From 00a00a6acff9dd8ea9f5eb7486dabdb3e6704928c572fcd4d5d8fb33f7a6e13e Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 9 Mar 2022 18:30:05 +0000 Subject: [PATCH] Accepting request 960489 from home:msmeissn:branches:network:vpn - Added prf-plus-modularization.patch that outsources the IKE key derivation to openssl. (will be merged to 5.9.6) - package the kdf config, template and plugin OBS-URL: https://build.opensuse.org/request/show/960489 OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=133 --- harden_strongswan.service.patch | 6 +- prf-plus-modularization.patch | 15368 ++++++++++++++++++++++++++++++ strongswan.changes | 7 + strongswan.spec | 6 + 4 files changed, 15384 insertions(+), 3 deletions(-) create mode 100644 prf-plus-modularization.patch diff --git a/harden_strongswan.service.patch b/harden_strongswan.service.patch index 08c57b5..7820dda 100644 --- a/harden_strongswan.service.patch +++ b/harden_strongswan.service.patch @@ -1,7 +1,7 @@ -Index: strongswan-5.9.3/init/systemd/strongswan.service.in +Index: strongswan-5.9.5/init/systemd/strongswan.service.in =================================================================== ---- strongswan-5.9.3.orig/init/systemd/strongswan.service.in -+++ strongswan-5.9.3/init/systemd/strongswan.service.in +--- strongswan-5.9.5.orig/init/systemd/strongswan.service.in ++++ strongswan-5.9.5/init/systemd/strongswan.service.in @@ -3,6 +3,17 @@ Description=strongSwan IPsec IKEv1/IKEv2 After=network-online.target diff --git a/prf-plus-modularization.patch b/prf-plus-modularization.patch new file mode 100644 index 0000000..e9a9c7a --- /dev/null +++ b/prf-plus-modularization.patch @@ -0,0 +1,15368 @@ +Index: strongswan-5.9.5/Android.mk +=================================================================== +--- strongswan-5.9.5.orig/Android.mk ++++ strongswan-5.9.5/Android.mk +@@ -17,7 +17,7 @@ include $(CLEAR_VARS) + # this is the list of plugins that are built into libstrongswan and charon + # also these plugins are loaded by default (if not changed in strongswan.conf) + strongswan_CHARON_PLUGINS := android-log openssl fips-prf random nonce pubkey \ +- pkcs1 pkcs8 pem xcbc hmac kernel-netlink socket-default android-dns \ ++ pkcs1 pkcs8 pem xcbc hmac kdf kernel-netlink socket-default android-dns \ + stroke eap-identity eap-mschapv2 eap-md5 eap-gtc + + ifneq ($(strongswan_BUILD_SCEPCLIENT),) +Index: strongswan-5.9.5/configure.ac +=================================================================== +--- strongswan-5.9.5.orig/configure.ac ++++ strongswan-5.9.5/configure.ac +@@ -148,6 +148,7 @@ ARG_ENABL_SET([gcrypt], [enables + ARG_DISBL_SET([gmp], [disable GNU MP (libgmp) based crypto implementation plugin.]) + ARG_DISBL_SET([curve25519], [disable Curve25519 Diffie-Hellman plugin.]) + ARG_DISBL_SET([hmac], [disable HMAC crypto implementation plugin.]) ++ARG_DISBL_SET([kdf], [disable KDF (prf+) implementation plugin.]) + ARG_ENABL_SET([md4], [enable MD4 software implementation plugin.]) + ARG_DISBL_SET([md5], [disable MD5 software implementation plugin.]) + ARG_ENABL_SET([mgf1], [enable the MGF1 software implementation plugin.]) +@@ -1494,6 +1495,7 @@ ADD_PLUGIN([chapoly], [s ch + ADD_PLUGIN([xcbc], [s charon nm cmd]) + ADD_PLUGIN([cmac], [s charon nm cmd]) + ADD_PLUGIN([hmac], [s charon pki scripts nm cmd]) ++ADD_PLUGIN([kdf], [s charon pki scripts nm cmd]) + ADD_PLUGIN([ctr], [s charon scripts nm cmd]) + ADD_PLUGIN([ccm], [s charon scripts nm cmd]) + ADD_PLUGIN([gcm], [s charon scripts nm cmd]) +@@ -1647,6 +1649,7 @@ AM_CONDITIONAL(USE_DNSKEY, test x$dnskey + AM_CONDITIONAL(USE_SSHKEY, test x$sshkey = xtrue) + AM_CONDITIONAL(USE_PEM, test x$pem = xtrue) + AM_CONDITIONAL(USE_HMAC, test x$hmac = xtrue) ++AM_CONDITIONAL(USE_KDF, test x$kdf = xtrue) + AM_CONDITIONAL(USE_CMAC, test x$cmac = xtrue) + AM_CONDITIONAL(USE_XCBC, test x$xcbc = xtrue) + AM_CONDITIONAL(USE_MYSQL, test x$mysql = xtrue) +@@ -1911,6 +1914,7 @@ AC_CONFIG_FILES([ + src/libstrongswan/plugins/random/Makefile + src/libstrongswan/plugins/nonce/Makefile + src/libstrongswan/plugins/hmac/Makefile ++ src/libstrongswan/plugins/kdf/Makefile + src/libstrongswan/plugins/xcbc/Makefile + src/libstrongswan/plugins/x509/Makefile + src/libstrongswan/plugins/revocation/Makefile +Index: strongswan-5.9.5/src/libcharon/kernel/kernel_interface.h +=================================================================== +--- strongswan-5.9.5.orig/src/libcharon/kernel/kernel_interface.h ++++ strongswan-5.9.5/src/libcharon/kernel/kernel_interface.h +@@ -50,7 +50,6 @@ typedef struct kernel_interface_t kernel + typedef enum kernel_feature_t kernel_feature_t; + + #include +-#include + + #include + #include +Index: strongswan-5.9.5/src/libcharon/plugins/stroke/stroke_list.c +=================================================================== +--- strongswan-5.9.5.orig/src/libcharon/plugins/stroke/stroke_list.c ++++ strongswan-5.9.5/src/libcharon/plugins/stroke/stroke_list.c +@@ -849,6 +849,7 @@ static void list_algs(FILE *out) + hash_algorithm_t hash; + pseudo_random_function_t prf; + ext_out_function_t xof; ++ key_derivation_function_t kdf; + drbg_type_t drbg; + diffie_hellman_group_t group; + rng_quality_t quality; +@@ -905,6 +906,14 @@ static void list_algs(FILE *out) + print_alg(out, &len, ext_out_function_names, xof, plugin_name); + } + enumerator->destroy(enumerator); ++ fprintf(out, "\n kdf: "); ++ len = 13; ++ enumerator = lib->crypto->create_kdf_enumerator(lib->crypto); ++ while (enumerator->enumerate(enumerator, &kdf, &plugin_name)) ++ { ++ print_alg(out, &len, key_derivation_function_names, kdf, plugin_name); ++ } ++ enumerator->destroy(enumerator); + fprintf(out, "\n drbg: "); + len = 13; + enumerator = lib->crypto->create_drbg_enumerator(lib->crypto); +Index: strongswan-5.9.5/src/libcharon/plugins/vici/vici_query.c +=================================================================== +--- strongswan-5.9.5.orig/src/libcharon/plugins/vici/vici_query.c ++++ strongswan-5.9.5/src/libcharon/plugins/vici/vici_query.c +@@ -1266,6 +1266,7 @@ CALLBACK(get_algorithms, vici_message_t* + hash_algorithm_t hash; + pseudo_random_function_t prf; + ext_out_function_t xof; ++ key_derivation_function_t kdf; + drbg_type_t drbg; + diffie_hellman_group_t group; + rng_quality_t quality; +@@ -1326,6 +1327,15 @@ CALLBACK(get_algorithms, vici_message_t* + } + enumerator->destroy(enumerator); + b->end_section(b); ++ ++ b->begin_section(b, "kdf"); ++ enumerator = lib->crypto->create_kdf_enumerator(lib->crypto); ++ while (enumerator->enumerate(enumerator, &kdf, &plugin_name)) ++ { ++ add_algorithm(b, key_derivation_function_names, kdf, plugin_name); ++ } ++ enumerator->destroy(enumerator); ++ b->end_section(b); + + b->begin_section(b, "drbg"); + enumerator = lib->crypto->create_drbg_enumerator(lib->crypto); +Index: strongswan-5.9.5/src/libcharon/sa/child_sa.h +=================================================================== +--- strongswan-5.9.5.orig/src/libcharon/sa/child_sa.h ++++ strongswan-5.9.5/src/libcharon/sa/child_sa.h +@@ -29,7 +29,6 @@ typedef struct child_sa_t child_sa_t; + typedef struct child_sa_create_t child_sa_create_t; + + #include +-#include + #include + #include + #include +Index: strongswan-5.9.5/src/libcharon/sa/ikev1/keymat_v1.c +=================================================================== +--- strongswan-5.9.5.orig/src/libcharon/sa/ikev1/keymat_v1.c ++++ strongswan-5.9.5/src/libcharon/sa/ikev1/keymat_v1.c +@@ -507,6 +507,36 @@ METHOD(keymat_v1_t, derive_ike_keys, boo + this->aead->get_block_size(this->aead)); + } + ++/** ++ * Derive key material for CHILD_SAs according to section 5.5. in RFC 2409. ++ */ ++static bool derive_child_keymat(private_keymat_v1_t *this, chunk_t seed, ++ uint16_t enc_size, chunk_t *encr, ++ uint16_t int_size, chunk_t *integ) ++{ ++ size_t block_size, i; ++ chunk_t keymat, prev = chunk_empty; ++ ++ block_size = this->prf->get_block_size(this->prf); ++ keymat = chunk_alloc(round_up(enc_size + int_size, block_size)); ++ keymat.len = enc_size + int_size; ++ ++ for (i = 0; i < keymat.len; i += block_size) ++ { ++ if (!this->prf->get_bytes(this->prf, prev, NULL) || ++ !this->prf->get_bytes(this->prf, seed, keymat.ptr + i)) ++ { ++ chunk_clear(&keymat); ++ return FALSE; ++ } ++ prev = chunk_create(keymat.ptr + i, block_size); ++ } ++ ++ chunk_split(keymat, "aa", enc_size, encr, int_size, integ); ++ chunk_clear(&keymat); ++ return TRUE; ++} ++ + METHOD(keymat_v1_t, derive_child_keys, bool, + private_keymat_v1_t *this, proposal_t *proposal, diffie_hellman_t *dh, + uint32_t spi_i, uint32_t spi_r, chunk_t nonce_i, chunk_t nonce_r, +@@ -514,8 +544,7 @@ METHOD(keymat_v1_t, derive_child_keys, b + { + uint16_t enc_alg, int_alg, enc_size = 0, int_size = 0; + uint8_t protocol; +- prf_plus_t *prf_plus; +- chunk_t seed, secret = chunk_empty; ++ chunk_t seed = chunk_empty, secret = chunk_empty; + bool success = FALSE; + + if (proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, +@@ -599,11 +628,7 @@ METHOD(keymat_v1_t, derive_child_keys, b + seed = chunk_cata("ccccc", secret, chunk_from_thing(protocol), + chunk_from_thing(spi_r), nonce_i, nonce_r); + DBG4(DBG_CHD, "initiator SA seed %B", &seed); +- +- prf_plus = prf_plus_create(this->prf, FALSE, seed); +- if (!prf_plus || +- !prf_plus->allocate_bytes(prf_plus, enc_size, encr_i) || +- !prf_plus->allocate_bytes(prf_plus, int_size, integ_i)) ++ if (!derive_child_keymat(this, seed, enc_size, encr_i, int_size, integ_i)) + { + goto failure; + } +@@ -611,11 +636,7 @@ METHOD(keymat_v1_t, derive_child_keys, b + seed = chunk_cata("ccccc", secret, chunk_from_thing(protocol), + chunk_from_thing(spi_i), nonce_i, nonce_r); + DBG4(DBG_CHD, "responder SA seed %B", &seed); +- prf_plus->destroy(prf_plus); +- prf_plus = prf_plus_create(this->prf, FALSE, seed); +- if (!prf_plus || +- !prf_plus->allocate_bytes(prf_plus, enc_size, encr_r) || +- !prf_plus->allocate_bytes(prf_plus, int_size, integ_r)) ++ if (!derive_child_keymat(this, seed, enc_size, encr_r, int_size, integ_r)) + { + goto failure; + } +@@ -640,7 +661,7 @@ failure: + chunk_clear(encr_r); + chunk_clear(integ_r); + } +- DESTROY_IF(prf_plus); ++ memwipe(seed.ptr, seed.len); + chunk_clear(&secret); + + return success; +Index: strongswan-5.9.5/src/libcharon/sa/ikev2/keymat_v2.c +=================================================================== +--- strongswan-5.9.5.orig/src/libcharon/sa/ikev2/keymat_v2.c ++++ strongswan-5.9.5/src/libcharon/sa/ikev2/keymat_v2.c +@@ -17,7 +17,6 @@ + #include "keymat_v2.h" + + #include +-#include + #include + + typedef struct private_keymat_v2_t private_keymat_v2_t; +@@ -97,13 +96,12 @@ METHOD(keymat_t, create_nonce_gen, nonce + } + + /** +- * Derive IKE keys for a combined AEAD algorithm ++ * Create aead_t objects for a combined-mode AEAD algorithm, sets the length of ++ * sk_ei and sk_er + */ +-static bool derive_ike_aead(private_keymat_v2_t *this, uint16_t alg, +- uint16_t key_size, prf_plus_t *prf_plus, +- chunk_t *sk_ei, chunk_t *sk_er) ++static bool create_ike_aead(private_keymat_v2_t *this, uint16_t alg, ++ uint16_t key_size, chunk_t *sk_ei, chunk_t *sk_er) + { +- aead_t *aead_i, *aead_r; + u_int salt_size; + + switch (alg) +@@ -131,201 +129,178 @@ static bool derive_ike_aead(private_keym + return FALSE; + } + +- /* SK_ei/SK_er used for encryption */ +- aead_i = lib->crypto->create_aead(lib->crypto, alg, key_size / 8, salt_size); +- aead_r = lib->crypto->create_aead(lib->crypto, alg, key_size / 8, salt_size); +- if (aead_i == NULL || aead_r == NULL) ++ this->aead_in = lib->crypto->create_aead(lib->crypto, alg, key_size / 8, ++ salt_size); ++ this->aead_out = lib->crypto->create_aead(lib->crypto, alg, key_size / 8, ++ salt_size); ++ if (!this->aead_in || !this->aead_out) + { + DBG1(DBG_IKE, "%N %N (key size %d) not supported!", + transform_type_names, ENCRYPTION_ALGORITHM, + encryption_algorithm_names, alg, key_size); +- goto failure; +- } +- key_size = aead_i->get_key_size(aead_i); +- if (key_size != aead_r->get_key_size(aead_r)) +- { +- goto failure; +- } +- if (!prf_plus->allocate_bytes(prf_plus, key_size, sk_ei)) +- { +- goto failure; +- } +- DBG4(DBG_IKE, "Sk_ei secret %B", sk_ei); +- if (!aead_i->set_key(aead_i, *sk_ei)) +- { +- goto failure; +- } +- +- if (!prf_plus->allocate_bytes(prf_plus, key_size, sk_er)) +- { +- goto failure; +- } +- DBG4(DBG_IKE, "Sk_er secret %B", sk_er); +- if (!aead_r->set_key(aead_r, *sk_er)) +- { +- goto failure; +- } +- +- if (this->initiator) +- { +- this->aead_in = aead_r; +- this->aead_out = aead_i; ++ return FALSE; + } +- else ++ sk_ei->len = this->aead_in->get_key_size(this->aead_in); ++ sk_er->len = this->aead_out->get_key_size(this->aead_out); ++ if (sk_ei->len != sk_er->len) + { +- this->aead_in = aead_i; +- this->aead_out = aead_r; ++ return FALSE; + } +- aead_i = aead_r = NULL; +- +-failure: +- DESTROY_IF(aead_i); +- DESTROY_IF(aead_r); +- return this->aead_in && this->aead_out; ++ return TRUE; + } + + /** +- * Derive IKE keys for traditional encryption and MAC algorithms ++ * Create aead_t objects for traditional encryption and MAC algorithms, sets the ++ * length of key chunks + */ +-static bool derive_ike_traditional(private_keymat_v2_t *this, uint16_t enc_alg, +- uint16_t enc_size, uint16_t int_alg, prf_plus_t *prf_plus, +- chunk_t *sk_ai, chunk_t *sk_ar, chunk_t *sk_ei, +- chunk_t *sk_er) +-{ +- crypter_t *crypter_i = NULL, *crypter_r = NULL; +- signer_t *signer_i, *signer_r; +- iv_gen_t *ivg_i, *ivg_r; +- size_t key_size; ++static bool create_ike_traditional(private_keymat_v2_t *this, uint16_t enc_alg, ++ uint16_t enc_size, uint16_t int_alg, chunk_t *sk_ai, ++ chunk_t *sk_ar, chunk_t *sk_ei, chunk_t *sk_er) ++{ ++ crypter_t *crypter_i = NULL, *crypter_o = NULL; ++ signer_t *signer_i, *signer_o; ++ iv_gen_t *ivg_i, *ivg_o; + + signer_i = lib->crypto->create_signer(lib->crypto, int_alg); +- signer_r = lib->crypto->create_signer(lib->crypto, int_alg); +- crypter_i = lib->crypto->create_crypter(lib->crypto, enc_alg, enc_size / 8); +- crypter_r = lib->crypto->create_crypter(lib->crypto, enc_alg, enc_size / 8); +- if (signer_i == NULL || signer_r == NULL) ++ signer_o = lib->crypto->create_signer(lib->crypto, int_alg); ++ if (!signer_i || !signer_o) + { + DBG1(DBG_IKE, "%N %N not supported!", + transform_type_names, INTEGRITY_ALGORITHM, + integrity_algorithm_names, int_alg); + goto failure; + } +- if (crypter_i == NULL || crypter_r == NULL) ++ crypter_i = lib->crypto->create_crypter(lib->crypto, enc_alg, enc_size / 8); ++ crypter_o = lib->crypto->create_crypter(lib->crypto, enc_alg, enc_size / 8); ++ if (!crypter_i || !crypter_o) + { + DBG1(DBG_IKE, "%N %N (key size %d) not supported!", + transform_type_names, ENCRYPTION_ALGORITHM, + encryption_algorithm_names, enc_alg, enc_size); + goto failure; + } +- +- /* SK_ai/SK_ar used for integrity protection */ +- key_size = signer_i->get_key_size(signer_i); +- +- if (!prf_plus->allocate_bytes(prf_plus, key_size, sk_ai)) +- { +- goto failure; +- } +- DBG4(DBG_IKE, "Sk_ai secret %B", sk_ai); +- if (!signer_i->set_key(signer_i, *sk_ai)) +- { +- goto failure; +- } +- +- if (!prf_plus->allocate_bytes(prf_plus, key_size, sk_ar)) +- { +- goto failure; +- } +- DBG4(DBG_IKE, "Sk_ar secret %B", sk_ar); +- if (!signer_r->set_key(signer_r, *sk_ar)) +- { +- goto failure; +- } +- +- /* SK_ei/SK_er used for encryption */ +- key_size = crypter_i->get_key_size(crypter_i); +- +- if (!prf_plus->allocate_bytes(prf_plus, key_size, sk_ei)) +- { +- goto failure; +- } +- DBG4(DBG_IKE, "Sk_ei secret %B", sk_ei); +- if (!crypter_i->set_key(crypter_i, *sk_ei)) +- { +- goto failure; +- } +- +- if (!prf_plus->allocate_bytes(prf_plus, key_size, sk_er)) ++ sk_ai->len = signer_i->get_key_size(signer_i); ++ sk_ar->len = signer_o->get_key_size(signer_o); ++ if (sk_ai->len != sk_ar->len) + { + goto failure; + } +- DBG4(DBG_IKE, "Sk_er secret %B", sk_er); +- if (!crypter_r->set_key(crypter_r, *sk_er)) ++ sk_ei->len = crypter_i->get_key_size(crypter_i); ++ sk_er->len = crypter_o->get_key_size(crypter_o); ++ if (sk_ei->len != sk_er->len) + { + goto failure; + } +- + ivg_i = iv_gen_create_for_alg(enc_alg); +- ivg_r = iv_gen_create_for_alg(enc_alg); +- if (!ivg_i || !ivg_r) ++ ivg_o = iv_gen_create_for_alg(enc_alg); ++ if (!ivg_i || !ivg_o) + { + goto failure; + } +- if (this->initiator) +- { +- this->aead_in = aead_create(crypter_r, signer_r, ivg_r); +- this->aead_out = aead_create(crypter_i, signer_i, ivg_i); +- } +- else +- { +- this->aead_in = aead_create(crypter_i, signer_i, ivg_i); +- this->aead_out = aead_create(crypter_r, signer_r, ivg_r); +- } +- signer_i = signer_r = NULL; +- crypter_i = crypter_r = NULL; ++ this->aead_in = aead_create(crypter_i, signer_i, ivg_i); ++ this->aead_out = aead_create(crypter_o, signer_o, ivg_o); ++ signer_i = signer_o = NULL; ++ crypter_i = crypter_o = NULL; + + failure: + DESTROY_IF(signer_i); +- DESTROY_IF(signer_r); ++ DESTROY_IF(signer_o); + DESTROY_IF(crypter_i); +- DESTROY_IF(crypter_r); ++ DESTROY_IF(crypter_o); + return this->aead_in && this->aead_out; + } + ++/** ++ * Set keys on AEAD objects ++ */ ++static bool set_aead_keys(private_keymat_v2_t *this, uint16_t enc_alg, ++ chunk_t sk_ai, chunk_t sk_ar, ++ chunk_t sk_ei, chunk_t sk_er) ++{ ++ aead_t *aead_i, *aead_r; ++ chunk_t sk_i, sk_r; ++ bool success; ++ ++ aead_i = this->initiator ? this->aead_out : this->aead_in; ++ aead_r = this->initiator ? this->aead_in : this->aead_out; ++ ++ sk_i = chunk_cat("cc", sk_ai, sk_ei); ++ sk_r = chunk_cat("cc", sk_ar, sk_er); ++ ++ success = aead_i->set_key(aead_i, sk_i) && ++ aead_r->set_key(aead_r, sk_r); ++ ++ chunk_clear(&sk_i); ++ chunk_clear(&sk_r); ++ return success; ++} ++ + METHOD(keymat_v2_t, derive_ike_keys, bool, + private_keymat_v2_t *this, proposal_t *proposal, diffie_hellman_t *dh, + chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id, + pseudo_random_function_t rekey_function, chunk_t rekey_skd) + { + chunk_t skeyseed = chunk_empty, secret, full_nonce, fixed_nonce; +- chunk_t prf_plus_seed, spi_i, spi_r; ++ chunk_t prf_plus_seed, spi_i, spi_r, keymat = chunk_empty; + chunk_t sk_ei = chunk_empty, sk_er = chunk_empty; + chunk_t sk_ai = chunk_empty, sk_ar = chunk_empty, sk_pi, sk_pr; +- prf_plus_t *prf_plus = NULL; +- uint16_t alg, key_size, int_alg; ++ kdf_t *prf_plus = NULL; ++ uint16_t prf_alg, key_size, enc_alg, enc_size, int_alg; + prf_t *rekey_prf = NULL; ++ bool success = FALSE; + + spi_i = chunk_alloca(sizeof(uint64_t)); + spi_r = chunk_alloca(sizeof(uint64_t)); + +- if (!dh->get_shared_secret(dh, &secret)) ++ /* create SA's general purpose PRF first, we may use it here */ ++ if (!proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &prf_alg, ++ NULL)) + { ++ DBG1(DBG_IKE, "no %N selected", ++ transform_type_names, PSEUDO_RANDOM_FUNCTION); + return FALSE; + } ++ this->prf_alg = prf_alg; ++ this->prf = lib->crypto->create_prf(lib->crypto, this->prf_alg); ++ if (!this->prf) ++ { ++ DBG1(DBG_IKE, "%N %N not supported!", transform_type_names, ++ PSEUDO_RANDOM_FUNCTION, pseudo_random_function_names, ++ this->prf_alg); ++ return FALSE; ++ } ++ key_size = this->prf->get_key_size(this->prf); + +- /* Create SAs general purpose PRF first, we may use it here */ +- if (!proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &alg, NULL)) ++ /* create SA's AEAD instances to determine key sizes */ ++ if (!proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &enc_alg, ++ &enc_size)) + { +- DBG1(DBG_IKE, "no %N selected", +- transform_type_names, PSEUDO_RANDOM_FUNCTION); +- chunk_clear(&secret); ++ DBG1(DBG_IKE, "no %N selected", transform_type_names, ++ ENCRYPTION_ALGORITHM); + return FALSE; + } +- this->prf_alg = alg; +- this->prf = lib->crypto->create_prf(lib->crypto, alg); +- if (this->prf == NULL) ++ if (!encryption_algorithm_is_aead(enc_alg)) ++ { ++ if (!proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &int_alg, ++ NULL)) ++ { ++ DBG1(DBG_IKE, "no %N selected", transform_type_names, ++ INTEGRITY_ALGORITHM); ++ return FALSE; ++ } ++ if (!create_ike_traditional(this, enc_alg, enc_size, int_alg, ++ &sk_ai, &sk_ar, &sk_ei, &sk_er)) ++ { ++ return FALSE; ++ } ++ } ++ else if (!create_ike_aead(this, enc_alg, enc_size, &sk_ei, &sk_er)) ++ { ++ return FALSE; ++ } ++ ++ if (!dh->get_shared_secret(dh, &secret)) + { +- DBG1(DBG_IKE, "%N %N not supported!", +- transform_type_names, PSEUDO_RANDOM_FUNCTION, +- pseudo_random_function_names, alg); +- chunk_clear(&secret); + return FALSE; + } + DBG4(DBG_IKE, "shared Diffie Hellman secret %B", &secret); +@@ -333,7 +308,7 @@ METHOD(keymat_v2_t, derive_ike_keys, boo + full_nonce = chunk_cat("cc", nonce_i, nonce_r); + /* but the PRF may need a fixed key which only uses the first bytes of + * the nonces. */ +- switch (alg) ++ switch (prf_alg) + { + case PRF_AES128_CMAC: + /* while variable keys may be used according to RFC 4615, RFC 7296 +@@ -345,9 +320,8 @@ METHOD(keymat_v2_t, derive_ike_keys, boo + case PRF_CAMELLIA128_XCBC: + /* draft-kanno-ipsecme-camellia-xcbc refers to rfc 4434, we + * assume fixed key length. */ +- key_size = this->prf->get_key_size(this->prf)/2; +- nonce_i.len = min(nonce_i.len, key_size); +- nonce_r.len = min(nonce_r.len, key_size); ++ nonce_i.len = min(nonce_i.len, key_size / 2); ++ nonce_r.len = min(nonce_r.len, key_size / 2); + break; + default: + /* all other algorithms use variable key length, full nonce */ +@@ -366,10 +340,10 @@ METHOD(keymat_v2_t, derive_ike_keys, boo + { + /* SKEYSEED = prf(Ni | Nr, g^ir) */ + if (this->prf->set_key(this->prf, fixed_nonce) && +- this->prf->allocate_bytes(this->prf, secret, &skeyseed) && +- this->prf->set_key(this->prf, skeyseed)) ++ this->prf->allocate_bytes(this->prf, secret, &skeyseed)) + { +- prf_plus = prf_plus_create(this->prf, TRUE, prf_plus_seed); ++ prf_plus = lib->crypto->create_kdf(lib->crypto, KDF_PRF_PLUS, ++ this->prf_alg); + } + } + else +@@ -389,117 +363,96 @@ METHOD(keymat_v2_t, derive_ike_keys, boo + } + secret = chunk_cat("sc", secret, full_nonce); + if (rekey_prf->set_key(rekey_prf, rekey_skd) && +- rekey_prf->allocate_bytes(rekey_prf, secret, &skeyseed) && +- rekey_prf->set_key(rekey_prf, skeyseed)) ++ rekey_prf->allocate_bytes(rekey_prf, secret, &skeyseed)) + { +- prf_plus = prf_plus_create(rekey_prf, TRUE, prf_plus_seed); ++ prf_plus = lib->crypto->create_kdf(lib->crypto, KDF_PRF_PLUS, ++ rekey_function); + } + } + DBG4(DBG_IKE, "SKEYSEED %B", &skeyseed); + ++ if (prf_plus && ++ (!prf_plus->set_param(prf_plus, KDF_PARAM_KEY, skeyseed) || ++ !prf_plus->set_param(prf_plus, KDF_PARAM_SALT, prf_plus_seed))) ++ { ++ prf_plus->destroy(prf_plus); ++ prf_plus = NULL; ++ } ++ + chunk_clear(&skeyseed); + chunk_clear(&secret); + chunk_free(&full_nonce); + chunk_free(&fixed_nonce); + chunk_clear(&prf_plus_seed); ++ DESTROY_IF(rekey_prf); + + if (!prf_plus) + { + goto failure; + } + +- /* KEYMAT = SK_d | SK_ai | SK_ar | SK_ei | SK_er | SK_pi | SK_pr */ +- +- /* SK_d is used for generating CHILD_SA key mat => store for later use */ +- key_size = this->prf->get_key_size(this->prf); +- if (!prf_plus->allocate_bytes(prf_plus, key_size, &this->skd)) +- { +- goto failure; +- } +- DBG4(DBG_IKE, "Sk_d secret %B", &this->skd); +- +- if (!proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &alg, &key_size)) ++ /* KEYMAT = SK_d | SK_ai | SK_ar | SK_ei | SK_er | SK_pi | SK_pr ++ * ++ * SK_d, SK_pi and SK_pr have the size of the PRF key ++ */ ++ keymat.len = 3 * key_size + sk_ai.len + sk_ar.len + sk_ei.len + sk_er.len; ++ if (!prf_plus->allocate_bytes(prf_plus, keymat.len, &keymat)) + { +- DBG1(DBG_IKE, "no %N selected", +- transform_type_names, ENCRYPTION_ALGORITHM); + goto failure; + } ++ chunk_split(keymat, "ammmmaa", key_size, &this->skd, sk_ai.len, &sk_ai, ++ sk_ar.len, &sk_ar, sk_ei.len, &sk_ei, sk_er.len, &sk_er, ++ key_size, &sk_pi, key_size, &sk_pr); + +- if (encryption_algorithm_is_aead(alg)) +- { +- if (!derive_ike_aead(this, alg, key_size, prf_plus, &sk_ei, &sk_er)) +- { +- goto failure; +- } +- } +- else +- { +- if (!proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, +- &int_alg, NULL)) +- { +- DBG1(DBG_IKE, "no %N selected", +- transform_type_names, INTEGRITY_ALGORITHM); +- goto failure; +- } +- if (!derive_ike_traditional(this, alg, key_size, int_alg, prf_plus, +- &sk_ai, &sk_ar, &sk_ei, &sk_er)) +- { +- goto failure; +- } ++ /* SK_d is used for generating CHILD_SA key mat => store for later use */ ++ DBG4(DBG_IKE, "Sk_d secret %B", &this->skd); ++ if (!encryption_algorithm_is_aead(enc_alg)) ++ { /* SK_ai/SK_ar used for integrity protection */ ++ DBG4(DBG_IKE, "Sk_ai secret %B", &sk_ai); ++ DBG4(DBG_IKE, "Sk_ar secret %B", &sk_ar); + } +- +- /* SK_pi/SK_pr used for authentication => stored for later */ +- key_size = this->prf->get_key_size(this->prf); +- if (!prf_plus->allocate_bytes(prf_plus, key_size, &sk_pi)) ++ /* SK_ei/SK_er used for encryption */ ++ DBG4(DBG_IKE, "Sk_ei secret %B", &sk_ei); ++ DBG4(DBG_IKE, "Sk_er secret %B", &sk_er); ++ if (!set_aead_keys(this, enc_alg, sk_ai, sk_ar, sk_ei, sk_er)) + { + goto failure; + } ++ /* SK_pi/SK_pr used for authentication => stored for later */ + DBG4(DBG_IKE, "Sk_pi secret %B", &sk_pi); +- if (this->initiator) +- { +- this->skp_build = sk_pi; +- } +- else +- { +- this->skp_verify = sk_pi; +- } +- if (!prf_plus->allocate_bytes(prf_plus, key_size, &sk_pr)) +- { +- goto failure; +- } + DBG4(DBG_IKE, "Sk_pr secret %B", &sk_pr); + if (this->initiator) + { ++ this->skp_build = sk_pi; + this->skp_verify = sk_pr; + } + else + { + this->skp_build = sk_pr; ++ this->skp_verify = sk_pi; + } +- charon->bus->ike_derived_keys(charon->bus,this->skd, sk_ai, sk_ar, sk_ei, +- sk_er, sk_pi, sk_pr); ++ charon->bus->ike_derived_keys(charon->bus, this->skd, sk_ai, sk_ar, ++ sk_ei, sk_er, sk_pi, sk_pr); ++ success = TRUE; + + failure: +- chunk_clear(&sk_ai); +- chunk_clear(&sk_ar); +- chunk_clear(&sk_ei); +- chunk_clear(&sk_er); ++ chunk_clear(&keymat); + DESTROY_IF(prf_plus); +- DESTROY_IF(rekey_prf); +- +- return this->skp_build.len && this->skp_verify.len; ++ return success; + } + + /** +- * Derives a key from the given key and a PRF that was initialized with a PPK ++ * Derives a new key from the given PPK and old key + */ +-static bool derive_ppk_key(prf_t *prf, char *name, chunk_t key, +- chunk_t *new_key) ++static bool derive_ppk_key(private_keymat_v2_t *this, char *name, chunk_t ppk, ++ chunk_t key, chunk_t *new_key) + { +- prf_plus_t *prf_plus; ++ kdf_t *prf_plus; + +- prf_plus = prf_plus_create(prf, TRUE, key); ++ prf_plus = lib->crypto->create_kdf(lib->crypto, KDF_PRF_PLUS, this->prf_alg); + if (!prf_plus || ++ !prf_plus->set_param(prf_plus, KDF_PARAM_KEY, ppk) || ++ !prf_plus->set_param(prf_plus, KDF_PARAM_SALT, key) || + !prf_plus->allocate_bytes(prf_plus, key.len, new_key)) + { + DBG1(DBG_IKE, "unable to derive %s with PPK", name); +@@ -510,20 +463,6 @@ static bool derive_ppk_key(prf_t *prf, c + return TRUE; + } + +-/** +- * Use the given PPK to derive a new SK_pi/r +- */ +-static bool derive_skp_ppk(private_keymat_v2_t *this, chunk_t ppk, chunk_t skp, +- chunk_t *new_skp) +-{ +- if (!this->prf->set_key(this->prf, ppk)) +- { +- DBG1(DBG_IKE, "unable to set PPK in PRF"); +- return FALSE; +- } +- return derive_ppk_key(this->prf, "SK_p", skp, new_skp); +-} +- + METHOD(keymat_v2_t, derive_ike_keys_ppk, bool, + private_keymat_v2_t *this, chunk_t ppk) + { +@@ -548,14 +487,9 @@ METHOD(keymat_v2_t, derive_ike_keys_ppk, + + DBG4(DBG_IKE, "derive keys using PPK %B", &ppk); + +- if (!this->prf->set_key(this->prf, ppk)) +- { +- DBG1(DBG_IKE, "unable to set PPK in PRF"); +- return FALSE; +- } +- if (!derive_ppk_key(this->prf, "Sk_d", this->skd, &skd) || +- !derive_ppk_key(this->prf, "Sk_pi", *skpi, &new_skpi) || +- !derive_ppk_key(this->prf, "Sk_pr", *skpr, &new_skpr)) ++ if (!derive_ppk_key(this, "Sk_d", ppk, this->skd, &skd) || ++ !derive_ppk_key(this, "Sk_pi", ppk, *skpi, &new_skpi) || ++ !derive_ppk_key(this, "Sk_pr", ppk, *skpr, &new_skpr)) + { + chunk_clear(&skd); + chunk_clear(&new_skpi); +@@ -583,8 +517,8 @@ METHOD(keymat_v2_t, derive_child_keys, b + chunk_t *encr_r, chunk_t *integ_r) + { + uint16_t enc_alg, int_alg, enc_size = 0, int_size = 0; +- chunk_t seed, secret = chunk_empty; +- prf_plus_t *prf_plus; ++ chunk_t seed, secret = chunk_empty, keymat = chunk_empty; ++ kdf_t *prf_plus; + + if (proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, + &enc_alg, &enc_size)) +@@ -650,11 +584,6 @@ METHOD(keymat_v2_t, derive_child_keys, b + int_size /= 8; + } + +- if (!this->prf->set_key(this->prf, this->skd)) +- { +- return FALSE; +- } +- + if (dh) + { + if (!dh->get_shared_secret(dh, &secret)) +@@ -666,30 +595,30 @@ METHOD(keymat_v2_t, derive_child_keys, b + seed = chunk_cata("scc", secret, nonce_i, nonce_r); + DBG4(DBG_CHD, "seed %B", &seed); + +- prf_plus = prf_plus_create(this->prf, TRUE, seed); +- memwipe(seed.ptr, seed.len); +- +- if (!prf_plus) ++ prf_plus = lib->crypto->create_kdf(lib->crypto, KDF_PRF_PLUS, this->prf_alg); ++ if (!prf_plus || ++ !prf_plus->set_param(prf_plus, KDF_PARAM_KEY, this->skd) || ++ !prf_plus->set_param(prf_plus, KDF_PARAM_SALT, seed)) + { ++ DESTROY_IF(prf_plus); ++ memwipe(seed.ptr, seed.len); + return FALSE; + } ++ memwipe(seed.ptr, seed.len); + + *encr_i = *integ_i = *encr_r = *integ_r = chunk_empty; +- if (!prf_plus->allocate_bytes(prf_plus, enc_size, encr_i) || +- !prf_plus->allocate_bytes(prf_plus, int_size, integ_i) || +- !prf_plus->allocate_bytes(prf_plus, enc_size, encr_r) || +- !prf_plus->allocate_bytes(prf_plus, int_size, integ_r)) +- { +- chunk_free(encr_i); +- chunk_free(integ_i); +- chunk_free(encr_r); +- chunk_free(integ_r); ++ keymat.len = 2 * enc_size + 2 * int_size; ++ if (!prf_plus->allocate_bytes(prf_plus, keymat.len, &keymat)) ++ { + prf_plus->destroy(prf_plus); + return FALSE; + } +- + prf_plus->destroy(prf_plus); + ++ chunk_split(keymat, "aaaa", enc_size, encr_i, int_size, integ_i, ++ enc_size, encr_r, int_size, integ_r); ++ chunk_clear(&keymat); ++ + if (enc_size) + { + DBG4(DBG_CHD, "encryption initiator key %B", encr_i); +@@ -729,7 +658,7 @@ METHOD(keymat_v2_t, get_auth_octets, boo + if (ppk.ptr) + { + DBG4(DBG_IKE, "PPK %B", &ppk); +- if (!derive_skp_ppk(this, ppk, skp, &skp_ppk)) ++ if (!derive_ppk_key(this, "SK_p", ppk, skp, &skp_ppk)) + { + return FALSE; + } +@@ -775,7 +704,7 @@ METHOD(keymat_v2_t, get_psk_sig, bool, + secret = verify ? this->skp_verify : this->skp_build; + if (ppk.ptr) + { +- if (!derive_skp_ppk(this, ppk, secret, &skp_ppk)) ++ if (!derive_ppk_key(this, "SK_p", ppk, secret, &skp_ppk)) + { + return FALSE; + } +Index: strongswan-5.9.5/src/libstrongswan/Android.mk +=================================================================== +--- strongswan-5.9.5.orig/src/libstrongswan/Android.mk ++++ strongswan-5.9.5/src/libstrongswan/Android.mk +@@ -13,11 +13,11 @@ crypto/hashers/hash_algorithm_set.c cryp + crypto/proposal/proposal_keywords.c crypto/proposal/proposal_keywords_static.c \ + crypto/prfs/prf.c crypto/prfs/mac_prf.c crypto/pkcs5.c \ + crypto/rngs/rng.c crypto/rngs/rng_tester.c \ +-crypto/prf_plus.c crypto/signers/signer.c \ ++crypto/signers/signer.c \ + crypto/signers/mac_signer.c crypto/crypto_factory.c crypto/crypto_tester.c \ + crypto/diffie_hellman.c crypto/aead.c crypto/transform.c \ + crypto/iv/iv_gen.c crypto/iv/iv_gen_rand.c crypto/iv/iv_gen_seq.c \ +-crypto/iv/iv_gen_null.c \ ++crypto/iv/iv_gen_null.c crypto/kdfs/kdf.c \ + crypto/xofs/xof.c crypto/xofs/xof_bitspender.c \ + credentials/credential_factory.c credentials/builder.c \ + credentials/cred_encoding.c credentials/keys/private_key.c \ +@@ -91,6 +91,8 @@ endif + + LOCAL_SRC_FILES += $(call add_plugin, hmac) + ++LOCAL_SRC_FILES += $(call add_plugin, kdf) ++ + LOCAL_SRC_FILES += $(call add_plugin, md4) + + LOCAL_SRC_FILES += $(call add_plugin, md5) +Index: strongswan-5.9.5/src/libstrongswan/Makefile.am +=================================================================== +--- strongswan-5.9.5.orig/src/libstrongswan/Makefile.am ++++ strongswan-5.9.5/src/libstrongswan/Makefile.am +@@ -11,11 +11,11 @@ crypto/hashers/hash_algorithm_set.c cryp + crypto/proposal/proposal_keywords.c crypto/proposal/proposal_keywords_static.c \ + crypto/prfs/prf.c crypto/prfs/mac_prf.c crypto/pkcs5.c \ + crypto/rngs/rng.c crypto/rngs/rng_tester.c \ +-crypto/prf_plus.c crypto/signers/signer.c \ ++crypto/signers/signer.c \ + crypto/signers/mac_signer.c crypto/crypto_factory.c crypto/crypto_tester.c \ + crypto/diffie_hellman.c crypto/aead.c crypto/transform.c \ + crypto/iv/iv_gen.c crypto/iv/iv_gen_rand.c crypto/iv/iv_gen_seq.c \ +-crypto/iv/iv_gen_null.c \ ++crypto/iv/iv_gen_null.c crypto/kdfs/kdf.c \ + crypto/xofs/xof.c crypto/xofs/xof_bitspender.c \ + credentials/credential_factory.c credentials/builder.c \ + credentials/cred_encoding.c credentials/keys/private_key.c \ +@@ -77,11 +77,12 @@ crypto/hashers/hash_algorithm_set.h cryp + crypto/proposal/proposal_keywords.h crypto/proposal/proposal_keywords_static.h \ + crypto/rngs/rng.h crypto/rngs/rng_tester.h \ + crypto/prfs/prf.h crypto/prfs/mac_prf.h crypto/nonce_gen.h \ +-crypto/prf_plus.h crypto/signers/signer.h crypto/signers/mac_signer.h \ ++crypto/signers/signer.h crypto/signers/mac_signer.h \ + crypto/crypto_factory.h crypto/crypto_tester.h crypto/diffie_hellman.h \ + crypto/aead.h crypto/transform.h crypto/pkcs5.h crypto/iv/iv_gen.h \ + crypto/iv/iv_gen_rand.h crypto/iv/iv_gen_seq.h crypto/iv/iv_gen_null.h \ + crypto/xofs/xof.h crypto/xofs/xof_bitspender.h crypto/xofs/mgf1.h \ ++crypto/kdfs/kdf.h \ + credentials/credential_factory.h credentials/builder.h \ + credentials/cred_encoding.h credentials/keys/private_key.h \ + credentials/keys/public_key.h credentials/keys/shared_key.h \ +@@ -390,6 +391,13 @@ if MONOLITHIC + endif + endif + ++if USE_KDF ++ SUBDIRS += plugins/kdf ++if MONOLITHIC ++ libstrongswan_la_LIBADD += plugins/kdf/libstrongswan-kdf.la ++endif ++endif ++ + if USE_CMAC + SUBDIRS += plugins/cmac + if MONOLITHIC +Index: strongswan-5.9.5/src/libstrongswan/crypto/crypto_factory.c +=================================================================== +--- strongswan-5.9.5.orig/src/libstrongswan/crypto/crypto_factory.c ++++ strongswan-5.9.5/src/libstrongswan/crypto/crypto_factory.c +@@ -23,8 +23,6 @@ + #include + #include + +-const char *default_plugin_name = "default"; +- + typedef struct entry_t entry_t; + + struct entry_t { +@@ -53,6 +51,7 @@ struct entry_t { + hasher_constructor_t create_hasher; + prf_constructor_t create_prf; + xof_constructor_t create_xof; ++ kdf_constructor_t create_kdf; + drbg_constructor_t create_drbg; + rng_constructor_t create_rng; + nonce_gen_constructor_t create_nonce_gen; +@@ -104,6 +103,11 @@ struct private_crypto_factory_t { + linked_list_t *xofs; + + /** ++ * registered kdfs, as entry_t ++ */ ++ linked_list_t *kdfs; ++ ++ /** + * registered drbgs, as entry_t + */ + linked_list_t *drbgs; +@@ -171,7 +175,7 @@ METHOD(crypto_factory_t, create_crypter, + if (this->test_on_create && + !this->tester->test_crypter(this->tester, algo, key_size, + entry->create_crypter, NULL, +- default_plugin_name)) ++ entry->plugin_name)) + { + continue; + } +@@ -204,7 +208,7 @@ METHOD(crypto_factory_t, create_aead, ae + if (this->test_on_create && + !this->tester->test_aead(this->tester, algo, key_size, + salt_size, entry->create_aead, NULL, +- default_plugin_name)) ++ entry->plugin_name)) + { + continue; + } +@@ -236,7 +240,7 @@ METHOD(crypto_factory_t, create_signer, + if (this->test_on_create && + !this->tester->test_signer(this->tester, algo, + entry->create_signer, NULL, +- default_plugin_name)) ++ entry->plugin_name)) + { + continue; + } +@@ -268,7 +272,7 @@ METHOD(crypto_factory_t, create_hasher, + if (this->test_on_create && + !this->tester->test_hasher(this->tester, algo, + entry->create_hasher, NULL, +- default_plugin_name)) ++ entry->plugin_name)) + { + continue; + } +@@ -300,7 +304,7 @@ METHOD(crypto_factory_t, create_prf, prf + if (this->test_on_create && + !this->tester->test_prf(this->tester, algo, + entry->create_prf, NULL, +- default_plugin_name)) ++ entry->plugin_name)) + { + continue; + } +@@ -332,7 +336,7 @@ METHOD(crypto_factory_t, create_xof, xof + if (this->test_on_create && + !this->tester->test_xof(this->tester, algo, + entry->create_xof, NULL, +- default_plugin_name)) ++ entry->plugin_name)) + { + continue; + } +@@ -348,6 +352,48 @@ METHOD(crypto_factory_t, create_xof, xof + return xof; + } + ++METHOD(crypto_factory_t, create_kdf, kdf_t*, ++ private_crypto_factory_t *this, key_derivation_function_t algo, ...) ++{ ++ enumerator_t *enumerator; ++ entry_t *entry; ++ va_list args; ++ kdf_t *kdf = NULL; ++ ++ this->lock->read_lock(this->lock); ++ enumerator = this->kdfs->create_enumerator(this->kdfs); ++ while (enumerator->enumerate(enumerator, &entry)) ++ { ++ if (entry->algo == algo) ++ { ++ if (this->test_on_create) ++ { ++ kdf_test_args_t test_args = {}; ++ ++ va_start(test_args.args, algo); ++ if (!this->tester->test_kdf(this->tester, algo, ++ entry->create_kdf, &test_args, NULL, ++ entry->plugin_name)) ++ { ++ va_end(test_args.args); ++ continue; ++ } ++ va_end(test_args.args); ++ } ++ va_start(args, algo); ++ kdf = entry->create_kdf(algo, args); ++ va_end(args); ++ if (kdf) ++ { ++ break; ++ } ++ } ++ } ++ enumerator->destroy(enumerator); ++ this->lock->unlock(this->lock); ++ return kdf; ++} ++ + METHOD(crypto_factory_t, create_drbg, drbg_t*, + private_crypto_factory_t *this, drbg_type_t type, uint32_t strength, + rng_t *entropy, chunk_t personalization_str) +@@ -365,7 +411,7 @@ METHOD(crypto_factory_t, create_drbg, dr + if (this->test_on_create && + !this->tester->test_drbg(this->tester, type, + entry->create_drbg, NULL, +- default_plugin_name)) ++ entry->plugin_name)) + { + continue; + } +@@ -398,7 +444,7 @@ METHOD(crypto_factory_t, create_rng, rng + if (this->test_on_create && + !this->tester->test_rng(this->tester, quality, + entry->create_rng, NULL, +- default_plugin_name)) ++ entry->plugin_name)) + { + continue; + } +@@ -462,7 +508,7 @@ METHOD(crypto_factory_t, create_dh, diff + { + if (this->test_on_create && group != MODP_CUSTOM && + !this->tester->test_dh(this->tester, group, +- entry->create_dh, NULL, default_plugin_name)) ++ entry->create_dh, NULL, entry->plugin_name)) + { + continue; + } +@@ -749,6 +795,43 @@ METHOD(crypto_factory_t, remove_xof, voi + this->lock->unlock(this->lock); + } + ++METHOD(crypto_factory_t, add_kdf, bool, ++ private_crypto_factory_t *this, key_derivation_function_t algo, ++ const char *plugin_name, kdf_constructor_t create) ++{ ++ u_int speed = 0; ++ ++ if (!this->test_on_add || ++ this->tester->test_kdf(this->tester, algo, create, NULL, ++ this->bench ? &speed : NULL, plugin_name)) ++ { ++ add_entry(this, this->kdfs, algo, plugin_name, 0, create); ++ return TRUE; ++ } ++ this->test_failures++; ++ return FALSE; ++} ++ ++METHOD(crypto_factory_t, remove_kdf, void, ++ private_crypto_factory_t *this, kdf_constructor_t create) ++{ ++ entry_t *entry; ++ enumerator_t *enumerator; ++ ++ this->lock->write_lock(this->lock); ++ enumerator = this->kdfs->create_enumerator(this->kdfs); ++ while (enumerator->enumerate(enumerator, &entry)) ++ { ++ if (entry->create_kdf == create) ++ { ++ this->kdfs->remove_at(this->kdfs, enumerator); ++ free(entry); ++ } ++ } ++ enumerator->destroy(enumerator); ++ this->lock->unlock(this->lock); ++} ++ + METHOD(crypto_factory_t, add_drbg, bool, + private_crypto_factory_t *this, drbg_type_t type, + const char *plugin_name, drbg_constructor_t create) +@@ -1058,6 +1141,30 @@ METHOD(crypto_factory_t, create_xof_enum + return create_enumerator(this, this->xofs, xof_filter); + } + ++CALLBACK(kdf_filter, bool, ++ void *n, enumerator_t *orig, va_list args) ++{ ++ entry_t *entry; ++ key_derivation_function_t *algo; ++ const char **plugin_name; ++ ++ VA_ARGS_VGET(args, algo, plugin_name); ++ ++ if (orig->enumerate(orig, &entry)) ++ { ++ *algo = entry->algo; ++ *plugin_name = entry->plugin_name; ++ return TRUE; ++ } ++ return FALSE; ++} ++ ++METHOD(crypto_factory_t, create_kdf_enumerator, enumerator_t*, ++ private_crypto_factory_t *this) ++{ ++ return create_enumerator(this, this->kdfs, kdf_filter); ++} ++ + CALLBACK(drbg_filter, bool, + void *n, enumerator_t *orig, va_list args) + { +@@ -1169,6 +1276,8 @@ METHOD(crypto_factory_t, add_test_vector + return this->tester->add_prf_vector(this->tester, vector); + case EXTENDED_OUTPUT_FUNCTION: + return this->tester->add_xof_vector(this->tester, vector); ++ case KEY_DERIVATION_FUNCTION: ++ return this->tester->add_kdf_vector(this->tester, vector); + case DETERMINISTIC_RANDOM_BIT_GENERATOR: + return this->tester->add_drbg_vector(this->tester, vector); + case RANDOM_NUMBER_GENERATOR: +@@ -1232,6 +1341,10 @@ METHOD(enumerator_t, verify_enumerate, b + *valid = this->tester->test_xof(this->tester, entry->algo, + entry->create_xof, NULL, entry->plugin_name); + break; ++ case KEY_DERIVATION_FUNCTION: ++ *valid = this->tester->test_kdf(this->tester, entry->algo, ++ entry->create_kdf, NULL, NULL, entry->plugin_name); ++ break; + case DETERMINISTIC_RANDOM_BIT_GENERATOR: + *valid = this->tester->test_drbg(this->tester, entry->algo, + entry->create_drbg, NULL, entry->plugin_name); +@@ -1287,6 +1400,9 @@ METHOD(crypto_factory_t, create_verify_e + case EXTENDED_OUTPUT_FUNCTION: + inner = this->xofs->create_enumerator(this->xofs); + break; ++ case KEY_DERIVATION_FUNCTION: ++ inner = this->kdfs->create_enumerator(this->kdfs); ++ break; + case DETERMINISTIC_RANDOM_BIT_GENERATOR: + inner = this->drbgs->create_enumerator(this->drbgs); + break; +@@ -1323,6 +1439,7 @@ METHOD(crypto_factory_t, destroy, void, + this->hashers->destroy(this->hashers); + this->prfs->destroy(this->prfs); + this->xofs->destroy(this->xofs); ++ this->kdfs->destroy(this->kdfs); + this->drbgs->destroy(this->drbgs); + this->rngs->destroy(this->rngs); + this->nonce_gens->destroy(this->nonce_gens); +@@ -1347,6 +1464,7 @@ crypto_factory_t *crypto_factory_create( + .create_hasher = _create_hasher, + .create_prf = _create_prf, + .create_xof = _create_xof, ++ .create_kdf = _create_kdf, + .create_drbg = _create_drbg, + .create_rng = _create_rng, + .create_nonce_gen = _create_nonce_gen, +@@ -1363,6 +1481,8 @@ crypto_factory_t *crypto_factory_create( + .remove_prf = _remove_prf, + .add_xof = _add_xof, + .remove_xof = _remove_xof, ++ .add_kdf = _add_kdf, ++ .remove_kdf = _remove_kdf, + .add_drbg = _add_drbg, + .remove_drbg = _remove_drbg, + .add_rng = _add_rng, +@@ -1377,6 +1497,7 @@ crypto_factory_t *crypto_factory_create( + .create_hasher_enumerator = _create_hasher_enumerator, + .create_prf_enumerator = _create_prf_enumerator, + .create_xof_enumerator = _create_xof_enumerator, ++ .create_kdf_enumerator = _create_kdf_enumerator, + .create_drbg_enumerator = _create_drbg_enumerator, + .create_dh_enumerator = _create_dh_enumerator, + .create_rng_enumerator = _create_rng_enumerator, +@@ -1391,6 +1512,7 @@ crypto_factory_t *crypto_factory_create( + .hashers = linked_list_create(), + .prfs = linked_list_create(), + .xofs = linked_list_create(), ++ .kdfs = linked_list_create(), + .drbgs = linked_list_create(), + .rngs = linked_list_create(), + .nonce_gens = linked_list_create(), +Index: strongswan-5.9.5/src/libstrongswan/crypto/crypto_factory.h +=================================================================== +--- strongswan-5.9.5.orig/src/libstrongswan/crypto/crypto_factory.h ++++ strongswan-5.9.5/src/libstrongswan/crypto/crypto_factory.h +@@ -33,6 +33,7 @@ typedef struct crypto_factory_t crypto_f + #include + #include + #include ++#include + #include + #include + #include +@@ -71,6 +72,14 @@ typedef prf_t* (*prf_constructor_t)(pseu + typedef xof_t* (*xof_constructor_t)(ext_out_function_t algo); + + /** ++ * Constructor function for key derivation functions ++ * ++ * The additional arguments depend on the algorithm, see comments ++ * for key_derivation_function_t. ++ */ ++typedef kdf_t* (*kdf_constructor_t)(key_derivation_function_t algo, va_list args); ++ ++/** + * Constructor function for deterministic random bit generators + */ + typedef drbg_t* (*drbg_constructor_t)(drbg_type_t type, uint32_t strength, +@@ -154,6 +163,20 @@ struct crypto_factory_t { + */ + xof_t* (*create_xof)(crypto_factory_t *this, ext_out_function_t algo); + ++ ++ /** ++ * Create a key derivation function instance. ++ * ++ * Additional arguments depend on the KDF, please refer to the comments in ++ * key_derivation_function_t. ++ * ++ * @param algo KDF to create ++ * @param ... arguments depending on algo ++ * @return kdf_t instance, NULL if not supported ++ */ ++ kdf_t* (*create_kdf)(crypto_factory_t *this, ++ key_derivation_function_t algo, ...); ++ + /** + * Create a deterministic random bit generator instance. + * +@@ -306,6 +329,24 @@ struct crypto_factory_t { + void (*remove_xof)(crypto_factory_t *this, xof_constructor_t create); + + /** ++ * Register a kdf constructor. ++ * ++ * @param algo algorithm to constructor ++ * @param plugin_name plugin that registered this algorithm ++ * @param create constructor function for that algorithm ++ * @return TRUE if registered, FALSE if test vector failed ++ */ ++ bool (*add_kdf)(crypto_factory_t *this, key_derivation_function_t algo, ++ const char *plugin_name, kdf_constructor_t create); ++ ++ /** ++ * Unregister a kdf constructor. ++ * ++ * @param create constructor function to unregister ++ */ ++ void (*remove_kdf)(crypto_factory_t *this, kdf_constructor_t create); ++ ++ /** + * Register a drbg constructor. + * + * @param type type to constructor +@@ -420,6 +461,13 @@ struct crypto_factory_t { + enumerator_t* (*create_xof_enumerator)(crypto_factory_t *this); + + /** ++ * Create an enumerator over all registered KDFs. ++ * ++ * @return enumerator over key_derivation_function_t, plugin ++ */ ++ enumerator_t* (*create_kdf_enumerator)(crypto_factory_t *this); ++ ++ /** + * Create an enumerator over all registered DRBGs. + * + * @return enumerator over drbg_type_t, plugin +Index: strongswan-5.9.5/src/libstrongswan/crypto/crypto_tester.c +=================================================================== +--- strongswan-5.9.5.orig/src/libstrongswan/crypto/crypto_tester.c ++++ strongswan-5.9.5/src/libstrongswan/crypto/crypto_tester.c +@@ -70,6 +70,11 @@ struct private_crypto_tester_t { + linked_list_t *xof; + + /** ++ * List of KDF test vectors ++ */ ++ linked_list_t *kdf; ++ ++ /** + * List of DRBG test vectors + */ + linked_list_t *drbg; +@@ -1186,6 +1191,185 @@ failure: + return !failed; + } + ++ ++ ++/** ++ * Create a KDF using the given arguments ++ */ ++static kdf_t *create_kdf_args(kdf_constructor_t create, ++ key_derivation_function_t alg, ...) ++{ ++ va_list args; ++ kdf_t *kdf; ++ ++ va_start(args, alg); ++ kdf = create(alg, args); ++ va_end(args); ++ return kdf; ++} ++ ++/** ++ * Create a KDF using arguments from the given test vector ++ */ ++static kdf_t *create_kdf_vector(kdf_constructor_t create, ++ key_derivation_function_t alg, ++ kdf_test_vector_t *vector) ++{ ++ switch (alg) ++ { ++ case KDF_PRF_PLUS: ++ return create_kdf_args(create, alg, vector->arg.prf); ++ case KDF_UNDEFINED: ++ break; ++ } ++ return NULL; ++} ++ ++/** ++ * Check if the given test vector applies to the passed arguments ++ */ ++static bool kdf_vector_applies(key_derivation_function_t alg, ++ kdf_test_args_t *args, kdf_test_vector_t *vector) ++{ ++ bool applies = FALSE; ++ ++ switch (alg) ++ { ++ case KDF_PRF_PLUS: ++ { ++ pseudo_random_function_t prf; ++ VA_ARGS_VGET(args->args, prf); ++ applies = (prf == vector->arg.prf); ++ break; ++ } ++ case KDF_UNDEFINED: ++ break; ++ } ++ return applies; ++} ++ ++METHOD(crypto_tester_t, test_kdf, bool, ++ private_crypto_tester_t *this, key_derivation_function_t alg, ++ kdf_constructor_t create, kdf_test_args_t *args, u_int *speed, ++ const char *plugin_name) ++{ ++ enumerator_t *enumerator; ++ kdf_test_vector_t *vector; ++ va_list copy; ++ bool failed = FALSE; ++ u_int tested = 0, construction_failed = 0; ++ ++ enumerator = this->kdf->create_enumerator(this->kdf); ++ while (enumerator->enumerate(enumerator, &vector)) ++ { ++ kdf_t *kdf; ++ chunk_t out = chunk_empty; ++ ++ if (vector->alg != alg || ++ (args && !kdf_vector_applies(alg, args, vector))) ++ { ++ continue; ++ } ++ ++ tested++; ++ failed = TRUE; ++ if (args) ++ { ++ va_copy(copy, args->args); ++ kdf = create(alg, copy); ++ va_end(copy); ++ } ++ else ++ { ++ kdf = create_kdf_vector(create, alg, vector); ++ } ++ if (!kdf) ++ { ++ if (args) ++ { ++ DBG1(DBG_LIB, "disabled %N[%s]: creating instance failed", ++ key_derivation_function_names, alg, plugin_name); ++ break; ++ } ++ /* while there could be a problem, the constructor might just not ++ * be able to create an instance for this test vector, we check ++ * for that at the end */ ++ construction_failed++; ++ failed = FALSE; ++ continue; ++ } ++ ++ if (vector->key.len && ++ !kdf->set_param(kdf, KDF_PARAM_KEY, vector->key)) ++ { ++ goto failure; ++ } ++ if (vector->salt.len && ++ !kdf->set_param(kdf, KDF_PARAM_SALT, vector->salt)) ++ { ++ goto failure; ++ } ++ /* allocated bytes */ ++ if (!kdf->allocate_bytes(kdf, vector->out.len, &out)) ++ { ++ goto failure; ++ } ++ if (!chunk_equals(out, vector->out)) ++ { ++ goto failure; ++ } ++ /* bytes to existing buffer */ ++ memset(out.ptr, 0, out.len); ++ if (!kdf->get_bytes(kdf, out.len, out.ptr)) ++ { ++ goto failure; ++ } ++ if (!chunk_equals(out, vector->out)) ++ { ++ goto failure; ++ } ++ ++ failed = FALSE; ++failure: ++ kdf->destroy(kdf); ++ chunk_free(&out); ++ if (failed) ++ { ++ DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed", ++ key_derivation_function_names, alg, plugin_name, ++ get_name(vector)); ++ break; ++ } ++ } ++ enumerator->destroy(enumerator); ++ if (!tested) ++ { ++ DBG1(DBG_LIB, "%s %N[%s]: no test vectors found", ++ this->required ? "disabled" : "enabled ", ++ key_derivation_function_names, alg, plugin_name); ++ return !this->required; ++ } ++ tested -= construction_failed; ++ if (!tested) ++ { ++ DBG1(DBG_LIB, "%s %N[%s]: unable to apply any available test vectors", ++ this->required ? "disabled" : "enabled ", ++ key_derivation_function_names, alg, plugin_name); ++ return !this->required; ++ } ++ if (!failed) ++ { ++ if (speed) ++ { ++ DBG2(DBG_LIB, "benchmarking for %N is currently not supported", ++ key_derivation_function_names, alg); ++ } ++ DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors", ++ key_derivation_function_names, alg, plugin_name, tested); ++ } ++ return !failed; ++} ++ + /** + * Benchmark a DRBG + */ +@@ -1622,6 +1806,12 @@ METHOD(crypto_tester_t, add_xof_vector, + this->xof->insert_last(this->xof, vector); + } + ++METHOD(crypto_tester_t, add_kdf_vector, void, ++ private_crypto_tester_t *this, kdf_test_vector_t *vector) ++{ ++ this->kdf->insert_last(this->kdf, vector); ++} ++ + METHOD(crypto_tester_t, add_drbg_vector, void, + private_crypto_tester_t *this, drbg_test_vector_t *vector) + { +@@ -1649,6 +1839,7 @@ METHOD(crypto_tester_t, destroy, void, + this->hasher->destroy(this->hasher); + this->prf->destroy(this->prf); + this->xof->destroy(this->xof); ++ this->kdf->destroy(this->kdf); + this->drbg->destroy(this->drbg); + this->rng->destroy(this->rng); + this->dh->destroy(this->dh); +@@ -1670,6 +1861,7 @@ crypto_tester_t *crypto_tester_create() + .test_hasher = _test_hasher, + .test_prf = _test_prf, + .test_xof = _test_xof, ++ .test_kdf = _test_kdf, + .test_drbg = _test_drbg, + .test_rng = _test_rng, + .test_dh = _test_dh, +@@ -1679,6 +1871,7 @@ crypto_tester_t *crypto_tester_create() + .add_hasher_vector = _add_hasher_vector, + .add_prf_vector = _add_prf_vector, + .add_xof_vector = _add_xof_vector, ++ .add_kdf_vector = _add_kdf_vector, + .add_drbg_vector = _add_drbg_vector, + .add_rng_vector = _add_rng_vector, + .add_dh_vector = _add_dh_vector, +@@ -1690,6 +1883,7 @@ crypto_tester_t *crypto_tester_create() + .hasher = linked_list_create(), + .prf = linked_list_create(), + .xof = linked_list_create(), ++ .kdf = linked_list_create(), + .drbg = linked_list_create(), + .rng = linked_list_create(), + .dh = linked_list_create(), +Index: strongswan-5.9.5/src/libstrongswan/crypto/crypto_tester.h +=================================================================== +--- strongswan-5.9.5.orig/src/libstrongswan/crypto/crypto_tester.h ++++ strongswan-5.9.5/src/libstrongswan/crypto/crypto_tester.h +@@ -32,6 +32,8 @@ typedef struct signer_test_vector_t sign + typedef struct hasher_test_vector_t hasher_test_vector_t; + typedef struct prf_test_vector_t prf_test_vector_t; + typedef struct xof_test_vector_t xof_test_vector_t; ++typedef struct kdf_test_vector_t kdf_test_vector_t; ++typedef struct kdf_test_args_t kdf_test_args_t; + typedef struct drbg_test_vector_t drbg_test_vector_t; + typedef struct rng_test_vector_t rng_test_vector_t; + typedef struct dh_test_vector_t dh_test_vector_t; +@@ -130,6 +132,26 @@ struct xof_test_vector_t { + u_char *out; + }; + ++struct kdf_test_vector_t { ++ /** kdf algorithm this test vector tests */ ++ key_derivation_function_t alg; ++ /** argument passed to constructor, type depends on alg */ ++ union { ++ pseudo_random_function_t prf; ++ } arg; ++ /** optional key */ ++ chunk_t key; ++ /** optional salt */ ++ chunk_t salt; ++ /** expected output */ ++ chunk_t out; ++}; ++ ++struct kdf_test_args_t { ++ /** the arguments used to construct the KDF */ ++ va_list args; ++}; ++ + struct drbg_test_vector_t { + /** drbg type this test vector tests */ + drbg_type_t type; +@@ -257,6 +279,22 @@ struct crypto_tester_t { + xof_constructor_t create, + u_int *speed, const char *plugin_name); + /** ++ * Test a KDF algorithm. ++ * ++ * If constructor arguments are passed, only matching test vectors are ++ * tried. Otherwise, all are tried and implementations are allowed to fail ++ * construction with unsupported arguments. ++ * ++ * @param alg algorithm to test ++ * @param create constructor function for the XOF ++ * @param args optional arguments to pass to constructor ++ * @param speed speed test result, NULL to omit ++ * @return TRUE if test passed ++ */ ++ bool (*test_kdf)(crypto_tester_t *this, key_derivation_function_t alg, ++ kdf_constructor_t create, kdf_test_args_t *args, ++ u_int *speed, const char *plugin_name); ++ /** + * Test a DRBG type. + * + * @param type DRBG type to test +@@ -333,6 +371,13 @@ struct crypto_tester_t { + void (*add_xof_vector)(crypto_tester_t *this, xof_test_vector_t *vector); + + /** ++ * Add a test vector to test a KDF. ++ * ++ * @param vector pointer to test vector ++ */ ++ void (*add_kdf_vector)(crypto_tester_t *this, kdf_test_vector_t *vector); ++ ++ /** + * Add a test vector to test a DRBG. + * + * @param vector pointer to test vector +Index: strongswan-5.9.5/src/libstrongswan/crypto/kdfs/kdf.c +=================================================================== +--- /dev/null ++++ strongswan-5.9.5/src/libstrongswan/crypto/kdfs/kdf.c +@@ -0,0 +1,28 @@ ++/* ++ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH ++ * ++ * Permission is hereby granted, free of charge, to any person obtaining a copy ++ * of this software and associated documentation files (the "Software"), to deal ++ * in the Software without restriction, including without limitation the rights ++ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell ++ * copies of the Software, and to permit persons to whom the Software is ++ * furnished to do so, subject to the following conditions: ++ * ++ * The above copyright notice and this permission notice shall be included in ++ * all copies or substantial portions of the Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ++ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ++ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN ++ * THE SOFTWARE. ++ */ ++ ++#include "kdf.h" ++ ++ENUM(key_derivation_function_names, KDF_UNDEFINED, KDF_PRF_PLUS, ++ "KDF_UNDEFINED", ++ "KDF_PRF_PLUS", ++); +Index: strongswan-5.9.5/src/libstrongswan/crypto/kdfs/kdf.h +=================================================================== +--- /dev/null ++++ strongswan-5.9.5/src/libstrongswan/crypto/kdfs/kdf.h +@@ -0,0 +1,124 @@ ++/* ++ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH ++ * ++ * Permission is hereby granted, free of charge, to any person obtaining a copy ++ * of this software and associated documentation files (the "Software"), to deal ++ * in the Software without restriction, including without limitation the rights ++ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell ++ * copies of the Software, and to permit persons to whom the Software is ++ * furnished to do so, subject to the following conditions: ++ * ++ * The above copyright notice and this permission notice shall be included in ++ * all copies or substantial portions of the Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ++ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ++ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN ++ * THE SOFTWARE. ++ */ ++ ++/** ++ * @defgroup kdf kdf ++ * @{ @ingroup crypto ++ */ ++ ++#ifndef KDF_H_ ++#define KDF_H_ ++ ++typedef enum key_derivation_function_t key_derivation_function_t; ++typedef enum kdf_param_t kdf_param_t; ++typedef struct kdf_t kdf_t; ++ ++#include ++ ++/** ++ * Key Derivation Functions (KDF). ++ */ ++enum key_derivation_function_t { ++ ++ KDF_UNDEFINED, ++ ++ /** ++ * RFC 7296 prf+, expects a pseudo_random_function_t in the constructor, ++ * parameters are KEY and SALT. ++ */ ++ KDF_PRF_PLUS, ++}; ++ ++/** ++ * enum name for key_derivation_function_t. ++ */ ++extern enum_name_t *key_derivation_function_names; ++ ++/** ++ * Parameters for KDFs. ++ */ ++enum kdf_param_t { ++ ++ /** ++ * Key used for the key derivation (chunk_t). ++ */ ++ KDF_PARAM_KEY, ++ ++ /** ++ * Salt used for the key derivation (chunk_t). ++ */ ++ KDF_PARAM_SALT, ++}; ++ ++/** ++ * Generic interface for Key Derivation Functions (KDF). ++ * ++ * Note that in comparison to xof_t, this interface does not support streaming. ++ * That is, calling get_bytes() or allocate_bytes() multiple times without ++ * changing the input parameters will result in the same output. ++ */ ++struct kdf_t { ++ ++ /** ++ * Return the type of KDF. ++ * ++ * @return KDF type ++ */ ++ key_derivation_function_t (*get_type)(kdf_t *this); ++ ++ /** ++ * Derives a key of the given length and writes it to the buffer. ++ * ++ * @param out_len number of key bytes requested ++ * @param buffer pointer where the derived key will be written ++ * @return TRUE if key derived successfully ++ */ ++ bool (*get_bytes)(kdf_t *this, size_t out_len, ++ uint8_t *buffer) __attribute__((warn_unused_result)); ++ ++ /** ++ * Derives a key of the given length and allocates space for it. ++ * ++ * @param out_len number of key bytes requested ++ * @param chunk chunk which will hold the derived key ++ * @return TRUE if key derived successfully ++ */ ++ bool (*allocate_bytes)(kdf_t *this, size_t out_len, ++ chunk_t *chunk) __attribute__((warn_unused_result)); ++ ++ /** ++ * Set a parameter for this KDF. ++ * ++ * @param param parameter to set ++ * @param ... parameter values ++ * @return TRUE if parameter set successfully ++ */ ++ bool (*set_param)(kdf_t *this, kdf_param_t param, ++ ...) __attribute__((warn_unused_result)); ++ ++ /** ++ * Destroys this KDF object. ++ */ ++ void (*destroy)(kdf_t *this); ++}; ++ ++#endif /** KDF_H_ @}*/ +Index: strongswan-5.9.5/src/libstrongswan/crypto/pkcs5.c +=================================================================== +--- strongswan-5.9.5.orig/src/libstrongswan/crypto/pkcs5.c ++++ strongswan-5.9.5/src/libstrongswan/crypto/pkcs5.c +@@ -131,7 +131,7 @@ static bool verify_padding(crypter_t *cr + /** + * Prototype for key derivation functions. + */ +-typedef bool (*kdf_t)(private_pkcs5_t *this, chunk_t password, chunk_t key); ++typedef bool (*derive_t)(private_pkcs5_t *this, chunk_t password, chunk_t key); + + /** + * Try to decrypt the given data with the given password using the given +@@ -139,7 +139,7 @@ typedef bool (*kdf_t)(private_pkcs5_t *t + * to, key and iv point to the actual keys and initialization vectors resp. + */ + static bool decrypt_generic(private_pkcs5_t *this, chunk_t password, +- chunk_t data, chunk_t *decrypted, kdf_t kdf, ++ chunk_t data, chunk_t *decrypted, derive_t kdf, + chunk_t keymat, chunk_t key, chunk_t iv) + { + if (!kdf(this, password, keymat)) +@@ -341,7 +341,7 @@ METHOD(pkcs5_t, decrypt, bool, + private_pkcs5_t *this, chunk_t password, chunk_t data, chunk_t *decrypted) + { + chunk_t keymat, key, iv; +- kdf_t kdf; ++ derive_t kdf; + + if (!ensure_crypto_primitives(this, data) || !decrypted) + { +Index: strongswan-5.9.5/src/libstrongswan/crypto/prf_plus.c +=================================================================== +--- strongswan-5.9.5.orig/src/libstrongswan/crypto/prf_plus.c ++++ /dev/null +@@ -1,170 +0,0 @@ +-/* +- * Copyright (C) 2005-2006 Martin Willi +- * Copyright (C) 2005 Jan Hutter +- * HSR Hochschule fuer Technik Rapperswil +- * +- * This program is free software; you can redistribute it and/or modify it +- * under the terms of the GNU General Public License as published by the +- * Free Software Foundation; either version 2 of the License, or (at your +- * option) any later version. See . +- * +- * This program is distributed in the hope that it will be useful, but +- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +- * for more details. +- */ +- +-#include +- +-#include "prf_plus.h" +- +-typedef struct private_prf_plus_t private_prf_plus_t; +- +-typedef bool (*apply_prf_t)(private_prf_plus_t *this); +- +-/** +- * Private data of an prf_plus_t object. +- * +- */ +-struct private_prf_plus_t { +- +- /** +- * Public interface of prf_plus_t. +- */ +- prf_plus_t public; +- +- /** +- * PRF to use. +- */ +- prf_t *prf; +- +- /** +- * Initial seed. +- */ +- chunk_t seed; +- +- /** +- * Octet which will be appended to the seed if a counter is used. +- */ +- uint8_t counter; +- +- /** +- * Already given out bytes in current buffer. +- */ +- size_t used; +- +- /** +- * Buffer to store current PRF result. +- */ +- chunk_t buffer; +- +- /** +- * The prf application method depending on whether a counter is used. +- */ +- apply_prf_t apply_prf; +-}; +- +-/** +- * Apply the PRF using the running counter +- */ +-static bool apply_prf_counter(private_prf_plus_t *this) +-{ +- if (!this->prf->get_bytes(this->prf, this->seed, NULL) || +- !this->prf->get_bytes(this->prf, chunk_from_thing(this->counter), +- this->buffer.ptr)) +- { +- return FALSE; +- } +- this->counter++; +- if (!this->counter) +- { /* according to RFC 7296, section 2.13, prf+ is undefined once the +- * counter wrapped, so let's fail for future calls */ +- this->apply_prf = (void*)return_false; +- } +- return TRUE; +-} +- +-/** +- * Apply the PRF using the running counter +- */ +-static bool apply_prf(private_prf_plus_t *this) +-{ +- return this->prf->get_bytes(this->prf, this->seed, this->buffer.ptr); +-} +- +-METHOD(prf_plus_t, get_bytes, bool, +- private_prf_plus_t *this, size_t length, uint8_t *buffer) +-{ +- size_t round, written = 0; +- +- while (length > 0) +- { +- if (this->buffer.len == this->used) +- { /* buffer used, get next round */ +- if (!this->prf->get_bytes(this->prf, this->buffer, NULL)) +- { +- return FALSE; +- } +- if (!this->apply_prf(this)) +- { +- return FALSE; +- } +- this->used = 0; +- } +- round = min(length, this->buffer.len - this->used); +- memcpy(buffer + written, this->buffer.ptr + this->used, round); +- +- length -= round; +- this->used += round; +- written += round; +- } +- return TRUE; +-} +- +-METHOD(prf_plus_t, allocate_bytes, bool, +- private_prf_plus_t *this, size_t length, chunk_t *chunk) +-{ +- *chunk = chunk_alloc(length); +- if (!get_bytes(this, length, chunk->ptr)) +- { +- chunk_free(chunk); +- return FALSE; +- } +- return TRUE; +-} +- +-METHOD(prf_plus_t, destroy, void, +- private_prf_plus_t *this) +-{ +- chunk_clear(&this->buffer); +- chunk_clear(&this->seed); +- free(this); +-} +- +-/* +- * Description in header. +- */ +-prf_plus_t *prf_plus_create(prf_t *prf, bool counter, chunk_t seed) +-{ +- private_prf_plus_t *this; +- +- INIT(this, +- .public = { +- .get_bytes = _get_bytes, +- .allocate_bytes = _allocate_bytes, +- .destroy = _destroy, +- }, +- .prf = prf, +- .seed = chunk_clone(seed), +- .buffer = chunk_alloc(prf->get_block_size(prf)), +- .apply_prf = counter ? apply_prf_counter : apply_prf, +- .counter = 0x01, +- ); +- +- if (!this->apply_prf(this)) +- { +- destroy(this); +- return NULL; +- } +- return &this->public; +-} +Index: strongswan-5.9.5/src/libstrongswan/crypto/prf_plus.h +=================================================================== +--- strongswan-5.9.5.orig/src/libstrongswan/crypto/prf_plus.h ++++ /dev/null +@@ -1,70 +0,0 @@ +-/* +- * Copyright (C) 2005-2006 Martin Willi +- * Copyright (C) 2005 Jan Hutter +- * HSR Hochschule fuer Technik Rapperswil +- * +- * This program is free software; you can redistribute it and/or modify it +- * under the terms of the GNU General Public License as published by the +- * Free Software Foundation; either version 2 of the License, or (at your +- * option) any later version. See . +- * +- * This program is distributed in the hope that it will be useful, but +- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +- * for more details. +- */ +- +-/** +- * @defgroup prf_plus prf_plus +- * @{ @ingroup crypto +- */ +- +-#ifndef PRF_PLUS_H_ +-#define PRF_PLUS_H_ +- +-typedef struct prf_plus_t prf_plus_t; +- +-#include +- +-/** +- * Implementation of the prf+ function used in IKEv1/IKEv2 keymat extension. +- */ +-struct prf_plus_t { +- +- /** +- * Get pseudo random bytes. +- * +- * @param length number of bytes to get +- * @param buffer pointer where the generated bytes will be written +- * @return TRUE if bytes generated successfully +- */ +- bool (*get_bytes)(prf_plus_t *this, size_t length, +- uint8_t *buffer) __attribute__((warn_unused_result)); +- +- /** +- * Allocate pseudo random bytes. +- * +- * @param length number of bytes to get +- * @param chunk chunk which will hold generated bytes +- * @return TRUE if bytes allocated successfully +- */ +- bool (*allocate_bytes)(prf_plus_t *this, size_t length, +- chunk_t *chunk) __attribute__((warn_unused_result)); +- +- /** +- * Destroys a prf_plus_t object. +- */ +- void (*destroy)(prf_plus_t *this); +-}; +- +-/** +- * Creates a new prf_plus_t object. +- * +- * @param prf prf object to use, must be destroyed after prf+. +- * @param counter use an appending counter byte (for IKEv2 variant) +- * @param seed input seed for prf +- * @return prf_plus_t object, NULL on failure +- */ +-prf_plus_t *prf_plus_create(prf_t *prf, bool counter, chunk_t seed); +- +-#endif /** PRF_PLUS_H_ @}*/ +Index: strongswan-5.9.5/src/libstrongswan/crypto/transform.c +=================================================================== +--- strongswan-5.9.5.orig/src/libstrongswan/crypto/transform.c ++++ strongswan-5.9.5/src/libstrongswan/crypto/transform.c +@@ -16,6 +16,7 @@ + #include + #include + #include ++#include + + ENUM_BEGIN(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, + "ENCRYPTION_ALGORITHM", +@@ -23,16 +24,16 @@ ENUM_BEGIN(transform_type_names, ENCRYPT + "INTEGRITY_ALGORITHM", + "DIFFIE_HELLMAN_GROUP", + "EXTENDED_SEQUENCE_NUMBERS"); +-ENUM_NEXT(transform_type_names, HASH_ALGORITHM, DETERMINISTIC_RANDOM_BIT_GENERATOR, ++ENUM_NEXT(transform_type_names, HASH_ALGORITHM, KEY_DERIVATION_FUNCTION, + EXTENDED_SEQUENCE_NUMBERS, + "HASH_ALGORITHM", + "RANDOM_NUMBER_GENERATOR", + "AEAD_ALGORITHM", + "COMPRESSION_ALGORITHM", + "EXTENDED OUTPUT FUNCTION", +- "DETERMINISTIC RANDOM BIT GENERATOR"); +-ENUM_END(transform_type_names, DETERMINISTIC_RANDOM_BIT_GENERATOR); +- ++ "DETERMINISTIC RANDOM BIT GENERATOR", ++ "KEY_DERIVATION_FUNCTION"); ++ENUM_END(transform_type_names, KEY_DERIVATION_FUNCTION); + + ENUM(extended_sequence_numbers_names, NO_EXT_SEQ_NUMBERS, EXT_SEQ_NUMBERS, + "NO_EXT_SEQ", +@@ -65,6 +66,8 @@ enum_name_t* transform_get_enum_names(tr + return ext_out_function_names; + case DETERMINISTIC_RANDOM_BIT_GENERATOR: + return drbg_type_names; ++ case KEY_DERIVATION_FUNCTION: ++ return key_derivation_function_names; + case COMPRESSION_ALGORITHM: + break; + } +Index: strongswan-5.9.5/src/libstrongswan/crypto/transform.h +=================================================================== +--- strongswan-5.9.5.orig/src/libstrongswan/crypto/transform.h ++++ strongswan-5.9.5/src/libstrongswan/crypto/transform.h +@@ -40,6 +40,7 @@ enum transform_type_t { + COMPRESSION_ALGORITHM = 259, + EXTENDED_OUTPUT_FUNCTION = 260, + DETERMINISTIC_RANDOM_BIT_GENERATOR = 261, ++ KEY_DERIVATION_FUNCTION = 262, + }; + + /** +Index: strongswan-5.9.5/src/libstrongswan/plugins/botan/Makefile.am +=================================================================== +--- strongswan-5.9.5.orig/src/libstrongswan/plugins/botan/Makefile.am ++++ strongswan-5.9.5/src/libstrongswan/plugins/botan/Makefile.am +@@ -16,6 +16,7 @@ libstrongswan_botan_la_SOURCES = \ + botan_rng.h botan_rng.c \ + botan_hasher.h botan_hasher.c \ + botan_hmac.h botan_hmac.c \ ++ botan_kdf.h botan_kdf.c \ + botan_crypter.h botan_crypter.c \ + botan_rsa_public_key.h botan_rsa_public_key.c \ + botan_rsa_private_key.h botan_rsa_private_key.c \ +Index: strongswan-5.9.5/src/libstrongswan/plugins/botan/botan_kdf.c +=================================================================== +--- /dev/null ++++ strongswan-5.9.5/src/libstrongswan/plugins/botan/botan_kdf.c +@@ -0,0 +1,185 @@ ++/* ++ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH ++ * ++ * Permission is hereby granted, free of charge, to any person obtaining a copy ++ * of this software and associated documentation files (the "Software"), to deal ++ * in the Software without restriction, including without limitation the rights ++ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell ++ * copies of the Software, and to permit persons to whom the Software is ++ * furnished to do so, subject to the following conditions: ++ * ++ * The above copyright notice and this permission notice shall be included in ++ * all copies or substantial portions of the Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ++ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ++ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN ++ * THE SOFTWARE. ++ */ ++ ++#define _GNU_SOURCE ++#include "botan_kdf.h" ++#include "botan_util.h" ++ ++#include ++ ++#ifdef BOTAN_HAS_HKDF ++ ++#include ++ ++typedef struct private_kdf_t private_kdf_t; ++ ++/** ++ * Private data. ++ */ ++struct private_kdf_t { ++ ++ /** ++ * Public interface. ++ */ ++ kdf_t public; ++ ++ /** ++ * Name of the KDF algorithm in Botan. ++ */ ++ char *name; ++ ++ /** ++ * Key for KDF. ++ */ ++ chunk_t key; ++ ++ /** ++ * Salt for KDF. ++ */ ++ chunk_t salt; ++ ++#if BOTAN_VERSION_MAJOR == 2 ++ /** ++ * Used for a manual length check in get_bytes(). ++ */ ++ size_t hash_size; ++#endif ++}; ++ ++METHOD(kdf_t, get_type, key_derivation_function_t, ++ private_kdf_t *this) ++{ ++ return KDF_PRF_PLUS; ++} ++ ++METHOD(kdf_t, get_bytes, bool, ++ private_kdf_t *this, size_t out_len, uint8_t *buffer) ++{ ++#if BOTAN_VERSION_MAJOR == 2 ++ /* Botan 2 doesn't check the length, just silently prevents wrapping the ++ * counter and returns truncated output, so do this manually */ ++ if (out_len > this->hash_size * 255) ++ { ++ return FALSE; ++ } ++#endif ++ if (botan_kdf(this->name, buffer, out_len, this->key.ptr, this->key.len, ++ NULL, 0, this->salt.ptr, this->salt.len)) ++ { ++ return FALSE; ++ } ++ return TRUE; ++} ++ ++METHOD(kdf_t, allocate_bytes, bool, ++ private_kdf_t *this, size_t out_len, chunk_t *chunk) ++{ ++ *chunk = chunk_alloc(out_len); ++ ++ if (!get_bytes(this, out_len, chunk->ptr)) ++ { ++ chunk_free(chunk); ++ return FALSE; ++ } ++ return TRUE; ++} ++ ++METHOD(kdf_t, set_param, bool, ++ private_kdf_t *this, kdf_param_t param, ...) ++{ ++ chunk_t chunk; ++ ++ switch (param) ++ { ++ case KDF_PARAM_KEY: ++ VA_ARGS_GET(param, chunk); ++ chunk_clear(&this->key); ++ this->key = chunk_clone(chunk); ++ break; ++ case KDF_PARAM_SALT: ++ VA_ARGS_GET(param, chunk); ++ chunk_clear(&this->salt); ++ this->salt = chunk_clone(chunk); ++ break; ++ } ++ return TRUE; ++} ++ ++METHOD(kdf_t, destroy, void, ++ private_kdf_t *this) ++{ ++ chunk_clear(&this->salt); ++ chunk_clear(&this->key); ++ free(this->name); ++ free(this); ++} ++ ++/* ++ * Described in header ++ */ ++kdf_t *botan_kdf_create(key_derivation_function_t algo, va_list args) ++{ ++ private_kdf_t *this; ++ pseudo_random_function_t prf_alg; ++ const char *hash_name; ++ char *name, buf[8]; ++ ++ if (algo != KDF_PRF_PLUS) ++ { ++ return NULL; ++ } ++ ++ VA_ARGS_VGET(args, prf_alg); ++ hash_name = botan_get_hash(hasher_algorithm_from_prf(prf_alg)); ++ if (!hash_name) ++ { ++ return NULL; ++ } ++ if (asprintf(&name, "HKDF-Expand(%s)", hash_name) <= 0) ++ { ++ return NULL; ++ } ++ ++ INIT(this, ++ .public = { ++ .get_type = _get_type, ++ .get_bytes = _get_bytes, ++ .allocate_bytes = _allocate_bytes, ++ .set_param = _set_param, ++ .destroy = _destroy, ++ }, ++ .name = name, ++#if BOTAN_VERSION_MAJOR == 2 ++ .hash_size = hasher_hash_size(hasher_algorithm_from_prf(prf_alg)), ++#endif ++ ); ++ ++ /* test if we can actually use the algorithm */ ++ if (!get_bytes(this, sizeof(buf), buf)) ++ { ++ destroy(this); ++ return NULL; ++ } ++ return &this->public; ++} ++ ++#endif +Index: strongswan-5.9.5/src/libstrongswan/plugins/botan/botan_kdf.h +=================================================================== +--- /dev/null ++++ strongswan-5.9.5/src/libstrongswan/plugins/botan/botan_kdf.h +@@ -0,0 +1,45 @@ ++/* ++ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH ++ * ++ * Permission is hereby granted, free of charge, to any person obtaining a copy ++ * of this software and associated documentation files (the "Software"), to deal ++ * in the Software without restriction, including without limitation the rights ++ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell ++ * copies of the Software, and to permit persons to whom the Software is ++ * furnished to do so, subject to the following conditions: ++ * ++ * The above copyright notice and this permission notice shall be included in ++ * all copies or substantial portions of the Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ++ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ++ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN ++ * THE SOFTWARE. ++ */ ++ ++/** ++ * Implements key derivation functions (KDF) using Botan, in particular prf+, ++ * which is implemented via Botan's HKDF implementation. ++ * ++ * @defgroup botan_kdf botan_kdf ++ * @{ @ingroup botan_p ++ */ ++ ++#ifndef BOTAN_KDF_H_ ++#define BOTAN_KDF_H_ ++ ++#include ++ ++/** ++ * Creates a new kdf_t object. ++ * ++ * @param algo algorithm to instantiate ++ * @param args algorithm-specific arguments ++ * @return kdf_t object, NULL if not supported ++ */ ++kdf_t *botan_kdf_create(key_derivation_function_t algo, va_list args); ++ ++#endif /** BOTAN_KDF_H_ @}*/ +Index: strongswan-5.9.5/src/libstrongswan/plugins/botan/botan_plugin.c +=================================================================== +--- strongswan-5.9.5.orig/src/libstrongswan/plugins/botan/botan_plugin.c ++++ strongswan-5.9.5/src/libstrongswan/plugins/botan/botan_plugin.c +@@ -32,6 +32,7 @@ + #include "botan_crypter.h" + #include "botan_diffie_hellman.h" + #include "botan_hmac.h" ++#include "botan_kdf.h" + #include "botan_rsa_public_key.h" + #include "botan_rsa_private_key.h" + #include "botan_ec_diffie_hellman.h" +@@ -209,6 +210,12 @@ METHOD(plugin_t, get_features, int, + #endif + #endif /* BOTAN_HAS_HMAC */ + ++ /* kdfs */ ++#ifdef BOTAN_HAS_HKDF ++ PLUGIN_REGISTER(SIGNER, botan_kdf_create), ++ PLUGIN_PROVIDE(KDF, KDF_PRF_PLUS), ++#endif /* BOTAN_HAS_HKDF */ ++ + /* generic key loaders */ + #if defined (BOTAN_HAS_RSA) || defined(BOTAN_HAS_ECDSA) || \ + defined(BOTAN_HAS_ED25519) +Index: strongswan-5.9.5/src/libstrongswan/plugins/kdf/Makefile.am +=================================================================== +--- /dev/null ++++ strongswan-5.9.5/src/libstrongswan/plugins/kdf/Makefile.am +@@ -0,0 +1,17 @@ ++AM_CPPFLAGS = \ ++ -I$(top_srcdir)/src/libstrongswan ++ ++AM_CFLAGS = \ ++ $(PLUGIN_CFLAGS) ++ ++if MONOLITHIC ++noinst_LTLIBRARIES = libstrongswan-kdf.la ++else ++plugin_LTLIBRARIES = libstrongswan-kdf.la ++endif ++ ++libstrongswan_kdf_la_SOURCES = \ ++ kdf_plugin.h kdf_plugin.c \ ++ kdf_prf_plus.h kdf_prf_plus.c ++ ++libstrongswan_kdf_la_LDFLAGS = -module -avoid-version +Index: strongswan-5.9.5/src/libstrongswan/plugins/kdf/kdf_plugin.c +=================================================================== +--- /dev/null ++++ strongswan-5.9.5/src/libstrongswan/plugins/kdf/kdf_plugin.c +@@ -0,0 +1,88 @@ ++/* ++ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH ++ * ++ * Permission is hereby granted, free of charge, to any person obtaining a copy ++ * of this software and associated documentation files (the "Software"), to deal ++ * in the Software without restriction, including without limitation the rights ++ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell ++ * copies of the Software, and to permit persons to whom the Software is ++ * furnished to do so, subject to the following conditions: ++ * ++ * The above copyright notice and this permission notice shall be included in ++ * all copies or substantial portions of the Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ++ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ++ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN ++ * THE SOFTWARE. ++ */ ++ ++#include "kdf_plugin.h" ++#include "kdf_prf_plus.h" ++ ++#include ++ ++typedef struct private_kdf_plugin_t private_kdf_plugin_t; ++ ++/** ++ * Private data ++ */ ++struct private_kdf_plugin_t { ++ ++ /** ++ * Public interface ++ */ ++ kdf_plugin_t public; ++}; ++ ++METHOD(plugin_t, get_name, char*, ++ private_kdf_plugin_t *this) ++{ ++ return "kdf"; ++} ++ ++METHOD(plugin_t, get_features, int, ++ private_kdf_plugin_t *this, plugin_feature_t *features[]) ++{ ++ static plugin_feature_t f[] = { ++ PLUGIN_REGISTER(KDF, kdf_prf_plus_create), ++ PLUGIN_PROVIDE(KDF, KDF_PRF_PLUS), ++ PLUGIN_SDEPEND(PRF, PRF_HMAC_SHA1), ++ PLUGIN_SDEPEND(PRF, PRF_HMAC_SHA2_256), ++ PLUGIN_SDEPEND(PRF, PRF_HMAC_SHA2_384), ++ PLUGIN_SDEPEND(PRF, PRF_HMAC_SHA2_512), ++ PLUGIN_SDEPEND(PRF, PRF_AES128_XCBC), ++ PLUGIN_SDEPEND(PRF, PRF_AES128_CMAC), ++ }; ++ *features = f; ++ return countof(f); ++} ++ ++METHOD(plugin_t, destroy, void, ++ private_kdf_plugin_t *this) ++{ ++ free(this); ++} ++ ++/* ++ * Described in header ++ */ ++plugin_t *kdf_plugin_create() ++{ ++ private_kdf_plugin_t *this; ++ ++ INIT(this, ++ .public = { ++ .plugin = { ++ .get_name = _get_name, ++ .get_features = _get_features, ++ .destroy = _destroy, ++ }, ++ }, ++ ); ++ ++ return &this->public.plugin; ++} +Index: strongswan-5.9.5/src/libstrongswan/plugins/kdf/kdf_plugin.h +=================================================================== +--- /dev/null ++++ strongswan-5.9.5/src/libstrongswan/plugins/kdf/kdf_plugin.h +@@ -0,0 +1,49 @@ ++/* ++ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH ++ * ++ * Permission is hereby granted, free of charge, to any person obtaining a copy ++ * of this software and associated documentation files (the "Software"), to deal ++ * in the Software without restriction, including without limitation the rights ++ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell ++ * copies of the Software, and to permit persons to whom the Software is ++ * furnished to do so, subject to the following conditions: ++ * ++ * The above copyright notice and this permission notice shall be included in ++ * all copies or substantial portions of the Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ++ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ++ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN ++ * THE SOFTWARE. ++ */ ++ ++/** ++ * @defgroup kdf_p kdf ++ * @ingroup plugins ++ * ++ * @defgroup kdf_plugin kdf_plugin ++ * @{ @ingroup kdf_p ++ */ ++ ++#ifndef KDF_PLUGIN_H_ ++#define KDF_PLUGIN_H_ ++ ++#include ++ ++typedef struct kdf_plugin_t kdf_plugin_t; ++ ++/** ++ * Plugin implementing the key derivation functions (KDF) in software. ++ */ ++struct kdf_plugin_t { ++ ++ /** ++ * implements plugin interface ++ */ ++ plugin_t plugin; ++}; ++ ++#endif /** KDF_PLUGIN_H_ @}*/ +Index: strongswan-5.9.5/src/libstrongswan/plugins/kdf/kdf_prf_plus.c +=================================================================== +--- /dev/null ++++ strongswan-5.9.5/src/libstrongswan/plugins/kdf/kdf_prf_plus.c +@@ -0,0 +1,168 @@ ++/* ++ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH ++ * ++ * Permission is hereby granted, free of charge, to any person obtaining a copy ++ * of this software and associated documentation files (the "Software"), to deal ++ * in the Software without restriction, including without limitation the rights ++ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell ++ * copies of the Software, and to permit persons to whom the Software is ++ * furnished to do so, subject to the following conditions: ++ * ++ * The above copyright notice and this permission notice shall be included in ++ * all copies or substantial portions of the Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ++ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ++ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN ++ * THE SOFTWARE. ++ */ ++ ++#include "kdf_prf_plus.h" ++ ++typedef struct private_kdf_t private_kdf_t; ++ ++/** ++ * Private data. ++ */ ++struct private_kdf_t { ++ ++ /** ++ * Public interface. ++ */ ++ kdf_t public; ++ ++ /** ++ * Underlying PRF. ++ */ ++ prf_t *prf; ++ ++ /** ++ * Salt value. ++ */ ++ chunk_t salt; ++}; ++ ++METHOD(kdf_t, get_type, key_derivation_function_t, ++ private_kdf_t *this) ++{ ++ return KDF_PRF_PLUS; ++} ++ ++METHOD(kdf_t, get_bytes, bool, ++ private_kdf_t *this, size_t out_len, uint8_t *buffer) ++{ ++ chunk_t block, previous = chunk_empty; ++ uint8_t counter = 1, *out = buffer; ++ size_t len; ++ bool success = TRUE; ++ ++ block = chunk_alloca(this->prf->get_block_size(this->prf)); ++ if (out_len > block.len * 255) ++ { ++ return FALSE; ++ } ++ ++ while (out_len) ++ { ++ if (!this->prf->get_bytes(this->prf, previous, NULL) || ++ !this->prf->get_bytes(this->prf, this->salt, NULL) || ++ !this->prf->get_bytes(this->prf, chunk_from_thing(counter), ++ block.ptr)) ++ { ++ success = FALSE; ++ break; ++ } ++ len = min(out_len, block.len); ++ memcpy(out, block.ptr, len); ++ previous = chunk_create(out, block.len); ++ ++ out_len -= len; ++ out += len; ++ counter++; ++ } ++ memwipe(block.ptr, block.len); ++ return success; ++} ++ ++METHOD(kdf_t, allocate_bytes, bool, ++ private_kdf_t *this, size_t out_len, chunk_t *chunk) ++{ ++ *chunk = chunk_alloc(out_len); ++ ++ if (!get_bytes(this, out_len, chunk->ptr)) ++ { ++ chunk_free(chunk); ++ return FALSE; ++ } ++ return TRUE; ++} ++ ++METHOD(kdf_t, set_param, bool, ++ private_kdf_t *this, kdf_param_t param, ...) ++{ ++ chunk_t chunk; ++ bool success = FALSE; ++ ++ switch (param) ++ { ++ case KDF_PARAM_KEY: ++ VA_ARGS_GET(param, chunk); ++ success = this->prf->set_key(this->prf, chunk); ++ break; ++ case KDF_PARAM_SALT: ++ VA_ARGS_GET(param, chunk); ++ chunk_clear(&this->salt); ++ this->salt = chunk_clone(chunk); ++ success = TRUE; ++ break; ++ } ++ return success; ++} ++ ++METHOD(kdf_t, destroy, void, ++ private_kdf_t *this) ++{ ++ this->prf->destroy(this->prf); ++ chunk_clear(&this->salt); ++ free(this); ++} ++ ++/* ++ * Described in header ++ */ ++kdf_t *kdf_prf_plus_create(key_derivation_function_t algo, va_list args) ++{ ++ private_kdf_t *this; ++ pseudo_random_function_t prf_alg; ++ prf_t *prf; ++ ++ if (algo != KDF_PRF_PLUS) ++ { ++ return NULL; ++ } ++ ++ VA_ARGS_VGET(args, prf_alg); ++ prf = lib->crypto->create_prf(lib->crypto, prf_alg); ++ if (!prf) ++ { ++ DBG1(DBG_LIB, "failed to create %N for prf+", ++ pseudo_random_function_names, prf_alg); ++ return NULL; ++ } ++ ++ INIT(this, ++ .public = { ++ .get_type = _get_type, ++ .get_bytes = _get_bytes, ++ .allocate_bytes = _allocate_bytes, ++ .set_param = _set_param, ++ .destroy = _destroy, ++ }, ++ .prf = prf, ++ ); ++ ++ return &this->public; ++} +Index: strongswan-5.9.5/src/libstrongswan/plugins/kdf/kdf_prf_plus.h +=================================================================== +--- /dev/null ++++ strongswan-5.9.5/src/libstrongswan/plugins/kdf/kdf_prf_plus.h +@@ -0,0 +1,55 @@ ++/* ++ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH ++ * ++ * Permission is hereby granted, free of charge, to any person obtaining a copy ++ * of this software and associated documentation files (the "Software"), to deal ++ * in the Software without restriction, including without limitation the rights ++ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell ++ * copies of the Software, and to permit persons to whom the Software is ++ * furnished to do so, subject to the following conditions: ++ * ++ * The above copyright notice and this permission notice shall be included in ++ * all copies or substantial portions of the Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ++ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ++ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN ++ * THE SOFTWARE. ++ */ ++ ++/** ++ * Implements prf+ as defined in RFC 7296, section 2.13: ++ * ++ * @verbatim ++ prf+ (K,S) = T1 | T2 | T3 | T4 | ... ++ ++ where: ++ T1 = prf (K, S | 0x01) ++ T2 = prf (K, T1 | S | 0x02) ++ T3 = prf (K, T2 | S | 0x03) ++ T4 = prf (K, T3 | S | 0x04) ++ ... ++ * @endverbatim ++ * ++ * @defgroup kdf_prf_plus kdf_prf_plus ++ * @{ @ingroup kdf_p ++ */ ++ ++#ifndef KDF_PRF_PLUS_H_ ++#define KDF_PRF_PLUS_H_ ++ ++#include ++ ++/** ++ * Create a kdf_t object ++ * ++ * @param algo KDF_PRF_PLUS ++ * @param args pseudo_random_function_t of the underlying PRF ++ * @return kdf_t object, NULL if not supported ++ */ ++kdf_t *kdf_prf_plus_create(key_derivation_function_t algo, va_list args); ++ ++#endif /** KDF_PRF_PLUS_H_ @}*/ +Index: strongswan-5.9.5/src/libstrongswan/plugins/openssl/Makefile.am +=================================================================== +--- strongswan-5.9.5.orig/src/libstrongswan/plugins/openssl/Makefile.am ++++ strongswan-5.9.5/src/libstrongswan/plugins/openssl/Makefile.am +@@ -33,6 +33,7 @@ libstrongswan_openssl_la_SOURCES = \ + openssl_pkcs12.c openssl_pkcs12.h \ + openssl_rng.c openssl_rng.h \ + openssl_hmac.c openssl_hmac.h \ ++ openssl_kdf.c openssl_kdf.h \ + openssl_aead.c openssl_aead.h \ + openssl_x_diffie_hellman.c openssl_x_diffie_hellman.h \ + openssl_ed_private_key.c openssl_ed_private_key.h \ +Index: strongswan-5.9.5/src/libstrongswan/plugins/openssl/openssl_kdf.c +=================================================================== +--- /dev/null ++++ strongswan-5.9.5/src/libstrongswan/plugins/openssl/openssl_kdf.c +@@ -0,0 +1,175 @@ ++/* ++ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH ++ * ++ * Permission is hereby granted, free of charge, to any person obtaining a copy ++ * of this software and associated documentation files (the "Software"), to deal ++ * in the Software without restriction, including without limitation the rights ++ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell ++ * copies of the Software, and to permit persons to whom the Software is ++ * furnished to do so, subject to the following conditions: ++ * ++ * The above copyright notice and this permission notice shall be included in ++ * all copies or substantial portions of the Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ++ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ++ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN ++ * THE SOFTWARE. ++ */ ++ ++#include ++#include ++ ++#if !defined(OPENSSL_NO_HMAC) && OPENSSL_VERSION_NUMBER >= 0x10101000L ++ ++#include ++#include ++ ++#include "openssl_kdf.h" ++ ++typedef struct private_kdf_t private_kdf_t; ++ ++/** ++ * Private data. ++ */ ++struct private_kdf_t { ++ ++ /** ++ * Public interface. ++ */ ++ kdf_t public; ++ ++ /** ++ * Hasher to use for underlying PRF. ++ */ ++ const EVP_MD *hasher; ++ ++ /** ++ * Key for KDF. Stored here because OpenSSL's HKDF API does not provide a ++ * way to clear the "info" field in the context, new data is always ++ * appended (up to 1024 bytes). ++ */ ++ chunk_t key; ++ ++ /** ++ * Salt for prf+ (see above). ++ */ ++ chunk_t salt; ++}; ++ ++METHOD(kdf_t, get_type, key_derivation_function_t, ++ private_kdf_t *this) ++{ ++ return KDF_PRF_PLUS; ++} ++ ++METHOD(kdf_t, get_bytes, bool, ++ private_kdf_t *this, size_t out_len, uint8_t *buffer) ++{ ++ EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); ++ ++ if (!ctx || ++ EVP_PKEY_derive_init(ctx) <= 0 || ++ EVP_PKEY_CTX_set_hkdf_md(ctx, this->hasher) <= 0 || ++ EVP_PKEY_CTX_hkdf_mode(ctx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) <= 0 || ++ EVP_PKEY_CTX_set1_hkdf_key(ctx, this->key.ptr, this->key.len) <= 0 || ++ EVP_PKEY_CTX_add1_hkdf_info(ctx, this->salt.ptr, this->salt.len) <= 0 || ++ EVP_PKEY_derive(ctx, buffer, &out_len) <= 0) ++ { ++ EVP_PKEY_CTX_free(ctx); ++ return FALSE; ++ } ++ EVP_PKEY_CTX_free(ctx); ++ return TRUE; ++} ++ ++METHOD(kdf_t, allocate_bytes, bool, ++ private_kdf_t *this, size_t out_len, chunk_t *chunk) ++{ ++ *chunk = chunk_alloc(out_len); ++ ++ if (!get_bytes(this, out_len, chunk->ptr)) ++ { ++ chunk_free(chunk); ++ return FALSE; ++ } ++ return TRUE; ++} ++ ++METHOD(kdf_t, set_param, bool, ++ private_kdf_t *this, kdf_param_t param, ...) ++{ ++ chunk_t chunk; ++ ++ switch (param) ++ { ++ case KDF_PARAM_KEY: ++ VA_ARGS_GET(param, chunk); ++ chunk_clear(&this->key); ++ this->key = chunk_clone(chunk); ++ break; ++ case KDF_PARAM_SALT: ++ VA_ARGS_GET(param, chunk); ++ chunk_clear(&this->salt); ++ this->salt = chunk_clone(chunk); ++ break; ++ } ++ return TRUE; ++} ++ ++METHOD(kdf_t, destroy, void, ++ private_kdf_t *this) ++{ ++ chunk_clear(&this->salt); ++ chunk_clear(&this->key); ++ free(this); ++} ++ ++/* ++ * Described in header ++ */ ++kdf_t *openssl_kdf_create(key_derivation_function_t algo, va_list args) ++{ ++ private_kdf_t *this; ++ pseudo_random_function_t prf_alg; ++ char *name, buf[8]; ++ ++ if (algo != KDF_PRF_PLUS) ++ { ++ return NULL; ++ } ++ ++ VA_ARGS_VGET(args, prf_alg); ++ name = enum_to_name(hash_algorithm_short_names, ++ hasher_algorithm_from_prf(prf_alg)); ++ if (!name) ++ { ++ return NULL; ++ } ++ ++ INIT(this, ++ .public = { ++ .get_type = _get_type, ++ .get_bytes = _get_bytes, ++ .allocate_bytes = _allocate_bytes, ++ .set_param = _set_param, ++ .destroy = _destroy, ++ }, ++ .hasher = EVP_get_digestbyname(name), ++ /* use a lengthy key to test the implementation below to make sure the ++ * algorithms are usable, see openssl_hmac.c for details */ ++ .key = chunk_clone(chunk_from_str("00000000000000000000000000000000")), ++ ); ++ ++ if (!this->hasher || !get_bytes(this, sizeof(buf), buf)) ++ { ++ destroy(this); ++ return NULL; ++ } ++ return &this->public; ++} ++ ++#endif /* OPENSSL_NO_HMAC && OPENSSL_VERSION_NUMBER */ +Index: strongswan-5.9.5/src/libstrongswan/plugins/openssl/openssl_kdf.h +=================================================================== +--- /dev/null ++++ strongswan-5.9.5/src/libstrongswan/plugins/openssl/openssl_kdf.h +@@ -0,0 +1,45 @@ ++/* ++ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH ++ * ++ * Permission is hereby granted, free of charge, to any person obtaining a copy ++ * of this software and associated documentation files (the "Software"), to deal ++ * in the Software without restriction, including without limitation the rights ++ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell ++ * copies of the Software, and to permit persons to whom the Software is ++ * furnished to do so, subject to the following conditions: ++ * ++ * The above copyright notice and this permission notice shall be included in ++ * all copies or substantial portions of the Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ++ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ++ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN ++ * THE SOFTWARE. ++ */ ++ ++/** ++ * Implements key derivation functions (KDF) via OpenSSL, in particular prf+, ++ * which is implemented via OpenSSL's HKDF implementation. ++ * ++ * @defgroup openssl_kdf openssl_kdf ++ * @{ @ingroup openssl_p ++ */ ++ ++#ifndef OPENSSL_KDF_H_ ++#define OPENSSL_KDF_H_ ++ ++#include ++ ++/** ++ * Creates a new kdf_t object. ++ * ++ * @param algo algorithm to instantiate ++ * @param args algorithm-specific arguments ++ * @return kdf_t object, NULL if not supported ++ */ ++kdf_t *openssl_kdf_create(key_derivation_function_t algo, va_list args); ++ ++#endif /** OPENSSL_KDF_H_ @}*/ +Index: strongswan-5.9.5/src/libstrongswan/plugins/openssl/openssl_plugin.c +=================================================================== +--- strongswan-5.9.5.orig/src/libstrongswan/plugins/openssl/openssl_plugin.c ++++ strongswan-5.9.5/src/libstrongswan/plugins/openssl/openssl_plugin.c +@@ -16,7 +16,6 @@ + + #include + #include +-#include + #include + #include + #include +@@ -53,6 +52,7 @@ + #include "openssl_pkcs12.h" + #include "openssl_rng.h" + #include "openssl_hmac.h" ++#include "openssl_kdf.h" + #include "openssl_aead.h" + #include "openssl_x_diffie_hellman.h" + #include "openssl_ed_public_key.h" +@@ -74,13 +74,6 @@ struct private_openssl_plugin_t { + * public functions + */ + openssl_plugin_t public; +- +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- /** +- * Loaded providers +- */ +- array_t *providers; +-#endif + }; + + /** +@@ -662,6 +655,11 @@ METHOD(plugin_t, get_features, int, + PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_256), + PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_512), + #endif ++#if OPENSSL_VERSION_NUMBER >= 0x10101000L ++ /* HKDF is available since 1.1.0, expand-only mode only since 1.1.1 */ ++ PLUGIN_REGISTER(KDF, openssl_kdf_create), ++ PLUGIN_PROVIDE(KDF, KDF_PRF_PLUS), ++#endif + #endif /* OPENSSL_NO_HMAC */ + #if (OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(OPENSSL_NO_AES)) || \ + (OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(OPENSSL_NO_CHACHA)) +@@ -887,15 +885,6 @@ METHOD(plugin_t, get_features, int, + METHOD(plugin_t, destroy, void, + private_openssl_plugin_t *this) + { +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- OSSL_PROVIDER *provider; +- while (array_remove(this->providers, ARRAY_TAIL, &provider)) +- { +- OSSL_PROVIDER_unload(provider); +- } +- array_destroy(this->providers); +-#endif /* OPENSSL_VERSION_NUMBER */ +- + /* OpenSSL 1.1.0 cleans up itself at exit and while OPENSSL_cleanup() exists we + * can't call it as we couldn't re-initialize the library (as required by the + * unit tests and the Android app) */ +@@ -1009,20 +998,16 @@ plugin_t *openssl_plugin_create() + DBG1(DBG_LIB, "unable to load OpenSSL FIPS provider"); + return NULL; + } +- array_insert_create(&this->providers, ARRAY_TAIL, fips); + /* explicitly load the base provider containing encoding functions */ +- array_insert_create(&this->providers, ARRAY_TAIL, +- OSSL_PROVIDER_load(NULL, "base")); ++ OSSL_PROVIDER_load(NULL, "base"); + } + else if (lib->settings->get_bool(lib->settings, "%s.plugins.openssl.load_legacy", + TRUE, lib->ns)) + { + /* load the legacy provider for algorithms like MD4, DES, BF etc. */ +- array_insert_create(&this->providers, ARRAY_TAIL, +- OSSL_PROVIDER_load(NULL, "legacy")); ++ OSSL_PROVIDER_load(NULL, "legacy"); + /* explicitly load the default provider, as mentioned by crypto(7) */ +- array_insert_create(&this->providers, ARRAY_TAIL, +- OSSL_PROVIDER_load(NULL, "default")); ++ OSSL_PROVIDER_load(NULL, "default"); + } + ossl_provider_names_t data = {}; + OSSL_PROVIDER_do_all(NULL, concat_ossl_providers, &data); +Index: strongswan-5.9.5/src/libstrongswan/plugins/plugin_feature.c +=================================================================== +--- strongswan-5.9.5.orig/src/libstrongswan/plugins/plugin_feature.c ++++ strongswan-5.9.5/src/libstrongswan/plugins/plugin_feature.c +@@ -32,6 +32,7 @@ ENUM(plugin_feature_names, FEATURE_NONE, + "HASHER", + "PRF", + "XOF", ++ "KDF", + "DRBG", + "DH", + "RNG", +@@ -93,6 +94,9 @@ uint32_t plugin_feature_hash(plugin_feat + case FEATURE_XOF: + data = chunk_from_thing(feature->arg.xof); + break; ++ case FEATURE_KDF: ++ data = chunk_from_thing(feature->arg.kdf); ++ break; + case FEATURE_DRBG: + data = chunk_from_thing(feature->arg.drbg); + break; +@@ -171,6 +175,8 @@ bool plugin_feature_matches(plugin_featu + return a->arg.prf == b->arg.prf; + case FEATURE_XOF: + return a->arg.xof == b->arg.xof; ++ case FEATURE_KDF: ++ return a->arg.kdf == b->arg.kdf; + case FEATURE_DRBG: + return a->arg.drbg == b->arg.drbg; + case FEATURE_DH: +@@ -232,6 +238,7 @@ bool plugin_feature_equals(plugin_featur + case FEATURE_HASHER: + case FEATURE_PRF: + case FEATURE_XOF: ++ case FEATURE_KDF: + case FEATURE_DRBG: + case FEATURE_DH: + case FEATURE_NONCE_GEN: +@@ -327,6 +334,13 @@ char* plugin_feature_get_string(plugin_f + return str; + } + break; ++ case FEATURE_KDF: ++ if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type, ++ key_derivation_function_names, feature->arg.kdf) > 0) ++ { ++ return str; ++ } ++ break; + case FEATURE_DRBG: + if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type, + drbg_type_names, feature->arg.drbg) > 0) +@@ -472,6 +486,17 @@ bool plugin_feature_load(plugin_t *plugi + name = plugin->get_name(plugin); + switch (feature->type) + { ++ case FEATURE_NONE: ++ case FEATURE_PRIVKEY_SIGN: ++ case FEATURE_PRIVKEY_DECRYPT: ++ case FEATURE_PUBKEY_VERIFY: ++ case FEATURE_PUBKEY_ENCRYPT: ++ case FEATURE_EAP_SERVER: ++ case FEATURE_EAP_PEER: ++ case FEATURE_XAUTH_SERVER: ++ case FEATURE_XAUTH_PEER: ++ case FEATURE_CUSTOM: ++ break; + case FEATURE_CRYPTER: + lib->crypto->add_crypter(lib->crypto, feature->arg.crypter.alg, + feature->arg.crypter.key_size, +@@ -498,6 +523,10 @@ bool plugin_feature_load(plugin_t *plugi + lib->crypto->add_xof(lib->crypto, feature->arg.xof, + name, reg->arg.reg.f); + break; ++ case FEATURE_KDF: ++ lib->crypto->add_kdf(lib->crypto, feature->arg.kdf, ++ name, reg->arg.reg.f); ++ break; + case FEATURE_DRBG: + lib->crypto->add_drbg(lib->crypto, feature->arg.drbg, + name, reg->arg.reg.f); +@@ -547,8 +576,6 @@ bool plugin_feature_load(plugin_t *plugi + case FEATURE_RESOLVER: + lib->resolver->add_resolver(lib->resolver, reg->arg.reg.f); + break; +- default: +- break; + } + return TRUE; + } +@@ -574,6 +601,17 @@ bool plugin_feature_unload(plugin_t *plu + } + switch (feature->type) + { ++ case FEATURE_NONE: ++ case FEATURE_PRIVKEY_SIGN: ++ case FEATURE_PRIVKEY_DECRYPT: ++ case FEATURE_PUBKEY_VERIFY: ++ case FEATURE_PUBKEY_ENCRYPT: ++ case FEATURE_EAP_SERVER: ++ case FEATURE_EAP_PEER: ++ case FEATURE_XAUTH_SERVER: ++ case FEATURE_XAUTH_PEER: ++ case FEATURE_CUSTOM: ++ break; + case FEATURE_CRYPTER: + lib->crypto->remove_crypter(lib->crypto, reg->arg.reg.f); + break; +@@ -592,6 +630,9 @@ bool plugin_feature_unload(plugin_t *plu + case FEATURE_XOF: + lib->crypto->remove_xof(lib->crypto, reg->arg.reg.f); + break; ++ case FEATURE_KDF: ++ lib->crypto->remove_kdf(lib->crypto, reg->arg.reg.f); ++ break; + case FEATURE_DRBG: + lib->crypto->remove_drbg(lib->crypto, reg->arg.reg.f); + break; +@@ -628,8 +669,6 @@ bool plugin_feature_unload(plugin_t *plu + case FEATURE_RESOLVER: + lib->resolver->remove_resolver(lib->resolver, reg->arg.reg.f); + break; +- default: +- break; + } + return TRUE; + } +Index: strongswan-5.9.5/src/libstrongswan/plugins/plugin_feature.h +=================================================================== +--- strongswan-5.9.5.orig/src/libstrongswan/plugins/plugin_feature.h ++++ strongswan-5.9.5/src/libstrongswan/plugins/plugin_feature.h +@@ -113,6 +113,8 @@ struct plugin_feature_t { + FEATURE_PRF, + /** xof_t */ + FEATURE_XOF, ++ /** kdf_t */ ++ FEATURE_KDF, + /** drbg_t */ + FEATURE_DRBG, + /** diffie_hellman_t */ +@@ -176,8 +178,10 @@ struct plugin_feature_t { + integrity_algorithm_t signer; + /** FEATURE_PRF */ + pseudo_random_function_t prf; +- /** FEATURE_XOFF */ ++ /** FEATURE_XOF */ + ext_out_function_t xof; ++ /** FEATURE_KDF */ ++ key_derivation_function_t kdf; + /** FEATURE_DRBG */ + drbg_type_t drbg; + /** FEATURE_HASHER */ +@@ -288,6 +292,7 @@ struct plugin_feature_t { + #define _PLUGIN_FEATURE_HASHER(kind, alg) __PLUGIN_FEATURE(kind, HASHER, .hasher = alg) + #define _PLUGIN_FEATURE_PRF(kind, alg) __PLUGIN_FEATURE(kind, PRF, .prf = alg) + #define _PLUGIN_FEATURE_XOF(kind, alg) __PLUGIN_FEATURE(kind, XOF, .xof = alg) ++#define _PLUGIN_FEATURE_KDF(kind, alg) __PLUGIN_FEATURE(kind, KDF, .kdf = alg) + #define _PLUGIN_FEATURE_DRBG(kind, type) __PLUGIN_FEATURE(kind, DRBG, .drbg = type) + #define _PLUGIN_FEATURE_DH(kind, group) __PLUGIN_FEATURE(kind, DH, .dh_group = group) + #define _PLUGIN_FEATURE_RNG(kind, quality) __PLUGIN_FEATURE(kind, RNG, .rng_quality = quality) +@@ -322,6 +327,7 @@ struct plugin_feature_t { + #define _PLUGIN_FEATURE_REGISTER_HASHER(type, f) __PLUGIN_FEATURE_REGISTER(type, f) + #define _PLUGIN_FEATURE_REGISTER_PRF(type, f) __PLUGIN_FEATURE_REGISTER(type, f) + #define _PLUGIN_FEATURE_REGISTER_XOF(type, f) __PLUGIN_FEATURE_REGISTER(type, f) ++#define _PLUGIN_FEATURE_REGISTER_KDF(type, f) __PLUGIN_FEATURE_REGISTER(type, f) + #define _PLUGIN_FEATURE_REGISTER_DRBG(type, f) __PLUGIN_FEATURE_REGISTER(type, f) + #define _PLUGIN_FEATURE_REGISTER_DH(type, f) __PLUGIN_FEATURE_REGISTER(type, f) + #define _PLUGIN_FEATURE_REGISTER_RNG(type, f) __PLUGIN_FEATURE_REGISTER(type, f) +Index: strongswan-5.9.5/src/libstrongswan/plugins/test_vectors/Makefile.am +=================================================================== +--- strongswan-5.9.5.orig/src/libstrongswan/plugins/test_vectors/Makefile.am ++++ strongswan-5.9.5/src/libstrongswan/plugins/test_vectors/Makefile.am +@@ -30,6 +30,7 @@ libstrongswan_test_vectors_la_SOURCES = + test_vectors/cast.c \ + test_vectors/des.c \ + test_vectors/idea.c \ ++ test_vectors/kdf_prf_plus.c \ + test_vectors/null.c \ + test_vectors/rc2.c \ + test_vectors/rc5.c \ +Index: strongswan-5.9.5/src/libstrongswan/plugins/test_vectors/test_vectors.h +=================================================================== +--- strongswan-5.9.5.orig/src/libstrongswan/plugins/test_vectors/test_vectors.h ++++ strongswan-5.9.5/src/libstrongswan/plugins/test_vectors/test_vectors.h +@@ -220,6 +220,14 @@ TEST_VECTOR_HASHER(sha3_256_255) + TEST_VECTOR_HASHER(sha3_384_255) + TEST_VECTOR_HASHER(sha3_512_255) + ++TEST_VECTOR_KDF(prf_plus_sha256_old) ++TEST_VECTOR_KDF(prf_plus_sha256_1) ++TEST_VECTOR_KDF(prf_plus_sha256_2) ++TEST_VECTOR_KDF(prf_plus_sha384_1) ++TEST_VECTOR_KDF(prf_plus_sha384_2) ++TEST_VECTOR_KDF(prf_plus_sha512_1) ++TEST_VECTOR_KDF(prf_plus_sha512_2) ++ + TEST_VECTOR_PRF(aes_xcbc_p1) + TEST_VECTOR_PRF(aes_xcbc_p2) + TEST_VECTOR_PRF(aes_xcbc_p3) +Index: strongswan-5.9.5/src/libstrongswan/plugins/test_vectors/test_vectors/kdf_prf_plus.c +=================================================================== +--- /dev/null ++++ strongswan-5.9.5/src/libstrongswan/plugins/test_vectors/test_vectors/kdf_prf_plus.c +@@ -0,0 +1,290 @@ ++/* ++ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH ++ * ++ * Permission is hereby granted, free of charge, to any person obtaining a copy ++ * of this software and associated documentation files (the "Software"), to deal ++ * in the Software without restriction, including without limitation the rights ++ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell ++ * copies of the Software, and to permit persons to whom the Software is ++ * furnished to do so, subject to the following conditions: ++ * ++ * The above copyright notice and this permission notice shall be included in ++ * all copies or substantial portions of the Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ++ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ++ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN ++ * THE SOFTWARE. ++ */ ++ ++#include ++ ++/** ++ * This is an old test vector derived from one in RFC 4868. ++ */ ++kdf_test_vector_t prf_plus_sha256_old = { ++ .alg = KDF_PRF_PLUS, .arg.prf = PRF_HMAC_SHA2_256, ++ .key = chunk_from_chars( ++ 0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b, ++ 0x0b,0x0b,0x0b,0x0b), ++ .salt = chunk_from_chars( ++ 0x48,0x69,0x20,0x54,0x68,0x65,0x72,0x65), ++ .out = chunk_from_chars( ++ 0xb9,0xbd,0xc0,0x89,0x88,0xb4,0xc2,0xb7,0x5a,0xa9,0x3e,0x59,0x6a,0xc8,0x42,0x05, ++ 0xfa,0x2d,0xdd,0xe1,0xbf,0x7a,0x25,0x72,0x06,0x7b,0x00,0xe1,0x4b,0x23,0x77,0x32, ++ 0x83,0x05,0x09,0x98,0x1a,0xd2,0xf9,0x4a,0x8c,0x32,0xa4,0x7d,0xaa,0x22,0x55,0xb6, ++ 0x60,0xc4,0x36,0x34,0x7a,0xe7,0x56,0xa6,0xed,0xc0,0x23,0x47,0x7d,0x80,0x95,0x90, ++ 0xe6,0x82,0xf6,0x1d,0x9c,0x04,0xb0,0x6b,0x4a,0xd9,0x71,0xa3,0x4c,0x81,0x47,0xfa, ++ 0x66,0x79,0x2f,0xf1,0x43,0x4b,0x93,0xc7,0x22,0xb3,0x2e,0x12,0xf4,0x88,0x32,0xeb, ++ 0xc1,0x5c,0xe2,0x36,0x9c,0xe7,0x1f,0xe9,0xb7,0xb8,0x1e,0x57,0x04,0xc1,0x4d,0x0f, ++ 0x52,0x80,0xa6,0xec,0x62,0x6e,0x99,0x2d,0x7a,0x9f), ++}; ++ ++/** ++ * The following test vectors are from CAVP/SP 800-135 for IKEv2. ++ * ++ * key = SKEYSEED, salt = Ni | Nr | SPIi | SPIr (one vector with min. and one ++ * with max. size for nonces) ++ */ ++kdf_test_vector_t prf_plus_sha256_1 = { ++ .alg = KDF_PRF_PLUS, .arg.prf = PRF_HMAC_SHA2_256, ++ .key = chunk_from_chars( ++ 0x37,0xfd,0xe9,0x0b,0x81,0xd6,0x36,0x92,0x62,0x0f,0x67,0x36,0x7b,0x62,0x09,0x2e, ++ 0x3e,0xfd,0xc6,0xa0,0x35,0x09,0x13,0x7d,0x73,0x10,0x04,0x76,0x7f,0xf3,0x50,0x10), ++ .salt = chunk_from_chars( ++ 0xed,0x80,0xdc,0x79,0x91,0x2c,0x32,0xa9,0x35,0xfb,0x6d,0x1a,0x3f,0xea,0xc0,0x78, ++ 0x47,0xc1,0x85,0x8e,0xfc,0x93,0x2e,0xa4,0x60,0x6f,0xd0,0x56,0x09,0x62,0x40,0x02), ++ .out = chunk_from_chars( ++ 0x63,0xd0,0x18,0xa0,0x8f,0x7a,0x29,0xda,0xa7,0xd1,0xf9,0x2c,0xb6,0x3f,0x45,0xfa, ++ 0x39,0xbb,0xaf,0x5e,0x5f,0x1a,0x78,0x13,0x96,0x13,0xbb,0x89,0x1e,0x3e,0x6b,0xf9, ++ 0xd0,0x44,0x8f,0x7c,0x74,0xe0,0x5b,0x4c,0x1a,0x25,0xc0,0xb6,0x1e,0x62,0xc8,0x75, ++ 0xe8,0x52,0xf2,0x87,0xe1,0x92,0xd4,0xae,0x53,0x61,0x12,0xdb,0x51,0x97,0x21,0x64, ++ 0x00,0xbd,0x5e,0x12,0x34,0x70,0xef,0xc1,0x5f,0x53,0x16,0x18,0x65,0xfe,0x8b,0x19, ++ 0xa1,0x41,0x65,0x18,0xa1,0x57,0xd6,0x51,0xec,0xd2,0xca,0xdd,0xab,0x6a,0x9e,0xae, ++ 0x6a,0x27,0xa5,0x5a,0xf0,0x88,0x21,0x8d,0x51,0x56,0xed,0xaa,0x97,0x89,0xf9,0x34, ++ 0xd9,0x83,0x6e,0xd4,0x3e,0xdf,0xfd,0xa5,0x53,0x82,0x22,0x02,0xff,0x9f,0x7d,0x48, ++ 0x60,0xca,0x72,0xe0), ++}; ++ ++kdf_test_vector_t prf_plus_sha256_2 = { ++ .alg = KDF_PRF_PLUS, .arg.prf = PRF_HMAC_SHA2_256, ++ .key = chunk_from_chars( ++ 0x29,0xbd,0x11,0x55,0x68,0xae,0x09,0x88,0x27,0x0f,0xc3,0x86,0xd3,0x95,0xfe,0x37, ++ 0x07,0xa4,0xd0,0x62,0x89,0xf3,0x52,0xbb,0xa4,0xc0,0x0a,0x9a,0xd8,0x55,0xa0,0x8d), ++ .salt = chunk_from_chars( ++ 0xef,0xa7,0x29,0x13,0x18,0x22,0x78,0xff,0xbd,0x14,0xe7,0x89,0x20,0xc0,0x62,0x51, ++ 0x9a,0xba,0xb8,0xc1,0x6e,0x5e,0xd7,0x0c,0x08,0x41,0xa4,0x8c,0xdb,0x98,0x23,0x7e, ++ 0xe9,0x3f,0x73,0x5f,0xb2,0xdf,0x18,0x43,0x58,0xaa,0xdc,0x13,0xd8,0x3f,0x43,0xfe, ++ 0x8d,0x87,0x05,0x17,0x6c,0x8c,0xa3,0x13,0x82,0x5a,0x1b,0xcd,0xf7,0x79,0x11,0xc5, ++ 0x98,0x00,0x16,0x71,0xff,0xbf,0x01,0x4e,0x37,0xa8,0xc0,0x4d,0x49,0xa7,0x83,0x9d, ++ 0xfe,0xa6,0xcd,0xc5,0x87,0x68,0x8d,0x45,0x88,0xfe,0x43,0x23,0x5b,0x71,0x69,0x3f, ++ 0xfd,0x07,0x29,0x33,0x86,0xb6,0xbf,0x4c,0x19,0x9e,0x33,0x61,0x65,0xb2,0x60,0x78, ++ 0x77,0x36,0xf5,0x4b,0xe9,0x5d,0xb6,0x91,0x16,0x38,0x8b,0xc2,0xec,0xa2,0xb3,0xb2, ++ 0x94,0x84,0x71,0x74,0x17,0xbb,0x3c,0x71,0x81,0x4c,0xe1,0x3b,0x84,0x44,0x6d,0xc3, ++ 0x96,0x4c,0x30,0x29,0x84,0xf9,0x77,0x81,0xf6,0x31,0x66,0x24,0x08,0x90,0x10,0x7c, ++ 0x2e,0x75,0x1a,0x00,0x43,0x6f,0x7c,0x3c,0x9f,0xf1,0x27,0x60,0xe4,0x9d,0x91,0x56, ++ 0x3b,0xe6,0x03,0xfd,0x96,0x41,0xa0,0xa6,0x49,0x18,0xa9,0x32,0x91,0xed,0x11,0x3d, ++ 0xb1,0x2f,0x97,0x07,0x60,0x9d,0x17,0x20,0x96,0xeb,0x58,0xf9,0x15,0x44,0x74,0xda, ++ 0x40,0xc1,0xf5,0xc0,0x90,0x3e,0x9c,0xa2,0xf9,0x1b,0xa6,0x60,0x07,0x75,0xdf,0x71, ++ 0x66,0xca,0xf8,0xe3,0x27,0x85,0x9e,0x67,0x62,0x32,0xd3,0x40,0x46,0x04,0x4c,0xee, ++ 0x43,0xf9,0x01,0x9f,0x04,0x68,0x56,0x12,0x63,0x5b,0x99,0xcb,0xeb,0xcb,0x36,0x3d, ++ 0x56,0x5e,0xaf,0x0e,0x54,0x7e,0xec,0xb9,0x41,0xc9,0x94,0xdf,0xd4,0x71,0xed,0x56, ++ 0x43,0xc0,0x87,0x74,0x4f,0x77,0x09,0xcc,0x3e,0x25,0x10,0xf2,0x74,0x26,0xc6,0x2c, ++ 0x0f,0xf3,0xac,0xb3,0xc2,0x76,0x61,0xd2,0x6a,0x6d,0x83,0xc2,0xa2,0x5e,0x13,0xa6, ++ 0xd4,0x65,0xbd,0x04,0x7f,0x90,0x55,0x00,0xe5,0xeb,0xbe,0x42,0x66,0x43,0x0d,0x56, ++ 0x67,0x14,0x0f,0x77,0xe7,0x97,0x71,0x2a,0x8c,0x8f,0x63,0xc5,0x83,0xf4,0xb4,0x64, ++ 0x9b,0x72,0x89,0x9e,0xa3,0x4a,0xbf,0xdb,0x17,0x61,0x7c,0x46,0x0c,0x35,0xf2,0x50, ++ 0x64,0x94,0x49,0x4f,0x22,0x3e,0x25,0x1a,0xc7,0x1a,0x5b,0x9b,0x7e,0xea,0x87,0xf4, ++ 0xf5,0xe3,0x33,0xa3,0xc1,0xbb,0xb4,0xbb,0x09,0x25,0x8b,0x6a,0x4b,0x5f,0x8c,0x9f, ++ 0xb8,0x2b,0xf4,0x2d,0xa9,0xd4,0xa4,0x65,0x43,0xc6,0xa9,0xeb,0x9a,0xa3,0x0e,0xa9, ++ 0xda,0x80,0x19,0x15,0xab,0xcc,0x17,0x12,0xd0,0x82,0xf2,0x92,0xa6,0x3f,0xd9,0xaf, ++ 0x71,0x54,0xa9,0x7c,0xc7,0x38,0x59,0xa4,0xbe,0x3c,0xba,0x35,0x9d,0x32,0x18,0x00, ++ 0x4e,0x14,0xdf,0x02,0xd0,0x9e,0xdf,0x0a,0xd5,0x79,0x6b,0xb0,0x10,0x99,0x52,0x93, ++ 0xab,0x5d,0x04,0x2c,0x31,0x05,0x53,0x80,0xcc,0x9c,0xb2,0xe3,0x61,0x79,0x82,0xc4, ++ 0x5f,0x6b,0xce,0x1f,0xb8,0xa4,0x0e,0xf9,0xea,0xc4,0x8a,0xe1,0x77,0x20,0xdf,0xec, ++ 0xc7,0x1e,0xc8,0x57,0xea,0x33,0xf3,0x2e,0xb3,0x46,0xba,0x60,0x36,0xe8,0xf9,0xcc, ++ 0xd7,0xbc,0xad,0xc6,0xc1,0xab,0x92,0xa8,0x0c,0x57,0xe7,0x89,0x59,0xd8,0xb8,0x28, ++ 0x57,0xe9,0x1d,0xf9,0xc5,0xff,0xb8,0x42,0x4d,0x5e,0xad,0xac,0x0e,0x57,0x0f,0x7c), ++ .out = chunk_from_chars( ++ 0xd5,0x03,0x3d,0x08,0x79,0x34,0xc6,0x15,0x38,0xb2,0x3d,0xff,0x87,0x5b,0x3b,0xa9, ++ 0x20,0xe0,0x5c,0x1b,0x42,0xac,0x7f,0x97,0x93,0x99,0x5e,0x76,0xba,0x3e,0x46,0x1d, ++ 0x6e,0x83,0xb2,0xfb,0xe0,0xfa,0x68,0x1b,0xa2,0x85,0x69,0x6d,0x53,0xb1,0x75,0xe0, ++ 0x70,0xc4,0xc1,0xcb,0xc7,0x40,0x43,0xf7,0xca,0xc5,0x58,0xc4,0x94,0xac,0xd2,0x3a, ++ 0xab,0xfc,0x7a,0x68,0x5b,0x62,0x74,0x13,0x44,0x08,0xca,0xfc,0x16,0x92,0x85,0x2a, ++ 0xca,0x66,0x3c,0xef,0xd7,0xdd,0x0c,0x8a,0x87,0x2a,0x36,0xa1,0x41,0x4d,0xb4,0xb7, ++ 0xf3,0x14,0xad,0x0e,0x49,0xf2,0xc1,0x87,0x16,0x2e,0x28,0x76,0xc6,0x05,0x3d,0xbe, ++ 0xf5,0xa2,0xea,0x8c,0x33,0xdc,0xd3,0xdd,0x91,0x68,0x76,0x44,0x37,0x7c,0x45,0xf4, ++ 0xb5,0xc4,0x18,0xe1,0xe1,0x0b,0xec,0x22,0xba,0xac,0x31,0x3b,0x90,0x2b,0xdf,0xfc, ++ 0xfb,0x69,0xc6,0x8e,0xf4,0xe7,0x1c,0x5a,0xcc,0x39,0xa9,0xf0,0x7a,0xcb,0x1f,0xc3, ++ 0xba,0x8e,0x92,0xc6,0xdc,0xa8,0x61,0xa6,0x41,0x63,0xb0,0x68,0x9d,0xa4,0xa9,0x7f, ++ 0x12,0x40,0x26,0x36,0x09,0x90,0xc9,0xf1,0xae,0x4e,0x8d,0x02,0x98,0xf0,0x77,0xfc, ++ 0xbb,0x0c,0x20,0x3f,0xd2,0xca,0x82,0x1d,0xea,0xb0,0x59,0x1a,0x22,0x1d,0x9d,0x0a, ++ 0x79,0x8d,0x02,0xf0,0x78,0xd8,0xfb,0x6e,0x93,0x1c,0xa4,0x46,0xa1,0x3f,0x11,0x63, ++ 0x8c,0x6b,0x6a,0xfb,0x82,0x25,0xa0,0x08,0xf9,0x38,0xa6,0x87,0x8c,0x5b,0x57,0x7e, ++ 0x03,0xae,0xcf,0xa7,0x31,0x41,0x01,0xed,0xd0,0xfd,0xa3,0xbd,0xbe,0xa4,0x98,0x5c), ++}; ++ ++kdf_test_vector_t prf_plus_sha384_1 = { ++ .alg = KDF_PRF_PLUS, .arg.prf = PRF_HMAC_SHA2_384, ++ .key = chunk_from_chars( ++ 0x54,0x43,0x6a,0x9e,0xa9,0x5d,0x6f,0xf7,0x9b,0x96,0x7f,0x4b,0x07,0xf6,0xde,0x97, ++ 0x6a,0x37,0x6e,0x8e,0xa2,0x6a,0xa9,0x57,0x47,0x09,0xaf,0xc6,0x02,0x43,0xc9,0xc1, ++ 0x41,0xda,0x4c,0xa0,0xe1,0x58,0xe6,0x27,0xa7,0x5e,0xa8,0x7f,0x6f,0xeb,0x07,0xef), ++ .salt = chunk_from_chars( ++ 0xd6,0x72,0xb0,0xbc,0x85,0x28,0x29,0xb9,0x35,0x09,0xf3,0xb7,0x24,0x70,0x63,0x64, ++ 0x0f,0x9a,0x01,0x6d,0x7b,0x22,0x22,0x3c,0x85,0xf7,0x10,0xda,0xf8,0xb9,0x82,0xd8), ++ .out = chunk_from_chars( ++ 0x10,0xb0,0x0a,0x65,0x46,0x43,0xb3,0xb9,0x85,0x76,0x4f,0x86,0xe2,0x3e,0xf6,0x24, ++ 0x31,0x12,0x2f,0xcc,0x96,0xde,0x16,0xe3,0x38,0xa3,0x72,0xbe,0xe4,0x93,0x91,0xdb, ++ 0x1f,0x83,0xa7,0x35,0x8c,0x08,0x03,0x80,0xab,0xbf,0x4a,0xf4,0x7c,0xdb,0x83,0xb9, ++ 0x53,0x03,0x43,0x16,0x8f,0x7d,0xbc,0x92,0x21,0x26,0x0e,0x15,0x46,0xc6,0xb3,0x83, ++ 0xe2,0x23,0x5d,0x27,0x05,0xa7,0x27,0xf0,0xb4,0x1a,0xeb,0xf6,0xa1,0xb4,0xc6,0x1c, ++ 0xb4,0x60,0x66,0x01,0x52,0xa1,0x7b,0xa7,0x4c,0x20,0xd5,0x19,0x1b,0xa6,0x84,0x17, ++ 0x94,0x94,0x52,0x70,0xd8,0x29,0x58,0x7b,0x7f,0x32,0x94,0x63,0x9e,0xa7,0xb7,0x71, ++ 0x49,0xe1,0xd0,0x72,0x30,0xac,0x16,0xe0,0xcd,0x5a,0xb2,0x36,0xfa,0x32,0x12,0xbd, ++ 0x56,0x9e,0xe7,0x0f), ++}; ++ ++kdf_test_vector_t prf_plus_sha384_2 = { ++ .alg = KDF_PRF_PLUS, .arg.prf = PRF_HMAC_SHA2_384, ++ .key = chunk_from_chars( ++ 0xff,0x66,0xe9,0xd0,0x92,0xdc,0x01,0xe0,0xb8,0x1f,0x93,0x9f,0x52,0xf5,0xc0,0x7d, ++ 0x38,0xd8,0x05,0xb9,0x86,0x28,0xce,0x1a,0xc5,0xfe,0x94,0xc0,0x98,0x57,0x76,0x47, ++ 0x33,0x9f,0xad,0x68,0x94,0x1f,0xfe,0x21,0xe0,0x1e,0xfb,0x4e,0x70,0x50,0x21,0x3b), ++ .salt = chunk_from_chars( ++ 0x9e,0x2a,0x62,0xf9,0x36,0x28,0x93,0xdd,0xf8,0x47,0x16,0xfe,0xc2,0xf2,0x3f,0x9d, ++ 0xcb,0xd9,0x01,0x0d,0xf6,0xfe,0x9e,0x0e,0xb4,0x6d,0x03,0xd9,0x14,0xf3,0x04,0xd8, ++ 0xfe,0x4d,0x3e,0xe2,0xd6,0xa0,0x3b,0x40,0xe5,0x6a,0x32,0x5e,0x82,0x2a,0x17,0x36, ++ 0x19,0x29,0x18,0x4a,0xde,0x09,0xea,0xa4,0x45,0x27,0x8d,0x38,0x70,0x41,0x7a,0x7c, ++ 0xf5,0x65,0x58,0x4f,0x57,0x2a,0xd3,0x4f,0xf7,0x2b,0xc7,0x78,0x1a,0x39,0xa4,0x8b, ++ 0x54,0xb5,0x5d,0x6e,0xb0,0xed,0x68,0x55,0x1b,0x22,0x2c,0x7a,0xfa,0xda,0x0b,0xc8, ++ 0x22,0x36,0xec,0x31,0xce,0x6c,0x04,0x6b,0x3b,0x2e,0xdb,0x2d,0xef,0x61,0xf4,0xd2, ++ 0xd8,0x57,0xb2,0xd1,0xcb,0x36,0x96,0xc0,0x23,0xe0,0x8c,0x08,0xd6,0xab,0xd0,0x4d, ++ 0x4f,0x69,0x09,0x2b,0x14,0x58,0x37,0x35,0xb9,0xe9,0x18,0xae,0xe5,0xa3,0x99,0x9d, ++ 0xcb,0xf5,0x8f,0xda,0xd6,0xfc,0xd4,0x7c,0x95,0x92,0x98,0x77,0x03,0x0e,0x54,0xb7, ++ 0x08,0x23,0x5f,0x2a,0x2e,0x11,0xe7,0xc5,0x85,0x84,0x61,0x9a,0xa2,0xfa,0x69,0x31, ++ 0x53,0x44,0xd3,0x65,0x7b,0x55,0x72,0x0a,0x25,0xeb,0xe8,0x8e,0xa0,0x77,0x69,0x72, ++ 0xc9,0xe2,0x24,0x69,0xb7,0xed,0x5d,0xa9,0x6b,0x3c,0x76,0x85,0xf7,0xb0,0x56,0x99, ++ 0x60,0xbd,0x64,0x4f,0x13,0x0b,0x44,0xa0,0xd5,0x51,0xbb,0x0e,0x90,0x2e,0xd6,0x8a, ++ 0xb3,0x84,0xfd,0xc2,0xfa,0xca,0xf7,0x9b,0xbf,0x8d,0x6d,0x37,0x36,0xdf,0xa9,0x52, ++ 0xcd,0x70,0xf4,0x74,0x6f,0x1a,0x4a,0xea,0xc2,0xbd,0xbe,0xca,0x97,0xb7,0x8f,0xc1, ++ 0x77,0x78,0x78,0xc1,0x28,0x59,0x43,0x35,0x52,0xa7,0x7d,0x7f,0x94,0x2e,0x5b,0x60, ++ 0x47,0x69,0x91,0xa1,0xe3,0xd0,0x42,0x7c,0xd6,0x77,0x34,0x5a,0x1c,0xe2,0x06,0x3a, ++ 0x2e,0x0e,0xc5,0x47,0xa9,0xd8,0x21,0xda,0x75,0x9f,0x1a,0x91,0xb5,0x88,0x17,0xbd, ++ 0x0d,0xc4,0xef,0xfc,0x12,0x6f,0x6f,0x4e,0xb0,0xb9,0x11,0xe9,0x04,0xed,0x21,0xdc, ++ 0x43,0x9d,0x65,0x8a,0x77,0x3f,0x97,0xe1,0x79,0xad,0x20,0xbc,0x3c,0x63,0x60,0x9f, ++ 0x28,0x74,0x06,0x2e,0x83,0x5f,0x6a,0xe0,0x8d,0x59,0x65,0x4f,0x9c,0x88,0x61,0xe5, ++ 0x27,0x03,0x9e,0xea,0xc3,0x2b,0x9e,0xed,0x29,0x3b,0xd8,0xb1,0xe0,0xe7,0xc6,0x7b, ++ 0xf1,0xd7,0x55,0x24,0x6a,0x1b,0x06,0x3f,0xf0,0x06,0x32,0xa4,0x6d,0xd5,0xcf,0x69, ++ 0x48,0xf0,0xee,0xd9,0xb6,0x5c,0x59,0x39,0xdf,0xd2,0x14,0x80,0xa6,0x3d,0xf0,0xca, ++ 0xb0,0xa7,0x50,0x9c,0x42,0x45,0xa1,0xbe,0x75,0x47,0xcc,0xc6,0xf7,0x3c,0x72,0x4b, ++ 0x48,0xb7,0x86,0x70,0x12,0xe0,0xca,0x3e,0x47,0x2e,0x0d,0x55,0x06,0x49,0xa7,0x34, ++ 0x44,0x0f,0xef,0xfc,0x8e,0x73,0x68,0x2c,0xb6,0x04,0x53,0xe7,0xa4,0x7e,0x72,0xfe, ++ 0x08,0x74,0xeb,0x40,0xac,0xd0,0xd4,0x8e,0x4e,0x57,0x19,0x74,0x16,0x11,0x2b,0xcd, ++ 0xc8,0xbb,0x7a,0x58,0xbe,0xa7,0x45,0xfd,0xd6,0x4c,0x16,0xf6,0x66,0xc8,0x8d,0x9e, ++ 0x3b,0xd2,0x35,0xb1,0x37,0x20,0x6f,0x6c,0xdb,0xa1,0x90,0xbe,0x65,0xec,0x03,0x3c, ++ 0x19,0x1f,0x67,0x6b,0x42,0x8e,0xc1,0x20,0x5d,0xc5,0xe9,0x45,0x82,0x85,0x08,0xd8, ++ 0x6f,0xd4,0xbc,0x62,0x54,0x02,0xaa,0x68,0x5f,0x60,0x72,0x5e,0xfd,0xb4,0x25,0x96), ++ .out = chunk_from_chars( ++ 0x28,0x10,0x28,0x8a,0x45,0xa5,0x02,0x21,0x1f,0xea,0xde,0x99,0x43,0xb4,0x22,0x4a, ++ 0x3f,0x54,0xcf,0x97,0xf1,0x91,0xb6,0x21,0xd8,0x0a,0x19,0xf3,0xf1,0xb0,0x36,0x6d, ++ 0x5e,0xd7,0x3d,0x19,0x5b,0x73,0x2a,0x15,0xb5,0x99,0x05,0x1a,0x13,0xb7,0xc5,0x84, ++ 0x17,0x55,0x21,0xe3,0xa9,0x7c,0xdb,0x22,0x0c,0x89,0x24,0xb0,0xec,0x23,0x4a,0x94, ++ 0x2e,0x05,0x79,0x67,0x5f,0x19,0x39,0x26,0xab,0x33,0x29,0x70,0x58,0x55,0x53,0xe2, ++ 0x30,0xe3,0x42,0x9c,0x6e,0x8b,0xa7,0x1b,0x93,0x74,0xbd,0x4a,0x8d,0xf9,0x69,0x45, ++ 0x68,0x40,0x52,0x7f,0x2c,0xf6,0x35,0x39,0x2b,0xe9,0xc1,0x7c,0xa8,0x47,0x4c,0xf0, ++ 0x1b,0x33,0x2b,0x81,0x08,0xb5,0x4c,0x48,0xaa,0xfc,0x86,0xac,0x4c,0xfc,0xe7,0x05, ++ 0x8e,0xe1,0x14,0x54,0x0e,0x5a,0x1b,0x95,0x22,0x01,0xee,0x3d,0x0a,0xc9,0xd3,0xe3, ++ 0x3f,0x01,0x80,0x75,0x84,0x33,0x9a,0xc3,0xf4,0x3c,0xcd,0xd3,0x95,0xc5,0x8b,0xb3, ++ 0xf4,0xa4,0xcc,0x5c,0x57,0x87,0x1e,0xa1,0xd3,0xea,0xa8,0xd0,0x30,0x2b,0xb3,0x08, ++ 0xd1,0xd2,0x03,0xaf,0x13,0x14,0x7e,0x87,0xab,0x2b,0x91,0x59,0xae,0x36,0x1e,0xc0, ++ 0x11,0xd6,0x73,0xfe,0x3f,0x16,0x2b,0x39,0x89,0xda,0x34,0x88,0xd8,0xff,0xea,0x2b, ++ 0x51,0xe7,0x46,0x5f,0xad,0xdc,0xa6,0x7d,0x1d,0x54,0xc8,0x94,0x0a,0x8a,0xb6,0x2e, ++ 0x8a,0xbe,0x41,0x45,0xcb,0x25,0x15,0x91,0x25,0x95,0x01,0x19,0xe3,0xc0,0x1a,0x81, ++ 0x35,0x75,0xf0,0xa9,0x59,0xb1,0x43,0xbc,0x31,0xf6,0x2b,0x47,0x34,0xaa,0x45,0xe2), ++}; ++ ++kdf_test_vector_t prf_plus_sha512_1 = { ++ .alg = KDF_PRF_PLUS, .arg.prf = PRF_HMAC_SHA2_512, ++ .key = chunk_from_chars( ++ 0xda,0xf9,0xbd,0x6f,0x2f,0x91,0x2d,0xa5,0x53,0x86,0x79,0x66,0xaf,0x38,0x6e,0x67, ++ 0x90,0x9a,0x8d,0xf0,0xca,0x7e,0x84,0xb8,0x3b,0x35,0x5c,0xb7,0xd7,0xf1,0x02,0x6f, ++ 0x17,0xd8,0xea,0x34,0xb5,0xd5,0x7f,0xd0,0xd1,0xba,0x38,0x95,0x28,0xfc,0xa1,0xe8, ++ 0x1d,0x1c,0x8c,0xe5,0x11,0xb2,0x8a,0x24,0x58,0x24,0x11,0x43,0xfe,0xe3,0x0c,0xcc), ++ .salt = chunk_from_chars( ++ 0xdf,0x79,0x31,0xdb,0x9b,0x42,0x9e,0x10,0xb8,0xaa,0x8e,0x4d,0x46,0x04,0x23,0x93, ++ 0x9b,0xa4,0x0a,0xf9,0x15,0x7f,0x47,0x92,0x53,0x83,0xc7,0xcd,0x3d,0x10,0x46,0xe6), ++ .out = chunk_from_chars( ++ 0x91,0x9a,0x75,0xde,0xae,0xcc,0xbd,0x39,0x3b,0xeb,0xc8,0x96,0x15,0xf8,0xa2,0x15, ++ 0xed,0xb7,0x07,0x3b,0x23,0x19,0xd8,0x67,0x40,0x22,0x1e,0xee,0x7a,0x2d,0xeb,0x92, ++ 0x50,0x90,0x44,0xd7,0xe6,0x1f,0xcb,0x1b,0xf9,0x67,0x6b,0x38,0x81,0xc7,0xce,0xd4, ++ 0x9e,0x6b,0xba,0x15,0x49,0xda,0x31,0x13,0x60,0x16,0x77,0xa2,0x44,0x5d,0x91,0xac, ++ 0x13,0xa5,0x97,0x33,0x57,0x82,0xdd,0x3a,0x9c,0xf4,0x96,0xd9,0xe1,0x9b,0x93,0x2f, ++ 0x27,0xdd,0x35,0xe3,0x6f,0x80,0x70,0xd2,0x32,0xd0,0xa3,0xb3,0xf4,0xc4,0xa0,0xb4, ++ 0xba,0x44,0x70,0x77,0x8d,0xc0,0x90,0xf3,0x1f,0x52,0xab,0x1b,0x6d,0x81,0xe4,0xc7, ++ 0xdf,0xb3,0x50,0x63,0xad,0x96,0xc3,0x27,0xad,0xcd,0xbd,0xe7,0x14,0xcc,0x9a,0x6b, ++ 0x5e,0xf0,0x49,0xb8), ++}; ++ ++kdf_test_vector_t prf_plus_sha512_2 = { ++ .alg = KDF_PRF_PLUS, .arg.prf = PRF_HMAC_SHA2_512, ++ .key = chunk_from_chars( ++ 0xe5,0x70,0xe7,0x48,0x46,0x34,0x30,0x0d,0x7a,0xdd,0xf5,0xa8,0x52,0x7c,0x13,0x8b, ++ 0x76,0x96,0xdb,0xc3,0xd8,0xbe,0x09,0x69,0xb7,0x52,0x15,0x31,0x8a,0x11,0xad,0xa2, ++ 0x13,0x53,0x8f,0x62,0x93,0xb0,0xee,0xe5,0xb3,0x09,0xad,0x8f,0x5d,0x8d,0x94,0xdb, ++ 0xe5,0x73,0x61,0x27,0xe0,0xd2,0x56,0x0f,0x28,0x1c,0x9c,0x58,0x6b,0xf7,0xc8,0x6f), ++ .salt = chunk_from_chars( ++ 0xd8,0x96,0x84,0xe3,0xcb,0x17,0xf3,0xaa,0xbd,0x85,0x3a,0x78,0xdb,0x3e,0xcd,0x5a, ++ 0xac,0xc1,0xed,0x71,0xc7,0x0b,0x88,0xa2,0x97,0x56,0xf4,0x6f,0xc7,0x19,0x7c,0x80, ++ 0x4e,0xc0,0x01,0x54,0x40,0x02,0xa8,0xae,0xa3,0x60,0x68,0x4b,0x18,0x00,0x6d,0xef, ++ 0x0d,0xbd,0x86,0x33,0xb1,0x01,0x9f,0xbc,0xfa,0x85,0xb9,0x4c,0xac,0x2b,0xb8,0x21, ++ 0x25,0x84,0xbe,0x62,0xad,0xab,0x0e,0xe4,0xbb,0x8a,0x36,0xae,0xe2,0x52,0x75,0xef, ++ 0x07,0x13,0x90,0x48,0x0e,0xef,0xa2,0x09,0x2e,0xb3,0x08,0xaa,0x73,0x37,0xc5,0xce, ++ 0xb6,0x06,0x9a,0xb6,0x90,0xe8,0x96,0x2f,0xbf,0xe0,0x98,0x6e,0x4f,0x5c,0x18,0xf4, ++ 0x86,0x86,0x1e,0xd3,0xf1,0xdc,0xbe,0xe4,0xc9,0xe4,0xa7,0x66,0x9d,0x74,0x0c,0xa2, ++ 0xb0,0xe8,0xed,0x40,0x31,0xb0,0xa4,0x99,0xdc,0x31,0x5c,0xed,0xe7,0xef,0x03,0x39, ++ 0x9c,0xbc,0x33,0xdc,0xd6,0x29,0x70,0x34,0x9f,0x12,0x20,0x88,0x1b,0x55,0x45,0x2e, ++ 0x0c,0x6c,0x9b,0x52,0xa8,0x8b,0x67,0xf5,0x97,0x58,0x67,0x95,0xb2,0x25,0x70,0x73, ++ 0x3f,0xd4,0xff,0x2c,0xc2,0xad,0x93,0x1d,0x83,0x30,0x16,0x5a,0x9e,0x45,0x0e,0x38, ++ 0x88,0x59,0xce,0x62,0x4f,0x01,0xdb,0x17,0xc2,0x50,0x2b,0x4e,0x66,0xad,0xf9,0x65, ++ 0x27,0x36,0x3d,0x6f,0x90,0x6b,0x20,0x23,0xe8,0xed,0x74,0xd5,0xaf,0x0a,0xa6,0x02, ++ 0x46,0xb0,0xb9,0x2f,0x49,0xc4,0x93,0x3e,0xf3,0x12,0xf8,0xa2,0x54,0x34,0xee,0x96, ++ 0x98,0xd6,0xd9,0x20,0x43,0x45,0xbd,0x10,0xbb,0x11,0xaa,0x39,0x86,0x56,0x16,0xd5, ++ 0xad,0x1b,0x57,0x44,0x70,0x6c,0xfd,0x4e,0xa1,0x40,0x8e,0x20,0xc8,0xfd,0xcf,0x85, ++ 0x51,0xee,0xe8,0x81,0x4b,0x7b,0x37,0x33,0x0b,0x05,0x26,0xf0,0xbc,0x5e,0xe1,0x5d, ++ 0x4e,0xcd,0xa7,0xa1,0xbd,0x25,0xaa,0x97,0xf2,0x45,0x84,0xd8,0x5d,0x3f,0x52,0x49, ++ 0x69,0x4b,0x9f,0x43,0x53,0x9e,0x69,0xea,0x35,0xbf,0xe7,0xfd,0x44,0x07,0xbc,0x8e, ++ 0x9d,0xca,0x8a,0x9f,0xae,0x4b,0xdc,0x6b,0x7b,0xb3,0x8c,0x6d,0x68,0xf8,0x99,0xe1, ++ 0xd3,0x2c,0x85,0xbc,0xd6,0x17,0xa5,0x67,0x67,0x8c,0xf8,0x5d,0x22,0x17,0xa4,0xe8, ++ 0x6a,0x75,0x56,0x24,0xb6,0x40,0x02,0x35,0x4c,0x02,0x68,0x42,0xbc,0x95,0x42,0x49, ++ 0x1a,0xf1,0xc3,0xd6,0x29,0x09,0x70,0x55,0x9a,0xf1,0x1b,0xdc,0x2c,0x83,0xb5,0x4c, ++ 0x74,0x14,0x49,0x05,0xc0,0xa3,0x58,0xf3,0x15,0x3d,0xb7,0x67,0xa5,0xda,0x2a,0x86, ++ 0x27,0xf6,0x96,0x27,0xe1,0xd4,0x1e,0xde,0x9c,0x90,0x7c,0x79,0xb5,0x1f,0xf8,0x15, ++ 0xe4,0x64,0x5c,0x33,0x75,0xe0,0xf6,0x3f,0x84,0xfc,0xf5,0xd7,0xc3,0x40,0x7a,0x1d, ++ 0xd6,0x83,0x9e,0x19,0x06,0xa1,0xe3,0x80,0x2c,0xcf,0x5e,0x82,0x30,0xd9,0x5c,0xf4, ++ 0xb8,0x27,0xb4,0x1c,0x48,0x34,0x25,0xa8,0xa6,0x0b,0xfa,0x51,0x89,0xda,0xc4,0x38, ++ 0x06,0x0f,0x2f,0x5c,0xd5,0x26,0x66,0x2f,0x29,0x06,0xc1,0xdd,0x64,0xf4,0x84,0x4e, ++ 0x94,0x2c,0xa8,0x4d,0xae,0xce,0x6d,0xd7,0xbb,0xf7,0x19,0x4d,0x8c,0xe5,0x6b,0xc2, ++ 0x83,0x10,0x85,0xa7,0xd3,0x10,0xe4,0x94,0x4c,0xfa,0xe7,0x62,0x60,0xaa,0xbf,0x6b, ++ 0x60,0x9d,0x88,0x78,0x9b,0x8a,0x1a,0xbf,0x50,0x01,0x86,0xc3,0xd9,0x7e,0xd2,0xab), ++ .out = chunk_from_chars( ++ 0x98,0x7f,0xad,0xd8,0x04,0x99,0x45,0x67,0xd5,0x7f,0x98,0x9b,0x6c,0xda,0x66,0xef, ++ 0xbf,0xfc,0xab,0x28,0xac,0x3e,0x3b,0xc6,0x10,0x78,0x05,0x95,0x4e,0xb1,0xea,0xd0, ++ 0xce,0xa6,0xfb,0x49,0xaa,0x96,0x1c,0xbe,0x98,0xfd,0xad,0x57,0xdd,0x9c,0x45,0x56, ++ 0x7c,0xe4,0x96,0x74,0x78,0x62,0xf8,0x8b,0xcd,0x9f,0xc5,0x75,0x59,0xa0,0x7e,0xa9, ++ 0x27,0xa4,0x20,0x82,0xba,0x87,0xe0,0xf5,0x1b,0x3d,0x5b,0x8c,0xbd,0xea,0xdd,0xed, ++ 0xa3,0xae,0x4c,0x73,0xb1,0xa5,0x1d,0xd0,0xdc,0xe3,0xcc,0x8e,0xb3,0xb1,0x41,0x9b, ++ 0x93,0xf2,0x9d,0xc6,0x52,0x2b,0x2f,0x5e,0x93,0x75,0x23,0x82,0x03,0xec,0xa9,0x8e, ++ 0xd8,0x6b,0xf1,0xe6,0x86,0x8a,0xb4,0x28,0xd8,0x63,0xa5,0xf3,0xb9,0x87,0xd6,0xc0, ++ 0xf9,0x57,0xaf,0x08,0xa1,0x63,0x1f,0x7c,0xdc,0x00,0x8c,0xbb,0xff,0xc2,0x4b,0x02, ++ 0x93,0x1a,0x02,0x01,0x94,0xe3,0x68,0xd6,0xb5,0x70,0x2e,0x7f,0x8b,0x96,0x0d,0xbc, ++ 0x93,0xca,0x56,0xed,0x5a,0x68,0xda,0xe0,0x20,0x69,0x94,0xed,0xf1,0x47,0x6f,0x5f, ++ 0xa3,0x4e,0xfb,0xda,0xa9,0x73,0xd2,0x7b,0xa3,0x68,0xce,0xdc,0xc6,0x66,0xd7,0x63, ++ 0xbd,0x6a,0xd5,0x60,0x57,0x38,0x51,0xbf,0xfb,0x70,0x99,0xaf,0x58,0x8f,0x34,0xff, ++ 0x2e,0x59,0x9b,0x0e,0x87,0xf7,0x0a,0x7f,0x4a,0xa4,0x8e,0x95,0x1d,0x0c,0x5c,0x30, ++ 0xdd,0xfc,0x1f,0x98,0xc1,0x28,0x63,0x15,0x90,0xcd,0xe0,0x0a,0x7c,0x93,0x15,0x8d, ++ 0xbf,0x4c,0xaa,0x53,0x7b,0x31,0x59,0x31,0xb7,0x14,0xd7,0x2f,0x4d,0x2a,0x01,0xc9), ++}; +Index: strongswan-5.9.5/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c +=================================================================== +--- strongswan-5.9.5.orig/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c ++++ strongswan-5.9.5/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c +@@ -25,6 +25,7 @@ + #define TEST_VECTOR_HASHER(x) extern hasher_test_vector_t x; + #define TEST_VECTOR_PRF(x) extern prf_test_vector_t x; + #define TEST_VECTOR_XOF(x) extern xof_test_vector_t x; ++#define TEST_VECTOR_KDF(x) extern kdf_test_vector_t x; + #define TEST_VECTOR_DRBG(x) extern drbg_test_vector_t x; + #define TEST_VECTOR_RNG(x) extern rng_test_vector_t x; + #define TEST_VECTOR_DH(x) extern dh_test_vector_t x; +@@ -37,6 +38,7 @@ + #undef TEST_VECTOR_HASHER + #undef TEST_VECTOR_PRF + #undef TEST_VECTOR_XOF ++#undef TEST_VECTOR_KDF + #undef TEST_VECTOR_DRBG + #undef TEST_VECTOR_RNG + #undef TEST_VECTOR_DH +@@ -47,6 +49,7 @@ + #define TEST_VECTOR_HASHER(x) + #define TEST_VECTOR_PRF(x) + #define TEST_VECTOR_XOF(x) ++#define TEST_VECTOR_KDF(x) + #define TEST_VECTOR_DRBG(x) + #define TEST_VECTOR_RNG(x) + #define TEST_VECTOR_DH(x) +@@ -100,6 +103,14 @@ static xof_test_vector_t *xof[] = { + #undef TEST_VECTOR_XOF + #define TEST_VECTOR_XOF(x) + ++#undef TEST_VECTOR_KDF ++#define TEST_VECTOR_KDF(x) &x, ++static kdf_test_vector_t *kdf[] = { ++#include "test_vectors.h" ++}; ++#undef TEST_VECTOR_KDF ++#define TEST_VECTOR_KDF(x) ++ + #undef TEST_VECTOR_DRBG + #define TEST_VECTOR_DRBG(x) &x, + static drbg_test_vector_t *drbg[] = { +@@ -208,6 +219,11 @@ plugin_t *test_vectors_plugin_create() + lib->crypto->add_test_vector(lib->crypto, + EXTENDED_OUTPUT_FUNCTION, xof[i]); + } ++ for (i = 0; i < countof(kdf); i++) ++ { ++ lib->crypto->add_test_vector(lib->crypto, ++ KEY_DERIVATION_FUNCTION, kdf[i]); ++ } + for (i = 0; i < countof(drbg); i++) + { + lib->crypto->add_test_vector(lib->crypto, +Index: strongswan-5.9.5/src/libstrongswan/plugins/wolfssl/Makefile.am +=================================================================== +--- strongswan-5.9.5.orig/src/libstrongswan/plugins/wolfssl/Makefile.am ++++ strongswan-5.9.5/src/libstrongswan/plugins/wolfssl/Makefile.am +@@ -24,6 +24,7 @@ libstrongswan_wolfssl_la_SOURCES = \ + wolfssl_ed_public_key.h wolfssl_ed_public_key.c \ + wolfssl_hasher.h wolfssl_hasher.c \ + wolfssl_hmac.h wolfssl_hmac.c \ ++ wolfssl_kdf.h wolfssl_kdf.c \ + wolfssl_rsa_public_key.h wolfssl_rsa_public_key.c \ + wolfssl_rsa_private_key.h wolfssl_rsa_private_key.c \ + wolfssl_rng.h wolfssl_rng.c \ +Index: strongswan-5.9.5/src/libstrongswan/plugins/wolfssl/wolfssl_kdf.c +=================================================================== +--- /dev/null ++++ strongswan-5.9.5/src/libstrongswan/plugins/wolfssl/wolfssl_kdf.c +@@ -0,0 +1,161 @@ ++/* ++ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH ++ * ++ * Permission is hereby granted, free of charge, to any person obtaining a copy ++ * of this software and associated documentation files (the "Software"), to deal ++ * in the Software without restriction, including without limitation the rights ++ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell ++ * copies of the Software, and to permit persons to whom the Software is ++ * furnished to do so, subject to the following conditions: ++ * ++ * The above copyright notice and this permission notice shall be included in ++ * all copies or substantial portions of the Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ++ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ++ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN ++ * THE SOFTWARE. ++ */ ++ ++#include "wolfssl_common.h" ++ ++#if !defined(NO_HMAC) && defined(HAVE_HKDF) ++ ++#include ++ ++#define _GNU_SOURCE ++#include "wolfssl_kdf.h" ++#include "wolfssl_util.h" ++ ++typedef struct private_kdf_t private_kdf_t; ++ ++/** ++ * Private data. ++ */ ++struct private_kdf_t { ++ ++ /** ++ * Public interface. ++ */ ++ kdf_t public; ++ ++ /** ++ * Hash algorithm type. ++ */ ++ int type; ++ ++ /** ++ * Key for KDF. ++ */ ++ chunk_t key; ++ ++ /** ++ * Salt for KDF. ++ */ ++ chunk_t salt; ++}; ++ ++METHOD(kdf_t, get_type, key_derivation_function_t, ++ private_kdf_t *this) ++{ ++ return KDF_PRF_PLUS; ++} ++ ++METHOD(kdf_t, get_bytes, bool, ++ private_kdf_t *this, size_t out_len, uint8_t *buffer) ++{ ++ if (wc_HKDF_Expand(this->type, this->key.ptr, this->key.len, ++ this->salt.ptr, this->salt.len, buffer, out_len)) ++ { ++ return FALSE; ++ } ++ return TRUE; ++} ++ ++METHOD(kdf_t, allocate_bytes, bool, ++ private_kdf_t *this, size_t out_len, chunk_t *chunk) ++{ ++ *chunk = chunk_alloc(out_len); ++ ++ if (!get_bytes(this, out_len, chunk->ptr)) ++ { ++ chunk_free(chunk); ++ return FALSE; ++ } ++ return TRUE; ++} ++ ++METHOD(kdf_t, set_param, bool, ++ private_kdf_t *this, kdf_param_t param, ...) ++{ ++ chunk_t chunk; ++ ++ switch (param) ++ { ++ case KDF_PARAM_KEY: ++ VA_ARGS_GET(param, chunk); ++ chunk_clear(&this->key); ++ this->key = chunk_clone(chunk); ++ break; ++ case KDF_PARAM_SALT: ++ VA_ARGS_GET(param, chunk); ++ chunk_clear(&this->salt); ++ this->salt = chunk_clone(chunk); ++ break; ++ } ++ return TRUE; ++} ++ ++METHOD(kdf_t, destroy, void, ++ private_kdf_t *this) ++{ ++ chunk_clear(&this->salt); ++ chunk_clear(&this->key); ++ free(this); ++} ++ ++/* ++ * Described in header ++ */ ++kdf_t *wolfssl_kdf_create(key_derivation_function_t algo, va_list args) ++{ ++ private_kdf_t *this; ++ pseudo_random_function_t prf_alg; ++ enum wc_HashType type; ++ char buf[8]; ++ ++ if (algo != KDF_PRF_PLUS) ++ { ++ return NULL; ++ } ++ ++ VA_ARGS_VGET(args, prf_alg); ++ if (!wolfssl_hash2type(hasher_algorithm_from_prf(prf_alg), &type)) ++ { ++ return NULL; ++ } ++ ++ INIT(this, ++ .public = { ++ .get_type = _get_type, ++ .get_bytes = _get_bytes, ++ .allocate_bytes = _allocate_bytes, ++ .set_param = _set_param, ++ .destroy = _destroy, ++ }, ++ .type = type, ++ ); ++ ++ /* test if we can actually use the algorithm */ ++ if (!get_bytes(this, sizeof(buf), buf)) ++ { ++ destroy(this); ++ return NULL; ++ } ++ return &this->public; ++} ++ ++#endif /* !NO_HMAC && HAVE_HKDF */ +Index: strongswan-5.9.5/src/libstrongswan/plugins/wolfssl/wolfssl_kdf.h +=================================================================== +--- /dev/null ++++ strongswan-5.9.5/src/libstrongswan/plugins/wolfssl/wolfssl_kdf.h +@@ -0,0 +1,45 @@ ++/* ++ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH ++ * ++ * Permission is hereby granted, free of charge, to any person obtaining a copy ++ * of this software and associated documentation files (the "Software"), to deal ++ * in the Software without restriction, including without limitation the rights ++ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell ++ * copies of the Software, and to permit persons to whom the Software is ++ * furnished to do so, subject to the following conditions: ++ * ++ * The above copyright notice and this permission notice shall be included in ++ * all copies or substantial portions of the Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ++ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ++ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN ++ * THE SOFTWARE. ++ */ ++ ++/** ++ * Implements key derivation functions (KDF) using wolfSSL, in particular prf+, ++ * which is implemented via wolfSSL's HKDF implementation. ++ * ++ * @defgroup wolfssl_kdf wolfssl_kdf ++ * @{ @ingroup wolfssl_p ++ */ ++ ++#ifndef WOLFSSL_KDF_H_ ++#define WOLFSSL_KDF_H_ ++ ++#include ++ ++/** ++ * Creates a new kdf_t object. ++ * ++ * @param algo algorithm to instantiate ++ * @param args algorithm-specific arguments ++ * @return kdf_t object, NULL if not supported ++ */ ++kdf_t *wolfssl_kdf_create(key_derivation_function_t algo, va_list args); ++ ++#endif /** WOLFSSL_KDF_H_ @}*/ +Index: strongswan-5.9.5/src/libstrongswan/plugins/wolfssl/wolfssl_plugin.c +=================================================================== +--- strongswan-5.9.5.orig/src/libstrongswan/plugins/wolfssl/wolfssl_plugin.c ++++ strongswan-5.9.5/src/libstrongswan/plugins/wolfssl/wolfssl_plugin.c +@@ -36,6 +36,7 @@ + #include "wolfssl_ed_public_key.h" + #include "wolfssl_hasher.h" + #include "wolfssl_hmac.h" ++#include "wolfssl_kdf.h" + #include "wolfssl_rsa_private_key.h" + #include "wolfssl_rsa_public_key.h" + #include "wolfssl_rng.h" +@@ -185,6 +186,10 @@ METHOD(plugin_t, get_features, int, + PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_256), + PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_512), + #endif ++#ifdef HAVE_HKDF ++ PLUGIN_REGISTER(KDF, wolfssl_kdf_create), ++ PLUGIN_PROVIDE(KDF, KDF_PRF_PLUS), ++#endif + #endif /* NO_HMAC */ + #if (!defined(NO_AES) && (defined(HAVE_AESGCM) || defined(HAVE_AESCCM))) || \ + (defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) +Index: strongswan-5.9.5/src/libstrongswan/tests/suites/test_prf_plus.c +=================================================================== +--- strongswan-5.9.5.orig/src/libstrongswan/tests/suites/test_prf_plus.c ++++ strongswan-5.9.5/src/libstrongswan/tests/suites/test_prf_plus.c +@@ -15,129 +15,138 @@ + + #include "test_suite.h" + +-#include ++#include + + static struct { + chunk_t key; + chunk_t seed; +- chunk_t iterations[10]; +-} counter_data[] = { ++ chunk_t expected; ++} test_data[] = { + { .key = chunk_from_chars(0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b, + 0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b, + 0x0b,0x0b,0x0b,0x0b), + .seed = chunk_from_chars(0x48,0x69,0x20,0x54,0x68,0x65,0x72,0x65), +- .iterations = { +- chunk_from_chars(0xb9,0xbd,0xc0), +- chunk_from_chars(0x89,0x88,0xb4,0xc2,0xb7,0x5a), +- chunk_from_chars(0xa9,0x3e,0x59,0x6a,0xc8,0x42,0x05), +- chunk_from_chars(0xfa,0x2d,0xdd,0xe1,0xbf,0x7a,0x25,0x72, +- 0x06,0x7b,0x00,0xe1,0x4b,0x23,0x77,0x32), +- chunk_from_chars(0x83,0x05,0x09,0x98,0x1a,0xd2,0xf9,0x4a), +- chunk_from_chars(0x8c,0x32,0xa4,0x7d,0xaa,0x22,0x55,0xb6), +- chunk_from_chars(0x60,0xc4,0x36,0x34,0x7a,0xe7,0x56,0xa6, +- 0xed,0xc0,0x23,0x47,0x7d,0x80), +- chunk_from_chars(0x95,0x90,0xe6,0x82,0xf6,0x1d,0x9c,0x04, +- 0xb0,0x6b,0x4a,0xd9,0x71,0xa3,0x4c,0x81, +- 0x47,0xfa,0x66,0x79), +- chunk_from_chars(0x2f,0xf1,0x43,0x4b,0x93,0xc7,0x22,0xb3, +- 0x2e,0x12,0xf4,0x88,0x32,0xeb,0xc1,0x5c, +- 0xe2,0x36,0x9c,0xe7,0x1f,0xe9,0xb7,0xb8, +- 0x1e,0x57,0x04,0xc1,0x4d,0x0f,0x52,0x80, +- 0xa6,0xec,0x62,0x6e,0x99,0x2d,0x7a,0x9f), +- }, ++ .expected = chunk_from_chars(0xb9,0xbd,0xc0,0x89,0x88,0xb4,0xc2,0xb7, ++ 0x5a,0xa9,0x3e,0x59,0x6a,0xc8,0x42,0x05, ++ 0xfa,0x2d,0xdd,0xe1,0xbf,0x7a,0x25,0x72, ++ 0x06,0x7b,0x00,0xe1,0x4b,0x23,0x77,0x32, ++ 0x83,0x05,0x09,0x98,0x1a,0xd2,0xf9,0x4a, ++ 0x8c,0x32,0xa4,0x7d,0xaa,0x22,0x55,0xb6, ++ 0x60,0xc4,0x36,0x34,0x7a,0xe7,0x56,0xa6, ++ 0xed,0xc0,0x23,0x47,0x7d,0x80,0x95,0x90, ++ 0xe6,0x82,0xf6,0x1d,0x9c,0x04,0xb0,0x6b, ++ 0x4a,0xd9,0x71,0xa3,0x4c,0x81,0x47,0xfa, ++ 0x66,0x79,0x2f,0xf1,0x43,0x4b,0x93,0xc7, ++ 0x22,0xb3,0x2e,0x12,0xf4,0x88,0x32,0xeb, ++ 0xc1,0x5c,0xe2,0x36,0x9c,0xe7,0x1f,0xe9, ++ 0xb7,0xb8,0x1e,0x57,0x04,0xc1,0x4d,0x0f, ++ 0x52,0x80,0xa6,0xec,0x62,0x6e,0x99,0x2d, ++ 0x7a,0x9f), ++ }, ++ /* change the key, keep the seed */ ++ { .key = chunk_from_chars(0x0a,0x0a,0x0a,0x0a,0x0a,0x0a,0x0a,0x0a, ++ 0x0a,0x0a,0x0a,0x0a,0x0a,0x0a,0x0a,0x0a, ++ 0x0a,0x0a,0x0a,0x0a), ++ .expected = chunk_from_chars(0x1a,0x2f,0xc7,0x4a,0x06,0x8c,0xae,0x76, ++ 0xfa,0xb3,0xd6,0x34,0xae,0xe9,0x81,0x55, ++ 0x11,0x6a,0x4b,0x21,0xe1,0x0d,0x1b,0x16, ++ 0x45,0x7a,0x06,0xd9,0x42,0x27,0x93,0x98, ++ 0xf7,0x4d,0xf1,0x59,0xc1,0x25,0x21,0xae, ++ 0xe6,0xf4,0x80,0x01,0xe5,0x86,0x8e,0xa7, ++ 0x4b,0x1e,0x13,0xd1,0xcf,0xdc,0xb7,0x7b, ++ 0xf8,0xcf,0x75,0x2c,0x67,0x13,0x18,0x7a, ++ 0x38,0x55,0xba,0x4b,0xf2,0x57,0x55,0xcd, ++ 0x96,0x20,0xcb,0xe3,0xc4,0x8a,0x7f,0xa3, ++ 0x86,0xa5,0xc6,0x26,0x8e,0x57,0xd8,0xe0, ++ 0xb6,0xf9,0x8a,0x41,0x16,0x82,0x64,0x8a), ++ }, ++ /* change the seed, keep the key */ ++ { .seed = chunk_from_chars(0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, ++ 0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10), ++ .expected = chunk_from_chars(0x8b,0x90,0x9c,0xbc,0xbb,0xf1,0x72,0x63, ++ 0x6b,0x4e,0x63,0xcd,0x7e,0xc5,0xe3,0x45, ++ 0x57,0x3e,0xbf,0x72,0x8f,0x62,0xa4,0x9b, ++ 0x83,0x7b,0xd9,0x53,0xc0,0x0c,0xad,0x3d, ++ 0x19,0x16,0x28,0x81,0x85,0xf9,0x27,0xb6, ++ 0xc4,0x0c,0x48,0x31,0x45,0x12,0x3b,0x5a, ++ 0xb8,0x47,0xd0,0x19,0x6e,0x6b,0x1c,0x5a, ++ 0x2a,0xc1,0xe5,0x1e,0xc5,0x43,0xcc,0xd4, ++ 0x28,0xba,0x30,0x4b,0x5e,0xad,0x97,0xa7, ++ 0xc0,0x9d,0x13,0xdd,0xfb,0x4a,0x42,0x43, ++ 0x87,0xd6,0x22,0xf6,0x03,0x19,0x21,0x31, ++ 0x6a,0xa6,0x38,0x44,0xa5,0x61,0xf6,0x23, ++ 0x0c,0x50,0x14,0xcc,0xce,0x09,0x5f,0xb3, ++ 0xcc,0xe4,0xcb,0x8f,0x43,0xdc,0x2b,0x65, ++ 0xfd,0x42,0xcc,0xeb,0x49,0x0e,0xcb,0xeb, ++ 0x47,0x30,0xb5,0x18,0x6d,0x34,0x7a,0xea, ++ 0xad,0xfd,0x66,0xa7,0x7e,0xd3,0x3f,0x42, ++ 0xdf,0x75,0x54,0xef,0x5f,0x4f,0x7e,0x26, ++ 0xf9,0x38,0x73,0x26,0x92,0x7a,0xc7,0x80), + }, + }; + +-START_TEST(test_vectors_counter) ++START_TEST(test_params) + { +- prf_plus_t *prf_plus; +- prf_t *prf; +- chunk_t *iter = counter_data[_i].iterations, out; +- +- prf = lib->crypto->create_prf(lib->crypto, PRF_HMAC_SHA2_256); +- ck_assert(prf->set_key(prf, counter_data[_i].key)); +- prf_plus = prf_plus_create(prf, TRUE, counter_data[_i].seed); +- while (iter->ptr) ++ kdf_t *kdf; ++ chunk_t out; ++ int i; ++ ++ kdf = lib->crypto->create_kdf(lib->crypto, KDF_PRF_PLUS, PRF_HMAC_SHA2_256); ++ if (!kdf) + { +- ck_assert(prf_plus->allocate_bytes(prf_plus, iter->len, &out)); +- ck_assert_chunk_eq(*iter, out); ++ warn("%N (%N) not supported", key_derivation_function_names, ++ KDF_PRF_PLUS, pseudo_random_function_names, PRF_HMAC_SHA2_256); ++ return; ++ } ++ for (i = 0; i < countof(test_data); i++) ++ { ++ if (test_data[i].key.len) ++ { ++ ck_assert(kdf->set_param(kdf, KDF_PARAM_KEY, test_data[i].key)); ++ } ++ if (test_data[i].seed.len) ++ { ++ ck_assert(kdf->set_param(kdf, KDF_PARAM_SALT, test_data[i].seed)); ++ } ++ ck_assert(kdf->allocate_bytes(kdf, test_data[i].expected.len, &out)); ++ ck_assert_chunk_eq(test_data[i].expected, out); ++ chunk_free(&out); ++ /* same output the second time */ ++ ck_assert(kdf->allocate_bytes(kdf, test_data[i].expected.len, &out)); ++ ck_assert_chunk_eq(test_data[i].expected, out); + chunk_free(&out); +- iter++; + } +- prf_plus->destroy(prf_plus); +- prf->destroy(prf); ++ kdf->destroy(kdf); + } + END_TEST + + START_TEST(test_wrap) + { +- prf_plus_t *prf_plus; +- prf_t *prf; +- u_char buf[32]; +- int i; ++ kdf_t *kdf; ++ chunk_t out; + +- prf = lib->crypto->create_prf(lib->crypto, PRF_HMAC_SHA2_256); +- ck_assert(prf->set_key(prf, counter_data[0].key)); +- prf_plus = prf_plus_create(prf, TRUE, counter_data[0].seed); +- for (i = 1; i < 256; i++) ++ kdf = lib->crypto->create_kdf(lib->crypto, KDF_PRF_PLUS, PRF_HMAC_SHA2_256); ++ if (!kdf) + { +- ck_assert(prf_plus->get_bytes(prf_plus, sizeof(buf), buf)); ++ warn("%N (%N) not supported", key_derivation_function_names, ++ KDF_PRF_PLUS, pseudo_random_function_names, PRF_HMAC_SHA2_256); ++ return; + } +- ck_assert(!prf_plus->get_bytes(prf_plus, sizeof(buf), buf)); +- prf_plus->destroy(prf_plus); +- prf->destroy(prf); +-} +-END_TEST ++ ck_assert(kdf->set_param(kdf, KDF_PARAM_KEY, test_data[0].key)); ++ ck_assert(kdf->set_param(kdf, KDF_PARAM_SALT, test_data[0].seed)); + +-static struct { +- chunk_t key; +- chunk_t seed; +- chunk_t iterations[10]; +-} classic_data[] = { +- { .key = chunk_from_chars(0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b, +- 0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b, +- 0x0b,0x0b,0x0b,0x0b), +- .seed = chunk_from_chars(0x48,0x69,0x20,0x54,0x68,0x65,0x72,0x65), +- .iterations = { +- chunk_from_chars(0xb0,0x34,0x4c), +- chunk_from_chars(0x61,0xd8,0xdb,0x38,0x53,0x5c), +- chunk_from_chars(0xa8,0xaf,0xce,0xaf,0x0b,0xf1,0x2b), +- chunk_from_chars(0x88,0x1d,0xc2,0x00,0xc9,0x83,0x3d,0xa7, +- 0x26,0xe9,0x37,0x6c,0x2e,0x32,0xcf,0xf7), +- chunk_from_chars(0xd0,0x9a,0xe2,0x4b,0x3a,0x83,0xff,0xd4), +- chunk_from_chars(0xb1,0xef,0xa5,0x94,0x5c,0xc5,0xed,0x85), +- chunk_from_chars(0xb0,0xb2,0xcc,0x56,0xfc,0xf7,0x5d,0x23, +- 0xa0,0xa3,0x4c,0xa4,0xdb,0xff,), +- chunk_from_chars(0xea,0xfd,0xaa,0x6a,0x3b,0xf4,0x11,0x34, +- 0x24,0xe4,0x50,0x2d,0xf9,0x7a,0x76,0x93, +- 0x24,0xf6,0x11,0x24), +- chunk_from_chars(0x24,0x3b,0x99,0x6e,0x7d,0x0f,0x35,0x99, +- 0x88,0x79,0x73,0x6b,0xdb,0x70,0x65,0x9a, +- 0x6e,0xfa,0xd2,0x39,0x94,0x10,0xe6,0xce, +- 0x80,0x45,0x6e,0xb6,0x07,0x07,0x8f,0xe1, +- 0xc4,0x7c,0x6b,0x5e,0x81,0x65,0x47,0x8a), +- }, +- }, +-}; +- +-START_TEST(test_vectors_classic) +-{ +- prf_plus_t *prf_plus; +- prf_t *prf; +- chunk_t *iter = classic_data[_i].iterations, out; +- +- prf = lib->crypto->create_prf(lib->crypto, PRF_HMAC_SHA2_256); +- ck_assert(prf->set_key(prf, classic_data[_i].key)); +- prf_plus = prf_plus_create(prf, FALSE, classic_data[_i].seed); +- while (iter->ptr) +- { +- ck_assert(prf_plus->allocate_bytes(prf_plus, iter->len, &out)); +- ck_assert_chunk_eq(*iter, out); +- chunk_free(&out); +- iter++; ++ /* the 1-byte counter overflows after 255 blocks of the underlying PRF */ ++ out = chunk_alloc(32 * 255 + 1); ++ ck_assert(kdf->get_bytes(kdf, out.len - 2, out.ptr)); ++ if (!kdf->get_bytes(kdf, out.len - 1, out.ptr)) ++ { /* Botan 3.x has a check for (len/bs) >= 255 blocks, so we allow this */ ++ warn("unable to generate maximum-sized key for %N (%N) but maximum-1 " ++ "is fine", key_derivation_function_names, KDF_PRF_PLUS, ++ pseudo_random_function_names, PRF_HMAC_SHA2_256); + } +- prf_plus->destroy(prf_plus); +- prf->destroy(prf); ++ ck_assert(!kdf->get_bytes(kdf, out.len, out.ptr)); ++ chunk_free(&out); ++ kdf->destroy(kdf); + } + END_TEST + +@@ -148,13 +157,12 @@ Suite *prf_plus_suite_create() + + s = suite_create("prf_plus"); + +- tc = tcase_create("counter"); +- tcase_add_loop_test(tc, test_vectors_counter, 0, countof(counter_data)); +- tcase_add_test(tc, test_wrap); ++ tc = tcase_create("params"); ++ tcase_add_test(tc, test_params); + suite_add_tcase(s, tc); + +- tc = tcase_create("no counter"); +- tcase_add_loop_test(tc, test_vectors_classic, 0, countof(classic_data)); ++ tc = tcase_create("wrap"); ++ tcase_add_test(tc, test_wrap); + suite_add_tcase(s, tc); + + return s; +Index: strongswan-5.9.5/src/libstrongswan/tests/suites/test_vectors.c +=================================================================== +--- strongswan-5.9.5.orig/src/libstrongswan/tests/suites/test_vectors.c ++++ strongswan-5.9.5/src/libstrongswan/tests/suites/test_vectors.c +@@ -29,6 +29,7 @@ static transform_type_t tfs[] = { + HASH_ALGORITHM, + PSEUDO_RANDOM_FUNCTION, + EXTENDED_OUTPUT_FUNCTION, ++ KEY_DERIVATION_FUNCTION, + DETERMINISTIC_RANDOM_BIT_GENERATOR, + RANDOM_NUMBER_GENERATOR, + DIFFIE_HELLMAN_GROUP, +Index: strongswan-5.9.5/src/libstrongswan/tests/tests.h +=================================================================== +--- strongswan-5.9.5.orig/src/libstrongswan/tests/tests.h ++++ strongswan-5.9.5/src/libstrongswan/tests/tests.h +@@ -55,7 +55,7 @@ TEST_SUITE(asn1_parser_suite_create) + TEST_SUITE(rng_tester_suite_create) + TEST_SUITE_DEPEND(mgf1_sha1_suite_create, XOF, XOF_MGF1_SHA1) + TEST_SUITE_DEPEND(mgf1_sha256_suite_create, XOF, XOF_MGF1_SHA256) +-TEST_SUITE_DEPEND(prf_plus_suite_create, PRF, PRF_HMAC_SHA2_256) ++TEST_SUITE_DEPEND(prf_plus_suite_create, KDF, KDF_PRF_PLUS) + TEST_SUITE_DEPEND(ntru_suite_create, DH, NTRU_112_BIT) + TEST_SUITE_DEPEND(fetch_http_suite_create, FETCHER, "http://") + TEST_SUITE_DEPEND(ed25519_suite_create, PRIVKEY_GEN, KEY_ED25519) +Index: strongswan-5.9.5/src/libstrongswan/utils/leak_detective.c +=================================================================== +--- strongswan-5.9.5.orig/src/libstrongswan/utils/leak_detective.c ++++ strongswan-5.9.5/src/libstrongswan/utils/leak_detective.c +@@ -636,6 +636,7 @@ static char *whitelist[] = { + "botan_privkey_create", + "botan_privkey_load_ecdh", + "botan_privkey_load", ++ "botan_kdf", + }; + + /** +Index: strongswan-5.9.5/src/libtls/tls_hkdf.c +=================================================================== +--- strongswan-5.9.5.orig/src/libtls/tls_hkdf.c ++++ strongswan-5.9.5/src/libtls/tls_hkdf.c +@@ -18,7 +18,6 @@ + #include "tls_hkdf.h" + + #include +-#include + + typedef struct private_tls_hkdf_t private_tls_hkdf_t; + +@@ -52,6 +51,11 @@ struct private_tls_hkdf_t { + prf_t *prf; + + /** ++ * prf+ implementation. ++ */ ++ kdf_t *prf_plus; ++ ++ /** + * Hasher used. + */ + hasher_t *hasher; +@@ -115,7 +119,6 @@ static bool extract(private_tls_hkdf_t * + } + + DBG4(DBG_TLS, "PRK: %B", prk); +- + return TRUE; + } + +@@ -126,24 +129,15 @@ static bool extract(private_tls_hkdf_t * + static bool expand(private_tls_hkdf_t *this, chunk_t prk, chunk_t info, + size_t length, chunk_t *okm) + { +- prf_plus_t *prf_plus; +- +- if (!this->prf->set_key(this->prf, prk)) +- { +- DBG1(DBG_TLS, "unable to set PRF secret to PRK"); +- return FALSE; +- } +- prf_plus = prf_plus_create(this->prf, TRUE, info); +- if (!prf_plus || !prf_plus->allocate_bytes(prf_plus, length, okm)) ++ if (!this->prf_plus->set_param(this->prf_plus, KDF_PARAM_KEY, prk) || ++ !this->prf_plus->set_param(this->prf_plus, KDF_PARAM_SALT, info) || ++ !this->prf_plus->allocate_bytes(this->prf_plus, length, okm)) + { + DBG1(DBG_TLS, "unable to allocate PRF+ result"); +- DESTROY_IF(prf_plus); + return FALSE; + } +- prf_plus->destroy(prf_plus); + + DBG4(DBG_TLS, "OKM: %B", okm); +- + return TRUE; + } + +@@ -681,6 +675,7 @@ METHOD(tls_hkdf_t, destroy, void, + destroy_secrets(&this->handshake_traffic_secrets); + destroy_secrets(&this->traffic_secrets); + DESTROY_IF(this->prf); ++ DESTROY_IF(this->prf_plus); + DESTROY_IF(this->hasher); + free(this); + } +@@ -720,16 +715,23 @@ tls_hkdf_t *tls_hkdf_create(hash_algorit + .phase = HKDF_PHASE_0, + .psk = psk.ptr ? chunk_clone(psk) : chunk_empty, + .prf = lib->crypto->create_prf(lib->crypto, prf_algorithm), ++ .prf_plus = lib->crypto->create_kdf(lib->crypto, KDF_PRF_PLUS, ++ prf_algorithm), + .hasher = lib->crypto->create_hasher(lib->crypto, hash_algorithm), + ); + +- if (!this->prf || !this->hasher) ++ if (!this->prf || !this->prf_plus || !this->hasher) + { + if (!this->prf) + { + DBG1(DBG_TLS, "%N not supported", pseudo_random_function_names, + prf_algorithm); + } ++ if (!this->prf_plus) ++ { ++ DBG1(DBG_TLS, "%N (%N) not supported", key_derivation_function_names, ++ KDF_PRF_PLUS, pseudo_random_function_names, prf_algorithm); ++ } + if (!this->hasher) + { + DBG1(DBG_TLS, "%N not supported", hash_algorithm_names, +Index: strongswan-5.9.5/testing/hosts/alice/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/hosts/alice/etc/strongswan.conf ++++ strongswan-5.9.5/testing/hosts/alice/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici ++ load = sha1 sha2 md5 aes des hmac kdf pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici + } +Index: strongswan-5.9.5/testing/hosts/bob/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/hosts/bob/etc/strongswan.conf ++++ strongswan-5.9.5/testing/hosts/bob/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici ++ load = sha1 sha2 md5 aes des hmac kdf pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici + } +Index: strongswan-5.9.5/testing/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici ++ load = sha1 sha2 md5 aes des hmac kdf pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici + } +Index: strongswan-5.9.5/testing/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici ++ load = sha1 sha2 md5 aes des hmac kdf pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici + } +Index: strongswan-5.9.5/testing/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici ++ load = sha1 sha2 md5 aes des hmac kdf pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici + } +Index: strongswan-5.9.5/testing/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/hosts/sun/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici ++ load = sha1 sha2 md5 aes des hmac kdf pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici + } +Index: strongswan-5.9.5/testing/hosts/venus/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/hosts/venus/etc/strongswan.conf ++++ strongswan-5.9.5/testing/hosts/venus/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici ++ load = sha1 sha2 md5 aes des hmac kdf pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici + } +Index: strongswan-5.9.5/testing/scripts/recipes/012_wolfssl.mk +=================================================================== +--- strongswan-5.9.5.orig/testing/scripts/recipes/012_wolfssl.mk ++++ strongswan-5.9.5/testing/scripts/recipes/012_wolfssl.mk +@@ -2,7 +2,7 @@ + + PKG = wolfssl + SRC = https://github.com/wolfSSL/$(PKG).git +-REV = v5.1.1-stable ++REV = v5.2.0-stable + + NUM_CPUS := $(shell getconf _NPROCESSORS_ONLN) + +Index: strongswan-5.9.5/testing/tests/af-alg/alg-camellia/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/af-alg/alg-camellia/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/af-alg/alg-camellia/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce pem pkcs1 af-alg gmp x509 revocation kernel-netlink curl socket-default updown vici ++ load = random nonce kdf pem pkcs1 af-alg gmp x509 revocation kernel-netlink curl socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/af-alg/alg-camellia/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/af-alg/alg-camellia/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/af-alg/alg-camellia/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce pem pkcs1 af-alg gmp x509 revocation kernel-netlink curl socket-default updown vici ++ load = random nonce kdf pem pkcs1 af-alg gmp x509 revocation kernel-netlink curl socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/af-alg/rw-cert/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/af-alg/rw-cert/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/af-alg/rw-cert/hosts/carol/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce test-vectors pem pkcs1 af-alg gmp x509 revocation curl ctr ccm gcm kernel-netlink socket-default updown vici ++ load = random nonce kdf test-vectors pem pkcs1 af-alg gmp x509 revocation curl ctr ccm gcm kernel-netlink socket-default updown vici + integrity_test = yes + crypto_test { + on_add = yes +Index: strongswan-5.9.5/testing/tests/af-alg/rw-cert/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/af-alg/rw-cert/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/af-alg/rw-cert/hosts/dave/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp x509 revocation curl hmac xcbc ctr ccm gcm kernel-netlink socket-default updown vici ++ load = random nonce kdf test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp x509 revocation curl hmac kdf xcbc ctr ccm gcm kernel-netlink socket-default updown vici + integrity_test = yes + crypto_test { + on_add = yes +Index: strongswan-5.9.5/testing/tests/af-alg/rw-cert/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/af-alg/rw-cert/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/af-alg/rw-cert/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce test-vectors pem pkcs1 af-alg gmp x509 revocation curl ctr ccm gcm kernel-netlink socket-default updown vici ++ load = random nonce kdf test-vectors pem pkcs1 af-alg gmp x509 revocation curl ctr ccm gcm kernel-netlink socket-default updown vici + integrity_test = yes + crypto_test { + on_add = yes +Index: strongswan-5.9.5/testing/tests/botan/net2net-ed25519/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/botan/net2net-ed25519/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/botan/net2net-ed25519/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation constraints curve25519 curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 pkcs8 x509 revocation constraints curve25519 curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/botan/rw-cert/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/botan/rw-cert/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/botan/rw-cert/hosts/dave/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 aes curve25519 hmac mgf1 pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici ++ load = random nonce sha1 sha2 aes curve25519 hmac kdf mgf1 pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici + + rsa_pss = yes + } +Index: strongswan-5.9.5/testing/tests/botan/rw-modp3072/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/botan/rw-modp3072/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/botan/rw-modp3072/hosts/dave/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 aes hmac mgf1 pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici ++ load = random nonce sha1 sha2 aes hmac kdf mgf1 pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici + + rsa_pss = yes + } +Index: strongswan-5.9.5/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/strongswan.conf +@@ -5,6 +5,6 @@ swanctl { + } + + charon-systemd { +- load = nonce pem pkcs1 gcrypt hmac x509 revocation curl vici kernel-netlink socket-default ++ load = nonce pem pkcs1 gcrypt hmac kdf x509 revocation curl vici kernel-netlink socket-default + send_vendor_id = yes + } +Index: strongswan-5.9.5/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/strongswan.conf +@@ -5,6 +5,6 @@ swanctl { + } + + charon-systemd { +- load = nonce pem pkcs1 gcrypt hmac x509 revocation vici kernel-netlink socket-default ++ load = nonce pem pkcs1 gcrypt hmac kdf x509 revocation vici kernel-netlink socket-default + send_vendor_id = yes + } +Index: strongswan-5.9.5/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/strongswan.conf +@@ -5,6 +5,6 @@ swanctl { + } + + charon-systemd { +- load = nonce pem pkcs1 gcrypt hmac x509 revocation curl vici kernel-netlink socket-default ++ load = nonce pem pkcs1 gcrypt hmac kdf x509 revocation curl vici kernel-netlink socket-default + send_vendor_id = yes + } +Index: strongswan-5.9.5/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/strongswan.conf +@@ -5,6 +5,6 @@ swanctl { + } + + charon-systemd { +- load = nonce pem pkcs1 gcrypt hmac x509 revocation vici kernel-netlink socket-default ++ load = nonce pem pkcs1 gcrypt hmac kdf x509 revocation vici kernel-netlink socket-default + send_vendor_id = yes + } +Index: strongswan-5.9.5/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce pem pkcs1 gcrypt hmac x509 revocation kernel-netlink curl socket-default updown vici ++ load = random nonce pem pkcs1 gcrypt hmac kdf x509 revocation kernel-netlink curl socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce pem pkcs1 gcrypt hmac x509 revocation kernel-netlink curl socket-default updown vici ++ load = random nonce pem pkcs1 gcrypt hmac kdf x509 revocation kernel-netlink curl socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = curl test-vectors pem pkcs1 gcrypt nonce x509 revocation hmac xcbc ctr ccm gcm vici kernel-netlink socket-default updown ++ load = curl test-vectors pem pkcs1 gcrypt nonce x509 revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown + integrity_test = yes + crypto_test { + on_add = yes +Index: strongswan-5.9.5/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr ccm vici stroke kernel-netlink socket-default updown ++ load = test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac kdf xcbc ctr ccm vici stroke kernel-netlink socket-default updown + integrity_test = yes + crypto_test { + required = yes +Index: strongswan-5.9.5/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = curl test-vectors pem pkcs1 gcrypt nonce x509 revocation hmac xcbc ctr ccm gcm vici kernel-netlink socket-default updown ++ load = curl test-vectors pem pkcs1 gcrypt nonce x509 revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown + integrity_test = yes + crypto_test { + on_add = yes +Index: strongswan-5.9.5/testing/tests/ha/active-passive/hosts/alice/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ha/active-passive/hosts/alice/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ha/active-passive/hosts/alice/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ha ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default ha + + plugins { + ha { +Index: strongswan-5.9.5/testing/tests/ha/active-passive/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ha/active-passive/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ha/active-passive/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ha/active-passive/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ha/active-passive/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ha/active-passive/hosts/dave/etc/strongswan.conf +@@ -1,6 +1,6 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } + +Index: strongswan-5.9.5/testing/tests/ha/active-passive/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ha/active-passive/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ha/active-passive/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ha ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default ha + + plugins { + ha { +Index: strongswan-5.9.5/testing/tests/ha/both-active/hosts/alice/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ha/both-active/hosts/alice/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ha/both-active/hosts/alice/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ha ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default ha + + plugins { + ha { +Index: strongswan-5.9.5/testing/tests/ha/both-active/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ha/both-active/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ha/both-active/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ha/both-active/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ha/both-active/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ha/both-active/hosts/dave/etc/strongswan.conf +@@ -1,6 +1,6 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } + +Index: strongswan-5.9.5/testing/tests/ha/both-active/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ha/both-active/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ha/both-active/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ha ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default ha + + plugins { + ha { +Index: strongswan-5.9.5/testing/tests/ike/rw-cert/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ike/rw-cert/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ike/rw-cert/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ike/rw_v1-net_v2/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ike/rw_v1-net_v2/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ike/rw_v1-net_v2/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp hmac x509 curl revocation stroke kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp hmac kdf x509 curl revocation stroke kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp hmac x509 curl revocation stroke kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp hmac kdf x509 curl revocation stroke kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp hmac x509 curl revocation stroke kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp hmac kdf x509 curl revocation stroke kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-3des-md5/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-3des-md5/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-3des-md5/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce des md5 sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce des md5 sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-3des-md5/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-3des-md5/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-3des-md5/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce des md5 sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce des md5 sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-blowfish/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-blowfish/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-blowfish/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce blowfish sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce blowfish sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-blowfish/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-blowfish/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-blowfish/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce blowfish sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce blowfish sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-blowfish/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-blowfish/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-blowfish/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce blowfish sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce blowfish sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-modp-subgroup/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-modp-subgroup/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-modp-subgroup/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-modp-subgroup/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-modp-subgroup/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-modp-subgroup/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-modp-subgroup/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-modp-subgroup/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-modp-subgroup/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-sha256/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-sha256/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-sha256/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-sha256/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-sha256/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-sha256/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-sha384/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-sha384/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-sha384/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-sha384/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-sha384/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-sha384/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-sha512/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-sha512/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-sha512/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-sha512/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-sha512/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-sha512/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-xcbc/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/esp-alg-aes-xcbc/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-xcbc/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-xcbc/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/esp-alg-aes-xcbc/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-xcbc/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-null/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/esp-alg-null/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-null/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-null/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/esp-alg-null/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-null/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/config-payload-push/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/config-payload-push/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/config-payload-push/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/config-payload-push/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/config-payload-push/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/config-payload-push/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/config-payload-push/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/config-payload-push/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/config-payload-push/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown attr ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown attr + + dns1 = PH_IP_WINNETOU + dns2 = PH_IP_VENUS +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/config-payload/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/config-payload/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/config-payload/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/config-payload/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/config-payload/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/config-payload/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/config-payload/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/config-payload/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/config-payload/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown attr ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown attr + + dns1 = PH_IP_WINNETOU + dns2 = PH_IP_VENUS +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/host2host-cert/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/host2host-cert/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/host2host-cert/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/host2host-cert/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/host2host-cert/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/host2host-cert/hosts/sun/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/host2host-transport/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/host2host-transport/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/host2host-transport/hosts/moon/etc/strongswan.conf +@@ -1,6 +1,6 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + multiple_authentication = no + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/host2host-transport/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/host2host-transport/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/host2host-transport/hosts/sun/etc/strongswan.conf +@@ -1,6 +1,6 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + multiple_authentication = no + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/ip-pool-db/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/ip-pool-db/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/ip-pool-db/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/ip-pool-db/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/ip-pool-db/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/ip-pool-db/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/ip-pool-db/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/ip-pool-db/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/ip-pool-db/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default sqlite attr-sql updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default sqlite attr-sql updown + + plugins { + attr-sql { +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/ip-pool/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/ip-pool/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/ip-pool/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/ip-pool/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/ip-pool/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/ip-pool/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/ip-pool/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/ip-pool/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/ip-pool/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/nat-rw/hosts/alice/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/nat-rw/hosts/alice/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/nat-rw/hosts/alice/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + + keep_alive = 5 + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/nat-rw/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/nat-rw/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/nat-rw/hosts/sun/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/nat-rw/hosts/venus/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/nat-rw/hosts/venus/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/nat-rw/hosts/venus/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + + keep_alive = 5 + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/net2net-cert/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/net2net-cert/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/net2net-cert/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/net2net-cert/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/net2net-cert/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/net2net-cert/hosts/sun/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/net2net-psk/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/net2net-psk/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/net2net-psk/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/net2net-psk/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/net2net-psk/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/net2net-psk/hosts/sun/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/protoport-dual/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/protoport-dual/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/protoport-dual/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/protoport-dual/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/protoport-dual/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/protoport-dual/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/rw-cert/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/rw-cert/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/rw-cert/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown ++ load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/rw-cert/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/rw-cert/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/rw-cert/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown ++ load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/rw-cert/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/rw-cert/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/rw-cert/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random drbg nonce test-vectors aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown ++ load = random drbg nonce test-vectors aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm stroke kernel-netlink socket-default updown + + integrity_test = yes + +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/rw-psk-fqdn/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/rw-psk-fqdn/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/rw-psk-fqdn/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/rw-psk-fqdn/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/rw-psk-fqdn/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/rw-psk-fqdn/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/rw-psk-fqdn/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/rw-psk-fqdn/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/rw-psk-fqdn/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/rw-psk-ipv4/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/rw-psk-ipv4/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/rw-psk-ipv4/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/rw-psk-ipv4/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/rw-psk-ipv4/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/rw-psk-ipv4/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/rw-psk-ipv4/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/rw-psk-ipv4/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/rw-psk-ipv4/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/virtual-ip/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/virtual-ip/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/virtual-ip/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/virtual-ip/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/virtual-ip/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/virtual-ip/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/virtual-ip/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/virtual-ip/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/virtual-ip/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-psk-config/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-id-psk-config/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-psk-config/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 hmac curve25519 xauth-generic resolve kernel-netlink socket-default stroke updown ++ load = random nonce aes sha1 sha2 hmac kdf curve25519 xauth-generic resolve kernel-netlink socket-default stroke updown + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-psk-config/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-id-psk-config/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-psk-config/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 hmac curve25519 xauth-generic resolve kernel-netlink socket-default stroke updown ++ load = random nonce aes sha1 sha2 hmac kdf curve25519 xauth-generic resolve kernel-netlink socket-default stroke updown + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-psk-config/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-id-psk-config/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-psk-config/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 hmac curve25519 xauth-generic attr kernel-netlink socket-default stroke updown ++ load = random nonce aes sha1 sha2 hmac kdf curve25519 xauth-generic attr kernel-netlink socket-default stroke updown + + dns1 = 192.168.0.150 + dns2 = 10.1.0.20 +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-rsa-config/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-id-rsa-config/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-rsa-config/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke ++ load = random nonce aes sha1 sha2 md5 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-rsa-config/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-id-rsa-config/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-rsa-config/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-rsa-config/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-id-rsa-config/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-rsa-config/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-rsa-hybrid/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-id-rsa-hybrid/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-rsa-hybrid/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke ++ load = random nonce aes sha1 sha2 md5 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-rsa-hybrid/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-id-rsa-hybrid/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-rsa-hybrid/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-rsa-hybrid/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-id-rsa-hybrid/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-rsa-hybrid/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-psk/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-psk/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-psk/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 hmac curve25519 xauth-generic kernel-netlink socket-default updown stroke ++ load = random nonce aes sha1 sha2 hmac kdf curve25519 xauth-generic kernel-netlink socket-default updown stroke + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-psk/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-psk/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-psk/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 hmac curve25519 xauth-generic kernel-netlink socket-default updown stroke ++ load = random nonce aes sha1 sha2 hmac kdf curve25519 xauth-generic kernel-netlink socket-default updown stroke + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-psk/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-psk/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-psk/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 hmac curve25519 xauth-generic kernel-netlink socket-default updown stroke ++ load = random nonce aes sha1 sha2 hmac kdf curve25519 xauth-generic kernel-netlink socket-default updown stroke + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-rsa/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-rsa/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-rsa/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke ++ load = random nonce aes sha1 sha2 md5 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-rsa/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-rsa/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-rsa/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke + } +Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-rsa/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-rsa/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-rsa/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke + } +Index: strongswan-5.9.5/testing/tests/ikev1/compress/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/compress/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/compress/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev1/compress/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/compress/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/compress/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev1/config-payload-push/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/config-payload-push/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/config-payload-push/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/config-payload-push/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/config-payload-push/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/config-payload-push/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/config-payload-push/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/config-payload-push/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/config-payload-push/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/config-payload/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/config-payload/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/config-payload/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/config-payload/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/config-payload/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/config-payload/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/config-payload/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/config-payload/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/config-payload/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/double-nat-net/hosts/alice/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/double-nat-net/hosts/alice/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/double-nat-net/hosts/alice/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev1/double-nat-net/hosts/bob/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/double-nat-net/hosts/bob/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/double-nat-net/hosts/bob/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev1/double-nat/hosts/alice/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/double-nat/hosts/alice/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/double-nat/hosts/alice/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev1/double-nat/hosts/bob/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/double-nat/hosts/bob/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/double-nat/hosts/bob/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev1/dpd-clear/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/dpd-clear/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/dpd-clear/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev1/dpd-clear/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/dpd-clear/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/dpd-clear/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev1/dpd-restart/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/dpd-restart/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/dpd-restart/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev1/dpd-restart/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/dpd-restart/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/dpd-restart/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/host2host-ah/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/host2host-ah/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/host2host-ah/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/host2host-ah/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/host2host-ah/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/host2host-ah/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/host2host-cert/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/host2host-cert/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/host2host-cert/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/host2host-cert/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/host2host-cert/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/host2host-cert/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/host2host-transport/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/host2host-transport/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/host2host-transport/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/host2host-transport/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/host2host-transport/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/host2host-transport/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown sqlite attr-sql vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown sqlite attr-sql vici + + plugins { + attr-sql { +Index: strongswan-5.9.5/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/nat-rw/hosts/alice/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/nat-rw/hosts/alice/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/nat-rw/hosts/alice/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + + keep_alive = 5 + } +Index: strongswan-5.9.5/testing/tests/ikev1/nat-rw/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/nat-rw/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/nat-rw/hosts/sun/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev1/nat-rw/hosts/venus/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/nat-rw/hosts/venus/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/nat-rw/hosts/venus/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + + keep_alive = 5 + } +Index: strongswan-5.9.5/testing/tests/ikev1/nat-virtual-ip/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/nat-virtual-ip/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/nat-virtual-ip/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/nat-virtual-ip/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/nat-virtual-ip/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/nat-virtual-ip/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/net2net-cert/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/net2net-cert/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/net2net-cert/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/net2net-cert/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/net2net-cert/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/net2net-cert/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/protoport-dual/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/protoport-dual/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/protoport-dual/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev1/protoport-dual/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/protoport-dual/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/protoport-dual/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/rw-cert-aggressive/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-cert-aggressive/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/rw-cert-aggressive/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/rw-cert-unity/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-cert-unity/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/rw-cert-unity/hosts/carol/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default unity ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default unity + + cisco_unity = yes + } +Index: strongswan-5.9.5/testing/tests/ikev1/rw-cert-unity/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-cert-unity/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/rw-cert-unity/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default attr unity ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default attr unity + + cisco_unity = yes + plugins { +Index: strongswan-5.9.5/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac xcbc ctr ccm gcm vici kernel-netlink socket-default updown ++ load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev1/rw-cert/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-cert/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/rw-cert/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac xcbc ctr ccm gcm vici kernel-netlink socket-default updown ++ load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random drbg nonce test-vectors aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac xcbc ctr ccm gcm vici kernel-netlink socket-default updown ++ load = random drbg nonce test-vectors aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown + + integrity_test = yes + +Index: strongswan-5.9.5/testing/tests/ikev1/rw-initiator-only/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-initiator-only/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/rw-initiator-only/hosts/carol/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + + initiator_only = yes + } +Index: strongswan-5.9.5/testing/tests/ikev1/rw-initiator-only/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-initiator-only/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/rw-initiator-only/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/rw-initiator-only/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-initiator-only/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/rw-initiator-only/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/rw-multi-ciphers/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-multi-ciphers/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/rw-multi-ciphers/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pkcs1 pem x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pkcs1 pem x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/rw-multi-ciphers/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-multi-ciphers/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/rw-multi-ciphers/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce des sha1 sha2 hmac pkcs1 pem x509 revocation gmp curl kernel-netlink socket-default updown vici ++ load = random nonce des sha1 sha2 hmac kdf pkcs1 pem x509 revocation gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/rw-multi-ciphers/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-multi-ciphers/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/rw-multi-ciphers/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes des sha1 sha2 hmac pkcs1 pem x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes des sha1 sha2 hmac kdf pkcs1 pem x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/rw-psk-aggressive/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-psk-aggressive/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/rw-psk-aggressive/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/rw-psk-aggressive/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-psk-aggressive/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/rw-psk-aggressive/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/rw-psk-aggressive/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-psk-aggressive/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/rw-psk-aggressive/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici + + i_dont_care_about_security_and_use_aggressive_mode_psk = yes + } +Index: strongswan-5.9.5/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/rw-psk-fqdn/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-psk-fqdn/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/rw-psk-fqdn/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/rw-psk-ip-ranges/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-psk-ip-ranges/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/rw-psk-ip-ranges/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/rw-psk-ip-ranges/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-psk-ip-ranges/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/rw-psk-ip-ranges/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac gmp kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf gmp kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/rw-psk-ip-ranges/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-psk-ip-ranges/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/rw-psk-ip-ranges/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac curve25519 gmp kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf curve25519 gmp kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/rw-psk-ipv4/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-psk-ipv4/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/rw-psk-ipv4/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 hmac curve25519 kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 md5 hmac kdf curve25519 kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/xauth-id-psk-config/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-id-psk-config/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/xauth-id-psk-config/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/xauth-id-psk-config/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-id-psk-config/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/xauth-id-psk-config/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/xauth-id-psk-config/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-id-psk-config/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/xauth-id-psk-config/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes md5 sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl eap-md5 eap-radius xauth-eap kernel-netlink socket-default updown vici ++ load = random nonce aes md5 sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl eap-md5 eap-radius xauth-eap kernel-netlink socket-default updown vici + + plugins { + eap-radius { +Index: strongswan-5.9.5/testing/tests/ikev1/xauth-rsa-radius/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-rsa-radius/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/xauth-rsa-radius/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/xauth-rsa-radius/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-rsa-radius/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/xauth-rsa-radius/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes md5 sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl eap-radius kernel-netlink socket-default updown vici ++ load = random nonce aes md5 sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl eap-radius kernel-netlink socket-default updown vici + + plugins { + eap-radius { +Index: strongswan-5.9.5/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-3des-md5/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-3des-md5/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-3des-md5/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce des md5 sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce des md5 sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-3des-md5/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-3des-md5/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-3des-md5/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce des md5 sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce des md5 sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-ccm/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-aes-ccm/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-ccm/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc ccm gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc ccm gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-ccm/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-aes-ccm/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-ccm/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc ccm gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc ccm gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-ctr/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-aes-ctr/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-ctr/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc ctr gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc ctr gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-ctr/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-aes-ctr/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-ctr/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc ctr gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc ctr gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-gcm/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-aes-gcm/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-gcm/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc gcm gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc gcm gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-gcm/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-aes-gcm/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-gcm/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc gcm gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc gcm gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-xcbc/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-aes-xcbc/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-xcbc/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-xcbc/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-aes-xcbc/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-xcbc/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-blowfish/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-blowfish/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-blowfish/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce blowfish sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce blowfish sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-blowfish/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-blowfish/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-blowfish/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce blowfish sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce blowfish sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-blowfish/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-blowfish/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-blowfish/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce blowfish sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce blowfish sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-chacha20poly1305/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-chacha20poly1305/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-chacha20poly1305/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce sha1 sha2 pem pkcs1 curve25519 chapoly gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce sha1 sha2 pem pkcs1 curve25519 chapoly gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-chacha20poly1305/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-chacha20poly1305/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-chacha20poly1305/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce sha1 sha2 pem pkcs1 curve25519 chapoly gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce sha1 sha2 pem pkcs1 curve25519 chapoly gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-modp-subgroup/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-modp-subgroup/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-modp-subgroup/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-modp-subgroup/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-modp-subgroup/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-modp-subgroup/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-modp-subgroup/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-modp-subgroup/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-modp-subgroup/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-sha256/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-sha256/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-sha256/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-sha256/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-sha256/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-sha256/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-sha384/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-sha384/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-sha384/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-sha384/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-sha384/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-sha384/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-sha512/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-sha512/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-sha512/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-sha512/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-sha512/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-sha512/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gcm gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gcm gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gcm gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gcm gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-md5-128/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/esp-alg-md5-128/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-md5-128/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce des md5 sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce des md5 sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-md5-128/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/esp-alg-md5-128/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-md5-128/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce des md5 sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce des md5 sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-null/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/esp-alg-null/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-null/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-null/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/esp-alg-null/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-null/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-sha1-160/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/esp-alg-sha1-160/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-sha1-160/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-sha1-160/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/esp-alg-sha1-160/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-sha1-160/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-sha256-96/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/esp-alg-sha256-96/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-sha256-96/hosts/carol/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + + send_vendor_id = yes + } +Index: strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-sha256-96/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/esp-alg-sha256-96/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-sha256-96/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + + send_vendor_id = yes + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/config-payload-swapped/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/config-payload-swapped/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/config-payload-swapped/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/config-payload-swapped/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/config-payload-swapped/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/config-payload-swapped/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/config-payload-swapped/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/config-payload-swapped/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/config-payload-swapped/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/config-payload/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/config-payload/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/config-payload/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/config-payload/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/config-payload/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/config-payload/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/config-payload/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/config-payload/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/config-payload/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown attr ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown attr + + dns1 = PH_IP_WINNETOU + dns2 = PH_IP_VENUS +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/host2host-cert/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/host2host-cert/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/host2host-cert/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/host2host-cert/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/host2host-cert/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/host2host-cert/hosts/sun/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/host2host-swapped/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/host2host-swapped/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/host2host-swapped/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/host2host-swapped/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/host2host-swapped/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/host2host-swapped/hosts/sun/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/host2host-transport/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/host2host-transport/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/host2host-transport/hosts/moon/etc/strongswan.conf +@@ -1,6 +1,6 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + multiple_authentication = no + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/host2host-transport/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/host2host-transport/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/host2host-transport/hosts/sun/etc/strongswan.conf +@@ -1,6 +1,6 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + multiple_authentication = no + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool-db/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-pool-db/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool-db/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool-db/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-pool-db/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool-db/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool-db/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-pool-db/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool-db/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default sqlite attr-sql updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default sqlite attr-sql updown + + plugins { + attr-sql { +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool-wish/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-pool-wish/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool-wish/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool-wish/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-pool-wish/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool-wish/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool-wish/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-pool-wish/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool-wish/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-pool/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-pool/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-pool/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/alice/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/alice/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/alice/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve ++ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke sqlite attr-sql kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke sqlite attr-sql kernel-netlink socket-default updown + + plugins { + attr-sql { +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/venus/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/venus/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/venus/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools/hosts/alice/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-two-pools/hosts/alice/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools/hosts/alice/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-two-pools/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-two-pools/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/nat-rw-psk/hosts/alice/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/nat-rw-psk/hosts/alice/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/nat-rw-psk/hosts/alice/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/nat-rw-psk/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/nat-rw-psk/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/nat-rw-psk/hosts/sun/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/nat-rw-psk/hosts/venus/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/nat-rw-psk/hosts/venus/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/nat-rw-psk/hosts/venus/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/nat-rw/hosts/alice/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/nat-rw/hosts/alice/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/nat-rw/hosts/alice/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + + keep_alive = 5 + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/nat-rw/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/nat-rw/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/nat-rw/hosts/sun/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/nat-rw/hosts/venus/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/nat-rw/hosts/venus/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/nat-rw/hosts/venus/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + + keep_alive = 5 + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-cert/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-cert/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-cert/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + multiple_authentication = no + signature_authentication = no + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-cert/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-cert/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-cert/hosts/sun/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + multiple_authentication = no + signature_authentication = no + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-pgp-v3/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-pgp-v3/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-pgp-v3/hosts/moon/etc/strongswan.conf +@@ -1,6 +1,6 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes md5 sha1 sha2 hmac pem pkcs1 pgp curve25519 gmp stroke kernel-netlink socket-default updown ++ load = random nonce aes md5 sha1 sha2 hmac kdf pem pkcs1 pgp curve25519 gmp stroke kernel-netlink socket-default updown + } + +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-pgp-v3/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-pgp-v3/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-pgp-v3/hosts/sun/etc/strongswan.conf +@@ -1,6 +1,6 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes md5 sha1 sha2 hmac pem pkcs1 pgp curve25519 gmp stroke kernel-netlink socket-default updown ++ load = random nonce aes md5 sha1 sha2 hmac kdf pem pkcs1 pgp curve25519 gmp stroke kernel-netlink socket-default updown + } + +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-pgp-v4/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-pgp-v4/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-pgp-v4/hosts/moon/etc/strongswan.conf +@@ -1,6 +1,6 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 pgp curve25519 gmp stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 pgp curve25519 gmp stroke kernel-netlink socket-default updown + } + +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-pgp-v4/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-pgp-v4/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-pgp-v4/hosts/sun/etc/strongswan.conf +@@ -1,6 +1,6 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 pgp curve25519 gmp stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 pgp curve25519 gmp stroke kernel-netlink socket-default updown + } + +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-psk/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-psk/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-psk/hosts/moon/etc/strongswan.conf +@@ -1,6 +1,6 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown + multiple_authentication = no + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-psk/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-psk/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-psk/hosts/sun/etc/strongswan.conf +@@ -1,6 +1,6 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown + multiple_authentication = no + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-route/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-route/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-route/hosts/moon/etc/strongswan.conf +@@ -1,6 +1,6 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + multiple_authentication = no + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-route/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-route/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-route/hosts/sun/etc/strongswan.conf +@@ -1,6 +1,6 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + multiple_authentication = no + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-rsa/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-rsa/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-rsa/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 hmac curve25519 gmp dnskey pem pkcs1 pubkey curl kernel-netlink socket-default stroke updown ++ load = random nonce aes sha1 sha2 hmac kdf curve25519 gmp dnskey pem pkcs1 pubkey curl kernel-netlink socket-default stroke updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-rsa/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-rsa/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-rsa/hosts/sun/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 hmac curve25519 gmp dnskey pem pkcs1 pubkey curl kernel-netlink socket-default stroke updown ++ load = random nonce aes sha1 sha2 hmac kdf curve25519 gmp dnskey pem pkcs1 pubkey curl kernel-netlink socket-default stroke updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-start/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-start/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-start/hosts/moon/etc/strongswan.conf +@@ -1,6 +1,6 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + multiple_authentication = no + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-start/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-start/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-start/hosts/sun/etc/strongswan.conf +@@ -1,6 +1,6 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + multiple_authentication = no + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/protoport-dual/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/protoport-dual/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/protoport-dual/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/protoport-dual/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/protoport-dual/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/protoport-dual/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-cert/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-cert/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-cert/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random drbg nonce aes des sha1 sha2 sha3 md5 chapoly mgf1 curve25519 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown ++ load = random drbg nonce aes des sha1 sha2 sha3 md5 chapoly mgf1 curve25519 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac kdf xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-cert/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-cert/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-cert/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random drbg nonce aes des sha1 sha2 sha3 md5 chapoly mgf1 curve25519 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown ++ load = random drbg nonce aes des sha1 sha2 sha3 md5 chapoly mgf1 curve25519 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac kdf xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-cert/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-cert/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-cert/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random drbg nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 curve25519 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown ++ load = random drbg nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 curve25519 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac kdf xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown + + integrity_test = yes + crypto_test { +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown + + integrity_test = yes + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown + + integrity_test = yes + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-id-prompt/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-md5-id-prompt/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-id-prompt/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 eap-identity updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-md5 eap-identity updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-id-prompt/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-md5-id-prompt/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-id-prompt/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 eap-identity updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-md5 eap-identity updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 eap-identity updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-md5 eap-identity updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius eap-identity updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-radius eap-identity updown + + plugins { + eap-radius { +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-md5 updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-radius updown + + plugins { + eap-radius { +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-md5 updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-md5 updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes des sha1 sha2 md4 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown ++ load = random nonce aes des sha1 sha2 md4 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes des sha1 sha2 md4 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown ++ load = random nonce aes des sha1 sha2 md4 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf +@@ -1,6 +1,6 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown + multiple_authentication=no + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf +@@ -1,6 +1,6 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown + multiple_authentication=no + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown + multiple_authentication=no + + plugins { +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-mschapv2/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-peap-mschapv2/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-mschapv2/hosts/carol/etc/strongswan.conf +@@ -1,6 +1,6 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes des sha1 sha2 md4 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown ++ load = random nonce aes des sha1 sha2 md4 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown + multiple_authentication=no + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-mschapv2/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-peap-mschapv2/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-mschapv2/hosts/dave/etc/strongswan.conf +@@ -1,6 +1,6 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes des sha1 sha2 md4 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown ++ load = random nonce aes des sha1 sha2 md4 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown + multiple_authentication=no + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-mschapv2/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-peap-mschapv2/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-mschapv2/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes des sha1 sha2 md4 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown ++ load = random nonce aes des sha1 sha2 md4 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown + multiple_authentication=no + plugins { + eap-peap { +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf +@@ -1,6 +1,6 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown + multiple_authentication=no + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf +@@ -1,6 +1,6 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown + multiple_authentication=no + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-radius updown + multiple_authentication=no + + plugins { +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius eap-identity updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-radius eap-identity updown + + plugins { + eap-radius { +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown ++ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown ++ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 curve25519 hmac stroke kernel-netlink socket-default eap-radius updown ++ load = random nonce aes sha1 sha2 md5 curve25519 hmac kdf stroke kernel-netlink socket-default eap-radius updown + + plugins { + eap-radius { +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-radius updown + + plugins { + eap-radius { +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown + + integrity_test = yes + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown + + integrity_test = yes + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-tls-only/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-tls-only/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-tls-only/hosts/carol/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac gcm stroke kernel-netlink socket-default eap-tls updown ++ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac kdf gcm stroke kernel-netlink socket-default eap-tls updown + + multiple_authentication=no + syslog { +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-tls-only/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-tls-only/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-tls-only/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac gcm stroke kernel-netlink socket-default eap-tls updown ++ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac kdf gcm stroke kernel-netlink socket-default eap-tls updown + + multiple_authentication=no + syslog { +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-tls updown ++ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-tls updown + multiple_authentication=no + syslog { + daemon { +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown ++ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-radius updown + multiple_authentication=no + + plugins { +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown + multiple_authentication=no + syslog { + daemon { +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown + multiple_authentication=no + syslog { + daemon { +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown + multiple_authentication=no + + syslog { +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown ++ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown + multiple_authentication=no + syslog { + daemon { +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown ++ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown + multiple_authentication=no + syslog { + daemon { +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-radius updown + multiple_authentication=no + + plugins { +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-psk-fqdn/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-psk-fqdn/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-psk-fqdn/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-psk-fqdn/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-psk-fqdn/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-psk-fqdn/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-psk-fqdn/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-psk-fqdn/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-psk-fqdn/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-psk-ipv4/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-psk-ipv4/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-psk-ipv4/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-psk-ipv4/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-psk-ipv4/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-psk-ipv4/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-psk-ipv4/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-psk-ipv4/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-psk-ipv4/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/virtual-ip-override/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/virtual-ip-override/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/virtual-ip-override/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/virtual-ip-override/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/virtual-ip-override/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/virtual-ip-override/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/virtual-ip-override/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/virtual-ip-override/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/virtual-ip-override/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/virtual-ip/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/virtual-ip/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/virtual-ip/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/virtual-ip/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/virtual-ip/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/virtual-ip/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2-stroke/virtual-ip/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/virtual-ip/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2-stroke/virtual-ip/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/acert-cached/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/acert-cached/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/acert-cached/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/acert-cached/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/acert-cached/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/acert-cached/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/acert-cached/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/acert-cached/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/acert-cached/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 acert revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 acert revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/acert-fallback/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/acert-fallback/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/acert-fallback/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 gmp curve25519 x509 curl revocation hmac kernel-netlink socket-default vici ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp curve25519 x509 curl revocation hmac kdf kernel-netlink socket-default vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/acert-fallback/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/acert-fallback/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/acert-fallback/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 gmp curve25519 x509 acert curl revocation hmac kernel-netlink socket-default vici ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp curve25519 x509 acert curl revocation hmac kdf kernel-netlink socket-default vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/acert-inline/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/acert-inline/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/acert-inline/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/acert-inline/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/acert-inline/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/acert-inline/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/acert-inline/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/acert-inline/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/acert-inline/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 acert revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 acert revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/compress-nat/hosts/alice/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/compress-nat/hosts/alice/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/compress-nat/hosts/alice/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/compress-nat/hosts/bob/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/compress-nat/hosts/bob/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/compress-nat/hosts/bob/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/compress-nat/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/compress-nat/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/compress-nat/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/critical-extension/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/critical-extension/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/critical-extension/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + + multiple_authentication = no + +Index: strongswan-5.9.5/testing/tests/ikev2/critical-extension/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/critical-extension/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/critical-extension/hosts/sun/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + + multiple_authentication = no + } +\ No newline at end of file +Index: strongswan-5.9.5/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf kernel-netlink socket-default vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf kernel-netlink socket-default vici + + cache_crls = yes + } +Index: strongswan-5.9.5/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 ldap revocation hmac kernel-netlink socket-default vici ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 ldap revocation hmac kdf kernel-netlink socket-default vici + + cache_crls = yes + } +Index: strongswan-5.9.5/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 ldap revocation hmac kernel-netlink socket-default vici ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 ldap revocation hmac kdf kernel-netlink socket-default vici + + cache_crls = yes + } +Index: strongswan-5.9.5/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf kernel-netlink socket-default vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf kernel-netlink socket-default vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf kernel-netlink socket-default vici + + cache_crls = yes + } +Index: strongswan-5.9.5/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf kernel-netlink socket-default vici + + cache_crls = yes + } +Index: strongswan-5.9.5/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici ++ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici ++ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown attr farp dhcp ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown attr farp dhcp + + plugins { + dhcp { +Index: strongswan-5.9.5/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici ++ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici ++ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown attr farp dhcp ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown attr farp dhcp + + plugins { + dhcp { +Index: strongswan-5.9.5/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici ++ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici ++ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown attr farp dhcp ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown attr farp dhcp + + plugins { + dhcp { +Index: strongswan-5.9.5/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2/dpd-trap/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/dpd-trap/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/dpd-trap/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2/dpd-trap/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/dpd-trap/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/dpd-trap/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2/dynamic-initiator/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/dynamic-initiator/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/dynamic-initiator/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/dynamic-initiator/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/dynamic-initiator/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/dynamic-initiator/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici resolve ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici resolve + } +Index: strongswan-5.9.5/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici resolve ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici resolve + } +Index: strongswan-5.9.5/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici attr farp ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici attr farp + dns1 = PH_IP_WINNETOU + dns2 = PH_IP_VENUS + } +Index: strongswan-5.9.5/testing/tests/ikev2/force-udp-encap/hosts/alice/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/force-udp-encap/hosts/alice/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/force-udp-encap/hosts/alice/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/force-udp-encap/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/force-udp-encap/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/force-udp-encap/hosts/sun/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/forecast/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/forecast/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/forecast/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown resolve ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown resolve + } +Index: strongswan-5.9.5/testing/tests/ikev2/forecast/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/forecast/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/forecast/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown resolve ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown resolve + } +Index: strongswan-5.9.5/testing/tests/ikev2/forecast/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/forecast/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/forecast/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown attr forecast ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown attr forecast + + syslog { + daemon { +Index: strongswan-5.9.5/testing/tests/ikev2/host2host-ah/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/host2host-ah/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/host2host-ah/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation xcbc gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation xcbc gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/host2host-ah/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/host2host-ah/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/host2host-ah/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation xcbc gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation xcbc gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/host2host-transport-connmark/hosts/alice/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/host2host-transport-connmark/hosts/alice/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/host2host-transport-connmark/hosts/alice/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/host2host-transport-connmark/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/host2host-transport-connmark/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/host2host-transport-connmark/hosts/sun/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default connmark ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default connmark + } +Index: strongswan-5.9.5/testing/tests/ikev2/host2host-transport-connmark/hosts/venus/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/host2host-transport-connmark/hosts/venus/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/host2host-transport-connmark/hosts/venus/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/host2host-transport-nat/hosts/alice/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/host2host-transport-nat/hosts/alice/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/host2host-transport-nat/hosts/alice/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/host2host-transport-nat/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/host2host-transport-nat/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/host2host-transport-nat/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/host2host-transport-nat/hosts/venus/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/host2host-transport-nat/hosts/venus/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/host2host-transport-nat/hosts/venus/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown sqlite attr-sql vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown sqlite attr-sql vici + + plugins { + attr-sql { +Index: strongswan-5.9.5/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default sqlite attr-sql vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default sqlite attr-sql vici + + plugins { + attr-sql { +Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici resolve ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici resolve + } +Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici resolve ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici resolve + } +Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici resolve ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici resolve + } +Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl sqlite attr-sql kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl sqlite attr-sql kernel-netlink socket-default updown vici + + plugins { + attr-sql { +Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici resolve ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici resolve + } +Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl sqlite attr-sql kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl sqlite attr-sql kernel-netlink socket-default updown vici + + plugins { + attr-sql { +Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default vici sqlite attr-sql ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default vici sqlite attr-sql + + plugins { + attr-sql { +Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-v4v6/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools-v4v6/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-v4v6/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-v4v6/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools-v4v6/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-v4v6/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/lookip/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/lookip/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/lookip/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/lookip/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/lookip/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/lookip/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/lookip/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/lookip/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/lookip/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl vici kernel-netlink socket-default updown lookip ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl vici kernel-netlink socket-default updown lookip + } +Index: strongswan-5.9.5/testing/tests/ikev2/mobike-nat-mappings/hosts/alice/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/mobike-nat-mappings/hosts/alice/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/mobike-nat-mappings/hosts/alice/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici ++ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/mobike-nat-mappings/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/mobike-nat-mappings/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/mobike-nat-mappings/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici ++ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/mobike-virtual-ip-nat/hosts/alice/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/mobike-virtual-ip-nat/hosts/alice/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/mobike-virtual-ip-nat/hosts/alice/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici ++ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici + prefer_best_path = yes + + syslog { +Index: strongswan-5.9.5/testing/tests/ikev2/mobike-virtual-ip-nat/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/mobike-virtual-ip-nat/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/mobike-virtual-ip-nat/hosts/sun/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici ++ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici + + syslog { + daemon { +Index: strongswan-5.9.5/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici ++ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici ++ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici ++ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici ++ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc vici kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf xcbc vici kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc vici kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf xcbc vici kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc vici kernel-netlink socket-default fips-prf eap-radius eap-identity updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf xcbc vici kernel-netlink socket-default fips-prf eap-radius eap-identity updown + + plugins { + eap-radius { +Index: strongswan-5.9.5/testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + syslog { + daemon { + knl = 2 +Index: strongswan-5.9.5/testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + + keep_alive = 5 + } +Index: strongswan-5.9.5/testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + + keep_alive = 5 + } +Index: strongswan-5.9.5/testing/tests/ikev2/nat-rw/hosts/alice/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/nat-rw/hosts/alice/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/nat-rw/hosts/alice/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + + keep_alive = 5 + } +Index: strongswan-5.9.5/testing/tests/ikev2/nat-rw/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/nat-rw/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/nat-rw/hosts/sun/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/nat-rw/hosts/venus/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/nat-rw/hosts/venus/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/nat-rw/hosts/venus/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + + keep_alive = 5 + } +Index: strongswan-5.9.5/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-ah/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-ah/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-ah/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-ah/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-ah/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-ah/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-cert-sha2/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-cert-sha2/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-cert-sha2/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-cert-sha2/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-cert-sha2/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-cert-sha2/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-childless/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-childless/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-childless/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-childless/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-childless/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-childless/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-dnscert/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-dnscert/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-dnscert/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac curve25519 gmp dnskey pem pkcs1 pubkey unbound dnscert x509 curl kernel-netlink socket-default vici updown ++ load = random nonce aes sha1 sha2 hmac kdf curve25519 gmp dnskey pem pkcs1 pubkey unbound dnscert x509 curl kernel-netlink socket-default vici updown + + plugins { + dnscert { +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-dnscert/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-dnscert/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-dnscert/hosts/sun/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac curve25519 gmp dnskey pem pkcs1 pubkey unbound dnscert x509 curl kernel-netlink socket-default vici updown ++ load = random nonce aes sha1 sha2 hmac kdf curve25519 gmp dnskey pem pkcs1 pubkey unbound dnscert x509 curl kernel-netlink socket-default vici updown + + plugins { + dnscert { +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-dnssec/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-dnssec/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-dnssec/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac curve25519 gmp dnskey pem pkcs1 pubkey unbound ipseckey curl kernel-netlink socket-default vici updown ++ load = random nonce aes sha1 sha2 hmac kdf curve25519 gmp dnskey pem pkcs1 pubkey unbound ipseckey curl kernel-netlink socket-default vici updown + + plugins { + ipseckey { +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-dnssec/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-dnssec/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-dnssec/hosts/sun/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac curve25519 gmp dnskey pem pkcs1 pubkey unbound ipseckey curl kernel-netlink socket-default vici updown ++ load = random nonce aes sha1 sha2 hmac kdf curve25519 gmp dnskey pem pkcs1 pubkey unbound ipseckey curl kernel-netlink socket-default vici updown + + plugins { + ipseckey { +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-ed25519/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-ed25519/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-ed25519/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-ed25519/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-ed25519/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-ed25519/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-gw/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-gw/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-gw/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-gw/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-gw/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-gw/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-gw/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-gw/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-gw/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-multicast/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-multicast/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-multicast/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kernel-netlink socket-default forecast vici ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf kernel-netlink socket-default forecast vici + + multiple_authentication = no + +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-multicast/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-multicast/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-multicast/hosts/sun/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kernel-netlink socket-default forecast vici ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf kernel-netlink socket-default forecast vici + + multiple_authentication = no + +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random drbg nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl mgf1 ntru revocation hmac vici kernel-netlink socket-default updown ++ load = random drbg nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl mgf1 ntru revocation hmac kdf vici kernel-netlink socket-default updown + + multiple_authentication = no + send_vendor_id = yes +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random drbg nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl mgf1 ntru revocation hmac vici kernel-netlink socket-default updown ++ load = random drbg nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl mgf1 ntru revocation hmac kdf vici kernel-netlink socket-default updown + + multiple_authentication = no + send_vendor_id = yes +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf +@@ -1,9 +1,9 @@ + # /etc/strongswan.conf - strongSwan configuration file + + swanctl { +- load = random aes sha1 sha2 hmac pem pkcs1 pkcs7 pkcs8 pkcs12 gmp x509 revocation constraints ++ load = random aes sha1 sha2 hmac kdf pem pkcs1 pkcs7 pkcs8 pkcs12 gmp x509 revocation constraints + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 gmp x509 revocation curve25519 curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 gmp x509 revocation curve25519 curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/strongswan.conf +@@ -1,9 +1,9 @@ + # /etc/strongswan.conf - strongSwan configuration file + + swanctl { +- load = random aes sha1 sha2 hmac pem pkcs1 pkcs7 pkcs8 pkcs12 gmp x509 revocation constraints ++ load = random aes sha1 sha2 hmac kdf pem pkcs1 pkcs7 pkcs8 pkcs12 gmp x509 revocation constraints + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 gmp x509 revocation curve25519 curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 gmp x509 revocation curve25519 curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 curve25519 hmac curl vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 curve25519 hmac kdf curl vici kernel-netlink socket-default updown + syslog { + daemon { + knl = 2 +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 curve25519 hmac curl vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 curve25519 hmac kdf curl vici kernel-netlink socket-default updown + multiple_authentication = no + syslog { + daemon { +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + # remove rekeyed inbound SA a bit quicker for the test scenario + delete_rekeyed_delay = 2 + syslog { +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-rekey/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-rekey/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-rekey/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation addrblock curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation addrblock curve25519 gmp curl kernel-netlink socket-default updown vici + syslog { + daemon { + cfg = 2 +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation addrblock curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation addrblock curve25519 gmp curl kernel-netlink socket-default updown vici + syslog { + daemon { + cfg = 2 +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-sha3-rsa-cert/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-sha3-rsa-cert/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-sha3-rsa-cert/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce sha1 sha2 sha3 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-sha3-rsa-cert/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-sha3-rsa-cert/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-sha3-rsa-cert/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce sha1 sha2 sha3 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-disabled/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-disabled/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ocsp-disabled/hosts/carol/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + + plugins { + revocation { +Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-disabled/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-disabled/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ocsp-disabled/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + + plugins { + revocation { +Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf kernel-netlink socket-default vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf kernel-netlink socket-default vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf kernel-netlink socket-default vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf kernel-netlink socket-default vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 gmp curve25519 x509 curl revocation hmac kernel-netlink socket-default vici ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp curve25519 x509 curl revocation hmac kdf kernel-netlink socket-default vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 gmp curve25519 x509 curl revocation hmac kernel-netlink socket-default vici ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp curve25519 x509 curl revocation hmac kdf kernel-netlink socket-default vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + } +Index: strongswan-5.9.5/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/protoport-range/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/protoport-range/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/protoport-range/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/protoport-range/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/protoport-range/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/protoport-range/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/protoport-trap/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/protoport-trap/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/protoport-trap/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/protoport-trap/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/protoport-trap/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/protoport-trap/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown md5 eap-tls ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown md5 eap-tls + } +Index: strongswan-5.9.5/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown