[openssl-commits] [openssl] master update

[Richard Levitte]

The branch master has been updated
       via  8920a7cd04f43b1a090d0b0a8c9e16b94c6898d4 (commit)
       via  b256f717f8ea001a03538044d4b0d259cb38d278 (commit)
      from  23b0fa5ab6b6b9f0a9350e24ac5ddb8275802617 (commit)


- Log -----------------------------------------------------------------
commit 8920a7cd04f43b1a090d0b0a8c9e16b94c6898d4
Author: Richard Levitte <levitte at openssl.org>
Date:   Mon May 4 17:34:40 2015 +0200

    RT2943: Check sizes if -iv and -K arguments
    
    RT2943 only complains about the incorrect check of -K argument size,
    we might as well do the same thing with the -iv argument.
    
    Before this, we only checked that the given argument wouldn't give a
    bitstring larger than EVP_MAX_KEY_LENGTH.  we can be more precise and
    check against the size of the actual cipher used.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>

commit b256f717f8ea001a03538044d4b0d259cb38d278
Author: Richard Levitte <levitte at openssl.org>
Date:   Mon May 4 17:33:34 2015 +0200

    Have -K actually take an argument, and correct help text
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 apps/enc.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/apps/enc.c b/apps/enc.c
index 8b892cf..e4d490f 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -113,7 +113,7 @@ OPTIONS enc_options[] = {
     {"bufsize", OPT_BUFSIZE, 's', "Buffer size"},
     {"k", OPT_K, 's', "Passphrase"},
     {"kfile", OPT_KFILE, '<', "Fead passphrase from file"},
-    {"K", OPT_UPPER_K, '-', "Same as -iv"},
+    {"K", OPT_UPPER_K, 's', "Raw key, in hex"},
     {"S", OPT_UPPER_S, 's', "Salt, in hex"},
     {"iv", OPT_IV, 's', "IV in hex"},
     {"md", OPT_MD, 's', "Use specified digest to create key from passphrase"},
@@ -459,9 +459,14 @@ int enc_main(int argc, char **argv)
             else
                 OPENSSL_cleanse(str, strlen(str));
         }
-        if ((hiv != NULL) && !set_hex(hiv, iv, sizeof iv)) {
-            BIO_printf(bio_err, "invalid hex iv value\n");
-            goto end;
+        if (hiv != NULL) {
+            int siz = EVP_CIPHER_iv_length(cipher);
+            if (siz == 0) {
+                BIO_printf(bio_err, "warning: iv not use by this cipher\n");
+            } else if (!set_hex(hiv, iv, sizeof iv)) {
+                BIO_printf(bio_err, "invalid hex iv value\n");
+                goto end;
+            }
         }
         if ((hiv == NULL) && (str == NULL)
             && EVP_CIPHER_iv_length(cipher) != 0) {
@@ -473,7 +478,7 @@ int enc_main(int argc, char **argv)
             BIO_printf(bio_err, "iv undefined\n");
             goto end;
         }
-        if ((hkey != NULL) && !set_hex(hkey, key, sizeof key)) {
+        if ((hkey != NULL) && !set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {
             BIO_printf(bio_err, "invalid hex key value\n");
             goto end;
         }