[openssl-commits] [openssl] OpenSSL_1_0_1-stable update
Dr. Stephen Henson
steve at openssl.org
Wed Apr 27 23:08:45 UTC 2016
The branch OpenSSL_1_0_1-stable has been updated
via 6dfa55ab2fbd9a0f45c3ce088b1dd61800fb03d3 (commit)
from a04d08fc18e3dba21dfce71e55f0decb971f9b91 (commit)
- Log -----------------------------------------------------------------
commit 6dfa55ab2fbd9a0f45c3ce088b1dd61800fb03d3
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sat Apr 23 13:33:05 2016 +0100
Reject inappropriate private key encryption ciphers.
The traditional private key encryption algorithm doesn't function
properly if the IV length of the cipher is zero. These ciphers
(e.g. ECB mode) are not suitable for private key encryption
anyway.
Reviewed-by: Emilia Käsper <emilia at openssl.org>
(cherry picked from commit d78df5dfd650e6de159a19a033513481064644f5)
-----------------------------------------------------------------------
Summary of changes:
crypto/pem/pem_lib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index 5507161..ab45a84 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -344,7 +344,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
if (enc != NULL) {
objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
- if (objstr == NULL) {
+ if (objstr == NULL || EVP_CIPHER_iv_length(enc) == 0) {
PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
goto err;
}
More information about the openssl-commits
mailing list