Originally reported at nodejs/node#29686 against openssl 1.1.1c.
EVP_PBE_scrypt() does not seem to respect the maxmem parameter under certain conditions. The bug report mentions N=2**18, p=8, r=1.
To my understanding, the canonical scrypt algorithm's memory usage is roughly 128*N*p*r. Thus, the parameters should work when e.g maxmem=300 * 2**20 because 128 * 2**18 * 8 * 1 equals 256 * 2**20.
Instead however they are rejected with EVP_R_MEMORY_LIMIT_EXCEEDED because of this check:
|
if (16 * r <= LOG2_UINT64_MAX) { |
|
if (N >= (((uint64_t)1) << (16 * r))) { |
|
EVPerr(EVP_F_SCRYPT_ALG, EVP_R_MEMORY_LIMIT_EXCEEDED); |
|
return 0; |
|
} |
|
} |
I'm unsure whether this is intentional or an oversight, hence why I'm filing this issue. If this is intentional, a note in the man page might be good.
My apologies if it's been discussed before. I searched the bug tracker and openssl-users@ but came up empty-handed.
Originally reported at nodejs/node#29686 against openssl 1.1.1c.
EVP_PBE_scrypt()does not seem to respect themaxmemparameter under certain conditions. The bug report mentionsN=2**18, p=8, r=1.To my understanding, the canonical scrypt algorithm's memory usage is roughly
128*N*p*r. Thus, the parameters should work when e.gmaxmem=300 * 2**20because128 * 2**18 * 8 * 1equals256 * 2**20.Instead however they are rejected with
EVP_R_MEMORY_LIMIT_EXCEEDEDbecause of this check:openssl/providers/default/kdfs/scrypt.c
Lines 382 to 387 in 7c2a981
I'm unsure whether this is intentional or an oversight, hence why I'm filing this issue. If this is intentional, a note in the man page might be good.
My apologies if it's been discussed before. I searched the bug tracker and openssl-users@ but came up empty-handed.