pkcs12: Treat empty string and no password differently

When deriving the PKCS#12 key, the empty string should result in a
non-zero length Unicode string (two bytes for the 0 terminator).

diff --git a/src/libstrongswan/credentials/containers/pkcs12.c b/src/libstrongswan/credentials/containers/pkcs12.c
index 5e36b3cd4088dd7d553413cb8cfcc4fd9fdcc13d..d7389100773e4017e3edbbd2348c68c3baab08dd 100644 (file)
--- a/src/libstrongswan/credentials/containers/pkcs12.c
+++ b/src/libstrongswan/credentials/containers/pkcs12.c
@@ -157,7 +157,7 @@ bool pkcs12_derive_key(hash_algorithm_t hash, chunk_t password, chunk_t salt,
        bool success;
        int i;
 
-       if (password.len)
+       if (password.ptr)
        {       /* convert the password to UTF-16BE (without BOM) with 0 terminator */
                unicode = chunk_alloca(password.len * 2 + 2);
                for (i = 0; i < password.len; i++)