From 5c6b4a5d1f9019127d45fbf12615b2c33902e869 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Thu, 4 Dec 2014 12:08:11 +0100 Subject: [PATCH] crypto: Define MODP_CUSTOM outside of IKE DH range Before this fix it was possible to crash charon with an IKE_SA_INIT message containing a KE payload with DH group MODP_CUSTOM(1025). Defining MODP_CUSTOM outside of the two byte IKE DH identifier range prevents it from getting negotiated. Fixes CVE-2014-9221 in versions before 4.5.4. --- src/libstrongswan/crypto/diffie_hellman.c | 5 +++-- src/libstrongswan/crypto/diffie_hellman.h | 5 +++-- src/libstrongswan/plugins/gcrypt/gcrypt_dh.c | 2 +- src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c | 2 +- src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c | 2 +- src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c | 2 +- 6 files changed, 10 insertions(+), 8 deletions(-) diff --git a/src/libstrongswan/crypto/diffie_hellman.c b/src/libstrongswan/crypto/diffie_hellman.c index 5f7365321078..70961ed8281a 100644 --- a/src/libstrongswan/crypto/diffie_hellman.c +++ b/src/libstrongswan/crypto/diffie_hellman.c @@ -38,8 +38,9 @@ ENUM_NEXT(diffie_hellman_group_names, MODP_1024_160, ECP_224_BIT, ECP_521_BIT, "MODP_2048_256", "ECP_192", "ECP_224"); -ENUM_NEXT(diffie_hellman_group_names, MODP_NULL, MODP_CUSTOM, ECP_224_BIT, - "MODP_NULL", +ENUM_NEXT(diffie_hellman_group_names, MODP_NULL, MODP_NULL, ECP_224_BIT, + "MODP_NULL"); +ENUM_NEXT(diffie_hellman_group_names, MODP_CUSTOM, MODP_CUSTOM, MODP_NULL, "MODP_CUSTOM"); ENUM_END(diffie_hellman_group_names, MODP_CUSTOM); diff --git a/src/libstrongswan/crypto/diffie_hellman.h b/src/libstrongswan/crypto/diffie_hellman.h index 9ae7723639ae..1bb1452894b7 100644 --- a/src/libstrongswan/crypto/diffie_hellman.h +++ b/src/libstrongswan/crypto/diffie_hellman.h @@ -57,8 +57,9 @@ enum diffie_hellman_group_t { ECP_224_BIT = 26, /** insecure NULL diffie hellman group for testing, in PRIVATE USE */ MODP_NULL = 1024, - /** MODP group with custon generator, prime */ - MODP_CUSTOM = 1025, + /** internally used DH group with additional parameters g and p, outside + * of PRIVATE USE (i.e. IKEv2 DH group range) so it can't be negotiated */ + MODP_CUSTOM = 65536, }; /** diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c index 6c4665da2dd2..9c7e98084431 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c @@ -35,7 +35,7 @@ struct private_gcrypt_dh_t { /** * Diffie Hellman group number */ - u_int16_t group; + diffie_hellman_group_t group; /* * Generator value diff --git a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c index e99502b272ba..d798cc4bee3c 100644 --- a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c +++ b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c @@ -42,7 +42,7 @@ struct private_gmp_diffie_hellman_t { /** * Diffie Hellman group number. */ - u_int16_t group; + diffie_hellman_group_t group; /* * Generator value. diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c index b27aa339135b..b00bdbb1c1a4 100644 --- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c +++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c @@ -34,7 +34,7 @@ struct private_openssl_diffie_hellman_t { /** * Diffie Hellman group number. */ - u_int16_t group; + diffie_hellman_group_t group; /** * Diffie Hellman object diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c index 78ed2811aa39..01710e7fbae3 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c @@ -39,7 +39,7 @@ struct private_openssl_ec_diffie_hellman_t { /** * Diffie Hellman group number. */ - u_int16_t group; + diffie_hellman_group_t group; /** * EC private (public) key -- 1.9.1