Commit 6dfa55ab authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Reject inappropriate private key encryption ciphers. 



The traditional private key encryption algorithm doesn't function
properly if the IV length of the cipher is zero. These ciphers
(e.g. ECB mode) are not suitable for private key encryption
anyway.

Reviewed-by: default avatarEmilia Käsper <emilia@openssl.org>
(cherry picked from commit d78df5df)
parent a04d08fc

crypto/pem/pem_lib.c

+1 −1
Original line number Diff line number Diff line
@@ -344,7 +344,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, 


    if (enc != NULL) {

        objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));

        if (objstr == NULL) {

        if (objstr == NULL || EVP_CIPHER_iv_length(enc) == 0) {

            PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);

            goto err;

        }