Skip to content

Commit

Permalink
crypto: fix behavior of createCipher in wrap mode
Browse files Browse the repository at this point in the history
The old implementation silently failed in EVP_CipherInit_ex in
EVP_CIPH_WRAP_MODE, this commit should fix that.

PR-URL: #21287
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
  • Loading branch information
tniessen committed Jun 15, 2018
1 parent 0179e94 commit a703df9
Showing 1 changed file with 5 additions and 4 deletions.
9 changes: 5 additions & 4 deletions src/node_crypto.cc
Original file line number Diff line number Diff line change
Expand Up @@ -2611,10 +2611,14 @@ void CipherBase::Init(const char* cipher_type,
iv);

ctx_.reset(EVP_CIPHER_CTX_new());

const int mode = EVP_CIPHER_mode(cipher);
if (mode == EVP_CIPH_WRAP_MODE)
EVP_CIPHER_CTX_set_flags(ctx_.get(), EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);

const bool encrypt = (kind_ == kCipher);
EVP_CipherInit_ex(ctx_.get(), cipher, nullptr, nullptr, nullptr, encrypt);

int mode = EVP_CIPHER_CTX_mode(ctx_.get());
if (encrypt && (mode == EVP_CIPH_CTR_MODE || mode == EVP_CIPH_GCM_MODE ||
mode == EVP_CIPH_CCM_MODE)) {
// Ignore the return value (i.e. possible exception) because we are
Expand All @@ -2624,9 +2628,6 @@ void CipherBase::Init(const char* cipher_type,
cipher_type);
}

if (mode == EVP_CIPH_WRAP_MODE)
EVP_CIPHER_CTX_set_flags(ctx_.get(), EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);

if (IsAuthenticatedMode()) {
if (!InitAuthenticated(cipher_type, EVP_CIPHER_iv_length(cipher),
auth_tag_len))
Expand Down

0 comments on commit a703df9

Please sign in to comment.