Package: libstrongswan-standard-plugins Version: 5.9.8-5+deb12u2 Severity: important
Dear Maintainer, on systems lacking AES-NI support critical strongswan processes (charon, swanctl) get terminated by SIGILL in libstrongswan-aesni.so. The issue is that strongswan applications auto-load all plugins and libstrongswan-aesni.so loads even when AES-NI are not available. Issue appeared after upgrading from bullseye (5.9.1-1+deb11u5). I did not yet have a chance to test this with trixie yet, sorry. Explicitely configuring charon AND swanctl plugins or simply deleting the .so makes strongswan fall back non-AES-NI path and work correctly. Is it possible to modify libstrongswan-aesni.so so it refuses to load when AES-NI are not available instead of causing hard-to-debug SIGILL? Best, n.b.f.

