sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-04 00:00:14 -04:00
Code Issues Projects Releases Wiki Activity

openssl: Fix testing KDF_PRF in the constructor with OpenSSL 3.5.1

Browse Source 
Setting the salt to NULL now fails, so we set it to hash length's zeroes,
which is the default value for HKDF-Extract if no salt is passed.

Fixes strongswan/strongswan#2828
This commit is contained in:
Tobias Brunner 2025-07-10 18:11:19 +02:00
parent a8c2d125f1
commit 2dbeecfc02
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/libstrongswan/plugins/openssl/openssl_kdf.c
View File

@ -201,6 +201,14 @@ kdf_t *openssl_kdf_create(key_derivation_function_t algo, va_list args)
.key = chunk_clone(chunk_from_str("00000000000000000000000000000000")),
);
/* also generate a salt (as if none was provided, i.e. zeroes of hash length)
* as OpenSSL 3.5.1+ won't accept NULL anymore */
if (algo == KDF_PRF)
{
this->salt = chunk_copy_pad(chunk_alloc(get_length(this)),
chunk_empty, 0);
}
if (!this->hasher ||
!get_bytes(this, algo == KDF_PRF ? get_length(this) : sizeof(buf), buf))
{