- In IKEv1 Quick Mode make sure that a proposal exists before determining lifetimes (fixes a crash
due to a null-pointer dereference in 5.8.3, cb26c5547c).
- OpenSSL currently doesn't support squeezing bytes out of a SHAKE128/256 XOF (support was added
with 5.8.3) multiple times. Unfortunately,
EVP_DigestFinalXOF()completely resets the context and
later calls not simply fail, they cause a null-pointer dereference in libcrypto. c5c1898d73 fixes the
crash at the cost of repeating initializing the whole state and allocating too much data for subsequent
calls (hopefully, once the OpenSSL issue 7894 is resolved we can implement this more efficiently).
- On 32-bit platforms, reading arbitrary 32-bit integers from config files (e.g. for charon.spi_min/max)
has been fixed (99bef7b686).