From d78df5dfd650e6de159a19a033513481064644f5 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 23 Apr 2016 13:33:05 +0100 Subject: [PATCH] Reject inappropriate private key encryption ciphers. MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The traditional private key encryption algorithm doesn't function properly if the IV length of the cipher is zero. These ciphers (e.g. ECB mode) are not suitable for private key encryption anyway. Reviewed-by: Emilia Käsper --- crypto/pem/pem_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 5e7aa776d9..6ee3b8e049 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -344,7 +344,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, if (enc != NULL) { objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc)); - if (objstr == NULL) { + if (objstr == NULL || EVP_CIPHER_iv_length(enc) == 0) { PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER); goto err; } -- 2.34.1