From ca5474683acbb4800b1bd043277119241f8730c9 Mon Sep 17 00:00:00 2001
From: Steven Fackler <sfackler@gmail.com>
Date: Thu, 21 Nov 2019 16:59:44 -0800
Subject: [PATCH] Fix IV handling in envelope

Closes #1190
---
 openssl/src/envelope.rs | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/openssl/src/envelope.rs b/openssl/src/envelope.rs
index 1101cde7..22a14117 100644
--- a/openssl/src/envelope.rs
+++ b/openssl/src/envelope.rs
@@ -64,7 +64,7 @@ impl Seal {
                 enc_key_ptrs.push(enc_key_ptr);
                 pub_key_ptrs.push(key.as_ptr());
             }
-            let mut iv = cipher.iv_len().map(|len| Vec::with_capacity(len));
+            let mut iv = cipher.iv_len().map(|len| vec![0; len]);
             let iv_ptr = iv.as_mut().map_or(ptr::null_mut(), |v| v.as_mut_ptr());
             let mut enc_key_lens = vec![0; enc_keys.len()];
 
@@ -176,7 +176,12 @@ impl Open {
     {
         unsafe {
             assert!(encrypted_key.len() <= c_int::max_value() as usize);
-            assert!(cipher.iv_len().is_none() || iv.is_some());
+            match (cipher.iv_len(), iv) {
+                (Some(len), Some(iv)) => assert_eq!(len, iv.len(), "IV length mismatch"),
+                (None, None) => {}
+                (Some(_), None) => panic!("an IV was required but not provided"),
+                (None, Some(_)) => panic!("an IV was provided but not required"),
+            }
 
             let ctx = cvt_p(ffi::EVP_CIPHER_CTX_new())?;
             cvt(ffi::EVP_OpenInit(