From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 3 Nov 2020 11:07:48 +0000 (+0100)
Subject: gcrypt: Use a dummy buffer to initialize static allocations
X-Git-Tag: 5.9.1~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=70b0c730d08ce0b8ef988105fdc631a193986980;p=thirdparty%2Fstrongswan.git

gcrypt: Use a dummy buffer to initialize static allocations

In FIPS mode, libgcrypt uses a DRBG, which behaves differently when the
length passed to gcry_create_nonce() or gcry_randomize() is <= 0.  It
expects a struct and explicitly checks that the passed pointer is not
NULL.
---

diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
index 848568f45e..f97c57b8f1 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
@@ -167,6 +167,7 @@ METHOD(plugin_t, destroy, void,
 plugin_t *gcrypt_plugin_create()
 {
 	private_gcrypt_plugin_t *this;
+	u_char *dummy[1];
 
 #if GCRYPT_VERSION_NUMBER < 0x010600
 	gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
@@ -188,7 +189,7 @@ plugin_t *gcrypt_plugin_create()
 	gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
 
 	/* initialize static allocations we want to exclude from leak-detective */
-	gcry_create_nonce(NULL, 0);
+	gcry_create_nonce(dummy, sizeof(dummy));
 
 	INIT(this,
 		.public = {