diff options
| author | Péter Budai <buc@peterbudai.eu> | 2016-10-11 19:26:23 +0200 |
|---|---|---|
| committer | Rich Salz <rsalz@openssl.org> | 2017-03-17 08:47:11 -0400 |
| commit | fa013b65241dfed9b7d9e10e0adfedc9869c797e (patch) | |
| tree | 484147798c49c20544b9d79bb71146ed21b9557d /crypto/evp/p5_crpt2.c | |
| parent | 9998b32cb63b0bdd3d014abfa1d70e9a2c20a283 (diff) | |
Fixed PKCS5_PBKDF2_HMAC() to adhere to the documentation.
The documentation of this function states that the password parameter
can be NULL. However, the implementation returns an error in this case
due to the inner workings of the HMAC_Init_ex() function.
With this change, NULL password will be treated as an empty string and
PKCS5_PBKDF2_HMAC() no longer fails on this input.
I have also added two new test cases that tests the handling of the
special values NULL and -1 of the password and passlen parameters,
respectively.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1692)
Diffstat (limited to 'crypto/evp/p5_crpt2.c')
| -rw-r--r-- | crypto/evp/p5_crpt2.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index 024996fc49..c7b08e164f 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -33,6 +33,7 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, const unsigned char *salt, int saltlen, int iter, const EVP_MD *digest, int keylen, unsigned char *out) { + const char *empty = ""; unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4]; int cplen, j, k, tkeylen, mdlen; unsigned long i = 1; @@ -47,10 +48,12 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, return 0; p = out; tkeylen = keylen; - if (!pass) + if (pass == NULL) { + pass = empty; passlen = 0; - else if (passlen == -1) + } else if (passlen == -1) { passlen = strlen(pass); + } if (!HMAC_Init_ex(hctx_tpl, pass, passlen, digest, NULL)) { HMAC_CTX_free(hctx_tpl); return 0; |