strongSwan

h1. Version 5.6.0

* Fixed a DoS vulnerability in the _gmp_ plugin that was caused by insufficient input validation

  when verifying RSA signatures, which requires decryption with the operation @m^e mod n@,

  where @m@ is the signature, and @e@ and @n@ are the exponent and modulus of the public key.

  The value @m@ is an integer between @0@ and @n-1@, however, the _gmp_ plugin did not verify this.

  So if @m@ equals @n@ the calculation results in 0, in which case @mpz_export()@ returns NULL.

  This result wasn't handled properly causing a null-pointer dereference.

  This vulnerability has been registered as "CVE-2017-11185":https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-11185.

  Please refer to "our blog":https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-(cve-2017-11185).html for details.

* New [[SWIMA]] IMC/IMV pair implements the "draft-ietf-sacm-nea-swima-patnc":https://tools.ietf.org/html/draft-ietf-sacm-nea-swima-patnc Internet

  Draft and has been demonstrated at the IETF 99 Prague Hackathon.

* The IMV database template has been adapted to achieve full compliance with the

  ISO 19770-2:2015 SWID tag standard.

* The [[swcollector|sw-collector]] tool extracts software events from apt history logs and stores them

  in an SQLite database to be used by the SWIMA IMC. The tool can also generate SWID tags both

  for installed and removed package versions.

* The [[PtTlsClient|pt-tls-client]] can attach and use TPM 2.0 protected private keys via the @--keyid@ parameter.

* libtpmtss supports Intel's TSS2 Architecture Broker and Resource Manager interface (tcti-tabrmd).

* Adds the _eap-aka-3gpp_ plugin, which implements the 3GPP MILENAGE algorithms in software.

  K (optionally concatenated with OPc) may be configured as binary EAP secret in [[ipsec.secrets]]

  or [[swanctl.conf]].

* The CHILD_SA rekeying was fixed in _charon-tkm_ and the behavior is refined a bit more since version:5.5.3:

  * On Linux the outbound policy now has the SPI of the corresponding SA set and the responder

    of a rekeying will install both IPsec SAs (in/out) immediately, but delay the update of the

    outbound policy until it received the delete for the replaced CHILD_SA.

  * The previous code temporarily installed an outbound IPsec SA/policy that was deleted

    immediately afterwards when a rekey collision was lost, which caused a slight chance for traffic loss.

* The remote address must not be resolvable anymore when installing trap policies (at least not if the

  remote traffic selector is not _%dynamic_, commit:1a8226429a).

* The new _%unique-dir_ value for the _mark*_ settings in [[swanctl.conf]] or [[ipsec.conf]] will allocate separate

  unique marks for each CHILD_SA direction (commit:32e5c49234).

* By default the @/etc/swanctl/conf.d@ directory is created and *.conf files in it are included in the default

  [[swanctl.conf]] file.

* The _curl_ plugin now follows HTTP redirects (configurable via [[strongswan.conf]]).

* The [[errornotifyplugin|error-notify]] plugin correctly handles disconnected listeners (commit:ed926a73df).

* The _sha2_ plugin was changed so that the last output is not stored in an internal buffer anymore (commit:1a75514b76, #2388).

* The encoding of nonces in OCSP requests was fixed in the _x509_ plugin (commit:d7dc677ee5).

* The handling of keyUsage extensions in X.509 certificates was fixed in the _openssl_ plugin (commit:e793d65acd).

* [[ipsecpki|pki]] loads the _pubkey_ plugin to fix printing public keys (commit:ef6b710f19).

* Some changes were added to the [[TestingEnvironment]]:

  * @do-tests@ supports running multiple tests via wildcards (e.g. @do-tests ikev2/ocsp-*@)

  * With the @-v@ option @do-tests@ will prefix each executed command with a timestamp in console.log

  * Tests in evaltest.dat can now easily match a specific number of lines (instead of [YES] or [NO]

    use e.g. [2] if exactly two matching lines - or packets for tcpdump matches - are expected)

  * Failed matches are now clearly marked in console.log