Skip to content

Commit

Permalink
Generates a random salt only when (#4350)
Browse files Browse the repository at this point in the history
RAND_priv_bytes is available,
since OpenSSL 1.1.1
  • Loading branch information
emasab authored Jul 12, 2023
1 parent c23adb9 commit e75de5b
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 2 deletions.
5 changes: 4 additions & 1 deletion src/rdkafka.h
Original file line number Diff line number Diff line change
Expand Up @@ -8736,7 +8736,7 @@ typedef struct rd_kafka_UserScramCredentialAlteration_s
/**
* @brief Allocates a new UserScramCredentialUpsertion given its fields.
* If salt isn't given a 64 B salt is generated using OpenSSL
* RAND_bytes, if available.
* RAND_priv_bytes, if available.
*
* @param username The username (not empty).
* @param mechanism SASL/SCRAM mechanism.
Expand All @@ -8746,6 +8746,9 @@ typedef struct rd_kafka_UserScramCredentialAlteration_s
* @param salt Salt bytes (optional).
* @param salt_size Size of \p salt (optional).
*
* @remark A random salt is generated, when NULL, only if OpenSSL >= 1.1.1.
* Otherwise it's a required param.
*
* @return A newly created instance of rd_kafka_UserScramCredentialAlteration_t.
* Ownership belongs to the caller, use
* rd_kafka_UserScramCredentialAlteration_destroy to destroy.
Expand Down
2 changes: 1 addition & 1 deletion src/rdkafka_admin.c
Original file line number Diff line number Diff line change
Expand Up @@ -5426,7 +5426,7 @@ rd_kafka_UserScramCredentialUpsertion_new(const char *username,
alteration->alteration.upsertion.salt =
rd_kafkap_bytes_new(salt, salt_size);
} else {
#if WITH_SSL
#if WITH_SSL && OPENSSL_VERSION_NUMBER >= 0x10101000L
unsigned char random_salt[64];
if (RAND_priv_bytes(random_salt, sizeof(random_salt)) == 1) {
alteration->alteration.upsertion.salt =
Expand Down

0 comments on commit e75de5b

Please sign in to comment.