X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=crypto%2Fevp%2Fevp_enc.c;h=f705967a40ab92cdf3c2ba8dd6bc19680d6157d6;hb=9587429fa07a34066107e926fbc8708220f058fa;hp=5b3bf3bb2c209571ddc9519ea1c076c3ab766328;hpb=f94cfe6a12964ec5801d5dfb61efdb6d6eebcfa1;p=oweals%2Fopenssl.git

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 5b3bf3bb2c..f705967a40 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -174,7 +174,8 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
 			ctx->cipher_data = NULL;
 			}
 		ctx->key_len = cipher->key_len;
-		ctx->flags = 0;
+		/* Preserve wrap enable flag, zero everything else */
+		ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW;
 		if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT)
 			{
 			if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL))
@@ -197,6 +198,13 @@ skip_to_init:
 	    || ctx->cipher->block_size == 8
 	    || ctx->cipher->block_size == 16);
 
+	if(!(ctx->flags & EVP_CIPHER_CTX_FLAG_WRAP_ALLOW)
+		&& EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_WRAP_MODE)
+		{
+		EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_WRAP_MODE_NOT_ALLOWED);
+		return 0;
+		}
+
 	if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
 		switch(EVP_CIPHER_CTX_mode(ctx)) {
 
@@ -230,6 +238,7 @@ skip_to_init:
 			break;
 		}
 	}
+		
 
 	if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
 		if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;