diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2016-04-23 13:33:05 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2016-04-28 00:06:07 +0100 |
commit | 4436299296cc10c6d6611b066b4b73dc0bdae1a6 (patch) | |
tree | c8f7e5744b86703b208c8ec65337d66c04683fb4 /crypto/pem | |
parent | 8f43c80bfac15544820739bf035df946eeb603e8 (diff) |
Reject inappropriate private key encryption ciphers.
The traditional private key encryption algorithm doesn't function
properly if the IV length of the cipher is zero. These ciphers
(e.g. ECB mode) are not suitable for private key encryption
anyway.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit d78df5dfd650e6de159a19a033513481064644f5)
Diffstat (limited to 'crypto/pem')
-rw-r--r-- | crypto/pem/pem_lib.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index a29821aab2..fe881d6641 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -348,7 +348,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, if (enc != NULL) { objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc)); - if (objstr == NULL) { + if (objstr == NULL || EVP_CIPHER_iv_length(enc) == 0) { PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER); goto err; } |