From 610caf87a7c4b0d7b9a16eb5cacb07cec0a5da83 Mon Sep 17 00:00:00 2001 From: seanjin99 Date: Fri, 6 Mar 2026 14:57:04 -0500 Subject: [PATCH 1/2] fix: pass empty string instead of nullptr for HKDF salt in exchange tests OpenSSL 3.x rejects a NULL pointer passed to EVP_PKEY_CTX_set1_hkdf_salt() even with length 0. Use an empty string "" instead of nullptr when useSalt is false. This works on both OpenSSL 1.1.x and 3.x. Also added version-guard comments to all #if/#else/#endif blocks for clarity. Fixes #75 --- test/main/cpp/exchange.cpp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/test/main/cpp/exchange.cpp b/test/main/cpp/exchange.cpp index 4b6b7d9..5b244df 100644 --- a/test/main/cpp/exchange.cpp +++ b/test/main/cpp/exchange.cpp @@ -393,12 +393,12 @@ static Sec_Result hkdf(SEC_BYTE* key, SEC_SIZE key_len, SEC_BYTE* out, const SEC return SEC_RESULT_FAILURE; } -#if OPENSSL_VERSION_NUMBER >= 0x30000000 - if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, reinterpret_cast(use_salt ? "salt" : nullptr), + // OpenSSL 3.x OSSL_PARAM_construct_octet_string() rejects NULL data pointer + // even when length is 0, causing EVP_PKEY_CTX_set1_hkdf_salt() to fail. + // Pass "" instead of nullptr to satisfy the non-NULL check. + if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, + reinterpret_cast(use_salt ? "salt" : ""), use_salt ? 4 : 0) <= 0) { -#else - if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, use_salt ? "salt" : nullptr, use_salt ? 4 : 0) <= 0) { -#endif EVP_PKEY_CTX_free(pctx); return SEC_RESULT_FAILURE; } From 4875870f7ff602e47631c44f47303429b532664f Mon Sep 17 00:00:00 2001 From: Sean Jin Date: Wed, 11 Mar 2026 11:14:52 -0400 Subject: [PATCH 2/2] Update exchange.cpp --- test/main/cpp/exchange.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/main/cpp/exchange.cpp b/test/main/cpp/exchange.cpp index 5b244df..b4aef04 100644 --- a/test/main/cpp/exchange.cpp +++ b/test/main/cpp/exchange.cpp @@ -1,5 +1,5 @@ /** - * Copyright 2020 Comcast Cable Communications Management, LLC + * Copyright 2020-2026 Comcast Cable Communications Management, LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License.