#1109942 strongswan-charon: upgrade to 6.0.1-6 causes "key derivation failed" error with older versions

Package:
strongswan-charon
Source:
strongswan-charon
Description:
strongSwan Internet Key Exchange daemon
Submitter:
Gabriel Filion
Date:
2025-08-27 20:13:02 UTC
Severity:
normal
#1109942#5
Date:
2025-07-26 19:16:09 UTC
From:
To:
Hello!

One of our servers got its strongswan-charon package upgraded from
6.0.1-5 to 6.0.1-6 last night. It has ipsec connections to another
trixie machine that's still using 6.0.1-5 and to a bookworm machine
that's using 5.9.8-5+deb12u1

No changes to the configuration happened for a while. Since the upgrade
happened, the host with 6.0.1-6 can't establish connection to the other
two hosts anymore. If I start the connection manually I can see the
followup output (peer IP replaced by 1.2.3.4; local IP replaced by 1.2.1.2):

ipsec up connection-name
initiating IKE_SA connection-name[6] to 1.2.3.4
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP)
N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
sending packet: from 1.2.1.2[500] to 1.2.3.4[500] (972 bytes)
received packet: from 1.2.3.4[500] to 1.2.1.2[500] (280 bytes)
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP)
N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ]
selected proposal:
IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256
KDF_PRF with PRF_HMAC_SHA2_256 not supported
key derivation failed
establishing connection 'connection-name' failed


Is this an expected compatibility break or is that an unexpected regression?

#1109942#10
Date:
2025-07-26 19:55:44 UTC
From:
To:
Very weird..

downgrading to 6.0.1-5 did not fix the issue.

I've compared the configuration files with the other servers and I'm not
seeing any difference.

So I don't actually have a good understanding of what happened on the
host that got the upgrade to 6.0.1-6 this morning :\

#1109942#15
Date:
2025-07-28 05:58:01 UTC
From:
To:
Hi Gabriel,

If you have OpenSSL 3.5.1 installed, then this is unfortunately
expected.  It requires the patches at [1] and [2], which were released
with 6.0.2.

Regards,
Tobias

[1]
https://github.com/strongswan/strongswan/commit/2dbeecfc029ba26647c756b0882bc6e85e2e6b64
[2]
https://github.com/strongswan/strongswan/commit/43b805b2daed48bdf835ca8eeb87b9b71a42781f

#1109942#20
Date:
2025-07-28 05:58:01 UTC
From:
To:
Hi Gabriel,

If you have OpenSSL 3.5.1 installed, then this is unfortunately
expected.  It requires the patches at [1] and [2], which were released
with 6.0.2.

Regards,
Tobias

[1]
https://github.com/strongswan/strongswan/commit/2dbeecfc029ba26647c756b0882bc6e85e2e6b64
[2]
https://github.com/strongswan/strongswan/commit/43b805b2daed48bdf835ca8eeb87b9b71a42781f

#1109942#25
Date:
2025-07-28 14:02:19 UTC
From:
To:

We ended up figuring out that the problem was on our side. I'm not sure
what actually caused this situation, but a reboot fixed the problem.

So there was actually no issue with the contents of the strongswan
package. sorry for the noise!

#1109942#36
Date:
2025-08-04 14:57:32 UTC
From:
To:
FTR, the workaround is to install the libstrongswan-extra-plugins
package, including the kdf plugin.

Regards
Harri

#1109942#41
Date:
2025-08-13 17:13:01 UTC
From:
To:
Dear Maintainers,

It might be a good idea to apply these two patches to 6.0.1 in trixie,
in order to avoid that everybody has to install
libstrongswan-extra-plugins just for the kdf plugin.

Also, the problem could technically also occur on bookworm as the
OpenSSL guys have backported their "fix" to 3.0.17 for some reason.  The
difference there is that the kdf plugin is installed by default via
libstrongswan package, while the openssl plugin is shipped separately in
libstrongswan-standard-plugins.  So it will only be a problem if the kdf
plugin is explicitly disabled in the config.

