A flaw was found in strongSwan 4.x and 5.x before 5.7.0. In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication.
Created strongswan tracking bugs for this issue:
Affects: epel-all [bug 1635874]
Affects: fedora-all [bug 1635875]
Strongswan in Red Hat Enterprise Linux does not enable the gmp plugin. Therefore this flaw does not affect Red Hat Enterprise Linux 7 build of strongswan.