Skip to content

Commit

Permalink
support empty pbkdf2 password on openssl 1.0.2
Browse files Browse the repository at this point in the history
  • Loading branch information
@qmuntal
qmuntal committed Aug 10, 2023
1 parent ac27194 commit 7801840
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions pbkdf2.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,11 @@ func PBKDF2(password, salt []byte, iter, keyLen int, h func() hash.Hash) ([]byte
if md == nil {
return nil, errors.New("unsupported hash function")
}
if len(password) == 0 && vMajor == 1 && vMinor == 0 {
// x/crypto/pbkdf2 supports empty passwords, but OpenSSL 1.0.2
// does not. As a workaround, we pass an "empty" password.
password = make([]byte, C.GO_EVP_MAX_MD_SIZE)
}
out := make([]byte, keyLen)
ok := C.go_openssl_PKCS5_PBKDF2_HMAC(sbase(password), C.int(len(password)), base(salt), C.int(len(salt)), C.int(iter), md, C.int(keyLen), base(out))
if ok != 1 {
Expand Down

0 comments on commit 7801840

Please sign in to comment.