From e75de5be191b6b8e9602efc969f4af64071550de Mon Sep 17 00:00:00 2001 From: Emanuele Sabellico Date: Wed, 12 Jul 2023 11:03:32 +0200 Subject: [PATCH] Generates a random salt only when (#4350) RAND_priv_bytes is available, since OpenSSL 1.1.1 --- src/rdkafka.h | 5 ++++- src/rdkafka_admin.c | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/rdkafka.h b/src/rdkafka.h index 2065e72533..b24a9917f9 100644 --- a/src/rdkafka.h +++ b/src/rdkafka.h @@ -8736,7 +8736,7 @@ typedef struct rd_kafka_UserScramCredentialAlteration_s /** * @brief Allocates a new UserScramCredentialUpsertion given its fields. * If salt isn't given a 64 B salt is generated using OpenSSL - * RAND_bytes, if available. + * RAND_priv_bytes, if available. * * @param username The username (not empty). * @param mechanism SASL/SCRAM mechanism. @@ -8746,6 +8746,9 @@ typedef struct rd_kafka_UserScramCredentialAlteration_s * @param salt Salt bytes (optional). * @param salt_size Size of \p salt (optional). * + * @remark A random salt is generated, when NULL, only if OpenSSL >= 1.1.1. + * Otherwise it's a required param. + * * @return A newly created instance of rd_kafka_UserScramCredentialAlteration_t. * Ownership belongs to the caller, use * rd_kafka_UserScramCredentialAlteration_destroy to destroy. diff --git a/src/rdkafka_admin.c b/src/rdkafka_admin.c index dfa38e55d0..8628dd14c3 100644 --- a/src/rdkafka_admin.c +++ b/src/rdkafka_admin.c @@ -5426,7 +5426,7 @@ rd_kafka_UserScramCredentialUpsertion_new(const char *username, alteration->alteration.upsertion.salt = rd_kafkap_bytes_new(salt, salt_size); } else { -#if WITH_SSL +#if WITH_SSL && OPENSSL_VERSION_NUMBER >= 0x10101000L unsigned char random_salt[64]; if (RAND_priv_bytes(random_salt, sizeof(random_salt)) == 1) { alteration->alteration.upsertion.salt =