[openssl-commits] [openssl] master update

Dr. Stephen Henson steve at openssl.org
Wed Apr 27 23:05:40 UTC 2016


The branch master has been updated
       via  d78df5dfd650e6de159a19a033513481064644f5 (commit)
      from  4a397f5168d41ef4417f1430f2f5133b92f145b8 (commit)


- Log -----------------------------------------------------------------
commit d78df5dfd650e6de159a19a033513481064644f5
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Sat Apr 23 13:33:05 2016 +0100

    Reject inappropriate private key encryption ciphers.
    
    The traditional private key encryption algorithm doesn't function
    properly if the IV length of the cipher is zero. These ciphers
    (e.g. ECB mode) are not suitable for private key encryption
    anyway.
    
    Reviewed-by: Emilia Käsper <emilia at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 crypto/pem/pem_lib.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index 5e7aa77..6ee3b8e 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -344,7 +344,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
 
     if (enc != NULL) {
         objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
-        if (objstr == NULL) {
+        if (objstr == NULL || EVP_CIPHER_iv_length(enc) == 0) {
             PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
             goto err;
         }


More information about the openssl-commits mailing list