gcrypt: Use a dummy buffer to initialize static allocations

In FIPS mode, libgcrypt uses a DRBG, which behaves differently when the
length passed to gcry_create_nonce() or gcry_randomize() is <= 0.  It
expects a struct and explicitly checks that the passed pointer is not
NULL.

diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
index 848568f45e789bc94d37d854ffef5260ac9044be..f97c57b8f142ad0f87cb5c13ce9dcd0ae5548868 100644 (file)
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
@@ -167,6 +167,7 @@ METHOD(plugin_t, destroy, void,
 plugin_t *gcrypt_plugin_create()
 {
        private_gcrypt_plugin_t *this;
+       u_char *dummy[1];
 
 #if GCRYPT_VERSION_NUMBER < 0x010600
        gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
@@ -188,7 +189,7 @@ plugin_t *gcrypt_plugin_create()
        gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
 
        /* initialize static allocations we want to exclude from leak-detective */
-       gcry_create_nonce(NULL, 0);
+       gcry_create_nonce(dummy, sizeof(dummy));
 
        INIT(this,
                .public = {