Skip to content

scrypt: maxmem ignored when N >= 65536**r #10003

Description

@bnoordhuis

Originally reported at nodejs/node#29686 against openssl 1.1.1c.

EVP_PBE_scrypt() does not seem to respect the maxmem parameter under certain conditions. The bug report mentions N=2**18, p=8, r=1.

To my understanding, the canonical scrypt algorithm's memory usage is roughly 128*N*p*r. Thus, the parameters should work when e.g maxmem=300 * 2**20 because 128 * 2**18 * 8 * 1 equals 256 * 2**20.

Instead however they are rejected with EVP_R_MEMORY_LIMIT_EXCEEDED because of this check:

if (16 * r <= LOG2_UINT64_MAX) {
if (N >= (((uint64_t)1) << (16 * r))) {
EVPerr(EVP_F_SCRYPT_ALG, EVP_R_MEMORY_LIMIT_EXCEEDED);
return 0;
}
}

I'm unsure whether this is intentional or an oversight, hence why I'm filing this issue. If this is intentional, a note in the man page might be good.

My apologies if it's been discussed before. I searched the bug tracker and openssl-users@ but came up empty-handed.

Metadata

Metadata

Assignees

No one assigned

    Labels

    issue: bug reportThe issue was opened to report a bug

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions