From 0bed40c9cba1c19e7aee6f96bcb997ed029dd72560c89c0a0af6d0cc384f7b9f Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sat, 30 Apr 2022 08:43:01 +0000 Subject: [PATCH] - Update to release 5.9.6 OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=135 --- prf-plus-modularization.patch | 15911 -------------------------------- strongswan-5.9.5.tar.bz2 | 3 - strongswan-5.9.5.tar.bz2.sig | 14 - strongswan-5.9.6.tar.bz2 | 3 + strongswan-5.9.6.tar.bz2.sig | 14 + strongswan.changes | 21 + strongswan.spec | 16 +- 7 files changed, 40 insertions(+), 15942 deletions(-) delete mode 100644 prf-plus-modularization.patch delete mode 100644 strongswan-5.9.5.tar.bz2 delete mode 100644 strongswan-5.9.5.tar.bz2.sig create mode 100644 strongswan-5.9.6.tar.bz2 create mode 100644 strongswan-5.9.6.tar.bz2.sig diff --git a/prf-plus-modularization.patch b/prf-plus-modularization.patch deleted file mode 100644 index 7c2842e..0000000 --- a/prf-plus-modularization.patch +++ /dev/null @@ -1,15911 +0,0 @@ -Index: strongswan-5.9.5/Android.mk -=================================================================== ---- strongswan-5.9.5.orig/Android.mk -+++ strongswan-5.9.5/Android.mk -@@ -17,7 +17,7 @@ include $(CLEAR_VARS) - # this is the list of plugins that are built into libstrongswan and charon - # also these plugins are loaded by default (if not changed in strongswan.conf) - strongswan_CHARON_PLUGINS := android-log openssl fips-prf random nonce pubkey \ -- pkcs1 pkcs8 pem xcbc hmac kernel-netlink socket-default android-dns \ -+ pkcs1 pkcs8 pem xcbc hmac kdf kernel-netlink socket-default android-dns \ - stroke eap-identity eap-mschapv2 eap-md5 eap-gtc - - ifneq ($(strongswan_BUILD_SCEPCLIENT),) -Index: strongswan-5.9.5/configure.ac -=================================================================== ---- strongswan-5.9.5.orig/configure.ac -+++ strongswan-5.9.5/configure.ac -@@ -148,6 +148,7 @@ ARG_ENABL_SET([gcrypt], [enables - ARG_DISBL_SET([gmp], [disable GNU MP (libgmp) based crypto implementation plugin.]) - ARG_DISBL_SET([curve25519], [disable Curve25519 Diffie-Hellman plugin.]) - ARG_DISBL_SET([hmac], [disable HMAC crypto implementation plugin.]) -+ARG_DISBL_SET([kdf], [disable KDF (prf+) implementation plugin.]) - ARG_ENABL_SET([md4], [enable MD4 software implementation plugin.]) - ARG_DISBL_SET([md5], [disable MD5 software implementation plugin.]) - ARG_ENABL_SET([mgf1], [enable the MGF1 software implementation plugin.]) -@@ -1494,6 +1495,7 @@ ADD_PLUGIN([chapoly], [s ch - ADD_PLUGIN([xcbc], [s charon nm cmd]) - ADD_PLUGIN([cmac], [s charon nm cmd]) - ADD_PLUGIN([hmac], [s charon pki scripts nm cmd]) -+ADD_PLUGIN([kdf], [s charon pki scripts nm cmd]) - ADD_PLUGIN([ctr], [s charon scripts nm cmd]) - ADD_PLUGIN([ccm], [s charon scripts nm cmd]) - ADD_PLUGIN([gcm], [s charon scripts nm cmd]) -@@ -1647,6 +1649,7 @@ AM_CONDITIONAL(USE_DNSKEY, test x$dnskey - AM_CONDITIONAL(USE_SSHKEY, test x$sshkey = xtrue) - AM_CONDITIONAL(USE_PEM, test x$pem = xtrue) - AM_CONDITIONAL(USE_HMAC, test x$hmac = xtrue) -+AM_CONDITIONAL(USE_KDF, test x$kdf = xtrue) - AM_CONDITIONAL(USE_CMAC, test x$cmac = xtrue) - AM_CONDITIONAL(USE_XCBC, test x$xcbc = xtrue) - AM_CONDITIONAL(USE_MYSQL, test x$mysql = xtrue) -@@ -1911,6 +1914,7 @@ AC_CONFIG_FILES([ - src/libstrongswan/plugins/random/Makefile - src/libstrongswan/plugins/nonce/Makefile - src/libstrongswan/plugins/hmac/Makefile -+ src/libstrongswan/plugins/kdf/Makefile - src/libstrongswan/plugins/xcbc/Makefile - src/libstrongswan/plugins/x509/Makefile - src/libstrongswan/plugins/revocation/Makefile -Index: strongswan-5.9.5/src/libcharon/kernel/kernel_interface.h -=================================================================== ---- strongswan-5.9.5.orig/src/libcharon/kernel/kernel_interface.h -+++ strongswan-5.9.5/src/libcharon/kernel/kernel_interface.h -@@ -50,7 +50,6 @@ typedef struct kernel_interface_t kernel - typedef enum kernel_feature_t kernel_feature_t; - - #include --#include - - #include - #include -Index: strongswan-5.9.5/src/libcharon/plugins/stroke/stroke_list.c -=================================================================== ---- strongswan-5.9.5.orig/src/libcharon/plugins/stroke/stroke_list.c -+++ strongswan-5.9.5/src/libcharon/plugins/stroke/stroke_list.c -@@ -849,6 +849,7 @@ static void list_algs(FILE *out) - hash_algorithm_t hash; - pseudo_random_function_t prf; - ext_out_function_t xof; -+ key_derivation_function_t kdf; - drbg_type_t drbg; - diffie_hellman_group_t group; - rng_quality_t quality; -@@ -905,6 +906,14 @@ static void list_algs(FILE *out) - print_alg(out, &len, ext_out_function_names, xof, plugin_name); - } - enumerator->destroy(enumerator); -+ fprintf(out, "\n kdf: "); -+ len = 13; -+ enumerator = lib->crypto->create_kdf_enumerator(lib->crypto); -+ while (enumerator->enumerate(enumerator, &kdf, &plugin_name)) -+ { -+ print_alg(out, &len, key_derivation_function_names, kdf, plugin_name); -+ } -+ enumerator->destroy(enumerator); - fprintf(out, "\n drbg: "); - len = 13; - enumerator = lib->crypto->create_drbg_enumerator(lib->crypto); -Index: strongswan-5.9.5/src/libcharon/plugins/vici/vici_query.c -=================================================================== ---- strongswan-5.9.5.orig/src/libcharon/plugins/vici/vici_query.c -+++ strongswan-5.9.5/src/libcharon/plugins/vici/vici_query.c -@@ -1266,6 +1266,7 @@ CALLBACK(get_algorithms, vici_message_t* - hash_algorithm_t hash; - pseudo_random_function_t prf; - ext_out_function_t xof; -+ key_derivation_function_t kdf; - drbg_type_t drbg; - diffie_hellman_group_t group; - rng_quality_t quality; -@@ -1326,6 +1327,15 @@ CALLBACK(get_algorithms, vici_message_t* - } - enumerator->destroy(enumerator); - b->end_section(b); -+ -+ b->begin_section(b, "kdf"); -+ enumerator = lib->crypto->create_kdf_enumerator(lib->crypto); -+ while (enumerator->enumerate(enumerator, &kdf, &plugin_name)) -+ { -+ add_algorithm(b, key_derivation_function_names, kdf, plugin_name); -+ } -+ enumerator->destroy(enumerator); -+ b->end_section(b); - - b->begin_section(b, "drbg"); - enumerator = lib->crypto->create_drbg_enumerator(lib->crypto); -Index: strongswan-5.9.5/src/libcharon/sa/child_sa.h -=================================================================== ---- strongswan-5.9.5.orig/src/libcharon/sa/child_sa.h -+++ strongswan-5.9.5/src/libcharon/sa/child_sa.h -@@ -29,7 +29,6 @@ typedef struct child_sa_t child_sa_t; - typedef struct child_sa_create_t child_sa_create_t; - - #include --#include - #include - #include - #include -Index: strongswan-5.9.5/src/libcharon/sa/ikev1/keymat_v1.c -=================================================================== ---- strongswan-5.9.5.orig/src/libcharon/sa/ikev1/keymat_v1.c -+++ strongswan-5.9.5/src/libcharon/sa/ikev1/keymat_v1.c -@@ -507,6 +507,36 @@ METHOD(keymat_v1_t, derive_ike_keys, boo - this->aead->get_block_size(this->aead)); - } - -+/** -+ * Derive key material for CHILD_SAs according to section 5.5. in RFC 2409. -+ */ -+static bool derive_child_keymat(private_keymat_v1_t *this, chunk_t seed, -+ uint16_t enc_size, chunk_t *encr, -+ uint16_t int_size, chunk_t *integ) -+{ -+ size_t block_size, i; -+ chunk_t keymat, prev = chunk_empty; -+ -+ block_size = this->prf->get_block_size(this->prf); -+ keymat = chunk_alloc(round_up(enc_size + int_size, block_size)); -+ keymat.len = enc_size + int_size; -+ -+ for (i = 0; i < keymat.len; i += block_size) -+ { -+ if (!this->prf->get_bytes(this->prf, prev, NULL) || -+ !this->prf->get_bytes(this->prf, seed, keymat.ptr + i)) -+ { -+ chunk_clear(&keymat); -+ return FALSE; -+ } -+ prev = chunk_create(keymat.ptr + i, block_size); -+ } -+ -+ chunk_split(keymat, "aa", enc_size, encr, int_size, integ); -+ chunk_clear(&keymat); -+ return TRUE; -+} -+ - METHOD(keymat_v1_t, derive_child_keys, bool, - private_keymat_v1_t *this, proposal_t *proposal, diffie_hellman_t *dh, - uint32_t spi_i, uint32_t spi_r, chunk_t nonce_i, chunk_t nonce_r, -@@ -514,8 +544,7 @@ METHOD(keymat_v1_t, derive_child_keys, b - { - uint16_t enc_alg, int_alg, enc_size = 0, int_size = 0; - uint8_t protocol; -- prf_plus_t *prf_plus; -- chunk_t seed, secret = chunk_empty; -+ chunk_t seed = chunk_empty, secret = chunk_empty; - bool success = FALSE; - - if (proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, -@@ -599,11 +628,7 @@ METHOD(keymat_v1_t, derive_child_keys, b - seed = chunk_cata("ccccc", secret, chunk_from_thing(protocol), - chunk_from_thing(spi_r), nonce_i, nonce_r); - DBG4(DBG_CHD, "initiator SA seed %B", &seed); -- -- prf_plus = prf_plus_create(this->prf, FALSE, seed); -- if (!prf_plus || -- !prf_plus->allocate_bytes(prf_plus, enc_size, encr_i) || -- !prf_plus->allocate_bytes(prf_plus, int_size, integ_i)) -+ if (!derive_child_keymat(this, seed, enc_size, encr_i, int_size, integ_i)) - { - goto failure; - } -@@ -611,11 +636,7 @@ METHOD(keymat_v1_t, derive_child_keys, b - seed = chunk_cata("ccccc", secret, chunk_from_thing(protocol), - chunk_from_thing(spi_i), nonce_i, nonce_r); - DBG4(DBG_CHD, "responder SA seed %B", &seed); -- prf_plus->destroy(prf_plus); -- prf_plus = prf_plus_create(this->prf, FALSE, seed); -- if (!prf_plus || -- !prf_plus->allocate_bytes(prf_plus, enc_size, encr_r) || -- !prf_plus->allocate_bytes(prf_plus, int_size, integ_r)) -+ if (!derive_child_keymat(this, seed, enc_size, encr_r, int_size, integ_r)) - { - goto failure; - } -@@ -640,7 +661,7 @@ failure: - chunk_clear(encr_r); - chunk_clear(integ_r); - } -- DESTROY_IF(prf_plus); -+ memwipe(seed.ptr, seed.len); - chunk_clear(&secret); - - return success; -Index: strongswan-5.9.5/src/libcharon/sa/ikev2/keymat_v2.c -=================================================================== ---- strongswan-5.9.5.orig/src/libcharon/sa/ikev2/keymat_v2.c -+++ strongswan-5.9.5/src/libcharon/sa/ikev2/keymat_v2.c -@@ -17,7 +17,6 @@ - #include "keymat_v2.h" - - #include --#include - #include - - typedef struct private_keymat_v2_t private_keymat_v2_t; -@@ -97,13 +96,12 @@ METHOD(keymat_t, create_nonce_gen, nonce - } - - /** -- * Derive IKE keys for a combined AEAD algorithm -+ * Create aead_t objects for a combined-mode AEAD algorithm, sets the length of -+ * sk_ei and sk_er - */ --static bool derive_ike_aead(private_keymat_v2_t *this, uint16_t alg, -- uint16_t key_size, prf_plus_t *prf_plus, -- chunk_t *sk_ei, chunk_t *sk_er) -+static bool create_ike_aead(private_keymat_v2_t *this, uint16_t alg, -+ uint16_t key_size, chunk_t *sk_ei, chunk_t *sk_er) - { -- aead_t *aead_i, *aead_r; - u_int salt_size; - - switch (alg) -@@ -131,201 +129,177 @@ static bool derive_ike_aead(private_keym - return FALSE; - } - -- /* SK_ei/SK_er used for encryption */ -- aead_i = lib->crypto->create_aead(lib->crypto, alg, key_size / 8, salt_size); -- aead_r = lib->crypto->create_aead(lib->crypto, alg, key_size / 8, salt_size); -- if (aead_i == NULL || aead_r == NULL) -+ this->aead_in = lib->crypto->create_aead(lib->crypto, alg, key_size / 8, -+ salt_size); -+ this->aead_out = lib->crypto->create_aead(lib->crypto, alg, key_size / 8, -+ salt_size); -+ if (!this->aead_in || !this->aead_out) - { - DBG1(DBG_IKE, "%N %N (key size %d) not supported!", - transform_type_names, ENCRYPTION_ALGORITHM, - encryption_algorithm_names, alg, key_size); -- goto failure; -- } -- key_size = aead_i->get_key_size(aead_i); -- if (key_size != aead_r->get_key_size(aead_r)) -- { -- goto failure; -- } -- if (!prf_plus->allocate_bytes(prf_plus, key_size, sk_ei)) -- { -- goto failure; -- } -- DBG4(DBG_IKE, "Sk_ei secret %B", sk_ei); -- if (!aead_i->set_key(aead_i, *sk_ei)) -- { -- goto failure; -- } -- -- if (!prf_plus->allocate_bytes(prf_plus, key_size, sk_er)) -- { -- goto failure; -- } -- DBG4(DBG_IKE, "Sk_er secret %B", sk_er); -- if (!aead_r->set_key(aead_r, *sk_er)) -- { -- goto failure; -- } -- -- if (this->initiator) -- { -- this->aead_in = aead_r; -- this->aead_out = aead_i; -+ return FALSE; - } -- else -+ sk_ei->len = this->aead_in->get_key_size(this->aead_in); -+ sk_er->len = this->aead_out->get_key_size(this->aead_out); -+ if (sk_ei->len != sk_er->len) - { -- this->aead_in = aead_i; -- this->aead_out = aead_r; -+ return FALSE; - } -- aead_i = aead_r = NULL; -- --failure: -- DESTROY_IF(aead_i); -- DESTROY_IF(aead_r); -- return this->aead_in && this->aead_out; -+ return TRUE; - } - - /** -- * Derive IKE keys for traditional encryption and MAC algorithms -+ * Create aead_t objects for traditional encryption and MAC algorithms, sets the -+ * length of key chunks - */ --static bool derive_ike_traditional(private_keymat_v2_t *this, uint16_t enc_alg, -- uint16_t enc_size, uint16_t int_alg, prf_plus_t *prf_plus, -- chunk_t *sk_ai, chunk_t *sk_ar, chunk_t *sk_ei, -- chunk_t *sk_er) --{ -- crypter_t *crypter_i = NULL, *crypter_r = NULL; -- signer_t *signer_i, *signer_r; -- iv_gen_t *ivg_i, *ivg_r; -- size_t key_size; -+static bool create_ike_traditional(private_keymat_v2_t *this, uint16_t enc_alg, -+ uint16_t enc_size, uint16_t int_alg, chunk_t *sk_ai, -+ chunk_t *sk_ar, chunk_t *sk_ei, chunk_t *sk_er) -+{ -+ crypter_t *crypter_i = NULL, *crypter_o = NULL; -+ signer_t *signer_i, *signer_o; -+ iv_gen_t *ivg_i, *ivg_o; - - signer_i = lib->crypto->create_signer(lib->crypto, int_alg); -- signer_r = lib->crypto->create_signer(lib->crypto, int_alg); -- crypter_i = lib->crypto->create_crypter(lib->crypto, enc_alg, enc_size / 8); -- crypter_r = lib->crypto->create_crypter(lib->crypto, enc_alg, enc_size / 8); -- if (signer_i == NULL || signer_r == NULL) -+ signer_o = lib->crypto->create_signer(lib->crypto, int_alg); -+ if (!signer_i || !signer_o) - { - DBG1(DBG_IKE, "%N %N not supported!", - transform_type_names, INTEGRITY_ALGORITHM, - integrity_algorithm_names, int_alg); - goto failure; - } -- if (crypter_i == NULL || crypter_r == NULL) -+ crypter_i = lib->crypto->create_crypter(lib->crypto, enc_alg, enc_size / 8); -+ crypter_o = lib->crypto->create_crypter(lib->crypto, enc_alg, enc_size / 8); -+ if (!crypter_i || !crypter_o) - { - DBG1(DBG_IKE, "%N %N (key size %d) not supported!", - transform_type_names, ENCRYPTION_ALGORITHM, - encryption_algorithm_names, enc_alg, enc_size); - goto failure; - } -- -- /* SK_ai/SK_ar used for integrity protection */ -- key_size = signer_i->get_key_size(signer_i); -- -- if (!prf_plus->allocate_bytes(prf_plus, key_size, sk_ai)) -- { -- goto failure; -- } -- DBG4(DBG_IKE, "Sk_ai secret %B", sk_ai); -- if (!signer_i->set_key(signer_i, *sk_ai)) -- { -- goto failure; -- } -- -- if (!prf_plus->allocate_bytes(prf_plus, key_size, sk_ar)) -- { -- goto failure; -- } -- DBG4(DBG_IKE, "Sk_ar secret %B", sk_ar); -- if (!signer_r->set_key(signer_r, *sk_ar)) -- { -- goto failure; -- } -- -- /* SK_ei/SK_er used for encryption */ -- key_size = crypter_i->get_key_size(crypter_i); -- -- if (!prf_plus->allocate_bytes(prf_plus, key_size, sk_ei)) -- { -- goto failure; -- } -- DBG4(DBG_IKE, "Sk_ei secret %B", sk_ei); -- if (!crypter_i->set_key(crypter_i, *sk_ei)) -- { -- goto failure; -- } -- -- if (!prf_plus->allocate_bytes(prf_plus, key_size, sk_er)) -+ sk_ai->len = signer_i->get_key_size(signer_i); -+ sk_ar->len = signer_o->get_key_size(signer_o); -+ if (sk_ai->len != sk_ar->len) - { - goto failure; - } -- DBG4(DBG_IKE, "Sk_er secret %B", sk_er); -- if (!crypter_r->set_key(crypter_r, *sk_er)) -+ sk_ei->len = crypter_i->get_key_size(crypter_i); -+ sk_er->len = crypter_o->get_key_size(crypter_o); -+ if (sk_ei->len != sk_er->len) - { - goto failure; - } -- - ivg_i = iv_gen_create_for_alg(enc_alg); -- ivg_r = iv_gen_create_for_alg(enc_alg); -- if (!ivg_i || !ivg_r) -+ ivg_o = iv_gen_create_for_alg(enc_alg); -+ if (!ivg_i || !ivg_o) - { - goto failure; - } -- if (this->initiator) -- { -- this->aead_in = aead_create(crypter_r, signer_r, ivg_r); -- this->aead_out = aead_create(crypter_i, signer_i, ivg_i); -- } -- else -- { -- this->aead_in = aead_create(crypter_i, signer_i, ivg_i); -- this->aead_out = aead_create(crypter_r, signer_r, ivg_r); -- } -- signer_i = signer_r = NULL; -- crypter_i = crypter_r = NULL; -+ this->aead_in = aead_create(crypter_i, signer_i, ivg_i); -+ this->aead_out = aead_create(crypter_o, signer_o, ivg_o); -+ signer_i = signer_o = NULL; -+ crypter_i = crypter_o = NULL; - - failure: - DESTROY_IF(signer_i); -- DESTROY_IF(signer_r); -+ DESTROY_IF(signer_o); - DESTROY_IF(crypter_i); -- DESTROY_IF(crypter_r); -+ DESTROY_IF(crypter_o); - return this->aead_in && this->aead_out; - } - -+/** -+ * Set keys on AEAD objects -+ */ -+static bool set_aead_keys(private_keymat_v2_t *this, uint16_t enc_alg, -+ chunk_t sk_ai, chunk_t sk_ar, -+ chunk_t sk_ei, chunk_t sk_er) -+{ -+ aead_t *aead_i, *aead_r; -+ chunk_t sk_i, sk_r; -+ bool success; -+ -+ aead_i = this->initiator ? this->aead_out : this->aead_in; -+ aead_r = this->initiator ? this->aead_in : this->aead_out; -+ -+ sk_i = chunk_cat("cc", sk_ai, sk_ei); -+ sk_r = chunk_cat("cc", sk_ar, sk_er); -+ -+ success = aead_i->set_key(aead_i, sk_i) && -+ aead_r->set_key(aead_r, sk_r); -+ -+ chunk_clear(&sk_i); -+ chunk_clear(&sk_r); -+ return success; -+} -+ - METHOD(keymat_v2_t, derive_ike_keys, bool, - private_keymat_v2_t *this, proposal_t *proposal, diffie_hellman_t *dh, - chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id, - pseudo_random_function_t rekey_function, chunk_t rekey_skd) - { - chunk_t skeyseed = chunk_empty, secret, full_nonce, fixed_nonce; -- chunk_t prf_plus_seed, spi_i, spi_r; -+ chunk_t prf_plus_seed, spi_i, spi_r, keymat = chunk_empty; - chunk_t sk_ei = chunk_empty, sk_er = chunk_empty; - chunk_t sk_ai = chunk_empty, sk_ar = chunk_empty, sk_pi, sk_pr; -- prf_plus_t *prf_plus = NULL; -- uint16_t alg, key_size, int_alg; -- prf_t *rekey_prf = NULL; -+ kdf_t *prf = NULL, *prf_plus = NULL; -+ uint16_t prf_alg, key_size, enc_alg, enc_size, int_alg; -+ bool success = FALSE; - - spi_i = chunk_alloca(sizeof(uint64_t)); - spi_r = chunk_alloca(sizeof(uint64_t)); - -- if (!dh->get_shared_secret(dh, &secret)) -+ /* create SA's general purpose PRF first, we may use it here */ -+ if (!proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &prf_alg, -+ NULL)) - { -+ DBG1(DBG_IKE, "no %N selected", -+ transform_type_names, PSEUDO_RANDOM_FUNCTION); - return FALSE; - } -+ this->prf_alg = prf_alg; -+ this->prf = lib->crypto->create_prf(lib->crypto, this->prf_alg); -+ if (!this->prf) -+ { -+ DBG1(DBG_IKE, "%N %N not supported!", transform_type_names, -+ PSEUDO_RANDOM_FUNCTION, pseudo_random_function_names, -+ this->prf_alg); -+ return FALSE; -+ } -+ key_size = this->prf->get_key_size(this->prf); - -- /* Create SAs general purpose PRF first, we may use it here */ -- if (!proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &alg, NULL)) -+ /* create SA's AEAD instances to determine key sizes */ -+ if (!proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &enc_alg, -+ &enc_size)) - { -- DBG1(DBG_IKE, "no %N selected", -- transform_type_names, PSEUDO_RANDOM_FUNCTION); -- chunk_clear(&secret); -+ DBG1(DBG_IKE, "no %N selected", transform_type_names, -+ ENCRYPTION_ALGORITHM); - return FALSE; - } -- this->prf_alg = alg; -- this->prf = lib->crypto->create_prf(lib->crypto, alg); -- if (this->prf == NULL) -+ if (!encryption_algorithm_is_aead(enc_alg)) -+ { -+ if (!proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &int_alg, -+ NULL)) -+ { -+ DBG1(DBG_IKE, "no %N selected", transform_type_names, -+ INTEGRITY_ALGORITHM); -+ return FALSE; -+ } -+ if (!create_ike_traditional(this, enc_alg, enc_size, int_alg, -+ &sk_ai, &sk_ar, &sk_ei, &sk_er)) -+ { -+ return FALSE; -+ } -+ } -+ else if (!create_ike_aead(this, enc_alg, enc_size, &sk_ei, &sk_er)) -+ { -+ return FALSE; -+ } -+ -+ if (!dh->get_shared_secret(dh, &secret)) - { -- DBG1(DBG_IKE, "%N %N not supported!", -- transform_type_names, PSEUDO_RANDOM_FUNCTION, -- pseudo_random_function_names, alg); -- chunk_clear(&secret); - return FALSE; - } - DBG4(DBG_IKE, "shared Diffie Hellman secret %B", &secret); -@@ -333,7 +307,7 @@ METHOD(keymat_v2_t, derive_ike_keys, boo - full_nonce = chunk_cat("cc", nonce_i, nonce_r); - /* but the PRF may need a fixed key which only uses the first bytes of - * the nonces. */ -- switch (alg) -+ switch (prf_alg) - { - case PRF_AES128_CMAC: - /* while variable keys may be used according to RFC 4615, RFC 7296 -@@ -345,9 +319,8 @@ METHOD(keymat_v2_t, derive_ike_keys, boo - case PRF_CAMELLIA128_XCBC: - /* draft-kanno-ipsecme-camellia-xcbc refers to rfc 4434, we - * assume fixed key length. */ -- key_size = this->prf->get_key_size(this->prf)/2; -- nonce_i.len = min(nonce_i.len, key_size); -- nonce_r.len = min(nonce_r.len, key_size); -+ nonce_i.len = min(nonce_i.len, key_size / 2); -+ nonce_r.len = min(nonce_r.len, key_size / 2); - break; - default: - /* all other algorithms use variable key length, full nonce */ -@@ -365,19 +338,22 @@ METHOD(keymat_v2_t, derive_ike_keys, boo - if (rekey_function == PRF_UNDEFINED) /* not rekeying */ - { - /* SKEYSEED = prf(Ni | Nr, g^ir) */ -- if (this->prf->set_key(this->prf, fixed_nonce) && -- this->prf->allocate_bytes(this->prf, secret, &skeyseed) && -- this->prf->set_key(this->prf, skeyseed)) -+ prf = lib->crypto->create_kdf(lib->crypto, KDF_PRF, this->prf_alg); -+ if (prf && -+ prf->set_param(prf, KDF_PARAM_KEY, fixed_nonce) && -+ prf->set_param(prf, KDF_PARAM_SALT, secret) && -+ prf->allocate_bytes(prf, 0, &skeyseed)) - { -- prf_plus = prf_plus_create(this->prf, TRUE, prf_plus_seed); -+ prf_plus = lib->crypto->create_kdf(lib->crypto, KDF_PRF_PLUS, -+ this->prf_alg); - } - } - else - { - /* SKEYSEED = prf(SK_d (old), [g^ir (new)] | Ni | Nr) - * use OLD SAs PRF functions for both prf_plus and prf */ -- rekey_prf = lib->crypto->create_prf(lib->crypto, rekey_function); -- if (!rekey_prf) -+ prf = lib->crypto->create_kdf(lib->crypto, KDF_PRF, rekey_function); -+ if (!prf) - { - DBG1(DBG_IKE, "PRF of old SA %N not supported!", - pseudo_random_function_names, rekey_function); -@@ -388,118 +364,97 @@ METHOD(keymat_v2_t, derive_ike_keys, boo - return FALSE; - } - secret = chunk_cat("sc", secret, full_nonce); -- if (rekey_prf->set_key(rekey_prf, rekey_skd) && -- rekey_prf->allocate_bytes(rekey_prf, secret, &skeyseed) && -- rekey_prf->set_key(rekey_prf, skeyseed)) -+ if (prf->set_param(prf, KDF_PARAM_KEY, rekey_skd) && -+ prf->set_param(prf, KDF_PARAM_SALT, secret) && -+ prf->allocate_bytes(prf, 0, &skeyseed)) - { -- prf_plus = prf_plus_create(rekey_prf, TRUE, prf_plus_seed); -+ prf_plus = lib->crypto->create_kdf(lib->crypto, KDF_PRF_PLUS, -+ rekey_function); - } - } - DBG4(DBG_IKE, "SKEYSEED %B", &skeyseed); -- -- chunk_clear(&skeyseed); - chunk_clear(&secret); - chunk_free(&full_nonce); - chunk_free(&fixed_nonce); -- chunk_clear(&prf_plus_seed); -+ DESTROY_IF(prf); - -- if (!prf_plus) -+ if (prf_plus && -+ (!prf_plus->set_param(prf_plus, KDF_PARAM_KEY, skeyseed) || -+ !prf_plus->set_param(prf_plus, KDF_PARAM_SALT, prf_plus_seed))) - { -- goto failure; -+ prf_plus->destroy(prf_plus); -+ prf_plus = NULL; - } -+ chunk_clear(&skeyseed); -+ chunk_clear(&prf_plus_seed); - -- /* KEYMAT = SK_d | SK_ai | SK_ar | SK_ei | SK_er | SK_pi | SK_pr */ -- -- /* SK_d is used for generating CHILD_SA key mat => store for later use */ -- key_size = this->prf->get_key_size(this->prf); -- if (!prf_plus->allocate_bytes(prf_plus, key_size, &this->skd)) -+ if (!prf_plus) - { - goto failure; - } -- DBG4(DBG_IKE, "Sk_d secret %B", &this->skd); - -- if (!proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &alg, &key_size)) -+ /* KEYMAT = SK_d | SK_ai | SK_ar | SK_ei | SK_er | SK_pi | SK_pr -+ * -+ * SK_d, SK_pi and SK_pr have the size of the PRF key -+ */ -+ keymat.len = 3 * key_size + sk_ai.len + sk_ar.len + sk_ei.len + sk_er.len; -+ if (!prf_plus->allocate_bytes(prf_plus, keymat.len, &keymat)) - { -- DBG1(DBG_IKE, "no %N selected", -- transform_type_names, ENCRYPTION_ALGORITHM); - goto failure; - } -+ chunk_split(keymat, "ammmmaa", key_size, &this->skd, sk_ai.len, &sk_ai, -+ sk_ar.len, &sk_ar, sk_ei.len, &sk_ei, sk_er.len, &sk_er, -+ key_size, &sk_pi, key_size, &sk_pr); - -- if (encryption_algorithm_is_aead(alg)) -- { -- if (!derive_ike_aead(this, alg, key_size, prf_plus, &sk_ei, &sk_er)) -- { -- goto failure; -- } -- } -- else -- { -- if (!proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, -- &int_alg, NULL)) -- { -- DBG1(DBG_IKE, "no %N selected", -- transform_type_names, INTEGRITY_ALGORITHM); -- goto failure; -- } -- if (!derive_ike_traditional(this, alg, key_size, int_alg, prf_plus, -- &sk_ai, &sk_ar, &sk_ei, &sk_er)) -- { -- goto failure; -- } -+ /* SK_d is used for generating CHILD_SA key mat => store for later use */ -+ DBG4(DBG_IKE, "Sk_d secret %B", &this->skd); -+ if (!encryption_algorithm_is_aead(enc_alg)) -+ { /* SK_ai/SK_ar used for integrity protection */ -+ DBG4(DBG_IKE, "Sk_ai secret %B", &sk_ai); -+ DBG4(DBG_IKE, "Sk_ar secret %B", &sk_ar); - } -- -- /* SK_pi/SK_pr used for authentication => stored for later */ -- key_size = this->prf->get_key_size(this->prf); -- if (!prf_plus->allocate_bytes(prf_plus, key_size, &sk_pi)) -+ /* SK_ei/SK_er used for encryption */ -+ DBG4(DBG_IKE, "Sk_ei secret %B", &sk_ei); -+ DBG4(DBG_IKE, "Sk_er secret %B", &sk_er); -+ if (!set_aead_keys(this, enc_alg, sk_ai, sk_ar, sk_ei, sk_er)) - { - goto failure; - } -+ /* SK_pi/SK_pr used for authentication => stored for later */ - DBG4(DBG_IKE, "Sk_pi secret %B", &sk_pi); -- if (this->initiator) -- { -- this->skp_build = sk_pi; -- } -- else -- { -- this->skp_verify = sk_pi; -- } -- if (!prf_plus->allocate_bytes(prf_plus, key_size, &sk_pr)) -- { -- goto failure; -- } - DBG4(DBG_IKE, "Sk_pr secret %B", &sk_pr); - if (this->initiator) - { -+ this->skp_build = sk_pi; - this->skp_verify = sk_pr; - } - else - { - this->skp_build = sk_pr; -+ this->skp_verify = sk_pi; - } -- charon->bus->ike_derived_keys(charon->bus,this->skd, sk_ai, sk_ar, sk_ei, -- sk_er, sk_pi, sk_pr); -+ charon->bus->ike_derived_keys(charon->bus, this->skd, sk_ai, sk_ar, -+ sk_ei, sk_er, sk_pi, sk_pr); -+ success = TRUE; - - failure: -- chunk_clear(&sk_ai); -- chunk_clear(&sk_ar); -- chunk_clear(&sk_ei); -- chunk_clear(&sk_er); -+ chunk_clear(&keymat); - DESTROY_IF(prf_plus); -- DESTROY_IF(rekey_prf); -- -- return this->skp_build.len && this->skp_verify.len; -+ return success; - } - - /** -- * Derives a key from the given key and a PRF that was initialized with a PPK -+ * Derives a new key from the given PPK and old key - */ --static bool derive_ppk_key(prf_t *prf, char *name, chunk_t key, -- chunk_t *new_key) -+static bool derive_ppk_key(private_keymat_v2_t *this, char *name, chunk_t ppk, -+ chunk_t key, chunk_t *new_key) - { -- prf_plus_t *prf_plus; -+ kdf_t *prf_plus; - -- prf_plus = prf_plus_create(prf, TRUE, key); -+ prf_plus = lib->crypto->create_kdf(lib->crypto, KDF_PRF_PLUS, this->prf_alg); - if (!prf_plus || -+ !prf_plus->set_param(prf_plus, KDF_PARAM_KEY, ppk) || -+ !prf_plus->set_param(prf_plus, KDF_PARAM_SALT, key) || - !prf_plus->allocate_bytes(prf_plus, key.len, new_key)) - { - DBG1(DBG_IKE, "unable to derive %s with PPK", name); -@@ -510,20 +465,6 @@ static bool derive_ppk_key(prf_t *prf, c - return TRUE; - } - --/** -- * Use the given PPK to derive a new SK_pi/r -- */ --static bool derive_skp_ppk(private_keymat_v2_t *this, chunk_t ppk, chunk_t skp, -- chunk_t *new_skp) --{ -- if (!this->prf->set_key(this->prf, ppk)) -- { -- DBG1(DBG_IKE, "unable to set PPK in PRF"); -- return FALSE; -- } -- return derive_ppk_key(this->prf, "SK_p", skp, new_skp); --} -- - METHOD(keymat_v2_t, derive_ike_keys_ppk, bool, - private_keymat_v2_t *this, chunk_t ppk) - { -@@ -548,14 +489,9 @@ METHOD(keymat_v2_t, derive_ike_keys_ppk, - - DBG4(DBG_IKE, "derive keys using PPK %B", &ppk); - -- if (!this->prf->set_key(this->prf, ppk)) -- { -- DBG1(DBG_IKE, "unable to set PPK in PRF"); -- return FALSE; -- } -- if (!derive_ppk_key(this->prf, "Sk_d", this->skd, &skd) || -- !derive_ppk_key(this->prf, "Sk_pi", *skpi, &new_skpi) || -- !derive_ppk_key(this->prf, "Sk_pr", *skpr, &new_skpr)) -+ if (!derive_ppk_key(this, "Sk_d", ppk, this->skd, &skd) || -+ !derive_ppk_key(this, "Sk_pi", ppk, *skpi, &new_skpi) || -+ !derive_ppk_key(this, "Sk_pr", ppk, *skpr, &new_skpr)) - { - chunk_clear(&skd); - chunk_clear(&new_skpi); -@@ -583,8 +519,8 @@ METHOD(keymat_v2_t, derive_child_keys, b - chunk_t *encr_r, chunk_t *integ_r) - { - uint16_t enc_alg, int_alg, enc_size = 0, int_size = 0; -- chunk_t seed, secret = chunk_empty; -- prf_plus_t *prf_plus; -+ chunk_t seed, secret = chunk_empty, keymat = chunk_empty; -+ kdf_t *prf_plus; - - if (proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, - &enc_alg, &enc_size)) -@@ -650,11 +586,6 @@ METHOD(keymat_v2_t, derive_child_keys, b - int_size /= 8; - } - -- if (!this->prf->set_key(this->prf, this->skd)) -- { -- return FALSE; -- } -- - if (dh) - { - if (!dh->get_shared_secret(dh, &secret)) -@@ -666,30 +597,30 @@ METHOD(keymat_v2_t, derive_child_keys, b - seed = chunk_cata("scc", secret, nonce_i, nonce_r); - DBG4(DBG_CHD, "seed %B", &seed); - -- prf_plus = prf_plus_create(this->prf, TRUE, seed); -- memwipe(seed.ptr, seed.len); -- -- if (!prf_plus) -+ prf_plus = lib->crypto->create_kdf(lib->crypto, KDF_PRF_PLUS, this->prf_alg); -+ if (!prf_plus || -+ !prf_plus->set_param(prf_plus, KDF_PARAM_KEY, this->skd) || -+ !prf_plus->set_param(prf_plus, KDF_PARAM_SALT, seed)) - { -+ DESTROY_IF(prf_plus); -+ memwipe(seed.ptr, seed.len); - return FALSE; - } -+ memwipe(seed.ptr, seed.len); - - *encr_i = *integ_i = *encr_r = *integ_r = chunk_empty; -- if (!prf_plus->allocate_bytes(prf_plus, enc_size, encr_i) || -- !prf_plus->allocate_bytes(prf_plus, int_size, integ_i) || -- !prf_plus->allocate_bytes(prf_plus, enc_size, encr_r) || -- !prf_plus->allocate_bytes(prf_plus, int_size, integ_r)) -- { -- chunk_free(encr_i); -- chunk_free(integ_i); -- chunk_free(encr_r); -- chunk_free(integ_r); -+ keymat.len = 2 * enc_size + 2 * int_size; -+ if (!prf_plus->allocate_bytes(prf_plus, keymat.len, &keymat)) -+ { - prf_plus->destroy(prf_plus); - return FALSE; - } -- - prf_plus->destroy(prf_plus); - -+ chunk_split(keymat, "aaaa", enc_size, encr_i, int_size, integ_i, -+ enc_size, encr_r, int_size, integ_r); -+ chunk_clear(&keymat); -+ - if (enc_size) - { - DBG4(DBG_CHD, "encryption initiator key %B", encr_i); -@@ -729,7 +660,7 @@ METHOD(keymat_v2_t, get_auth_octets, boo - if (ppk.ptr) - { - DBG4(DBG_IKE, "PPK %B", &ppk); -- if (!derive_skp_ppk(this, ppk, skp, &skp_ppk)) -+ if (!derive_ppk_key(this, "SK_p", ppk, skp, &skp_ppk)) - { - return FALSE; - } -@@ -775,7 +706,7 @@ METHOD(keymat_v2_t, get_psk_sig, bool, - secret = verify ? this->skp_verify : this->skp_build; - if (ppk.ptr) - { -- if (!derive_skp_ppk(this, ppk, secret, &skp_ppk)) -+ if (!derive_ppk_key(this, "SK_p", ppk, secret, &skp_ppk)) - { - return FALSE; - } -Index: strongswan-5.9.5/src/libcharon/tests/utils/mock_dh.c -=================================================================== ---- strongswan-5.9.5.orig/src/libcharon/tests/utils/mock_dh.c -+++ strongswan-5.9.5/src/libcharon/tests/utils/mock_dh.c -@@ -18,6 +18,13 @@ - - typedef struct private_diffie_hellman_t private_diffie_hellman_t; - -+/** Mock DH public and shared key */ -+static chunk_t mock_key = chunk_from_chars( -+ 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, -+ 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, -+ 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, -+ 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08); -+ - /** - * Private data - */ -@@ -37,7 +44,7 @@ struct private_diffie_hellman_t { - METHOD(diffie_hellman_t, get_my_public_value, bool, - private_diffie_hellman_t *this, chunk_t *value) - { -- *value = chunk_empty; -+ *value = chunk_clone(mock_key); - return TRUE; - } - -@@ -50,7 +57,7 @@ METHOD(diffie_hellman_t, set_other_publi - METHOD(diffie_hellman_t, get_shared_secret, bool, - private_diffie_hellman_t *this, chunk_t *secret) - { -- *secret = chunk_empty; -+ *secret = chunk_clone(mock_key); - return TRUE; - } - -Index: strongswan-5.9.5/src/libstrongswan/Android.mk -=================================================================== ---- strongswan-5.9.5.orig/src/libstrongswan/Android.mk -+++ strongswan-5.9.5/src/libstrongswan/Android.mk -@@ -13,11 +13,11 @@ crypto/hashers/hash_algorithm_set.c cryp - crypto/proposal/proposal_keywords.c crypto/proposal/proposal_keywords_static.c \ - crypto/prfs/prf.c crypto/prfs/mac_prf.c crypto/pkcs5.c \ - crypto/rngs/rng.c crypto/rngs/rng_tester.c \ --crypto/prf_plus.c crypto/signers/signer.c \ -+crypto/signers/signer.c \ - crypto/signers/mac_signer.c crypto/crypto_factory.c crypto/crypto_tester.c \ - crypto/diffie_hellman.c crypto/aead.c crypto/transform.c \ - crypto/iv/iv_gen.c crypto/iv/iv_gen_rand.c crypto/iv/iv_gen_seq.c \ --crypto/iv/iv_gen_null.c \ -+crypto/iv/iv_gen_null.c crypto/kdfs/kdf.c \ - crypto/xofs/xof.c crypto/xofs/xof_bitspender.c \ - credentials/credential_factory.c credentials/builder.c \ - credentials/cred_encoding.c credentials/keys/private_key.c \ -@@ -91,6 +91,8 @@ endif - - LOCAL_SRC_FILES += $(call add_plugin, hmac) - -+LOCAL_SRC_FILES += $(call add_plugin, kdf) -+ - LOCAL_SRC_FILES += $(call add_plugin, md4) - - LOCAL_SRC_FILES += $(call add_plugin, md5) -Index: strongswan-5.9.5/src/libstrongswan/Makefile.am -=================================================================== ---- strongswan-5.9.5.orig/src/libstrongswan/Makefile.am -+++ strongswan-5.9.5/src/libstrongswan/Makefile.am -@@ -11,11 +11,11 @@ crypto/hashers/hash_algorithm_set.c cryp - crypto/proposal/proposal_keywords.c crypto/proposal/proposal_keywords_static.c \ - crypto/prfs/prf.c crypto/prfs/mac_prf.c crypto/pkcs5.c \ - crypto/rngs/rng.c crypto/rngs/rng_tester.c \ --crypto/prf_plus.c crypto/signers/signer.c \ -+crypto/signers/signer.c \ - crypto/signers/mac_signer.c crypto/crypto_factory.c crypto/crypto_tester.c \ - crypto/diffie_hellman.c crypto/aead.c crypto/transform.c \ - crypto/iv/iv_gen.c crypto/iv/iv_gen_rand.c crypto/iv/iv_gen_seq.c \ --crypto/iv/iv_gen_null.c \ -+crypto/iv/iv_gen_null.c crypto/kdfs/kdf.c \ - crypto/xofs/xof.c crypto/xofs/xof_bitspender.c \ - credentials/credential_factory.c credentials/builder.c \ - credentials/cred_encoding.c credentials/keys/private_key.c \ -@@ -77,11 +77,12 @@ crypto/hashers/hash_algorithm_set.h cryp - crypto/proposal/proposal_keywords.h crypto/proposal/proposal_keywords_static.h \ - crypto/rngs/rng.h crypto/rngs/rng_tester.h \ - crypto/prfs/prf.h crypto/prfs/mac_prf.h crypto/nonce_gen.h \ --crypto/prf_plus.h crypto/signers/signer.h crypto/signers/mac_signer.h \ -+crypto/signers/signer.h crypto/signers/mac_signer.h \ - crypto/crypto_factory.h crypto/crypto_tester.h crypto/diffie_hellman.h \ - crypto/aead.h crypto/transform.h crypto/pkcs5.h crypto/iv/iv_gen.h \ - crypto/iv/iv_gen_rand.h crypto/iv/iv_gen_seq.h crypto/iv/iv_gen_null.h \ - crypto/xofs/xof.h crypto/xofs/xof_bitspender.h crypto/xofs/mgf1.h \ -+crypto/kdfs/kdf.h \ - credentials/credential_factory.h credentials/builder.h \ - credentials/cred_encoding.h credentials/keys/private_key.h \ - credentials/keys/public_key.h credentials/keys/shared_key.h \ -@@ -390,6 +391,13 @@ if MONOLITHIC - endif - endif - -+if USE_KDF -+ SUBDIRS += plugins/kdf -+if MONOLITHIC -+ libstrongswan_la_LIBADD += plugins/kdf/libstrongswan-kdf.la -+endif -+endif -+ - if USE_CMAC - SUBDIRS += plugins/cmac - if MONOLITHIC -Index: strongswan-5.9.5/src/libstrongswan/crypto/crypto_factory.c -=================================================================== ---- strongswan-5.9.5.orig/src/libstrongswan/crypto/crypto_factory.c -+++ strongswan-5.9.5/src/libstrongswan/crypto/crypto_factory.c -@@ -23,8 +23,6 @@ - #include - #include - --const char *default_plugin_name = "default"; -- - typedef struct entry_t entry_t; - - struct entry_t { -@@ -53,6 +51,7 @@ struct entry_t { - hasher_constructor_t create_hasher; - prf_constructor_t create_prf; - xof_constructor_t create_xof; -+ kdf_constructor_t create_kdf; - drbg_constructor_t create_drbg; - rng_constructor_t create_rng; - nonce_gen_constructor_t create_nonce_gen; -@@ -104,6 +103,11 @@ struct private_crypto_factory_t { - linked_list_t *xofs; - - /** -+ * registered kdfs, as entry_t -+ */ -+ linked_list_t *kdfs; -+ -+ /** - * registered drbgs, as entry_t - */ - linked_list_t *drbgs; -@@ -171,7 +175,7 @@ METHOD(crypto_factory_t, create_crypter, - if (this->test_on_create && - !this->tester->test_crypter(this->tester, algo, key_size, - entry->create_crypter, NULL, -- default_plugin_name)) -+ entry->plugin_name)) - { - continue; - } -@@ -204,7 +208,7 @@ METHOD(crypto_factory_t, create_aead, ae - if (this->test_on_create && - !this->tester->test_aead(this->tester, algo, key_size, - salt_size, entry->create_aead, NULL, -- default_plugin_name)) -+ entry->plugin_name)) - { - continue; - } -@@ -236,7 +240,7 @@ METHOD(crypto_factory_t, create_signer, - if (this->test_on_create && - !this->tester->test_signer(this->tester, algo, - entry->create_signer, NULL, -- default_plugin_name)) -+ entry->plugin_name)) - { - continue; - } -@@ -268,7 +272,7 @@ METHOD(crypto_factory_t, create_hasher, - if (this->test_on_create && - !this->tester->test_hasher(this->tester, algo, - entry->create_hasher, NULL, -- default_plugin_name)) -+ entry->plugin_name)) - { - continue; - } -@@ -300,7 +304,7 @@ METHOD(crypto_factory_t, create_prf, prf - if (this->test_on_create && - !this->tester->test_prf(this->tester, algo, - entry->create_prf, NULL, -- default_plugin_name)) -+ entry->plugin_name)) - { - continue; - } -@@ -332,7 +336,7 @@ METHOD(crypto_factory_t, create_xof, xof - if (this->test_on_create && - !this->tester->test_xof(this->tester, algo, - entry->create_xof, NULL, -- default_plugin_name)) -+ entry->plugin_name)) - { - continue; - } -@@ -348,6 +352,48 @@ METHOD(crypto_factory_t, create_xof, xof - return xof; - } - -+METHOD(crypto_factory_t, create_kdf, kdf_t*, -+ private_crypto_factory_t *this, key_derivation_function_t algo, ...) -+{ -+ enumerator_t *enumerator; -+ entry_t *entry; -+ va_list args; -+ kdf_t *kdf = NULL; -+ -+ this->lock->read_lock(this->lock); -+ enumerator = this->kdfs->create_enumerator(this->kdfs); -+ while (enumerator->enumerate(enumerator, &entry)) -+ { -+ if (entry->algo == algo) -+ { -+ if (this->test_on_create) -+ { -+ kdf_test_args_t test_args = {}; -+ -+ va_start(test_args.args, algo); -+ if (!this->tester->test_kdf(this->tester, algo, -+ entry->create_kdf, &test_args, NULL, -+ entry->plugin_name)) -+ { -+ va_end(test_args.args); -+ continue; -+ } -+ va_end(test_args.args); -+ } -+ va_start(args, algo); -+ kdf = entry->create_kdf(algo, args); -+ va_end(args); -+ if (kdf) -+ { -+ break; -+ } -+ } -+ } -+ enumerator->destroy(enumerator); -+ this->lock->unlock(this->lock); -+ return kdf; -+} -+ - METHOD(crypto_factory_t, create_drbg, drbg_t*, - private_crypto_factory_t *this, drbg_type_t type, uint32_t strength, - rng_t *entropy, chunk_t personalization_str) -@@ -365,7 +411,7 @@ METHOD(crypto_factory_t, create_drbg, dr - if (this->test_on_create && - !this->tester->test_drbg(this->tester, type, - entry->create_drbg, NULL, -- default_plugin_name)) -+ entry->plugin_name)) - { - continue; - } -@@ -398,7 +444,7 @@ METHOD(crypto_factory_t, create_rng, rng - if (this->test_on_create && - !this->tester->test_rng(this->tester, quality, - entry->create_rng, NULL, -- default_plugin_name)) -+ entry->plugin_name)) - { - continue; - } -@@ -462,7 +508,7 @@ METHOD(crypto_factory_t, create_dh, diff - { - if (this->test_on_create && group != MODP_CUSTOM && - !this->tester->test_dh(this->tester, group, -- entry->create_dh, NULL, default_plugin_name)) -+ entry->create_dh, NULL, entry->plugin_name)) - { - continue; - } -@@ -749,6 +795,43 @@ METHOD(crypto_factory_t, remove_xof, voi - this->lock->unlock(this->lock); - } - -+METHOD(crypto_factory_t, add_kdf, bool, -+ private_crypto_factory_t *this, key_derivation_function_t algo, -+ const char *plugin_name, kdf_constructor_t create) -+{ -+ u_int speed = 0; -+ -+ if (!this->test_on_add || -+ this->tester->test_kdf(this->tester, algo, create, NULL, -+ this->bench ? &speed : NULL, plugin_name)) -+ { -+ add_entry(this, this->kdfs, algo, plugin_name, 0, create); -+ return TRUE; -+ } -+ this->test_failures++; -+ return FALSE; -+} -+ -+METHOD(crypto_factory_t, remove_kdf, void, -+ private_crypto_factory_t *this, kdf_constructor_t create) -+{ -+ entry_t *entry; -+ enumerator_t *enumerator; -+ -+ this->lock->write_lock(this->lock); -+ enumerator = this->kdfs->create_enumerator(this->kdfs); -+ while (enumerator->enumerate(enumerator, &entry)) -+ { -+ if (entry->create_kdf == create) -+ { -+ this->kdfs->remove_at(this->kdfs, enumerator); -+ free(entry); -+ } -+ } -+ enumerator->destroy(enumerator); -+ this->lock->unlock(this->lock); -+} -+ - METHOD(crypto_factory_t, add_drbg, bool, - private_crypto_factory_t *this, drbg_type_t type, - const char *plugin_name, drbg_constructor_t create) -@@ -1058,6 +1141,30 @@ METHOD(crypto_factory_t, create_xof_enum - return create_enumerator(this, this->xofs, xof_filter); - } - -+CALLBACK(kdf_filter, bool, -+ void *n, enumerator_t *orig, va_list args) -+{ -+ entry_t *entry; -+ key_derivation_function_t *algo; -+ const char **plugin_name; -+ -+ VA_ARGS_VGET(args, algo, plugin_name); -+ -+ if (orig->enumerate(orig, &entry)) -+ { -+ *algo = entry->algo; -+ *plugin_name = entry->plugin_name; -+ return TRUE; -+ } -+ return FALSE; -+} -+ -+METHOD(crypto_factory_t, create_kdf_enumerator, enumerator_t*, -+ private_crypto_factory_t *this) -+{ -+ return create_enumerator(this, this->kdfs, kdf_filter); -+} -+ - CALLBACK(drbg_filter, bool, - void *n, enumerator_t *orig, va_list args) - { -@@ -1169,6 +1276,8 @@ METHOD(crypto_factory_t, add_test_vector - return this->tester->add_prf_vector(this->tester, vector); - case EXTENDED_OUTPUT_FUNCTION: - return this->tester->add_xof_vector(this->tester, vector); -+ case KEY_DERIVATION_FUNCTION: -+ return this->tester->add_kdf_vector(this->tester, vector); - case DETERMINISTIC_RANDOM_BIT_GENERATOR: - return this->tester->add_drbg_vector(this->tester, vector); - case RANDOM_NUMBER_GENERATOR: -@@ -1232,6 +1341,10 @@ METHOD(enumerator_t, verify_enumerate, b - *valid = this->tester->test_xof(this->tester, entry->algo, - entry->create_xof, NULL, entry->plugin_name); - break; -+ case KEY_DERIVATION_FUNCTION: -+ *valid = this->tester->test_kdf(this->tester, entry->algo, -+ entry->create_kdf, NULL, NULL, entry->plugin_name); -+ break; - case DETERMINISTIC_RANDOM_BIT_GENERATOR: - *valid = this->tester->test_drbg(this->tester, entry->algo, - entry->create_drbg, NULL, entry->plugin_name); -@@ -1287,6 +1400,9 @@ METHOD(crypto_factory_t, create_verify_e - case EXTENDED_OUTPUT_FUNCTION: - inner = this->xofs->create_enumerator(this->xofs); - break; -+ case KEY_DERIVATION_FUNCTION: -+ inner = this->kdfs->create_enumerator(this->kdfs); -+ break; - case DETERMINISTIC_RANDOM_BIT_GENERATOR: - inner = this->drbgs->create_enumerator(this->drbgs); - break; -@@ -1323,6 +1439,7 @@ METHOD(crypto_factory_t, destroy, void, - this->hashers->destroy(this->hashers); - this->prfs->destroy(this->prfs); - this->xofs->destroy(this->xofs); -+ this->kdfs->destroy(this->kdfs); - this->drbgs->destroy(this->drbgs); - this->rngs->destroy(this->rngs); - this->nonce_gens->destroy(this->nonce_gens); -@@ -1347,6 +1464,7 @@ crypto_factory_t *crypto_factory_create( - .create_hasher = _create_hasher, - .create_prf = _create_prf, - .create_xof = _create_xof, -+ .create_kdf = _create_kdf, - .create_drbg = _create_drbg, - .create_rng = _create_rng, - .create_nonce_gen = _create_nonce_gen, -@@ -1363,6 +1481,8 @@ crypto_factory_t *crypto_factory_create( - .remove_prf = _remove_prf, - .add_xof = _add_xof, - .remove_xof = _remove_xof, -+ .add_kdf = _add_kdf, -+ .remove_kdf = _remove_kdf, - .add_drbg = _add_drbg, - .remove_drbg = _remove_drbg, - .add_rng = _add_rng, -@@ -1377,6 +1497,7 @@ crypto_factory_t *crypto_factory_create( - .create_hasher_enumerator = _create_hasher_enumerator, - .create_prf_enumerator = _create_prf_enumerator, - .create_xof_enumerator = _create_xof_enumerator, -+ .create_kdf_enumerator = _create_kdf_enumerator, - .create_drbg_enumerator = _create_drbg_enumerator, - .create_dh_enumerator = _create_dh_enumerator, - .create_rng_enumerator = _create_rng_enumerator, -@@ -1391,6 +1512,7 @@ crypto_factory_t *crypto_factory_create( - .hashers = linked_list_create(), - .prfs = linked_list_create(), - .xofs = linked_list_create(), -+ .kdfs = linked_list_create(), - .drbgs = linked_list_create(), - .rngs = linked_list_create(), - .nonce_gens = linked_list_create(), -Index: strongswan-5.9.5/src/libstrongswan/crypto/crypto_factory.h -=================================================================== ---- strongswan-5.9.5.orig/src/libstrongswan/crypto/crypto_factory.h -+++ strongswan-5.9.5/src/libstrongswan/crypto/crypto_factory.h -@@ -33,6 +33,7 @@ typedef struct crypto_factory_t crypto_f - #include - #include - #include -+#include - #include - #include - #include -@@ -71,6 +72,14 @@ typedef prf_t* (*prf_constructor_t)(pseu - typedef xof_t* (*xof_constructor_t)(ext_out_function_t algo); - - /** -+ * Constructor function for key derivation functions -+ * -+ * The additional arguments depend on the algorithm, see comments -+ * for key_derivation_function_t. -+ */ -+typedef kdf_t* (*kdf_constructor_t)(key_derivation_function_t algo, va_list args); -+ -+/** - * Constructor function for deterministic random bit generators - */ - typedef drbg_t* (*drbg_constructor_t)(drbg_type_t type, uint32_t strength, -@@ -154,6 +163,20 @@ struct crypto_factory_t { - */ - xof_t* (*create_xof)(crypto_factory_t *this, ext_out_function_t algo); - -+ -+ /** -+ * Create a key derivation function instance. -+ * -+ * Additional arguments depend on the KDF, please refer to the comments in -+ * key_derivation_function_t. -+ * -+ * @param algo KDF to create -+ * @param ... arguments depending on algo -+ * @return kdf_t instance, NULL if not supported -+ */ -+ kdf_t* (*create_kdf)(crypto_factory_t *this, -+ key_derivation_function_t algo, ...); -+ - /** - * Create a deterministic random bit generator instance. - * -@@ -306,6 +329,24 @@ struct crypto_factory_t { - void (*remove_xof)(crypto_factory_t *this, xof_constructor_t create); - - /** -+ * Register a kdf constructor. -+ * -+ * @param algo algorithm to constructor -+ * @param plugin_name plugin that registered this algorithm -+ * @param create constructor function for that algorithm -+ * @return TRUE if registered, FALSE if test vector failed -+ */ -+ bool (*add_kdf)(crypto_factory_t *this, key_derivation_function_t algo, -+ const char *plugin_name, kdf_constructor_t create); -+ -+ /** -+ * Unregister a kdf constructor. -+ * -+ * @param create constructor function to unregister -+ */ -+ void (*remove_kdf)(crypto_factory_t *this, kdf_constructor_t create); -+ -+ /** - * Register a drbg constructor. - * - * @param type type to constructor -@@ -420,6 +461,13 @@ struct crypto_factory_t { - enumerator_t* (*create_xof_enumerator)(crypto_factory_t *this); - - /** -+ * Create an enumerator over all registered KDFs. -+ * -+ * @return enumerator over key_derivation_function_t, plugin -+ */ -+ enumerator_t* (*create_kdf_enumerator)(crypto_factory_t *this); -+ -+ /** - * Create an enumerator over all registered DRBGs. - * - * @return enumerator over drbg_type_t, plugin -Index: strongswan-5.9.5/src/libstrongswan/crypto/crypto_tester.c -=================================================================== ---- strongswan-5.9.5.orig/src/libstrongswan/crypto/crypto_tester.c -+++ strongswan-5.9.5/src/libstrongswan/crypto/crypto_tester.c -@@ -70,6 +70,11 @@ struct private_crypto_tester_t { - linked_list_t *xof; - - /** -+ * List of KDF test vectors -+ */ -+ linked_list_t *kdf; -+ -+ /** - * List of DRBG test vectors - */ - linked_list_t *drbg; -@@ -1186,6 +1191,211 @@ failure: - return !failed; - } - -+ -+ -+/** -+ * Create a KDF using the given arguments -+ */ -+static kdf_t *create_kdf_args(kdf_constructor_t create, -+ key_derivation_function_t alg, ...) -+{ -+ va_list args; -+ kdf_t *kdf; -+ -+ va_start(args, alg); -+ kdf = create(alg, args); -+ va_end(args); -+ return kdf; -+} -+ -+/** -+ * Create a KDF using arguments from the given test vector -+ */ -+static kdf_t *create_kdf_vector(kdf_constructor_t create, -+ key_derivation_function_t alg, -+ kdf_test_vector_t *vector) -+{ -+ switch (alg) -+ { -+ case KDF_PRF: -+ case KDF_PRF_PLUS: -+ return create_kdf_args(create, alg, vector->arg.prf); -+ case KDF_UNDEFINED: -+ break; -+ } -+ return NULL; -+} -+ -+/** -+ * Check if the given test vector applies to the passed arguments -+ */ -+static bool kdf_vector_applies(key_derivation_function_t alg, -+ kdf_test_args_t *args, kdf_test_vector_t *vector) -+{ -+ bool applies = FALSE; -+ -+ switch (alg) -+ { -+ case KDF_PRF: -+ case KDF_PRF_PLUS: -+ { -+ pseudo_random_function_t prf; -+ VA_ARGS_VGET(args->args, prf); -+ applies = (prf == vector->arg.prf); -+ break; -+ } -+ case KDF_UNDEFINED: -+ break; -+ } -+ return applies; -+} -+ -+METHOD(crypto_tester_t, test_kdf, bool, -+ private_crypto_tester_t *this, key_derivation_function_t alg, -+ kdf_constructor_t create, kdf_test_args_t *args, u_int *speed, -+ const char *plugin_name) -+{ -+ enumerator_t *enumerator; -+ kdf_test_vector_t *vector; -+ va_list copy; -+ bool failed = FALSE; -+ u_int tested = 0, construction_failed = 0; -+ -+ enumerator = this->kdf->create_enumerator(this->kdf); -+ while (enumerator->enumerate(enumerator, &vector)) -+ { -+ kdf_t *kdf; -+ chunk_t out = chunk_empty; -+ -+ if (vector->alg != alg || -+ (args && !kdf_vector_applies(alg, args, vector))) -+ { -+ continue; -+ } -+ -+ tested++; -+ failed = TRUE; -+ if (args) -+ { -+ va_copy(copy, args->args); -+ kdf = create(alg, copy); -+ va_end(copy); -+ } -+ else -+ { -+ kdf = create_kdf_vector(create, alg, vector); -+ } -+ if (!kdf) -+ { -+ if (args) -+ { -+ DBG1(DBG_LIB, "disabled %N[%s]: creating instance failed", -+ key_derivation_function_names, alg, plugin_name); -+ break; -+ } -+ /* while there could be a problem, the constructor might just not -+ * be able to create an instance for this test vector, we check -+ * for that at the end */ -+ construction_failed++; -+ failed = FALSE; -+ continue; -+ } -+ -+ if (vector->key.len && -+ !kdf->set_param(kdf, KDF_PARAM_KEY, vector->key)) -+ { -+ goto failure; -+ } -+ if (vector->salt.len && -+ !kdf->set_param(kdf, KDF_PARAM_SALT, vector->salt)) -+ { -+ goto failure; -+ } -+ if (kdf_has_fixed_output_length(alg)) -+ { -+ if (kdf->get_length(kdf) != vector->out.len) -+ { -+ goto failure; -+ } -+ } -+ else if (kdf->get_length(kdf) != SIZE_MAX) -+ { -+ goto failure; -+ } -+ /* allocated bytes */ -+ if (!kdf->allocate_bytes(kdf, vector->out.len, &out)) -+ { -+ goto failure; -+ } -+ if (!chunk_equals(out, vector->out)) -+ { -+ goto failure; -+ } -+ /* allocate without knowing the length */ -+ if (kdf_has_fixed_output_length(alg)) -+ { -+ chunk_free(&out); -+ if (!kdf->allocate_bytes(kdf, 0, &out)) -+ { -+ goto failure; -+ } -+ if (!chunk_equals(out, vector->out)) -+ { -+ goto failure; -+ } -+ } -+ /* bytes to existing buffer */ -+ memset(out.ptr, 0, out.len); -+ if (!kdf->get_bytes(kdf, out.len, out.ptr)) -+ { -+ goto failure; -+ } -+ if (!chunk_equals(out, vector->out)) -+ { -+ goto failure; -+ } -+ -+ failed = FALSE; -+failure: -+ kdf->destroy(kdf); -+ chunk_free(&out); -+ if (failed) -+ { -+ DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed", -+ key_derivation_function_names, alg, plugin_name, -+ get_name(vector)); -+ break; -+ } -+ } -+ enumerator->destroy(enumerator); -+ if (!tested) -+ { -+ DBG1(DBG_LIB, "%s %N[%s]: no test vectors found", -+ this->required ? "disabled" : "enabled ", -+ key_derivation_function_names, alg, plugin_name); -+ return !this->required; -+ } -+ tested -= construction_failed; -+ if (!tested) -+ { -+ DBG1(DBG_LIB, "%s %N[%s]: unable to apply any available test vectors", -+ this->required ? "disabled" : "enabled ", -+ key_derivation_function_names, alg, plugin_name); -+ return !this->required; -+ } -+ if (!failed) -+ { -+ if (speed) -+ { -+ DBG2(DBG_LIB, "benchmarking for %N is currently not supported", -+ key_derivation_function_names, alg); -+ } -+ DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors", -+ key_derivation_function_names, alg, plugin_name, tested); -+ } -+ return !failed; -+} -+ - /** - * Benchmark a DRBG - */ -@@ -1622,6 +1832,12 @@ METHOD(crypto_tester_t, add_xof_vector, - this->xof->insert_last(this->xof, vector); - } - -+METHOD(crypto_tester_t, add_kdf_vector, void, -+ private_crypto_tester_t *this, kdf_test_vector_t *vector) -+{ -+ this->kdf->insert_last(this->kdf, vector); -+} -+ - METHOD(crypto_tester_t, add_drbg_vector, void, - private_crypto_tester_t *this, drbg_test_vector_t *vector) - { -@@ -1649,6 +1865,7 @@ METHOD(crypto_tester_t, destroy, void, - this->hasher->destroy(this->hasher); - this->prf->destroy(this->prf); - this->xof->destroy(this->xof); -+ this->kdf->destroy(this->kdf); - this->drbg->destroy(this->drbg); - this->rng->destroy(this->rng); - this->dh->destroy(this->dh); -@@ -1670,6 +1887,7 @@ crypto_tester_t *crypto_tester_create() - .test_hasher = _test_hasher, - .test_prf = _test_prf, - .test_xof = _test_xof, -+ .test_kdf = _test_kdf, - .test_drbg = _test_drbg, - .test_rng = _test_rng, - .test_dh = _test_dh, -@@ -1679,6 +1897,7 @@ crypto_tester_t *crypto_tester_create() - .add_hasher_vector = _add_hasher_vector, - .add_prf_vector = _add_prf_vector, - .add_xof_vector = _add_xof_vector, -+ .add_kdf_vector = _add_kdf_vector, - .add_drbg_vector = _add_drbg_vector, - .add_rng_vector = _add_rng_vector, - .add_dh_vector = _add_dh_vector, -@@ -1690,6 +1909,7 @@ crypto_tester_t *crypto_tester_create() - .hasher = linked_list_create(), - .prf = linked_list_create(), - .xof = linked_list_create(), -+ .kdf = linked_list_create(), - .drbg = linked_list_create(), - .rng = linked_list_create(), - .dh = linked_list_create(), -Index: strongswan-5.9.5/src/libstrongswan/crypto/crypto_tester.h -=================================================================== ---- strongswan-5.9.5.orig/src/libstrongswan/crypto/crypto_tester.h -+++ strongswan-5.9.5/src/libstrongswan/crypto/crypto_tester.h -@@ -32,6 +32,8 @@ typedef struct signer_test_vector_t sign - typedef struct hasher_test_vector_t hasher_test_vector_t; - typedef struct prf_test_vector_t prf_test_vector_t; - typedef struct xof_test_vector_t xof_test_vector_t; -+typedef struct kdf_test_vector_t kdf_test_vector_t; -+typedef struct kdf_test_args_t kdf_test_args_t; - typedef struct drbg_test_vector_t drbg_test_vector_t; - typedef struct rng_test_vector_t rng_test_vector_t; - typedef struct dh_test_vector_t dh_test_vector_t; -@@ -130,6 +132,26 @@ struct xof_test_vector_t { - u_char *out; - }; - -+struct kdf_test_vector_t { -+ /** kdf algorithm this test vector tests */ -+ key_derivation_function_t alg; -+ /** argument passed to constructor, type depends on alg */ -+ union { -+ pseudo_random_function_t prf; -+ } arg; -+ /** optional key */ -+ chunk_t key; -+ /** optional salt */ -+ chunk_t salt; -+ /** expected output */ -+ chunk_t out; -+}; -+ -+struct kdf_test_args_t { -+ /** the arguments used to construct the KDF */ -+ va_list args; -+}; -+ - struct drbg_test_vector_t { - /** drbg type this test vector tests */ - drbg_type_t type; -@@ -257,6 +279,22 @@ struct crypto_tester_t { - xof_constructor_t create, - u_int *speed, const char *plugin_name); - /** -+ * Test a KDF algorithm. -+ * -+ * If constructor arguments are passed, only matching test vectors are -+ * tried. Otherwise, all are tried and implementations are allowed to fail -+ * construction with unsupported arguments. -+ * -+ * @param alg algorithm to test -+ * @param create constructor function for the XOF -+ * @param args optional arguments to pass to constructor -+ * @param speed speed test result, NULL to omit -+ * @return TRUE if test passed -+ */ -+ bool (*test_kdf)(crypto_tester_t *this, key_derivation_function_t alg, -+ kdf_constructor_t create, kdf_test_args_t *args, -+ u_int *speed, const char *plugin_name); -+ /** - * Test a DRBG type. - * - * @param type DRBG type to test -@@ -333,6 +371,13 @@ struct crypto_tester_t { - void (*add_xof_vector)(crypto_tester_t *this, xof_test_vector_t *vector); - - /** -+ * Add a test vector to test a KDF. -+ * -+ * @param vector pointer to test vector -+ */ -+ void (*add_kdf_vector)(crypto_tester_t *this, kdf_test_vector_t *vector); -+ -+ /** - * Add a test vector to test a DRBG. - * - * @param vector pointer to test vector -Index: strongswan-5.9.5/src/libstrongswan/crypto/kdfs/kdf.c -=================================================================== ---- /dev/null -+++ strongswan-5.9.5/src/libstrongswan/crypto/kdfs/kdf.c -@@ -0,0 +1,45 @@ -+/* -+ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH -+ * -+ * Permission is hereby granted, free of charge, to any person obtaining a copy -+ * of this software and associated documentation files (the "Software"), to deal -+ * in the Software without restriction, including without limitation the rights -+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -+ * copies of the Software, and to permit persons to whom the Software is -+ * furnished to do so, subject to the following conditions: -+ * -+ * The above copyright notice and this permission notice shall be included in -+ * all copies or substantial portions of the Software. -+ * -+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -+ * THE SOFTWARE. -+ */ -+ -+#include "kdf.h" -+ -+ENUM(key_derivation_function_names, KDF_UNDEFINED, KDF_PRF_PLUS, -+ "KDF_UNDEFINED", -+ "KDF_PRF", -+ "KDF_PRF_PLUS", -+); -+ -+/* -+ * Described in header -+ */ -+bool kdf_has_fixed_output_length(key_derivation_function_t type) -+{ -+ switch (type) -+ { -+ case KDF_PRF: -+ return TRUE; -+ case KDF_PRF_PLUS: -+ case KDF_UNDEFINED: -+ break; -+ } -+ return FALSE; -+} -Index: strongswan-5.9.5/src/libstrongswan/crypto/kdfs/kdf.h -=================================================================== ---- /dev/null -+++ strongswan-5.9.5/src/libstrongswan/crypto/kdfs/kdf.h -@@ -0,0 +1,152 @@ -+/* -+ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH -+ * -+ * Permission is hereby granted, free of charge, to any person obtaining a copy -+ * of this software and associated documentation files (the "Software"), to deal -+ * in the Software without restriction, including without limitation the rights -+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -+ * copies of the Software, and to permit persons to whom the Software is -+ * furnished to do so, subject to the following conditions: -+ * -+ * The above copyright notice and this permission notice shall be included in -+ * all copies or substantial portions of the Software. -+ * -+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -+ * THE SOFTWARE. -+ */ -+ -+/** -+ * @defgroup kdf kdf -+ * @{ @ingroup crypto -+ */ -+ -+#ifndef KDF_H_ -+#define KDF_H_ -+ -+typedef enum key_derivation_function_t key_derivation_function_t; -+typedef enum kdf_param_t kdf_param_t; -+typedef struct kdf_t kdf_t; -+ -+#include -+ -+/** -+ * Key Derivation Functions (KDF). -+ */ -+enum key_derivation_function_t { -+ -+ KDF_UNDEFINED, -+ -+ /** -+ * RFC 7296 prf, expects a pseudo_random_function_t in the constructor, -+ * parameters are KEY and SALT. Has a fixed output length. -+ */ -+ KDF_PRF, -+ -+ /** -+ * RFC 7296 prf+, expects a pseudo_random_function_t in the constructor, -+ * parameters are KEY and SALT. -+ */ -+ KDF_PRF_PLUS, -+}; -+ -+/** -+ * enum name for key_derivation_function_t. -+ */ -+extern enum_name_t *key_derivation_function_names; -+ -+/** -+ * Parameters for KDFs. -+ */ -+enum kdf_param_t { -+ -+ /** -+ * Key used for the key derivation (chunk_t). -+ */ -+ KDF_PARAM_KEY, -+ -+ /** -+ * Salt used for the key derivation (chunk_t). -+ */ -+ KDF_PARAM_SALT, -+}; -+ -+/** -+ * Generic interface for Key Derivation Functions (KDF). -+ * -+ * Note that in comparison to xof_t, this interface does not support streaming. -+ * That is, calling get_bytes() or allocate_bytes() multiple times without -+ * changing the input parameters will result in the same output. -+ */ -+struct kdf_t { -+ -+ /** -+ * Return the type of KDF. -+ * -+ * @return KDF type -+ */ -+ key_derivation_function_t (*get_type)(kdf_t *this); -+ -+ /** -+ * Output length for KDFs that produce a fixed amount of output. -+ * -+ * @return fixed output length, SIZE_MAX for variable length -+ */ -+ size_t (*get_length)(kdf_t *this); -+ -+ /** -+ * Derives a key of the given length and writes it to the buffer. -+ * -+ * @note Fails if out_len doesn't match for KDFs with fixed output length. -+ * -+ * @param out_len number of key bytes requested -+ * @param buffer pointer where the derived key will be written -+ * @return TRUE if key derived successfully -+ */ -+ bool (*get_bytes)(kdf_t *this, size_t out_len, -+ uint8_t *buffer) __attribute__((warn_unused_result)); -+ -+ /** -+ * Derives a key of the given length and allocates space for it. -+ * -+ * @note Fails if out_len doesn't match for KDFs with fixed output length. -+ * However, for simplified usage, 0 can be passed for out_len to -+ * automatically allocate a chunk of the correct size. -+ * -+ * @param out_len number of key bytes requested, or 0 for KDFs with fixed -+ * output length -+ * @param chunk chunk which will hold the derived key -+ * @return TRUE if key derived successfully -+ */ -+ bool (*allocate_bytes)(kdf_t *this, size_t out_len, -+ chunk_t *chunk) __attribute__((warn_unused_result)); -+ -+ /** -+ * Set a parameter for this KDF. -+ * -+ * @param param parameter to set -+ * @param ... parameter values -+ * @return TRUE if parameter set successfully -+ */ -+ bool (*set_param)(kdf_t *this, kdf_param_t param, -+ ...) __attribute__((warn_unused_result)); -+ -+ /** -+ * Destroys this KDF object. -+ */ -+ void (*destroy)(kdf_t *this); -+}; -+ -+/** -+ * Check if the given KDF type has a fixed output length. -+ * -+ * @param type KDF type -+ * @return TRUE if the KDF type has a fixed output length -+ */ -+bool kdf_has_fixed_output_length(key_derivation_function_t type); -+ -+#endif /** KDF_H_ @}*/ -Index: strongswan-5.9.5/src/libstrongswan/crypto/pkcs5.c -=================================================================== ---- strongswan-5.9.5.orig/src/libstrongswan/crypto/pkcs5.c -+++ strongswan-5.9.5/src/libstrongswan/crypto/pkcs5.c -@@ -131,7 +131,7 @@ static bool verify_padding(crypter_t *cr - /** - * Prototype for key derivation functions. - */ --typedef bool (*kdf_t)(private_pkcs5_t *this, chunk_t password, chunk_t key); -+typedef bool (*derive_t)(private_pkcs5_t *this, chunk_t password, chunk_t key); - - /** - * Try to decrypt the given data with the given password using the given -@@ -139,7 +139,7 @@ typedef bool (*kdf_t)(private_pkcs5_t *t - * to, key and iv point to the actual keys and initialization vectors resp. - */ - static bool decrypt_generic(private_pkcs5_t *this, chunk_t password, -- chunk_t data, chunk_t *decrypted, kdf_t kdf, -+ chunk_t data, chunk_t *decrypted, derive_t kdf, - chunk_t keymat, chunk_t key, chunk_t iv) - { - if (!kdf(this, password, keymat)) -@@ -341,7 +341,7 @@ METHOD(pkcs5_t, decrypt, bool, - private_pkcs5_t *this, chunk_t password, chunk_t data, chunk_t *decrypted) - { - chunk_t keymat, key, iv; -- kdf_t kdf; -+ derive_t kdf; - - if (!ensure_crypto_primitives(this, data) || !decrypted) - { -Index: strongswan-5.9.5/src/libstrongswan/crypto/prf_plus.c -=================================================================== ---- strongswan-5.9.5.orig/src/libstrongswan/crypto/prf_plus.c -+++ /dev/null -@@ -1,170 +0,0 @@ --/* -- * Copyright (C) 2005-2006 Martin Willi -- * Copyright (C) 2005 Jan Hutter -- * HSR Hochschule fuer Technik Rapperswil -- * -- * This program is free software; you can redistribute it and/or modify it -- * under the terms of the GNU General Public License as published by the -- * Free Software Foundation; either version 2 of the License, or (at your -- * option) any later version. See . -- * -- * This program is distributed in the hope that it will be useful, but -- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -- * for more details. -- */ -- --#include -- --#include "prf_plus.h" -- --typedef struct private_prf_plus_t private_prf_plus_t; -- --typedef bool (*apply_prf_t)(private_prf_plus_t *this); -- --/** -- * Private data of an prf_plus_t object. -- * -- */ --struct private_prf_plus_t { -- -- /** -- * Public interface of prf_plus_t. -- */ -- prf_plus_t public; -- -- /** -- * PRF to use. -- */ -- prf_t *prf; -- -- /** -- * Initial seed. -- */ -- chunk_t seed; -- -- /** -- * Octet which will be appended to the seed if a counter is used. -- */ -- uint8_t counter; -- -- /** -- * Already given out bytes in current buffer. -- */ -- size_t used; -- -- /** -- * Buffer to store current PRF result. -- */ -- chunk_t buffer; -- -- /** -- * The prf application method depending on whether a counter is used. -- */ -- apply_prf_t apply_prf; --}; -- --/** -- * Apply the PRF using the running counter -- */ --static bool apply_prf_counter(private_prf_plus_t *this) --{ -- if (!this->prf->get_bytes(this->prf, this->seed, NULL) || -- !this->prf->get_bytes(this->prf, chunk_from_thing(this->counter), -- this->buffer.ptr)) -- { -- return FALSE; -- } -- this->counter++; -- if (!this->counter) -- { /* according to RFC 7296, section 2.13, prf+ is undefined once the -- * counter wrapped, so let's fail for future calls */ -- this->apply_prf = (void*)return_false; -- } -- return TRUE; --} -- --/** -- * Apply the PRF using the running counter -- */ --static bool apply_prf(private_prf_plus_t *this) --{ -- return this->prf->get_bytes(this->prf, this->seed, this->buffer.ptr); --} -- --METHOD(prf_plus_t, get_bytes, bool, -- private_prf_plus_t *this, size_t length, uint8_t *buffer) --{ -- size_t round, written = 0; -- -- while (length > 0) -- { -- if (this->buffer.len == this->used) -- { /* buffer used, get next round */ -- if (!this->prf->get_bytes(this->prf, this->buffer, NULL)) -- { -- return FALSE; -- } -- if (!this->apply_prf(this)) -- { -- return FALSE; -- } -- this->used = 0; -- } -- round = min(length, this->buffer.len - this->used); -- memcpy(buffer + written, this->buffer.ptr + this->used, round); -- -- length -= round; -- this->used += round; -- written += round; -- } -- return TRUE; --} -- --METHOD(prf_plus_t, allocate_bytes, bool, -- private_prf_plus_t *this, size_t length, chunk_t *chunk) --{ -- *chunk = chunk_alloc(length); -- if (!get_bytes(this, length, chunk->ptr)) -- { -- chunk_free(chunk); -- return FALSE; -- } -- return TRUE; --} -- --METHOD(prf_plus_t, destroy, void, -- private_prf_plus_t *this) --{ -- chunk_clear(&this->buffer); -- chunk_clear(&this->seed); -- free(this); --} -- --/* -- * Description in header. -- */ --prf_plus_t *prf_plus_create(prf_t *prf, bool counter, chunk_t seed) --{ -- private_prf_plus_t *this; -- -- INIT(this, -- .public = { -- .get_bytes = _get_bytes, -- .allocate_bytes = _allocate_bytes, -- .destroy = _destroy, -- }, -- .prf = prf, -- .seed = chunk_clone(seed), -- .buffer = chunk_alloc(prf->get_block_size(prf)), -- .apply_prf = counter ? apply_prf_counter : apply_prf, -- .counter = 0x01, -- ); -- -- if (!this->apply_prf(this)) -- { -- destroy(this); -- return NULL; -- } -- return &this->public; --} -Index: strongswan-5.9.5/src/libstrongswan/crypto/prf_plus.h -=================================================================== ---- strongswan-5.9.5.orig/src/libstrongswan/crypto/prf_plus.h -+++ /dev/null -@@ -1,70 +0,0 @@ --/* -- * Copyright (C) 2005-2006 Martin Willi -- * Copyright (C) 2005 Jan Hutter -- * HSR Hochschule fuer Technik Rapperswil -- * -- * This program is free software; you can redistribute it and/or modify it -- * under the terms of the GNU General Public License as published by the -- * Free Software Foundation; either version 2 of the License, or (at your -- * option) any later version. See . -- * -- * This program is distributed in the hope that it will be useful, but -- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -- * for more details. -- */ -- --/** -- * @defgroup prf_plus prf_plus -- * @{ @ingroup crypto -- */ -- --#ifndef PRF_PLUS_H_ --#define PRF_PLUS_H_ -- --typedef struct prf_plus_t prf_plus_t; -- --#include -- --/** -- * Implementation of the prf+ function used in IKEv1/IKEv2 keymat extension. -- */ --struct prf_plus_t { -- -- /** -- * Get pseudo random bytes. -- * -- * @param length number of bytes to get -- * @param buffer pointer where the generated bytes will be written -- * @return TRUE if bytes generated successfully -- */ -- bool (*get_bytes)(prf_plus_t *this, size_t length, -- uint8_t *buffer) __attribute__((warn_unused_result)); -- -- /** -- * Allocate pseudo random bytes. -- * -- * @param length number of bytes to get -- * @param chunk chunk which will hold generated bytes -- * @return TRUE if bytes allocated successfully -- */ -- bool (*allocate_bytes)(prf_plus_t *this, size_t length, -- chunk_t *chunk) __attribute__((warn_unused_result)); -- -- /** -- * Destroys a prf_plus_t object. -- */ -- void (*destroy)(prf_plus_t *this); --}; -- --/** -- * Creates a new prf_plus_t object. -- * -- * @param prf prf object to use, must be destroyed after prf+. -- * @param counter use an appending counter byte (for IKEv2 variant) -- * @param seed input seed for prf -- * @return prf_plus_t object, NULL on failure -- */ --prf_plus_t *prf_plus_create(prf_t *prf, bool counter, chunk_t seed); -- --#endif /** PRF_PLUS_H_ @}*/ -Index: strongswan-5.9.5/src/libstrongswan/crypto/transform.c -=================================================================== ---- strongswan-5.9.5.orig/src/libstrongswan/crypto/transform.c -+++ strongswan-5.9.5/src/libstrongswan/crypto/transform.c -@@ -16,6 +16,7 @@ - #include - #include - #include -+#include - - ENUM_BEGIN(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, - "ENCRYPTION_ALGORITHM", -@@ -23,16 +24,16 @@ ENUM_BEGIN(transform_type_names, ENCRYPT - "INTEGRITY_ALGORITHM", - "DIFFIE_HELLMAN_GROUP", - "EXTENDED_SEQUENCE_NUMBERS"); --ENUM_NEXT(transform_type_names, HASH_ALGORITHM, DETERMINISTIC_RANDOM_BIT_GENERATOR, -+ENUM_NEXT(transform_type_names, HASH_ALGORITHM, KEY_DERIVATION_FUNCTION, - EXTENDED_SEQUENCE_NUMBERS, - "HASH_ALGORITHM", - "RANDOM_NUMBER_GENERATOR", - "AEAD_ALGORITHM", - "COMPRESSION_ALGORITHM", - "EXTENDED OUTPUT FUNCTION", -- "DETERMINISTIC RANDOM BIT GENERATOR"); --ENUM_END(transform_type_names, DETERMINISTIC_RANDOM_BIT_GENERATOR); -- -+ "DETERMINISTIC RANDOM BIT GENERATOR", -+ "KEY_DERIVATION_FUNCTION"); -+ENUM_END(transform_type_names, KEY_DERIVATION_FUNCTION); - - ENUM(extended_sequence_numbers_names, NO_EXT_SEQ_NUMBERS, EXT_SEQ_NUMBERS, - "NO_EXT_SEQ", -@@ -65,6 +66,8 @@ enum_name_t* transform_get_enum_names(tr - return ext_out_function_names; - case DETERMINISTIC_RANDOM_BIT_GENERATOR: - return drbg_type_names; -+ case KEY_DERIVATION_FUNCTION: -+ return key_derivation_function_names; - case COMPRESSION_ALGORITHM: - break; - } -Index: strongswan-5.9.5/src/libstrongswan/crypto/transform.h -=================================================================== ---- strongswan-5.9.5.orig/src/libstrongswan/crypto/transform.h -+++ strongswan-5.9.5/src/libstrongswan/crypto/transform.h -@@ -40,6 +40,7 @@ enum transform_type_t { - COMPRESSION_ALGORITHM = 259, - EXTENDED_OUTPUT_FUNCTION = 260, - DETERMINISTIC_RANDOM_BIT_GENERATOR = 261, -+ KEY_DERIVATION_FUNCTION = 262, - }; - - /** -Index: strongswan-5.9.5/src/libstrongswan/plugins/botan/Makefile.am -=================================================================== ---- strongswan-5.9.5.orig/src/libstrongswan/plugins/botan/Makefile.am -+++ strongswan-5.9.5/src/libstrongswan/plugins/botan/Makefile.am -@@ -16,6 +16,7 @@ libstrongswan_botan_la_SOURCES = \ - botan_rng.h botan_rng.c \ - botan_hasher.h botan_hasher.c \ - botan_hmac.h botan_hmac.c \ -+ botan_kdf.h botan_kdf.c \ - botan_crypter.h botan_crypter.c \ - botan_rsa_public_key.h botan_rsa_public_key.c \ - botan_rsa_private_key.h botan_rsa_private_key.c \ -Index: strongswan-5.9.5/src/libstrongswan/plugins/botan/botan_kdf.c -=================================================================== ---- /dev/null -+++ strongswan-5.9.5/src/libstrongswan/plugins/botan/botan_kdf.c -@@ -0,0 +1,224 @@ -+/* -+ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH -+ * -+ * Permission is hereby granted, free of charge, to any person obtaining a copy -+ * of this software and associated documentation files (the "Software"), to deal -+ * in the Software without restriction, including without limitation the rights -+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -+ * copies of the Software, and to permit persons to whom the Software is -+ * furnished to do so, subject to the following conditions: -+ * -+ * The above copyright notice and this permission notice shall be included in -+ * all copies or substantial portions of the Software. -+ * -+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -+ * THE SOFTWARE. -+ */ -+ -+#define _GNU_SOURCE -+#include "botan_kdf.h" -+#include "botan_util.h" -+ -+#include -+ -+#ifdef BOTAN_HAS_HKDF -+ -+#include -+ -+typedef struct private_kdf_t private_kdf_t; -+ -+/** -+ * Private data. -+ */ -+struct private_kdf_t { -+ -+ /** -+ * Public interface. -+ */ -+ kdf_t public; -+ -+ /** -+ * KDF type. -+ */ -+ key_derivation_function_t type; -+ -+ /** -+ * Name of the KDF algorithm in Botan. -+ */ -+ char *name; -+ -+ /** -+ * Key for KDF. -+ */ -+ chunk_t key; -+ -+ /** -+ * Salt for KDF. -+ */ -+ chunk_t salt; -+ -+ /** -+ * Length of the hash output. -+ */ -+ size_t hash_size; -+}; -+ -+METHOD(kdf_t, get_type, key_derivation_function_t, -+ private_kdf_t *this) -+{ -+ return this->type; -+} -+ -+METHOD(kdf_t, get_length, size_t, -+ private_kdf_t *this) -+{ -+ if (this->type == KDF_PRF_PLUS) -+ { -+ return SIZE_MAX; -+ } -+ return this->hash_size; -+} -+ -+METHOD(kdf_t, get_bytes, bool, -+ private_kdf_t *this, size_t out_len, uint8_t *buffer) -+{ -+ if (this->type == KDF_PRF) -+ { -+ /* IKEv2 uses the nonces as PRF key and the DH secret as salt, however, -+ * HKDF-Extract() does the same again (mapping the salt to the HMAC key), -+ * so we have to switch key and salt here */ -+ if (out_len != get_length(this) || -+ botan_kdf(this->name, buffer, out_len, this->salt.ptr, this->salt.len, -+ this->key.ptr, this->key.len, NULL, 0)) -+ { -+ return FALSE; -+ } -+ return TRUE; -+ } -+ -+#if BOTAN_VERSION_MAJOR == 2 -+ /* Botan 2 doesn't check the length, just silently prevents wrapping the -+ * counter and returns truncated output, so do this manually */ -+ if (out_len > this->hash_size * 255) -+ { -+ return FALSE; -+ } -+#endif -+ if (botan_kdf(this->name, buffer, out_len, this->key.ptr, this->key.len, -+ NULL, 0, this->salt.ptr, this->salt.len)) -+ { -+ return FALSE; -+ } -+ return TRUE; -+} -+ -+METHOD(kdf_t, allocate_bytes, bool, -+ private_kdf_t *this, size_t out_len, chunk_t *chunk) -+{ -+ if (this->type == KDF_PRF) -+ { -+ out_len = out_len ?: get_length(this); -+ } -+ -+ *chunk = chunk_alloc(out_len); -+ -+ if (!get_bytes(this, out_len, chunk->ptr)) -+ { -+ chunk_free(chunk); -+ return FALSE; -+ } -+ return TRUE; -+} -+ -+METHOD(kdf_t, set_param, bool, -+ private_kdf_t *this, kdf_param_t param, ...) -+{ -+ chunk_t chunk; -+ -+ switch (param) -+ { -+ case KDF_PARAM_KEY: -+ VA_ARGS_GET(param, chunk); -+ chunk_clear(&this->key); -+ this->key = chunk_clone(chunk); -+ break; -+ case KDF_PARAM_SALT: -+ VA_ARGS_GET(param, chunk); -+ chunk_clear(&this->salt); -+ this->salt = chunk_clone(chunk); -+ break; -+ } -+ return TRUE; -+} -+ -+METHOD(kdf_t, destroy, void, -+ private_kdf_t *this) -+{ -+ chunk_clear(&this->salt); -+ chunk_clear(&this->key); -+ free(this->name); -+ free(this); -+} -+ -+/* -+ * Described in header -+ */ -+kdf_t *botan_kdf_create(key_derivation_function_t algo, va_list args) -+{ -+ private_kdf_t *this; -+ pseudo_random_function_t prf_alg; -+ const char *hash_name; -+ char *name, buf[HASH_SIZE_SHA512]; -+ -+ if (algo != KDF_PRF && algo != KDF_PRF_PLUS) -+ { -+ return NULL; -+ } -+ -+ VA_ARGS_VGET(args, prf_alg); -+ hash_name = botan_get_hash(hasher_algorithm_from_prf(prf_alg)); -+ if (!hash_name) -+ { -+ return NULL; -+ } -+ if (algo == KDF_PRF) -+ { -+ if (asprintf(&name, "HKDF-Extract(%s)", hash_name) <= 0) -+ { -+ return NULL; -+ } -+ } -+ else if (asprintf(&name, "HKDF-Expand(%s)", hash_name) <= 0) -+ { -+ return NULL; -+ } -+ -+ INIT(this, -+ .public = { -+ .get_type = _get_type, -+ .get_length = _get_length, -+ .get_bytes = _get_bytes, -+ .allocate_bytes = _allocate_bytes, -+ .set_param = _set_param, -+ .destroy = _destroy, -+ }, -+ .type = algo, -+ .name = name, -+ .hash_size = hasher_hash_size(hasher_algorithm_from_prf(prf_alg)), -+ ); -+ -+ /* test if we can actually use the algorithm */ -+ if (!get_bytes(this, algo == KDF_PRF ? get_length(this) : sizeof(buf), buf)) -+ { -+ destroy(this); -+ return NULL; -+ } -+ return &this->public; -+} -+ -+#endif -Index: strongswan-5.9.5/src/libstrongswan/plugins/botan/botan_kdf.h -=================================================================== ---- /dev/null -+++ strongswan-5.9.5/src/libstrongswan/plugins/botan/botan_kdf.h -@@ -0,0 +1,45 @@ -+/* -+ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH -+ * -+ * Permission is hereby granted, free of charge, to any person obtaining a copy -+ * of this software and associated documentation files (the "Software"), to deal -+ * in the Software without restriction, including without limitation the rights -+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -+ * copies of the Software, and to permit persons to whom the Software is -+ * furnished to do so, subject to the following conditions: -+ * -+ * The above copyright notice and this permission notice shall be included in -+ * all copies or substantial portions of the Software. -+ * -+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -+ * THE SOFTWARE. -+ */ -+ -+/** -+ * Implements key derivation functions (KDF) using Botan, in particular prf+, -+ * which is implemented via Botan's HKDF implementation. -+ * -+ * @defgroup botan_kdf botan_kdf -+ * @{ @ingroup botan_p -+ */ -+ -+#ifndef BOTAN_KDF_H_ -+#define BOTAN_KDF_H_ -+ -+#include -+ -+/** -+ * Creates a new kdf_t object. -+ * -+ * @param algo algorithm to instantiate -+ * @param args algorithm-specific arguments -+ * @return kdf_t object, NULL if not supported -+ */ -+kdf_t *botan_kdf_create(key_derivation_function_t algo, va_list args); -+ -+#endif /** BOTAN_KDF_H_ @}*/ -Index: strongswan-5.9.5/src/libstrongswan/plugins/botan/botan_plugin.c -=================================================================== ---- strongswan-5.9.5.orig/src/libstrongswan/plugins/botan/botan_plugin.c -+++ strongswan-5.9.5/src/libstrongswan/plugins/botan/botan_plugin.c -@@ -32,6 +32,7 @@ - #include "botan_crypter.h" - #include "botan_diffie_hellman.h" - #include "botan_hmac.h" -+#include "botan_kdf.h" - #include "botan_rsa_public_key.h" - #include "botan_rsa_private_key.h" - #include "botan_ec_diffie_hellman.h" -@@ -209,6 +210,13 @@ METHOD(plugin_t, get_features, int, - #endif - #endif /* BOTAN_HAS_HMAC */ - -+ /* kdfs */ -+#ifdef BOTAN_HAS_HKDF -+ PLUGIN_REGISTER(SIGNER, botan_kdf_create), -+ PLUGIN_PROVIDE(KDF, KDF_PRF), -+ PLUGIN_PROVIDE(KDF, KDF_PRF_PLUS), -+#endif /* BOTAN_HAS_HKDF */ -+ - /* generic key loaders */ - #if defined (BOTAN_HAS_RSA) || defined(BOTAN_HAS_ECDSA) || \ - defined(BOTAN_HAS_ED25519) -Index: strongswan-5.9.5/src/libstrongswan/plugins/kdf/Makefile.am -=================================================================== ---- /dev/null -+++ strongswan-5.9.5/src/libstrongswan/plugins/kdf/Makefile.am -@@ -0,0 +1,17 @@ -+AM_CPPFLAGS = \ -+ -I$(top_srcdir)/src/libstrongswan -+ -+AM_CFLAGS = \ -+ $(PLUGIN_CFLAGS) -+ -+if MONOLITHIC -+noinst_LTLIBRARIES = libstrongswan-kdf.la -+else -+plugin_LTLIBRARIES = libstrongswan-kdf.la -+endif -+ -+libstrongswan_kdf_la_SOURCES = \ -+ kdf_plugin.h kdf_plugin.c \ -+ kdf_kdf.h kdf_kdf.c -+ -+libstrongswan_kdf_la_LDFLAGS = -module -avoid-version -Index: strongswan-5.9.5/src/libstrongswan/plugins/kdf/kdf_kdf.c -=================================================================== ---- /dev/null -+++ strongswan-5.9.5/src/libstrongswan/plugins/kdf/kdf_kdf.c -@@ -0,0 +1,205 @@ -+/* -+ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH -+ * -+ * Permission is hereby granted, free of charge, to any person obtaining a copy -+ * of this software and associated documentation files (the "Software"), to deal -+ * in the Software without restriction, including without limitation the rights -+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -+ * copies of the Software, and to permit persons to whom the Software is -+ * furnished to do so, subject to the following conditions: -+ * -+ * The above copyright notice and this permission notice shall be included in -+ * all copies or substantial portions of the Software. -+ * -+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -+ * THE SOFTWARE. -+ */ -+ -+#include "kdf_kdf.h" -+ -+typedef struct private_kdf_t private_kdf_t; -+ -+/** -+ * Private data. -+ */ -+struct private_kdf_t { -+ -+ /** -+ * Public interface. -+ */ -+ kdf_t public; -+ -+ /** -+ * KDF type. -+ */ -+ key_derivation_function_t type; -+ -+ /** -+ * Underlying PRF. -+ */ -+ prf_t *prf; -+ -+ /** -+ * Salt value. -+ */ -+ chunk_t salt; -+}; -+ -+METHOD(kdf_t, get_type, key_derivation_function_t, -+ private_kdf_t *this) -+{ -+ return this->type; -+} -+ -+METHOD(kdf_t, get_length, size_t, -+ private_kdf_t *this) -+{ -+ if (this->type == KDF_PRF_PLUS) -+ { -+ return SIZE_MAX; -+ } -+ return this->prf->get_block_size(this->prf); -+} -+ -+METHOD(kdf_t, get_bytes_prf_plus, bool, -+ private_kdf_t *this, size_t out_len, uint8_t *buffer) -+{ -+ chunk_t block, previous = chunk_empty; -+ uint8_t counter = 1, *out = buffer; -+ size_t len; -+ bool success = TRUE; -+ -+ block = chunk_alloca(this->prf->get_block_size(this->prf)); -+ if (out_len > block.len * 255) -+ { -+ return FALSE; -+ } -+ -+ while (out_len) -+ { -+ if (!this->prf->get_bytes(this->prf, previous, NULL) || -+ !this->prf->get_bytes(this->prf, this->salt, NULL) || -+ !this->prf->get_bytes(this->prf, chunk_from_thing(counter), -+ block.ptr)) -+ { -+ success = FALSE; -+ break; -+ } -+ len = min(out_len, block.len); -+ memcpy(out, block.ptr, len); -+ previous = chunk_create(out, block.len); -+ -+ out_len -= len; -+ out += len; -+ counter++; -+ } -+ memwipe(block.ptr, block.len); -+ return success; -+} -+ -+METHOD(kdf_t, get_bytes, bool, -+ private_kdf_t *this, size_t out_len, uint8_t *buffer) -+{ -+ if (out_len != get_length(this)) -+ { -+ return FALSE; -+ } -+ return this->prf->get_bytes(this->prf, this->salt, buffer); -+} -+ -+METHOD(kdf_t, allocate_bytes, bool, -+ private_kdf_t *this, size_t out_len, chunk_t *chunk) -+{ -+ if (this->type == KDF_PRF) -+ { -+ out_len = out_len ?: get_length(this); -+ } -+ -+ *chunk = chunk_alloc(out_len); -+ -+ if (!this->public.get_bytes(&this->public, out_len, chunk->ptr)) -+ { -+ chunk_free(chunk); -+ return FALSE; -+ } -+ return TRUE; -+} -+ -+METHOD(kdf_t, set_param, bool, -+ private_kdf_t *this, kdf_param_t param, ...) -+{ -+ chunk_t chunk; -+ bool success = FALSE; -+ -+ switch (param) -+ { -+ case KDF_PARAM_KEY: -+ VA_ARGS_GET(param, chunk); -+ success = this->prf->set_key(this->prf, chunk); -+ break; -+ case KDF_PARAM_SALT: -+ VA_ARGS_GET(param, chunk); -+ chunk_clear(&this->salt); -+ this->salt = chunk_clone(chunk); -+ success = TRUE; -+ break; -+ } -+ return success; -+} -+ -+METHOD(kdf_t, destroy, void, -+ private_kdf_t *this) -+{ -+ this->prf->destroy(this->prf); -+ chunk_clear(&this->salt); -+ free(this); -+} -+ -+/* -+ * Described in header -+ */ -+kdf_t *kdf_kdf_create(key_derivation_function_t algo, va_list args) -+{ -+ private_kdf_t *this; -+ pseudo_random_function_t prf_alg; -+ prf_t *prf; -+ -+ if (algo != KDF_PRF && algo != KDF_PRF_PLUS) -+ { -+ return NULL; -+ } -+ -+ VA_ARGS_VGET(args, prf_alg); -+ prf = lib->crypto->create_prf(lib->crypto, prf_alg); -+ if (!prf) -+ { -+ DBG1(DBG_LIB, "failed to create %N for %N", -+ pseudo_random_function_names, prf_alg, -+ key_derivation_function_names, algo); -+ return NULL; -+ } -+ -+ INIT(this, -+ .public = { -+ .get_type = _get_type, -+ .get_length = _get_length, -+ .get_bytes = _get_bytes, -+ .allocate_bytes = _allocate_bytes, -+ .set_param = _set_param, -+ .destroy = _destroy, -+ }, -+ .type = algo, -+ .prf = prf, -+ ); -+ -+ if (algo == KDF_PRF_PLUS) -+ { -+ this->public.get_bytes = _get_bytes_prf_plus; -+ } -+ return &this->public; -+} -Index: strongswan-5.9.5/src/libstrongswan/plugins/kdf/kdf_kdf.h -=================================================================== ---- /dev/null -+++ strongswan-5.9.5/src/libstrongswan/plugins/kdf/kdf_kdf.h -@@ -0,0 +1,56 @@ -+/* -+ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH -+ * -+ * Permission is hereby granted, free of charge, to any person obtaining a copy -+ * of this software and associated documentation files (the "Software"), to deal -+ * in the Software without restriction, including without limitation the rights -+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -+ * copies of the Software, and to permit persons to whom the Software is -+ * furnished to do so, subject to the following conditions: -+ * -+ * The above copyright notice and this permission notice shall be included in -+ * all copies or substantial portions of the Software. -+ * -+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -+ * THE SOFTWARE. -+ */ -+ -+/** -+ * Implements a KDF wrapper around PRFs, and prf+ as defined in RFC 7296, -+ * section 2.13: -+ * -+ * @verbatim -+ prf+ (K,S) = T1 | T2 | T3 | T4 | ... -+ -+ where: -+ T1 = prf (K, S | 0x01) -+ T2 = prf (K, T1 | S | 0x02) -+ T3 = prf (K, T2 | S | 0x03) -+ T4 = prf (K, T3 | S | 0x04) -+ ... -+ * @endverbatim -+ * -+ * @defgroup kdf_kdf kdf_kdf -+ * @{ @ingroup kdf_p -+ */ -+ -+#ifndef KDF_KDF_H_ -+#define KDF_KDF_H_ -+ -+#include -+ -+/** -+ * Create a kdf_t object -+ * -+ * @param algo KDF_PRF_PLUS -+ * @param args pseudo_random_function_t of the underlying PRF -+ * @return kdf_t object, NULL if not supported -+ */ -+kdf_t *kdf_kdf_create(key_derivation_function_t algo, va_list args); -+ -+#endif /** KDF_KDF_H_ @}*/ -Index: strongswan-5.9.5/src/libstrongswan/plugins/kdf/kdf_plugin.c -=================================================================== ---- /dev/null -+++ strongswan-5.9.5/src/libstrongswan/plugins/kdf/kdf_plugin.c -@@ -0,0 +1,95 @@ -+/* -+ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH -+ * -+ * Permission is hereby granted, free of charge, to any person obtaining a copy -+ * of this software and associated documentation files (the "Software"), to deal -+ * in the Software without restriction, including without limitation the rights -+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -+ * copies of the Software, and to permit persons to whom the Software is -+ * furnished to do so, subject to the following conditions: -+ * -+ * The above copyright notice and this permission notice shall be included in -+ * all copies or substantial portions of the Software. -+ * -+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -+ * THE SOFTWARE. -+ */ -+ -+#include "kdf_plugin.h" -+#include "kdf_kdf.h" -+ -+#include -+ -+typedef struct private_kdf_plugin_t private_kdf_plugin_t; -+ -+/** -+ * Private data -+ */ -+struct private_kdf_plugin_t { -+ -+ /** -+ * Public interface -+ */ -+ kdf_plugin_t public; -+}; -+ -+METHOD(plugin_t, get_name, char*, -+ private_kdf_plugin_t *this) -+{ -+ return "kdf"; -+} -+ -+METHOD(plugin_t, get_features, int, -+ private_kdf_plugin_t *this, plugin_feature_t *features[]) -+{ -+ static plugin_feature_t f[] = { -+ PLUGIN_REGISTER(KDF, kdf_kdf_create), -+ PLUGIN_PROVIDE(KDF, KDF_PRF), -+ PLUGIN_SDEPEND(PRF, PRF_HMAC_SHA1), -+ PLUGIN_SDEPEND(PRF, PRF_HMAC_SHA2_256), -+ PLUGIN_SDEPEND(PRF, PRF_HMAC_SHA2_384), -+ PLUGIN_SDEPEND(PRF, PRF_HMAC_SHA2_512), -+ PLUGIN_SDEPEND(PRF, PRF_AES128_XCBC), -+ PLUGIN_SDEPEND(PRF, PRF_AES128_CMAC), -+ PLUGIN_PROVIDE(KDF, KDF_PRF_PLUS), -+ PLUGIN_SDEPEND(PRF, PRF_HMAC_SHA1), -+ PLUGIN_SDEPEND(PRF, PRF_HMAC_SHA2_256), -+ PLUGIN_SDEPEND(PRF, PRF_HMAC_SHA2_384), -+ PLUGIN_SDEPEND(PRF, PRF_HMAC_SHA2_512), -+ PLUGIN_SDEPEND(PRF, PRF_AES128_XCBC), -+ PLUGIN_SDEPEND(PRF, PRF_AES128_CMAC), -+ }; -+ *features = f; -+ return countof(f); -+} -+ -+METHOD(plugin_t, destroy, void, -+ private_kdf_plugin_t *this) -+{ -+ free(this); -+} -+ -+/* -+ * Described in header -+ */ -+plugin_t *kdf_plugin_create() -+{ -+ private_kdf_plugin_t *this; -+ -+ INIT(this, -+ .public = { -+ .plugin = { -+ .get_name = _get_name, -+ .get_features = _get_features, -+ .destroy = _destroy, -+ }, -+ }, -+ ); -+ -+ return &this->public.plugin; -+} -Index: strongswan-5.9.5/src/libstrongswan/plugins/kdf/kdf_plugin.h -=================================================================== ---- /dev/null -+++ strongswan-5.9.5/src/libstrongswan/plugins/kdf/kdf_plugin.h -@@ -0,0 +1,49 @@ -+/* -+ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH -+ * -+ * Permission is hereby granted, free of charge, to any person obtaining a copy -+ * of this software and associated documentation files (the "Software"), to deal -+ * in the Software without restriction, including without limitation the rights -+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -+ * copies of the Software, and to permit persons to whom the Software is -+ * furnished to do so, subject to the following conditions: -+ * -+ * The above copyright notice and this permission notice shall be included in -+ * all copies or substantial portions of the Software. -+ * -+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -+ * THE SOFTWARE. -+ */ -+ -+/** -+ * @defgroup kdf_p kdf -+ * @ingroup plugins -+ * -+ * @defgroup kdf_plugin kdf_plugin -+ * @{ @ingroup kdf_p -+ */ -+ -+#ifndef KDF_PLUGIN_H_ -+#define KDF_PLUGIN_H_ -+ -+#include -+ -+typedef struct kdf_plugin_t kdf_plugin_t; -+ -+/** -+ * Plugin implementing the key derivation functions (KDF) in software. -+ */ -+struct kdf_plugin_t { -+ -+ /** -+ * implements plugin interface -+ */ -+ plugin_t plugin; -+}; -+ -+#endif /** KDF_PLUGIN_H_ @}*/ -Index: strongswan-5.9.5/src/libstrongswan/plugins/openssl/Makefile.am -=================================================================== ---- strongswan-5.9.5.orig/src/libstrongswan/plugins/openssl/Makefile.am -+++ strongswan-5.9.5/src/libstrongswan/plugins/openssl/Makefile.am -@@ -33,6 +33,7 @@ libstrongswan_openssl_la_SOURCES = \ - openssl_pkcs12.c openssl_pkcs12.h \ - openssl_rng.c openssl_rng.h \ - openssl_hmac.c openssl_hmac.h \ -+ openssl_kdf.c openssl_kdf.h \ - openssl_aead.c openssl_aead.h \ - openssl_x_diffie_hellman.c openssl_x_diffie_hellman.h \ - openssl_ed_private_key.c openssl_ed_private_key.h \ -Index: strongswan-5.9.5/src/libstrongswan/plugins/openssl/openssl_kdf.c -=================================================================== ---- /dev/null -+++ strongswan-5.9.5/src/libstrongswan/plugins/openssl/openssl_kdf.c -@@ -0,0 +1,223 @@ -+/* -+ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH -+ * -+ * Permission is hereby granted, free of charge, to any person obtaining a copy -+ * of this software and associated documentation files (the "Software"), to deal -+ * in the Software without restriction, including without limitation the rights -+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -+ * copies of the Software, and to permit persons to whom the Software is -+ * furnished to do so, subject to the following conditions: -+ * -+ * The above copyright notice and this permission notice shall be included in -+ * all copies or substantial portions of the Software. -+ * -+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -+ * THE SOFTWARE. -+ */ -+ -+#include -+#include -+ -+#if !defined(OPENSSL_NO_HMAC) && OPENSSL_VERSION_NUMBER >= 0x10101000L -+ -+#include -+#include -+ -+#include "openssl_kdf.h" -+ -+typedef struct private_kdf_t private_kdf_t; -+ -+/** -+ * Private data. -+ */ -+struct private_kdf_t { -+ -+ /** -+ * Public interface. -+ */ -+ kdf_t public; -+ -+ /** -+ * KDF type. -+ */ -+ key_derivation_function_t type; -+ -+ /** -+ * Hasher to use for underlying PRF. -+ */ -+ const EVP_MD *hasher; -+ -+ /** -+ * Key for KDF. Stored here because OpenSSL's HKDF API does not provide a -+ * way to clear the "info" field in the context, new data is always -+ * appended (up to 1024 bytes). -+ */ -+ chunk_t key; -+ -+ /** -+ * Salt for prf+ (see above). -+ */ -+ chunk_t salt; -+}; -+ -+METHOD(kdf_t, get_type, key_derivation_function_t, -+ private_kdf_t *this) -+{ -+ return this->type; -+} -+ -+METHOD(kdf_t, get_length, size_t, -+ private_kdf_t *this) -+{ -+ if (this->type == KDF_PRF_PLUS) -+ { -+ return SIZE_MAX; -+ } -+ return EVP_MD_size(this->hasher); -+} -+ -+/** -+ * Set the parameters as a appropriate for the given KDF type. -+ */ -+static bool set_params(private_kdf_t *this, EVP_PKEY_CTX *ctx) -+{ -+ /* IKEv2 uses the nonces as PRF key and the DH secret as salt, however, -+ * HKDF-Extract() does the same again (mapping the salt to the HMAC key), -+ * so we have to switch key and salt here */ -+ if (this->type == KDF_PRF) -+ { -+ return EVP_PKEY_CTX_hkdf_mode(ctx, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) > 0 && -+ EVP_PKEY_CTX_set1_hkdf_key(ctx, this->salt.ptr, this->salt.len) > 0 && -+ EVP_PKEY_CTX_set1_hkdf_salt(ctx, this->key.ptr, this->key.len) > 0; -+ } -+ /* for HKDF-Expand() we map the salt to the "info" field */ -+ return EVP_PKEY_CTX_hkdf_mode(ctx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) > 0 && -+ EVP_PKEY_CTX_set1_hkdf_key(ctx, this->key.ptr, this->key.len) > 0 && -+ EVP_PKEY_CTX_add1_hkdf_info(ctx, this->salt.ptr, this->salt.len) > 0; -+} -+ -+METHOD(kdf_t, get_bytes, bool, -+ private_kdf_t *this, size_t out_len, uint8_t *buffer) -+{ -+ EVP_PKEY_CTX *ctx; -+ -+ if (this->type == KDF_PRF && out_len != get_length(this)) -+ { -+ return FALSE; -+ } -+ -+ ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); -+ if (!ctx || -+ EVP_PKEY_derive_init(ctx) <= 0 || -+ EVP_PKEY_CTX_set_hkdf_md(ctx, this->hasher) <= 0 || -+ !set_params(this, ctx) || -+ EVP_PKEY_derive(ctx, buffer, &out_len) <= 0) -+ { -+ EVP_PKEY_CTX_free(ctx); -+ return FALSE; -+ } -+ EVP_PKEY_CTX_free(ctx); -+ return TRUE; -+} -+ -+METHOD(kdf_t, allocate_bytes, bool, -+ private_kdf_t *this, size_t out_len, chunk_t *chunk) -+{ -+ if (this->type == KDF_PRF) -+ { -+ out_len = out_len ?: get_length(this); -+ } -+ -+ *chunk = chunk_alloc(out_len); -+ -+ if (!get_bytes(this, out_len, chunk->ptr)) -+ { -+ chunk_free(chunk); -+ return FALSE; -+ } -+ return TRUE; -+} -+ -+METHOD(kdf_t, set_param, bool, -+ private_kdf_t *this, kdf_param_t param, ...) -+{ -+ chunk_t chunk; -+ -+ switch (param) -+ { -+ case KDF_PARAM_KEY: -+ VA_ARGS_GET(param, chunk); -+ chunk_clear(&this->key); -+ this->key = chunk_clone(chunk); -+ break; -+ case KDF_PARAM_SALT: -+ VA_ARGS_GET(param, chunk); -+ chunk_clear(&this->salt); -+ this->salt = chunk_clone(chunk); -+ break; -+ } -+ return TRUE; -+} -+ -+METHOD(kdf_t, destroy, void, -+ private_kdf_t *this) -+{ -+ chunk_clear(&this->salt); -+ chunk_clear(&this->key); -+ free(this); -+} -+ -+/* -+ * Described in header -+ */ -+kdf_t *openssl_kdf_create(key_derivation_function_t algo, va_list args) -+{ -+ private_kdf_t *this; -+ pseudo_random_function_t prf_alg; -+ char *name, buf[EVP_MAX_MD_SIZE]; -+ -+ if (algo != KDF_PRF && algo != KDF_PRF_PLUS) -+ { -+ return NULL; -+ } -+ -+ VA_ARGS_VGET(args, prf_alg); -+ name = enum_to_name(hash_algorithm_short_names, -+ hasher_algorithm_from_prf(prf_alg)); -+ if (!name) -+ { -+ return NULL; -+ } -+ -+ INIT(this, -+ .public = { -+ .get_type = _get_type, -+ .get_length = _get_length, -+ .get_bytes = _get_bytes, -+ .allocate_bytes = _allocate_bytes, -+ .set_param = _set_param, -+ .destroy = _destroy, -+ }, -+ .type = algo, -+ .hasher = EVP_get_digestbyname(name), -+ /* use a lengthy key/salt to test the implementation below to make sure -+ * the algorithms are usable, see openssl_hmac.c for details */ -+ .key = chunk_clone(chunk_from_str("00000000000000000000000000000000")), -+ .salt = chunk_clone(chunk_from_str("00000000000000000000000000000000")), -+ ); -+ -+ if (!this->hasher || -+ !get_bytes(this, algo == KDF_PRF ? get_length(this) : sizeof(buf), buf)) -+ { -+ destroy(this); -+ return NULL; -+ } -+ return &this->public; -+} -+ -+#endif /* OPENSSL_NO_HMAC && OPENSSL_VERSION_NUMBER */ -Index: strongswan-5.9.5/src/libstrongswan/plugins/openssl/openssl_kdf.h -=================================================================== ---- /dev/null -+++ strongswan-5.9.5/src/libstrongswan/plugins/openssl/openssl_kdf.h -@@ -0,0 +1,45 @@ -+/* -+ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH -+ * -+ * Permission is hereby granted, free of charge, to any person obtaining a copy -+ * of this software and associated documentation files (the "Software"), to deal -+ * in the Software without restriction, including without limitation the rights -+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -+ * copies of the Software, and to permit persons to whom the Software is -+ * furnished to do so, subject to the following conditions: -+ * -+ * The above copyright notice and this permission notice shall be included in -+ * all copies or substantial portions of the Software. -+ * -+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -+ * THE SOFTWARE. -+ */ -+ -+/** -+ * Implements key derivation functions (KDF) via OpenSSL, in particular prf+, -+ * which is implemented via OpenSSL's HKDF implementation. -+ * -+ * @defgroup openssl_kdf openssl_kdf -+ * @{ @ingroup openssl_p -+ */ -+ -+#ifndef OPENSSL_KDF_H_ -+#define OPENSSL_KDF_H_ -+ -+#include -+ -+/** -+ * Creates a new kdf_t object. -+ * -+ * @param algo algorithm to instantiate -+ * @param args algorithm-specific arguments -+ * @return kdf_t object, NULL if not supported -+ */ -+kdf_t *openssl_kdf_create(key_derivation_function_t algo, va_list args); -+ -+#endif /** OPENSSL_KDF_H_ @}*/ -Index: strongswan-5.9.5/src/libstrongswan/plugins/openssl/openssl_plugin.c -=================================================================== ---- strongswan-5.9.5.orig/src/libstrongswan/plugins/openssl/openssl_plugin.c -+++ strongswan-5.9.5/src/libstrongswan/plugins/openssl/openssl_plugin.c -@@ -16,7 +16,6 @@ - - #include - #include --#include - #include - #include - #include -@@ -53,6 +52,7 @@ - #include "openssl_pkcs12.h" - #include "openssl_rng.h" - #include "openssl_hmac.h" -+#include "openssl_kdf.h" - #include "openssl_aead.h" - #include "openssl_x_diffie_hellman.h" - #include "openssl_ed_public_key.h" -@@ -74,13 +74,6 @@ struct private_openssl_plugin_t { - * public functions - */ - openssl_plugin_t public; -- --#if OPENSSL_VERSION_NUMBER >= 0x30000000L -- /** -- * Loaded providers -- */ -- array_t *providers; --#endif - }; - - /** -@@ -662,6 +655,12 @@ METHOD(plugin_t, get_features, int, - PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_256), - PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_512), - #endif -+#if OPENSSL_VERSION_NUMBER >= 0x10101000L -+ /* HKDF is available since 1.1.0, expand-only mode only since 1.1.1 */ -+ PLUGIN_REGISTER(KDF, openssl_kdf_create), -+ PLUGIN_PROVIDE(KDF, KDF_PRF), -+ PLUGIN_PROVIDE(KDF, KDF_PRF_PLUS), -+#endif - #endif /* OPENSSL_NO_HMAC */ - #if (OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(OPENSSL_NO_AES)) || \ - (OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(OPENSSL_NO_CHACHA)) -@@ -887,15 +886,6 @@ METHOD(plugin_t, get_features, int, - METHOD(plugin_t, destroy, void, - private_openssl_plugin_t *this) - { --#if OPENSSL_VERSION_NUMBER >= 0x30000000L -- OSSL_PROVIDER *provider; -- while (array_remove(this->providers, ARRAY_TAIL, &provider)) -- { -- OSSL_PROVIDER_unload(provider); -- } -- array_destroy(this->providers); --#endif /* OPENSSL_VERSION_NUMBER */ -- - /* OpenSSL 1.1.0 cleans up itself at exit and while OPENSSL_cleanup() exists we - * can't call it as we couldn't re-initialize the library (as required by the - * unit tests and the Android app) */ -@@ -1009,20 +999,16 @@ plugin_t *openssl_plugin_create() - DBG1(DBG_LIB, "unable to load OpenSSL FIPS provider"); - return NULL; - } -- array_insert_create(&this->providers, ARRAY_TAIL, fips); - /* explicitly load the base provider containing encoding functions */ -- array_insert_create(&this->providers, ARRAY_TAIL, -- OSSL_PROVIDER_load(NULL, "base")); -+ OSSL_PROVIDER_load(NULL, "base"); - } - else if (lib->settings->get_bool(lib->settings, "%s.plugins.openssl.load_legacy", - TRUE, lib->ns)) - { - /* load the legacy provider for algorithms like MD4, DES, BF etc. */ -- array_insert_create(&this->providers, ARRAY_TAIL, -- OSSL_PROVIDER_load(NULL, "legacy")); -+ OSSL_PROVIDER_load(NULL, "legacy"); - /* explicitly load the default provider, as mentioned by crypto(7) */ -- array_insert_create(&this->providers, ARRAY_TAIL, -- OSSL_PROVIDER_load(NULL, "default")); -+ OSSL_PROVIDER_load(NULL, "default"); - } - ossl_provider_names_t data = {}; - OSSL_PROVIDER_do_all(NULL, concat_ossl_providers, &data); -Index: strongswan-5.9.5/src/libstrongswan/plugins/plugin_feature.c -=================================================================== ---- strongswan-5.9.5.orig/src/libstrongswan/plugins/plugin_feature.c -+++ strongswan-5.9.5/src/libstrongswan/plugins/plugin_feature.c -@@ -32,6 +32,7 @@ ENUM(plugin_feature_names, FEATURE_NONE, - "HASHER", - "PRF", - "XOF", -+ "KDF", - "DRBG", - "DH", - "RNG", -@@ -93,6 +94,9 @@ uint32_t plugin_feature_hash(plugin_feat - case FEATURE_XOF: - data = chunk_from_thing(feature->arg.xof); - break; -+ case FEATURE_KDF: -+ data = chunk_from_thing(feature->arg.kdf); -+ break; - case FEATURE_DRBG: - data = chunk_from_thing(feature->arg.drbg); - break; -@@ -171,6 +175,8 @@ bool plugin_feature_matches(plugin_featu - return a->arg.prf == b->arg.prf; - case FEATURE_XOF: - return a->arg.xof == b->arg.xof; -+ case FEATURE_KDF: -+ return a->arg.kdf == b->arg.kdf; - case FEATURE_DRBG: - return a->arg.drbg == b->arg.drbg; - case FEATURE_DH: -@@ -232,6 +238,7 @@ bool plugin_feature_equals(plugin_featur - case FEATURE_HASHER: - case FEATURE_PRF: - case FEATURE_XOF: -+ case FEATURE_KDF: - case FEATURE_DRBG: - case FEATURE_DH: - case FEATURE_NONCE_GEN: -@@ -327,6 +334,13 @@ char* plugin_feature_get_string(plugin_f - return str; - } - break; -+ case FEATURE_KDF: -+ if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type, -+ key_derivation_function_names, feature->arg.kdf) > 0) -+ { -+ return str; -+ } -+ break; - case FEATURE_DRBG: - if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type, - drbg_type_names, feature->arg.drbg) > 0) -@@ -472,6 +486,17 @@ bool plugin_feature_load(plugin_t *plugi - name = plugin->get_name(plugin); - switch (feature->type) - { -+ case FEATURE_NONE: -+ case FEATURE_PRIVKEY_SIGN: -+ case FEATURE_PRIVKEY_DECRYPT: -+ case FEATURE_PUBKEY_VERIFY: -+ case FEATURE_PUBKEY_ENCRYPT: -+ case FEATURE_EAP_SERVER: -+ case FEATURE_EAP_PEER: -+ case FEATURE_XAUTH_SERVER: -+ case FEATURE_XAUTH_PEER: -+ case FEATURE_CUSTOM: -+ break; - case FEATURE_CRYPTER: - lib->crypto->add_crypter(lib->crypto, feature->arg.crypter.alg, - feature->arg.crypter.key_size, -@@ -498,6 +523,10 @@ bool plugin_feature_load(plugin_t *plugi - lib->crypto->add_xof(lib->crypto, feature->arg.xof, - name, reg->arg.reg.f); - break; -+ case FEATURE_KDF: -+ lib->crypto->add_kdf(lib->crypto, feature->arg.kdf, -+ name, reg->arg.reg.f); -+ break; - case FEATURE_DRBG: - lib->crypto->add_drbg(lib->crypto, feature->arg.drbg, - name, reg->arg.reg.f); -@@ -547,8 +576,6 @@ bool plugin_feature_load(plugin_t *plugi - case FEATURE_RESOLVER: - lib->resolver->add_resolver(lib->resolver, reg->arg.reg.f); - break; -- default: -- break; - } - return TRUE; - } -@@ -574,6 +601,17 @@ bool plugin_feature_unload(plugin_t *plu - } - switch (feature->type) - { -+ case FEATURE_NONE: -+ case FEATURE_PRIVKEY_SIGN: -+ case FEATURE_PRIVKEY_DECRYPT: -+ case FEATURE_PUBKEY_VERIFY: -+ case FEATURE_PUBKEY_ENCRYPT: -+ case FEATURE_EAP_SERVER: -+ case FEATURE_EAP_PEER: -+ case FEATURE_XAUTH_SERVER: -+ case FEATURE_XAUTH_PEER: -+ case FEATURE_CUSTOM: -+ break; - case FEATURE_CRYPTER: - lib->crypto->remove_crypter(lib->crypto, reg->arg.reg.f); - break; -@@ -592,6 +630,9 @@ bool plugin_feature_unload(plugin_t *plu - case FEATURE_XOF: - lib->crypto->remove_xof(lib->crypto, reg->arg.reg.f); - break; -+ case FEATURE_KDF: -+ lib->crypto->remove_kdf(lib->crypto, reg->arg.reg.f); -+ break; - case FEATURE_DRBG: - lib->crypto->remove_drbg(lib->crypto, reg->arg.reg.f); - break; -@@ -628,8 +669,6 @@ bool plugin_feature_unload(plugin_t *plu - case FEATURE_RESOLVER: - lib->resolver->remove_resolver(lib->resolver, reg->arg.reg.f); - break; -- default: -- break; - } - return TRUE; - } -Index: strongswan-5.9.5/src/libstrongswan/plugins/plugin_feature.h -=================================================================== ---- strongswan-5.9.5.orig/src/libstrongswan/plugins/plugin_feature.h -+++ strongswan-5.9.5/src/libstrongswan/plugins/plugin_feature.h -@@ -113,6 +113,8 @@ struct plugin_feature_t { - FEATURE_PRF, - /** xof_t */ - FEATURE_XOF, -+ /** kdf_t */ -+ FEATURE_KDF, - /** drbg_t */ - FEATURE_DRBG, - /** diffie_hellman_t */ -@@ -176,8 +178,10 @@ struct plugin_feature_t { - integrity_algorithm_t signer; - /** FEATURE_PRF */ - pseudo_random_function_t prf; -- /** FEATURE_XOFF */ -+ /** FEATURE_XOF */ - ext_out_function_t xof; -+ /** FEATURE_KDF */ -+ key_derivation_function_t kdf; - /** FEATURE_DRBG */ - drbg_type_t drbg; - /** FEATURE_HASHER */ -@@ -288,6 +292,7 @@ struct plugin_feature_t { - #define _PLUGIN_FEATURE_HASHER(kind, alg) __PLUGIN_FEATURE(kind, HASHER, .hasher = alg) - #define _PLUGIN_FEATURE_PRF(kind, alg) __PLUGIN_FEATURE(kind, PRF, .prf = alg) - #define _PLUGIN_FEATURE_XOF(kind, alg) __PLUGIN_FEATURE(kind, XOF, .xof = alg) -+#define _PLUGIN_FEATURE_KDF(kind, alg) __PLUGIN_FEATURE(kind, KDF, .kdf = alg) - #define _PLUGIN_FEATURE_DRBG(kind, type) __PLUGIN_FEATURE(kind, DRBG, .drbg = type) - #define _PLUGIN_FEATURE_DH(kind, group) __PLUGIN_FEATURE(kind, DH, .dh_group = group) - #define _PLUGIN_FEATURE_RNG(kind, quality) __PLUGIN_FEATURE(kind, RNG, .rng_quality = quality) -@@ -322,6 +327,7 @@ struct plugin_feature_t { - #define _PLUGIN_FEATURE_REGISTER_HASHER(type, f) __PLUGIN_FEATURE_REGISTER(type, f) - #define _PLUGIN_FEATURE_REGISTER_PRF(type, f) __PLUGIN_FEATURE_REGISTER(type, f) - #define _PLUGIN_FEATURE_REGISTER_XOF(type, f) __PLUGIN_FEATURE_REGISTER(type, f) -+#define _PLUGIN_FEATURE_REGISTER_KDF(type, f) __PLUGIN_FEATURE_REGISTER(type, f) - #define _PLUGIN_FEATURE_REGISTER_DRBG(type, f) __PLUGIN_FEATURE_REGISTER(type, f) - #define _PLUGIN_FEATURE_REGISTER_DH(type, f) __PLUGIN_FEATURE_REGISTER(type, f) - #define _PLUGIN_FEATURE_REGISTER_RNG(type, f) __PLUGIN_FEATURE_REGISTER(type, f) -Index: strongswan-5.9.5/src/libstrongswan/plugins/test_vectors/Makefile.am -=================================================================== ---- strongswan-5.9.5.orig/src/libstrongswan/plugins/test_vectors/Makefile.am -+++ strongswan-5.9.5/src/libstrongswan/plugins/test_vectors/Makefile.am -@@ -30,6 +30,8 @@ libstrongswan_test_vectors_la_SOURCES = - test_vectors/cast.c \ - test_vectors/des.c \ - test_vectors/idea.c \ -+ test_vectors/kdf_prf.c \ -+ test_vectors/kdf_prf_plus.c \ - test_vectors/null.c \ - test_vectors/rc2.c \ - test_vectors/rc5.c \ -Index: strongswan-5.9.5/src/libstrongswan/plugins/test_vectors/test_vectors.h -=================================================================== ---- strongswan-5.9.5.orig/src/libstrongswan/plugins/test_vectors/test_vectors.h -+++ strongswan-5.9.5/src/libstrongswan/plugins/test_vectors/test_vectors.h -@@ -220,6 +220,20 @@ TEST_VECTOR_HASHER(sha3_256_255) - TEST_VECTOR_HASHER(sha3_384_255) - TEST_VECTOR_HASHER(sha3_512_255) - -+TEST_VECTOR_KDF(prf_sha256_1) -+TEST_VECTOR_KDF(prf_sha256_2) -+TEST_VECTOR_KDF(prf_sha384_1) -+TEST_VECTOR_KDF(prf_sha384_2) -+TEST_VECTOR_KDF(prf_sha512_1) -+TEST_VECTOR_KDF(prf_sha512_2) -+TEST_VECTOR_KDF(prf_plus_sha256_old) -+TEST_VECTOR_KDF(prf_plus_sha256_1) -+TEST_VECTOR_KDF(prf_plus_sha256_2) -+TEST_VECTOR_KDF(prf_plus_sha384_1) -+TEST_VECTOR_KDF(prf_plus_sha384_2) -+TEST_VECTOR_KDF(prf_plus_sha512_1) -+TEST_VECTOR_KDF(prf_plus_sha512_2) -+ - TEST_VECTOR_PRF(aes_xcbc_p1) - TEST_VECTOR_PRF(aes_xcbc_p2) - TEST_VECTOR_PRF(aes_xcbc_p3) -Index: strongswan-5.9.5/src/libstrongswan/plugins/test_vectors/test_vectors/kdf_prf.c -=================================================================== ---- /dev/null -+++ strongswan-5.9.5/src/libstrongswan/plugins/test_vectors/test_vectors/kdf_prf.c -@@ -0,0 +1,236 @@ -+/* -+ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH -+ * -+ * Permission is hereby granted, free of charge, to any person obtaining a copy -+ * of this software and associated documentation files (the "Software"), to deal -+ * in the Software without restriction, including without limitation the rights -+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -+ * copies of the Software, and to permit persons to whom the Software is -+ * furnished to do so, subject to the following conditions: -+ * -+ * The above copyright notice and this permission notice shall be included in -+ * all copies or substantial portions of the Software. -+ * -+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -+ * THE SOFTWARE. -+ */ -+ -+#include -+ -+/** -+ * The following test vectors are from CAVP/SP 800-135 for IKEv2. -+ * -+ * key = Ni | Nr, salt = g^ir (one vector with min. and one with max. size for -+ * nonces) -+ */ -+kdf_test_vector_t prf_sha256_1 = { -+ .alg = KDF_PRF, .arg.prf = PRF_HMAC_SHA2_256, -+ .key = chunk_from_chars( -+ 0xed,0x80,0xdc,0x79,0x91,0x2c,0x32,0xa9,0x35,0xfb,0x6d,0x1a,0x3f,0xea,0xc0,0x78), -+ .salt = chunk_from_chars( -+ 0x42,0x96,0x8e,0x5d,0x0c,0xcc,0x3c,0xfc,0x5a,0x3e,0x4b,0xc1,0xbb,0xa3,0x70,0xce, -+ 0xa1,0xfa,0xe0,0xd5,0x4c,0x49,0xcc,0xba,0x34,0xb2,0xbe,0xe8,0x04,0xbe,0xeb,0x2e, -+ 0x9e,0x8c,0x57,0xa4,0xe0,0x1b,0xd4,0x51,0x02,0xcf,0x24,0x33,0xaa,0xcc,0x6c,0xfe, -+ 0xc0,0x67,0x92,0xf3,0x63,0xe5,0x17,0x0e,0x6a,0xa6,0x65,0x02,0x74,0xe9,0x06,0x64, -+ 0x8e,0x44,0x9d,0x27,0xa8,0xf0,0x0b,0x5b,0x44,0x26,0x19,0x82,0xc9,0x83,0x5c,0x74, -+ 0x8a,0x75,0x1e,0xc5,0x13,0x8e,0xaa,0xcc,0x5e,0x02,0x56,0x61,0x33,0x95,0x38,0xa6, -+ 0x1b,0xf4,0x18,0xe4,0x54,0x69,0x9e,0x19,0xc3,0x2d,0xb8,0xd9,0xce,0x5d,0xd8,0x6b, -+ 0x22,0x0f,0x1e,0x89,0xaf,0xc5,0x87,0x2e,0x68,0xbe,0x36,0xcb,0x1a,0x0c,0x88,0x66), -+ .out = chunk_from_chars( -+ 0x37,0xfd,0xe9,0x0b,0x81,0xd6,0x36,0x92,0x62,0x0f,0x67,0x36,0x7b,0x62,0x09,0x2e, -+ 0x3e,0xfd,0xc6,0xa0,0x35,0x09,0x13,0x7d,0x73,0x10,0x04,0x76,0x7f,0xf3,0x50,0x10), -+}; -+ -+kdf_test_vector_t prf_sha256_2 = { -+ .alg = KDF_PRF, .arg.prf = PRF_HMAC_SHA2_256, -+ .key = chunk_from_chars( -+ 0xef,0xa7,0x29,0x13,0x18,0x22,0x78,0xff,0xbd,0x14,0xe7,0x89,0x20,0xc0,0x62,0x51, -+ 0x9a,0xba,0xb8,0xc1,0x6e,0x5e,0xd7,0x0c,0x08,0x41,0xa4,0x8c,0xdb,0x98,0x23,0x7e, -+ 0xe9,0x3f,0x73,0x5f,0xb2,0xdf,0x18,0x43,0x58,0xaa,0xdc,0x13,0xd8,0x3f,0x43,0xfe, -+ 0x8d,0x87,0x05,0x17,0x6c,0x8c,0xa3,0x13,0x82,0x5a,0x1b,0xcd,0xf7,0x79,0x11,0xc5, -+ 0x98,0x00,0x16,0x71,0xff,0xbf,0x01,0x4e,0x37,0xa8,0xc0,0x4d,0x49,0xa7,0x83,0x9d, -+ 0xfe,0xa6,0xcd,0xc5,0x87,0x68,0x8d,0x45,0x88,0xfe,0x43,0x23,0x5b,0x71,0x69,0x3f, -+ 0xfd,0x07,0x29,0x33,0x86,0xb6,0xbf,0x4c,0x19,0x9e,0x33,0x61,0x65,0xb2,0x60,0x78, -+ 0x77,0x36,0xf5,0x4b,0xe9,0x5d,0xb6,0x91,0x16,0x38,0x8b,0xc2,0xec,0xa2,0xb3,0xb2, -+ 0x94,0x84,0x71,0x74,0x17,0xbb,0x3c,0x71,0x81,0x4c,0xe1,0x3b,0x84,0x44,0x6d,0xc3, -+ 0x96,0x4c,0x30,0x29,0x84,0xf9,0x77,0x81,0xf6,0x31,0x66,0x24,0x08,0x90,0x10,0x7c, -+ 0x2e,0x75,0x1a,0x00,0x43,0x6f,0x7c,0x3c,0x9f,0xf1,0x27,0x60,0xe4,0x9d,0x91,0x56, -+ 0x3b,0xe6,0x03,0xfd,0x96,0x41,0xa0,0xa6,0x49,0x18,0xa9,0x32,0x91,0xed,0x11,0x3d, -+ 0xb1,0x2f,0x97,0x07,0x60,0x9d,0x17,0x20,0x96,0xeb,0x58,0xf9,0x15,0x44,0x74,0xda, -+ 0x40,0xc1,0xf5,0xc0,0x90,0x3e,0x9c,0xa2,0xf9,0x1b,0xa6,0x60,0x07,0x75,0xdf,0x71, -+ 0x66,0xca,0xf8,0xe3,0x27,0x85,0x9e,0x67,0x62,0x32,0xd3,0x40,0x46,0x04,0x4c,0xee, -+ 0x43,0xf9,0x01,0x9f,0x04,0x68,0x56,0x12,0x63,0x5b,0x99,0xcb,0xeb,0xcb,0x36,0x3d, -+ 0x56,0x5e,0xaf,0x0e,0x54,0x7e,0xec,0xb9,0x41,0xc9,0x94,0xdf,0xd4,0x71,0xed,0x56, -+ 0x43,0xc0,0x87,0x74,0x4f,0x77,0x09,0xcc,0x3e,0x25,0x10,0xf2,0x74,0x26,0xc6,0x2c, -+ 0x0f,0xf3,0xac,0xb3,0xc2,0x76,0x61,0xd2,0x6a,0x6d,0x83,0xc2,0xa2,0x5e,0x13,0xa6, -+ 0xd4,0x65,0xbd,0x04,0x7f,0x90,0x55,0x00,0xe5,0xeb,0xbe,0x42,0x66,0x43,0x0d,0x56, -+ 0x67,0x14,0x0f,0x77,0xe7,0x97,0x71,0x2a,0x8c,0x8f,0x63,0xc5,0x83,0xf4,0xb4,0x64, -+ 0x9b,0x72,0x89,0x9e,0xa3,0x4a,0xbf,0xdb,0x17,0x61,0x7c,0x46,0x0c,0x35,0xf2,0x50, -+ 0x64,0x94,0x49,0x4f,0x22,0x3e,0x25,0x1a,0xc7,0x1a,0x5b,0x9b,0x7e,0xea,0x87,0xf4, -+ 0xf5,0xe3,0x33,0xa3,0xc1,0xbb,0xb4,0xbb,0x09,0x25,0x8b,0x6a,0x4b,0x5f,0x8c,0x9f, -+ 0xb8,0x2b,0xf4,0x2d,0xa9,0xd4,0xa4,0x65,0x43,0xc6,0xa9,0xeb,0x9a,0xa3,0x0e,0xa9, -+ 0xda,0x80,0x19,0x15,0xab,0xcc,0x17,0x12,0xd0,0x82,0xf2,0x92,0xa6,0x3f,0xd9,0xaf, -+ 0x71,0x54,0xa9,0x7c,0xc7,0x38,0x59,0xa4,0xbe,0x3c,0xba,0x35,0x9d,0x32,0x18,0x00, -+ 0x4e,0x14,0xdf,0x02,0xd0,0x9e,0xdf,0x0a,0xd5,0x79,0x6b,0xb0,0x10,0x99,0x52,0x93, -+ 0xab,0x5d,0x04,0x2c,0x31,0x05,0x53,0x80,0xcc,0x9c,0xb2,0xe3,0x61,0x79,0x82,0xc4, -+ 0x5f,0x6b,0xce,0x1f,0xb8,0xa4,0x0e,0xf9,0xea,0xc4,0x8a,0xe1,0x77,0x20,0xdf,0xec, -+ 0xc7,0x1e,0xc8,0x57,0xea,0x33,0xf3,0x2e,0xb3,0x46,0xba,0x60,0x36,0xe8,0xf9,0xcc, -+ 0xd7,0xbc,0xad,0xc6,0xc1,0xab,0x92,0xa8,0x0c,0x57,0xe7,0x89,0x59,0xd8,0xb8,0x28), -+ .salt = chunk_from_chars( -+ 0xb0,0x70,0x20,0x8f,0x89,0x47,0xdf,0x4f,0x7d,0x12,0x76,0x16,0x1f,0x40,0x7f,0x7b, -+ 0x7f,0x5c,0x4a,0x49,0xac,0x79,0xf0,0xcc,0x0c,0x7d,0x4e,0x28,0x48,0x4c,0x6f,0x85, -+ 0x84,0xf0,0x00,0x7b,0x9b,0xf0,0xe0,0x5f,0xdb,0x59,0x61,0xa1,0x7d,0x3a,0xa8,0x5c, -+ 0x6e,0x3f,0x55,0x71,0x29,0x6a,0x43,0xba,0x89,0x6c,0xdc,0x88,0xc1,0xa4,0x45,0x7f, -+ 0xb1,0x2c,0xbe,0x56,0xca,0x4a,0x20,0xc9,0xa7,0xe1,0x9a,0xdc,0x67,0x45,0x3c,0x4a, -+ 0xde,0x53,0x9e,0x25,0x9f,0x82,0x5f,0xf9,0x4c,0x9a,0x83,0xf8,0x39,0x60,0x2f,0x86, -+ 0x51,0xc9,0x27,0x6d,0x8e,0x44,0x4e,0xcb,0x95,0xa0,0x54,0x0e,0xe7,0xea,0x32,0x20, -+ 0xa9,0x22,0x34,0x5e,0xd9,0x9e,0xf7,0xe7,0xad,0x32,0xb1,0x9d,0x46,0x10,0xe9,0xef), -+ .out = chunk_from_chars( -+ 0x29,0xbd,0x11,0x55,0x68,0xae,0x09,0x88,0x27,0x0f,0xc3,0x86,0xd3,0x95,0xfe,0x37, -+ 0x07,0xa4,0xd0,0x62,0x89,0xf3,0x52,0xbb,0xa4,0xc0,0x0a,0x9a,0xd8,0x55,0xa0,0x8d), -+}; -+ -+kdf_test_vector_t prf_sha384_1 = { -+ .alg = KDF_PRF, .arg.prf = PRF_HMAC_SHA2_384, -+ .key = chunk_from_chars( -+ 0xd6,0x72,0xb0,0xbc,0x85,0x28,0x29,0xb9,0x35,0x09,0xf3,0xb7,0x24,0x70,0x63,0x64), -+ .salt = chunk_from_chars( -+ 0x4d,0xf0,0x40,0xb7,0x09,0x78,0x62,0x9c,0x49,0x43,0x7c,0xff,0x41,0xa0,0xd4,0x6c, -+ 0xbe,0xa6,0x8c,0x8d,0x75,0xb3,0x70,0xff,0xc1,0x1d,0x7b,0x38,0x71,0x44,0xea,0x83, -+ 0xbb,0x59,0x03,0xfb,0xb9,0x2e,0x47,0x3d,0xf5,0x0a,0x9b,0x19,0xea,0x43,0xe9,0xc2, -+ 0xf3,0xda,0x9a,0x84,0x9c,0x03,0x86,0x42,0x76,0xc6,0xf2,0x64,0xec,0xf0,0x2a,0x60, -+ 0xd4,0x0b,0xa6,0x5c,0x06,0x65,0x6b,0x63,0x3f,0x02,0xa8,0x74,0x27,0xe9,0x28,0xeb, -+ 0x66,0xa2,0xda,0xbd,0x9d,0xc0,0x57,0x44,0x71,0x7b,0xca,0xf7,0xae,0x78,0xc2,0x96, -+ 0x87,0x2f,0x5c,0x48,0xd1,0xa8,0x12,0x0c,0x21,0x55,0xb7,0x0c,0x56,0x5c,0xe2,0x71, -+ 0x99,0x8e,0x3e,0x44,0xaf,0x26,0x3d,0x48,0x7e,0xa3,0xba,0x7f,0x56,0x13,0x2d,0x7d), -+ .out = chunk_from_chars( -+ 0x54,0x43,0x6a,0x9e,0xa9,0x5d,0x6f,0xf7,0x9b,0x96,0x7f,0x4b,0x07,0xf6,0xde,0x97, -+ 0x6a,0x37,0x6e,0x8e,0xa2,0x6a,0xa9,0x57,0x47,0x09,0xaf,0xc6,0x02,0x43,0xc9,0xc1, -+ 0x41,0xda,0x4c,0xa0,0xe1,0x58,0xe6,0x27,0xa7,0x5e,0xa8,0x7f,0x6f,0xeb,0x07,0xef), -+}; -+ -+kdf_test_vector_t prf_sha384_2 = { -+ .alg = KDF_PRF, .arg.prf = PRF_HMAC_SHA2_384, -+ .key = chunk_from_chars( -+ 0x9e,0x2a,0x62,0xf9,0x36,0x28,0x93,0xdd,0xf8,0x47,0x16,0xfe,0xc2,0xf2,0x3f,0x9d, -+ 0xcb,0xd9,0x01,0x0d,0xf6,0xfe,0x9e,0x0e,0xb4,0x6d,0x03,0xd9,0x14,0xf3,0x04,0xd8, -+ 0xfe,0x4d,0x3e,0xe2,0xd6,0xa0,0x3b,0x40,0xe5,0x6a,0x32,0x5e,0x82,0x2a,0x17,0x36, -+ 0x19,0x29,0x18,0x4a,0xde,0x09,0xea,0xa4,0x45,0x27,0x8d,0x38,0x70,0x41,0x7a,0x7c, -+ 0xf5,0x65,0x58,0x4f,0x57,0x2a,0xd3,0x4f,0xf7,0x2b,0xc7,0x78,0x1a,0x39,0xa4,0x8b, -+ 0x54,0xb5,0x5d,0x6e,0xb0,0xed,0x68,0x55,0x1b,0x22,0x2c,0x7a,0xfa,0xda,0x0b,0xc8, -+ 0x22,0x36,0xec,0x31,0xce,0x6c,0x04,0x6b,0x3b,0x2e,0xdb,0x2d,0xef,0x61,0xf4,0xd2, -+ 0xd8,0x57,0xb2,0xd1,0xcb,0x36,0x96,0xc0,0x23,0xe0,0x8c,0x08,0xd6,0xab,0xd0,0x4d, -+ 0x4f,0x69,0x09,0x2b,0x14,0x58,0x37,0x35,0xb9,0xe9,0x18,0xae,0xe5,0xa3,0x99,0x9d, -+ 0xcb,0xf5,0x8f,0xda,0xd6,0xfc,0xd4,0x7c,0x95,0x92,0x98,0x77,0x03,0x0e,0x54,0xb7, -+ 0x08,0x23,0x5f,0x2a,0x2e,0x11,0xe7,0xc5,0x85,0x84,0x61,0x9a,0xa2,0xfa,0x69,0x31, -+ 0x53,0x44,0xd3,0x65,0x7b,0x55,0x72,0x0a,0x25,0xeb,0xe8,0x8e,0xa0,0x77,0x69,0x72, -+ 0xc9,0xe2,0x24,0x69,0xb7,0xed,0x5d,0xa9,0x6b,0x3c,0x76,0x85,0xf7,0xb0,0x56,0x99, -+ 0x60,0xbd,0x64,0x4f,0x13,0x0b,0x44,0xa0,0xd5,0x51,0xbb,0x0e,0x90,0x2e,0xd6,0x8a, -+ 0xb3,0x84,0xfd,0xc2,0xfa,0xca,0xf7,0x9b,0xbf,0x8d,0x6d,0x37,0x36,0xdf,0xa9,0x52, -+ 0xcd,0x70,0xf4,0x74,0x6f,0x1a,0x4a,0xea,0xc2,0xbd,0xbe,0xca,0x97,0xb7,0x8f,0xc1, -+ 0x77,0x78,0x78,0xc1,0x28,0x59,0x43,0x35,0x52,0xa7,0x7d,0x7f,0x94,0x2e,0x5b,0x60, -+ 0x47,0x69,0x91,0xa1,0xe3,0xd0,0x42,0x7c,0xd6,0x77,0x34,0x5a,0x1c,0xe2,0x06,0x3a, -+ 0x2e,0x0e,0xc5,0x47,0xa9,0xd8,0x21,0xda,0x75,0x9f,0x1a,0x91,0xb5,0x88,0x17,0xbd, -+ 0x0d,0xc4,0xef,0xfc,0x12,0x6f,0x6f,0x4e,0xb0,0xb9,0x11,0xe9,0x04,0xed,0x21,0xdc, -+ 0x43,0x9d,0x65,0x8a,0x77,0x3f,0x97,0xe1,0x79,0xad,0x20,0xbc,0x3c,0x63,0x60,0x9f, -+ 0x28,0x74,0x06,0x2e,0x83,0x5f,0x6a,0xe0,0x8d,0x59,0x65,0x4f,0x9c,0x88,0x61,0xe5, -+ 0x27,0x03,0x9e,0xea,0xc3,0x2b,0x9e,0xed,0x29,0x3b,0xd8,0xb1,0xe0,0xe7,0xc6,0x7b, -+ 0xf1,0xd7,0x55,0x24,0x6a,0x1b,0x06,0x3f,0xf0,0x06,0x32,0xa4,0x6d,0xd5,0xcf,0x69, -+ 0x48,0xf0,0xee,0xd9,0xb6,0x5c,0x59,0x39,0xdf,0xd2,0x14,0x80,0xa6,0x3d,0xf0,0xca, -+ 0xb0,0xa7,0x50,0x9c,0x42,0x45,0xa1,0xbe,0x75,0x47,0xcc,0xc6,0xf7,0x3c,0x72,0x4b, -+ 0x48,0xb7,0x86,0x70,0x12,0xe0,0xca,0x3e,0x47,0x2e,0x0d,0x55,0x06,0x49,0xa7,0x34, -+ 0x44,0x0f,0xef,0xfc,0x8e,0x73,0x68,0x2c,0xb6,0x04,0x53,0xe7,0xa4,0x7e,0x72,0xfe, -+ 0x08,0x74,0xeb,0x40,0xac,0xd0,0xd4,0x8e,0x4e,0x57,0x19,0x74,0x16,0x11,0x2b,0xcd, -+ 0xc8,0xbb,0x7a,0x58,0xbe,0xa7,0x45,0xfd,0xd6,0x4c,0x16,0xf6,0x66,0xc8,0x8d,0x9e, -+ 0x3b,0xd2,0x35,0xb1,0x37,0x20,0x6f,0x6c,0xdb,0xa1,0x90,0xbe,0x65,0xec,0x03,0x3c, -+ 0x19,0x1f,0x67,0x6b,0x42,0x8e,0xc1,0x20,0x5d,0xc5,0xe9,0x45,0x82,0x85,0x08,0xd8), -+ .salt = chunk_from_chars( -+ 0xae,0x50,0x50,0x82,0xac,0x47,0xff,0x9a,0xa3,0x54,0xb7,0xaf,0x2b,0x07,0x2c,0xb4, -+ 0x9c,0xec,0x83,0x8d,0x00,0xee,0x36,0x13,0x88,0x1a,0x99,0x77,0xb2,0x15,0x95,0x99, -+ 0xa0,0x24,0x95,0xf0,0xe5,0x2d,0x96,0x1a,0x51,0x6c,0x6b,0xb6,0x1e,0xd0,0x3a,0x86, -+ 0x37,0xbb,0x50,0x7c,0x5c,0x27,0xba,0xb5,0x8d,0xf1,0x54,0xe8,0xe5,0x01,0x48,0x21, -+ 0x84,0x0c,0xfc,0x50,0xb3,0xa4,0x78,0xb4,0x5d,0xd1,0x68,0xeb,0x18,0x0d,0x69,0xcb, -+ 0xa6,0x1a,0x1b,0x42,0x59,0x19,0x3a,0x51,0xa7,0xa4,0x95,0xc9,0x58,0x05,0x38,0x2e, -+ 0x3a,0xbf,0x55,0x87,0x68,0x8f,0x34,0xb6,0x3f,0x71,0x16,0x39,0x82,0xde,0x3d,0xdf, -+ 0x7f,0x26,0x3b,0xb6,0x9f,0x65,0xc3,0xec,0xae,0x61,0x65,0xbf,0x7f,0xdd,0x53,0x17), -+ .out = chunk_from_chars( -+ 0xff,0x66,0xe9,0xd0,0x92,0xdc,0x01,0xe0,0xb8,0x1f,0x93,0x9f,0x52,0xf5,0xc0,0x7d, -+ 0x38,0xd8,0x05,0xb9,0x86,0x28,0xce,0x1a,0xc5,0xfe,0x94,0xc0,0x98,0x57,0x76,0x47, -+ 0x33,0x9f,0xad,0x68,0x94,0x1f,0xfe,0x21,0xe0,0x1e,0xfb,0x4e,0x70,0x50,0x21,0x3b), -+}; -+ -+kdf_test_vector_t prf_sha512_1 = { -+ .alg = KDF_PRF, .arg.prf = PRF_HMAC_SHA2_512, -+ .key = chunk_from_chars( -+ 0xdf,0x79,0x31,0xdb,0x9b,0x42,0x9e,0x10,0xb8,0xaa,0x8e,0x4d,0x46,0x04,0x23,0x93), -+ .salt = chunk_from_chars( -+ 0x1e,0x3b,0x00,0x7d,0x2d,0xa9,0x13,0xca,0x60,0xec,0xc9,0x8c,0x25,0xa2,0x2d,0xb0, -+ 0x80,0x73,0xd5,0xc3,0x5c,0x11,0xb2,0x52,0x4b,0x29,0x8a,0x92,0x2b,0x6a,0xbf,0xe6, -+ 0xac,0xf7,0x35,0x9d,0xb6,0x6a,0xe5,0xf8,0x5d,0x67,0xaa,0xcf,0xf6,0x86,0x41,0x9c, -+ 0xd8,0x66,0x6d,0x05,0xae,0x79,0x77,0xce,0xfa,0xd7,0xf5,0x4d,0xd8,0xe3,0x12,0xa8, -+ 0xe8,0xe5,0xe0,0x37,0x0f,0x88,0x14,0x2f,0xbd,0xd6,0x59,0xdd,0x6f,0xde,0x22,0xbd, -+ 0xd5,0x31,0xf5,0x40,0x28,0x81,0xa8,0xde,0x85,0xc1,0x02,0x4e,0x59,0x5e,0xc9,0x3c, -+ 0x57,0x56,0x18,0xaf,0x7f,0xd3,0xdb,0xac,0x79,0x82,0x91,0x90,0x78,0xd7,0x1c,0xc1, -+ 0x3e,0xff,0x19,0x10,0xa0,0x32,0x75,0x0e,0x1f,0xf4,0x28,0x67,0x5d,0xe1,0x89,0xee), -+ .out = chunk_from_chars( -+ 0xda,0xf9,0xbd,0x6f,0x2f,0x91,0x2d,0xa5,0x53,0x86,0x79,0x66,0xaf,0x38,0x6e,0x67, -+ 0x90,0x9a,0x8d,0xf0,0xca,0x7e,0x84,0xb8,0x3b,0x35,0x5c,0xb7,0xd7,0xf1,0x02,0x6f, -+ 0x17,0xd8,0xea,0x34,0xb5,0xd5,0x7f,0xd0,0xd1,0xba,0x38,0x95,0x28,0xfc,0xa1,0xe8, -+ 0x1d,0x1c,0x8c,0xe5,0x11,0xb2,0x8a,0x24,0x58,0x24,0x11,0x43,0xfe,0xe3,0x0c,0xcc), -+}; -+ -+kdf_test_vector_t prf_sha512_2 = { -+ .alg = KDF_PRF, .arg.prf = PRF_HMAC_SHA2_512, -+ .key = chunk_from_chars( -+ 0xd8,0x96,0x84,0xe3,0xcb,0x17,0xf3,0xaa,0xbd,0x85,0x3a,0x78,0xdb,0x3e,0xcd,0x5a, -+ 0xac,0xc1,0xed,0x71,0xc7,0x0b,0x88,0xa2,0x97,0x56,0xf4,0x6f,0xc7,0x19,0x7c,0x80, -+ 0x4e,0xc0,0x01,0x54,0x40,0x02,0xa8,0xae,0xa3,0x60,0x68,0x4b,0x18,0x00,0x6d,0xef, -+ 0x0d,0xbd,0x86,0x33,0xb1,0x01,0x9f,0xbc,0xfa,0x85,0xb9,0x4c,0xac,0x2b,0xb8,0x21, -+ 0x25,0x84,0xbe,0x62,0xad,0xab,0x0e,0xe4,0xbb,0x8a,0x36,0xae,0xe2,0x52,0x75,0xef, -+ 0x07,0x13,0x90,0x48,0x0e,0xef,0xa2,0x09,0x2e,0xb3,0x08,0xaa,0x73,0x37,0xc5,0xce, -+ 0xb6,0x06,0x9a,0xb6,0x90,0xe8,0x96,0x2f,0xbf,0xe0,0x98,0x6e,0x4f,0x5c,0x18,0xf4, -+ 0x86,0x86,0x1e,0xd3,0xf1,0xdc,0xbe,0xe4,0xc9,0xe4,0xa7,0x66,0x9d,0x74,0x0c,0xa2, -+ 0xb0,0xe8,0xed,0x40,0x31,0xb0,0xa4,0x99,0xdc,0x31,0x5c,0xed,0xe7,0xef,0x03,0x39, -+ 0x9c,0xbc,0x33,0xdc,0xd6,0x29,0x70,0x34,0x9f,0x12,0x20,0x88,0x1b,0x55,0x45,0x2e, -+ 0x0c,0x6c,0x9b,0x52,0xa8,0x8b,0x67,0xf5,0x97,0x58,0x67,0x95,0xb2,0x25,0x70,0x73, -+ 0x3f,0xd4,0xff,0x2c,0xc2,0xad,0x93,0x1d,0x83,0x30,0x16,0x5a,0x9e,0x45,0x0e,0x38, -+ 0x88,0x59,0xce,0x62,0x4f,0x01,0xdb,0x17,0xc2,0x50,0x2b,0x4e,0x66,0xad,0xf9,0x65, -+ 0x27,0x36,0x3d,0x6f,0x90,0x6b,0x20,0x23,0xe8,0xed,0x74,0xd5,0xaf,0x0a,0xa6,0x02, -+ 0x46,0xb0,0xb9,0x2f,0x49,0xc4,0x93,0x3e,0xf3,0x12,0xf8,0xa2,0x54,0x34,0xee,0x96, -+ 0x98,0xd6,0xd9,0x20,0x43,0x45,0xbd,0x10,0xbb,0x11,0xaa,0x39,0x86,0x56,0x16,0xd5, -+ 0xad,0x1b,0x57,0x44,0x70,0x6c,0xfd,0x4e,0xa1,0x40,0x8e,0x20,0xc8,0xfd,0xcf,0x85, -+ 0x51,0xee,0xe8,0x81,0x4b,0x7b,0x37,0x33,0x0b,0x05,0x26,0xf0,0xbc,0x5e,0xe1,0x5d, -+ 0x4e,0xcd,0xa7,0xa1,0xbd,0x25,0xaa,0x97,0xf2,0x45,0x84,0xd8,0x5d,0x3f,0x52,0x49, -+ 0x69,0x4b,0x9f,0x43,0x53,0x9e,0x69,0xea,0x35,0xbf,0xe7,0xfd,0x44,0x07,0xbc,0x8e, -+ 0x9d,0xca,0x8a,0x9f,0xae,0x4b,0xdc,0x6b,0x7b,0xb3,0x8c,0x6d,0x68,0xf8,0x99,0xe1, -+ 0xd3,0x2c,0x85,0xbc,0xd6,0x17,0xa5,0x67,0x67,0x8c,0xf8,0x5d,0x22,0x17,0xa4,0xe8, -+ 0x6a,0x75,0x56,0x24,0xb6,0x40,0x02,0x35,0x4c,0x02,0x68,0x42,0xbc,0x95,0x42,0x49, -+ 0x1a,0xf1,0xc3,0xd6,0x29,0x09,0x70,0x55,0x9a,0xf1,0x1b,0xdc,0x2c,0x83,0xb5,0x4c, -+ 0x74,0x14,0x49,0x05,0xc0,0xa3,0x58,0xf3,0x15,0x3d,0xb7,0x67,0xa5,0xda,0x2a,0x86, -+ 0x27,0xf6,0x96,0x27,0xe1,0xd4,0x1e,0xde,0x9c,0x90,0x7c,0x79,0xb5,0x1f,0xf8,0x15, -+ 0xe4,0x64,0x5c,0x33,0x75,0xe0,0xf6,0x3f,0x84,0xfc,0xf5,0xd7,0xc3,0x40,0x7a,0x1d, -+ 0xd6,0x83,0x9e,0x19,0x06,0xa1,0xe3,0x80,0x2c,0xcf,0x5e,0x82,0x30,0xd9,0x5c,0xf4, -+ 0xb8,0x27,0xb4,0x1c,0x48,0x34,0x25,0xa8,0xa6,0x0b,0xfa,0x51,0x89,0xda,0xc4,0x38, -+ 0x06,0x0f,0x2f,0x5c,0xd5,0x26,0x66,0x2f,0x29,0x06,0xc1,0xdd,0x64,0xf4,0x84,0x4e, -+ 0x94,0x2c,0xa8,0x4d,0xae,0xce,0x6d,0xd7,0xbb,0xf7,0x19,0x4d,0x8c,0xe5,0x6b,0xc2, -+ 0x83,0x10,0x85,0xa7,0xd3,0x10,0xe4,0x94,0x4c,0xfa,0xe7,0x62,0x60,0xaa,0xbf,0x6b), -+ .salt = chunk_from_chars( -+ 0x9c,0xb4,0xbf,0x24,0x46,0x17,0x0a,0xc3,0x81,0x02,0x52,0x66,0xa1,0xa4,0xb8,0x65, -+ 0x13,0xdf,0x60,0xea,0x7d,0x07,0xb1,0xb2,0x13,0x9d,0x78,0xf3,0x31,0xef,0x7e,0xb7, -+ 0xbe,0x8b,0x15,0xd8,0x6c,0xd8,0x5e,0x2a,0x6a,0x34,0xa5,0x58,0x69,0xf8,0xdc,0xc9, -+ 0x75,0x4f,0x49,0x69,0x73,0x31,0xb9,0xb6,0x50,0xce,0x25,0x6e,0xdb,0x33,0x71,0xa9, -+ 0x4b,0x7c,0x2a,0x13,0x2f,0x2f,0xc9,0x9d,0x22,0x30,0x37,0x17,0xc3,0x67,0x39,0xd1, -+ 0x7c,0x0e,0x97,0x18,0xd7,0xc0,0x52,0xe7,0xab,0x4d,0x48,0x58,0xad,0xeb,0x9b,0x8b, -+ 0x4d,0x33,0x03,0xa9,0xe1,0xb6,0xbe,0xf2,0x9f,0x03,0x03,0x5b,0xee,0xd0,0x71,0xd3, -+ 0xbb,0x81,0x0d,0x85,0x39,0x71,0xa7,0x48,0xc5,0x6c,0x59,0xe0,0xba,0xfb,0x9b,0x5a), -+ .out = chunk_from_chars( -+ 0xe5,0x70,0xe7,0x48,0x46,0x34,0x30,0x0d,0x7a,0xdd,0xf5,0xa8,0x52,0x7c,0x13,0x8b, -+ 0x76,0x96,0xdb,0xc3,0xd8,0xbe,0x09,0x69,0xb7,0x52,0x15,0x31,0x8a,0x11,0xad,0xa2, -+ 0x13,0x53,0x8f,0x62,0x93,0xb0,0xee,0xe5,0xb3,0x09,0xad,0x8f,0x5d,0x8d,0x94,0xdb, -+ 0xe5,0x73,0x61,0x27,0xe0,0xd2,0x56,0x0f,0x28,0x1c,0x9c,0x58,0x6b,0xf7,0xc8,0x6f), -+}; -Index: strongswan-5.9.5/src/libstrongswan/plugins/test_vectors/test_vectors/kdf_prf_plus.c -=================================================================== ---- /dev/null -+++ strongswan-5.9.5/src/libstrongswan/plugins/test_vectors/test_vectors/kdf_prf_plus.c -@@ -0,0 +1,290 @@ -+/* -+ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH -+ * -+ * Permission is hereby granted, free of charge, to any person obtaining a copy -+ * of this software and associated documentation files (the "Software"), to deal -+ * in the Software without restriction, including without limitation the rights -+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -+ * copies of the Software, and to permit persons to whom the Software is -+ * furnished to do so, subject to the following conditions: -+ * -+ * The above copyright notice and this permission notice shall be included in -+ * all copies or substantial portions of the Software. -+ * -+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -+ * THE SOFTWARE. -+ */ -+ -+#include -+ -+/** -+ * This is an old test vector derived from one in RFC 4868. -+ */ -+kdf_test_vector_t prf_plus_sha256_old = { -+ .alg = KDF_PRF_PLUS, .arg.prf = PRF_HMAC_SHA2_256, -+ .key = chunk_from_chars( -+ 0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b, -+ 0x0b,0x0b,0x0b,0x0b), -+ .salt = chunk_from_chars( -+ 0x48,0x69,0x20,0x54,0x68,0x65,0x72,0x65), -+ .out = chunk_from_chars( -+ 0xb9,0xbd,0xc0,0x89,0x88,0xb4,0xc2,0xb7,0x5a,0xa9,0x3e,0x59,0x6a,0xc8,0x42,0x05, -+ 0xfa,0x2d,0xdd,0xe1,0xbf,0x7a,0x25,0x72,0x06,0x7b,0x00,0xe1,0x4b,0x23,0x77,0x32, -+ 0x83,0x05,0x09,0x98,0x1a,0xd2,0xf9,0x4a,0x8c,0x32,0xa4,0x7d,0xaa,0x22,0x55,0xb6, -+ 0x60,0xc4,0x36,0x34,0x7a,0xe7,0x56,0xa6,0xed,0xc0,0x23,0x47,0x7d,0x80,0x95,0x90, -+ 0xe6,0x82,0xf6,0x1d,0x9c,0x04,0xb0,0x6b,0x4a,0xd9,0x71,0xa3,0x4c,0x81,0x47,0xfa, -+ 0x66,0x79,0x2f,0xf1,0x43,0x4b,0x93,0xc7,0x22,0xb3,0x2e,0x12,0xf4,0x88,0x32,0xeb, -+ 0xc1,0x5c,0xe2,0x36,0x9c,0xe7,0x1f,0xe9,0xb7,0xb8,0x1e,0x57,0x04,0xc1,0x4d,0x0f, -+ 0x52,0x80,0xa6,0xec,0x62,0x6e,0x99,0x2d,0x7a,0x9f), -+}; -+ -+/** -+ * The following test vectors are from CAVP/SP 800-135 for IKEv2. -+ * -+ * key = SKEYSEED, salt = Ni | Nr | SPIi | SPIr (one vector with min. and one -+ * with max. size for nonces) -+ */ -+kdf_test_vector_t prf_plus_sha256_1 = { -+ .alg = KDF_PRF_PLUS, .arg.prf = PRF_HMAC_SHA2_256, -+ .key = chunk_from_chars( -+ 0x37,0xfd,0xe9,0x0b,0x81,0xd6,0x36,0x92,0x62,0x0f,0x67,0x36,0x7b,0x62,0x09,0x2e, -+ 0x3e,0xfd,0xc6,0xa0,0x35,0x09,0x13,0x7d,0x73,0x10,0x04,0x76,0x7f,0xf3,0x50,0x10), -+ .salt = chunk_from_chars( -+ 0xed,0x80,0xdc,0x79,0x91,0x2c,0x32,0xa9,0x35,0xfb,0x6d,0x1a,0x3f,0xea,0xc0,0x78, -+ 0x47,0xc1,0x85,0x8e,0xfc,0x93,0x2e,0xa4,0x60,0x6f,0xd0,0x56,0x09,0x62,0x40,0x02), -+ .out = chunk_from_chars( -+ 0x63,0xd0,0x18,0xa0,0x8f,0x7a,0x29,0xda,0xa7,0xd1,0xf9,0x2c,0xb6,0x3f,0x45,0xfa, -+ 0x39,0xbb,0xaf,0x5e,0x5f,0x1a,0x78,0x13,0x96,0x13,0xbb,0x89,0x1e,0x3e,0x6b,0xf9, -+ 0xd0,0x44,0x8f,0x7c,0x74,0xe0,0x5b,0x4c,0x1a,0x25,0xc0,0xb6,0x1e,0x62,0xc8,0x75, -+ 0xe8,0x52,0xf2,0x87,0xe1,0x92,0xd4,0xae,0x53,0x61,0x12,0xdb,0x51,0x97,0x21,0x64, -+ 0x00,0xbd,0x5e,0x12,0x34,0x70,0xef,0xc1,0x5f,0x53,0x16,0x18,0x65,0xfe,0x8b,0x19, -+ 0xa1,0x41,0x65,0x18,0xa1,0x57,0xd6,0x51,0xec,0xd2,0xca,0xdd,0xab,0x6a,0x9e,0xae, -+ 0x6a,0x27,0xa5,0x5a,0xf0,0x88,0x21,0x8d,0x51,0x56,0xed,0xaa,0x97,0x89,0xf9,0x34, -+ 0xd9,0x83,0x6e,0xd4,0x3e,0xdf,0xfd,0xa5,0x53,0x82,0x22,0x02,0xff,0x9f,0x7d,0x48, -+ 0x60,0xca,0x72,0xe0), -+}; -+ -+kdf_test_vector_t prf_plus_sha256_2 = { -+ .alg = KDF_PRF_PLUS, .arg.prf = PRF_HMAC_SHA2_256, -+ .key = chunk_from_chars( -+ 0x29,0xbd,0x11,0x55,0x68,0xae,0x09,0x88,0x27,0x0f,0xc3,0x86,0xd3,0x95,0xfe,0x37, -+ 0x07,0xa4,0xd0,0x62,0x89,0xf3,0x52,0xbb,0xa4,0xc0,0x0a,0x9a,0xd8,0x55,0xa0,0x8d), -+ .salt = chunk_from_chars( -+ 0xef,0xa7,0x29,0x13,0x18,0x22,0x78,0xff,0xbd,0x14,0xe7,0x89,0x20,0xc0,0x62,0x51, -+ 0x9a,0xba,0xb8,0xc1,0x6e,0x5e,0xd7,0x0c,0x08,0x41,0xa4,0x8c,0xdb,0x98,0x23,0x7e, -+ 0xe9,0x3f,0x73,0x5f,0xb2,0xdf,0x18,0x43,0x58,0xaa,0xdc,0x13,0xd8,0x3f,0x43,0xfe, -+ 0x8d,0x87,0x05,0x17,0x6c,0x8c,0xa3,0x13,0x82,0x5a,0x1b,0xcd,0xf7,0x79,0x11,0xc5, -+ 0x98,0x00,0x16,0x71,0xff,0xbf,0x01,0x4e,0x37,0xa8,0xc0,0x4d,0x49,0xa7,0x83,0x9d, -+ 0xfe,0xa6,0xcd,0xc5,0x87,0x68,0x8d,0x45,0x88,0xfe,0x43,0x23,0x5b,0x71,0x69,0x3f, -+ 0xfd,0x07,0x29,0x33,0x86,0xb6,0xbf,0x4c,0x19,0x9e,0x33,0x61,0x65,0xb2,0x60,0x78, -+ 0x77,0x36,0xf5,0x4b,0xe9,0x5d,0xb6,0x91,0x16,0x38,0x8b,0xc2,0xec,0xa2,0xb3,0xb2, -+ 0x94,0x84,0x71,0x74,0x17,0xbb,0x3c,0x71,0x81,0x4c,0xe1,0x3b,0x84,0x44,0x6d,0xc3, -+ 0x96,0x4c,0x30,0x29,0x84,0xf9,0x77,0x81,0xf6,0x31,0x66,0x24,0x08,0x90,0x10,0x7c, -+ 0x2e,0x75,0x1a,0x00,0x43,0x6f,0x7c,0x3c,0x9f,0xf1,0x27,0x60,0xe4,0x9d,0x91,0x56, -+ 0x3b,0xe6,0x03,0xfd,0x96,0x41,0xa0,0xa6,0x49,0x18,0xa9,0x32,0x91,0xed,0x11,0x3d, -+ 0xb1,0x2f,0x97,0x07,0x60,0x9d,0x17,0x20,0x96,0xeb,0x58,0xf9,0x15,0x44,0x74,0xda, -+ 0x40,0xc1,0xf5,0xc0,0x90,0x3e,0x9c,0xa2,0xf9,0x1b,0xa6,0x60,0x07,0x75,0xdf,0x71, -+ 0x66,0xca,0xf8,0xe3,0x27,0x85,0x9e,0x67,0x62,0x32,0xd3,0x40,0x46,0x04,0x4c,0xee, -+ 0x43,0xf9,0x01,0x9f,0x04,0x68,0x56,0x12,0x63,0x5b,0x99,0xcb,0xeb,0xcb,0x36,0x3d, -+ 0x56,0x5e,0xaf,0x0e,0x54,0x7e,0xec,0xb9,0x41,0xc9,0x94,0xdf,0xd4,0x71,0xed,0x56, -+ 0x43,0xc0,0x87,0x74,0x4f,0x77,0x09,0xcc,0x3e,0x25,0x10,0xf2,0x74,0x26,0xc6,0x2c, -+ 0x0f,0xf3,0xac,0xb3,0xc2,0x76,0x61,0xd2,0x6a,0x6d,0x83,0xc2,0xa2,0x5e,0x13,0xa6, -+ 0xd4,0x65,0xbd,0x04,0x7f,0x90,0x55,0x00,0xe5,0xeb,0xbe,0x42,0x66,0x43,0x0d,0x56, -+ 0x67,0x14,0x0f,0x77,0xe7,0x97,0x71,0x2a,0x8c,0x8f,0x63,0xc5,0x83,0xf4,0xb4,0x64, -+ 0x9b,0x72,0x89,0x9e,0xa3,0x4a,0xbf,0xdb,0x17,0x61,0x7c,0x46,0x0c,0x35,0xf2,0x50, -+ 0x64,0x94,0x49,0x4f,0x22,0x3e,0x25,0x1a,0xc7,0x1a,0x5b,0x9b,0x7e,0xea,0x87,0xf4, -+ 0xf5,0xe3,0x33,0xa3,0xc1,0xbb,0xb4,0xbb,0x09,0x25,0x8b,0x6a,0x4b,0x5f,0x8c,0x9f, -+ 0xb8,0x2b,0xf4,0x2d,0xa9,0xd4,0xa4,0x65,0x43,0xc6,0xa9,0xeb,0x9a,0xa3,0x0e,0xa9, -+ 0xda,0x80,0x19,0x15,0xab,0xcc,0x17,0x12,0xd0,0x82,0xf2,0x92,0xa6,0x3f,0xd9,0xaf, -+ 0x71,0x54,0xa9,0x7c,0xc7,0x38,0x59,0xa4,0xbe,0x3c,0xba,0x35,0x9d,0x32,0x18,0x00, -+ 0x4e,0x14,0xdf,0x02,0xd0,0x9e,0xdf,0x0a,0xd5,0x79,0x6b,0xb0,0x10,0x99,0x52,0x93, -+ 0xab,0x5d,0x04,0x2c,0x31,0x05,0x53,0x80,0xcc,0x9c,0xb2,0xe3,0x61,0x79,0x82,0xc4, -+ 0x5f,0x6b,0xce,0x1f,0xb8,0xa4,0x0e,0xf9,0xea,0xc4,0x8a,0xe1,0x77,0x20,0xdf,0xec, -+ 0xc7,0x1e,0xc8,0x57,0xea,0x33,0xf3,0x2e,0xb3,0x46,0xba,0x60,0x36,0xe8,0xf9,0xcc, -+ 0xd7,0xbc,0xad,0xc6,0xc1,0xab,0x92,0xa8,0x0c,0x57,0xe7,0x89,0x59,0xd8,0xb8,0x28, -+ 0x57,0xe9,0x1d,0xf9,0xc5,0xff,0xb8,0x42,0x4d,0x5e,0xad,0xac,0x0e,0x57,0x0f,0x7c), -+ .out = chunk_from_chars( -+ 0xd5,0x03,0x3d,0x08,0x79,0x34,0xc6,0x15,0x38,0xb2,0x3d,0xff,0x87,0x5b,0x3b,0xa9, -+ 0x20,0xe0,0x5c,0x1b,0x42,0xac,0x7f,0x97,0x93,0x99,0x5e,0x76,0xba,0x3e,0x46,0x1d, -+ 0x6e,0x83,0xb2,0xfb,0xe0,0xfa,0x68,0x1b,0xa2,0x85,0x69,0x6d,0x53,0xb1,0x75,0xe0, -+ 0x70,0xc4,0xc1,0xcb,0xc7,0x40,0x43,0xf7,0xca,0xc5,0x58,0xc4,0x94,0xac,0xd2,0x3a, -+ 0xab,0xfc,0x7a,0x68,0x5b,0x62,0x74,0x13,0x44,0x08,0xca,0xfc,0x16,0x92,0x85,0x2a, -+ 0xca,0x66,0x3c,0xef,0xd7,0xdd,0x0c,0x8a,0x87,0x2a,0x36,0xa1,0x41,0x4d,0xb4,0xb7, -+ 0xf3,0x14,0xad,0x0e,0x49,0xf2,0xc1,0x87,0x16,0x2e,0x28,0x76,0xc6,0x05,0x3d,0xbe, -+ 0xf5,0xa2,0xea,0x8c,0x33,0xdc,0xd3,0xdd,0x91,0x68,0x76,0x44,0x37,0x7c,0x45,0xf4, -+ 0xb5,0xc4,0x18,0xe1,0xe1,0x0b,0xec,0x22,0xba,0xac,0x31,0x3b,0x90,0x2b,0xdf,0xfc, -+ 0xfb,0x69,0xc6,0x8e,0xf4,0xe7,0x1c,0x5a,0xcc,0x39,0xa9,0xf0,0x7a,0xcb,0x1f,0xc3, -+ 0xba,0x8e,0x92,0xc6,0xdc,0xa8,0x61,0xa6,0x41,0x63,0xb0,0x68,0x9d,0xa4,0xa9,0x7f, -+ 0x12,0x40,0x26,0x36,0x09,0x90,0xc9,0xf1,0xae,0x4e,0x8d,0x02,0x98,0xf0,0x77,0xfc, -+ 0xbb,0x0c,0x20,0x3f,0xd2,0xca,0x82,0x1d,0xea,0xb0,0x59,0x1a,0x22,0x1d,0x9d,0x0a, -+ 0x79,0x8d,0x02,0xf0,0x78,0xd8,0xfb,0x6e,0x93,0x1c,0xa4,0x46,0xa1,0x3f,0x11,0x63, -+ 0x8c,0x6b,0x6a,0xfb,0x82,0x25,0xa0,0x08,0xf9,0x38,0xa6,0x87,0x8c,0x5b,0x57,0x7e, -+ 0x03,0xae,0xcf,0xa7,0x31,0x41,0x01,0xed,0xd0,0xfd,0xa3,0xbd,0xbe,0xa4,0x98,0x5c), -+}; -+ -+kdf_test_vector_t prf_plus_sha384_1 = { -+ .alg = KDF_PRF_PLUS, .arg.prf = PRF_HMAC_SHA2_384, -+ .key = chunk_from_chars( -+ 0x54,0x43,0x6a,0x9e,0xa9,0x5d,0x6f,0xf7,0x9b,0x96,0x7f,0x4b,0x07,0xf6,0xde,0x97, -+ 0x6a,0x37,0x6e,0x8e,0xa2,0x6a,0xa9,0x57,0x47,0x09,0xaf,0xc6,0x02,0x43,0xc9,0xc1, -+ 0x41,0xda,0x4c,0xa0,0xe1,0x58,0xe6,0x27,0xa7,0x5e,0xa8,0x7f,0x6f,0xeb,0x07,0xef), -+ .salt = chunk_from_chars( -+ 0xd6,0x72,0xb0,0xbc,0x85,0x28,0x29,0xb9,0x35,0x09,0xf3,0xb7,0x24,0x70,0x63,0x64, -+ 0x0f,0x9a,0x01,0x6d,0x7b,0x22,0x22,0x3c,0x85,0xf7,0x10,0xda,0xf8,0xb9,0x82,0xd8), -+ .out = chunk_from_chars( -+ 0x10,0xb0,0x0a,0x65,0x46,0x43,0xb3,0xb9,0x85,0x76,0x4f,0x86,0xe2,0x3e,0xf6,0x24, -+ 0x31,0x12,0x2f,0xcc,0x96,0xde,0x16,0xe3,0x38,0xa3,0x72,0xbe,0xe4,0x93,0x91,0xdb, -+ 0x1f,0x83,0xa7,0x35,0x8c,0x08,0x03,0x80,0xab,0xbf,0x4a,0xf4,0x7c,0xdb,0x83,0xb9, -+ 0x53,0x03,0x43,0x16,0x8f,0x7d,0xbc,0x92,0x21,0x26,0x0e,0x15,0x46,0xc6,0xb3,0x83, -+ 0xe2,0x23,0x5d,0x27,0x05,0xa7,0x27,0xf0,0xb4,0x1a,0xeb,0xf6,0xa1,0xb4,0xc6,0x1c, -+ 0xb4,0x60,0x66,0x01,0x52,0xa1,0x7b,0xa7,0x4c,0x20,0xd5,0x19,0x1b,0xa6,0x84,0x17, -+ 0x94,0x94,0x52,0x70,0xd8,0x29,0x58,0x7b,0x7f,0x32,0x94,0x63,0x9e,0xa7,0xb7,0x71, -+ 0x49,0xe1,0xd0,0x72,0x30,0xac,0x16,0xe0,0xcd,0x5a,0xb2,0x36,0xfa,0x32,0x12,0xbd, -+ 0x56,0x9e,0xe7,0x0f), -+}; -+ -+kdf_test_vector_t prf_plus_sha384_2 = { -+ .alg = KDF_PRF_PLUS, .arg.prf = PRF_HMAC_SHA2_384, -+ .key = chunk_from_chars( -+ 0xff,0x66,0xe9,0xd0,0x92,0xdc,0x01,0xe0,0xb8,0x1f,0x93,0x9f,0x52,0xf5,0xc0,0x7d, -+ 0x38,0xd8,0x05,0xb9,0x86,0x28,0xce,0x1a,0xc5,0xfe,0x94,0xc0,0x98,0x57,0x76,0x47, -+ 0x33,0x9f,0xad,0x68,0x94,0x1f,0xfe,0x21,0xe0,0x1e,0xfb,0x4e,0x70,0x50,0x21,0x3b), -+ .salt = chunk_from_chars( -+ 0x9e,0x2a,0x62,0xf9,0x36,0x28,0x93,0xdd,0xf8,0x47,0x16,0xfe,0xc2,0xf2,0x3f,0x9d, -+ 0xcb,0xd9,0x01,0x0d,0xf6,0xfe,0x9e,0x0e,0xb4,0x6d,0x03,0xd9,0x14,0xf3,0x04,0xd8, -+ 0xfe,0x4d,0x3e,0xe2,0xd6,0xa0,0x3b,0x40,0xe5,0x6a,0x32,0x5e,0x82,0x2a,0x17,0x36, -+ 0x19,0x29,0x18,0x4a,0xde,0x09,0xea,0xa4,0x45,0x27,0x8d,0x38,0x70,0x41,0x7a,0x7c, -+ 0xf5,0x65,0x58,0x4f,0x57,0x2a,0xd3,0x4f,0xf7,0x2b,0xc7,0x78,0x1a,0x39,0xa4,0x8b, -+ 0x54,0xb5,0x5d,0x6e,0xb0,0xed,0x68,0x55,0x1b,0x22,0x2c,0x7a,0xfa,0xda,0x0b,0xc8, -+ 0x22,0x36,0xec,0x31,0xce,0x6c,0x04,0x6b,0x3b,0x2e,0xdb,0x2d,0xef,0x61,0xf4,0xd2, -+ 0xd8,0x57,0xb2,0xd1,0xcb,0x36,0x96,0xc0,0x23,0xe0,0x8c,0x08,0xd6,0xab,0xd0,0x4d, -+ 0x4f,0x69,0x09,0x2b,0x14,0x58,0x37,0x35,0xb9,0xe9,0x18,0xae,0xe5,0xa3,0x99,0x9d, -+ 0xcb,0xf5,0x8f,0xda,0xd6,0xfc,0xd4,0x7c,0x95,0x92,0x98,0x77,0x03,0x0e,0x54,0xb7, -+ 0x08,0x23,0x5f,0x2a,0x2e,0x11,0xe7,0xc5,0x85,0x84,0x61,0x9a,0xa2,0xfa,0x69,0x31, -+ 0x53,0x44,0xd3,0x65,0x7b,0x55,0x72,0x0a,0x25,0xeb,0xe8,0x8e,0xa0,0x77,0x69,0x72, -+ 