+strongswan-5.8.2
+----------------
+
+- Identity-based CA constraints are supported via vici/swanctl.conf. They
+ enforce that the remote's certificate chain contains a CA certificate with a
+ specific identity. While similar to the existing CA constraints, they don't
+ require that the CA certificate is locally installed such as intermediate CA
+ certificates received from peers. Compared to wildcard identity matching (e.g.
+ "..., OU=Research, CN=*") this requires less trust in the intermediate CAs (to
+ only issue certificates with legitimate subject DNs) as long as path length
+ basic constraints prevent them from issuing further intermediate CAs.
+
+- Intermediate CA certificates may now be sent in hash-and-URL encoding by
+ configuring a base URL for the parent CA.
+
+- Implemented NIST SP-800-90A Deterministic Random Bit Generator (DRBG)
+ based on AES-CTR and SHA2-HMAC modes. Currently used by gmp and ntru plugins.
+
+- Random nonces sent in an OCSP requests are now expected in the corresponding
+ OCSP responses.
+
+- The kernel-netlink plugin ignores deprecated IPv6 addresses for MOBIKE.
+ Whether temporary or permanent IPv6 addresses are included depends on the
+ charon.prefer_temporary_addrs setting.
+
+- Extended Sequence Numbers (ESN) are configured via PF_KEY if supported by the
+ kernel.
+
+- Unique section names are used for CHILD_SAs in vici child-updown events and
+ more information (e.g. statistics) are included for individually deleted
+ CHILD_SAs (in particular for IKEv1).
+
+- So fallbacks to other plugins work properly, creating HMACs via openssl plugin
+ now fails instantly if the underlying hash algorithm isn't supported (e.g.
+ MD5 in FIPS-mode).
+
+- Exponents of RSA keys read from TPM 2.0 via SAPI are now correctly converted.
+
+- Routing table IDs > 255 are supported for custom routes on Linux.
+
+- The D-Bus config file for charon-nm is now installed in
+ $(datadir)/dbus-1/system.d instead of $(sysconfdir)/dbus-1/system.d.
+
+- INVALID_MAJOR_VERSION notifies are now correctly sent in messages of the same
+ exchange type and using the same message ID as the request.
+
+- IKEv2 SAs are immediately destroyed when sending or receiving INVALID_SYNTAX
+ notifies in authenticated messages.
+
+
+strongswan-5.8.1
+----------------
+
+- RDNs in Distinguished Names can now optionally be matched less strict. The
+ global option charon.rdn_matching takes two alternative values that cause the
+ matching algorithm to either ignore the order of matched RDNs or additionally
+ accept DNs that contain more RDNs than configured (unmatched RDNs are treated
+ like wildcard matches).
+
+- The updown plugin now passes the same interface to the script that is also
+ used for the automatically installed routes, i.e. the interface over which the
+ peer is reached instead of the interface on which the local address is found.
+
+- TPM 2.0 contexts are now protected by a mutex to prevent issues if multiple
+ IKE_SAs use the same private key concurrently.
+
+
strongswan-5.8.0
----------------
for low-exponent keys (i.e. with e=3). CVE-2018-16151 has been assigned to
the problem of accepting random bytes after the OID of the hash function in
such signatures, and CVE-2018-16152 has been assigned to the issue of not
- verifying that the parameters in the ASN.1 algorithmIdentitifer structure is
+ verifying that the parameters in the ASN.1 algorithmIdentifier structure is
empty. Other flaws that don't lead to a vulnerability directly (e.g. not
checking for at least 8 bytes of padding) have no separate CVE assigned.
- In the bliss plugin the c_indices derivation using a SHA-512 based random
oracle has been fixed, generalized and standardized by employing the MGF1 mask
- generation function with SHA-512. As a consequence BLISS signatures unsing the
+ generation function with SHA-512. As a consequence BLISS signatures using the
improved oracle are not compatible with the earlier implementation.
- Support for auto=route with right=%any for transport mode connections has
- The PA-TNC and PB-TNC protocols can now process huge data payloads
>64 kB by distributing PA-TNC attributes over multiple PA-TNC messages
and these messages over several PB-TNC batches. As long as no
- consolidated recommandation from all IMVs can be obtained, the TNC
+ consolidated recommendation from all IMVs can be obtained, the TNC
server requests more client data by sending an empty SDATA batch.
- The rightgroups2 ipsec.conf option can require group membership during
- The nm plugin also accepts CA certificates for gateway authentication. If
a CA certificate is configured, strongSwan uses the entered gateway address
- as its idenitity, requiring the gateways certificate to contain the same as
+ as its identity, requiring the gateways certificate to contain the same as
subjectAltName. This allows a gateway administrator to deploy the same
certificates to Windows 7 and NetworkManager clients.
fuzzing techniques: 1) Sending a malformed IKE_SA_INIT request leaved an
incomplete state which caused a null pointer dereference if a subsequent
CREATE_CHILD_SA request was sent. 2) Sending an IKE_AUTH request with either
- a missing TSi or TSr payload caused a null pointer derefence because the
+ a missing TSi or TSr payload caused a null pointer dereference because the
checks for TSi and TSr were interchanged. The IKEv2 fuzzer used was
developed by the Orange Labs vulnerability research team. The tool was
initially written by Gabriel Campana and is now maintained by Laurent Butti.
Initiators and responders can use several authentication rounds (e.g. RSA
followed by EAP) to authenticate. The new ipsec.conf leftauth/rightauth and
leftauth2/rightauth2 parameters define own authentication rounds or setup
- constraints for the remote peer. See the ipsec.conf man page for more detials.
+ constraints for the remote peer. See the ipsec.conf man page for more details.
- If glibc printf hooks (register_printf_function) are not available,
strongSwan can use the vstr string library to run on non-glibc systems.
- Added support for preshared keys in IKEv2. PSK keys configured in
ipsec.secrets are loaded. The authby parameter specifies the authentication
- method to authentificate ourself, the other peer may use PSK or RSA.
+ method to authenticate ourself, the other peer may use PSK or RSA.
- Changed retransmission policy to respect the keyingtries parameter.
left|rightfirewall keyword causes the automatic insertion
and deletion of ACCEPT rules for tunneled traffic upon
the successful setup and teardown of an IPsec SA, respectively.
- left|rightfirwall can be used with KLIPS under any Linux 2.4
+ left|rightfirewall can be used with KLIPS under any Linux 2.4
kernel or with NETKEY under a Linux kernel version >= 2.6.16
in conjunction with iptables >= 1.3.5. For NETKEY under a Linux
kernel version < 2.6.16 which does not support IPsec policy
to replace the various shell and awk starter scripts (setup, _plutoload,
_plutostart, _realsetup, _startklips, _confread, and auto). Since
ipsec.conf is now parsed only once, the starting of multiple tunnels is
- accelerated tremedously.
+ accelerated tremendously.
- Added support of %defaultroute to the ipsec starter. If the IP address
changes, a HUP signal to the ipsec starter will automatically
- Under the native IPsec of the Linux 2.6 kernel, a %trap eroute
installed either by setting auto=route in ipsec.conf or by
- a connection put into hold, generates an XFRM_AQUIRE event
+ a connection put into hold, generates an XFRM_ACQUIRE event
for each packet that wants to use the not-yet existing
- tunnel. Up to now each XFRM_AQUIRE event led to an entry in
+ tunnel. Up to now each XFRM_ACQUIRE event led to an entry in
the Quick Mode queue, causing multiple IPsec SA to be
established in rapid succession. Starting with strongswan-2.5.1
only a single IPsec SA is established per host-pair connection.
projects / thirdparty / strongswan.git / blobdiff