Version 5.7.2¶

• For RSA with PSS padding, the TPM 2.0 specification mandates the maximum salt length
  (as defined by the length of the key and hash). However, if the TPM is FIPS-168-4 compliant,
  the salt length equals the hash length. This is assumed for FIPS-140-2 compliant TPMs, but
  if that's not the case, it might be necessary to manually enable charon.plugins.tpm.fips_186_4
  if the TPM doesn't use the maximum salt length.

• Directories for credentials loaded by swanctl are now accessed relative to the loaded
  swanctl.conf file, in particular, when loading it from a custom location via --file argument.
  The base directory, which is used if no custom location for swanctl.conf is specified, is now
  also configurable at runtime via SWANCTL_DIR environment variable.

• Selectors installed on transport mode SAs by the kernel_netlink plugin are now updated if an
  IP address changes (e.g. via MOBIKE) and it was part of the selectors.

• No deletes are sent anymore when a rekeyed CHILD_SA expires (#2815).

• The bypass-lan plugin now tracks interfaces to handle subnets that move from one interface
  to another and properly update associated routes (#2820).

• Only valid and expected inbound IKEv2 messages are used to update the timestamp of the
  last received message (previously retransmits also triggered an update).

• Active and queued Quick Mode tasks are now adopted if the peer reauthenticates an IKEv1 SA
  while creating lots of CHILD_SAs.

• Newer versions of the FreeBSD kernel add an SADB_X_EXT_SA2 extension to SADB_ACQUIRE
  messages, which allows the kernel-pfkey plugin to determine the reqid of the policy even if it
  wasn't installed by the daemon previously (e.g. when using FreeBSD's if_ipsec(4) VTIs, which
  install policies themselves, commit:872b9b3e8d).

• Added support for RSA signatures with SHA-256 and SHA-512 to the agent plugin. For older
  versions of ssh/gpg-agent that only support SHA-1, IKEv2 signature authentication has to be
  disabled via charon.signature_authentication.

• The sshkey and agent plugins support Ed25519/Ed448 SSH keys and signatures.

• The openssl plugin supports X25519/X448 Diffie-Hellman and Ed25519/Ed448 keys and
  signatures when built against OpenSSL 1.1.1.

• Support for Ed25519, ChaCha20/Poly1305, SHA-3 and AES-CCM were added to the botan plugin.

• The mysql plugin now properly handles database connections with transactions
  under heavy load (#2779).

• IP addresses in ha pools are now distributed evenly among all segments (#2828).

• Private key implementations may optionally provide a list of supported signature schemes,
  which, as described above, is used by the tpm plugin because for each key on a TPM 2.0 the
  hash algorithm and for RSA also the padding scheme is predefined.

• The testing environment is now based on Debian 9 (stretch) by default. This required
  some changes, in particular, updating to FreeRADIUS 3.x (which forced us to abandon the
  TNC@FHH patches and scenarios, commit:2fbe44bef3) and removing FIPS-enabled versions of
  OpenSSL (the FIPS module only supports OpenSSL 1.0.2).

• Most test scenarios were migrated to swanctl.