diff --git a/src/node_crypto.cc b/src/node_crypto.cc index 4b6eee55745f47..9dfe0ca43c2c5b 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -3023,14 +3023,28 @@ CipherBase::UpdateResult CipherBase::Update(const char* data, auth_tag_set_ = true; } - *out_len = len + EVP_CIPHER_CTX_block_size(ctx_); - *out = Malloc(static_cast(*out_len)); + *out_len = 0; + int buff_len = len + EVP_CIPHER_CTX_block_size(ctx_); + // For key wrapping algorithms, get output size by calling + // EVP_CipherUpdate() with null output. + if (mode == EVP_CIPH_WRAP_MODE && + EVP_CipherUpdate(ctx_, + nullptr, + &buff_len, + reinterpret_cast(data), + len) != 1) { + return kErrorState; + } + + *out = Malloc(buff_len); int r = EVP_CipherUpdate(ctx_, *out, out_len, reinterpret_cast(data), len); + CHECK_LE(*out_len, buff_len); + // When in CCM mode, EVP_CipherUpdate will fail if the authentication tag is // invalid. In that case, remember the error and throw in final(). if (!r && kind_ == kDecipher && mode == EVP_CIPH_CCM_MODE) { diff --git a/test/parallel/test-crypto-des3-wrap.js b/test/parallel/test-crypto-des3-wrap.js new file mode 100644 index 00000000000000..75c8cd574fd662 --- /dev/null +++ b/test/parallel/test-crypto-des3-wrap.js @@ -0,0 +1,25 @@ +'use strict'; +const common = require('../common'); +if (!common.hasCrypto) + common.skip('missing crypto'); + +const assert = require('assert'); +const crypto = require('crypto'); + +// Test case for des-ede3 wrap/unwrap. des3-wrap needs extra 2x blocksize +// then plaintext to store ciphertext. +const test = { + key: Buffer.from('3c08e25be22352910671cfe4ba3652b1220a8a7769b490ba', 'hex'), + iv: Buffer.alloc(0), + plaintext: '32|RmVZZkFUVmpRRkp0TmJaUm56ZU9qcnJkaXNNWVNpTTU*|iXmckfRWZBG' + + 'WWELweCBsThSsfUHLeRe0KCsK8ooHgxie0zOINpXxfZi/oNG7uq9JWFVCk70gfzQH8ZU' + + 'JjAfaFg**' +}; + +const cipher = crypto.createCipheriv('des3-wrap', test.key, test.iv); +const ciphertext = cipher.update(test.plaintext, 'utf8'); + +const decipher = crypto.createDecipheriv('des3-wrap', test.key, test.iv); +const msg = decipher.update(ciphertext, 'buffer', 'utf8'); + +assert.strictEqual(msg, test.plaintext);