From: Dr. Stephen Henson <steve@openssl.org>
Date: Sat, 23 Apr 2016 12:33:05 +0000 (+0100)
Subject: Reject inappropriate private key encryption ciphers.
X-Git-Tag: OpenSSL_1_1_0-pre6~1039
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=d78df5dfd650e6de159a19a033513481064644f5;p=oweals%2Fopenssl.git

Reject inappropriate private key encryption ciphers.

The traditional private key encryption algorithm doesn't function
properly if the IV length of the cipher is zero. These ciphers
(e.g. ECB mode) are not suitable for private key encryption
anyway.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
---

diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index 5e7aa776d9..6ee3b8e049 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -344,7 +344,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
 
     if (enc != NULL) {
         objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
-        if (objstr == NULL) {
+        if (objstr == NULL || EVP_CIPHER_iv_length(enc) == 0) {
             PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
             goto err;
         }