summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/changelog3
-rw-r--r--debian/patches/05_ivgen-allow-reusing-same-message-id-twice.patch92
-rw-r--r--debian/patches/CVE-2015-4171_enforce_remote_auth.patch101
-rw-r--r--debian/patches/series2
4 files changed, 3 insertions, 195 deletions
diff --git a/debian/changelog b/debian/changelog
index 959138ed7..6788815d5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,9 @@
strongswan (5.3.2-1) UNRELEASED; urgency=medium
* New upstream release.
+ * debian/patches:
+ - 05_ivgen-allow-reusing-same-message-id-twice dropped, included upstream.
+ - CVE-2015-4171_enforce_remote_auth dropped as well.
-- Yves-Alexis Perez <corsac@debian.org> Mon, 08 Jun 2015 15:55:45 +0200
diff --git a/debian/patches/05_ivgen-allow-reusing-same-message-id-twice.patch b/debian/patches/05_ivgen-allow-reusing-same-message-id-twice.patch
deleted file mode 100644
index a61ba7aff..000000000
--- a/debian/patches/05_ivgen-allow-reusing-same-message-id-twice.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-From 63e5db4154c8f69be592c4b9fdc8947777f8ab02 Mon Sep 17 00:00:00 2001
-From: Martin Willi <martin@revosec.ch>
-Date: Tue, 2 Jun 2015 14:08:42 +0200
-Subject: [PATCH] ivgen: Allow reusing the same message ID twice in sequential
- IV gen
-
-We use the message ID and fragment number as IV generator. As IKEv2 uses
-distinct message ID counters for actively and passively initiated exchanges,
-each IV would be used twice. As we explicitly reject such message IDs since
-d0ed1079, original-responder initiated exchanges fail with counter mode ciphers.
-
-This commit separates IV space in two halves for sequential IVs, and
-automatically assigns once reused sequence numbers to the second half.
-
- #980.
----
- src/libstrongswan/crypto/iv/iv_gen_seq.c | 32 +++++++++++++++++++++++-------
- 1 file changed, 25 insertions(+), 7 deletions(-)
-
-diff --git a/src/libstrongswan/crypto/iv/iv_gen_seq.c b/src/libstrongswan/crypto/iv/iv_gen_seq.c
-index 4de1374..9f99c51 100644
---- a/src/libstrongswan/crypto/iv/iv_gen_seq.c
-+++ b/src/libstrongswan/crypto/iv/iv_gen_seq.c
-@@ -19,6 +19,7 @@
- * Magic value for the initial IV state
- */
- #define SEQ_IV_INIT_STATE (~(u_int64_t)0)
-+#define SEQ_IV_HIGH_MASK (1ULL << 63)
-
- typedef struct private_iv_gen_t private_iv_gen_t;
-
-@@ -33,9 +34,14 @@ struct private_iv_gen_t {
- iv_gen_t public;
-
- /**
-- * Previously passed sequence number to enforce uniqueness
-+ * Previously passed sequence number in lower space to enforce uniqueness
- */
-- u_int64_t prev;
-+ u_int64_t prevl;
-+
-+ /**
-+ * Previously passed sequence number in upper space to enforce uniqueness
-+ */
-+ u_int64_t prevh;
-
- /**
- * Salt to mask counter
-@@ -57,15 +63,26 @@ METHOD(iv_gen_t, get_iv, bool,
- {
- return FALSE;
- }
-- if (this->prev != SEQ_IV_INIT_STATE && seq <= this->prev)
-+ if (this->prevl != SEQ_IV_INIT_STATE && seq <= this->prevl)
- {
-- return FALSE;
-+ seq |= SEQ_IV_HIGH_MASK;
-+ if (this->prevh != SEQ_IV_INIT_STATE && seq <= this->prevh)
-+ {
-+ return FALSE;
-+ }
- }
-- if (seq == SEQ_IV_INIT_STATE)
-+ if ((seq | SEQ_IV_HIGH_MASK) == SEQ_IV_INIT_STATE)
- {
- return FALSE;
- }
-- this->prev = seq;
-+ if (seq & SEQ_IV_HIGH_MASK)
-+ {
-+ this->prevh = seq;
-+ }
-+ else
-+ {
-+ this->prevl = seq;
-+ }
- if (len > sizeof(u_int64_t))
- {
- len = sizeof(u_int64_t);
-@@ -107,7 +124,8 @@ iv_gen_t *iv_gen_seq_create()
- .allocate_iv = _allocate_iv,
- .destroy = _destroy,
- },
-- .prev = SEQ_IV_INIT_STATE,
-+ .prevl = SEQ_IV_INIT_STATE,
-+ .prevh = SEQ_IV_INIT_STATE,
- );
-
- rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
---
-1.7.9.5
-
diff --git a/debian/patches/CVE-2015-4171_enforce_remote_auth.patch b/debian/patches/CVE-2015-4171_enforce_remote_auth.patch
deleted file mode 100644
index 506a55f6f..000000000
--- a/debian/patches/CVE-2015-4171_enforce_remote_auth.patch
+++ /dev/null
@@ -1,101 +0,0 @@
-From ca1a65cc6aef2e037b529574783b7c571d1d82a9 Mon Sep 17 00:00:00 2001
-From: Martin Willi <martin@strongswan.org>
-Date: Wed, 3 Jun 2015 10:52:34 +0200
-Subject: [PATCH] ikev2: Enforce remote authentication config before proceeding
- with own authentication
-
-Previously the constraints in the authentication configuration of an
-initiator were enforced only after all authentication rounds were
-complete. This posed a problem if an initiator used EAP or PSK
-authentication while the responder was authenticated with a certificate
-and if a rogue server was able to authenticate itself with a valid
-certificate issued by any CA the initiator trusted.
