Allow PBKDF2 key derivation using an empty password.

content/child/webcrypto/openssl/pbkdf2_openssl.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/child/webcrypto/algorithm_implementation.h"
 #include "content/child/webcrypto/crypto_data.h"
 #include "content/child/webcrypto/openssl/key_openssl.h"
 #include "content/child/webcrypto/openssl/util_openssl.h"
 #include "content/child/webcrypto/status.h"
 #include "content/child/webcrypto/webcrypto_util.h"
@@ skipping 57 matching lines @@
     const EVP_MD* digest_algorithm = GetDigest(hash.id());
     if (!digest_algorithm)
       return Status::ErrorUnsupported();
 
     unsigned int keylen_bytes = optional_length_bits / 8;
     derived_bytes->resize(keylen_bytes);
 
     const std::vector<uint8_t>& password =
         SymKeyOpenSsl::Cast(base_key)->raw_key_data();
 
-    // TODO(xun.sun): Empty password would derive random keys with
-    // PKCS5_PBKDF2_HMAC().
-    // https://code.google.com/p/chromium/issues/detail?id=449409
-    //
-    // Rejecting them until it is addressed in BoringSSL.
-    if (password.empty())
-      return Status::ErrorPbkdf2EmptyPassword();
-
     if (keylen_bytes == 0)
       return Status::Success();
 
     const char* password_ptr =
         password.empty() ? NULL : reinterpret_cast<const char*>(&password[0]);
 
     if (!PKCS5_PBKDF2_HMAC(password_ptr, password.size(), params->salt().data(),
                            params->salt().size(), params->iterations(),
                            digest_algorithm, keylen_bytes,
                            &derived_bytes->front())) {
@@ skipping 29 matching lines @@
 
 }  // namespace
 
 AlgorithmImplementation* CreatePlatformPbkdf2Implementation() {
   return new Pbkdf2Implementation;
 }
 
 }  // namespace webcrypto
 
 }  // namespace content