md5 eap-tls ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown md5 eap-tls + } +Index: strongswan-5.9.5/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/reauth-mbb-revoked/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/reauth-mbb-revoked/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/reauth-mbb-revoked/hosts/carol/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici + + make_before_break = yes + } +Index: strongswan-5.9.5/testing/tests/ikev2/reauth-mbb-revoked/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/reauth-mbb-revoked/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/reauth-mbb-revoked/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/carol/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici + + make_before_break = yes + } +Index: strongswan-5.9.5/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/reauth-mbb/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/reauth-mbb/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/reauth-mbb/hosts/carol/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici + + make_before_break = yes + } +Index: strongswan-5.9.5/testing/tests/ikev2/reauth-mbb/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/reauth-mbb/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/reauth-mbb/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/redirect-active/hosts/alice/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/redirect-active/hosts/alice/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/redirect-active/hosts/alice/etc/strongswan.conf +@@ -1,6 +1,6 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown vici + } + +Index: strongswan-5.9.5/testing/tests/ikev2/redirect-active/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/redirect-active/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/redirect-active/hosts/carol/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + syslog { + daemon { + knl = 2 +Index: strongswan-5.9.5/testing/tests/ikev2/redirect-active/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/redirect-active/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/redirect-active/hosts/dave/etc/strongswan.conf +@@ -1,6 +1,6 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } + +Index: strongswan-5.9.5/testing/tests/ikev2/redirect-active/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/redirect-active/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/redirect-active/hosts/moon/etc/strongswan.conf +@@ -1,6 +1,6 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } + +Index: strongswan-5.9.5/testing/tests/ikev2/rw-cert-ppk/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-cert-ppk/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-cert-ppk/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-cert-ppk/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-cert-ppk/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-cert-ppk/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-cert-ppk/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-cert-ppk/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-cert-ppk/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-cert-pss/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-cert-pss/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-cert-pss/hosts/carol/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 mgf1 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce sha1 sha2 mgf1 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici + + syslog { + daemon { +Index: strongswan-5.9.5/testing/tests/ikev2/rw-cert-pss/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-cert-pss/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-cert-pss/hosts/dave/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 mgf1 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce sha1 sha2 mgf1 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici + + syslog { + daemon { +Index: strongswan-5.9.5/testing/tests/ikev2/rw-cert-pss/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-cert-pss/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-cert-pss/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 mgf1 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce sha1 sha2 mgf1 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici + + rsa_pss = yes + +Index: strongswan-5.9.5/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac xcbc ctr ccm gcm vici kernel-netlink socket-default updown ++ load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac xcbc ctr ccm gcm vici kernel-netlink socket-default updown ++ load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random drbg nonce test-vectors aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac xcbc ctr ccm gcm vici kernel-netlink socket-default updown ++ load = random drbg nonce test-vectors aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown + + integrity_test = yes + +Index: strongswan-5.9.5/testing/tests/ikev2/rw-dnssec/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-dnssec/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-dnssec/hosts/carol/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp dnskey pubkey unbound ipseckey hmac vici kernel-netlink socket-default updown resolve ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp dnskey pubkey unbound ipseckey hmac kdf vici kernel-netlink socket-default updown resolve + + plugins { + ipseckey { +Index: strongswan-5.9.5/testing/tests/ikev2/rw-dnssec/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-dnssec/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-dnssec/hosts/dave/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp dnskey pubkey unbound ipseckey hmac vici kernel-netlink socket-default updown resolve ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp dnskey pubkey unbound ipseckey hmac kdf vici kernel-netlink socket-default updown resolve + + plugins { + ipseckey { +Index: strongswan-5.9.5/testing/tests/ikev2/rw-dnssec/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-dnssec/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-dnssec/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 dnskey pubkey unbound ipseckey curve25519 gmp hmac vici kernel-netlink socket-default updown attr ++ load = random nonce aes sha1 sha2 pem pkcs1 dnskey pubkey unbound ipseckey curve25519 gmp hmac kdf vici kernel-netlink socket-default updown attr + + dns1 = PH_IP_WINNETOU + dns2 = PH_IP_VENUS +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-aka eap-aka-3gpp2 updown ++ load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-aka eap-aka-3gpp2 updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-aka eap-aka-3gpp2 updown ++ load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-aka eap-aka-3gpp2 updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-aka eap-aka-3gpp2 updown ++ load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-aka eap-aka-3gpp2 updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-aka eap-aka-3gpp2 updown ++ load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-aka eap-aka-3gpp2 updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-aka-sql-rsa/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-aka-sql-rsa/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-aka-sql-rsa/hosts/carol/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default sqlite fips-prf eap-aka eap-simaka-sql updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default sqlite fips-prf eap-aka eap-simaka-sql updown + + plugins { + eap-simaka-sql { +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-aka-sql-rsa/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-aka-sql-rsa/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-aka-sql-rsa/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default sqlite fips-prf eap-aka eap-simaka-sql updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default sqlite fips-prf eap-aka eap-simaka-sql updown + + plugins { + eap-simaka-sql { +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-dynamic/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-dynamic/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-dynamic/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-md5 updown ++ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-md5 updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-dynamic/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-dynamic/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-dynamic/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes md5 sha1 sha2 mgf1 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-tls updown ++ load = random nonce aes md5 sha1 sha2 mgf1 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-tls updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-dynamic/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-dynamic/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-dynamic/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 mgf1 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-md5 eap-tls eap-dynamic updown ++ load = random nonce aes sha1 sha2 md5 mgf1 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-md5 eap-tls eap-dynamic updown + + plugins { + eap-dynamic { +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown ++ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 eap updown ++ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 eap updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-radius updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-radius updown + + plugins { + eap-radius { +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown ++ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown ++ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-radius updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-radius updown + + plugins { + eap-radius { +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown ++ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-radius updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-radius updown + + plugins { + eap-radius { +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-rsa-ppk/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-id-rsa-ppk/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-rsa-ppk/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown ++ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-rsa-ppk/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-id-rsa-ppk/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-rsa-ppk/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown ++ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-rsa-ppk/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-id-rsa-ppk/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-rsa-ppk/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown ++ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-rsa/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-id-rsa/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-rsa/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown ++ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-rsa/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-id-rsa/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-rsa/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown ++ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-md5 updown ++ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-md5 updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-radius updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-radius updown + + plugins { + eap-radius { +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-md5 updown ++ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-md5 updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-md5 updown ++ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-md5 updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes des md4 sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-mschapv2 updown ++ load = random nonce aes des md4 sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-mschapv2 updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes des md4 sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-mschapv2 updown ++ load = random nonce aes des md4 sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-mschapv2 updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown ++ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown + + multiple_authentication=no + syslog { +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown ++ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown + + multiple_authentication=no + syslog { +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown ++ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown + + multiple_authentication=no + syslog { +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes des md4 md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown ++ load = random nonce aes des md4 md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown + + multiple_authentication=no + syslog { +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes des md4 md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown ++ load = random nonce aes des md4 md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown + + multiple_authentication=no + syslog { +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes des md4 md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown ++ load = random nonce aes des md4 md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown + + multiple_authentication=no + syslog { +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown ++ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown ++ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-radius updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-radius updown + + plugins { + eap-radius { +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-sim eap-sim-file updown ++ load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-sim eap-sim-file updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-radius updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-radius updown + + plugins { + eap-radius { +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-sim eap-sim-file updown ++ load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-sim eap-sim-file updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-sim eap-sim-file updown ++ load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-sim eap-sim-file updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-radius updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-radius updown + + plugins { + eap-radius { +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-sim eap-sim-file updown ++ load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-sim eap-sim-file updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-sim eap-sim-file updown ++ load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-sim eap-sim-file updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-radius updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-radius updown + + plugins { + eap-radius { +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-sim eap-sim-file updown ++ load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-sim eap-sim-file updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-sim eap-sim-file updown ++ load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-sim eap-sim-file updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-tls updown ++ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-tls updown + + multiple_authentication=no + syslog { +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-tls updown ++ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-tls updown + + multiple_authentication=no + syslog { +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-tls updown ++ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-tls updown + + multiple_authentication=no + syslog { +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-tls updown ++ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-tls updown + + multiple_authentication=no + syslog { +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-tls updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-tls updown + + multiple_authentication = no + syslog { +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-radius updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-radius updown + + plugins { + eap-radius { +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-sha3-rsa/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-tls-sha3-rsa/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-sha3-rsa/hosts/carol/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 mgf1 gmp curl eap-tls kernel-netlink socket-default updown vici ++ load = random nonce md5 sha1 sha2 sha3 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 mgf1 gmp curl eap-tls kernel-netlink socket-default updown vici + } + + libtls { +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-sha3-rsa/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-tls-sha3-rsa/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-sha3-rsa/hosts/dave/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 mgf1 gmp curl eap-tls kernel-netlink socket-default updown vici ++ load = random nonce md5 sha1 sha2 sha3 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 mgf1 gmp curl eap-tls kernel-netlink socket-default updown vici + } + + libtls { +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-sha3-rsa/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-tls-sha3-rsa/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-sha3-rsa/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 mgf1 gmp curl eap-tls kernel-netlink socket-default updown vici ++ load = random nonce md5 sha1 sha2 sha3 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 mgf1 gmp curl eap-tls kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown ++ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown + + multiple_authentication=no + syslog { +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown ++ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown + + multiple_authentication=no + syslog { +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown ++ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown + + multiple_authentication=no + syslog { +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown ++ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown ++ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-radius updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-radius updown + + plugins { + eap-radius { +Index: strongswan-5.9.5/testing/tests/ikev2/rw-ed25519-certpol/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-ed25519-certpol/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-ed25519-certpol/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 aes hmac pem pkcs1 pkcs8 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 pkcs8 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-ed25519-certpol/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-ed25519-certpol/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-ed25519-certpol/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 aes hmac pem pkcs1 pkcs8 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 pkcs8 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-ed25519-certpol/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-ed25519-certpol/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-ed25519-certpol/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 aes hmac pem pkcs1 pkcs8 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 pkcs8 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici + syslog { + daemon { + default = 1 } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + + hash_and_url = yes + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + + hash_and_url = yes + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + + hash_and_url = yes + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-initiator-only/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-initiator-only/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-initiator-only/hosts/carol/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + + initiator_only = yes + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-initiator-only/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-initiator-only/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-initiator-only/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-initiator-only/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-initiator-only/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-initiator-only/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + syslog { + daemon { + knl = 2 +Index: strongswan-5.9.5/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici ++ load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac kdf pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici + + send_vendor_id = yes + fragment_size = 1500 +Index: strongswan-5.9.5/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation pubkey gmp curl kernel-netlink socket-default updown vici ++ load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac kdf pem pkcs1 x509 revocation pubkey gmp curl kernel-netlink socket-default updown vici + + send_vendor_id = yes + fragment_size = 1500 +Index: strongswan-5.9.5/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici ++ load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac kdf pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici + + send_vendor_id = yes + fragment_size = 1500 +Index: strongswan-5.9.5/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random drbg nonce aes sha1 sha2 sha3 hmac mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown ++ load = random drbg nonce aes sha1 sha2 sha3 hmac kdf mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown + + send_vendor_id = yes + fragment_size = 1500 +Index: strongswan-5.9.5/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random drbg nonce aes sha1 sha2 sha3 hmac mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown ++ load = random drbg nonce aes sha1 sha2 sha3 hmac kdf mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown + + send_vendor_id = yes + fragment_size = 1500 +Index: strongswan-5.9.5/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random drbg nonce aes sha1 sha2 sha3 hmac mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown ++ load = random drbg nonce aes sha1 sha2 sha3 hmac kdf mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown + + send_vendor_id = yes + fragment_size = 1500 +Index: strongswan-5.9.5/testing/tests/ikev2/rw-ntru-psk/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-ntru-psk/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-ntru-psk/hosts/carol/etc/strongswan.conf +@@ -5,6 +5,6 @@ swanctl { + } + + charon-systemd { +- load = random drbg nonce aes sha1 sha2 mgf1 ntru hmac vici kernel-netlink socket-default updown ++ load = random drbg nonce aes sha1 sha2 mgf1 ntru hmac kdf vici kernel-netlink socket-default updown + send_vendor_id = yes + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-ntru-psk/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-ntru-psk/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-ntru-psk/hosts/dave/etc/strongswan.conf +@@ -5,6 +5,6 @@ swanctl { + } + + charon-systemd { +- load = random drbg nonce aes sha1 sha2 mgf1 ntru hmac vici kernel-netlink socket-default updown ++ load = random drbg nonce aes sha1 sha2 mgf1 ntru hmac kdf vici kernel-netlink socket-default updown + send_vendor_id = yes + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-ntru-psk/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-ntru-psk/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-ntru-psk/hosts/moon/etc/strongswan.conf +@@ -5,6 +5,6 @@ swanctl { + } + + charon-systemd { +- load = random drbg nonce aes sha1 sha2 mgf1 ntru hmac vici kernel-netlink socket-default updown ++ load = random drbg nonce aes sha1 sha2 mgf1 ntru hmac kdf vici kernel-netlink socket-default updown + send_vendor_id = yes + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 gmp x509 revocation curve25519 curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 gmp x509 revocation curve25519 curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 gmp x509 revocation curve25519 curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 gmp x509 revocation curve25519 curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 gmp x509 revocation curve25519 curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 pkcs8 gmp x509 revocation curve25519 curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 hmac curve25519 kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 md5 hmac kdf curve25519 kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-ppk/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-ppk/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-ppk/hosts/carol/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici + syslog { + daemon { + ike = 4 +Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-ppk/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-ppk/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-ppk/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-ppk/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-ppk/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-ppk/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown ++ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-radius updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-radius updown + + plugins { + eap-radius { +Index: strongswan-5.9.5/testing/tests/ikev2/rw-sig-auth/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-sig-auth/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-sig-auth/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-sig-auth/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-sig-auth/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-sig-auth/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-sig-auth/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-sig-auth/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-sig-auth/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 mgf1 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce sha1 sha2 mgf1 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 mgf1 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce sha1 sha2 mgf1 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 mgf1 aes hmac pem pkcs1 x509 revocation constraints whitelist pubkey curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce sha1 sha2 mgf1 aes hmac kdf pem pkcs1 x509 revocation constraints whitelist pubkey curve25519 gmp curl kernel-netlink socket-default updown vici + + plugins { + whitelist { +Index: strongswan-5.9.5/testing/tests/ikev2/shunt-manual-prio/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/shunt-manual-prio/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/shunt-manual-prio/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/shunt-manual-prio/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/shunt-manual-prio/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/shunt-manual-prio/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/shunt-manual-prio/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/shunt-manual-prio/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/shunt-manual-prio/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + + keep_alive = 5 + } +Index: strongswan-5.9.5/testing/tests/ikev2/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + + keep_alive = 5 + } +Index: strongswan-5.9.5/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac xcbc ctr ccm gcm vici kernel-netlink socket-default updown ++ load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ikev2/trap-any/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/trap-any/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/trap-any/hosts/carol/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + syslog { + daemon { + knl = 2 +Index: strongswan-5.9.5/testing/tests/ikev2/trap-any/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/trap-any/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/trap-any/hosts/dave/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + syslog { + daemon { + knl = 2 +Index: strongswan-5.9.5/testing/tests/ikev2/trap-any/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/trap-any/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/trap-any/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + syslog { + daemon { + knl = 2 +Index: strongswan-5.9.5/testing/tests/ikev2/trap-any/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/trap-any/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/trap-any/hosts/sun/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + syslog { + daemon { + knl = 2 +Index: strongswan-5.9.5/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf kernel-netlink socket-default vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf kernel-netlink socket-default vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default vici ++ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default vici ++ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default vici + } +Index: strongswan-5.9.5/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/ipv6-stroke/host2host-ikev1/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/host2host-ikev1/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6-stroke/host2host-ikev1/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6-stroke/host2host-ikev1/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/host2host-ikev1/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6-stroke/host2host-ikev1/hosts/sun/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6-stroke/host2host-ikev2/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/host2host-ikev2/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6-stroke/host2host-ikev2/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6-stroke/host2host-ikev2/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/host2host-ikev2/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6-stroke/host2host-ikev2/hosts/sun/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ikev1/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/net2net-ikev1/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ikev1/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + + fragment_size = 1400 + } +Index: strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ikev1/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/net2net-ikev1/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ikev1/hosts/sun/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + + fragment_size = 1400 + } +Index: strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ikev2/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/net2net-ikev2/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ikev2/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + + fragment_size = 1400 + } +Index: strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ikev2/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/net2net-ikev2/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ikev2/hosts/sun/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + + fragment_size = 1400 + } +Index: strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + + fragment_size = 1400 + } +Index: strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + + fragment_size = 1400 + } +Index: strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + + fragment_size = 1400 + } +Index: strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + + fragment_size = 1400 + } +Index: strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + install_routes = no + fragment_size = 1400 + } +Index: strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + install_routes=no + fragment_size = 1400 + } +Index: strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf +@@ -1,6 +1,6 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + install_routes = no + } +Index: strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf +@@ -1,6 +1,6 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + install_routes=no + } +Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ikev1/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-ikev1/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ikev1/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ikev1/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-ikev1/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ikev1/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ikev1/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-ikev1/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ikev1/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ikev2/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-ikev2/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ikev2/hosts/carol/etc/strongswan.conf +@@ -2,5 +2,5 @@ + + charon { + hash_and_url = yes +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ikev2/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-ikev2/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ikev2/hosts/dave/etc/strongswan.conf +@@ -2,5 +2,5 @@ + + charon { + hash_and_url = yes +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ikev2/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-ikev2/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ikev2/hosts/moon/etc/strongswan.conf +@@ -2,5 +2,5 @@ + + charon { + hash_and_url = yes +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf +@@ -2,5 +2,5 @@ + + charon { + hash_and_url = yes +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf +@@ -2,5 +2,5 @@ + + charon { + hash_and_url = yes +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf +@@ -2,5 +2,5 @@ + + charon { + hash_and_url = yes +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6-stroke/transport-ikev1/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/transport-ikev1/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6-stroke/transport-ikev1/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6-stroke/transport-ikev1/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/transport-ikev1/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6-stroke/transport-ikev1/hosts/sun/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6-stroke/transport-ikev2/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/transport-ikev2/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6-stroke/transport-ikev2/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6-stroke/transport-ikev2/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/transport-ikev2/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6-stroke/transport-ikev2/hosts/sun/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/strongswan.conf +@@ -5,6 +5,6 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + fragment_size = 1400 + } +Index: strongswan-5.9.5/testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/strongswan.conf +@@ -5,6 +5,6 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + fragment_size = 1400 + } +Index: strongswan-5.9.5/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf +@@ -5,6 +5,6 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + fragment_size = 1400 + } +Index: strongswan-5.9.5/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf +@@ -5,6 +5,6 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + fragment_size = 1400 + } +Index: strongswan-5.9.5/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf +@@ -5,6 +5,6 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + fragment_size = 1400 + } +Index: strongswan-5.9.5/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf +@@ -5,6 +5,6 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + fragment_size = 1400 + } +Index: strongswan-5.9.5/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf +@@ -5,6 +5,6 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + fragment_size = 1400 + } +Index: strongswan-5.9.5/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf +@@ -5,6 +5,6 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + fragment_size = 1400 + } +Index: strongswan-5.9.5/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + fragment_size = 1400 + install_routes = no + } +Index: strongswan-5.9.5/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + fragment_size = 1400 + install_routes = no + } +Index: strongswan-5.9.5/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + fragment_size = 1400 + install_routes = no + } +Index: strongswan-5.9.5/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + fragment_size = 1400 + install_routes = no + } +Index: strongswan-5.9.5/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6/rw-ikev1/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-ikev1/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/rw-ikev1/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6/rw-ikev1/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-ikev1/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/rw-ikev1/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6/rw-ikev1/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-ikev1/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/rw-ikev1/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 curve25519 hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 curve25519 hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 curve25519 hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 curve25519 hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 curve25519 hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 curve25519 hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 curve25519 hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 curve25519 hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 curve25519 hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 curve25519 hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 curve25519 hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 curve25519 hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6/transport-ikev1/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/transport-ikev1/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/transport-ikev1/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6/transport-ikev1/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/transport-ikev1/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/transport-ikev1/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/libipsec/host2host-cert/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/libipsec/host2host-cert/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/libipsec/host2host-cert/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-libipsec kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-libipsec kernel-netlink socket-default updown + + multiple_authentication = no + +Index: strongswan-5.9.5/testing/tests/libipsec/host2host-cert/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/libipsec/host2host-cert/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/libipsec/host2host-cert/hosts/sun/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-libipsec kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-libipsec kernel-netlink socket-default updown + + multiple_authentication = no + +Index: strongswan-5.9.5/testing/tests/libipsec/net2net-3des/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/libipsec/net2net-3des/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/libipsec/net2net-3des/hosts/moon/etc/strongswan.conf +@@ -5,6 +5,6 @@ swanctl { + } + + charon-systemd { +- load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-libipsec kernel-netlink socket-default updown ++ load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-libipsec kernel-netlink socket-default updown + multiple_authentication = no + } +Index: strongswan-5.9.5/testing/tests/libipsec/net2net-3des/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/libipsec/net2net-3des/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/libipsec/net2net-3des/hosts/sun/etc/strongswan.conf +@@ -5,6 +5,6 @@ swanctl { + } + + charon-systemd { +- load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-libipsec kernel-netlink socket-default updown ++ load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-libipsec kernel-netlink socket-default updown + multiple_authentication = no + } +Index: strongswan-5.9.5/testing/tests/libipsec/net2net-cert/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/libipsec/net2net-cert/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/libipsec/net2net-cert/hosts/moon/etc/strongswan.conf +@@ -5,6 +5,6 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 gcm pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-libipsec kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 gcm pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-libipsec kernel-netlink socket-default updown + multiple_authentication = no + } +Index: strongswan-5.9.5/testing/tests/libipsec/net2net-cert/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/libipsec/net2net-cert/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/libipsec/net2net-cert/hosts/sun/etc/strongswan.conf +@@ -5,6 +5,6 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 gcm pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-libipsec kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 gcm pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-libipsec kernel-netlink socket-default updown + multiple_authentication = no + } +Index: strongswan-5.9.5/testing/tests/openssl-ikev1/alg-ecp-high/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/openssl-ikev1/alg-ecp-high/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/openssl-ikev1/alg-ecp-high/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 gmp pem pkcs1 hmac x509 openssl curl revocation vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 gmp pem pkcs1 hmac kdf x509 openssl curl revocation vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/openssl-ikev1/alg-ecp-low/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/openssl-ikev1/alg-ecp-low/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/openssl-ikev1/alg-ecp-low/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes des sha1 sha2 gmp pem pkcs1 hmac x509 openssl curl revocation vici kernel-netlink socket-default updown ++ load = random nonce aes des sha1 sha2 gmp pem pkcs1 hmac kdf x509 openssl curl revocation vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 gmp pem pkcs1 hmac x509 openssl curl revocation vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 gmp pem pkcs1 hmac kdf x509 openssl curl revocation vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/openssl-ikev2/alg-ecp-brainpool-low/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/openssl-ikev2/alg-ecp-brainpool-low/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/openssl-ikev2/alg-ecp-brainpool-low/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes des sha1 sha2 gmp pem pkcs1 hmac x509 openssl curl revocation vici kernel-netlink socket-default updown ++ load = random nonce aes des sha1 sha2 gmp pem pkcs1 hmac kdf x509 openssl curl revocation vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 gmp pem pkcs1 hmac x509 openssl curl revocation vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 gmp pem pkcs1 hmac kdf x509 openssl curl revocation vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes des sha1 sha2 gmp pem pkcs1 hmac x509 openssl curl revocation vici kernel-netlink socket-default updown ++ load = random nonce aes des sha1 sha2 gmp pem pkcs1 hmac kdf x509 openssl curl revocation vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm vici kernel-netlink socket-default updown ++ load = test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac kdf xcbc cmac ctr ccm gcm vici kernel-netlink socket-default updown + + integrity_test = yes + crypto_test { +Index: strongswan-5.9.5/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation xcbc stroke kernel-pfkey kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 md5 kdf pem pkcs1 gmp x509 curl revocation xcbc stroke kernel-pfkey kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation xcbc stroke kernel-pfkey kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 kdf pem pkcs1 gmp x509 curl revocation xcbc stroke kernel-pfkey kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/pfkey/compress/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/pfkey/compress/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/pfkey/compress/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/pfkey/compress/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/pfkey/compress/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/pfkey/compress/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/pfkey/nat-rw/hosts/alice/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/pfkey/nat-rw/hosts/alice/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/pfkey/nat-rw/hosts/alice/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/pfkey/nat-rw/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/pfkey/nat-rw/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/pfkey/nat-rw/hosts/sun/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/pfkey/nat-rw/hosts/venus/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/pfkey/nat-rw/hosts/venus/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/pfkey/nat-rw/hosts/venus/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown + # remove rekeyed inbound SA a bit quicker for the test scenario + delete_rekeyed_delay = 2 + syslog { +Index: strongswan-5.9.5/testing/tests/pfkey/net2net-rekey/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/pfkey/net2net-rekey/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/pfkey/net2net-rekey/hosts/sun/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce test-vectors aes des sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown ++ load = random nonce test-vectors aes des sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf xcbc stroke kernel-pfkey kernel-netlink socket-default updown + + integrity_test = yes + crypto_test { +Index: strongswan-5.9.5/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce test-vectors aes des sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown ++ load = random nonce test-vectors aes des sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf xcbc stroke kernel-pfkey kernel-netlink socket-default updown + + integrity_test = yes + crypto_test { +Index: strongswan-5.9.5/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce test-vectors aes des sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown ++ load = random nonce test-vectors aes des sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf xcbc stroke kernel-pfkey kernel-netlink socket-default updown + + integrity_test = yes + crypto_test { +Index: strongswan-5.9.5/testing/tests/pfkey/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/pfkey/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/pfkey/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown + + keep_alive = 5 + } +Index: strongswan-5.9.5/testing/tests/pfkey/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/pfkey/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/pfkey/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf +@@ -1,5 +1,5 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/pfkey/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/pfkey/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/pfkey/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown + + keep_alive = 5 + } +Index: strongswan-5.9.5/testing/tests/route-based/net2net-gre/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/route-based/net2net-gre/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/route-based/net2net-gre/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } + + charon { +Index: strongswan-5.9.5/testing/tests/route-based/net2net-gre/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/route-based/net2net-gre/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/route-based/net2net-gre/hosts/sun/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } + + charon { +Index: strongswan-5.9.5/testing/tests/route-based/net2net-vti/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/route-based/net2net-vti/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/route-based/net2net-vti/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } + + charon { +Index: strongswan-5.9.5/testing/tests/route-based/net2net-vti/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/route-based/net2net-vti/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/route-based/net2net-vti/hosts/sun/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } + + charon { +Index: strongswan-5.9.5/testing/tests/route-based/net2net-xfrmi-ike/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/route-based/net2net-xfrmi-ike/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/route-based/net2net-xfrmi-ike/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/route-based/net2net-xfrmi-ike/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/route-based/net2net-xfrmi-ike/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/route-based/net2net-xfrmi-ike/hosts/sun/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default + start-scripts { + updown = /usr/bin/python3 /etc/updown.py + } +Index: strongswan-5.9.5/testing/tests/route-based/net2net-xfrmi-netns/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/route-based/net2net-xfrmi-netns/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/route-based/net2net-xfrmi-netns/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/route-based/net2net-xfrmi-netns/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/route-based/net2net-xfrmi-netns/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/route-based/net2net-xfrmi-netns/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/route-based/net2net-xfrmi/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/route-based/net2net-xfrmi/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/route-based/net2net-xfrmi/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/route-based/net2net-xfrmi/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/route-based/net2net-xfrmi/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/route-based/net2net-xfrmi/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } + + charon { +Index: strongswan-5.9.5/testing/tests/route-based/rw-shared-vti/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/route-based/rw-shared-vti/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/route-based/rw-shared-vti/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/route-based/rw-shared-vti/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/route-based/rw-shared-vti/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/route-based/rw-shared-vti/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/route-based/rw-shared-vti/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/route-based/rw-shared-vti/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/route-based/rw-shared-vti/hosts/moon/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } + + charon { +Index: strongswan-5.9.5/testing/tests/route-based/rw-shared-xfrmi/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/route-based/rw-shared-xfrmi/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/route-based/rw-shared-xfrmi/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/route-based/rw-shared-xfrmi/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/route-based/rw-shared-xfrmi/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/route-based/rw-shared-xfrmi/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/route-based/rw-shared-xfrmi/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/route-based/rw-shared-xfrmi/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/route-based/rw-shared-xfrmi/hosts/moon/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown ++ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/strongswan.conf +@@ -6,5 +6,5 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql + } +Index: strongswan-5.9.5/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/strongswan.conf +@@ -6,5 +6,5 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql + } +Index: strongswan-5.9.5/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql attr-sql ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql attr-sql + + plugins { + sql { +Index: strongswan-5.9.5/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/strongswan.conf +@@ -6,5 +6,5 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql + } +Index: strongswan-5.9.5/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/strongswan.conf +@@ -6,5 +6,5 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql + } +Index: strongswan-5.9.5/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql attr-sql ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql attr-sql + + plugins { + sql { +Index: strongswan-5.9.5/testing/tests/sql/ip-pool-db/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/ip-pool-db/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/ip-pool-db/hosts/carol/etc/strongswan.conf +@@ -6,5 +6,5 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql resolve ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql resolve + } +Index: strongswan-5.9.5/testing/tests/sql/ip-pool-db/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/ip-pool-db/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/ip-pool-db/hosts/dave/etc/strongswan.conf +@@ -6,5 +6,5 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql resolve ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql resolve + } +Index: strongswan-5.9.5/testing/tests/sql/ip-pool-db/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/ip-pool-db/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/ip-pool-db/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql attr-sql ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql attr-sql + + plugins { + sql { +Index: strongswan-5.9.5/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/strongswan.conf +@@ -6,5 +6,5 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql + } +Index: strongswan-5.9.5/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/strongswan.conf +@@ -6,5 +6,5 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql + } +Index: strongswan-5.9.5/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql attr-sql ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql attr-sql + + plugins { + sql { +Index: strongswan-5.9.5/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/strongswan.conf +@@ -6,5 +6,5 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql + } +Index: strongswan-5.9.5/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/strongswan.conf +@@ -6,5 +6,5 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql + } +Index: strongswan-5.9.5/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon { +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql attr-sql ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql attr-sql + + plugins { + sql { +Index: strongswan-5.9.5/testing/tests/sql/multi-level-ca/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/multi-level-ca/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/multi-level-ca/hosts/carol/etc/strongswan.conf +@@ -6,5 +6,5 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql + } +Index: strongswan-5.9.5/testing/tests/sql/multi-level-ca/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/multi-level-ca/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/multi-level-ca/hosts/dave/etc/strongswan.conf +@@ -6,5 +6,5 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql + } +Index: strongswan-5.9.5/testing/tests/sql/multi-level-ca/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/multi-level-ca/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/multi-level-ca/hosts/moon/etc/strongswan.conf +@@ -6,5 +6,5 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql + } +Index: strongswan-5.9.5/testing/tests/sql/net2net-cert/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/net2net-cert/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/net2net-cert/hosts/moon/etc/strongswan.conf +@@ -6,5 +6,5 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql + } +Index: strongswan-5.9.5/testing/tests/sql/net2net-cert/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/net2net-cert/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/net2net-cert/hosts/sun/etc/strongswan.conf +@@ -6,5 +6,5 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql + } +Index: strongswan-5.9.5/testing/tests/sql/net2net-psk/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/net2net-psk/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/net2net-psk/hosts/moon/etc/strongswan.conf +@@ -6,5 +6,5 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac vici kernel-netlink socket-default updown sqlite sql ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql + } +Index: strongswan-5.9.5/testing/tests/sql/net2net-psk/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/net2net-psk/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/net2net-psk/hosts/sun/etc/strongswan.conf +@@ -6,5 +6,5 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac vici kernel-netlink socket-default updown sqlite sql ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql + } +Index: strongswan-5.9.5/testing/tests/sql/net2net-route-pem/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/net2net-route-pem/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/net2net-route-pem/hosts/moon/etc/strongswan.conf +@@ -6,5 +6,5 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql + } +Index: strongswan-5.9.5/testing/tests/sql/net2net-route-pem/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/net2net-route-pem/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/net2net-route-pem/hosts/sun/etc/strongswan.conf +@@ -6,5 +6,5 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql + } +Index: strongswan-5.9.5/testing/tests/sql/net2net-start-pem/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/net2net-start-pem/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/net2net-start-pem/hosts/moon/etc/strongswan.conf +@@ -6,5 +6,5 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql + } +Index: strongswan-5.9.5/testing/tests/sql/net2net-start-pem/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/net2net-start-pem/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/net2net-start-pem/hosts/sun/etc/strongswan.conf +@@ -6,5 +6,5 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql + } +Index: strongswan-5.9.5/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf +@@ -6,7 +6,7 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = test-vectors random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql ++ load = test-vectors random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql + + integrity_test = yes + crypto_test { +Index: strongswan-5.9.5/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf +@@ -6,7 +6,7 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = test-vectors random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql ++ load = test-vectors random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql + + integrity_test = yes + crypto_test { +Index: strongswan-5.9.5/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf +@@ -6,7 +6,7 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = test-vectors random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql ++ load = test-vectors random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql + + integrity_test = yes + } +Index: strongswan-5.9.5/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf +@@ -6,5 +6,5 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 fips-prf pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql eap-aka eap-aka-3gpp2 ++ load = random nonce aes sha1 sha2 fips-prf pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql eap-aka eap-aka-3gpp2 + } +Index: strongswan-5.9.5/testing/tests/sql/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf +@@ -6,5 +6,5 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 fips-prf pem pkcs1 gmp x509 revocation hmac vici kernel-netlink socket-default updown sqlite sql eap-aka eap-aka-3gpp2 ++ load = random nonce aes sha1 sha2 fips-prf pem pkcs1 gmp x509 revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql eap-aka eap-aka-3gpp2 + } +Index: strongswan-5.9.5/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/strongswan.conf +@@ -6,5 +6,5 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac vici kernel-netlink socket-default updown sqlite sql ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql + } +Index: strongswan-5.9.5/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf +@@ -6,5 +6,5 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac vici kernel-netlink socket-default updown sqlite sql ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql + } +Index: strongswan-5.9.5/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf +@@ -6,5 +6,5 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac vici kernel-netlink socket-default updown sqlite sql ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql + } +Index: strongswan-5.9.5/testing/tests/sql/rw-psk-ipv6/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/rw-psk-ipv6/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/rw-psk-ipv6/hosts/carol/etc/strongswan.conf +@@ -6,5 +6,5 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac vici kernel-netlink socket-default updown sqlite sql ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql + } +Index: strongswan-5.9.5/testing/tests/sql/rw-psk-ipv6/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/rw-psk-ipv6/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/rw-psk-ipv6/hosts/dave/etc/strongswan.conf +@@ -6,5 +6,5 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac vici kernel-netlink socket-default updown sqlite sql ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql + } +Index: strongswan-5.9.5/testing/tests/sql/rw-psk-ipv6/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/rw-psk-ipv6/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/rw-psk-ipv6/hosts/moon/etc/strongswan.conf +@@ -6,5 +6,5 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac vici kernel-netlink socket-default updown sqlite sql ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql + } +Index: strongswan-5.9.5/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf +@@ -6,5 +6,5 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql + } +Index: strongswan-5.9.5/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf +@@ -6,5 +6,5 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql + } +Index: strongswan-5.9.5/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf +@@ -6,5 +6,5 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql + } +Index: strongswan-5.9.5/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/strongswan.conf +@@ -6,5 +6,5 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 pem pkcs1 pubkey gmp hmac vici kernel-netlink socket-default updown sqlite sql ++ load = random nonce aes sha1 sha2 pem pkcs1 pubkey gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql + } +Index: strongswan-5.9.5/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/strongswan.conf +@@ -6,5 +6,5 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 pem pkcs1 pubkey gmp hmac vici kernel-netlink socket-default updown sqlite sql ++ load = random nonce aes sha1 sha2 pem pkcs1 pubkey gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql + } +Index: strongswan-5.9.5/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/strongswan.conf +@@ -6,5 +6,5 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 pem pkcs1 pubkey gmp hmac vici kernel-netlink socket-default updown sqlite sql ++ load = random nonce aes sha1 sha2 pem pkcs1 pubkey gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql + } +Index: strongswan-5.9.5/testing/tests/sql/rw-rsa/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/rw-rsa/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/rw-rsa/hosts/carol/etc/strongswan.conf +@@ -6,5 +6,5 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 pem pkcs1 pubkey gmp hmac vici kernel-netlink socket-default updown sqlite sql ++ load = random nonce aes sha1 sha2 pem pkcs1 pubkey gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql + } +Index: strongswan-5.9.5/testing/tests/sql/rw-rsa/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/rw-rsa/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/rw-rsa/hosts/dave/etc/strongswan.conf +@@ -6,5 +6,5 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 pem pkcs1 pubkey gmp hmac vici kernel-netlink socket-default updown sqlite sql ++ load = random nonce aes sha1 sha2 pem pkcs1 pubkey gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql + } +Index: strongswan-5.9.5/testing/tests/sql/rw-rsa/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/rw-rsa/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/rw-rsa/hosts/moon/etc/strongswan.conf +@@ -6,5 +6,5 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 pem pkcs1 pubkey gmp hmac vici kernel-netlink socket-default updown sqlite sql ++ load = random nonce aes sha1 sha2 pem pkcs1 pubkey gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql + } +Index: strongswan-5.9.5/testing/tests/sql/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf +@@ -6,7 +6,7 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql + + keep_alive = 5 + } +Index: strongswan-5.9.5/testing/tests/sql/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf +@@ -9,5 +9,5 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql attr-sql ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql attr-sql + } +Index: strongswan-5.9.5/testing/tests/sql/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/sql/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/sql/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf +@@ -6,7 +6,7 @@ charon { + database = sqlite:///etc/db.d/ipsec.db + } + } +- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql ++ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql + + keep_alive = 5 + } +Index: strongswan-5.9.5/testing/tests/tkm/host2host-initiator/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tkm/host2host-initiator/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tkm/host2host-initiator/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc vici kernel-netlink socket-default updown ++ load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac kdf xcbc vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/tkm/host2host-responder/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tkm/host2host-responder/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tkm/host2host-responder/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc vici kernel-netlink socket-default updown ++ load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac kdf xcbc vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/tkm/host2host-xfrmproxy/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tkm/host2host-xfrmproxy/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tkm/host2host-xfrmproxy/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc vici kernel-netlink socket-default updown ++ load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac kdf xcbc vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/tkm/multiple-clients/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tkm/multiple-clients/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tkm/multiple-clients/hosts/carol/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc vici kernel-netlink socket-default updown ++ load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac kdf xcbc vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/tkm/multiple-clients/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tkm/multiple-clients/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tkm/multiple-clients/hosts/dave/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc vici kernel-netlink socket-default updown ++ load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac kdf xcbc vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/tkm/net2net-initiator/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tkm/net2net-initiator/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tkm/net2net-initiator/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc vici kernel-netlink socket-default updown ++ load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac kdf xcbc vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/tkm/net2net-xfrmproxy/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tkm/net2net-xfrmproxy/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tkm/net2net-xfrmproxy/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc vici kernel-netlink socket-default updown ++ load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac kdf xcbc vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/tkm/xfrmproxy-expire/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tkm/xfrmproxy-expire/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tkm/xfrmproxy-expire/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc vici kernel-netlink socket-default updown ++ load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac kdf xcbc vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/tkm/xfrmproxy-rekey/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tkm/xfrmproxy-rekey/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tkm/xfrmproxy-rekey/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc vici kernel-netlink socket-default updown ++ load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac kdf xcbc vici kernel-netlink socket-default updown + } +Index: strongswan-5.9.5/testing/tests/tnc/tnccs-11/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-11/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tnc/tnccs-11/hosts/carol/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown + + multiple_authentication=no + +Index: strongswan-5.9.5/testing/tests/tnc/tnccs-11/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-11/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tnc/tnccs-11/hosts/dave/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 mgf1 gmp hmac pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown ++ load = random nonce aes sha1 sha2 md5 mgf1 gmp hmac kdf pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown + + multiple_authentication=no + +Index: strongswan-5.9.5/testing/tests/tnc/tnccs-11/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-11/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tnc/tnccs-11/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-11 tnc-imv updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-11 tnc-imv updown + + multiple_authentication = no + +Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-block/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-block/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-block/hosts/carol/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown + + multiple_authentication = no + +Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-block/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-block/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-block/hosts/dave/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown + + multiple_authentication=no + +Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-block/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-block/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-block/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown + + multiple_authentication = no + +Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown + + multiple_authentication = no + +Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown + + multiple_authentication = no + +Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown + + multiple_authentication = no + +Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-fail-init/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-fail-init/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-fail-init/hosts/carol/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown + + multiple_authentication = no + +Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-fail-init/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-fail-init/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-fail-init/hosts/dave/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown + + multiple_authentication = no + +Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-fail-init/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-fail-init/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-fail-init/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown + + multiple_authentication = no + +Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-fail-resp/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-fail-resp/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-fail-resp/hosts/carol/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown + + multiple_authentication = no + +Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-fail-resp/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-fail-resp/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-fail-resp/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown + + multiple_authentication = no + +Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici socket-default kernel-netlink eap-identity eap-ttls eap-tnc tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici socket-default kernel-netlink eap-identity eap-ttls eap-tnc tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite + + syslog { + daemon { +Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-hcd-eap/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-hcd-eap/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-hcd-eap/hosts/carol/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown + + syslog { + daemon { +Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-hcd-eap/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-hcd-eap/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-hcd-eap/hosts/dave/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown + + syslog { + daemon { +Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-hcd-eap/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-hcd-eap/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-hcd-eap/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-radius updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-radius updown + multiple_authentication=no + + plugins { +Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-os/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-os/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-os/hosts/carol/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown + + multiple_authentication = no + +Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-os/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-os/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-os/hosts/dave/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown + + multiple_authentication = no + +Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite + + multiple_authentication = no + +Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici socket-default kernel-netlink eap-identity eap-ttls eap-md5 eap-tnc tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici socket-default kernel-netlink eap-identity eap-ttls eap-md5 eap-tnc tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite + + syslog { + daemon { +Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown + + syslog { + daemon { +Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown + + syslog { + daemon { +Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-radius updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-radius updown + + multiple_authentication=no + +Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/carol/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 mgf1 gmp hmac pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown ++ load = random nonce aes sha1 sha2 md5 mgf1 gmp hmac kdf pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown + + multiple_authentication = no + +Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/dave/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 mgf1 gmp hmac pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown ++ load = random nonce aes sha1 sha2 md5 mgf1 gmp hmac kdf pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown + + multiple_authentication = no + +Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 mgf1 gmp hmac pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite ++ load = random nonce aes sha1 sha2 md5 mgf1 gmp hmac kdf pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite + + multiple_authentication = no + +Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-tls/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-tls/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-tls/hosts/carol/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown + + multiple_authentication = no + +Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-tls/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-tls/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-tls/hosts/dave/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown + + multiple_authentication = no + +Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnccs-20 tnc-imv updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnccs-20 tnc-imv updown + + multiple_authentication = no + +Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tnc/tnccs-20/hosts/carol/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown + + multiple_authentication = no + +Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tnc/tnccs-20/hosts/dave/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown + + multiple_authentication = no + +Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tnc/tnccs-20/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown + + multiple_authentication = no + +Index: strongswan-5.9.5/testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown + + multiple_authentication=no + integrity_test = yes +Index: strongswan-5.9.5/testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown + + multiple_authentication=no + integrity_test = yes +Index: strongswan-5.9.5/testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/strongswan.conf +@@ -1,7 +1,7 @@ + # /etc/strongswan.conf - strongSwan configuration file + + charon-systemd { +- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-dynamic tnccs-11 tnccs-20 tnc-imv updown ++ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-dynamic tnccs-11 tnccs-20 tnc-imv updown + + multiple_authentication=no + integrity_test = yes +Index: strongswan-5.9.5/testing/tests/wolfssl/net2net-ed25519/hosts/sun/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/wolfssl/net2net-ed25519/hosts/sun/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/wolfssl/net2net-ed25519/hosts/sun/etc/strongswan.conf +@@ -5,5 +5,5 @@ swanctl { + } + + charon-systemd { +- load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici ++ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici + } +Index: strongswan-5.9.5/testing/tests/wolfssl/rw-cert/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/wolfssl/rw-cert/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/wolfssl/rw-cert/hosts/dave/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 sha3 aes curve25519 hmac mgf1 pem pkcs1 x509 revocation constraints gmp curl kernel-netlink socket-default updown vici ++ load = random nonce sha1 sha2 sha3 aes curve25519 hmac kdf mgf1 pem pkcs1 x509 revocation constraints gmp curl kernel-netlink socket-default updown vici + + rsa_pss = yes + } +Index: strongswan-5.9.5/testing/tests/wolfssl/rw-modp3072/hosts/dave/etc/strongswan.conf +=================================================================== +--- strongswan-5.9.5.orig/testing/tests/wolfssl/rw-modp3072/hosts/dave/etc/strongswan.conf ++++ strongswan-5.9.5/testing/tests/wolfssl/rw-modp3072/hosts/dave/etc/strongswan.conf +@@ -5,7 +5,7 @@ swanctl { + } + + charon-systemd { +- load = random nonce sha1 sha2 aes hmac mgf1 pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici ++ load = random nonce sha1 sha2 aes hmac kdf mgf1 pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici + + rsa_pss = yes + } diff --git a/strongswan.changes b/strongswan.changes index 77ec9ac..2cfec7b 100644 --- a/strongswan.changes +++ b/strongswan.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Thu Mar 3 14:49:26 UTC 2022 - Marcus Meissner + +- Added prf-plus-modularization.patch that outsources the IKE + key derivation to openssl. (will be merged to 5.9.6) +- package the kdf config, template and plugin + ------------------------------------------------------------------- Wed Jan 26 12:25:35 UTC 2022 - Jan Engelhardt diff --git a/strongswan.spec b/strongswan.spec index a22c6df..fce0e5b 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -81,6 +81,7 @@ Patch3: %{name}_fipscheck.patch %endif Patch5: 0005-ikev1-Don-t-retransmit-Aggressive-Mode-response.patch Patch6: harden_strongswan.service.patch +Patch7: prf-plus-modularization.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: bison BuildRequires: curl-devel @@ -269,6 +270,7 @@ sed -e 's|@IPSEC_DIR@|%{_libexecdir}/ipsec|g' \ > _fipscheck %endif %patch6 -p1 +%patch7 -p1 %build CFLAGS="%{optflags} -W -Wall -Wno-pointer-sign -Wno-strict-aliasing -Wno-unused-parameter" @@ -676,6 +678,7 @@ fi %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/gmp.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/ha.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/hmac.conf +%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/kdf.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/kernel-netlink.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/ldap.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/led.conf @@ -792,6 +795,7 @@ fi %{strongswan_plugins}/libstrongswan-gmp.so %{strongswan_plugins}/libstrongswan-ha.so %{strongswan_plugins}/libstrongswan-hmac.so +%{strongswan_plugins}/libstrongswan-kdf.so %{strongswan_plugins}/libstrongswan-kernel-netlink.so %{strongswan_plugins}/libstrongswan-ldap.so %{strongswan_plugins}/libstrongswan-led.so @@ -896,6 +900,7 @@ fi %{strongswan_templates}/config/plugins/gmp.conf %{strongswan_templates}/config/plugins/ha.conf %{strongswan_templates}/config/plugins/hmac.conf +%{strongswan_templates}/config/plugins/kdf.conf %{strongswan_templates}/config/plugins/kernel-netlink.conf %{strongswan_templates}/config/plugins/ldap.conf %{strongswan_templates}/config/plugins/led.conf @@ -957,6 +962,7 @@ fi %{strongswan_templates}/database/imv/data.sql %{strongswan_templates}/database/imv/tables.sql + %if %{with nm} %files nm