-
-Because any constraints for the responder's identity (rightid) or other
-aspects of the authentication (e.g. rightca) the initiator had were not
-enforced until the initiator itself finished its authentication such a rogue
-responder was able to acquire usernames and password hashes from the client.
-And if a client supported EAP-GTC it was even possible to trick it into
-sending plaintext passwords.
-
-This patch enforces the configured constraints right after the responder's
-authentication successfully finished for each round and before the initiator
-starts with its own authentication.
-
-Fixes CVE-2015-4171.
----
- src/libcharon/sa/ikev2/tasks/ike_auth.c | 44 +++++++++++++++++++++++++++++++++
- 1 file changed, 44 insertions(+)
-
-diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.c b/src/libcharon/sa/ikev2/tasks/ike_auth.c
-index bf747a49edde..2554496c1916 100644
---- a/src/libcharon/sa/ikev2/tasks/ike_auth.c
-+++ b/src/libcharon/sa/ikev2/tasks/ike_auth.c
-@@ -112,6 +112,11 @@ struct private_ike_auth_t {
- * received an INITIAL_CONTACT?
- */
- bool initial_contact;
-+
-+ /**
-+ * Is EAP acceptable, did we strictly authenticate peer?
-+ */
-+ bool eap_acceptable;
- };
-
- /**
-@@ -879,6 +884,37 @@ static void send_auth_failed_informational(private_ike_auth_t *this,
- message->destroy(message);
- }
-
-+/**
-+ * Check if strict constraint fullfillment required to continue current auth
-+ */
-+static bool require_strict(private_ike_auth_t *this, bool mutual_eap)
-+{
-+ auth_cfg_t *cfg;
-+
-+ if (this->eap_acceptable)
-+ {
-+ return FALSE;
-+ }
-+
-+ cfg = this->ike_sa->get_auth_cfg(this->ike_sa, TRUE);
-+ switch ((uintptr_t)cfg->get(cfg, AUTH_RULE_AUTH_CLASS))
-+ {
-+ case AUTH_CLASS_EAP:
-+ if (mutual_eap && this->my_auth)
-+ {
-+ this->eap_acceptable = TRUE;
-+ return !this->my_auth->is_mutual(this->my_auth);
-+ }
-+ return TRUE;
-+ case AUTH_CLASS_PSK:
-+ return TRUE;
-+ case AUTH_CLASS_PUBKEY:
-+ case AUTH_CLASS_ANY:
-+ default:
-+ return FALSE;
-+ }
-+}
-+
- METHOD(task_t, process_i, status_t,
- private_ike_auth_t *this, message_t *message)
- {
-@@ -1014,6 +1050,14 @@ METHOD(task_t, process_i, status_t,
- }
- }
-
-+ if (require_strict(this, mutual_eap))
-+ {
-+ if (!update_cfg_candidates(this, TRUE))
-+ {
-+ goto peer_auth_failed;
-+ }
-+ }
-+
- if (this->my_auth)
- {
- switch (this->my_auth->process(this->my_auth, message))
---
-1.9.1
-
diff --git a/debian/patches/series b/debian/patches/series
index c2bce201f..6d7cc1dfa 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,5 +1,3 @@
01_fix-manpages.patch
03_systemd-service.patch
04_disable-libtls-tests.patch
-05_ivgen-allow-reusing-same-message-id-twice.patch
-CVE-2015-4171_enforce_remote_auth.patch