- Fixed a denial-of-service and potential remote code execution vulnerability
triggered by IKEv1/IKEv2 messages that contain payloads for the respective
other IKE version. Such payload are treated specially since 5.2.2 but because
they were still identified by their original payload type they were used as
such in some places causing invalid function pointer dereferences.
The vulnerability has been registered as CVE-2015-3991.
Please refer to our blog for details.
- The new aesni plugin provides CBC, CTR, XCBC, CMAC, CCM and GCM crypto
primitives for AES-128/192/256. The plugin requires AES-NI and PCLMULQDQ
instructions and works on both x86 and x64 architectures. It provides
superior crypto performance in userland without any external libraries.
- Fixed an issue with IKEv2 fragmentation (introduced with 5.2.1) and encryption
algorithms that use sequential IVs (e.g. AES-GCM). Previously the IKE message ID was
used as IV, but with IKEv2 fragmentation this ID is not unique anymore, causing the
same IV to get used for fragments of the same message. This was fixed by including
the fragment identifier in the IV (62e0abe759).
- The TLS client in libtls now rejects Diffie-Hellman groups with primes < 1024 bit (47e96391f2).
- The accuracy of usage statistics reported via RADIUS Accounting has been
increased in several situations (e.g. if interim updates occur while rekeying a CHILD_SA).
- A constant time memory comparison utility function (
added for cryptographic purposes (aa9b74931f).
- The interface for DH implementations was extended to enable unit tests (44136bec94).
- Fixed initialization of HMAC primitives in the openssl plugin for newer
OpenSSL releases (c2906c8f21).
- ike-updown and child-updown events are now relayed via VICI (a7e4a2d6c2).
- The Ruby Gems and Python Eggs built with
not installed anymore during
make install. To do so the options
--enable-python-eggs-installmay be passed to ./configure (f16f792e17).