Commit c6a2185c42 for strongswan.org

commit c6a2185c42af39bdbdf353d3cc22289acb704f9d
Author: Tobias Brunner <tobias@strongswan.org>
Date:   Wed Mar 25 10:32:36 2026 +0100

    pkcs5: Fail decryption if data is empty

    This avoids the previous bug early.

diff --git a/src/libstrongswan/crypto/pkcs5.c b/src/libstrongswan/crypto/pkcs5.c
index 4851d3f969..822656f84b 100644
--- a/src/libstrongswan/crypto/pkcs5.c
+++ b/src/libstrongswan/crypto/pkcs5.c
@@ -349,7 +349,7 @@ METHOD(pkcs5_t, decrypt, bool,
 	chunk_t keymat, key, iv;
 	derive_t kdf;

-	if (!ensure_crypto_primitives(this, data) || !decrypted)
+	if (!data.len || !ensure_crypto_primitives(this, data) || !decrypted)
 	{
 		return FALSE;
 	}