openssl: Fix testing KDF_PRF in the constructor with OpenSSL 3.5.1

Setting the salt to NULL now fails, so we set it to hash length's zeroes,
which is the default value for HKDF-Extract if no salt is passed.

Fixes strongswan/strongswan#2828

diff --git a/src/libstrongswan/plugins/openssl/openssl_kdf.c b/src/libstrongswan/plugins/openssl/openssl_kdf.c
index cca81783abc0094dc01d999cf5d8c60d60f1c113..e1b67c920dd4ea027eda09678d05ec21bc18b2c9 100644 (file)
--- a/src/libstrongswan/plugins/openssl/openssl_kdf.c
+++ b/src/libstrongswan/plugins/openssl/openssl_kdf.c
@@ -201,6 +201,14 @@ kdf_t *openssl_kdf_create(key_derivation_function_t algo, va_list args)
                .key = chunk_clone(chunk_from_str("00000000000000000000000000000000")),
        );
 
+       /* also generate a salt (as if none was provided, i.e. zeroes of hash length)
+        * as OpenSSL 3.5.1+ won't accept NULL anymore */
+       if (algo == KDF_PRF)
+       {
+               this->salt = chunk_copy_pad(chunk_alloc(get_length(this)),
+                                                                       chunk_empty, 0);
+       }
+
        if (!this->hasher ||
                !get_bytes(this, algo == KDF_PRF ? get_length(this) : sizeof(buf), buf))
        {