RT2943: Check sizes if -iv and -K arguments

RT2943 only complains about the incorrect check of -K argument size, we might as well do the same thing with the -iv argument. Before this, we only checked that the given argument wouldn't give a bitstring larger than EVP_MAX_KEY_LENGTH. we can be more precise and check against the size of the actual cipher used. (cherry picked from commit 8920a7cd04) Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-04 17:34:40 +02:00 · 2015-05-04 17:34:40 +02:00 · 4b771121f2
commit 4b771121f2
parent ee827adf04
1 changed files with 9 additions and 4 deletions
--- a/apps/enc.c
+++ b/apps/enc.c
@ -548,9 +548,14 @@ int MAIN(int argc, char **argv)
            else
                OPENSSL_cleanse(str, strlen(str));
        }
-        if ((hiv != NULL) && !set_hex(hiv, iv, sizeof iv)) {
-            BIO_printf(bio_err, "invalid hex iv value\n");
-            goto end;
+        if (hiv != NULL) {
+            int siz = EVP_CIPHER_iv_length(cipher);
+            if (siz == 0) {
+                BIO_printf(bio_err, "warning: iv not use by this cipher\n");
+            } else if (!set_hex(hiv, iv, sizeof iv)) {
+                BIO_printf(bio_err, "invalid hex iv value\n");
+                goto end;
+            }
        }
        if ((hiv == NULL) && (str == NULL)
            && EVP_CIPHER_iv_length(cipher) != 0) {
@ -562,7 +567,7 @@ int MAIN(int argc, char **argv)
            BIO_printf(bio_err, "iv undefined\n");
            goto end;
        }
-        if ((hkey != NULL) && !set_hex(hkey, key, sizeof key)) {
+        if ((hkey != NULL) && !set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {
            BIO_printf(bio_err, "invalid hex key value\n");
            goto end;
        }