From eafbf81b248e694641df5c2b3293b9a55457b272 Mon Sep 17 00:00:00 2001 From: Manuel Faux Date: Sat, 2 Sep 2023 16:43:12 +0200 Subject: [PATCH] Fix IPsec key pair generator for secp256k1 EC and add properer naming to UI (#6817) Key generation for the "256" EC does not work as secp256r1 does not exist in OpenSSL, it's called secp256k1. Also the names shown in the UI are ambiguous as there are several curves with 256, 384 or 521 bits. --- .../controllers/OPNsense/IPsec/Api/KeyPairsController.php | 2 +- src/opnsense/mvc/app/views/OPNsense/IPsec/key_pairs.volt | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/opnsense/mvc/app/controllers/OPNsense/IPsec/Api/KeyPairsController.php b/src/opnsense/mvc/app/controllers/OPNsense/IPsec/Api/KeyPairsController.php index 74ba0cdce..332f090e5 100644 --- a/src/opnsense/mvc/app/controllers/OPNsense/IPsec/Api/KeyPairsController.php +++ b/src/opnsense/mvc/app/controllers/OPNsense/IPsec/Api/KeyPairsController.php @@ -137,7 +137,7 @@ class KeyPairsController extends ApiMutableModelControllerBase $attrs['private_key_type'] = OPENSSL_KEYTYPE_EC; switch ($size ?? '384') { case '256'; - $attrs['curve_name'] = "secp256r1"; + $attrs['curve_name'] = "prime256v1"; break; case '384'; $attrs['curve_name'] = "secp384r1"; diff --git a/src/opnsense/mvc/app/views/OPNsense/IPsec/key_pairs.volt b/src/opnsense/mvc/app/views/OPNsense/IPsec/key_pairs.volt index 59109c9de..d99c83c80 100644 --- a/src/opnsense/mvc/app/views/OPNsense/IPsec/key_pairs.volt +++ b/src/opnsense/mvc/app/views/OPNsense/IPsec/key_pairs.volt @@ -72,9 +72,9 @@ - - - + + +