strongSwan

Not sure whether this is better categorized as a feature or a bug. Maybe more of a feature...

In 5.2.0 and earlier, encrypted PKCS#8 files using PBES2 and any non-3DES algorithm fail to unwrap in Strongswan. It is possible with a small code change to make other algorithms used with PBES2 like DES, RC2, Blowfish and AES accessible in Strongswan. Given openssl's use of PKCS#8 as the default write format for private keys, we may see more keys encrypted with PBES2 and AES. The other older ciphers (DES, RC2, Blowfish) probably won't be found very often, but the changes to enable these ciphers were easy to do once the work for AES was done. I have attached a proof-of-concept fix that will allow Strongswan to unwrap keys generated in this format, for example:

openssl genrsa 2048 | openssl pkcs8 -topk8 -v2 <CIPHER> -out some-p8-enc-key.pem
Where <CIPHER> can be des, des3, aes128, aes192, aes256, bf-cbc, rc2-40-cbc, rc2-64-cbc, or rc2-cbc (128-bit)

The blowfish support requires --enable-blowfish to be added at configure time.

This was tested using Strongswan 5.2.0 on CentOS 7
CentOS Linux release 7.0.1406 (Core)
Linux abbott 3.10.0-123.8.1.el7.x86_64 #1 SMP Mon Sep 22 19:06:58 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux