Before this fix it was possible to crash charon with an IKE_SA_INIT
message containing a KE payload with DH group MODP_CUSTOM(1025).
Defining MODP_CUSTOM outside of the two byte IKE DH identifier range
prevents it from getting negotiated.
Fixes CVE-2014-9221.
While it was always documented as boolean setting, the option is currently
handled as integer value, for which yes/no values do not work. Instead the
default of TRUE is used for a no value.
The option has been moved a lot during the last years, and in some locations
was handled as bool, in some as integer. In the latest codebase it
congruently used integer, which is actually not what is documented and used
in testing.
Fixes#781.
To avoid any race conditions when multiple threads call and initialize
diffie_hellman_get_params(), explicitly examine the optimum DH exponent size
during library initialization.
Fixes#655.
The main reason for this change is that Android's libcrypto does not
include the get_rfcX_prime_Y functions by default. Therefore we would
have had to replicate the primes a third time.
passive listeners can register on the bus
active listeners wait for signals actively
multiplexing allows multiple listeners to receive debug signals
a lot more...
Andreas Steffen