File 0008-gcrypt-Use-a-dummy-buffer-to-initialize-static-alloc.patch of Package strongswan.26527
From 5273906f79040d090949d00c1b0c101435d3a69e Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 3 Nov 2020 12:07:48 +0100
Subject: [PATCH] gcrypt: Use a dummy buffer to initialize static allocations
In FIPS mode, libgcrypt uses a DRBG, which behaves differently when the
length passed to gcry_create_nonce() or gcry_randomize() is <= 0. It
expects a struct and explicitly checks that the passed pointer is not
NULL.
---
src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
index 848568f45..f97c57b8f 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
@@ -167,6 +167,7 @@ METHOD(plugin_t, destroy, void,
plugin_t *gcrypt_plugin_create()
{
private_gcrypt_plugin_t *this;
+ u_char *dummy[1];
#if GCRYPT_VERSION_NUMBER < 0x010600
gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
@@ -188,7 +189,7 @@ plugin_t *gcrypt_plugin_create()
gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
/* initialize static allocations we want to exclude from leak-detective */
- gcry_create_nonce(NULL, 0);
+ gcry_create_nonce(dummy, sizeof(dummy));
INIT(this,
.public = {
--
2.26.2