Meta+LibCrypto: Update openssl to version 3.5.1

This contains an API change that disallows setting the salt to a null value. See: 4f5ffddfcb This seems to be the opposite of the intended effect of that change, but this patch includes a workaround nonetheless. Co-Authored-By: devgianlu <altomanigianluca@gmail.com>
2025-12-06 00:19:53 +01:00 · 2025-07-16 07:04:15 -04:00 · 2025-07-16 07:04:15 -04:00 · c6ebb7bf55
commit c6ebb7bf55
parent 2d121097c9
2 changed files with 10 additions and 2 deletions
--- a/Libraries/LibCrypto/Hash/HKDF.cpp
+++ b/Libraries/LibCrypto/Hash/HKDF.cpp
@ -32,8 +32,16 @@ ErrorOr<ByteBuffer> HKDF::derive_key(Optional<ReadonlyBytes> maybe_salt, Readonl
        OSSL_PARAM_END,
        OSSL_PARAM_END,
    };
+
    if (maybe_salt.has_value()) {
-        params[3] = OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SALT, const_cast<u8*>(maybe_salt->data()), maybe_salt->size());
+        static constexpr u8 empty_salt[0] {};
+
+        // FIXME: As of openssl 3.5.1, we can no longer pass a null salt pointer. This seems like a mistake; we should
+        //        check if this is still the case in the next openssl release. See:
+        //        https://github.com/openssl/openssl/pull/27305#discussion_r2198316685
+        auto salt = maybe_salt->is_null() ? ReadonlySpan<u8> { empty_salt, 0 } : *maybe_salt;
+
+        params[3] = OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SALT, const_cast<u8*>(salt.data()), salt.size());
    }

    auto buf = TRY(ByteBuffer::create_uninitialized(key_length_bytes));
--- a/vcpkg.json
+++ b/vcpkg.json
@ -239,7 +239,7 @@
    },
    {
      "name": "openssl",
-      "version": "3.5.0#1"
+      "version": "3.5.1#0"
    },
    {
      "name": "qtbase",