0xc9,0xe2,0x24,0x69,0xb7,0xed,0x5d,0xa9,0x6b,0x3c,0x76,0x85,0xf7,0xb0,0x56,0x99, -+ 0x60,0xbd,0x64,0x4f,0x13,0x0b,0x44,0xa0,0xd5,0x51,0xbb,0x0e,0x90,0x2e,0xd6,0x8a, -+ 0xb3,0x84,0xfd,0xc2,0xfa,0xca,0xf7,0x9b,0xbf,0x8d,0x6d,0x37,0x36,0xdf,0xa9,0x52, -+ 0xcd,0x70,0xf4,0x74,0x6f,0x1a,0x4a,0xea,0xc2,0xbd,0xbe,0xca,0x97,0xb7,0x8f,0xc1, -+ 0x77,0x78,0x78,0xc1,0x28,0x59,0x43,0x35,0x52,0xa7,0x7d,0x7f,0x94,0x2e,0x5b,0x60, -+ 0x47,0x69,0x91,0xa1,0xe3,0xd0,0x42,0x7c,0xd6,0x77,0x34,0x5a,0x1c,0xe2,0x06,0x3a, -+ 0x2e,0x0e,0xc5,0x47,0xa9,0xd8,0x21,0xda,0x75,0x9f,0x1a,0x91,0xb5,0x88,0x17,0xbd, -+ 0x0d,0xc4,0xef,0xfc,0x12,0x6f,0x6f,0x4e,0xb0,0xb9,0x11,0xe9,0x04,0xed,0x21,0xdc, -+ 0x43,0x9d,0x65,0x8a,0x77,0x3f,0x97,0xe1,0x79,0xad,0x20,0xbc,0x3c,0x63,0x60,0x9f, -+ 0x28,0x74,0x06,0x2e,0x83,0x5f,0x6a,0xe0,0x8d,0x59,0x65,0x4f,0x9c,0x88,0x61,0xe5, -+ 0x27,0x03,0x9e,0xea,0xc3,0x2b,0x9e,0xed,0x29,0x3b,0xd8,0xb1,0xe0,0xe7,0xc6,0x7b, -+ 0xf1,0xd7,0x55,0x24,0x6a,0x1b,0x06,0x3f,0xf0,0x06,0x32,0xa4,0x6d,0xd5,0xcf,0x69, -+ 0x48,0xf0,0xee,0xd9,0xb6,0x5c,0x59,0x39,0xdf,0xd2,0x14,0x80,0xa6,0x3d,0xf0,0xca, -+ 0xb0,0xa7,0x50,0x9c,0x42,0x45,0xa1,0xbe,0x75,0x47,0xcc,0xc6,0xf7,0x3c,0x72,0x4b, -+ 0x48,0xb7,0x86,0x70,0x12,0xe0,0xca,0x3e,0x47,0x2e,0x0d,0x55,0x06,0x49,0xa7,0x34, -+ 0x44,0x0f,0xef,0xfc,0x8e,0x73,0x68,0x2c,0xb6,0x04,0x53,0xe7,0xa4,0x7e,0x72,0xfe, -+ 0x08,0x74,0xeb,0x40,0xac,0xd0,0xd4,0x8e,0x4e,0x57,0x19,0x74,0x16,0x11,0x2b,0xcd, -+ 0xc8,0xbb,0x7a,0x58,0xbe,0xa7,0x45,0xfd,0xd6,0x4c,0x16,0xf6,0x66,0xc8,0x8d,0x9e, -+ 0x3b,0xd2,0x35,0xb1,0x37,0x20,0x6f,0x6c,0xdb,0xa1,0x90,0xbe,0x65,0xec,0x03,0x3c, -+ 0x19,0x1f,0x67,0x6b,0x42,0x8e,0xc1,0x20,0x5d,0xc5,0xe9,0x45,0x82,0x85,0x08,0xd8, -+ 0x6f,0xd4,0xbc,0x62,0x54,0x02,0xaa,0x68,0x5f,0x60,0x72,0x5e,0xfd,0xb4,0x25,0x96), -+ .out = chunk_from_chars( -+ 0x28,0x10,0x28,0x8a,0x45,0xa5,0x02,0x21,0x1f,0xea,0xde,0x99,0x43,0xb4,0x22,0x4a, -+ 0x3f,0x54,0xcf,0x97,0xf1,0x91,0xb6,0x21,0xd8,0x0a,0x19,0xf3,0xf1,0xb0,0x36,0x6d, -+ 0x5e,0xd7,0x3d,0x19,0x5b,0x73,0x2a,0x15,0xb5,0x99,0x05,0x1a,0x13,0xb7,0xc5,0x84, -+ 0x17,0x55,0x21,0xe3,0xa9,0x7c,0xdb,0x22,0x0c,0x89,0x24,0xb0,0xec,0x23,0x4a,0x94, -+ 0x2e,0x05,0x79,0x67,0x5f,0x19,0x39,0x26,0xab,0x33,0x29,0x70,0x58,0x55,0x53,0xe2, -+ 0x30,0xe3,0x42,0x9c,0x6e,0x8b,0xa7,0x1b,0x93,0x74,0xbd,0x4a,0x8d,0xf9,0x69,0x45, -+ 0x68,0x40,0x52,0x7f,0x2c,0xf6,0x35,0x39,0x2b,0xe9,0xc1,0x7c,0xa8,0x47,0x4c,0xf0, -+ 0x1b,0x33,0x2b,0x81,0x08,0xb5,0x4c,0x48,0xaa,0xfc,0x86,0xac,0x4c,0xfc,0xe7,0x05, -+ 0x8e,0xe1,0x14,0x54,0x0e,0x5a,0x1b,0x95,0x22,0x01,0xee,0x3d,0x0a,0xc9,0xd3,0xe3, -+ 0x3f,0x01,0x80,0x75,0x84,0x33,0x9a,0xc3,0xf4,0x3c,0xcd,0xd3,0x95,0xc5,0x8b,0xb3, -+ 0xf4,0xa4,0xcc,0x5c,0x57,0x87,0x1e,0xa1,0xd3,0xea,0xa8,0xd0,0x30,0x2b,0xb3,0x08, -+ 0xd1,0xd2,0x03,0xaf,0x13,0x14,0x7e,0x87,0xab,0x2b,0x91,0x59,0xae,0x36,0x1e,0xc0, -+ 0x11,0xd6,0x73,0xfe,0x3f,0x16,0x2b,0x39,0x89,0xda,0x34,0x88,0xd8,0xff,0xea,0x2b, -+ 0x51,0xe7,0x46,0x5f,0xad,0xdc,0xa6,0x7d,0x1d,0x54,0xc8,0x94,0x0a,0x8a,0xb6,0x2e, -+ 0x8a,0xbe,0x41,0x45,0xcb,0x25,0x15,0x91,0x25,0x95,0x01,0x19,0xe3,0xc0,0x1a,0x81, -+ 0x35,0x75,0xf0,0xa9,0x59,0xb1,0x43,0xbc,0x31,0xf6,0x2b,0x47,0x34,0xaa,0x45,0xe2), -+}; -+ -+kdf_test_vector_t prf_plus_sha512_1 = { -+ .alg = KDF_PRF_PLUS, .arg.prf = PRF_HMAC_SHA2_512, -+ .key = chunk_from_chars( -+ 0xda,0xf9,0xbd,0x6f,0x2f,0x91,0x2d,0xa5,0x53,0x86,0x79,0x66,0xaf,0x38,0x6e,0x67, -+ 0x90,0x9a,0x8d,0xf0,0xca,0x7e,0x84,0xb8,0x3b,0x35,0x5c,0xb7,0xd7,0xf1,0x02,0x6f, -+ 0x17,0xd8,0xea,0x34,0xb5,0xd5,0x7f,0xd0,0xd1,0xba,0x38,0x95,0x28,0xfc,0xa1,0xe8, -+ 0x1d,0x1c,0x8c,0xe5,0x11,0xb2,0x8a,0x24,0x58,0x24,0x11,0x43,0xfe,0xe3,0x0c,0xcc), -+ .salt = chunk_from_chars( -+ 0xdf,0x79,0x31,0xdb,0x9b,0x42,0x9e,0x10,0xb8,0xaa,0x8e,0x4d,0x46,0x04,0x23,0x93, -+ 0x9b,0xa4,0x0a,0xf9,0x15,0x7f,0x47,0x92,0x53,0x83,0xc7,0xcd,0x3d,0x10,0x46,0xe6), -+ .out = chunk_from_chars( -+ 0x91,0x9a,0x75,0xde,0xae,0xcc,0xbd,0x39,0x3b,0xeb,0xc8,0x96,0x15,0xf8,0xa2,0x15, -+ 0xed,0xb7,0x07,0x3b,0x23,0x19,0xd8,0x67,0x40,0x22,0x1e,0xee,0x7a,0x2d,0xeb,0x92, -+ 0x50,0x90,0x44,0xd7,0xe6,0x1f,0xcb,0x1b,0xf9,0x67,0x6b,0x38,0x81,0xc7,0xce,0xd4, -+ 0x9e,0x6b,0xba,0x15,0x49,0xda,0x31,0x13,0x60,0x16,0x77,0xa2,0x44,0x5d,0x91,0xac, -+ 0x13,0xa5,0x97,0x33,0x57,0x82,0xdd,0x3a,0x9c,0xf4,0x96,0xd9,0xe1,0x9b,0x93,0x2f, -+ 0x27,0xdd,0x35,0xe3,0x6f,0x80,0x70,0xd2,0x32,0xd0,0xa3,0xb3,0xf4,0xc4,0xa0,0xb4, -+ 0xba,0x44,0x70,0x77,0x8d,0xc0,0x90,0xf3,0x1f,0x52,0xab,0x1b,0x6d,0x81,0xe4,0xc7, -+ 0xdf,0xb3,0x50,0x63,0xad,0x96,0xc3,0x27,0xad,0xcd,0xbd,0xe7,0x14,0xcc,0x9a,0x6b, -+ 0x5e,0xf0,0x49,0xb8), -+}; -+ -+kdf_test_vector_t prf_plus_sha512_2 = { -+ .alg = KDF_PRF_PLUS, .arg.prf = PRF_HMAC_SHA2_512, -+ .key = chunk_from_chars( -+ 0xe5,0x70,0xe7,0x48,0x46,0x34,0x30,0x0d,0x7a,0xdd,0xf5,0xa8,0x52,0x7c,0x13,0x8b, -+ 0x76,0x96,0xdb,0xc3,0xd8,0xbe,0x09,0x69,0xb7,0x52,0x15,0x31,0x8a,0x11,0xad,0xa2, -+ 0x13,0x53,0x8f,0x62,0x93,0xb0,0xee,0xe5,0xb3,0x09,0xad,0x8f,0x5d,0x8d,0x94,0xdb, -+ 0xe5,0x73,0x61,0x27,0xe0,0xd2,0x56,0x0f,0x28,0x1c,0x9c,0x58,0x6b,0xf7,0xc8,0x6f), -+ .salt = chunk_from_chars( -+ 0xd8,0x96,0x84,0xe3,0xcb,0x17,0xf3,0xaa,0xbd,0x85,0x3a,0x78,0xdb,0x3e,0xcd,0x5a, -+ 0xac,0xc1,0xed,0x71,0xc7,0x0b,0x88,0xa2,0x97,0x56,0xf4,0x6f,0xc7,0x19,0x7c,0x80, -+ 0x4e,0xc0,0x01,0x54,0x40,0x02,0xa8,0xae,0xa3,0x60,0x68,0x4b,0x18,0x00,0x6d,0xef, -+ 0x0d,0xbd,0x86,0x33,0xb1,0x01,0x9f,0xbc,0xfa,0x85,0xb9,0x4c,0xac,0x2b,0xb8,0x21, -+ 0x25,0x84,0xbe,0x62,0xad,0xab,0x0e,0xe4,0xbb,0x8a,0x36,0xae,0xe2,0x52,0x75,0xef, -+ 0x07,0x13,0x90,0x48,0x0e,0xef,0xa2,0x09,0x2e,0xb3,0x08,0xaa,0x73,0x37,0xc5,0xce, -+ 0xb6,0x06,0x9a,0xb6,0x90,0xe8,0x96,0x2f,0xbf,0xe0,0x98,0x6e,0x4f,0x5c,0x18,0xf4, -+ 0x86,0x86,0x1e,0xd3,0xf1,0xdc,0xbe,0xe4,0xc9,0xe4,0xa7,0x66,0x9d,0x74,0x0c,0xa2, -+ 0xb0,0xe8,0xed,0x40,0x31,0xb0,0xa4,0x99,0xdc,0x31,0x5c,0xed,0xe7,0xef,0x03,0x39, -+ 0x9c,0xbc,0x33,0xdc,0xd6,0x29,0x70,0x34,0x9f,0x12,0x20,0x88,0x1b,0x55,0x45,0x2e, -+ 0x0c,0x6c,0x9b,0x52,0xa8,0x8b,0x67,0xf5,0x97,0x58,0x67,0x95,0xb2,0x25,0x70,0x73, -+ 0x3f,0xd4,0xff,0x2c,0xc2,0xad,0x93,0x1d,0x83,0x30,0x16,0x5a,0x9e,0x45,0x0e,0x38, -+ 0x88,0x59,0xce,0x62,0x4f,0x01,0xdb,0x17,0xc2,0x50,0x2b,0x4e,0x66,0xad,0xf9,0x65, -+ 0x27,0x36,0x3d,0x6f,0x90,0x6b,0x20,0x23,0xe8,0xed,0x74,0xd5,0xaf,0x0a,0xa6,0x02, -+ 0x46,0xb0,0xb9,0x2f,0x49,0xc4,0x93,0x3e,0xf3,0x12,0xf8,0xa2,0x54,0x34,0xee,0x96, -+ 0x98,0xd6,0xd9,0x20,0x43,0x45,0xbd,0x10,0xbb,0x11,0xaa,0x39,0x86,0x56,0x16,0xd5, -+ 0xad,0x1b,0x57,0x44,0x70,0x6c,0xfd,0x4e,0xa1,0x40,0x8e,0x20,0xc8,0xfd,0xcf,0x85, -+ 0x51,0xee,0xe8,0x81,0x4b,0x7b,0x37,0x33,0x0b,0x05,0x26,0xf0,0xbc,0x5e,0xe1,0x5d, -+ 0x4e,0xcd,0xa7,0xa1,0xbd,0x25,0xaa,0x97,0xf2,0x45,0x84,0xd8,0x5d,0x3f,0x52,0x49, -+ 0x69,0x4b,0x9f,0x43,0x53,0x9e,0x69,0xea,0x35,0xbf,0xe7,0xfd,0x44,0x07,0xbc,0x8e, -+ 0x9d,0xca,0x8a,0x9f,0xae,0x4b,0xdc,0x6b,0x7b,0xb3,0x8c,0x6d,0x68,0xf8,0x99,0xe1, -+ 0xd3,0x2c,0x85,0xbc,0xd6,0x17,0xa5,0x67,0x67,0x8c,0xf8,0x5d,0x22,0x17,0xa4,0xe8, -+ 0x6a,0x75,0x56,0x24,0xb6,0x40,0x02,0x35,0x4c,0x02,0x68,0x42,0xbc,0x95,0x42,0x49, -+ 0x1a,0xf1,0xc3,0xd6,0x29,0x09,0x70,0x55,0x9a,0xf1,0x1b,0xdc,0x2c,0x83,0xb5,0x4c, -+ 0x74,0x14,0x49,0x05,0xc0,0xa3,0x58,0xf3,0x15,0x3d,0xb7,0x67,0xa5,0xda,0x2a,0x86, -+ 0x27,0xf6,0x96,0x27,0xe1,0xd4,0x1e,0xde,0x9c,0x90,0x7c,0x79,0xb5,0x1f,0xf8,0x15, -+ 0xe4,0x64,0x5c,0x33,0x75,0xe0,0xf6,0x3f,0x84,0xfc,0xf5,0xd7,0xc3,0x40,0x7a,0x1d, -+ 0xd6,0x83,0x9e,0x19,0x06,0xa1,0xe3,0x80,0x2c,0xcf,0x5e,0x82,0x30,0xd9,0x5c,0xf4, -+ 0xb8,0x27,0xb4,0x1c,0x48,0x34,0x25,0xa8,0xa6,0x0b,0xfa,0x51,0x89,0xda,0xc4,0x38, -+ 0x06,0x0f,0x2f,0x5c,0xd5,0x26,0x66,0x2f,0x29,0x06,0xc1,0xdd,0x64,0xf4,0x84,0x4e, -+ 0x94,0x2c,0xa8,0x4d,0xae,0xce,0x6d,0xd7,0xbb,0xf7,0x19,0x4d,0x8c,0xe5,0x6b,0xc2, -+ 0x83,0x10,0x85,0xa7,0xd3,0x10,0xe4,0x94,0x4c,0xfa,0xe7,0x62,0x60,0xaa,0xbf,0x6b, -+ 0x60,0x9d,0x88,0x78,0x9b,0x8a,0x1a,0xbf,0x50,0x01,0x86,0xc3,0xd9,0x7e,0xd2,0xab), -+ .out = chunk_from_chars( -+ 0x98,0x7f,0xad,0xd8,0x04,0x99,0x45,0x67,0xd5,0x7f,0x98,0x9b,0x6c,0xda,0x66,0xef, -+ 0xbf,0xfc,0xab,0x28,0xac,0x3e,0x3b,0xc6,0x10,0x78,0x05,0x95,0x4e,0xb1,0xea,0xd0, -+ 0xce,0xa6,0xfb,0x49,0xaa,0x96,0x1c,0xbe,0x98,0xfd,0xad,0x57,0xdd,0x9c,0x45,0x56, -+ 0x7c,0xe4,0x96,0x74,0x78,0x62,0xf8,0x8b,0xcd,0x9f,0xc5,0x75,0x59,0xa0,0x7e,0xa9, -+ 0x27,0xa4,0x20,0x82,0xba,0x87,0xe0,0xf5,0x1b,0x3d,0x5b,0x8c,0xbd,0xea,0xdd,0xed, -+ 0xa3,0xae,0x4c,0x73,0xb1,0xa5,0x1d,0xd0,0xdc,0xe3,0xcc,0x8e,0xb3,0xb1,0x41,0x9b, -+ 0x93,0xf2,0x9d,0xc6,0x52,0x2b,0x2f,0x5e,0x93,0x75,0x23,0x82,0x03,0xec,0xa9,0x8e, -+ 0xd8,0x6b,0xf1,0xe6,0x86,0x8a,0xb4,0x28,0xd8,0x63,0xa5,0xf3,0xb9,0x87,0xd6,0xc0, -+ 0xf9,0x57,0xaf,0x08,0xa1,0x63,0x1f,0x7c,0xdc,0x00,0x8c,0xbb,0xff,0xc2,0x4b,0x02, -+ 0x93,0x1a,0x02,0x01,0x94,0xe3,0x68,0xd6,0xb5,0x70,0x2e,0x7f,0x8b,0x96,0x0d,0xbc, -+ 0x93,0xca,0x56,0xed,0x5a,0x68,0xda,0xe0,0x20,0x69,0x94,0xed,0xf1,0x47,0x6f,0x5f, -+ 0xa3,0x4e,0xfb,0xda,0xa9,0x73,0xd2,0x7b,0xa3,0x68,0xce,0xdc,0xc6,0x66,0xd7,0x63, -+ 0xbd,0x6a,0xd5,0x60,0x57,0x38,0x51,0xbf,0xfb,0x70,0x99,0xaf,0x58,0x8f,0x34,0xff, -+ 0x2e,0x59,0x9b,0x0e,0x87,0xf7,0x0a,0x7f,0x4a,0xa4,0x8e,0x95,0x1d,0x0c,0x5c,0x30, -+ 0xdd,0xfc,0x1f,0x98,0xc1,0x28,0x63,0x15,0x90,0xcd,0xe0,0x0a,0x7c,0x93,0x15,0x8d, -+ 0xbf,0x4c,0xaa,0x53,0x7b,0x31,0x59,0x31,0xb7,0x14,0xd7,0x2f,0x4d,0x2a,0x01,0xc9), -+}; -Index: strongswan-5.9.5/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c -=================================================================== ---- strongswan-5.9.5.orig/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c -+++ strongswan-5.9.5/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c -@@ -25,6 +25,7 @@ - #define TEST_VECTOR_HASHER(x) extern hasher_test_vector_t x; - #define TEST_VECTOR_PRF(x) extern prf_test_vector_t x; - #define TEST_VECTOR_XOF(x) extern xof_test_vector_t x; -+#define TEST_VECTOR_KDF(x) extern kdf_test_vector_t x; - #define TEST_VECTOR_DRBG(x) extern drbg_test_vector_t x; - #define TEST_VECTOR_RNG(x) extern rng_test_vector_t x; - #define TEST_VECTOR_DH(x) extern dh_test_vector_t x; -@@ -37,6 +38,7 @@ - #undef TEST_VECTOR_HASHER - #undef TEST_VECTOR_PRF - #undef TEST_VECTOR_XOF -+#undef TEST_VECTOR_KDF - #undef TEST_VECTOR_DRBG - #undef TEST_VECTOR_RNG - #undef TEST_VECTOR_DH -@@ -47,6 +49,7 @@ - #define TEST_VECTOR_HASHER(x) - #define TEST_VECTOR_PRF(x) - #define TEST_VECTOR_XOF(x) -+#define TEST_VECTOR_KDF(x) - #define TEST_VECTOR_DRBG(x) - #define TEST_VECTOR_RNG(x) - #define TEST_VECTOR_DH(x) -@@ -100,6 +103,14 @@ static xof_test_vector_t *xof[] = { - #undef TEST_VECTOR_XOF - #define TEST_VECTOR_XOF(x) - -+#undef TEST_VECTOR_KDF -+#define TEST_VECTOR_KDF(x) &x, -+static kdf_test_vector_t *kdf[] = { -+#include "test_vectors.h" -+}; -+#undef TEST_VECTOR_KDF -+#define TEST_VECTOR_KDF(x) -+ - #undef TEST_VECTOR_DRBG - #define TEST_VECTOR_DRBG(x) &x, - static drbg_test_vector_t *drbg[] = { -@@ -208,6 +219,11 @@ plugin_t *test_vectors_plugin_create() - lib->crypto->add_test_vector(lib->crypto, - EXTENDED_OUTPUT_FUNCTION, xof[i]); - } -+ for (i = 0; i < countof(kdf); i++) -+ { -+ lib->crypto->add_test_vector(lib->crypto, -+ KEY_DERIVATION_FUNCTION, kdf[i]); -+ } - for (i = 0; i < countof(drbg); i++) - { - lib->crypto->add_test_vector(lib->crypto, -Index: strongswan-5.9.5/src/libstrongswan/plugins/wolfssl/Makefile.am -=================================================================== ---- strongswan-5.9.5.orig/src/libstrongswan/plugins/wolfssl/Makefile.am -+++ strongswan-5.9.5/src/libstrongswan/plugins/wolfssl/Makefile.am -@@ -24,6 +24,7 @@ libstrongswan_wolfssl_la_SOURCES = \ - wolfssl_ed_public_key.h wolfssl_ed_public_key.c \ - wolfssl_hasher.h wolfssl_hasher.c \ - wolfssl_hmac.h wolfssl_hmac.c \ -+ wolfssl_kdf.h wolfssl_kdf.c \ - wolfssl_rsa_public_key.h wolfssl_rsa_public_key.c \ - wolfssl_rsa_private_key.h wolfssl_rsa_private_key.c \ - wolfssl_rng.h wolfssl_rng.c \ -Index: strongswan-5.9.5/src/libstrongswan/plugins/wolfssl/wolfssl_kdf.c -=================================================================== ---- /dev/null -+++ strongswan-5.9.5/src/libstrongswan/plugins/wolfssl/wolfssl_kdf.c -@@ -0,0 +1,196 @@ -+/* -+ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH -+ * -+ * Permission is hereby granted, free of charge, to any person obtaining a copy -+ * of this software and associated documentation files (the "Software"), to deal -+ * in the Software without restriction, including without limitation the rights -+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -+ * copies of the Software, and to permit persons to whom the Software is -+ * furnished to do so, subject to the following conditions: -+ * -+ * The above copyright notice and this permission notice shall be included in -+ * all copies or substantial portions of the Software. -+ * -+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -+ * THE SOFTWARE. -+ */ -+ -+#include "wolfssl_common.h" -+ -+#if !defined(NO_HMAC) && defined(HAVE_HKDF) -+ -+#include -+ -+#define _GNU_SOURCE -+#include "wolfssl_kdf.h" -+#include "wolfssl_util.h" -+ -+typedef struct private_kdf_t private_kdf_t; -+ -+/** -+ * Private data. -+ */ -+struct private_kdf_t { -+ -+ /** -+ * Public interface. -+ */ -+ kdf_t public; -+ -+ /** -+ * KDF type. -+ */ -+ key_derivation_function_t type; -+ -+ /** -+ * Hash algorithm type. -+ */ -+ enum wc_HashType hash; -+ -+ /** -+ * Key for KDF. -+ */ -+ chunk_t key; -+ -+ /** -+ * Salt for KDF. -+ */ -+ chunk_t salt; -+}; -+ -+METHOD(kdf_t, get_type, key_derivation_function_t, -+ private_kdf_t *this) -+{ -+ return this->type; -+} -+ -+METHOD(kdf_t, get_length, size_t, -+ private_kdf_t *this) -+{ -+ if (this->type == KDF_PRF_PLUS) -+ { -+ return SIZE_MAX; -+ } -+ return wc_HashGetDigestSize(this->hash); -+} -+ -+METHOD(kdf_t, get_bytes, bool, -+ private_kdf_t *this, size_t out_len, uint8_t *buffer) -+{ -+ if (this->type == KDF_PRF) -+ { -+ /* IKEv2 uses the nonces as PRF key and the DH secret as salt, however, -+ * HKDF-Extract() does the same again (mapping the salt to the HMAC key), -+ * so we have to switch key and salt here */ -+ if (out_len != get_length(this) || -+ wc_HKDF_Extract(this->hash, this->key.ptr, this->key.len, -+ this->salt.ptr, this->salt.len, buffer)) -+ { -+ return FALSE; -+ } -+ return TRUE; -+ } -+ if (wc_HKDF_Expand(this->hash, this->key.ptr, this->key.len, -+ this->salt.ptr, this->salt.len, buffer, out_len)) -+ { -+ return FALSE; -+ } -+ return TRUE; -+} -+ -+METHOD(kdf_t, allocate_bytes, bool, -+ private_kdf_t *this, size_t out_len, chunk_t *chunk) -+{ -+ if (this->type == KDF_PRF) -+ { -+ out_len = out_len ?: get_length(this); -+ } -+ -+ *chunk = chunk_alloc(out_len); -+ -+ if (!get_bytes(this, out_len, chunk->ptr)) -+ { -+ chunk_free(chunk); -+ return FALSE; -+ } -+ return TRUE; -+} -+ -+METHOD(kdf_t, set_param, bool, -+ private_kdf_t *this, kdf_param_t param, ...) -+{ -+ chunk_t chunk; -+ -+ switch (param) -+ { -+ case KDF_PARAM_KEY: -+ VA_ARGS_GET(param, chunk); -+ chunk_clear(&this->key); -+ this->key = chunk_clone(chunk); -+ break; -+ case KDF_PARAM_SALT: -+ VA_ARGS_GET(param, chunk); -+ chunk_clear(&this->salt); -+ this->salt = chunk_clone(chunk); -+ break; -+ } -+ return TRUE; -+} -+ -+METHOD(kdf_t, destroy, void, -+ private_kdf_t *this) -+{ -+ chunk_clear(&this->salt); -+ chunk_clear(&this->key); -+ free(this); -+} -+ -+/* -+ * Described in header -+ */ -+kdf_t *wolfssl_kdf_create(key_derivation_function_t algo, va_list args) -+{ -+ private_kdf_t *this; -+ pseudo_random_function_t prf_alg; -+ enum wc_HashType hash; -+ char buf[HASH_SIZE_SHA512]; -+ -+ if (algo != KDF_PRF && algo != KDF_PRF_PLUS) -+ { -+ return NULL; -+ } -+ -+ VA_ARGS_VGET(args, prf_alg); -+ if (!wolfssl_hash2type(hasher_algorithm_from_prf(prf_alg), &hash)) -+ { -+ return NULL; -+ } -+ -+ INIT(this, -+ .public = { -+ .get_type = _get_type, -+ .get_length = _get_length, -+ .get_bytes = _get_bytes, -+ .allocate_bytes = _allocate_bytes, -+ .set_param = _set_param, -+ .destroy = _destroy, -+ }, -+ .type = algo, -+ .hash = hash, -+ ); -+ -+ /* test if we can actually use the algorithm */ -+ if (!get_bytes(this, algo == KDF_PRF ? get_length(this) : sizeof(buf), buf)) -+ { -+ destroy(this); -+ return NULL; -+ } -+ return &this->public; -+} -+ -+#endif /* !NO_HMAC && HAVE_HKDF */ -Index: strongswan-5.9.5/src/libstrongswan/plugins/wolfssl/wolfssl_kdf.h -=================================================================== ---- /dev/null -+++ strongswan-5.9.5/src/libstrongswan/plugins/wolfssl/wolfssl_kdf.h -@@ -0,0 +1,45 @@ -+/* -+ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH -+ * -+ * Permission is hereby granted, free of charge, to any person obtaining a copy -+ * of this software and associated documentation files (the "Software"), to deal -+ * in the Software without restriction, including without limitation the rights -+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -+ * copies of the Software, and to permit persons to whom the Software is -+ * furnished to do so, subject to the following conditions: -+ * -+ * The above copyright notice and this permission notice shall be included in -+ * all copies or substantial portions of the Software. -+ * -+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -+ * THE SOFTWARE. -+ */ -+ -+/** -+ * Implements key derivation functions (KDF) using wolfSSL, in particular prf+, -+ * which is implemented via wolfSSL's HKDF implementation. -+ * -+ * @defgroup wolfssl_kdf wolfssl_kdf -+ * @{ @ingroup wolfssl_p -+ */ -+ -+#ifndef WOLFSSL_KDF_H_ -+#define WOLFSSL_KDF_H_ -+ -+#include -+ -+/** -+ * Creates a new kdf_t object. -+ * -+ * @param algo algorithm to instantiate -+ * @param args algorithm-specific arguments -+ * @return kdf_t object, NULL if not supported -+ */ -+kdf_t *wolfssl_kdf_create(key_derivation_function_t algo, va_list args); -+ -+#endif /** WOLFSSL_KDF_H_ @}*/ -Index: strongswan-5.9.5/src/libstrongswan/plugins/wolfssl/wolfssl_plugin.c -=================================================================== ---- strongswan-5.9.5.orig/src/libstrongswan/plugins/wolfssl/wolfssl_plugin.c -+++ strongswan-5.9.5/src/libstrongswan/plugins/wolfssl/wolfssl_plugin.c -@@ -36,6 +36,7 @@ - #include "wolfssl_ed_public_key.h" - #include "wolfssl_hasher.h" - #include "wolfssl_hmac.h" -+#include "wolfssl_kdf.h" - #include "wolfssl_rsa_private_key.h" - #include "wolfssl_rsa_public_key.h" - #include "wolfssl_rng.h" -@@ -185,6 +186,11 @@ METHOD(plugin_t, get_features, int, - PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_256), - PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_512), - #endif -+#ifdef HAVE_HKDF -+ PLUGIN_REGISTER(KDF, wolfssl_kdf_create), -+ PLUGIN_PROVIDE(KDF, KDF_PRF), -+ PLUGIN_PROVIDE(KDF, KDF_PRF_PLUS), -+#endif - #endif /* NO_HMAC */ - #if (!defined(NO_AES) && (defined(HAVE_AESGCM) || defined(HAVE_AESCCM))) || \ - (defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) -Index: strongswan-5.9.5/src/libstrongswan/tests/suites/test_prf_plus.c -=================================================================== ---- strongswan-5.9.5.orig/src/libstrongswan/tests/suites/test_prf_plus.c -+++ strongswan-5.9.5/src/libstrongswan/tests/suites/test_prf_plus.c -@@ -15,129 +15,138 @@ - - #include "test_suite.h" - --#include -+#include - - static struct { - chunk_t key; - chunk_t seed; -- chunk_t iterations[10]; --} counter_data[] = { -+ chunk_t expected; -+} test_data[] = { - { .key = chunk_from_chars(0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b, - 0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b, - 0x0b,0x0b,0x0b,0x0b), - .seed = chunk_from_chars(0x48,0x69,0x20,0x54,0x68,0x65,0x72,0x65), -- .iterations = { -- chunk_from_chars(0xb9,0xbd,0xc0), -- chunk_from_chars(0x89,0x88,0xb4,0xc2,0xb7,0x5a), -- chunk_from_chars(0xa9,0x3e,0x59,0x6a,0xc8,0x42,0x05), -- chunk_from_chars(0xfa,0x2d,0xdd,0xe1,0xbf,0x7a,0x25,0x72, -- 0x06,0x7b,0x00,0xe1,0x4b,0x23,0x77,0x32), -- chunk_from_chars(0x83,0x05,0x09,0x98,0x1a,0xd2,0xf9,0x4a), -- chunk_from_chars(0x8c,0x32,0xa4,0x7d,0xaa,0x22,0x55,0xb6), -- chunk_from_chars(0x60,0xc4,0x36,0x34,0x7a,0xe7,0x56,0xa6, -- 0xed,0xc0,0x23,0x47,0x7d,0x80), -- chunk_from_chars(0x95,0x90,0xe6,0x82,0xf6,0x1d,0x9c,0x04, -- 0xb0,0x6b,0x4a,0xd9,0x71,0xa3,0x4c,0x81, -- 0x47,0xfa,0x66,0x79), -- chunk_from_chars(0x2f,0xf1,0x43,0x4b,0x93,0xc7,0x22,0xb3, -- 0x2e,0x12,0xf4,0x88,0x32,0xeb,0xc1,0x5c, -- 0xe2,0x36,0x9c,0xe7,0x1f,0xe9,0xb7,0xb8, -- 0x1e,0x57,0x04,0xc1,0x4d,0x0f,0x52,0x80, -- 0xa6,0xec,0x62,0x6e,0x99,0x2d,0x7a,0x9f), -- }, -+ .expected = chunk_from_chars(0xb9,0xbd,0xc0,0x89,0x88,0xb4,0xc2,0xb7, -+ 0x5a,0xa9,0x3e,0x59,0x6a,0xc8,0x42,0x05, -+ 0xfa,0x2d,0xdd,0xe1,0xbf,0x7a,0x25,0x72, -+ 0x06,0x7b,0x00,0xe1,0x4b,0x23,0x77,0x32, -+ 0x83,0x05,0x09,0x98,0x1a,0xd2,0xf9,0x4a, -+ 0x8c,0x32,0xa4,0x7d,0xaa,0x22,0x55,0xb6, -+ 0x60,0xc4,0x36,0x34,0x7a,0xe7,0x56,0xa6, -+ 0xed,0xc0,0x23,0x47,0x7d,0x80,0x95,0x90, -+ 0xe6,0x82,0xf6,0x1d,0x9c,0x04,0xb0,0x6b, -+ 0x4a,0xd9,0x71,0xa3,0x4c,0x81,0x47,0xfa, -+ 0x66,0x79,0x2f,0xf1,0x43,0x4b,0x93,0xc7, -+ 0x22,0xb3,0x2e,0x12,0xf4,0x88,0x32,0xeb, -+ 0xc1,0x5c,0xe2,0x36,0x9c,0xe7,0x1f,0xe9, -+ 0xb7,0xb8,0x1e,0x57,0x04,0xc1,0x4d,0x0f, -+ 0x52,0x80,0xa6,0xec,0x62,0x6e,0x99,0x2d, -+ 0x7a,0x9f), -+ }, -+ /* change the key, keep the seed */ -+ { .key = chunk_from_chars(0x0a,0x0a,0x0a,0x0a,0x0a,0x0a,0x0a,0x0a, -+ 0x0a,0x0a,0x0a,0x0a,0x0a,0x0a,0x0a,0x0a, -+ 0x0a,0x0a,0x0a,0x0a), -+ .expected = chunk_from_chars(0x1a,0x2f,0xc7,0x4a,0x06,0x8c,0xae,0x76, -+ 0xfa,0xb3,0xd6,0x34,0xae,0xe9,0x81,0x55, -+ 0x11,0x6a,0x4b,0x21,0xe1,0x0d,0x1b,0x16, -+ 0x45,0x7a,0x06,0xd9,0x42,0x27,0x93,0x98, -+ 0xf7,0x4d,0xf1,0x59,0xc1,0x25,0x21,0xae, -+ 0xe6,0xf4,0x80,0x01,0xe5,0x86,0x8e,0xa7, -+ 0x4b,0x1e,0x13,0xd1,0xcf,0xdc,0xb7,0x7b, -+ 0xf8,0xcf,0x75,0x2c,0x67,0x13,0x18,0x7a, -+ 0x38,0x55,0xba,0x4b,0xf2,0x57,0x55,0xcd, -+ 0x96,0x20,0xcb,0xe3,0xc4,0x8a,0x7f,0xa3, -+ 0x86,0xa5,0xc6,0x26,0x8e,0x57,0xd8,0xe0, -+ 0xb6,0xf9,0x8a,0x41,0x16,0x82,0x64,0x8a), -+ }, -+ /* change the seed, keep the key */ -+ { .seed = chunk_from_chars(0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, -+ 0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10), -+ .expected = chunk_from_chars(0x8b,0x90,0x9c,0xbc,0xbb,0xf1,0x72,0x63, -+ 0x6b,0x4e,0x63,0xcd,0x7e,0xc5,0xe3,0x45, -+ 0x57,0x3e,0xbf,0x72,0x8f,0x62,0xa4,0x9b, -+ 0x83,0x7b,0xd9,0x53,0xc0,0x0c,0xad,0x3d, -+ 0x19,0x16,0x28,0x81,0x85,0xf9,0x27,0xb6, -+ 0xc4,0x0c,0x48,0x31,0x45,0x12,0x3b,0x5a, -+ 0xb8,0x47,0xd0,0x19,0x6e,0x6b,0x1c,0x5a, -+ 0x2a,0xc1,0xe5,0x1e,0xc5,0x43,0xcc,0xd4, -+ 0x28,0xba,0x30,0x4b,0x5e,0xad,0x97,0xa7, -+ 0xc0,0x9d,0x13,0xdd,0xfb,0x4a,0x42,0x43, -+ 0x87,0xd6,0x22,0xf6,0x03,0x19,0x21,0x31, -+ 0x6a,0xa6,0x38,0x44,0xa5,0x61,0xf6,0x23, -+ 0x0c,0x50,0x14,0xcc,0xce,0x09,0x5f,0xb3, -+ 0xcc,0xe4,0xcb,0x8f,0x43,0xdc,0x2b,0x65, -+ 0xfd,0x42,0xcc,0xeb,0x49,0x0e,0xcb,0xeb, -+ 0x47,0x30,0xb5,0x18,0x6d,0x34,0x7a,0xea, -+ 0xad,0xfd,0x66,0xa7,0x7e,0xd3,0x3f,0x42, -+ 0xdf,0x75,0x54,0xef,0x5f,0x4f,0x7e,0x26, -+ 0xf9,0x38,0x73,0x26,0x92,0x7a,0xc7,0x80), - }, - }; - --START_TEST(test_vectors_counter) -+START_TEST(test_params) - { -- prf_plus_t *prf_plus; -- prf_t *prf; -- chunk_t *iter = counter_data[_i].iterations, out; -- -- prf = lib->crypto->create_prf(lib->crypto, PRF_HMAC_SHA2_256); -- ck_assert(prf->set_key(prf, counter_data[_i].key)); -- prf_plus = prf_plus_create(prf, TRUE, counter_data[_i].seed); -- while (iter->ptr) -+ kdf_t *kdf; -+ chunk_t out; -+ int i; -+ -+ kdf = lib->crypto->create_kdf(lib->crypto, KDF_PRF_PLUS, PRF_HMAC_SHA2_256); -+ if (!kdf) - { -- ck_assert(prf_plus->allocate_bytes(prf_plus, iter->len, &out)); -- ck_assert_chunk_eq(*iter, out); -+ warn("%N (%N) not supported", key_derivation_function_names, -+ KDF_PRF_PLUS, pseudo_random_function_names, PRF_HMAC_SHA2_256); -+ return; -+ } -+ for (i = 0; i < countof(test_data); i++) -+ { -+ if (test_data[i].key.len) -+ { -+ ck_assert(kdf->set_param(kdf, KDF_PARAM_KEY, test_data[i].key)); -+ } -+ if (test_data[i].seed.len) -+ { -+ ck_assert(kdf->set_param(kdf, KDF_PARAM_SALT, test_data[i].seed)); -+ } -+ ck_assert(kdf->allocate_bytes(kdf, test_data[i].expected.len, &out)); -+ ck_assert_chunk_eq(test_data[i].expected, out); -+ chunk_free(&out); -+ /* same output the second time */ -+ ck_assert(kdf->allocate_bytes(kdf, test_data[i].expected.len, &out)); -+ ck_assert_chunk_eq(test_data[i].expected, out); - chunk_free(&out); -- iter++; - } -- prf_plus->destroy(prf_plus); -- prf->destroy(prf); -+ kdf->destroy(kdf); - } - END_TEST - - START_TEST(test_wrap) - { -- prf_plus_t *prf_plus; -- prf_t *prf; -- u_char buf[32]; -- int i; -+ kdf_t *kdf; -+ chunk_t out; - -- prf = lib->crypto->create_prf(lib->crypto, PRF_HMAC_SHA2_256); -- ck_assert(prf->set_key(prf, counter_data[0].key)); -- prf_plus = prf_plus_create(prf, TRUE, counter_data[0].seed); -- for (i = 1; i < 256; i++) -+ kdf = lib->crypto->create_kdf(lib->crypto, KDF_PRF_PLUS, PRF_HMAC_SHA2_256); -+ if (!kdf) - { -- ck_assert(prf_plus->get_bytes(prf_plus, sizeof(buf), buf)); -+ warn("%N (%N) not supported", key_derivation_function_names, -+ KDF_PRF_PLUS, pseudo_random_function_names, PRF_HMAC_SHA2_256); -+ return; - } -- ck_assert(!prf_plus->get_bytes(prf_plus, sizeof(buf), buf)); -- prf_plus->destroy(prf_plus); -- prf->destroy(prf); --} --END_TEST -+ ck_assert(kdf->set_param(kdf, KDF_PARAM_KEY, test_data[0].key)); -+ ck_assert(kdf->set_param(kdf, KDF_PARAM_SALT, test_data[0].seed)); - --static struct { -- chunk_t key; -- chunk_t seed; -- chunk_t iterations[10]; --} classic_data[] = { -- { .key = chunk_from_chars(0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b, -- 0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b, -- 0x0b,0x0b,0x0b,0x0b), -- .seed = chunk_from_chars(0x48,0x69,0x20,0x54,0x68,0x65,0x72,0x65), -- .iterations = { -- chunk_from_chars(0xb0,0x34,0x4c), -- chunk_from_chars(0x61,0xd8,0xdb,0x38,0x53,0x5c), -- chunk_from_chars(0xa8,0xaf,0xce,0xaf,0x0b,0xf1,0x2b), -- chunk_from_chars(0x88,0x1d,0xc2,0x00,0xc9,0x83,0x3d,0xa7, -- 0x26,0xe9,0x37,0x6c,0x2e,0x32,0xcf,0xf7), -- chunk_from_chars(0xd0,0x9a,0xe2,0x4b,0x3a,0x83,0xff,0xd4), -- chunk_from_chars(0xb1,0xef,0xa5,0x94,0x5c,0xc5,0xed,0x85), -- chunk_from_chars(0xb0,0xb2,0xcc,0x56,0xfc,0xf7,0x5d,0x23, -- 0xa0,0xa3,0x4c,0xa4,0xdb,0xff,), -- chunk_from_chars(0xea,0xfd,0xaa,0x6a,0x3b,0xf4,0x11,0x34, -- 0x24,0xe4,0x50,0x2d,0xf9,0x7a,0x76,0x93, -- 0x24,0xf6,0x11,0x24), -- chunk_from_chars(0x24,0x3b,0x99,0x6e,0x7d,0x0f,0x35,0x99, -- 0x88,0x79,0x73,0x6b,0xdb,0x70,0x65,0x9a, -- 0x6e,0xfa,0xd2,0x39,0x94,0x10,0xe6,0xce, -- 0x80,0x45,0x6e,0xb6,0x07,0x07,0x8f,0xe1, -- 0xc4,0x7c,0x6b,0x5e,0x81,0x65,0x47,0x8a), -- }, -- }, --}; -- --START_TEST(test_vectors_classic) --{ -- prf_plus_t *prf_plus; -- prf_t *prf; -- chunk_t *iter = classic_data[_i].iterations, out; -- -- prf = lib->crypto->create_prf(lib->crypto, PRF_HMAC_SHA2_256); -- ck_assert(prf->set_key(prf, classic_data[_i].key)); -- prf_plus = prf_plus_create(prf, FALSE, classic_data[_i].seed); -- while (iter->ptr) -- { -- ck_assert(prf_plus->allocate_bytes(prf_plus, iter->len, &out)); -- ck_assert_chunk_eq(*iter, out); -- chunk_free(&out); -- iter++; -+ /* the 1-byte counter overflows after 255 blocks of the underlying PRF */ -+ out = chunk_alloc(32 * 255 + 1); -+ ck_assert(kdf->get_bytes(kdf, out.len - 2, out.ptr)); -+ if (!kdf->get_bytes(kdf, out.len - 1, out.ptr)) -+ { /* Botan 3.x has a check for (len/bs) >= 255 blocks, so we allow this */ -+ warn("unable to generate maximum-sized key for %N (%N) but maximum-1 " -+ "is fine", key_derivation_function_names, KDF_PRF_PLUS, -+ pseudo_random_function_names, PRF_HMAC_SHA2_256); - } -- prf_plus->destroy(prf_plus); -- prf->destroy(prf); -+ ck_assert(!kdf->get_bytes(kdf, out.len, out.ptr)); -+ chunk_free(&out); -+ kdf->destroy(kdf); - } - END_TEST - -@@ -148,13 +157,12 @@ Suite *prf_plus_suite_create() - - s = suite_create("prf_plus"); - -- tc = tcase_create("counter"); -- tcase_add_loop_test(tc, test_vectors_counter, 0, countof(counter_data)); -- tcase_add_test(tc, test_wrap); -+ tc = tcase_create("params"); -+ tcase_add_test(tc, test_params); - suite_add_tcase(s, tc); - -- tc = tcase_create("no counter"); -- tcase_add_loop_test(tc, test_vectors_classic, 0, countof(classic_data)); -+ tc = tcase_create("wrap"); -+ tcase_add_test(tc, test_wrap); - suite_add_tcase(s, tc); - - return s; -Index: strongswan-5.9.5/src/libstrongswan/tests/suites/test_vectors.c -=================================================================== ---- strongswan-5.9.5.orig/src/libstrongswan/tests/suites/test_vectors.c -+++ strongswan-5.9.5/src/libstrongswan/tests/suites/test_vectors.c -@@ -29,6 +29,7 @@ static transform_type_t tfs[] = { - HASH_ALGORITHM, - PSEUDO_RANDOM_FUNCTION, - EXTENDED_OUTPUT_FUNCTION, -+ KEY_DERIVATION_FUNCTION, - DETERMINISTIC_RANDOM_BIT_GENERATOR, - RANDOM_NUMBER_GENERATOR, - DIFFIE_HELLMAN_GROUP, -Index: strongswan-5.9.5/src/libstrongswan/tests/tests.h -=================================================================== ---- strongswan-5.9.5.orig/src/libstrongswan/tests/tests.h -+++ strongswan-5.9.5/src/libstrongswan/tests/tests.h -@@ -55,7 +55,7 @@ TEST_SUITE(asn1_parser_suite_create) - TEST_SUITE(rng_tester_suite_create) - TEST_SUITE_DEPEND(mgf1_sha1_suite_create, XOF, XOF_MGF1_SHA1) - TEST_SUITE_DEPEND(mgf1_sha256_suite_create, XOF, XOF_MGF1_SHA256) --TEST_SUITE_DEPEND(prf_plus_suite_create, PRF, PRF_HMAC_SHA2_256) -+TEST_SUITE_DEPEND(prf_plus_suite_create, KDF, KDF_PRF_PLUS) - TEST_SUITE_DEPEND(ntru_suite_create, DH, NTRU_112_BIT) - TEST_SUITE_DEPEND(fetch_http_suite_create, FETCHER, "http://") - TEST_SUITE_DEPEND(ed25519_suite_create, PRIVKEY_GEN, KEY_ED25519) -Index: strongswan-5.9.5/src/libstrongswan/utils/leak_detective.c -=================================================================== ---- strongswan-5.9.5.orig/src/libstrongswan/utils/leak_detective.c -+++ strongswan-5.9.5/src/libstrongswan/utils/leak_detective.c -@@ -636,6 +636,7 @@ static char *whitelist[] = { - "botan_privkey_create", - "botan_privkey_load_ecdh", - "botan_privkey_load", -+ "botan_kdf", - }; - - /** -Index: strongswan-5.9.5/src/libtls/tls_hkdf.c -=================================================================== ---- strongswan-5.9.5.orig/src/libtls/tls_hkdf.c -+++ strongswan-5.9.5/src/libtls/tls_hkdf.c -@@ -18,7 +18,6 @@ - #include "tls_hkdf.h" - - #include --#include - - typedef struct private_tls_hkdf_t private_tls_hkdf_t; - -@@ -52,6 +51,11 @@ struct private_tls_hkdf_t { - prf_t *prf; - - /** -+ * prf+ implementation. -+ */ -+ kdf_t *prf_plus; -+ -+ /** - * Hasher used. - */ - hasher_t *hasher; -@@ -115,7 +119,6 @@ static bool extract(private_tls_hkdf_t * - } - - DBG4(DBG_TLS, "PRK: %B", prk); -- - return TRUE; - } - -@@ -126,24 +129,15 @@ static bool extract(private_tls_hkdf_t * - static bool expand(private_tls_hkdf_t *this, chunk_t prk, chunk_t info, - size_t length, chunk_t *okm) - { -- prf_plus_t *prf_plus; -- -- if (!this->prf->set_key(this->prf, prk)) -- { -- DBG1(DBG_TLS, "unable to set PRF secret to PRK"); -- return FALSE; -- } -- prf_plus = prf_plus_create(this->prf, TRUE, info); -- if (!prf_plus || !prf_plus->allocate_bytes(prf_plus, length, okm)) -+ if (!this->prf_plus->set_param(this->prf_plus, KDF_PARAM_KEY, prk) || -+ !this->prf_plus->set_param(this->prf_plus, KDF_PARAM_SALT, info) || -+ !this->prf_plus->allocate_bytes(this->prf_plus, length, okm)) - { - DBG1(DBG_TLS, "unable to allocate PRF+ result"); -- DESTROY_IF(prf_plus); - return FALSE; - } -- prf_plus->destroy(prf_plus); - - DBG4(DBG_TLS, "OKM: %B", okm); -- - return TRUE; - } - -@@ -681,6 +675,7 @@ METHOD(tls_hkdf_t, destroy, void, - destroy_secrets(&this->handshake_traffic_secrets); - destroy_secrets(&this->traffic_secrets); - DESTROY_IF(this->prf); -+ DESTROY_IF(this->prf_plus); - DESTROY_IF(this->hasher); - free(this); - } -@@ -720,16 +715,23 @@ tls_hkdf_t *tls_hkdf_create(hash_algorit - .phase = HKDF_PHASE_0, - .psk = psk.ptr ? chunk_clone(psk) : chunk_empty, - .prf = lib->crypto->create_prf(lib->crypto, prf_algorithm), -+ .prf_plus = lib->crypto->create_kdf(lib->crypto, KDF_PRF_PLUS, -+ prf_algorithm), - .hasher = lib->crypto->create_hasher(lib->crypto, hash_algorithm), - ); - -- if (!this->prf || !this->hasher) -+ if (!this->prf || !this->prf_plus || !this->hasher) - { - if (!this->prf) - { - DBG1(DBG_TLS, "%N not supported", pseudo_random_function_names, - prf_algorithm); - } -+ if (!this->prf_plus) -+ { -+ DBG1(DBG_TLS, "%N (%N) not supported", key_derivation_function_names, -+ KDF_PRF_PLUS, pseudo_random_function_names, prf_algorithm); -+ } - if (!this->hasher) - { - DBG1(DBG_TLS, "%N not supported", hash_algorithm_names, -Index: strongswan-5.9.5/testing/hosts/alice/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/hosts/alice/etc/strongswan.conf -+++ strongswan-5.9.5/testing/hosts/alice/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici -+ load = sha1 sha2 md5 aes des hmac kdf pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici - } -Index: strongswan-5.9.5/testing/hosts/bob/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/hosts/bob/etc/strongswan.conf -+++ strongswan-5.9.5/testing/hosts/bob/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici -+ load = sha1 sha2 md5 aes des hmac kdf pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici - } -Index: strongswan-5.9.5/testing/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici -+ load = sha1 sha2 md5 aes des hmac kdf pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici - } -Index: strongswan-5.9.5/testing/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici -+ load = sha1 sha2 md5 aes des hmac kdf pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici - } -Index: strongswan-5.9.5/testing/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici -+ load = sha1 sha2 md5 aes des hmac kdf pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici - } -Index: strongswan-5.9.5/testing/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/hosts/sun/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici -+ load = sha1 sha2 md5 aes des hmac kdf pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici - } -Index: strongswan-5.9.5/testing/hosts/venus/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/hosts/venus/etc/strongswan.conf -+++ strongswan-5.9.5/testing/hosts/venus/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici -+ load = sha1 sha2 md5 aes des hmac kdf pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici - } -Index: strongswan-5.9.5/testing/scripts/recipes/012_wolfssl.mk -=================================================================== ---- strongswan-5.9.5.orig/testing/scripts/recipes/012_wolfssl.mk -+++ strongswan-5.9.5/testing/scripts/recipes/012_wolfssl.mk -@@ -2,7 +2,7 @@ - - PKG = wolfssl - SRC = https://github.com/wolfSSL/$(PKG).git --REV = v5.1.1-stable -+REV = v5.2.0-stable - - NUM_CPUS := $(shell getconf _NPROCESSORS_ONLN) - -Index: strongswan-5.9.5/testing/tests/af-alg/alg-camellia/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/af-alg/alg-camellia/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/af-alg/alg-camellia/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce pem pkcs1 af-alg gmp x509 revocation kernel-netlink curl socket-default updown vici -+ load = random nonce kdf pem pkcs1 af-alg gmp x509 revocation kernel-netlink curl socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/af-alg/alg-camellia/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/af-alg/alg-camellia/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/af-alg/alg-camellia/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce pem pkcs1 af-alg gmp x509 revocation kernel-netlink curl socket-default updown vici -+ load = random nonce kdf pem pkcs1 af-alg gmp x509 revocation kernel-netlink curl socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/af-alg/rw-cert/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/af-alg/rw-cert/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/af-alg/rw-cert/hosts/carol/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce test-vectors pem pkcs1 af-alg gmp x509 revocation curl ctr ccm gcm kernel-netlink socket-default updown vici -+ load = random nonce kdf test-vectors pem pkcs1 af-alg gmp x509 revocation curl ctr ccm gcm kernel-netlink socket-default updown vici - integrity_test = yes - crypto_test { - on_add = yes -Index: strongswan-5.9.5/testing/tests/af-alg/rw-cert/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/af-alg/rw-cert/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/af-alg/rw-cert/hosts/dave/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp x509 revocation curl hmac xcbc ctr ccm gcm kernel-netlink socket-default updown vici -+ load = random nonce kdf test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp x509 revocation curl hmac kdf xcbc ctr ccm gcm kernel-netlink socket-default updown vici - integrity_test = yes - crypto_test { - on_add = yes -Index: strongswan-5.9.5/testing/tests/af-alg/rw-cert/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/af-alg/rw-cert/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/af-alg/rw-cert/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce test-vectors pem pkcs1 af-alg gmp x509 revocation curl ctr ccm gcm kernel-netlink socket-default updown vici -+ load = random nonce kdf test-vectors pem pkcs1 af-alg gmp x509 revocation curl ctr ccm gcm kernel-netlink socket-default updown vici - integrity_test = yes - crypto_test { - on_add = yes -Index: strongswan-5.9.5/testing/tests/botan/net2net-ed25519/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/botan/net2net-ed25519/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/botan/net2net-ed25519/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation constraints curve25519 curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 pkcs8 x509 revocation constraints curve25519 curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/botan/rw-cert/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/botan/rw-cert/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/botan/rw-cert/hosts/dave/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 aes curve25519 hmac mgf1 pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici -+ load = random nonce sha1 sha2 aes curve25519 hmac kdf mgf1 pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici - - rsa_pss = yes - } -Index: strongswan-5.9.5/testing/tests/botan/rw-modp3072/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/botan/rw-modp3072/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/botan/rw-modp3072/hosts/dave/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 aes hmac mgf1 pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici -+ load = random nonce sha1 sha2 aes hmac kdf mgf1 pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici - - rsa_pss = yes - } -Index: strongswan-5.9.5/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/strongswan.conf -@@ -5,6 +5,6 @@ swanctl { - } - - charon-systemd { -- load = nonce pem pkcs1 gcrypt hmac x509 revocation curl vici kernel-netlink socket-default -+ load = nonce pem pkcs1 gcrypt hmac kdf x509 revocation curl vici kernel-netlink socket-default - send_vendor_id = yes - } -Index: strongswan-5.9.5/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/strongswan.conf -@@ -5,6 +5,6 @@ swanctl { - } - - charon-systemd { -- load = nonce pem pkcs1 gcrypt hmac x509 revocation vici kernel-netlink socket-default -+ load = nonce pem pkcs1 gcrypt hmac kdf x509 revocation vici kernel-netlink socket-default - send_vendor_id = yes - } -Index: strongswan-5.9.5/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/strongswan.conf -@@ -5,6 +5,6 @@ swanctl { - } - - charon-systemd { -- load = nonce pem pkcs1 gcrypt hmac x509 revocation curl vici kernel-netlink socket-default -+ load = nonce pem pkcs1 gcrypt hmac kdf x509 revocation curl vici kernel-netlink socket-default - send_vendor_id = yes - } -Index: strongswan-5.9.5/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/strongswan.conf -@@ -5,6 +5,6 @@ swanctl { - } - - charon-systemd { -- load = nonce pem pkcs1 gcrypt hmac x509 revocation vici kernel-netlink socket-default -+ load = nonce pem pkcs1 gcrypt hmac kdf x509 revocation vici kernel-netlink socket-default - send_vendor_id = yes - } -Index: strongswan-5.9.5/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce pem pkcs1 gcrypt hmac x509 revocation kernel-netlink curl socket-default updown vici -+ load = random nonce pem pkcs1 gcrypt hmac kdf x509 revocation kernel-netlink curl socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce pem pkcs1 gcrypt hmac x509 revocation kernel-netlink curl socket-default updown vici -+ load = random nonce pem pkcs1 gcrypt hmac kdf x509 revocation kernel-netlink curl socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = curl test-vectors pem pkcs1 gcrypt nonce x509 revocation hmac xcbc ctr ccm gcm vici kernel-netlink socket-default updown -+ load = curl test-vectors pem pkcs1 gcrypt nonce x509 revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown - integrity_test = yes - crypto_test { - on_add = yes -Index: strongswan-5.9.5/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr ccm vici stroke kernel-netlink socket-default updown -+ load = test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac kdf xcbc ctr ccm vici stroke kernel-netlink socket-default updown - integrity_test = yes - crypto_test { - required = yes -Index: strongswan-5.9.5/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = curl test-vectors pem pkcs1 gcrypt nonce x509 revocation hmac xcbc ctr ccm gcm vici kernel-netlink socket-default updown -+ load = curl test-vectors pem pkcs1 gcrypt nonce x509 revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown - integrity_test = yes - crypto_test { - on_add = yes -Index: strongswan-5.9.5/testing/tests/ha/active-passive/hosts/alice/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ha/active-passive/hosts/alice/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ha/active-passive/hosts/alice/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ha -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default ha - - plugins { - ha { -Index: strongswan-5.9.5/testing/tests/ha/active-passive/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ha/active-passive/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ha/active-passive/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ha/active-passive/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ha/active-passive/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ha/active-passive/hosts/dave/etc/strongswan.conf -@@ -1,6 +1,6 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } - -Index: strongswan-5.9.5/testing/tests/ha/active-passive/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ha/active-passive/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ha/active-passive/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ha -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default ha - - plugins { - ha { -Index: strongswan-5.9.5/testing/tests/ha/both-active/hosts/alice/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ha/both-active/hosts/alice/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ha/both-active/hosts/alice/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ha -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default ha - - plugins { - ha { -Index: strongswan-5.9.5/testing/tests/ha/both-active/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ha/both-active/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ha/both-active/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ha/both-active/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ha/both-active/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ha/both-active/hosts/dave/etc/strongswan.conf -@@ -1,6 +1,6 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } - -Index: strongswan-5.9.5/testing/tests/ha/both-active/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ha/both-active/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ha/both-active/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ha -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default ha - - plugins { - ha { -Index: strongswan-5.9.5/testing/tests/ike/rw-cert/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ike/rw-cert/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ike/rw-cert/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ike/rw_v1-net_v2/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ike/rw_v1-net_v2/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ike/rw_v1-net_v2/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp hmac x509 curl revocation stroke kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp hmac kdf x509 curl revocation stroke kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp hmac x509 curl revocation stroke kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp hmac kdf x509 curl revocation stroke kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp hmac x509 curl revocation stroke kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp hmac kdf x509 curl revocation stroke kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-3des-md5/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-3des-md5/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-3des-md5/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce des md5 sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce des md5 sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-3des-md5/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-3des-md5/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-3des-md5/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce des md5 sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce des md5 sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-blowfish/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-blowfish/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-blowfish/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce blowfish sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce blowfish sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-blowfish/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-blowfish/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-blowfish/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce blowfish sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce blowfish sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-blowfish/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-blowfish/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-blowfish/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce blowfish sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce blowfish sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-modp-subgroup/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-modp-subgroup/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-modp-subgroup/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-modp-subgroup/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-modp-subgroup/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-modp-subgroup/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-modp-subgroup/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-modp-subgroup/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-modp-subgroup/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-sha256/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-sha256/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-sha256/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-sha256/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-sha256/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-sha256/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-sha384/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-sha384/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-sha384/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-sha384/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-sha384/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-sha384/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-sha512/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-sha512/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-sha512/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-sha512/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-sha512/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-sha512/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-algs/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-algs/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-algs/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-algs/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-algs/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-algs/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-algs/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-algs/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-xcbc/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-algs/esp-alg-aes-xcbc/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-xcbc/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-xcbc/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-algs/esp-alg-aes-xcbc/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-xcbc/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-null/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-algs/esp-alg-null/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-null/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-null/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-algs/esp-alg-null/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-null/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/config-payload-push/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/config-payload-push/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/config-payload-push/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/config-payload-push/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/config-payload-push/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/config-payload-push/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/config-payload-push/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/config-payload-push/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/config-payload-push/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown attr -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown attr - - dns1 = PH_IP_WINNETOU - dns2 = PH_IP_VENUS -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/config-payload/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/config-payload/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/config-payload/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/config-payload/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/config-payload/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/config-payload/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/config-payload/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/config-payload/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/config-payload/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown attr -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown attr - - dns1 = PH_IP_WINNETOU - dns2 = PH_IP_VENUS -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/host2host-cert/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/host2host-cert/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/host2host-cert/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/host2host-cert/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/host2host-cert/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/host2host-cert/hosts/sun/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/host2host-transport/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/host2host-transport/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/host2host-transport/hosts/moon/etc/strongswan.conf -@@ -1,6 +1,6 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - multiple_authentication = no - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/host2host-transport/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/host2host-transport/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/host2host-transport/hosts/sun/etc/strongswan.conf -@@ -1,6 +1,6 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - multiple_authentication = no - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/ip-pool-db/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/ip-pool-db/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/ip-pool-db/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/ip-pool-db/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/ip-pool-db/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/ip-pool-db/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/ip-pool-db/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/ip-pool-db/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/ip-pool-db/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default sqlite attr-sql updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default sqlite attr-sql updown - - plugins { - attr-sql { -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/ip-pool/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/ip-pool/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/ip-pool/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/ip-pool/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/ip-pool/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/ip-pool/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/ip-pool/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/ip-pool/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/ip-pool/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/nat-rw/hosts/alice/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/nat-rw/hosts/alice/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/nat-rw/hosts/alice/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - - keep_alive = 5 - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/nat-rw/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/nat-rw/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/nat-rw/hosts/sun/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/nat-rw/hosts/venus/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/nat-rw/hosts/venus/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/nat-rw/hosts/venus/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - - keep_alive = 5 - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/net2net-cert/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/net2net-cert/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/net2net-cert/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/net2net-cert/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/net2net-cert/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/net2net-cert/hosts/sun/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/net2net-psk/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/net2net-psk/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/net2net-psk/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/net2net-psk/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/net2net-psk/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/net2net-psk/hosts/sun/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/protoport-dual/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/protoport-dual/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/protoport-dual/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/protoport-dual/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/protoport-dual/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/protoport-dual/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/rw-cert/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/rw-cert/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/rw-cert/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown -+ load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/rw-cert/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/rw-cert/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/rw-cert/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown -+ load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/rw-cert/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/rw-cert/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/rw-cert/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random drbg nonce test-vectors aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown -+ load = random drbg nonce test-vectors aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm stroke kernel-netlink socket-default updown - - integrity_test = yes - -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/rw-psk-fqdn/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/rw-psk-fqdn/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/rw-psk-fqdn/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/rw-psk-fqdn/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/rw-psk-fqdn/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/rw-psk-fqdn/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/rw-psk-fqdn/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/rw-psk-fqdn/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/rw-psk-fqdn/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/rw-psk-ipv4/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/rw-psk-ipv4/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/rw-psk-ipv4/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/rw-psk-ipv4/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/rw-psk-ipv4/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/rw-psk-ipv4/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/rw-psk-ipv4/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/rw-psk-ipv4/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/rw-psk-ipv4/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/virtual-ip/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/virtual-ip/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/virtual-ip/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/virtual-ip/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/virtual-ip/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/virtual-ip/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/virtual-ip/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/virtual-ip/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/virtual-ip/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-psk-config/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-id-psk-config/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-psk-config/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 hmac curve25519 xauth-generic resolve kernel-netlink socket-default stroke updown -+ load = random nonce aes sha1 sha2 hmac kdf curve25519 xauth-generic resolve kernel-netlink socket-default stroke updown - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-psk-config/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-id-psk-config/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-psk-config/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 hmac curve25519 xauth-generic resolve kernel-netlink socket-default stroke updown -+ load = random nonce aes sha1 sha2 hmac kdf curve25519 xauth-generic resolve kernel-netlink socket-default stroke updown - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-psk-config/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-id-psk-config/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-psk-config/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 hmac curve25519 xauth-generic attr kernel-netlink socket-default stroke updown -+ load = random nonce aes sha1 sha2 hmac kdf curve25519 xauth-generic attr kernel-netlink socket-default stroke updown - - dns1 = 192.168.0.150 - dns2 = 10.1.0.20 -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-rsa-config/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-id-rsa-config/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-rsa-config/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke -+ load = random nonce aes sha1 sha2 md5 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-rsa-config/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-id-rsa-config/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-rsa-config/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-rsa-config/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-id-rsa-config/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-rsa-config/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-rsa-hybrid/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-id-rsa-hybrid/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-rsa-hybrid/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke -+ load = random nonce aes sha1 sha2 md5 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-rsa-hybrid/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-id-rsa-hybrid/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-rsa-hybrid/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-rsa-hybrid/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-id-rsa-hybrid/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-rsa-hybrid/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-psk/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-psk/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-psk/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 hmac curve25519 xauth-generic kernel-netlink socket-default updown stroke -+ load = random nonce aes sha1 sha2 hmac kdf curve25519 xauth-generic kernel-netlink socket-default updown stroke - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-psk/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-psk/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-psk/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 hmac curve25519 xauth-generic kernel-netlink socket-default updown stroke -+ load = random nonce aes sha1 sha2 hmac kdf curve25519 xauth-generic kernel-netlink socket-default updown stroke - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-psk/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-psk/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-psk/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 hmac curve25519 xauth-generic kernel-netlink socket-default updown stroke -+ load = random nonce aes sha1 sha2 hmac kdf curve25519 xauth-generic kernel-netlink socket-default updown stroke - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-rsa/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-rsa/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-rsa/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke -+ load = random nonce aes sha1 sha2 md5 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-rsa/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-rsa/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-rsa/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke - } -Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-rsa/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-rsa/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-rsa/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke - } -Index: strongswan-5.9.5/testing/tests/ikev1/compress/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/compress/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/compress/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev1/compress/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/compress/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/compress/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev1/config-payload-push/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/config-payload-push/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/config-payload-push/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/config-payload-push/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/config-payload-push/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/config-payload-push/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/config-payload-push/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/config-payload-push/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/config-payload-push/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/config-payload/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/config-payload/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/config-payload/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/config-payload/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/config-payload/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/config-payload/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/config-payload/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/config-payload/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/config-payload/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/double-nat-net/hosts/alice/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/double-nat-net/hosts/alice/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/double-nat-net/hosts/alice/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev1/double-nat-net/hosts/bob/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/double-nat-net/hosts/bob/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/double-nat-net/hosts/bob/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev1/double-nat/hosts/alice/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/double-nat/hosts/alice/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/double-nat/hosts/alice/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev1/double-nat/hosts/bob/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/double-nat/hosts/bob/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/double-nat/hosts/bob/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev1/dpd-clear/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/dpd-clear/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/dpd-clear/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev1/dpd-clear/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/dpd-clear/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/dpd-clear/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev1/dpd-restart/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/dpd-restart/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/dpd-restart/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev1/dpd-restart/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/dpd-restart/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/dpd-restart/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/host2host-ah/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/host2host-ah/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/host2host-ah/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/host2host-ah/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/host2host-ah/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/host2host-ah/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/host2host-cert/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/host2host-cert/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/host2host-cert/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/host2host-cert/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/host2host-cert/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/host2host-cert/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/host2host-transport/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/host2host-transport/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/host2host-transport/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/host2host-transport/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/host2host-transport/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/host2host-transport/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown sqlite attr-sql vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown sqlite attr-sql vici - - plugins { - attr-sql { -Index: strongswan-5.9.5/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/nat-rw/hosts/alice/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/nat-rw/hosts/alice/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/nat-rw/hosts/alice/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - - keep_alive = 5 - } -Index: strongswan-5.9.5/testing/tests/ikev1/nat-rw/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/nat-rw/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/nat-rw/hosts/sun/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev1/nat-rw/hosts/venus/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/nat-rw/hosts/venus/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/nat-rw/hosts/venus/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - - keep_alive = 5 - } -Index: strongswan-5.9.5/testing/tests/ikev1/nat-virtual-ip/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/nat-virtual-ip/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/nat-virtual-ip/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/nat-virtual-ip/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/nat-virtual-ip/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/nat-virtual-ip/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/net2net-cert/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/net2net-cert/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/net2net-cert/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/net2net-cert/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/net2net-cert/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/net2net-cert/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/protoport-dual/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/protoport-dual/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/protoport-dual/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev1/protoport-dual/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/protoport-dual/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/protoport-dual/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/rw-cert-aggressive/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/rw-cert-aggressive/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/rw-cert-aggressive/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/rw-cert-unity/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/rw-cert-unity/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/rw-cert-unity/hosts/carol/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default unity -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default unity - - cisco_unity = yes - } -Index: strongswan-5.9.5/testing/tests/ikev1/rw-cert-unity/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/rw-cert-unity/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/rw-cert-unity/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default attr unity -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default attr unity - - cisco_unity = yes - plugins { -Index: strongswan-5.9.5/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac xcbc ctr ccm gcm vici kernel-netlink socket-default updown -+ load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev1/rw-cert/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/rw-cert/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/rw-cert/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac xcbc ctr ccm gcm vici kernel-netlink socket-default updown -+ load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random drbg nonce test-vectors aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac xcbc ctr ccm gcm vici kernel-netlink socket-default updown -+ load = random drbg nonce test-vectors aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown - - integrity_test = yes - -Index: strongswan-5.9.5/testing/tests/ikev1/rw-initiator-only/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/rw-initiator-only/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/rw-initiator-only/hosts/carol/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - - initiator_only = yes - } -Index: strongswan-5.9.5/testing/tests/ikev1/rw-initiator-only/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/rw-initiator-only/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/rw-initiator-only/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/rw-initiator-only/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/rw-initiator-only/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/rw-initiator-only/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/rw-multi-ciphers/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/rw-multi-ciphers/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/rw-multi-ciphers/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pkcs1 pem x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pkcs1 pem x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/rw-multi-ciphers/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/rw-multi-ciphers/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/rw-multi-ciphers/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce des sha1 sha2 hmac pkcs1 pem x509 revocation gmp curl kernel-netlink socket-default updown vici -+ load = random nonce des sha1 sha2 hmac kdf pkcs1 pem x509 revocation gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/rw-multi-ciphers/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/rw-multi-ciphers/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/rw-multi-ciphers/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes des sha1 sha2 hmac pkcs1 pem x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes des sha1 sha2 hmac kdf pkcs1 pem x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/rw-psk-aggressive/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/rw-psk-aggressive/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/rw-psk-aggressive/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/rw-psk-aggressive/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/rw-psk-aggressive/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/rw-psk-aggressive/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/rw-psk-aggressive/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/rw-psk-aggressive/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/rw-psk-aggressive/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici - - i_dont_care_about_security_and_use_aggressive_mode_psk = yes - } -Index: strongswan-5.9.5/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/rw-psk-fqdn/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/rw-psk-fqdn/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/rw-psk-fqdn/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/rw-psk-ip-ranges/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/rw-psk-ip-ranges/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/rw-psk-ip-ranges/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/rw-psk-ip-ranges/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/rw-psk-ip-ranges/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/rw-psk-ip-ranges/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac gmp kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf gmp kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/rw-psk-ip-ranges/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/rw-psk-ip-ranges/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/rw-psk-ip-ranges/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac curve25519 gmp kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf curve25519 gmp kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/rw-psk-ipv4/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/rw-psk-ipv4/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/rw-psk-ipv4/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 hmac curve25519 kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 md5 hmac kdf curve25519 kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/xauth-id-psk-config/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-id-psk-config/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/xauth-id-psk-config/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/xauth-id-psk-config/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-id-psk-config/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/xauth-id-psk-config/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/xauth-id-psk-config/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-id-psk-config/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/xauth-id-psk-config/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes md5 sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl eap-md5 eap-radius xauth-eap kernel-netlink socket-default updown vici -+ load = random nonce aes md5 sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl eap-md5 eap-radius xauth-eap kernel-netlink socket-default updown vici - - plugins { - eap-radius { -Index: strongswan-5.9.5/testing/tests/ikev1/xauth-rsa-radius/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-rsa-radius/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/xauth-rsa-radius/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/xauth-rsa-radius/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-rsa-radius/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/xauth-rsa-radius/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes md5 sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl eap-radius kernel-netlink socket-default updown vici -+ load = random nonce aes md5 sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl eap-radius kernel-netlink socket-default updown vici - - plugins { - eap-radius { -Index: strongswan-5.9.5/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-3des-md5/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-3des-md5/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-3des-md5/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce des md5 sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce des md5 sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-3des-md5/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-3des-md5/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-3des-md5/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce des md5 sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce des md5 sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-ccm/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-aes-ccm/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-ccm/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc ccm gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc ccm gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-ccm/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-aes-ccm/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-ccm/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc ccm gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc ccm gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-ctr/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-aes-ctr/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-ctr/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc ctr gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc ctr gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-ctr/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-aes-ctr/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-ctr/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc ctr gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc ctr gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-gcm/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-aes-gcm/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-gcm/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc gcm gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc gcm gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-gcm/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-aes-gcm/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-gcm/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc gcm gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc gcm gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-xcbc/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-aes-xcbc/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-xcbc/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-xcbc/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-aes-xcbc/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-xcbc/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-blowfish/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-blowfish/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-blowfish/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce blowfish sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce blowfish sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-blowfish/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-blowfish/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-blowfish/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce blowfish sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce blowfish sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-blowfish/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-blowfish/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-blowfish/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce blowfish sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce blowfish sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-chacha20poly1305/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-chacha20poly1305/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-chacha20poly1305/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce sha1 sha2 pem pkcs1 curve25519 chapoly gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce sha1 sha2 pem pkcs1 curve25519 chapoly gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-chacha20poly1305/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-chacha20poly1305/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-chacha20poly1305/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce sha1 sha2 pem pkcs1 curve25519 chapoly gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce sha1 sha2 pem pkcs1 curve25519 chapoly gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-modp-subgroup/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-modp-subgroup/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-modp-subgroup/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-modp-subgroup/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-modp-subgroup/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-modp-subgroup/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-modp-subgroup/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-modp-subgroup/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-modp-subgroup/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-sha256/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-sha256/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-sha256/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-sha256/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-sha256/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-sha256/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-sha384/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-sha384/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-sha384/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-sha384/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-sha384/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-sha384/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-sha512/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-sha512/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-sha512/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-sha512/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-sha512/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-sha512/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-algs/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gcm gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gcm gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-algs/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gcm gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gcm gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-md5-128/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-algs/esp-alg-md5-128/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-md5-128/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce des md5 sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce des md5 sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-md5-128/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-algs/esp-alg-md5-128/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-md5-128/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce des md5 sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce des md5 sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-null/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-algs/esp-alg-null/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-null/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-null/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-algs/esp-alg-null/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-null/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-sha1-160/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-algs/esp-alg-sha1-160/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-sha1-160/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-sha1-160/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-algs/esp-alg-sha1-160/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-sha1-160/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-sha256-96/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-algs/esp-alg-sha256-96/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-sha256-96/hosts/carol/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - - send_vendor_id = yes - } -Index: strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-sha256-96/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-algs/esp-alg-sha256-96/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-sha256-96/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - - send_vendor_id = yes - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/config-payload-swapped/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/config-payload-swapped/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/config-payload-swapped/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/config-payload-swapped/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/config-payload-swapped/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/config-payload-swapped/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/config-payload-swapped/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/config-payload-swapped/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/config-payload-swapped/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/config-payload/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/config-payload/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/config-payload/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/config-payload/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/config-payload/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/config-payload/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/config-payload/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/config-payload/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/config-payload/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown attr -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown attr - - dns1 = PH_IP_WINNETOU - dns2 = PH_IP_VENUS -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/host2host-cert/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/host2host-cert/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/host2host-cert/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/host2host-cert/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/host2host-cert/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/host2host-cert/hosts/sun/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/host2host-swapped/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/host2host-swapped/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/host2host-swapped/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/host2host-swapped/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/host2host-swapped/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/host2host-swapped/hosts/sun/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/host2host-transport/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/host2host-transport/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/host2host-transport/hosts/moon/etc/strongswan.conf -@@ -1,6 +1,6 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - multiple_authentication = no - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/host2host-transport/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/host2host-transport/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/host2host-transport/hosts/sun/etc/strongswan.conf -@@ -1,6 +1,6 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - multiple_authentication = no - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool-db/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-pool-db/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool-db/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool-db/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-pool-db/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool-db/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool-db/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-pool-db/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool-db/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default sqlite attr-sql updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default