Regards,
Tobias

#1109942#46
Date:
2025-08-13 17:13:01 UTC
From:
To:
Dear Maintainers,

It might be a good idea to apply these two patches to 6.0.1 in trixie,
in order to avoid that everybody has to install
libstrongswan-extra-plugins just for the kdf plugin.

Also, the problem could technically also occur on bookworm as the
OpenSSL guys have backported their "fix" to 3.0.17 for some reason.  The
difference there is that the kdf plugin is installed by default via
libstrongswan package, while the openssl plugin is shipped separately in
libstrongswan-standard-plugins.  So it will only be a problem if the kdf
plugin is explicitly disabled in the config.

Regards,
Tobias

#1109942#51
Date:
2025-08-16 09:44:53 UTC
From:
To:
Thanks for the heads up Tobias, I'll try to prepare updated packages for
Trixie in the following weeks.

Regards,

#1109942#56
Date:
2025-08-22 09:21:20 UTC
From:
To:
We believe that the bug you reported is fixed in the latest version of
strongswan, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1109942@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Yves-Alexis Perez <corsac@debian.org> (supplier of updated strongswan package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Fri, 22 Aug 2025 10:45:05 +0200
Source: strongswan
Architecture: source
Version: 6.0.2-1
Distribution: unstable
Urgency: medium
Maintainer: strongSwan Maintainers <pkg-swan-devel@lists.alioth.debian.org>
Changed-By: Yves-Alexis Perez <corsac@debian.org>
Closes: 1109942
Changes:
 strongswan (6.0.2-1) unstable; urgency=medium
 .
   * New upstream version 6.0.2
     - Fix support with OpenSSL 3.5.1+ (Closes: #1109942)
   * install iptfs configuration in libstrongswan
   * d/copyright updated with decopy
Checksums-Sha1:
 f1fe348b1472d6a1ffb13b36241758d067c6896d 3179 strongswan_6.0.2-1.dsc
 eeb32fa2cb3f18f32eb70dbe29459226d7ae7c0f 4876066 strongswan_6.0.2.orig.tar.bz2
 710dcb13296afde7ae842c53d6ec5206d3d80de7 659 strongswan_6.0.2.orig.tar.bz2.asc
 dfb31b2aeb54ecfeb3040dd567a23f34326347d8 128000 strongswan_6.0.2-1.debian.tar.xz
 01beb624f7d81a47a6d2b9efd58d868129744a86 18301 strongswan_6.0.2-1_amd64.buildinfo
Checksums-Sha256:
 b57b8b2753fcf51fbb4401af1dcfd55535aed2614aaeba468cb051bc42a3d4a0 3179 strongswan_6.0.2-1.dsc
 b8bfc897b84001fd810a281918d6c9ce37503cae0f41b39c43d4aba0201277cf 4876066 strongswan_6.0.2.orig.tar.bz2
 51276ad43969e40f627f94435e6681dc40a11ad3c3aec3924748e0f2f1bfe8af 659 strongswan_6.0.2.orig.tar.bz2.asc
 185c9ee4f8c3197a9ea19a9e19de93f81eff2af3b29afea9985a417205421acc 128000 strongswan_6.0.2-1.debian.tar.xz
 d562785ee1b032693a3204e0c582a720ef7245ce8957a9a15b2a76755c28a3a8 18301 strongswan_6.0.2-1_amd64.buildinfo
Files:
 8a975287becaf0d87d979dce8de7d205 3179 net optional strongswan_6.0.2-1.dsc
 f03a199f79d5d871ef8d6322a8411cf9 4876066 net optional strongswan_6.0.2.orig.tar.bz2
 2c091b3b98be39f84ecb6f65c1bdf4c4 659 net optional strongswan_6.0.2.orig.tar.bz2.asc
 e3bcb41472c588df3e9681b19d351456 128000 net optional strongswan_6.0.2-1.debian.tar.xz
 703864f9656926c1b5a8af0aa231f10c 18301 net optional strongswan_6.0.2-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmioNGkACgkQ3rYcyPpX
RFus4Qf+LwK/lvZ9SIBlHhqpv9QoKZdGzGJnaUhJ/GxSjm7QqgDkPyJyXVVTqF0J
v5q3NIpBVuUl60rcUOHeWb29oUQUFglE5j8e69aDev0KHqe/HP2rUdHbSHSxMslA
TKHbjCzc4hODgcRfl7tU+d2mc2kcd8gP+IODxmO8+mbmsJwze0UnJkGmX+dwCIkX
IbQY+4XH8SkOLl1KTznWps3zRR+W2DonzSGsIfP+5CjhONcy1j+B81Mp0OIA2uzv
K18lBzR+2+ziZqfHS7CsI6rZQqUEHeGdsaZzuLp0+bdySHhghW4ShEjWGJlzdmDF
DeA6tLJRa4+IKNB7SD1TOmX8jdKm8w==
=9p+V
-----END PGP SIGNATURE-----

