Pass the right length of null bytes when no salt is provided to HKDF (#4036)

This bug looks bad but ends up being benign because HMAC is specified to pad null bytes if a key is too short. So we passed too few bytes and then OpenSSL obligingly padded it out to the correct length. However, we should still do the right thing obviously.
author: Paul Kehrer <paul.l.kehrer@gmail.com> 2017-12-02 00:41:25 +0800
committer: Alex Gaynor <alex.gaynor@gmail.com> 2017-12-01 11:41:25 -0500
commit: 9fa6fb273559d29d471df80942ce066e6e40dfde (patch)
tree: 7108f14bfee1aebafdade8c8282b4f0cee32013d
parent: 4662d44fd3db5078a1882100653a3dbab3e3c7a1 (diff)
download: cryptography-9fa6fb273559d29d471df80942ce066e6e40dfde.tar.gz
cryptography-9fa6fb273559d29d471df80942ce066e6e40dfde.tar.bz2
cryptography-9fa6fb273559d29d471df80942ce066e6e40dfde.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/src/cryptography/hazmat/primitives/kdf/hkdf.py b/src/cryptography/hazmat/primitives/kdf/hkdf.py
index 82ed9b1c..964ac2cc 100644
--- a/src/cryptography/hazmat/primitives/kdf/hkdf.py
+++ b/src/cryptography/hazmat/primitives/kdf/hkdf.py
@@ -30,7 +30,7 @@ class HKDF(object):
             raise TypeError("salt must be bytes.")
 
         if salt is None:
-            salt = b"\x00" * (self._algorithm.digest_size // 8)
+            salt = b"\x00" * self._algorithm.digest_size
 
         self._salt = salt
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2017-12-02 00:41:25 +0800
committer	Alex Gaynor <alex.gaynor@gmail.com>	2017-12-01 11:41:25 -0500
commit	9fa6fb273559d29d471df80942ce066e6e40dfde (patch)
tree	7108f14bfee1aebafdade8c8282b4f0cee32013d
parent	4662d44fd3db5078a1882100653a3dbab3e3c7a1 (diff)
download	cryptography-9fa6fb273559d29d471df80942ce066e6e40dfde.tar.gz cryptography-9fa6fb273559d29d471df80942ce066e6e40dfde.tar.bz2 cryptography-9fa6fb273559d29d471df80942ce066e6e40dfde.zip