Reject inappropriate private key encryption ciphers.
The traditional private key encryption algorithm doesn't function properly if the IV length of the cipher is zero. These ciphers (e.g. ECB mode) are not suitable for private key encryption anyway. (Imported from upstream's 4436299296cc10c6d6611b066b4b73dc0bdae1a6.) Change-Id: I218c9c1d11274ef11b7c0cfce380521efa415215 Reviewed-on: https://boringssl-review.googlesource.com/7840 Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
parent
b83c680d03
commit
d230a0c890
@ -262,7 +262,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
|
||||
|
||||
if (enc != NULL) {
|
||||
objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
|
||||
if (objstr == NULL) {
|
||||
if (objstr == NULL || EVP_CIPHER_iv_length(enc) == 0) {
|
||||
OPENSSL_PUT_ERROR(PEM, PEM_R_UNSUPPORTED_CIPHER);
|
||||
goto err;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user