Commit 8920a7cd authored by Richard Levitte's avatar Richard Levitte
Browse files

RT2943: Check sizes if -iv and -K arguments 



RT2943 only complains about the incorrect check of -K argument size,
we might as well do the same thing with the -iv argument.

Before this, we only checked that the given argument wouldn't give a
bitstring larger than EVP_MAX_KEY_LENGTH.  we can be more precise and
check against the size of the actual cipher used.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent b256f717

apps/enc.c

+9 −4
Original line number Diff line number Diff line
@@ -459,10 +459,15 @@ int enc_main(int argc, char **argv) 
            else

                OPENSSL_cleanse(str, strlen(str));

        }

        if ((hiv != NULL) && !set_hex(hiv, iv, sizeof iv)) {

        if (hiv != NULL) {

            int siz = EVP_CIPHER_iv_length(cipher);

            if (siz == 0) {

                BIO_printf(bio_err, "warning: iv not use by this cipher\n");

            } else if (!set_hex(hiv, iv, sizeof iv)) {

                BIO_printf(bio_err, "invalid hex iv value\n");

                goto end;

            }

        }

        if ((hiv == NULL) && (str == NULL)

            && EVP_CIPHER_iv_length(cipher) != 0) {

            /*
@@ -473,7 +478,7 @@ int enc_main(int argc, char **argv) 
            BIO_printf(bio_err, "iv undefined\n");

            goto end;

        }

        if ((hkey != NULL) && !set_hex(hkey, key, sizeof key)) {

        if ((hkey != NULL) && !set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {

            BIO_printf(bio_err, "invalid hex key value\n");

            goto end;

        }