File 0008-gcrypt-Use-a-dummy-buffer-to-initialize-static-alloc.patch of Package strongswan.26527

From 5273906f79040d090949d00c1b0c101435d3a69e Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 3 Nov 2020 12:07:48 +0100
Subject: [PATCH] gcrypt: Use a dummy buffer to initialize static allocations

In FIPS mode, libgcrypt uses a DRBG, which behaves differently when the
length passed to gcry_create_nonce() or gcry_randomize() is <= 0.  It
expects a struct and explicitly checks that the passed pointer is not
NULL.
---
 src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
index 848568f45..f97c57b8f 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
@@ -167,6 +167,7 @@ METHOD(plugin_t, destroy, void,
 plugin_t *gcrypt_plugin_create()
 {
 	private_gcrypt_plugin_t *this;
+	u_char *dummy[1];
 
 #if GCRYPT_VERSION_NUMBER < 0x010600
 	gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
@@ -188,7 +189,7 @@ plugin_t *gcrypt_plugin_create()
 	gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
 
 	/* initialize static allocations we want to exclude from leak-detective */
-	gcry_create_nonce(NULL, 0);
+	gcry_create_nonce(dummy, sizeof(dummy));
 
 	INIT(this,
 		.public = {
-- 
2.26.2