - /** -diff --git a/src/libstrongswan/crypto/diffie_hellman.h b/src/libstrongswan/crypto/diffie_hellman.h -index 105db22f14d4..d5161d077bb2 100644 ---- a/src/libstrongswan/crypto/diffie_hellman.h -+++ b/src/libstrongswan/crypto/diffie_hellman.h -@@ -63,12 +63,14 @@ enum diffie_hellman_group_t { - /** insecure NULL diffie hellman group for testing, in PRIVATE USE */ - MODP_NULL = 1024, - /** MODP group with custom generator/prime */ -- MODP_CUSTOM = 1025, - /** Parameters defined by IEEE 1363.1, in PRIVATE USE */ - NTRU_112_BIT = 1030, - NTRU_128_BIT = 1031, - NTRU_192_BIT = 1032, -- NTRU_256_BIT = 1033 -+ NTRU_256_BIT = 1033, -+ /** internally used DH group with additional parameters g and p, outside -+ * of PRIVATE USE (i.e. IKEv2 DH group range) so it can't be negotiated */ -+ MODP_CUSTOM = 65536, - }; - - /** -diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c -index f418b941db86..299865da2e09 100644 ---- a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c -+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c -@@ -35,7 +35,7 @@ struct private_gcrypt_dh_t { - /** - * Diffie Hellman group number - */ -- u_int16_t group; -+ diffie_hellman_group_t group; - - /* - * Generator value -diff --git a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c -index b74d35169f44..9936f7e4518f 100644 ---- a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c -+++ b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c -@@ -42,7 +42,7 @@ struct private_gmp_diffie_hellman_t { - /** - * Diffie Hellman group number. - */ -- u_int16_t group; -+ diffie_hellman_group_t group; - - /* - * Generator value. -diff --git a/src/libstrongswan/plugins/ntru/ntru_ke.c b/src/libstrongswan/plugins/ntru/ntru_ke.c -index abaa22336221..e64f32b91d0e 100644 ---- a/src/libstrongswan/plugins/ntru/ntru_ke.c -+++ b/src/libstrongswan/plugins/ntru/ntru_ke.c -@@ -56,7 +56,7 @@ struct private_ntru_ke_t { - /** - * Diffie Hellman group number. - */ -- u_int16_t group; -+ diffie_hellman_group_t group; - - /** - * NTRU Parameter Set -diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c -index ff3382473666..1e68ac59b838 100644 ---- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c -+++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c -@@ -38,7 +38,7 @@ struct private_openssl_diffie_hellman_t { - /** - * Diffie Hellman group number. - */ -- u_int16_t group; -+ diffie_hellman_group_t group; - - /** - * Diffie Hellman object -diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c -index b487d59a59a3..50853d6f0bde 100644 ---- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c -+++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c -@@ -40,7 +40,7 @@ struct private_openssl_ec_diffie_hellman_t { - /** - * Diffie Hellman group number. - */ -- u_int16_t group; -+ diffie_hellman_group_t group; - - /** - * EC private (public) key -diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c -index 36cc284bf2b5..23b63d2386af 100644 ---- a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c -+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c -@@ -47,7 +47,7 @@ struct private_pkcs11_dh_t { - /** - * Diffie Hellman group number. - */ -- u_int16_t group; -+ diffie_hellman_group_t group; - - /** - * Handle for own private value --- -1.9.1 -