openssl: Add curve25519 and curve448 after ECDH groups

This was the order before 46a6b062822c ("openssl: Only announce ECDH
groups actually supported by OpenSSL") but that's not really the reason
for this change.  It's related to the Android app, where we previously
didn't support these DH groups in BoringSSL and added the curve25519
plugin after the openssl plugin instead.  This resulted in the same
order, i.e. ECDH groups before curve25519.  With the switch to OpenSSL
and the mentioned commit, this changed and curve25519 was now the first
group that was proposed and used for the KE payload.  Not really an
issue you'd think, however, there are apparently Zyxel Firewalls with
older firmware versions (some forum posts mentioned a fix in V5.31) that
can't handle KE payloads with DH groups > 21 (ecp521). So with
curve25519 (31) proposed in the KE payload, they silently dropped the
IKE_SA_INIT request and no connection could be established.

diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index 439fae9a7f44b50dba9ee0b1f98d69f2bcdea22b..f641bb1f6fa3a9a377fd655dce8609b39e5a0e0d 100644 (file)
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -654,13 +654,6 @@ METHOD(plugin_t, get_features, int,
                PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_521),
 #endif
 #endif /* OPENSSL_NO_ECDSA */
-#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_ECDH)
-               PLUGIN_REGISTER(KE, openssl_x_diffie_hellman_create),
-                       /* available since 1.1.0a, but we require 1.1.1 features */
-                       PLUGIN_PROVIDE(KE, CURVE_25519),
-                       /* available since 1.1.1 */
-                       PLUGIN_PROVIDE(KE, CURVE_448),
-#endif /* OPENSSL_VERSION_NUMBER && !OPENSSL_NO_ECDH */
 #if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_EC)
                /* EdDSA private/public key loading */
                PLUGIN_REGISTER(PUBKEY, openssl_ed_public_key_load, TRUE),
@@ -705,6 +698,16 @@ METHOD(plugin_t, get_features, int,
                        PLUGIN_PROVIDE(KE, ECP_224_BP),
 #endif /* OPENSSL_VERSION_NUMBER */
 #endif /* OPENSSL_NO_ECDH */
+       };
+       static plugin_feature_t f_xdh[] = {
+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_ECDH)
+               /* define them here, so we can add them after the EC DH groups */
+               PLUGIN_REGISTER(KE, openssl_x_diffie_hellman_create),
+                       /* available since 1.1.0a, but we require 1.1.1 features */
+                       PLUGIN_PROVIDE(KE, CURVE_25519),
+                       /* available since 1.1.1 */
+                       PLUGIN_PROVIDE(KE, CURVE_448),
+#endif /* OPENSSL_VERSION_NUMBER && !OPENSSL_NO_ECDH */
        };
        static plugin_feature_t f[countof(f_base) + countof(f_ecdh)] = {};
        static int count = 0;
@@ -715,6 +718,7 @@ METHOD(plugin_t, get_features, int,
 #ifndef OPENSSL_NO_ECDH
                add_ecdh_features(f, f_ecdh, countof(f_ecdh), &count);
 #endif
+               plugin_features_add(f, f_xdh, countof(f_xdh), &count);
        }
        *features = f;
        return count;