Fixed a denial-of-service and potential remote code execution vulnerability triggered by IKEv1/IKEv2 messages that contain payloads for the respective other IKE version. Such payload are treated specially since 5.2.2 but because they were still identified by their original payload type they were used as such in some places causing invalid function pointer dereferences. The vulnerability has been registered as CVE-2015-3991. Please refer to our blog for details.
The new aesni plugin provides CBC, CTR, XCBC, CMAC, CCM and GCM crypto primitives for AES-128/192/256. The plugin requires AES-NI and PCLMULQDQ instructions and works on both x86 and x64 architectures. It provides superior crypto performance in userland without any external libraries.
Fixed an issue with IKEv2 fragmentation (introduced with 5.2.1) and encryption algorithms that use sequential IVs (e.g. AES-GCM). Previously the IKE message ID was used as IV, but with IKEv2 fragmentation this ID is not unique anymore, causing the same IV to get used for fragments of the same message. This was fixed by including the fragment identifier in the IV (62e0abe759).
The TLS client in libtls now rejects Diffie-Hellman groups with primes < 1024 bit (47e96391f2).
The accuracy of usage statistics reported via RADIUS Accounting has been increased in several situations (e.g. if interim updates occur while rekeying a CHILD_SA).
A constant time memory comparison utility function (chunk_equals_const) was added for cryptographic purposes (aa9b74931f).
The interface for DH implementations was extended to enable unit tests (44136bec94).
Fixed initialization of HMAC primitives in the openssl plugin for newer OpenSSL releases (c2906c8f21).
ike-updown and child-updown events are now relayed via VICI (a7e4a2d6c2).
The Ruby Gems and Python Eggs built with --enable-ruby-gems|--enable-python-eggs are not installed anymore during make install. To do so the options --enable-ruby-gems-install and/or --enable-python-eggs-install may be passed to ./configure (f16f792e17).