#1109942#61
Date:
2025-08-27 20:11:08 UTC
From:
To:
We believe that the bug you reported is fixed in the latest version of
strongswan, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1109942@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Yves-Alexis Perez <corsac@debian.org> (supplier of updated strongswan package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Fri, 22 Aug 2025 09:58:42 +0200
Source: strongswan
Architecture: source
Version: 6.0.1-6+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: strongSwan Maintainers <pkg-swan-devel@lists.alioth.debian.org>
Changed-By: Yves-Alexis Perez <corsac@debian.org>
Closes: 1109942
Changes:
 strongswan (6.0.1-6+deb13u1) trixie; urgency=medium
 .
   * d/patches: add patches to fix OpenSSL 3.5.1 support (Closes: #1109942)
Checksums-Sha1:
 58e1a71d85a3b09896c0bb689888c6d59da7549c 3211 strongswan_6.0.1-6+deb13u1.dsc
 4bba6ac608d65d264ddde2269f3c275b978923fe 129048 strongswan_6.0.1-6+deb13u1.debian.tar.xz
 b6915340dbe091c3ef5515cce16a138c93aba6d7 18637 strongswan_6.0.1-6+deb13u1_amd64.buildinfo
Checksums-Sha256:
 8dac72e54f8a563b80afcfb612246405b74e660ace3bcf0e2dc36c63706ebd38 3211 strongswan_6.0.1-6+deb13u1.dsc
 6e5fa8af2cd7ab9bf43369d7be37e028dcc2f6c88f5d80d3967505f24070f543 129048 strongswan_6.0.1-6+deb13u1.debian.tar.xz
 cce75f7667b4757e761f7714745f774e622307a301b45da3c9b188dbf93b63e5 18637 strongswan_6.0.1-6+deb13u1_amd64.buildinfo
Files:
 7af552735aaa7c207256b7c162a2a306 3211 net optional strongswan_6.0.1-6+deb13u1.dsc
 9cc2cfcfaf3c2a9e4265fdbc77e98166 129048 net optional strongswan_6.0.1-6+deb13u1.debian.tar.xz
 0218c07c0ab4504733bf956daff4bcc0 18637 net optional strongswan_6.0.1-6+deb13u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmiu04AACgkQ3rYcyPpX
RFvESwf9Hwm30U5+msc9g0620viMOdfErxObJVcxpg63LJWFpi0XyJhRf8YTSY1w
fUk0xrYez4T+m+zQud1CN8BceYu9ApaRgFuT0YSvM5mi1I8q0M8pEJcD7ER6n3VF
PQC/Q4yEO3wSGLmrD8R4VUsei2hLs0c27jKDNq6uhH4oTdvt8HgdO8wLWxJOtGAw
6TaQpaw3KutD9GMocd3VxNZwYIUEdTPdqZxUQoTkGfLz7GSWR9porOFy92xRNK6C
uTOqhC2cHpGmz6/WgS6+AAddWEJU3YgEJ5TsRcvgMfcrY5fTmDIO7jCCiZKaUi0j
+PS//erfMzDZybl1IiO32fr3niM1Ug==
=/19T
-----END PGP SIGNATURE-----