From 3d99250c8311a7e72e4ab8f00cce283880910de9 Mon Sep 17 00:00:00 2001
From: nnposter <nnposter@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Fri, 13 Sep 2024 21:36:46 +0000
Subject: [PATCH] Allow crypto IVs with leading zero. Close #2928, fix #2640

---
 CHANGELOG      | 4 ++++
 nse_openssl.cc | 8 ++++----
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 2c102d898..95d6d80e9 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -22,6 +22,10 @@ o [NSE][GH#2925][GH#2917][GH#2924] Testing for acceptance of SSH keys for
 o [NSE][GH#2919][GH#2917] Scripts were not able to load SSH public keys.
   from a file. [nnposter]
 
+o [NSE][GH#2928][GH#2640] Encryption/decryption performed by the OpenSSL NSE
+  module did not work correctly when the IV started with a null byte.
+  [nnposter]
+
 o [NSE][GH#2901][GH#2744][GH#2745] Arbitrary separator in stdnse.tohex() is now
   supported. Script smb-protocols now reports SMB dialects correctly.
   [nnposter]
diff --git a/nse_openssl.cc b/nse_openssl.cc
index f1fb85370..29e0385c1 100644
--- a/nse_openssl.cc
+++ b/nse_openssl.cc
@@ -387,10 +387,10 @@ static int l_encrypt(lua_State *L) /** encrypt( string algorithm, string key, st
 
   size_t key_len, iv_len, data_len;
   const unsigned char *key = (unsigned char *) luaL_checklstring( L, 2, &key_len );
-  const unsigned char *iv = (unsigned char *) luaL_optlstring( L, 3, "", &iv_len );
+  const unsigned char *iv = (unsigned char *) luaL_optlstring( L, 3, NULL, &iv_len );
   const unsigned char *data = (unsigned char *) luaL_checklstring( L, 4, &data_len );
   int padding = lua_toboolean( L, 5 );
-  if (iv[0] == '\0')
+  if (!iv_len)
     iv = NULL;
 
 #if HAVE_OPAQUE_STRUCTS
@@ -449,10 +449,10 @@ static int l_decrypt(lua_State *L) /** decrypt( string algorithm, string key, st
 
   size_t key_len, iv_len, data_len;
   const unsigned char *key = (unsigned char *) luaL_checklstring( L, 2, &key_len );
-  const unsigned char *iv = (unsigned char *) luaL_optlstring( L, 3, "", &iv_len );
+  const unsigned char *iv = (unsigned char *) luaL_optlstring( L, 3, NULL, &iv_len );
   const unsigned char *data = (unsigned char *) luaL_checklstring( L, 4, &data_len );
   int padding = lua_toboolean( L, 5 );
-  if (iv[0] == '\0')
+  if (!iv_len)
     iv = NULL;
 
 #if HAVE_OPAQUE_STRUCTS