Project

General

Profile

History

Changelog »

Changelog for 5.3.x » History » Version 3

« Previous - Version 3/6 (diff) - Next » - Current version
Tobias Brunner, 01.06.2015 12:43

Changelog for 5.3.x

Version 5.3.2

  • Fixed a vulnerability that allowed rogue servers with a valid certificate
    accepted by the client to trick it into disclosing its username and even
    password (if the client accepts EAP-GTC). This was caused because constraints
    against the responder's authentication were enforced too late.
    This vulnerability has been registered as CVE-2015-4171.
    Please refer to our blog for details.

Version 5.3.1

  • Fixed a denial-of-service and potential remote code execution vulnerability
    triggered by IKEv1/IKEv2 messages that contain payloads for the respective
    other IKE version. Such payload are treated specially since 5.2.2 but because
    they were still identified by their original payload type they were used as
    such in some places causing invalid function pointer dereferences.
    The vulnerability has been registered as CVE-2015-3991.
    Please refer to our blog for details.
  • The new aesni plugin provides CBC, CTR, XCBC, CMAC, CCM and GCM crypto
    primitives for AES-128/192/256. The plugin requires AES-NI and PCLMULQDQ
    instructions and works on both x86 and x64 architectures. It provides
    superior crypto performance in userland without any external libraries.
  • Fixed an issue with IKEv2 fragmentation (introduced with 5.2.1) and encryption
    algorithms that use sequential IVs (e.g. AES-GCM). Previously the IKE message ID was
    used as IV, but with IKEv2 fragmentation this ID is not unique anymore, causing the
    same IV to get used for fragments of the same message. This was fixed by including
    the fragment identifier in the IV (commit:62e0abe759).
  • The TLS client in libtls now rejects Diffie-Hellman groups with primes < 1024 bit (commit:47e96391f2).
  • The accuracy of usage statistics reported via RADIUS Accounting has been
    increased in several situations (e.g. if interim updates occur while rekeying a CHILD_SA).
  • A constant time memory comparison utility function (chunk_equals_const) was
    added for cryptographic purposes (commit:aa9b74931f).
  • The interface for DH implementations was extended to enable unit tests (commit:44136bec94).
  • Fixed initialization of HMAC primitives in the openssl plugin for newer
    OpenSSL releases (commit:c2906c8f21).
  • ike-updown and child-updown events are now relayed via VICI (commit:a7e4a2d6c2).
  • The Ruby Gems and Python Eggs built with --enable-ruby-gems|--enable-python-eggs are
    not installed anymore during make install. To do so the options --enable-ruby-gems-install
    and/or --enable-python-eggs-install may be passed to ./configure (commit:f16f792e17).
  • The source:src/libcharon/plugins/vici/libvici.h header is now licensed under the
    MIT license (commit:f17861dca9).

Version 5.3.0

  • Added support for IKEv2 make-before-break reauthentication. By using a global
    CHILD_SA reqid allocation mechanism, charon supports overlapping CHILD_SAs.
    This allows the use of make-before-break instead of the previously supported
    break-before-make reauthentication, avoiding connectivity gaps during that
    procedure. As the new mechanism may fail with peers not supporting it (such
    as any previous strongSwan release) it must be explicitly enabled using
    the charon.make_before_break strongswan.conf option.
  • Support for Signature Authentication in IKEv2 (RFC 7427) has been added.
    This allows the use of stronger hash algorithms for public key authentication.
    By default, signature schemes are chosen based on the strength of the
    signature key, but specific hash algorithms may be configured in leftauth.
  • Key types and hash algorithms specified in rightauth are now also checked
    against IKEv2 signature schemes. If such constraints are used for certificate
    chain validation in existing configurations, in particular with peers that
    don't support RFC 7427, it may be necessary to disable this feature with the
    charon.signature_authentication_constraints setting, because the signature
    scheme used in classic IKEv2 public key authentication may not be strong
    enough.
  • The new connmark plugin allows a host to bind conntrack flows to a specific
    CHILD_SA by applying and restoring the SA mark to conntrack entries. This
    allows a peer to handle multiple transport mode connections coming over the
    same NAT device for client-initiated flows (a common use case is to protect
    L2TP/IPsec). See ikev2/host2host-transport-connmark for an example.
  • The forecast plugin can forward broadcast and multicast messages between
    connected clients and a LAN. For CHILD_SA using unique marks, it sets up
    the required Netfilter rules and uses a multicast/broadcast listener that
    forwards such messages to all connected clients. This plugin is designed for
    Windows 7 IKEv2 clients, which announce their services over the tunnel if the
    negotiated IPsec policy allows it. See ikev2/forecast for an example.
  • For the vici plugin a Python Egg has been added to allow Python applications
    to control or monitor the IKE daemon using the VICI interface, similar to the
    existing ruby gem. The Python library has been contributed by Björn Schuberg.
  • EAP server methods now can fulfill public key constraints, such as rightcert
    or rightca. Additionally, public key and signature constraints can be
    specified for EAP methods in the rightauth keyword. Currently the EAP-TLS and
    EAP-TTLS methods provide verification details to constraints checking.
  • Upgrade of the BLISS post-quantum signature algorithm to the improved BLISS-B
    variant. Can be used in conjunction with the SHA256, SHA384 and SHA512 hash
    algorithms with SHA512 being the default.
  • The IF-IMV 1.4 interface now makes the IP address of the TNC access requestor
    as seen by the TNC server available to all IMVs. This information can be
    forwarded to policy enforcement points (e.g. firewalls or routers).
  • The new mutual tnccs-20 plugin parameter activates mutual TNC measurements
    in PB-TNC half-duplex mode between two endpoints over either a PT-EAP or
    PT-TLS transport medium.
  • SPIs in IKEv1 DELETE payloads are now compared to those of the current IKE SA.
    This is required for interoperability with OpenBSD's isakmpd, which always uses the
    latest IKE SA to delete other expired SAs.
  • The files plugin provides a simple fetcher for file:// URIs (commit:1735d80f38).
  • Fixed CRL verification for PKIs that don't use SHA-1 hashes of the public key
    as subjectKeyIdentifier or authorityKeyIdentifier (commit:6133770db4).
  • Route priorities are now considered when doing manual route lookups (commit:6b57790270).
  • Policies are now removed from the kernel before IPsec SAs, to avoid acquires
    for untrapped policies (commit:46188b0eb0).