scrypt: fix panic on parameters <= 0

Providing 0 as argument for r or p results in a panic:
panic: runtime error: integer divide by zero

Providing negative values for r or p returns a misleading error:
scrypt: parameters are too large

This change avoids the panic and introduces a new error
that is returned when r or p are <= 0:
scrypt: parameters must be > 0

Change-Id: I68987b27d1eedd66644d2ec9436cba364fc1d46d
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/731780
Reviewed-by: Michael Pratt <mpratt@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>

1 files changed, 3 insertions, 0 deletions

diff --git a/scrypt/scrypt.go b/scrypt/scrypt.go
index 76fa40f..b422b7d 100644
--- a/scrypt/scrypt.go
+++ b/scrypt/scrypt.go
@@ -196,6 +196,9 @@ func Key(password, salt []byte, N, r, p, keyLen int) ([]byte, error) {
 	if N <= 1 || N&(N-1) != 0 {
 		return nil, errors.New("scrypt: N must be > 1 and a power of 2")
 	}
+	if r <= 0 || p <= 0 {
+		return nil, errors.New("scrypt: parameters must be > 0")
+	}
 	if uint64(r)*uint64(p) >= 1<<30 || r > maxInt/128/p || r > maxInt/256 || N > maxInt/128/r {
 		return nil, errors.New("scrypt: parameters are too large")
 	}