sqlite attr-sql updown - - plugins { - attr-sql { -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool-wish/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-pool-wish/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool-wish/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool-wish/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-pool-wish/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool-wish/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool-wish/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-pool-wish/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool-wish/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-pool/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-pool/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-pool/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/alice/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/alice/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/alice/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve -+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke sqlite attr-sql kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke sqlite attr-sql kernel-netlink socket-default updown - - plugins { - attr-sql { -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/venus/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/venus/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/venus/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools/hosts/alice/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-two-pools/hosts/alice/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools/hosts/alice/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-two-pools/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-two-pools/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/nat-rw-psk/hosts/alice/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/nat-rw-psk/hosts/alice/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/nat-rw-psk/hosts/alice/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/nat-rw-psk/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/nat-rw-psk/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/nat-rw-psk/hosts/sun/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/nat-rw-psk/hosts/venus/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/nat-rw-psk/hosts/venus/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/nat-rw-psk/hosts/venus/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/nat-rw/hosts/alice/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/nat-rw/hosts/alice/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/nat-rw/hosts/alice/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - - keep_alive = 5 - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/nat-rw/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/nat-rw/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/nat-rw/hosts/sun/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/nat-rw/hosts/venus/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/nat-rw/hosts/venus/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/nat-rw/hosts/venus/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - - keep_alive = 5 - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-cert/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-cert/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-cert/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - multiple_authentication = no - signature_authentication = no - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-cert/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-cert/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-cert/hosts/sun/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - multiple_authentication = no - signature_authentication = no - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-pgp-v3/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-pgp-v3/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-pgp-v3/hosts/moon/etc/strongswan.conf -@@ -1,6 +1,6 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes md5 sha1 sha2 hmac pem pkcs1 pgp curve25519 gmp stroke kernel-netlink socket-default updown -+ load = random nonce aes md5 sha1 sha2 hmac kdf pem pkcs1 pgp curve25519 gmp stroke kernel-netlink socket-default updown - } - -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-pgp-v3/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-pgp-v3/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-pgp-v3/hosts/sun/etc/strongswan.conf -@@ -1,6 +1,6 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes md5 sha1 sha2 hmac pem pkcs1 pgp curve25519 gmp stroke kernel-netlink socket-default updown -+ load = random nonce aes md5 sha1 sha2 hmac kdf pem pkcs1 pgp curve25519 gmp stroke kernel-netlink socket-default updown - } - -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-pgp-v4/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-pgp-v4/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-pgp-v4/hosts/moon/etc/strongswan.conf -@@ -1,6 +1,6 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 pgp curve25519 gmp stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 pgp curve25519 gmp stroke kernel-netlink socket-default updown - } - -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-pgp-v4/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-pgp-v4/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-pgp-v4/hosts/sun/etc/strongswan.conf -@@ -1,6 +1,6 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 pgp curve25519 gmp stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 pgp curve25519 gmp stroke kernel-netlink socket-default updown - } - -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-psk/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-psk/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-psk/hosts/moon/etc/strongswan.conf -@@ -1,6 +1,6 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown - multiple_authentication = no - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-psk/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-psk/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-psk/hosts/sun/etc/strongswan.conf -@@ -1,6 +1,6 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown - multiple_authentication = no - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-route/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-route/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-route/hosts/moon/etc/strongswan.conf -@@ -1,6 +1,6 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - multiple_authentication = no - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-route/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-route/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-route/hosts/sun/etc/strongswan.conf -@@ -1,6 +1,6 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - multiple_authentication = no - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-rsa/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-rsa/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-rsa/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 hmac curve25519 gmp dnskey pem pkcs1 pubkey curl kernel-netlink socket-default stroke updown -+ load = random nonce aes sha1 sha2 hmac kdf curve25519 gmp dnskey pem pkcs1 pubkey curl kernel-netlink socket-default stroke updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-rsa/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-rsa/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-rsa/hosts/sun/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 hmac curve25519 gmp dnskey pem pkcs1 pubkey curl kernel-netlink socket-default stroke updown -+ load = random nonce aes sha1 sha2 hmac kdf curve25519 gmp dnskey pem pkcs1 pubkey curl kernel-netlink socket-default stroke updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-start/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-start/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-start/hosts/moon/etc/strongswan.conf -@@ -1,6 +1,6 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - multiple_authentication = no - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-start/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-start/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-start/hosts/sun/etc/strongswan.conf -@@ -1,6 +1,6 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - multiple_authentication = no - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/protoport-dual/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/protoport-dual/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/protoport-dual/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/protoport-dual/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/protoport-dual/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/protoport-dual/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-cert/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-cert/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-cert/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random drbg nonce aes des sha1 sha2 sha3 md5 chapoly mgf1 curve25519 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown -+ load = random drbg nonce aes des sha1 sha2 sha3 md5 chapoly mgf1 curve25519 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac kdf xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-cert/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-cert/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-cert/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random drbg nonce aes des sha1 sha2 sha3 md5 chapoly mgf1 curve25519 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown -+ load = random drbg nonce aes des sha1 sha2 sha3 md5 chapoly mgf1 curve25519 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac kdf xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-cert/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-cert/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-cert/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random drbg nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 curve25519 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown -+ load = random drbg nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 curve25519 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac kdf xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown - - integrity_test = yes - crypto_test { -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown - - integrity_test = yes - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown - - integrity_test = yes - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-id-prompt/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-md5-id-prompt/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-id-prompt/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 eap-identity updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-md5 eap-identity updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-id-prompt/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-md5-id-prompt/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-id-prompt/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 eap-identity updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-md5 eap-identity updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 eap-identity updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-md5 eap-identity updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius eap-identity updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-radius eap-identity updown - - plugins { - eap-radius { -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-md5 updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-radius updown - - plugins { - eap-radius { -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-md5 updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-md5 updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes des sha1 sha2 md4 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown -+ load = random nonce aes des sha1 sha2 md4 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes des sha1 sha2 md4 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown -+ load = random nonce aes des sha1 sha2 md4 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf -@@ -1,6 +1,6 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown - multiple_authentication=no - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf -@@ -1,6 +1,6 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown - multiple_authentication=no - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown - multiple_authentication=no - - plugins { -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-mschapv2/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-peap-mschapv2/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-mschapv2/hosts/carol/etc/strongswan.conf -@@ -1,6 +1,6 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes des sha1 sha2 md4 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown -+ load = random nonce aes des sha1 sha2 md4 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown - multiple_authentication=no - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-mschapv2/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-peap-mschapv2/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-mschapv2/hosts/dave/etc/strongswan.conf -@@ -1,6 +1,6 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes des sha1 sha2 md4 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown -+ load = random nonce aes des sha1 sha2 md4 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown - multiple_authentication=no - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-mschapv2/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-peap-mschapv2/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-mschapv2/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes des sha1 sha2 md4 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown -+ load = random nonce aes des sha1 sha2 md4 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown - multiple_authentication=no - plugins { - eap-peap { -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf -@@ -1,6 +1,6 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown - multiple_authentication=no - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf -@@ -1,6 +1,6 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown - multiple_authentication=no - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-radius updown - multiple_authentication=no - - plugins { -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius eap-identity updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-radius eap-identity updown - - plugins { - eap-radius { -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown -+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown -+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 curve25519 hmac stroke kernel-netlink socket-default eap-radius updown -+ load = random nonce aes sha1 sha2 md5 curve25519 hmac kdf stroke kernel-netlink socket-default eap-radius updown - - plugins { - eap-radius { -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-radius updown - - plugins { - eap-radius { -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown - - integrity_test = yes - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown - - integrity_test = yes - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-tls-only/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-tls-only/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-tls-only/hosts/carol/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac gcm stroke kernel-netlink socket-default eap-tls updown -+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac kdf gcm stroke kernel-netlink socket-default eap-tls updown - - multiple_authentication=no - syslog { -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-tls-only/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-tls-only/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-tls-only/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac gcm stroke kernel-netlink socket-default eap-tls updown -+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac kdf gcm stroke kernel-netlink socket-default eap-tls updown - - multiple_authentication=no - syslog { -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-tls updown -+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-tls updown - multiple_authentication=no - syslog { - daemon { -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown -+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-radius updown - multiple_authentication=no - - plugins { -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown - multiple_authentication=no - syslog { - daemon { -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown - multiple_authentication=no - syslog { - daemon { -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown - multiple_authentication=no - - syslog { -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown -+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown - multiple_authentication=no - syslog { - daemon { -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown -+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown - multiple_authentication=no - syslog { - daemon { -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-radius updown - multiple_authentication=no - - plugins { -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-psk-fqdn/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-psk-fqdn/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-psk-fqdn/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-psk-fqdn/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-psk-fqdn/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-psk-fqdn/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-psk-fqdn/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-psk-fqdn/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-psk-fqdn/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-psk-ipv4/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-psk-ipv4/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-psk-ipv4/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-psk-ipv4/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-psk-ipv4/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-psk-ipv4/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-psk-ipv4/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-psk-ipv4/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-psk-ipv4/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/virtual-ip-override/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/virtual-ip-override/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/virtual-ip-override/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/virtual-ip-override/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/virtual-ip-override/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/virtual-ip-override/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/virtual-ip-override/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/virtual-ip-override/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/virtual-ip-override/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/virtual-ip/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/virtual-ip/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/virtual-ip/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/virtual-ip/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/virtual-ip/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/virtual-ip/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2-stroke/virtual-ip/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/virtual-ip/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2-stroke/virtual-ip/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/acert-cached/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/acert-cached/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/acert-cached/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/acert-cached/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/acert-cached/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/acert-cached/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/acert-cached/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/acert-cached/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/acert-cached/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 acert revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 acert revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/acert-fallback/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/acert-fallback/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/acert-fallback/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 gmp curve25519 x509 curl revocation hmac kernel-netlink socket-default vici -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp curve25519 x509 curl revocation hmac kdf kernel-netlink socket-default vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/acert-fallback/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/acert-fallback/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/acert-fallback/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 gmp curve25519 x509 acert curl revocation hmac kernel-netlink socket-default vici -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp curve25519 x509 acert curl revocation hmac kdf kernel-netlink socket-default vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/acert-inline/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/acert-inline/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/acert-inline/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/acert-inline/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/acert-inline/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/acert-inline/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/acert-inline/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/acert-inline/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/acert-inline/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 acert revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 acert revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/compress-nat/hosts/alice/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/compress-nat/hosts/alice/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/compress-nat/hosts/alice/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/compress-nat/hosts/bob/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/compress-nat/hosts/bob/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/compress-nat/hosts/bob/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/compress-nat/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/compress-nat/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/compress-nat/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/critical-extension/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/critical-extension/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/critical-extension/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - - multiple_authentication = no - -Index: strongswan-5.9.5/testing/tests/ikev2/critical-extension/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/critical-extension/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/critical-extension/hosts/sun/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - - multiple_authentication = no - } -\ No newline at end of file -Index: strongswan-5.9.5/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf kernel-netlink socket-default vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf kernel-netlink socket-default vici - - cache_crls = yes - } -Index: strongswan-5.9.5/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 ldap revocation hmac kernel-netlink socket-default vici -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 ldap revocation hmac kdf kernel-netlink socket-default vici - - cache_crls = yes - } -Index: strongswan-5.9.5/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 ldap revocation hmac kernel-netlink socket-default vici -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 ldap revocation hmac kdf kernel-netlink socket-default vici - - cache_crls = yes - } -Index: strongswan-5.9.5/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf kernel-netlink socket-default vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf kernel-netlink socket-default vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf kernel-netlink socket-default vici - - cache_crls = yes - } -Index: strongswan-5.9.5/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf kernel-netlink socket-default vici - - cache_crls = yes - } -Index: strongswan-5.9.5/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici -+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici -+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown attr farp dhcp -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown attr farp dhcp - - plugins { - dhcp { -Index: strongswan-5.9.5/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici -+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici -+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown attr farp dhcp -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown attr farp dhcp - - plugins { - dhcp { -Index: strongswan-5.9.5/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici -+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici -+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown attr farp dhcp -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown attr farp dhcp - - plugins { - dhcp { -Index: strongswan-5.9.5/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2/dpd-trap/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/dpd-trap/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/dpd-trap/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2/dpd-trap/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/dpd-trap/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/dpd-trap/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2/dynamic-initiator/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/dynamic-initiator/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/dynamic-initiator/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/dynamic-initiator/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/dynamic-initiator/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/dynamic-initiator/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici resolve -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici resolve - } -Index: strongswan-5.9.5/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici resolve -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici resolve - } -Index: strongswan-5.9.5/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici attr farp -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici attr farp - dns1 = PH_IP_WINNETOU - dns2 = PH_IP_VENUS - } -Index: strongswan-5.9.5/testing/tests/ikev2/force-udp-encap/hosts/alice/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/force-udp-encap/hosts/alice/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/force-udp-encap/hosts/alice/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/force-udp-encap/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/force-udp-encap/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/force-udp-encap/hosts/sun/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/forecast/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/forecast/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/forecast/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown resolve -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown resolve - } -Index: strongswan-5.9.5/testing/tests/ikev2/forecast/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/forecast/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/forecast/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown resolve -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown resolve - } -Index: strongswan-5.9.5/testing/tests/ikev2/forecast/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/forecast/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/forecast/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown attr forecast -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown attr forecast - - syslog { - daemon { -Index: strongswan-5.9.5/testing/tests/ikev2/host2host-ah/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/host2host-ah/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/host2host-ah/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation xcbc gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation xcbc gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/host2host-ah/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/host2host-ah/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/host2host-ah/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation xcbc gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation xcbc gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/host2host-transport-connmark/hosts/alice/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/host2host-transport-connmark/hosts/alice/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/host2host-transport-connmark/hosts/alice/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/host2host-transport-connmark/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/host2host-transport-connmark/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/host2host-transport-connmark/hosts/sun/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default connmark -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default connmark - } -Index: strongswan-5.9.5/testing/tests/ikev2/host2host-transport-connmark/hosts/venus/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/host2host-transport-connmark/hosts/venus/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/host2host-transport-connmark/hosts/venus/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/host2host-transport-nat/hosts/alice/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/host2host-transport-nat/hosts/alice/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/host2host-transport-nat/hosts/alice/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/host2host-transport-nat/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/host2host-transport-nat/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/host2host-transport-nat/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/host2host-transport-nat/hosts/venus/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/host2host-transport-nat/hosts/venus/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/host2host-transport-nat/hosts/venus/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown sqlite attr-sql vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown sqlite attr-sql vici - - plugins { - attr-sql { -Index: strongswan-5.9.5/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default sqlite attr-sql vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default sqlite attr-sql vici - - plugins { - attr-sql { -Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici resolve -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici resolve - } -Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici resolve -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici resolve - } -Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici resolve -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici resolve - } -Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl sqlite attr-sql kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl sqlite attr-sql kernel-netlink socket-default updown vici - - plugins { - attr-sql { -Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici resolve -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici resolve - } -Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl sqlite attr-sql kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl sqlite attr-sql kernel-netlink socket-default updown vici - - plugins { - attr-sql { -Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default vici sqlite attr-sql -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default vici sqlite attr-sql - - plugins { - attr-sql { -Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-v4v6/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools-v4v6/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-v4v6/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-v4v6/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools-v4v6/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-v4v6/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/lookip/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/lookip/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/lookip/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/lookip/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/lookip/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/lookip/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/lookip/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/lookip/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/lookip/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl vici kernel-netlink socket-default updown lookip -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl vici kernel-netlink socket-default updown lookip - } -Index: strongswan-5.9.5/testing/tests/ikev2/mobike-nat-mappings/hosts/alice/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/mobike-nat-mappings/hosts/alice/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/mobike-nat-mappings/hosts/alice/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici -+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/mobike-nat-mappings/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/mobike-nat-mappings/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/mobike-nat-mappings/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici -+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/mobike-virtual-ip-nat/hosts/alice/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/mobike-virtual-ip-nat/hosts/alice/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/mobike-virtual-ip-nat/hosts/alice/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici -+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici - prefer_best_path = yes - - syslog { -Index: strongswan-5.9.5/testing/tests/ikev2/mobike-virtual-ip-nat/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/mobike-virtual-ip-nat/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/mobike-virtual-ip-nat/hosts/sun/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici -+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici - - syslog { - daemon { -Index: strongswan-5.9.5/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici -+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici -+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici -+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici -+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc vici kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf xcbc vici kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc vici kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf xcbc vici kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc vici kernel-netlink socket-default fips-prf eap-radius eap-identity updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf xcbc vici kernel-netlink socket-default fips-prf eap-radius eap-identity updown - - plugins { - eap-radius { -Index: strongswan-5.9.5/testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - syslog { - daemon { - knl = 2 -Index: strongswan-5.9.5/testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - - keep_alive = 5 - } -Index: strongswan-5.9.5/testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - - keep_alive = 5 - } -Index: strongswan-5.9.5/testing/tests/ikev2/nat-rw/hosts/alice/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/nat-rw/hosts/alice/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/nat-rw/hosts/alice/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - - keep_alive = 5 - } -Index: strongswan-5.9.5/testing/tests/ikev2/nat-rw/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/nat-rw/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/nat-rw/hosts/sun/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/nat-rw/hosts/venus/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/nat-rw/hosts/venus/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/nat-rw/hosts/venus/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - - keep_alive = 5 - } -Index: strongswan-5.9.5/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-ah/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-ah/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-ah/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-ah/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-ah/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-ah/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-cert-sha2/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-cert-sha2/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-cert-sha2/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-cert-sha2/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-cert-sha2/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-cert-sha2/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-childless/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-childless/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-childless/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-childless/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-childless/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-childless/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-dnscert/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-dnscert/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-dnscert/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac curve25519 gmp dnskey pem pkcs1 pubkey unbound dnscert x509 curl kernel-netlink socket-default vici updown -+ load = random nonce aes sha1 sha2 hmac kdf curve25519 gmp dnskey pem pkcs1 pubkey unbound dnscert x509 curl kernel-netlink socket-default vici updown - - plugins { - dnscert { -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-dnscert/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-dnscert/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-dnscert/hosts/sun/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac curve25519 gmp dnskey pem pkcs1 pubkey unbound dnscert x509 curl kernel-netlink socket-default vici updown -+ load = random nonce aes sha1 sha2 hmac kdf curve25519 gmp dnskey pem pkcs1 pubkey unbound dnscert x509 curl kernel-netlink socket-default vici updown - - plugins { - dnscert { -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-dnssec/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-dnssec/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-dnssec/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac curve25519 gmp dnskey pem pkcs1 pubkey unbound ipseckey curl kernel-netlink socket-default vici updown -+ load = random nonce aes sha1 sha2 hmac kdf curve25519 gmp dnskey pem pkcs1 pubkey unbound ipseckey curl kernel-netlink socket-default vici updown - - plugins { - ipseckey { -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-dnssec/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-dnssec/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-dnssec/hosts/sun/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac curve25519 gmp dnskey pem pkcs1 pubkey unbound ipseckey curl kernel-netlink socket-default vici updown -+ load = random nonce aes sha1 sha2 hmac kdf curve25519 gmp dnskey pem pkcs1 pubkey unbound ipseckey curl kernel-netlink socket-default vici updown - - plugins { - ipseckey { -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-ed25519/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-ed25519/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-ed25519/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-ed25519/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-ed25519/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-ed25519/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-gw/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-gw/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-gw/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-gw/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-gw/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-gw/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-gw/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-gw/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-gw/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-multicast/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-multicast/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-multicast/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kernel-netlink socket-default forecast vici -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf kernel-netlink socket-default forecast vici - - multiple_authentication = no - -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-multicast/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-multicast/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-multicast/hosts/sun/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kernel-netlink socket-default forecast vici -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf kernel-netlink socket-default forecast vici - - multiple_authentication = no - -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random drbg nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl mgf1 ntru revocation hmac vici kernel-netlink socket-default updown -+ load = random drbg nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl mgf1 ntru revocation hmac kdf vici kernel-netlink socket-default updown - - multiple_authentication = no - send_vendor_id = yes -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random drbg nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl mgf1 ntru revocation hmac vici kernel-netlink socket-default updown -+ load = random drbg nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl mgf1 ntru revocation hmac kdf vici kernel-netlink socket-default updown - - multiple_authentication = no - send_vendor_id = yes -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf -@@ -1,9 +1,9 @@ - # /etc/strongswan.conf - strongSwan configuration file - - swanctl { -- load = random aes sha1 sha2 hmac pem pkcs1 pkcs7 pkcs8 pkcs12 gmp x509 revocation constraints -+ load = random aes sha1 sha2 hmac kdf pem pkcs1 pkcs7 pkcs8 pkcs12 gmp x509 revocation constraints - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 gmp x509 revocation curve25519 curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 gmp x509 revocation curve25519 curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/strongswan.conf -@@ -1,9 +1,9 @@ - # /etc/strongswan.conf - strongSwan configuration file - - swanctl { -- load = random aes sha1 sha2 hmac pem pkcs1 pkcs7 pkcs8 pkcs12 gmp x509 revocation constraints -+ load = random aes sha1 sha2 hmac kdf pem pkcs1 pkcs7 pkcs8 pkcs12 gmp x509 revocation constraints - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 gmp x509 revocation curve25519 curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 gmp x509 revocation curve25519 curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 curve25519 hmac curl vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 curve25519 hmac kdf curl vici kernel-netlink socket-default updown - syslog { - daemon { - knl = 2 -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 curve25519 hmac curl vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 curve25519 hmac kdf curl vici kernel-netlink socket-default updown - multiple_authentication = no - syslog { - daemon { -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - # remove rekeyed inbound SA a bit quicker for the test scenario - delete_rekeyed_delay = 2 - syslog { -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-rekey/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-rekey/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-rekey/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation addrblock curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation addrblock curve25519 gmp curl kernel-netlink socket-default updown vici - syslog { - daemon { - cfg = 2 -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation addrblock curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation addrblock curve25519 gmp curl kernel-netlink socket-default updown vici - syslog { - daemon { - cfg = 2 -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-sha3-rsa-cert/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-sha3-rsa-cert/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-sha3-rsa-cert/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce sha1 sha2 sha3 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-sha3-rsa-cert/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-sha3-rsa-cert/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-sha3-rsa-cert/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce sha1 sha2 sha3 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-disabled/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-disabled/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ocsp-disabled/hosts/carol/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - - plugins { - revocation { -Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-disabled/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-disabled/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ocsp-disabled/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - - plugins { - revocation { -Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf kernel-netlink socket-default vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf kernel-netlink socket-default vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf kernel-netlink socket-default vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf kernel-netlink socket-default vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 gmp curve25519 x509 curl revocation hmac kernel-netlink socket-default vici -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp curve25519 x509 curl revocation hmac kdf kernel-netlink socket-default vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 gmp curve25519 x509 curl revocation hmac kernel-netlink socket-default vici -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp curve25519 x509 curl revocation hmac kdf kernel-netlink socket-default vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - } -Index: strongswan-5.9.5/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/protoport-range/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/protoport-range/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/protoport-range/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/protoport-range/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/protoport-range/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/protoport-range/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/protoport-trap/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/protoport-trap/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/protoport-trap/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/protoport-trap/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/protoport-trap/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/protoport-trap/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown md5 eap-tls -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown md5 eap-tls - } -Index: strongswan-5.9.5/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown md5 eap-tls -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown md5 eap-tls - } -Index: strongswan-5.9.5/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/reauth-mbb-revoked/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/reauth-mbb-revoked/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/reauth-mbb-revoked/hosts/carol/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici - - make_before_break = yes - } -Index: strongswan-5.9.5/testing/tests/ikev2/reauth-mbb-revoked/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/reauth-mbb-revoked/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/reauth-mbb-revoked/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/carol/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici - - make_before_break = yes - } -Index: strongswan-5.9.5/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/reauth-mbb/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/reauth-mbb/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/reauth-mbb/hosts/carol/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici - - make_before_break = yes - } -Index: strongswan-5.9.5/testing/tests/ikev2/reauth-mbb/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/reauth-mbb/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/reauth-mbb/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/redirect-active/hosts/alice/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/redirect-active/hosts/alice/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/redirect-active/hosts/alice/etc/strongswan.conf -@@ -1,6 +1,6 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown vici - } - -Index: strongswan-5.9.5/testing/tests/ikev2/redirect-active/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/redirect-active/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/redirect-active/hosts/carol/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - syslog { - daemon { - knl = 2 -Index: strongswan-5.9.5/testing/tests/ikev2/redirect-active/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/redirect-active/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/redirect-active/hosts/dave/etc/strongswan.conf -@@ -1,6 +1,6 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } - -Index: strongswan-5.9.5/testing/tests/ikev2/redirect-active/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/redirect-active/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/redirect-active/hosts/moon/etc/strongswan.conf -@@ -1,6 +1,6 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } - -Index: strongswan-5.9.5/testing/tests/ikev2/rw-cert-ppk/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-cert-ppk/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-cert-ppk/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-cert-ppk/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-cert-ppk/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-cert-ppk/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-cert-ppk/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-cert-ppk/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-cert-ppk/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-cert-pss/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-cert-pss/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-cert-pss/hosts/carol/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 mgf1 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce sha1 sha2 mgf1 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici - - syslog { - daemon { -Index: strongswan-5.9.5/testing/tests/ikev2/rw-cert-pss/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-cert-pss/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-cert-pss/hosts/dave/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 mgf1 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce sha1 sha2 mgf1 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici - - syslog { - daemon { -Index: strongswan-5.9.5/testing/tests/ikev2/rw-cert-pss/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-cert-pss/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-cert-pss/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 mgf1 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce sha1 sha2 mgf1 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici - - rsa_pss = yes - -Index: strongswan-5.9.5/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac xcbc ctr ccm gcm vici kernel-netlink socket-default updown -+ load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac xcbc ctr ccm gcm vici kernel-netlink socket-default updown -+ load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random drbg nonce test-vectors aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac xcbc ctr ccm gcm vici kernel-netlink socket-default updown -+ load = random drbg nonce test-vectors aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown - - integrity_test = yes - -Index: strongswan-5.9.5/testing/tests/ikev2/rw-dnssec/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-dnssec/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-dnssec/hosts/carol/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp dnskey pubkey unbound ipseckey hmac vici kernel-netlink socket-default updown resolve -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp dnskey pubkey unbound ipseckey hmac kdf vici kernel-netlink socket-default updown resolve - - plugins { - ipseckey { -Index: strongswan-5.9.5/testing/tests/ikev2/rw-dnssec/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-dnssec/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-dnssec/hosts/dave/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp dnskey pubkey unbound ipseckey hmac vici kernel-netlink socket-default updown resolve -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp dnskey pubkey unbound ipseckey hmac kdf vici kernel-netlink socket-default updown resolve - - plugins { - ipseckey { -Index: strongswan-5.9.5/testing/tests/ikev2/rw-dnssec/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-dnssec/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-dnssec/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 dnskey pubkey unbound ipseckey curve25519 gmp hmac vici kernel-netlink socket-default updown attr -+ load = random nonce aes sha1 sha2 pem pkcs1 dnskey pubkey unbound ipseckey curve25519 gmp hmac kdf vici kernel-netlink socket-default updown attr - - dns1 = PH_IP_WINNETOU - dns2 = PH_IP_VENUS -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-aka eap-aka-3gpp2 updown -+ load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-aka eap-aka-3gpp2 updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-aka eap-aka-3gpp2 updown -+ load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-aka eap-aka-3gpp2 updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-aka eap-aka-3gpp2 updown -+ load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-aka eap-aka-3gpp2 updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-aka eap-aka-3gpp2 updown -+ load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-aka eap-aka-3gpp2 updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-aka-sql-rsa/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-aka-sql-rsa/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-aka-sql-rsa/hosts/carol/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default sqlite fips-prf eap-aka eap-simaka-sql updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default sqlite fips-prf eap-aka eap-simaka-sql updown - - plugins { - eap-simaka-sql { -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-aka-sql-rsa/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-aka-sql-rsa/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-aka-sql-rsa/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default sqlite fips-prf eap-aka eap-simaka-sql updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default sqlite fips-prf eap-aka eap-simaka-sql updown - - plugins { - eap-simaka-sql { -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-dynamic/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-dynamic/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-dynamic/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-md5 updown -+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-md5 updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-dynamic/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-dynamic/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-dynamic/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes md5 sha1 sha2 mgf1 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-tls updown -+ load = random nonce aes md5 sha1 sha2 mgf1 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-tls updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-dynamic/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-dynamic/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-dynamic/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 mgf1 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-md5 eap-tls eap-dynamic updown -+ load = random nonce aes sha1 sha2 md5 mgf1 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-md5 eap-tls eap-dynamic updown - - plugins { - eap-dynamic { -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown -+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 eap updown -+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 eap updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-radius updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-radius updown - - plugins { - eap-radius { -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown -+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown -+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-radius updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-radius updown - - plugins { - eap-radius { -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown -+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-radius updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-radius updown - - plugins { - eap-radius { -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-rsa-ppk/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-id-rsa-ppk/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-rsa-ppk/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown -+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-rsa-ppk/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-id-rsa-ppk/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-rsa-ppk/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown -+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-rsa-ppk/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-id-rsa-ppk/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-rsa-ppk/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown -+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-rsa/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-id-rsa/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-rsa/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown -+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-rsa/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-id-rsa/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-rsa/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown -+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-md5 updown -+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-md5 updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-radius updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-radius updown - - plugins { - eap-radius { -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-md5 updown -+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-md5 updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-md5 updown -+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-md5 updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes des md4 sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-mschapv2 updown -+ load = random nonce aes des md4 sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-mschapv2 updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes des md4 sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-mschapv2 updown -+ load = random nonce aes des md4 sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-mschapv2 updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown -+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown - - multiple_authentication=no - syslog { -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown -+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown - - multiple_authentication=no - syslog { -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown -+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown - - multiple_authentication=no - syslog { -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes des md4 md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown -+ load = random nonce aes des md4 md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown - - multiple_authentication=no - syslog { -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes des md4 md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown -+ load = random nonce aes des md4 md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown - - multiple_authentication=no - syslog { -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes des md4 md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown -+ load = random nonce aes des md4 md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown - - multiple_authentication=no - syslog { -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown -+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown -+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-radius updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-radius updown - - plugins { - eap-radius { -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-sim eap-sim-file updown -+ load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-sim eap-sim-file updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-radius updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-radius updown - - plugins { - eap-radius { -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-sim eap-sim-file updown -+ load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-sim eap-sim-file updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-sim eap-sim-file updown -+ load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-sim eap-sim-file updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-radius updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-radius updown - - plugins { - eap-radius { -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-sim eap-sim-file updown -+ load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-sim eap-sim-file updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-sim eap-sim-file updown -+ load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-sim eap-sim-file updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-radius updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-radius updown - - plugins { - eap-radius { -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-sim eap-sim-file updown -+ load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-sim eap-sim-file updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-sim eap-sim-file updown -+ load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-sim eap-sim-file updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-tls updown -+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-tls updown - - multiple_authentication=no - syslog { -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-tls updown -+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-tls updown - - multiple_authentication=no - syslog { -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-tls updown -+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-tls updown - - multiple_authentication=no - syslog { -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-tls updown -+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-tls updown - - multiple_authentication=no - syslog { -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-tls updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-tls updown - - multiple_authentication = no - syslog { -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-radius updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-radius updown - - plugins { - eap-radius { -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-sha3-rsa/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-tls-sha3-rsa/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-sha3-rsa/hosts/carol/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 mgf1 gmp curl eap-tls kernel-netlink socket-default updown vici -+ load = random nonce md5 sha1 sha2 sha3 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 mgf1 gmp curl eap-tls kernel-netlink socket-default updown vici - } - - libtls { -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-sha3-rsa/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-tls-sha3-rsa/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-sha3-rsa/hosts/dave/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 mgf1 gmp curl eap-tls kernel-netlink socket-default updown vici -+ load = random nonce md5 sha1 sha2 sha3 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 mgf1 gmp curl eap-tls kernel-netlink socket-default updown vici - } - - libtls { -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-sha3-rsa/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-tls-sha3-rsa/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-sha3-rsa/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 mgf1 gmp curl eap-tls kernel-netlink socket-default updown vici -+ load = random nonce md5 sha1 sha2 sha3 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 mgf1 gmp curl eap-tls kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown -+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown - - multiple_authentication=no - syslog { -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown -+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown - - multiple_authentication=no - syslog { -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown -+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown - - multiple_authentication=no - syslog { -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown -+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown -+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-radius updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-radius updown - - plugins { - eap-radius { -Index: strongswan-5.9.5/testing/tests/ikev2/rw-ed25519-certpol/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-ed25519-certpol/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-ed25519-certpol/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 aes hmac pem pkcs1 pkcs8 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 pkcs8 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-ed25519-certpol/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-ed25519-certpol/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-ed25519-certpol/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 aes hmac pem pkcs1 pkcs8 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 pkcs8 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-ed25519-certpol/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-ed25519-certpol/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-ed25519-certpol/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 aes hmac pem pkcs1 pkcs8 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 pkcs8 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici - syslog { - daemon { - default = 1 } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - - hash_and_url = yes - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - - hash_and_url = yes - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - - hash_and_url = yes - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-initiator-only/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-initiator-only/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-initiator-only/hosts/carol/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - - initiator_only = yes - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-initiator-only/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-initiator-only/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-initiator-only/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-initiator-only/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-initiator-only/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-initiator-only/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - syslog { - daemon { - knl = 2 -Index: strongswan-5.9.5/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici -+ load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac kdf pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici - - send_vendor_id = yes - fragment_size = 1500 -Index: strongswan-5.9.5/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation pubkey gmp curl kernel-netlink socket-default updown vici -+ load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac kdf pem pkcs1 x509 revocation pubkey gmp curl kernel-netlink socket-default updown vici - - send_vendor_id = yes - fragment_size = 1500 -Index: strongswan-5.9.5/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici -+ load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac kdf pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici - - send_vendor_id = yes - fragment_size = 1500 -Index: strongswan-5.9.5/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random drbg nonce aes sha1 sha2 sha3 hmac mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown -+ load = random drbg nonce aes sha1 sha2 sha3 hmac kdf mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown - - send_vendor_id = yes - fragment_size = 1500 -Index: strongswan-5.9.5/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random drbg nonce aes sha1 sha2 sha3 hmac mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown -+ load = random drbg nonce aes sha1 sha2 sha3 hmac kdf mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown - - send_vendor_id = yes - fragment_size = 1500 -Index: strongswan-5.9.5/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random drbg nonce aes sha1 sha2 sha3 hmac mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown -+ load = random drbg nonce aes sha1 sha2 sha3 hmac kdf mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown - - send_vendor_id = yes - fragment_size = 1500 -Index: strongswan-5.9.5/testing/tests/ikev2/rw-ntru-psk/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-ntru-psk/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-ntru-psk/hosts/carol/etc/strongswan.conf -@@ -5,6 +5,6 @@ swanctl { - } - - charon-systemd { -- load = random drbg nonce aes sha1 sha2 mgf1 ntru hmac vici kernel-netlink socket-default updown -+ load = random drbg nonce aes sha1 sha2 mgf1 ntru hmac kdf vici kernel-netlink socket-default updown - send_vendor_id = yes - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-ntru-psk/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-ntru-psk/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-ntru-psk/hosts/dave/etc/strongswan.conf -@@ -5,6 +5,6 @@ swanctl { - } - - charon-systemd { -- load = random drbg nonce aes sha1 sha2 mgf1 ntru hmac vici kernel-netlink socket-default updown -+ load = random drbg nonce aes sha1 sha2 mgf1 ntru hmac kdf vici kernel-netlink socket-default updown - send_vendor_id = yes - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-ntru-psk/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-ntru-psk/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-ntru-psk/hosts/moon/etc/strongswan.conf -@@ -5,6 +5,6 @@ swanctl { - } - - charon-systemd { -- load = random drbg nonce aes sha1 sha2 mgf1 ntru hmac vici kernel-netlink socket-default updown -+ load = random drbg nonce aes sha1 sha2 mgf1 ntru hmac kdf vici kernel-netlink socket-default updown - send_vendor_id = yes - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 gmp x509 revocation curve25519 curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 gmp x509 revocation curve25519 curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 gmp x509 revocation curve25519 curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 gmp x509 revocation curve25519 curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 gmp x509 revocation curve25519 curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 pkcs8 gmp x509 revocation curve25519 curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 hmac curve25519 kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 md5 hmac kdf curve25519 kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-ppk/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-ppk/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-ppk/hosts/carol/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici - syslog { - daemon { - ike = 4 -Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-ppk/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-ppk/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-ppk/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-ppk/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-ppk/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-ppk/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown -+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-radius updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-radius updown - - plugins { - eap-radius { -Index: strongswan-5.9.5/testing/tests/ikev2/rw-sig-auth/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-sig-auth/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-sig-auth/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-sig-auth/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-sig-auth/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-sig-auth/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-sig-auth/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-sig-auth/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-sig-auth/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 mgf1 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce sha1 sha2 mgf1 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 mgf1 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce sha1 sha2 mgf1 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 mgf1 aes hmac pem pkcs1 x509 revocation constraints whitelist pubkey curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce sha1 sha2 mgf1 aes hmac kdf pem pkcs1 x509 revocation constraints whitelist pubkey curve25519 gmp curl kernel-netlink socket-default updown vici - - plugins { - whitelist { -Index: strongswan-5.9.5/testing/tests/ikev2/shunt-manual-prio/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/shunt-manual-prio/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/shunt-manual-prio/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/shunt-manual-prio/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/shunt-manual-prio/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/shunt-manual-prio/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/shunt-manual-prio/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/shunt-manual-prio/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/shunt-manual-prio/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - - keep_alive = 5 - } -Index: strongswan-5.9.5/testing/tests/ikev2/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - - keep_alive = 5 - } -Index: strongswan-5.9.5/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac xcbc ctr ccm gcm vici kernel-netlink socket-default updown -+ load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ikev2/trap-any/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/trap-any/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/trap-any/hosts/carol/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - syslog { - daemon { - knl = 2 -Index: strongswan-5.9.5/testing/tests/ikev2/trap-any/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/trap-any/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/trap-any/hosts/dave/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - syslog { - daemon { - knl = 2 -Index: strongswan-5.9.5/testing/tests/ikev2/trap-any/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/trap-any/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/trap-any/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - syslog { - daemon { - knl = 2 -Index: strongswan-5.9.5/testing/tests/ikev2/trap-any/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/trap-any/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/trap-any/hosts/sun/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - syslog { - daemon { - knl = 2 -Index: strongswan-5.9.5/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf kernel-netlink socket-default vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf kernel-netlink socket-default vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default vici -+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default vici -+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default vici - } -Index: strongswan-5.9.5/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/ipv6-stroke/host2host-ikev1/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/host2host-ikev1/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6-stroke/host2host-ikev1/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6-stroke/host2host-ikev1/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/host2host-ikev1/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6-stroke/host2host-ikev1/hosts/sun/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6-stroke/host2host-ikev2/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/host2host-ikev2/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6-stroke/host2host-ikev2/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6-stroke/host2host-ikev2/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/host2host-ikev2/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6-stroke/host2host-ikev2/hosts/sun/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ikev1/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/net2net-ikev1/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ikev1/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - - fragment_size = 1400 - } -Index: strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ikev1/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/net2net-ikev1/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ikev1/hosts/sun/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - - fragment_size = 1400 - } -Index: strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ikev2/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/net2net-ikev2/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ikev2/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - - fragment_size = 1400 - } -Index: strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ikev2/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/net2net-ikev2/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ikev2/hosts/sun/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - - fragment_size = 1400 - } -Index: strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - - fragment_size = 1400 - } -Index: strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - - fragment_size = 1400 - } -Index: strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - - fragment_size = 1400 - } -Index: strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - - fragment_size = 1400 - } -Index: strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - install_routes = no - fragment_size = 1400 - } -Index: strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - install_routes=no - fragment_size = 1400 - } -Index: strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf -@@ -1,6 +1,6 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - install_routes = no - } -Index: strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf -@@ -1,6 +1,6 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - install_routes=no - } -Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ikev1/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-ikev1/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ikev1/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ikev1/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-ikev1/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ikev1/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ikev1/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-ikev1/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ikev1/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ikev2/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-ikev2/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ikev2/hosts/carol/etc/strongswan.conf -@@ -2,5 +2,5 @@ - - charon { - hash_and_url = yes -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ikev2/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-ikev2/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ikev2/hosts/dave/etc/strongswan.conf -@@ -2,5 +2,5 @@ - - charon { - hash_and_url = yes -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ikev2/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-ikev2/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ikev2/hosts/moon/etc/strongswan.conf -@@ -2,5 +2,5 @@ - - charon { - hash_and_url = yes -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf -@@ -2,5 +2,5 @@ - - charon { - hash_and_url = yes -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf -@@ -2,5 +2,5 @@ - - charon { - hash_and_url = yes -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf -@@ -2,5 +2,5 @@ - - charon { - hash_and_url = yes -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6-stroke/transport-ikev1/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/transport-ikev1/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6-stroke/transport-ikev1/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6-stroke/transport-ikev1/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/transport-ikev1/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6-stroke/transport-ikev1/hosts/sun/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6-stroke/transport-ikev2/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/transport-ikev2/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6-stroke/transport-ikev2/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6-stroke/transport-ikev2/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/transport-ikev2/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6-stroke/transport-ikev2/hosts/sun/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/strongswan.conf -@@ -5,6 +5,6 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - fragment_size = 1400 - } -Index: strongswan-5.9.5/testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/strongswan.conf -@@ -5,6 +5,6 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - fragment_size = 1400 - } -Index: strongswan-5.9.5/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf -@@ -5,6 +5,6 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - fragment_size = 1400 - } -Index: strongswan-5.9.5/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf -@@ -5,6 +5,6 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - fragment_size = 1400 - } -Index: strongswan-5.9.5/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf -@@ -5,6 +5,6 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - fragment_size = 1400 - } -Index: strongswan-5.9.5/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf -@@ -5,6 +5,6 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - fragment_size = 1400 - } -Index: strongswan-5.9.5/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf -@@ -5,6 +5,6 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - fragment_size = 1400 - } -Index: strongswan-5.9.5/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf -@@ -5,6 +5,6 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - fragment_size = 1400 - } -Index: strongswan-5.9.5/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - fragment_size = 1400 - install_routes = no - } -Index: strongswan-5.9.5/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - fragment_size = 1400 - install_routes = no - } -Index: strongswan-5.9.5/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - fragment_size = 1400 - install_routes = no - } -Index: strongswan-5.9.5/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - fragment_size = 1400 - install_routes = no - } -Index: strongswan-5.9.5/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6/rw-ikev1/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/rw-ikev1/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/rw-ikev1/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6/rw-ikev1/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/rw-ikev1/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/rw-ikev1/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6/rw-ikev1/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/rw-ikev1/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/rw-ikev1/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 curve25519 hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 curve25519 hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 curve25519 hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 curve25519 hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 curve25519 hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 curve25519 hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 curve25519 hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 curve25519 hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 curve25519 hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 curve25519 hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 curve25519 hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 curve25519 hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6/transport-ikev1/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/transport-ikev1/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/transport-ikev1/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6/transport-ikev1/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/transport-ikev1/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/transport-ikev1/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/libipsec/host2host-cert/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/libipsec/host2host-cert/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/libipsec/host2host-cert/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-libipsec kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-libipsec kernel-netlink socket-default updown - - multiple_authentication = no - -Index: strongswan-5.9.5/testing/tests/libipsec/host2host-cert/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/libipsec/host2host-cert/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/libipsec/host2host-cert/hosts/sun/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-libipsec kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-libipsec kernel-netlink socket-default updown - - multiple_authentication = no - -Index: strongswan-5.9.5/testing/tests/libipsec/net2net-3des/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/libipsec/net2net-3des/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/libipsec/net2net-3des/hosts/moon/etc/strongswan.conf -@@ -5,6 +5,6 @@ swanctl { - } - - charon-systemd { -- load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-libipsec kernel-netlink socket-default updown -+ load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-libipsec kernel-netlink socket-default updown - multiple_authentication = no - } -Index: strongswan-5.9.5/testing/tests/libipsec/net2net-3des/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/libipsec/net2net-3des/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/libipsec/net2net-3des/hosts/sun/etc/strongswan.conf -@@ -5,6 +5,6 @@ swanctl { - } - - charon-systemd { -- load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-libipsec kernel-netlink socket-default updown -+ load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-libipsec kernel-netlink socket-default updown - multiple_authentication = no - } -Index: strongswan-5.9.5/testing/tests/libipsec/net2net-cert/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/libipsec/net2net-cert/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/libipsec/net2net-cert/hosts/moon/etc/strongswan.conf -@@ -5,6 +5,6 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 gcm pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-libipsec kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 gcm pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-libipsec kernel-netlink socket-default updown - multiple_authentication = no - } -Index: strongswan-5.9.5/testing/tests/libipsec/net2net-cert/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/libipsec/net2net-cert/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/libipsec/net2net-cert/hosts/sun/etc/strongswan.conf -@@ -5,6 +5,6 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 gcm pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-libipsec kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 gcm pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-libipsec kernel-netlink socket-default updown - multiple_authentication = no - } -Index: strongswan-5.9.5/testing/tests/openssl-ikev1/alg-ecp-high/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/openssl-ikev1/alg-ecp-high/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/openssl-ikev1/alg-ecp-high/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 