From c6ebb7bf5523f3a0a55ebbe18d0cad5a58109c79 Mon Sep 17 00:00:00 2001 From: Timothy Flynn Date: Wed, 16 Jul 2025 07:04:15 -0400 Subject: [PATCH] Meta+LibCrypto: Update openssl to version 3.5.1 This contains an API change that disallows setting the salt to a null value. See: https://github.com/openssl/openssl/commit/4f5ffddfcbd9279f5b0156b06987f12e19df464c This seems to be the opposite of the intended effect of that change, but this patch includes a workaround nonetheless. Co-Authored-By: devgianlu --- Libraries/LibCrypto/Hash/HKDF.cpp | 10 +++++++++- vcpkg.json | 2 +- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/Libraries/LibCrypto/Hash/HKDF.cpp b/Libraries/LibCrypto/Hash/HKDF.cpp index c3c9df2b67d..b6cafbdf7b6 100644 --- a/Libraries/LibCrypto/Hash/HKDF.cpp +++ b/Libraries/LibCrypto/Hash/HKDF.cpp @@ -32,8 +32,16 @@ ErrorOr HKDF::derive_key(Optional maybe_salt, Readonl OSSL_PARAM_END, OSSL_PARAM_END, }; + if (maybe_salt.has_value()) { - params[3] = OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SALT, const_cast(maybe_salt->data()), maybe_salt->size()); + static constexpr u8 empty_salt[0] {}; + + // FIXME: As of openssl 3.5.1, we can no longer pass a null salt pointer. This seems like a mistake; we should + // check if this is still the case in the next openssl release. See: + // https://github.com/openssl/openssl/pull/27305#discussion_r2198316685 + auto salt = maybe_salt->is_null() ? ReadonlySpan { empty_salt, 0 } : *maybe_salt; + + params[3] = OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SALT, const_cast(salt.data()), salt.size()); } auto buf = TRY(ByteBuffer::create_uninitialized(key_length_bytes)); diff --git a/vcpkg.json b/vcpkg.json index 26dfb902f61..d5a2d226a71 100644 --- a/vcpkg.json +++ b/vcpkg.json @@ -239,7 +239,7 @@ }, { "name": "openssl", - "version": "3.5.0#1" + "version": "3.5.1#0" }, { "name": "qtbase",