strongSwan 5.8.4 fixes two regressions in last week's 5.8.3 release, one affecting IKEv1 Quick Mode the other OpenSSL's SHAKE128/256 XOFs.
The changes regarding lifetimes and proposal/transform IDs in last week's 5.8.3 release contained a regression that caused a crash due to a null-pointer dereference if the proposal selection failed during IKEv1 Quick Mode (i.e. after the peers have been authenticated).
OpenSSL currently doesn't support squeezing bytes out of a SHAKE128/256 XOF multiple times (support for these was added with last week's 5.8.3 release). Unfortunately,
EVP_DigestFinalXOF() completely resets the context and later calls not simply fail, they cause a null-pointer dereference in libcrypto. The fix for this comes at the cost of repeatedly initializing the whole state and allocating too much data for subsequent calls (hopefully, once the OpenSSL issue 7894 is resolved we can implement this more efficiently). These XOFs are currently only used in the newhope and frodo plugins.
Other Notable Features and Fixes