gmp pem pkcs1 hmac x509 openssl curl revocation vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 gmp pem pkcs1 hmac kdf x509 openssl curl revocation vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/openssl-ikev1/alg-ecp-low/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/openssl-ikev1/alg-ecp-low/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/openssl-ikev1/alg-ecp-low/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes des sha1 sha2 gmp pem pkcs1 hmac x509 openssl curl revocation vici kernel-netlink socket-default updown -+ load = random nonce aes des sha1 sha2 gmp pem pkcs1 hmac kdf x509 openssl curl revocation vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 gmp pem pkcs1 hmac x509 openssl curl revocation vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 gmp pem pkcs1 hmac kdf x509 openssl curl revocation vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/openssl-ikev2/alg-ecp-brainpool-low/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/openssl-ikev2/alg-ecp-brainpool-low/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/openssl-ikev2/alg-ecp-brainpool-low/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes des sha1 sha2 gmp pem pkcs1 hmac x509 openssl curl revocation vici kernel-netlink socket-default updown -+ load = random nonce aes des sha1 sha2 gmp pem pkcs1 hmac kdf x509 openssl curl revocation vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 gmp pem pkcs1 hmac x509 openssl curl revocation vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 gmp pem pkcs1 hmac kdf x509 openssl curl revocation vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes des sha1 sha2 gmp pem pkcs1 hmac x509 openssl curl revocation vici kernel-netlink socket-default updown -+ load = random nonce aes des sha1 sha2 gmp pem pkcs1 hmac kdf x509 openssl curl revocation vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm vici kernel-netlink socket-default updown -+ load = test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac kdf xcbc cmac ctr ccm gcm vici kernel-netlink socket-default updown - - integrity_test = yes - crypto_test { -Index: strongswan-5.9.5/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation xcbc stroke kernel-pfkey kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 md5 kdf pem pkcs1 gmp x509 curl revocation xcbc stroke kernel-pfkey kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation xcbc stroke kernel-pfkey kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 kdf pem pkcs1 gmp x509 curl revocation xcbc stroke kernel-pfkey kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/pfkey/compress/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/pfkey/compress/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/pfkey/compress/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/pfkey/compress/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/pfkey/compress/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/pfkey/compress/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/pfkey/nat-rw/hosts/alice/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/pfkey/nat-rw/hosts/alice/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/pfkey/nat-rw/hosts/alice/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/pfkey/nat-rw/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/pfkey/nat-rw/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/pfkey/nat-rw/hosts/sun/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/pfkey/nat-rw/hosts/venus/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/pfkey/nat-rw/hosts/venus/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/pfkey/nat-rw/hosts/venus/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown - # remove rekeyed inbound SA a bit quicker for the test scenario - delete_rekeyed_delay = 2 - syslog { -Index: strongswan-5.9.5/testing/tests/pfkey/net2net-rekey/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/pfkey/net2net-rekey/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/pfkey/net2net-rekey/hosts/sun/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce test-vectors aes des sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown -+ load = random nonce test-vectors aes des sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf xcbc stroke kernel-pfkey kernel-netlink socket-default updown - - integrity_test = yes - crypto_test { -Index: strongswan-5.9.5/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce test-vectors aes des sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown -+ load = random nonce test-vectors aes des sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf xcbc stroke kernel-pfkey kernel-netlink socket-default updown - - integrity_test = yes - crypto_test { -Index: strongswan-5.9.5/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce test-vectors aes des sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown -+ load = random nonce test-vectors aes des sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf xcbc stroke kernel-pfkey kernel-netlink socket-default updown - - integrity_test = yes - crypto_test { -Index: strongswan-5.9.5/testing/tests/pfkey/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/pfkey/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/pfkey/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown - - keep_alive = 5 - } -Index: strongswan-5.9.5/testing/tests/pfkey/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/pfkey/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/pfkey/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf -@@ -1,5 +1,5 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/pfkey/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/pfkey/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/pfkey/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown - - keep_alive = 5 - } -Index: strongswan-5.9.5/testing/tests/route-based/net2net-gre/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/route-based/net2net-gre/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/route-based/net2net-gre/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } - - charon { -Index: strongswan-5.9.5/testing/tests/route-based/net2net-gre/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/route-based/net2net-gre/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/route-based/net2net-gre/hosts/sun/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } - - charon { -Index: strongswan-5.9.5/testing/tests/route-based/net2net-vti/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/route-based/net2net-vti/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/route-based/net2net-vti/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } - - charon { -Index: strongswan-5.9.5/testing/tests/route-based/net2net-vti/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/route-based/net2net-vti/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/route-based/net2net-vti/hosts/sun/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } - - charon { -Index: strongswan-5.9.5/testing/tests/route-based/net2net-xfrmi-ike/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/route-based/net2net-xfrmi-ike/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/route-based/net2net-xfrmi-ike/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/route-based/net2net-xfrmi-ike/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/route-based/net2net-xfrmi-ike/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/route-based/net2net-xfrmi-ike/hosts/sun/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default - start-scripts { - updown = /usr/bin/python3 /etc/updown.py - } -Index: strongswan-5.9.5/testing/tests/route-based/net2net-xfrmi-netns/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/route-based/net2net-xfrmi-netns/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/route-based/net2net-xfrmi-netns/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/route-based/net2net-xfrmi-netns/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/route-based/net2net-xfrmi-netns/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/route-based/net2net-xfrmi-netns/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/route-based/net2net-xfrmi/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/route-based/net2net-xfrmi/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/route-based/net2net-xfrmi/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/route-based/net2net-xfrmi/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/route-based/net2net-xfrmi/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/route-based/net2net-xfrmi/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } - - charon { -Index: strongswan-5.9.5/testing/tests/route-based/rw-shared-vti/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/route-based/rw-shared-vti/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/route-based/rw-shared-vti/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/route-based/rw-shared-vti/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/route-based/rw-shared-vti/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/route-based/rw-shared-vti/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/route-based/rw-shared-vti/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/route-based/rw-shared-vti/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/route-based/rw-shared-vti/hosts/moon/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } - - charon { -Index: strongswan-5.9.5/testing/tests/route-based/rw-shared-xfrmi/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/route-based/rw-shared-xfrmi/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/route-based/rw-shared-xfrmi/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/route-based/rw-shared-xfrmi/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/route-based/rw-shared-xfrmi/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/route-based/rw-shared-xfrmi/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/route-based/rw-shared-xfrmi/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/route-based/rw-shared-xfrmi/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/route-based/rw-shared-xfrmi/hosts/moon/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown -+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/strongswan.conf -@@ -6,5 +6,5 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql - } -Index: strongswan-5.9.5/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/strongswan.conf -@@ -6,5 +6,5 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql - } -Index: strongswan-5.9.5/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql attr-sql -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql attr-sql - - plugins { - sql { -Index: strongswan-5.9.5/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/strongswan.conf -@@ -6,5 +6,5 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql - } -Index: strongswan-5.9.5/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/strongswan.conf -@@ -6,5 +6,5 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql - } -Index: strongswan-5.9.5/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql attr-sql -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql attr-sql - - plugins { - sql { -Index: strongswan-5.9.5/testing/tests/sql/ip-pool-db/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/ip-pool-db/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/ip-pool-db/hosts/carol/etc/strongswan.conf -@@ -6,5 +6,5 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql resolve -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql resolve - } -Index: strongswan-5.9.5/testing/tests/sql/ip-pool-db/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/ip-pool-db/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/ip-pool-db/hosts/dave/etc/strongswan.conf -@@ -6,5 +6,5 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql resolve -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql resolve - } -Index: strongswan-5.9.5/testing/tests/sql/ip-pool-db/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/ip-pool-db/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/ip-pool-db/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql attr-sql -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql attr-sql - - plugins { - sql { -Index: strongswan-5.9.5/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/strongswan.conf -@@ -6,5 +6,5 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql - } -Index: strongswan-5.9.5/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/strongswan.conf -@@ -6,5 +6,5 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql - } -Index: strongswan-5.9.5/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql attr-sql -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql attr-sql - - plugins { - sql { -Index: strongswan-5.9.5/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/strongswan.conf -@@ -6,5 +6,5 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql - } -Index: strongswan-5.9.5/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/strongswan.conf -@@ -6,5 +6,5 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql - } -Index: strongswan-5.9.5/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon { -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql attr-sql -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql attr-sql - - plugins { - sql { -Index: strongswan-5.9.5/testing/tests/sql/multi-level-ca/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/multi-level-ca/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/multi-level-ca/hosts/carol/etc/strongswan.conf -@@ -6,5 +6,5 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql - } -Index: strongswan-5.9.5/testing/tests/sql/multi-level-ca/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/multi-level-ca/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/multi-level-ca/hosts/dave/etc/strongswan.conf -@@ -6,5 +6,5 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql - } -Index: strongswan-5.9.5/testing/tests/sql/multi-level-ca/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/multi-level-ca/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/multi-level-ca/hosts/moon/etc/strongswan.conf -@@ -6,5 +6,5 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql - } -Index: strongswan-5.9.5/testing/tests/sql/net2net-cert/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/net2net-cert/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/net2net-cert/hosts/moon/etc/strongswan.conf -@@ -6,5 +6,5 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql - } -Index: strongswan-5.9.5/testing/tests/sql/net2net-cert/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/net2net-cert/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/net2net-cert/hosts/sun/etc/strongswan.conf -@@ -6,5 +6,5 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql - } -Index: strongswan-5.9.5/testing/tests/sql/net2net-psk/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/net2net-psk/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/net2net-psk/hosts/moon/etc/strongswan.conf -@@ -6,5 +6,5 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac vici kernel-netlink socket-default updown sqlite sql -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql - } -Index: strongswan-5.9.5/testing/tests/sql/net2net-psk/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/net2net-psk/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/net2net-psk/hosts/sun/etc/strongswan.conf -@@ -6,5 +6,5 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac vici kernel-netlink socket-default updown sqlite sql -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql - } -Index: strongswan-5.9.5/testing/tests/sql/net2net-route-pem/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/net2net-route-pem/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/net2net-route-pem/hosts/moon/etc/strongswan.conf -@@ -6,5 +6,5 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql - } -Index: strongswan-5.9.5/testing/tests/sql/net2net-route-pem/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/net2net-route-pem/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/net2net-route-pem/hosts/sun/etc/strongswan.conf -@@ -6,5 +6,5 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql - } -Index: strongswan-5.9.5/testing/tests/sql/net2net-start-pem/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/net2net-start-pem/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/net2net-start-pem/hosts/moon/etc/strongswan.conf -@@ -6,5 +6,5 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql - } -Index: strongswan-5.9.5/testing/tests/sql/net2net-start-pem/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/net2net-start-pem/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/net2net-start-pem/hosts/sun/etc/strongswan.conf -@@ -6,5 +6,5 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql - } -Index: strongswan-5.9.5/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf -@@ -6,7 +6,7 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = test-vectors random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql -+ load = test-vectors random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql - - integrity_test = yes - crypto_test { -Index: strongswan-5.9.5/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf -@@ -6,7 +6,7 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = test-vectors random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql -+ load = test-vectors random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql - - integrity_test = yes - crypto_test { -Index: strongswan-5.9.5/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf -@@ -6,7 +6,7 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = test-vectors random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql -+ load = test-vectors random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql - - integrity_test = yes - } -Index: strongswan-5.9.5/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf -@@ -6,5 +6,5 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 fips-prf pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql eap-aka eap-aka-3gpp2 -+ load = random nonce aes sha1 sha2 fips-prf pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql eap-aka eap-aka-3gpp2 - } -Index: strongswan-5.9.5/testing/tests/sql/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf -@@ -6,5 +6,5 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 fips-prf pem pkcs1 gmp x509 revocation hmac vici kernel-netlink socket-default updown sqlite sql eap-aka eap-aka-3gpp2 -+ load = random nonce aes sha1 sha2 fips-prf pem pkcs1 gmp x509 revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql eap-aka eap-aka-3gpp2 - } -Index: strongswan-5.9.5/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/strongswan.conf -@@ -6,5 +6,5 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac vici kernel-netlink socket-default updown sqlite sql -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql - } -Index: strongswan-5.9.5/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf -@@ -6,5 +6,5 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac vici kernel-netlink socket-default updown sqlite sql -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql - } -Index: strongswan-5.9.5/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf -@@ -6,5 +6,5 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac vici kernel-netlink socket-default updown sqlite sql -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql - } -Index: strongswan-5.9.5/testing/tests/sql/rw-psk-ipv6/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/rw-psk-ipv6/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/rw-psk-ipv6/hosts/carol/etc/strongswan.conf -@@ -6,5 +6,5 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac vici kernel-netlink socket-default updown sqlite sql -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql - } -Index: strongswan-5.9.5/testing/tests/sql/rw-psk-ipv6/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/rw-psk-ipv6/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/rw-psk-ipv6/hosts/dave/etc/strongswan.conf -@@ -6,5 +6,5 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac vici kernel-netlink socket-default updown sqlite sql -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql - } -Index: strongswan-5.9.5/testing/tests/sql/rw-psk-ipv6/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/rw-psk-ipv6/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/rw-psk-ipv6/hosts/moon/etc/strongswan.conf -@@ -6,5 +6,5 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac vici kernel-netlink socket-default updown sqlite sql -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql - } -Index: strongswan-5.9.5/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf -@@ -6,5 +6,5 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql - } -Index: strongswan-5.9.5/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf -@@ -6,5 +6,5 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql - } -Index: strongswan-5.9.5/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf -@@ -6,5 +6,5 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql - } -Index: strongswan-5.9.5/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/strongswan.conf -@@ -6,5 +6,5 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 pem pkcs1 pubkey gmp hmac vici kernel-netlink socket-default updown sqlite sql -+ load = random nonce aes sha1 sha2 pem pkcs1 pubkey gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql - } -Index: strongswan-5.9.5/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/strongswan.conf -@@ -6,5 +6,5 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 pem pkcs1 pubkey gmp hmac vici kernel-netlink socket-default updown sqlite sql -+ load = random nonce aes sha1 sha2 pem pkcs1 pubkey gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql - } -Index: strongswan-5.9.5/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/strongswan.conf -@@ -6,5 +6,5 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 pem pkcs1 pubkey gmp hmac vici kernel-netlink socket-default updown sqlite sql -+ load = random nonce aes sha1 sha2 pem pkcs1 pubkey gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql - } -Index: strongswan-5.9.5/testing/tests/sql/rw-rsa/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/rw-rsa/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/rw-rsa/hosts/carol/etc/strongswan.conf -@@ -6,5 +6,5 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 pem pkcs1 pubkey gmp hmac vici kernel-netlink socket-default updown sqlite sql -+ load = random nonce aes sha1 sha2 pem pkcs1 pubkey gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql - } -Index: strongswan-5.9.5/testing/tests/sql/rw-rsa/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/rw-rsa/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/rw-rsa/hosts/dave/etc/strongswan.conf -@@ -6,5 +6,5 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 pem pkcs1 pubkey gmp hmac vici kernel-netlink socket-default updown sqlite sql -+ load = random nonce aes sha1 sha2 pem pkcs1 pubkey gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql - } -Index: strongswan-5.9.5/testing/tests/sql/rw-rsa/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/rw-rsa/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/rw-rsa/hosts/moon/etc/strongswan.conf -@@ -6,5 +6,5 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 pem pkcs1 pubkey gmp hmac vici kernel-netlink socket-default updown sqlite sql -+ load = random nonce aes sha1 sha2 pem pkcs1 pubkey gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql - } -Index: strongswan-5.9.5/testing/tests/sql/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf -@@ -6,7 +6,7 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql - - keep_alive = 5 - } -Index: strongswan-5.9.5/testing/tests/sql/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf -@@ -9,5 +9,5 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql attr-sql -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql attr-sql - } -Index: strongswan-5.9.5/testing/tests/sql/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/sql/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/sql/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf -@@ -6,7 +6,7 @@ charon { - database = sqlite:///etc/db.d/ipsec.db - } - } -- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql -+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql - - keep_alive = 5 - } -Index: strongswan-5.9.5/testing/tests/tkm/host2host-initiator/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tkm/host2host-initiator/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tkm/host2host-initiator/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc vici kernel-netlink socket-default updown -+ load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac kdf xcbc vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/tkm/host2host-responder/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tkm/host2host-responder/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tkm/host2host-responder/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc vici kernel-netlink socket-default updown -+ load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac kdf xcbc vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/tkm/host2host-xfrmproxy/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tkm/host2host-xfrmproxy/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tkm/host2host-xfrmproxy/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc vici kernel-netlink socket-default updown -+ load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac kdf xcbc vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/tkm/multiple-clients/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tkm/multiple-clients/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tkm/multiple-clients/hosts/carol/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc vici kernel-netlink socket-default updown -+ load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac kdf xcbc vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/tkm/multiple-clients/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tkm/multiple-clients/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tkm/multiple-clients/hosts/dave/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc vici kernel-netlink socket-default updown -+ load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac kdf xcbc vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/tkm/net2net-initiator/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tkm/net2net-initiator/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tkm/net2net-initiator/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc vici kernel-netlink socket-default updown -+ load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac kdf xcbc vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/tkm/net2net-xfrmproxy/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tkm/net2net-xfrmproxy/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tkm/net2net-xfrmproxy/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc vici kernel-netlink socket-default updown -+ load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac kdf xcbc vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/tkm/xfrmproxy-expire/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tkm/xfrmproxy-expire/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tkm/xfrmproxy-expire/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc vici kernel-netlink socket-default updown -+ load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac kdf xcbc vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/tkm/xfrmproxy-rekey/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tkm/xfrmproxy-rekey/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tkm/xfrmproxy-rekey/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc vici kernel-netlink socket-default updown -+ load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac kdf xcbc vici kernel-netlink socket-default updown - } -Index: strongswan-5.9.5/testing/tests/tnc/tnccs-11/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-11/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tnc/tnccs-11/hosts/carol/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown - - multiple_authentication=no - -Index: strongswan-5.9.5/testing/tests/tnc/tnccs-11/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-11/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tnc/tnccs-11/hosts/dave/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 mgf1 gmp hmac pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown -+ load = random nonce aes sha1 sha2 md5 mgf1 gmp hmac kdf pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown - - multiple_authentication=no - -Index: strongswan-5.9.5/testing/tests/tnc/tnccs-11/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-11/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tnc/tnccs-11/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-11 tnc-imv updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-11 tnc-imv updown - - multiple_authentication = no - -Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-block/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-block/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-block/hosts/carol/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown - - multiple_authentication = no - -Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-block/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-block/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-block/hosts/dave/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown - - multiple_authentication=no - -Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-block/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-block/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-block/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown - - multiple_authentication = no - -Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown - - multiple_authentication = no - -Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown - - multiple_authentication = no - -Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown - - multiple_authentication = no - -Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-fail-init/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-fail-init/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-fail-init/hosts/carol/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown - - multiple_authentication = no - -Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-fail-init/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-fail-init/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-fail-init/hosts/dave/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown - - multiple_authentication = no - -Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-fail-init/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-fail-init/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-fail-init/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown - - multiple_authentication = no - -Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-fail-resp/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-fail-resp/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-fail-resp/hosts/carol/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown - - multiple_authentication = no - -Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-fail-resp/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-fail-resp/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-fail-resp/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown - - multiple_authentication = no - -Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici socket-default kernel-netlink eap-identity eap-ttls eap-tnc tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici socket-default kernel-netlink eap-identity eap-ttls eap-tnc tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite - - syslog { - daemon { -Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-hcd-eap/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-hcd-eap/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-hcd-eap/hosts/carol/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown - - syslog { - daemon { -Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-hcd-eap/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-hcd-eap/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-hcd-eap/hosts/dave/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown - - syslog { - daemon { -Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-hcd-eap/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-hcd-eap/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-hcd-eap/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-radius updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-radius updown - multiple_authentication=no - - plugins { -Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-os/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-os/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-os/hosts/carol/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown - - multiple_authentication = no - -Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-os/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-os/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-os/hosts/dave/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown - - multiple_authentication = no - -Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite - - multiple_authentication = no - -Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici socket-default kernel-netlink eap-identity eap-ttls eap-md5 eap-tnc tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici socket-default kernel-netlink eap-identity eap-ttls eap-md5 eap-tnc tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite - - syslog { - daemon { -Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown - - syslog { - daemon { -Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown - - syslog { - daemon { -Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-radius updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-radius updown - - multiple_authentication=no - -Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/carol/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 mgf1 gmp hmac pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown -+ load = random nonce aes sha1 sha2 md5 mgf1 gmp hmac kdf pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown - - multiple_authentication = no - -Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/dave/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 mgf1 gmp hmac pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown -+ load = random nonce aes sha1 sha2 md5 mgf1 gmp hmac kdf pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown - - multiple_authentication = no - -Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 mgf1 gmp hmac pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite -+ load = random nonce aes sha1 sha2 md5 mgf1 gmp hmac kdf pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite - - multiple_authentication = no - -Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-tls/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-tls/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-tls/hosts/carol/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown - - multiple_authentication = no - -Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-tls/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-tls/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-tls/hosts/dave/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown - - multiple_authentication = no - -Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnccs-20 tnc-imv updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnccs-20 tnc-imv updown - - multiple_authentication = no - -Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20/hosts/carol/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown - - multiple_authentication = no - -Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20/hosts/dave/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown - - multiple_authentication = no - -Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown - - multiple_authentication = no - -Index: strongswan-5.9.5/testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown - - multiple_authentication=no - integrity_test = yes -Index: strongswan-5.9.5/testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown - - multiple_authentication=no - integrity_test = yes -Index: strongswan-5.9.5/testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/strongswan.conf -@@ -1,7 +1,7 @@ - # /etc/strongswan.conf - strongSwan configuration file - - charon-systemd { -- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-dynamic tnccs-11 tnccs-20 tnc-imv updown -+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-dynamic tnccs-11 tnccs-20 tnc-imv updown - - multiple_authentication=no - integrity_test = yes -Index: strongswan-5.9.5/testing/tests/wolfssl/net2net-ed25519/hosts/sun/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/wolfssl/net2net-ed25519/hosts/sun/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/wolfssl/net2net-ed25519/hosts/sun/etc/strongswan.conf -@@ -5,5 +5,5 @@ swanctl { - } - - charon-systemd { -- load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici -+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici - } -Index: strongswan-5.9.5/testing/tests/wolfssl/rw-cert/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/wolfssl/rw-cert/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/wolfssl/rw-cert/hosts/dave/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 sha3 aes curve25519 hmac mgf1 pem pkcs1 x509 revocation constraints gmp curl kernel-netlink socket-default updown vici -+ load = random nonce sha1 sha2 sha3 aes curve25519 hmac kdf mgf1 pem pkcs1 x509 revocation constraints gmp curl kernel-netlink socket-default updown vici - - rsa_pss = yes - } -Index: strongswan-5.9.5/testing/tests/wolfssl/rw-modp3072/hosts/dave/etc/strongswan.conf -=================================================================== ---- strongswan-5.9.5.orig/testing/tests/wolfssl/rw-modp3072/hosts/dave/etc/strongswan.conf -+++ strongswan-5.9.5/testing/tests/wolfssl/rw-modp3072/hosts/dave/etc/strongswan.conf -@@ -5,7 +5,7 @@ swanctl { - } - - charon-systemd { -- load = random nonce sha1 sha2 aes hmac mgf1 pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici -+ load = random nonce sha1 sha2 aes hmac kdf mgf1 pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici - - rsa_pss = yes - } diff --git a/strongswan-5.9.5.tar.bz2 b/strongswan-5.9.5.tar.bz2 deleted file mode 100644 index 5620a12..0000000 --- a/strongswan-5.9.5.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:983e4ef4a4c6c9d69f5fe6707c7fe0b2b9a9291943bbf4e008faab6bf91c0bdd -size 4722123 diff --git a/strongswan-5.9.5.tar.bz2.sig b/strongswan-5.9.5.tar.bz2.sig deleted file mode 100644 index e0d0f82..0000000 --- a/strongswan-5.9.5.tar.bz2.sig +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQGzBAABCgAdFiEElI8Vik52onvz0HUy30LBcLNNuncFAmHuiPcACgkQ30LBcLNN -unc6EAv+ON1HCA3pkhP63Nj7xQr0KilMcZ+VsMVcb0gNHzQSN/Ab2+Kw3cEawnoA -r9Zd3MDMl+uNWfstYLpaQazamLa+iBIYnzjZk63UYJnabaJdWKY1ATmSE1zfEHLr -wBMtH9FYCAipygY4yFW7zCMcPvn9/pOW1JPCKlWHK6fZadVi09QhOF02Bi9kfSFT -d1y/rlv3Mz9jeYf1Q4BgoeN72TQLYxq8+LTXjuY1y0x4mguRpS6KMbvOZiob1I56 -yDx/OiurKqa9+agjdimvwL8sBeIGdpJYFDjfMAxeW4NNgwyyjAcWzwR7WLCO+41c -GdSNi3QLEWdg1whqXXxzPu7lMx1k1C7bkmfBVTTvX4CS+Nz2QokOm95eSK02dJcI -Q8eIpkc8NbOHY9T6hnPrSxXcYBCswsV1IqkipF0PfDFTO/oq7MipH3nkhJAJgvPR -zT2IUGPTB9gnlNCU3dmve2v8of4P4GDP/RYIxI+4alBkfAg0rH08pPZiEo/7nO91 -uylNol4Q -=asUK ------END PGP SIGNATURE----- diff --git a/strongswan-5.9.6.tar.bz2 b/strongswan-5.9.6.tar.bz2 new file mode 100644 index 0000000..dd69a0f --- /dev/null +++ b/strongswan-5.9.6.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:91d0978ac448912759b85452d8ff0d578aafd4507aaf4f1c1719f9d0c7318ab7 +size 4750894 diff --git a/strongswan-5.9.6.tar.bz2.sig b/strongswan-5.9.6.tar.bz2.sig new file mode 100644 index 0000000..2da1516 --- /dev/null +++ b/strongswan-5.9.6.tar.bz2.sig @@ -0,0 +1,14 @@ +-----BEGIN PGP SIGNATURE----- + +iQGzBAABCgAdFiEElI8Vik52onvz0HUy30LBcLNNuncFAmJrATYACgkQ30LBcLNN +unc45QwAm8gL8D9+YO96mG4eSOGqOYh6f7MHG7mGi22PEq0DnGgT7fKvrDeSVi2/ +cOJlJ27rB3FAztAFm1n7+CAjmUXajxsUnismJx4v7zNF6d999hyvYguhcRh/XeD+ ++UN0VdtNVjkzxzV+2TcNOA0hnIxVRPFO7m02eHvpr+F/Jphb6o/6oKFq9RzIjG9T +sGvv6mucMHG+Bzs8A2PGywxcMggr6+AsIDRHzaM3CE92uI43smBNYgt31i8IsCu5 +R0vPPIRWowUqxxF+ryQU9YB5xVUTsVRZJUq5j1jjAT9yD292T9ZzAJajEERlaXTA +H+SrVVnmI4Gl5tvgHXY980xCcKlASjJ9tfI4VJFpW5u49k2HOTcCbsrbhpXlD8m+ +pntdYP+hSch3EO/pehLEIGj8+26e2B8q122T4oFnN9I+bkYYXPZKgdbDeSTT/Lty +WsOyWyJQdg5vnskT8ACsQJBwFF8t+DjUXC+T5y8qrwZbBuvx/PfGEK3adeLMzflT +MOy+f+DC +=RL/z +-----END PGP SIGNATURE----- diff --git a/strongswan.changes b/strongswan.changes index d1b71e6..5655365 100644 --- a/strongswan.changes +++ b/strongswan.changes @@ -1,3 +1,24 @@ +------------------------------------------------------------------- +Sat Apr 30 08:21:29 UTC 2022 - Jan Engelhardt + +- Update to release 5.9.6 + * Support for labeled IPsec with IKEv2 + (draft-ietf-ipsecme-labeled-ipsec) has been added. Two modes + are currently supported. + * The secrets used for generating COOKIE payloads are now + switched based on a time limit (2 minutes) and not the + previous usage limit (10'000 generated cookies). + * Actively initiating duplicate CHILD_SAs within the same + IKE_SA is now largely prevented. + * If the source address is unknown when initiating an IKEv2 SA, + a NAT situation is now forced for IPv4 (for IPv6, NAT-T is + disabled) to avoid causing asymmetric enabling of + UDP-encapsulation. + * The main two steps of the IKEv2 key derivation (PRF/prf+) + have been modularized. In particular, prf+ is now provided by + a plugin. +- Drop prf-plus-modularization.patch + ------------------------------------------------------------------- Wed Mar 16 12:57:46 UTC 2022 - Marcus Meissner diff --git a/strongswan.spec b/strongswan.spec index fce0e5b..c6633d5 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -17,7 +17,7 @@ Name: strongswan -Version: 5.9.5 +Version: 5.9.6 Release: 0 %define upstream_version %{version} %define strongswan_docdir %{_docdir}/%{name} @@ -81,8 +81,6 @@ Patch3: %{name}_fipscheck.patch %endif Patch5: 0005-ikev1-Don-t-retransmit-Aggressive-Mode-response.patch Patch6: harden_strongswan.service.patch -Patch7: prf-plus-modularization.patch -BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: bison BuildRequires: curl-devel BuildRequires: flex @@ -270,7 +268,6 @@ sed -e 's|@IPSEC_DIR@|%{_libexecdir}/ipsec|g' \ > _fipscheck %endif %patch6 -p1 -%patch7 -p1 %build CFLAGS="%{optflags} -W -Wall -Wno-pointer-sign -Wno-strict-aliasing -Wno-unused-parameter" @@ -371,7 +368,7 @@ autoreconf --force --install --enable-curl \ --enable-bypass-lan \ --disable-static -make %{?_smp_mflags} +%make_build %install install -d -m755 %{buildroot}/%{_sbindir}/ @@ -513,14 +510,12 @@ fi %endif %files -%defattr(-,root,root) %dir %{strongswan_docdir} %{strongswan_docdir}/README.SUSE %if %{with fipscheck} %files hmac -%defattr(-,root,root) %dir %{strongswan_configs} %dir %{strongswan_configs}/charon %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/zzz_fips-enforce.conf @@ -537,7 +532,6 @@ fi %endif %files ipsec -%defattr(-,root,root) %config(noreplace) %attr(600,root,root) %{_sysconfdir}/ipsec.conf %config(noreplace) %attr(600,root,root) %{_sysconfdir}/ipsec.secrets %config(noreplace) %attr(600,root,root) %{_sysconfdir}/swanctl/swanctl.conf @@ -592,7 +586,6 @@ fi %{strongswan_plugins}/libstrongswan-updown.so %files doc -%defattr(-,root,root) %dir %{strongswan_docdir} %{strongswan_docdir}/TODO %{strongswan_docdir}/NEWS @@ -606,7 +599,6 @@ fi %{_mandir}/man8/swanctl.8.* %files libs0 -%defattr(-,root,root) %if %{with systemd} %{_tmpfilesdir}/%{name}.conf %endif @@ -966,7 +958,6 @@ fi %if %{with nm} %files nm -%defattr(-,root,root) %dir %{_libexecdir}/ipsec %dir %{strongswan_plugins} %{_libexecdir}/ipsec/charon-nm @@ -976,7 +967,6 @@ fi %if %{with mysql} %files mysql -%defattr(-,root,root) %dir %{strongswan_libdir} %dir %{strongswan_plugins} %{strongswan_plugins}/libstrongswan-mysql.so @@ -997,7 +987,6 @@ fi %if %{with sqlite} %files sqlite -%defattr(-,root,root) %dir %{strongswan_libdir} %dir %{strongswan_plugins} %{strongswan_plugins}/libstrongswan-sqlite.so @@ -1017,7 +1006,6 @@ fi %if %{with tests} %files tests -%defattr(-,root,root) %dir %{strongswan_configs} %dir %{strongswan_configs}/charon %{strongswan_configs}/charon/load-tester.conf