From 312847e1a3227066e9fd4855ace0d857fa51bbe6 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Fri, 17 Feb 2023 16:28:07 +0100 Subject: [PATCH] openssl: Add curve25519 and curve448 after ECDH groups This was the order before 46a6b062822c ("openssl: Only announce ECDH groups actually supported by OpenSSL") but that's not really the reason for this change. It's related to the Android app, where we previously didn't support these DH groups in BoringSSL and added the curve25519 plugin after the openssl plugin instead. This resulted in the same order, i.e. ECDH groups before curve25519. With the switch to OpenSSL and the mentioned commit, this changed and curve25519 was now the first group that was proposed and used for the KE payload. Not really an issue you'd think, however, there are apparently Zyxel Firewalls with older firmware versions (some forum posts mentioned a fix in V5.31) that can't handle KE payloads with DH groups > 21 (ecp521). So with curve25519 (31) proposed in the KE payload, they silently dropped the IKE_SA_INIT request and no connection could be established. --- .../plugins/openssl/openssl_plugin.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index 439fae9a7f..f641bb1f6f 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -654,13 +654,6 @@ METHOD(plugin_t, get_features, int, PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_521), #endif #endif /* OPENSSL_NO_ECDSA */ -#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_ECDH) - PLUGIN_REGISTER(KE, openssl_x_diffie_hellman_create), - /* available since 1.1.0a, but we require 1.1.1 features */ - PLUGIN_PROVIDE(KE, CURVE_25519), - /* available since 1.1.1 */ - PLUGIN_PROVIDE(KE, CURVE_448), -#endif /* OPENSSL_VERSION_NUMBER && !OPENSSL_NO_ECDH */ #if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_EC) /* EdDSA private/public key loading */ PLUGIN_REGISTER(PUBKEY, openssl_ed_public_key_load, TRUE), @@ -705,6 +698,16 @@ METHOD(plugin_t, get_features, int, PLUGIN_PROVIDE(KE, ECP_224_BP), #endif /* OPENSSL_VERSION_NUMBER */ #endif /* OPENSSL_NO_ECDH */ + }; + static plugin_feature_t f_xdh[] = { +#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_ECDH) + /* define them here, so we can add them after the EC DH groups */ + PLUGIN_REGISTER(KE, openssl_x_diffie_hellman_create), + /* available since 1.1.0a, but we require 1.1.1 features */ + PLUGIN_PROVIDE(KE, CURVE_25519), + /* available since 1.1.1 */ + PLUGIN_PROVIDE(KE, CURVE_448), +#endif /* OPENSSL_VERSION_NUMBER && !OPENSSL_NO_ECDH */ }; static plugin_feature_t f[countof(f_base) + countof(f_ecdh)] = {}; static int count = 0; @@ -715,6 +718,7 @@ METHOD(plugin_t, get_features, int, #ifndef OPENSSL_NO_ECDH add_ecdh_features(f, f_ecdh, countof(f_ecdh), &count); #endif + plugin_features_add(f, f_xdh, countof(f_xdh), &count); } *features = f; return count; -- 2.47.2