diff options
-rw-r--r-- | debian/changelog | 3 | ||||
-rw-r--r-- | debian/patches/05_ivgen-allow-reusing-same-message-id-twice.patch | 92 | ||||
-rw-r--r-- | debian/patches/CVE-2015-4171_enforce_remote_auth.patch | 101 | ||||
-rw-r--r-- | debian/patches/series | 2 |
4 files changed, 3 insertions, 195 deletions
diff --git a/debian/changelog b/debian/changelog index 959138ed7..6788815d5 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,9 @@ strongswan (5.3.2-1) UNRELEASED; urgency=medium * New upstream release. + * debian/patches: + - 05_ivgen-allow-reusing-same-message-id-twice dropped, included upstream. + - CVE-2015-4171_enforce_remote_auth dropped as well. -- Yves-Alexis Perez <corsac@debian.org> Mon, 08 Jun 2015 15:55:45 +0200 diff --git a/debian/patches/05_ivgen-allow-reusing-same-message-id-twice.patch b/debian/patches/05_ivgen-allow-reusing-same-message-id-twice.patch deleted file mode 100644 index a61ba7aff..000000000 --- a/debian/patches/05_ivgen-allow-reusing-same-message-id-twice.patch +++ /dev/null @@ -1,92 +0,0 @@ -From 63e5db4154c8f69be592c4b9fdc8947777f8ab02 Mon Sep 17 00:00:00 2001 -From: Martin Willi <martin@revosec.ch> -Date: Tue, 2 Jun 2015 14:08:42 +0200 -Subject: [PATCH] ivgen: Allow reusing the same message ID twice in sequential - IV gen - -We use the message ID and fragment number as IV generator. As IKEv2 uses -distinct message ID counters for actively and passively initiated exchanges, -each IV would be used twice. As we explicitly reject such message IDs since -d0ed1079, original-responder initiated exchanges fail with counter mode ciphers. - -This commit separates IV space in two halves for sequential IVs, and -automatically assigns once reused sequence numbers to the second half. - - #980. ---- - src/libstrongswan/crypto/iv/iv_gen_seq.c | 32 +++++++++++++++++++++++------- - 1 file changed, 25 insertions(+), 7 deletions(-) - -diff --git a/src/libstrongswan/crypto/iv/iv_gen_seq.c b/src/libstrongswan/crypto/iv/iv_gen_seq.c -index 4de1374..9f99c51 100644 ---- a/src/libstrongswan/crypto/iv/iv_gen_seq.c -+++ b/src/libstrongswan/crypto/iv/iv_gen_seq.c -@@ -19,6 +19,7 @@ - * Magic value for the initial IV state - */ - #define SEQ_IV_INIT_STATE (~(u_int64_t)0) -+#define SEQ_IV_HIGH_MASK (1ULL << 63) - - typedef struct private_iv_gen_t private_iv_gen_t; - -@@ -33,9 +34,14 @@ struct private_iv_gen_t { - iv_gen_t public; - - /** -- * Previously passed sequence number to enforce uniqueness -+ * Previously passed sequence number in lower space to enforce uniqueness - */ -- u_int64_t prev; -+ u_int64_t prevl; -+ -+ /** -+ * Previously passed sequence number in upper space to enforce uniqueness -+ */ -+ u_int64_t prevh; - - /** - * Salt to mask counter -@@ -57,15 +63,26 @@ METHOD(iv_gen_t, get_iv, bool, - { - return FALSE; - } -- if (this->prev != SEQ_IV_INIT_STATE && seq <= this->prev) -+ if (this->prevl != SEQ_IV_INIT_STATE && seq <= this->prevl) - { -- return FALSE; -+ seq |= SEQ_IV_HIGH_MASK; -+ if (this->prevh != SEQ_IV_INIT_STATE && seq <= this->prevh) -+ { -+ return FALSE; -+ } - } -- if (seq == SEQ_IV_INIT_STATE) -+ if ((seq | SEQ_IV_HIGH_MASK) == SEQ_IV_INIT_STATE) - { - return FALSE; - } -- this->prev = seq; -+ if (seq & SEQ_IV_HIGH_MASK) -+ { -+ this->prevh = seq; -+ } -+ else -+ { -+ this->prevl = seq; -+ } - if (len > sizeof(u_int64_t)) - { - len = sizeof(u_int64_t); -@@ -107,7 +124,8 @@ iv_gen_t *iv_gen_seq_create() - .allocate_iv = _allocate_iv, - .destroy = _destroy, - }, -- .prev = SEQ_IV_INIT_STATE, -+ .prevl = SEQ_IV_INIT_STATE, -+ .prevh = SEQ_IV_INIT_STATE, - ); - - rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG); --- -1.7.9.5 - diff --git a/debian/patches/CVE-2015-4171_enforce_remote_auth.patch b/debian/patches/CVE-2015-4171_enforce_remote_auth.patch deleted file mode 100644 index 506a55f6f..000000000 --- a/debian/patches/CVE-2015-4171_enforce_remote_auth.patch +++ /dev/null @@ -1,101 +0,0 @@ -From ca1a65cc6aef2e037b529574783b7c571d1d82a9 Mon Sep 17 00:00:00 2001 -From: Martin Willi <martin@strongswan.org> -Date: Wed, 3 Jun 2015 10:52:34 +0200 -Subject: [PATCH] ikev2: Enforce remote authentication config before proceeding - with own authentication - -Previously the constraints in the authentication configuration of an -initiator were enforced only after all authentication rounds were -complete. This posed a problem if an initiator used EAP or PSK -authentication while the responder was authenticated with a certificate -and if a rogue server was able to authenticate itself with a valid -certificate issued by any CA the initiator trusted. - -Because any constraints for the responder's identity (rightid) or other -aspects of the authentication (e.g. rightca) the initiator had were not -enforced until the initiator itself finished its authentication such a rogue -responder was able to acquire usernames and password hashes from the client. -And if a client supported EAP-GTC it was even possible to trick it into -sending plaintext passwords. - -This patch enforces the configured constraints right after the responder's -authentication successfully finished for each round and before the initiator -starts with its own authentication. - -Fixes CVE-2015-4171. ---- - src/libcharon/sa/ikev2/tasks/ike_auth.c | 44 +++++++++++++++++++++++++++++++++ - 1 file changed, 44 insertions(+) - -diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.c b/src/libcharon/sa/ikev2/tasks/ike_auth.c -index bf747a49edde..2554496c1916 100644 ---- a/src/libcharon/sa/ikev2/tasks/ike_auth.c -+++ b/src/libcharon/sa/ikev2/tasks/ike_auth.c -@@ -112,6 +112,11 @@ struct private_ike_auth_t { - * received an INITIAL_CONTACT? - */ - bool initial_contact; -+ -+ /** -+ * Is EAP acceptable, did we strictly authenticate peer? -+ */ -+ bool eap_acceptable; - }; - - /** -@@ -879,6 +884,37 @@ static void send_auth_failed_informational(private_ike_auth_t *this, - message->destroy(message); - } - -+/** -+ * Check if strict constraint fullfillment required to continue current auth -+ */ -+static bool require_strict(private_ike_auth_t *this, bool mutual_eap) -+{ -+ auth_cfg_t *cfg; -+ -+ if (this->eap_acceptable) -+ { -+ return FALSE; -+ } -+ -+ cfg = this->ike_sa->get_auth_cfg(this->ike_sa, TRUE); -+ switch ((uintptr_t)cfg->get(cfg, AUTH_RULE_AUTH_CLASS)) -+ { -+ case AUTH_CLASS_EAP: -+ if (mutual_eap && this->my_auth) -+ { -+ this->eap_acceptable = TRUE; -+ return !this->my_auth->is_mutual(this->my_auth); -+ } -+ return TRUE; -+ case AUTH_CLASS_PSK: -+ return TRUE; -+ case AUTH_CLASS_PUBKEY: -+ case AUTH_CLASS_ANY: -+ default: -+ return FALSE; -+ } -+} -+ - METHOD(task_t, process_i, status_t, - private_ike_auth_t *this, message_t *message) - { -@@ -1014,6 +1050,14 @@ METHOD(task_t, process_i, status_t, - } - } - -+ if (require_strict(this, mutual_eap)) -+ { -+ if (!update_cfg_candidates(this, TRUE)) -+ { -+ goto peer_auth_failed; -+ } -+ } -+ - if (this->my_auth) - { - switch (this->my_auth->process(this->my_auth, message)) --- -1.9.1 - diff --git a/debian/patches/series b/debian/patches/series index c2bce201f..6d7cc1dfa 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,5 +1,3 @@ 01_fix-manpages.patch 03_systemd-service.patch 04_disable-libtls-tests.patch -05_ivgen-allow-reusing-same-message-id-twice.patch -CVE-2015-4171_enforce_remote_auth.patch |