strongSwan -- ECDSA signature verification issue

2013-04-30T00:00:00
ID 6FF570CB-B418-11E2-B279-20CF30E32F6D
Type freebsd
Reporter FreeBSD
Modified 2013-04-30T00:00:00

Description

strongSwan security team reports:

If the openssl plugin is used for ECDSA signature verification an empty, zeroed or otherwise invalid signature is handled as a legitimate one. Both IKEv1 and IKEv2 are affected. Affected are only installations that have enabled and loaded the OpenSSL crypto backend (--enable-openssl). Builds using the default crypto backends are not affected.