EVP_PBE_scrypt() handles salt=NULL as salt=""
authorVictor Stinner <vstinner@redhat.com>
Thu, 14 Mar 2019 14:23:04 +0000 (15:23 +0100)
committerPauli <paul.dale@oracle.com>
Sun, 17 Mar 2019 09:27:37 +0000 (19:27 +1000)
Modify EVP_PBE_scrypt() to maintain OpenSSL 1.1.1 behavior: salt=NULL
is now handled as salt="" (and saltlen=0).

Commit 5a285addbf39f91d567f95f04b2b41764127950d changed the behavior
of EVP_PBE_scrypt(salt=NULL). Previously, salt=NULL was accepted, but
the function now fails with KDF_R_MISSING_SALT.

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8483)

crypto/evp/pbe_scrypt.c

index cad0440..c0ab238 100644 (file)
@@ -52,6 +52,10 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
         pass = empty;
         passlen = 0;
     }
+    if (salt == NULL) {
+        salt = (const unsigned char *)empty;
+        saltlen = 0;
+    }
     if (maxmem == 0)
         maxmem = SCRYPT_MAX_MEM;