Pass the right length of null bytes when no salt is provided to HKDF (#4036) This bug looks bad but ends up being benign because HMAC is specified to pad null bytes if a key is too short. So we passed too few bytes and then OpenSSL obligingly padded it out to the correct length. However, we should still do the right thing obviously.

commit: 9fa6fb273559d29d471df80942ce066e6e40dfde [log] [tgz]
author: Paul Kehrer <paul.l.kehrer@gmail.com> Sat Dec 02 00:41:25 2017 +0800
committer: Alex Gaynor <alex.gaynor@gmail.com> Fri Dec 01 11:41:25 2017 -0500
tree: 7108f14bfee1aebafdade8c8282b4f0cee32013d
parent: 4662d44fd3db5078a1882100653a3dbab3e3c7a1 [diff]
diff --git a/src/cryptography/hazmat/primitives/kdf/hkdf.py b/src/cryptography/hazmat/primitives/kdf/hkdf.py
index 82ed9b1..964ac2c 100644
--- a/src/cryptography/hazmat/primitives/kdf/hkdf.py
+++ b/src/cryptography/hazmat/primitives/kdf/hkdf.py

@@ -30,7 +30,7 @@
             raise TypeError("salt must be bytes.")
 
         if salt is None:
-            salt = b"\x00" * (self._algorithm.digest_size // 8)
+            salt = b"\x00" * self._algorithm.digest_size
 
         self._salt = salt
commit	9fa6fb273559d29d471df80942ce066e6e40dfde	[log] [tgz]
author	Paul Kehrer <paul.l.kehrer@gmail.com>	Sat Dec 02 00:41:25 2017 +0800
committer	Alex Gaynor <alex.gaynor@gmail.com>	Fri Dec 01 11:41:25 2017 -0500
tree	7108f14bfee1aebafdade8c8282b4f0cee32013d
parent	4662d44fd3db5078a1882100653a3dbab3e3c7a1 [diff]