[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Richard Levitte levitte at openssl.org
Mon May 4 19:18:31 UTC 2015 

The branch OpenSSL_1_0_2-stable has been updated
       via  3cf40601b7d164ab48addbb0456d7aa59fa38c88 (commit)
      from  82e586a90b18fa91fb2756af4c36cc70ff097f6d (commit)


- Log -----------------------------------------------------------------
commit 3cf40601b7d164ab48addbb0456d7aa59fa38c88
Author: Richard Levitte <levitte at openssl.org>
Date:   Mon May 4 17:34:40 2015 +0200

    RT2943: Check sizes if -iv and -K arguments
    
    RT2943 only complains about the incorrect check of -K argument size,
    we might as well do the same thing with the -iv argument.
    
    Before this, we only checked that the given argument wouldn't give a
    bitstring larger than EVP_MAX_KEY_LENGTH.  we can be more precise and
    check against the size of the actual cipher used.
    
    (cherry picked from commit 8920a7cd04f43b1a090d0b0a8c9e16b94c6898d4)
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 apps/enc.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/apps/enc.c b/apps/enc.c
index 5c2cf7a..7b7c70b 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -548,9 +548,14 @@ int MAIN(int argc, char **argv)
             else
                 OPENSSL_cleanse(str, strlen(str));
         }
-        if ((hiv != NULL) && !set_hex(hiv, iv, sizeof iv)) {
-            BIO_printf(bio_err, "invalid hex iv value\n");
-            goto end;
+        if (hiv != NULL) {
+            int siz = EVP_CIPHER_iv_length(cipher);
+            if (siz == 0) {
+                BIO_printf(bio_err, "warning: iv not use by this cipher\n");
+            } else if (!set_hex(hiv, iv, sizeof iv)) {
+                BIO_printf(bio_err, "invalid hex iv value\n");
+                goto end;
+            }
         }
         if ((hiv == NULL) && (str == NULL)
             && EVP_CIPHER_iv_length(cipher) != 0) {
@@ -562,7 +567,7 @@ int MAIN(int argc, char **argv)
             BIO_printf(bio_err, "iv undefined\n");
             goto end;
         }
-        if ((hkey != NULL) && !set_hex(hkey, key, sizeof key)) {
+        if ((hkey != NULL) && !set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {
             BIO_printf(bio_err, "invalid hex key value\n");
             goto end;
         }

More information about the openssl-commits mailing list