RT2943: Check sizes if -iv and -K arguments
RT2943 only complains about the incorrect check of -K argument size, we might as well do the same thing with the -iv argument. Before this, we only checked that the given argument wouldn't give a bitstring larger than EVP_MAX_KEY_LENGTH. we can be more precise and check against the size of the actual cipher used. Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
parent
b256f717f8
commit
8920a7cd04
13
apps/enc.c
13
apps/enc.c
@ -459,9 +459,14 @@ int enc_main(int argc, char **argv)
|
|||||||
else
|
else
|
||||||
OPENSSL_cleanse(str, strlen(str));
|
OPENSSL_cleanse(str, strlen(str));
|
||||||
}
|
}
|
||||||
if ((hiv != NULL) && !set_hex(hiv, iv, sizeof iv)) {
|
if (hiv != NULL) {
|
||||||
BIO_printf(bio_err, "invalid hex iv value\n");
|
int siz = EVP_CIPHER_iv_length(cipher);
|
||||||
goto end;
|
if (siz == 0) {
|
||||||
|
BIO_printf(bio_err, "warning: iv not use by this cipher\n");
|
||||||
|
} else if (!set_hex(hiv, iv, sizeof iv)) {
|
||||||
|
BIO_printf(bio_err, "invalid hex iv value\n");
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if ((hiv == NULL) && (str == NULL)
|
if ((hiv == NULL) && (str == NULL)
|
||||||
&& EVP_CIPHER_iv_length(cipher) != 0) {
|
&& EVP_CIPHER_iv_length(cipher) != 0) {
|
||||||
@ -473,7 +478,7 @@ int enc_main(int argc, char **argv)
|
|||||||
BIO_printf(bio_err, "iv undefined\n");
|
BIO_printf(bio_err, "iv undefined\n");
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
if ((hkey != NULL) && !set_hex(hkey, key, sizeof key)) {
|
if ((hkey != NULL) && !set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {
|
||||||
BIO_printf(bio_err, "invalid hex key value\n");
|
BIO_printf(bio_err, "invalid hex key value\n");
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user