468,471c468
< 		/* Note that str is NULL if a key was passed on the command
< 		 * line, so we get no salt in that case. Is this a bug?
< 		 */
< 		if (str != NULL)
---
> 		if (str != NULL || !nosalt)
513c510,511
< 			EVP_BytesToKey(cipher,dgst,sptr,
---
> 			if (str) {
> 				EVP_BytesToKey(cipher,dgst,sptr,
520,523c518,522
< 			if (str == strbuf)
< 				OPENSSL_cleanse(str,SIZE);
< 			else
< 				OPENSSL_cleanse(str,strlen(str));
---
> 				if (str == strbuf)
> 					OPENSSL_cleanse(str,SIZE);
> 				else
> 					OPENSSL_cleanse(str,strlen(str));
> 				}