Release and vulnerability announcements for strongSwan

strongSwan 5.8.4 Released

strongSwan 5.8.4 fixes two regressions in last week's 5.8.3 release, one affecting IKEv1 Quick Mode the other OpenSSL's SHAKE128/256 XOFs.

Potential Crash During IKEv1 Quick Mode

The changes regarding lifetimes and proposal/transform IDs in last week's 5.8.3 release contained a regression that caused a crash due to a null-pointer dereference if the proposal selection failed during IKEv1 Quick Mode (i.e. after the peers have been authenticated).

Potential Crash in OpenSSL's SHAKE128/256 XOF

OpenSSL currently doesn't support squeezing bytes out of a SHAKE128/256 XOF multiple times (support for these was added with last week's 5.8.3 release). Unfortunately, EVP_DigestFinalXOF() completely resets the context and later calls not simply fail, they cause a null-pointer dereference in libcrypto. The fix for this comes at the cost of repeatedly initializing the whole state and allocating too much data for subsequent calls (hopefully, once the OpenSSL issue 7894 is resolved we can implement this more efficiently). These XOFs are currently only used in the newhope and frodo plugins.

Other Notable Features and Fixes

Download Complete Changelog