From: Richard Levitte Date: Mon, 4 May 2015 15:34:40 +0000 (+0200) Subject: RT2943: Check sizes if -iv and -K arguments X-Git-Tag: OpenSSL_1_0_1n~72 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=4b771121f2b657f50e8c7a27e9fab0bb043f91bc;p=oweals%2Fopenssl.git RT2943: Check sizes if -iv and -K arguments RT2943 only complains about the incorrect check of -K argument size, we might as well do the same thing with the -iv argument. Before this, we only checked that the given argument wouldn't give a bitstring larger than EVP_MAX_KEY_LENGTH. we can be more precise and check against the size of the actual cipher used. (cherry picked from commit 8920a7cd04f43b1a090d0b0a8c9e16b94c6898d4) Reviewed-by: Rich Salz --- diff --git a/apps/enc.c b/apps/enc.c index 5c2cf7a4ac..7b7c70b132 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -548,9 +548,14 @@ int MAIN(int argc, char **argv) else OPENSSL_cleanse(str, strlen(str)); } - if ((hiv != NULL) && !set_hex(hiv, iv, sizeof iv)) { - BIO_printf(bio_err, "invalid hex iv value\n"); - goto end; + if (hiv != NULL) { + int siz = EVP_CIPHER_iv_length(cipher); + if (siz == 0) { + BIO_printf(bio_err, "warning: iv not use by this cipher\n"); + } else if (!set_hex(hiv, iv, sizeof iv)) { + BIO_printf(bio_err, "invalid hex iv value\n"); + goto end; + } } if ((hiv == NULL) && (str == NULL) && EVP_CIPHER_iv_length(cipher) != 0) { @@ -562,7 +567,7 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "iv undefined\n"); goto end; } - if ((hkey != NULL) && !set_hex(hkey, key, sizeof key)) { + if ((hkey != NULL) && !set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) { BIO_printf(bio_err, "invalid hex key value\n"); goto end; }