]> git.ipfire.org Git - thirdparty/strongswan.git/commit
projects / thirdparty / strongswan.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6683cf6) | patch
crypto: Define MODP_CUSTOM outside of IKE DH range
authorTobias Brunner <tobias@strongswan.org>
Mon, 1 Dec 2014 16:21:59 +0000 (17:21 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 23 Dec 2014 14:40:01 +0000 (15:40 +0100)
commite13ef5c43416304f0e750af3bb87fd2fad3eee41
treeb7a944e1fc76beccf45b3a9352675c0fc0726260tree
parent6683cf6a5ad0eeb359de80c56068532116a17f17commit | diff
crypto: Define MODP_CUSTOM outside of IKE DH range

Before this fix it was possible to crash charon with an IKE_SA_INIT
message containing a KE payload with DH group MODP_CUSTOM(1025).
Defining MODP_CUSTOM outside of the two byte IKE DH identifier range
prevents it from getting negotiated.

Fixes CVE-2014-9221.
src/charon-tkm/src/tkm/tkm_diffie_hellman.c diff | blob | blame | history
src/libstrongswan/crypto/diffie_hellman.c diff | blob | blame | history
src/libstrongswan/crypto/diffie_hellman.h diff | blob | blame | history
src/libstrongswan/plugins/gcrypt/gcrypt_dh.c diff | blob | blame | history
src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c diff | blob | blame | history
src/libstrongswan/plugins/ntru/ntru_ke.c diff | blob | blame | history
src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c diff | blob | blame | history
src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c diff | blob | blame | history
src/libstrongswan/plugins/pkcs11/pkcs11_dh.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.