Version 5.8.4

  • In IKEv1 Quick Mode make sure that a proposal exists before determining lifetimes (fixes a crash
    due to a null-pointer dereference in 5.8.3, cb26c5547c).
  • OpenSSL currently doesn't support squeezing bytes out of a SHAKE128/256 XOF (support was added
    with 5.8.3) multiple times. Unfortunately, EVP_DigestFinalXOF() completely resets the context and
    later calls not simply fail, they cause a null-pointer dereference in libcrypto. c5c1898d73 fixes the
    crash at the cost of repeating initializing the whole state and allocating too much data for subsequent
    calls (hopefully, once the OpenSSL issue 7894 is resolved we can implement this more efficiently).
  • On 32-bit platforms, reading arbitrary 32-bit integers from config files (e.g. for charon.spi_min/max)
    has been fixed (99bef7b686).