diff --git a/CHANGES b/CHANGES index 9adb69d5e4..cdd2709cf1 100644 --- a/CHANGES +++ b/CHANGES @@ -11,6 +11,10 @@ *) applies to 0.9.6a (/0.9.6b) and 0.9.7 +) applies to 0.9.7 only + *) When only the key is given to "enc", the IV is undefined. Print out + an error message in this case. + [Lutz Jaenicke] + +) Added the OS2-EMX target. ["Brian Havard" and Richard Levitte] diff --git a/apps/enc.c b/apps/enc.c index 49cae7579c..3c72d05c6c 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -488,6 +488,14 @@ bad: BIO_printf(bio_err,"invalid hex iv value\n"); goto end; } + if ((hiv == NULL) && (str == NULL)) + { + /* No IV was explicitly set and no IV was generated + * during EVP_BytesToKey. Hence the IV is undefined, + * making correct decryption impossible. */ + BIO_printf(bio_err, "iv undefined\n"); + goto end; + } if ((hkey != NULL) && !set_hex(hkey,key,sizeof key)) { BIO_printf(bio_err,"invalid hex key value\n"); diff --git a/doc/apps/enc.pod b/doc/apps/enc.pod index 9323223cd2..99b914789d 100644 --- a/doc/apps/enc.pod +++ b/doc/apps/enc.pod @@ -97,12 +97,18 @@ of hex digits. =item B<-K key> the actual key to use: this must be represented as a string comprised only -of hex digits. +of hex digits. If only the key is specified, the IV must additionally specified +using the B<-iv> option. When both a key and a password are specified, the +key given with the B<-K> option will be used and the IV generated from the +password will be taken. It probably does not make much sense to specify +both key and password. =item B<-iv IV> the actual IV to use: this must be represented as a string comprised only -of hex digits. +of hex digits. When only the key is specified using the B<-K> option, the +IV must explicitly be defined. When a password is being specified using +one of the other options, the IV is generated from this password. =item B<-p>