1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
From 43b805b2daed48bdf835ca8eeb87b9b71a42781f Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 11 Jul 2025 11:42:47 +0200
Subject: [PATCH] openssl: Don't allocate salt if PRF/hash is unknown
This can happen if e.g. AES-XCBC is selected.
Fixes: 2dbeecfc029b ("openssl: Fix testing KDF_PRF in the constructor with OpenSSL 3.5.1")
---
src/libstrongswan/plugins/openssl/openssl_kdf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/libstrongswan/plugins/openssl/openssl_kdf.c b/src/libstrongswan/plugins/openssl/openssl_kdf.c
index e1b67c920d..4611a38824 100644
--- a/src/libstrongswan/plugins/openssl/openssl_kdf.c
+++ b/src/libstrongswan/plugins/openssl/openssl_kdf.c
@@ -203,7 +203,7 @@ kdf_t *openssl_kdf_create(key_derivation_function_t algo, va_list args)
/* also generate a salt (as if none was provided, i.e. zeroes of hash length)
* as OpenSSL 3.5.1+ won't accept NULL anymore */
- if (algo == KDF_PRF)
+ if (algo == KDF_PRF && this->hasher)
{
this->salt = chunk_copy_pad(chunk_alloc(get_length(this)),
chunk_empty, 0);
--
2.50.1
|
