]> git.ipfire.org Git - thirdparty/strongswan.git/commitdiff
projects / thirdparty / strongswan.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2c32412)
openssl: Don't allocate salt if PRF/hash is unknown
authorTobias Brunner <tobias@strongswan.org>
Fri, 11 Jul 2025 09:42:47 +0000 (11:42 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 11 Jul 2025 09:47:51 +0000 (11:47 +0200)
This can happen if e.g. AES-XCBC is selected.

Fixes: 2dbeecfc029b ("openssl: Fix testing KDF_PRF in the constructor with OpenSSL 3.5.1")
src/libstrongswan/plugins/openssl/openssl_kdf.c patch | blob | blame | history

diff --git a/src/libstrongswan/plugins/openssl/openssl_kdf.c b/src/libstrongswan/plugins/openssl/openssl_kdf.c
index e1b67c920dd4ea027eda09678d05ec21bc18b2c9..4611a38824e92e6c72a53f97694c6a0fec608e79 100644 (file)
--- a/src/libstrongswan/plugins/openssl/openssl_kdf.c
+++ b/src/libstrongswan/plugins/openssl/openssl_kdf.c
@@ -203,7 +203,7 @@ kdf_t *openssl_kdf_create(key_derivation_function_t algo, va_list args)
 
        /* also generate a salt (as if none was provided, i.e. zeroes of hash length)
         * as OpenSSL 3.5.1+ won't accept NULL anymore */
-       if (algo == KDF_PRF)
+       if (algo == KDF_PRF && this->hasher)
        {
                this->salt = chunk_copy_pad(chunk_alloc(get_length(this)),
                                                                        chunk_empty, 0);
Unnamed repository; edit this file 'description' to name the repository.