From 3795dfafc6b3c5ea33fe246be87fefb4fe050825 Mon Sep 17 00:00:00 2001
From: Caolán McNamara <caolanm@redhat.com>
Date: Wed, 3 Jan 2018 20:13:28 +0000
Subject: ofz#4929 ensure min input len for openssl ciphers

openssl is not the default backend

Change-Id: Id7bd77c1a12a15c0ebb4e7d758362c7778bfc2fd
Reviewed-on: https://gerrit.libreoffice.org/47350
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Michael Stahl <mstahl@redhat.com>
---
 oox/source/crypto/CryptTools.cxx | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'oox/source')

diff --git a/oox/source/crypto/CryptTools.cxx b/oox/source/crypto/CryptTools.cxx
index 6de4363c59f4..e0b39f67cca4 100644
--- a/oox/source/crypto/CryptTools.cxx
+++ b/oox/source/crypto/CryptTools.cxx
@@ -128,10 +128,20 @@ Decrypt::Decrypt(std::vector<sal_uInt8>& key, std::vector<sal_uInt8>& iv, Crypto
 
     const EVP_CIPHER* cipher = getCipher(type);
 
+    const size_t nMinKeySize = EVP_CIPHER_key_length(cipher);
+    if (key.size() < nMinKeySize)
+        key.resize(nMinKeySize, 0);
+
     if (iv.empty())
         EVP_DecryptInit_ex(&mContext, cipher, nullptr, key.data(), 0);
     else
+    {
+        const size_t nMinIVSize = EVP_CIPHER_iv_length(cipher);
+        if (iv.size() < nMinIVSize)
+            iv.resize(nMinIVSize, 0);
+
         EVP_DecryptInit_ex(&mContext, cipher, nullptr, key.data(), iv.data());
+    }
     EVP_CIPHER_CTX_set_padding(&mContext, 0);
 #endif
 
-- 
cgit