Commit 3cf40601 authored by Richard Levitte's avatar Richard Levitte
Browse files

RT2943: Check sizes if -iv and -K arguments 



RT2943 only complains about the incorrect check of -K argument size,
we might as well do the same thing with the -iv argument.

Before this, we only checked that the given argument wouldn't give a
bitstring larger than EVP_MAX_KEY_LENGTH.  we can be more precise and
check against the size of the actual cipher used.

(cherry picked from commit 8920a7cd)

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent 82e586a9

apps/enc.c

+9 −4
Original line number Diff line number Diff line
@@ -548,10 +548,15 @@ int MAIN(int argc, char **argv) 
            else

                OPENSSL_cleanse(str, strlen(str));

        }

        if ((hiv != NULL) && !set_hex(hiv, iv, sizeof iv)) {

        if (hiv != NULL) {

            int siz = EVP_CIPHER_iv_length(cipher);

            if (siz == 0) {

                BIO_printf(bio_err, "warning: iv not use by this cipher\n");

            } else if (!set_hex(hiv, iv, sizeof iv)) {

                BIO_printf(bio_err, "invalid hex iv value\n");

                goto end;

            }

        }

        if ((hiv == NULL) && (str == NULL)

            && EVP_CIPHER_iv_length(cipher) != 0) {

            /*
@@ -562,7 +567,7 @@ int MAIN(int argc, char **argv) 
            BIO_printf(bio_err, "iv undefined\n");

            goto end;

        }

        if ((hkey != NULL) && !set_hex(hkey, key, sizeof key)) {

        if ((hkey != NULL) && !set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {

            BIO_printf(bio_err, "invalid hex key value\n");

            goto end;

        }