394f7b6fcc
The NULL cipher case can't actually happen because we have no EVP_PBE_CTL combinations where cipher_nid is -1 and keygen is PKCS12_PBE_keyivgen. But make the code more obviously correct. Reviewed-by: Matt Caswell <matt@openssl.org>