lib-dcrypt: Allow missing IV

This is needed for e.g. ECB mode.

diff --git a/src/lib-dcrypt/dcrypt-openssl1.c b/src/lib-dcrypt/dcrypt-openssl1.c
index 76db15c01bed36a98013ec597c68a9b3b07a058e..fcbdc5eb8e5f8cb9c8eee4751f0f2bc7f99aa6df 100644 (file)
--- a/src/lib-dcrypt/dcrypt-openssl1.c
+++ b/src/lib-dcrypt/dcrypt-openssl1.c
@@ -349,9 +349,11 @@ dcrypt_openssl_ctx_sym_set_iv(struct dcrypt_context_symmetric *ctx,
        if(ctx->iv != NULL)
                p_free(ctx->pool, ctx->iv);
 
-       ctx->iv = p_malloc(ctx->pool, EVP_CIPHER_iv_length(ctx->cipher));
-       memcpy(ctx->iv, iv, I_MIN(iv_len,
-              (size_t)EVP_CIPHER_iv_length(ctx->cipher)));
+       if (EVP_CIPHER_iv_length(ctx->cipher) > 0) {
+               ctx->iv = p_malloc(ctx->pool, EVP_CIPHER_iv_length(ctx->cipher));
+               memcpy(ctx->iv, iv, I_MIN(iv_len,
+                      (size_t)EVP_CIPHER_iv_length(ctx->cipher)));
+       }
 }
 
 static void
@@ -364,8 +366,10 @@ dcrypt_openssl_ctx_sym_set_key_iv_random(struct dcrypt_context_symmetric *ctx)
 
        ctx->key = p_malloc(ctx->pool, EVP_CIPHER_key_length(ctx->cipher));
        random_fill(ctx->key, EVP_CIPHER_key_length(ctx->cipher));
-       ctx->iv = p_malloc(ctx->pool, EVP_CIPHER_iv_length(ctx->cipher));
-       random_fill(ctx->iv, EVP_CIPHER_iv_length(ctx->cipher));
+       if (EVP_CIPHER_iv_length(ctx->cipher) > 0) {
+               ctx->iv = p_malloc(ctx->pool, EVP_CIPHER_iv_length(ctx->cipher));
+               random_fill(ctx->iv, EVP_CIPHER_iv_length(ctx->cipher));
+       }
 }
 
 static void
@@ -471,7 +475,6 @@ dcrypt_openssl_ctx_sym_init(struct dcrypt_context_symmetric *ctx,
        int len;
 
        i_assert(ctx->key != NULL);
-       i_assert(ctx->iv != NULL);
        i_assert(ctx->ctx == NULL);
 
        if((ctx->ctx = EVP_CIPHER_CTX_new()) == NULL)

diff --git a/src/lib-dcrypt/dcrypt-openssl3.c b/src/lib-dcrypt/dcrypt-openssl3.c
index a7b1a961ee68bf67fae9487fcc90f521e0d6f921..5da1e2078eacb15ce7c14cb58f90ddb196c3e262 100644 (file)
--- a/src/lib-dcrypt/dcrypt-openssl3.c
+++ b/src/lib-dcrypt/dcrypt-openssl3.c
@@ -311,9 +311,11 @@ dcrypt_openssl_ctx_sym_set_iv(struct dcrypt_context_symmetric *ctx,
                              const unsigned char *iv, size_t iv_len)
 {
        p_free(ctx->pool, ctx->iv);
-       ctx->iv = p_malloc(ctx->pool, EVP_CIPHER_iv_length(ctx->cipher));
-       memcpy(ctx->iv, iv, I_MIN(iv_len,
-              (size_t)EVP_CIPHER_iv_length(ctx->cipher)));
+       if (EVP_CIPHER_iv_length(ctx->cipher) > 0) {
+               ctx->iv = p_malloc(ctx->pool, EVP_CIPHER_iv_length(ctx->cipher));
+               memcpy(ctx->iv, iv, I_MIN(iv_len,
+                      (size_t)EVP_CIPHER_iv_length(ctx->cipher)));
+       }
 }
 
 static void
@@ -323,8 +325,10 @@ dcrypt_openssl_ctx_sym_set_key_iv_random(struct dcrypt_context_symmetric *ctx)
        p_free(ctx->pool, ctx->iv);
        ctx->key = p_malloc(ctx->pool, EVP_CIPHER_key_length(ctx->cipher));
        random_fill(ctx->key, EVP_CIPHER_key_length(ctx->cipher));
-       ctx->iv = p_malloc(ctx->pool, EVP_CIPHER_iv_length(ctx->cipher));
-       random_fill(ctx->iv, EVP_CIPHER_iv_length(ctx->cipher));
+       if (EVP_CIPHER_iv_length(ctx->cipher) > 0) {
+               ctx->iv = p_malloc(ctx->pool, EVP_CIPHER_iv_length(ctx->cipher));
+               random_fill(ctx->iv, EVP_CIPHER_iv_length(ctx->cipher));
+       }
 }
 
 static void
@@ -428,7 +432,6 @@ dcrypt_openssl_ctx_sym_init(struct dcrypt_context_symmetric *ctx,
        int len;
 
        i_assert(ctx->key != NULL);
-       i_assert(ctx->iv != NULL);
        i_assert(ctx->ctx == NULL);
 
        if ((ctx->ctx = EVP_CIPHER_CTX_new()) == NULL)