Reject inappropriate private key encryption ciphers.

The traditional private key encryption algorithm doesn't function properly if the IV length of the cipher is zero. These ciphers (e.g. ECB mode) are not suitable for private key encryption anyway. Reviewed-by: Emilia Käsper <emilia@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2016-04-23 13:33:05 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2016-04-28 00:04:48 +0100
commit: d78df5dfd650e6de159a19a033513481064644f5 (patch)
tree: 794e5ef89c0948199d64dfb240a9680964b6165e /crypto/pem
parent: 4a397f5168d41ef4417f1430f2f5133b92f145b8 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index 5e7aa776d9..6ee3b8e049 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -344,7 +344,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
 
     if (enc != NULL) {
         objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
-        if (objstr == NULL) {
+        if (objstr == NULL || EVP_CIPHER_iv_length(enc) == 0) {
             PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
             goto err;
         }
author	Dr. Stephen Henson <steve@openssl.org>	2016-04-23 13:33:05 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2016-04-28 00:04:48 +0100
commit	d78df5dfd650e6de159a19a033513481064644f5 (patch)
tree	794e5ef89c0948199d64dfb240a9680964b6165e /crypto/pem
parent	4a397f5168d41ef4417f1430f2f5133b92f145b8 (diff)