(found by Andy Brown <logic@warthog.com>).
Changes between 0.9.6a and 0.9.6b [XX xxx XXXX]
+ *) When only the key is given to "enc", the IV is undefined. Print out
+ an error message in this case.
+ [Lutz Jaenicke]
+
*) Handle special case when X509_NAME is empty in X509 printing routines.
[Steve Henson]
BIO_printf(bio_err,"invalid hex iv value\n");
goto end;
}
+ if ((hiv == NULL) && (str == NULL))
+ {
+ /* No IV was explicitly set and no IV was generated
+ * during EVP_BytesToKey. Hence the IV is undefined,
+ * making correct decryption impossible. */
+ BIO_printf(bio_err, "iv undefined\n");
+ goto end;
+ }
if ((hkey != NULL) && !set_hex(hkey,key,24))
{
BIO_printf(bio_err,"invalid hex key value\n");
=item B<-K key>
the actual key to use: this must be represented as a string comprised only
-of hex digits.
+of hex digits. If only the key is specified, the IV must additionally specified
+using the B<-iv> option. When both a key and a password are specified, the
+key given with the B<-K> option will be used and the IV generated from the
+password will be taken. It probably does not make much sense to specify
+both key and password.
=item B<-iv IV>
the actual IV to use: this must be represented as a string comprised only
-of hex digits.
+of hex digits. When only the key is specified using the B<-K> option, the
+IV must explicitly be defined. When a password is being specified using
+one of the other options, the IV is generated from this password.
=item B<-p>
projects / oweals / openssl.git / commitdiff