From e85f371a306a7f1a587a508db129cbb5217a85f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Tue, 12 Jun 2018 16:14:46 +0200 Subject: [PATCH 1/2] crypto: fix behavior of createCipher in wrap mode The old implementation silently failed in EVP_CipherInit_ex in EVP_CIPH_WRAP_MODE, this commit should fix that. --- src/node_crypto.cc | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/node_crypto.cc b/src/node_crypto.cc index 2339dc833590d2..7d1c5cd766940d 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -2592,10 +2592,14 @@ void CipherBase::Init(const char* cipher_type, iv); ctx_.reset(EVP_CIPHER_CTX_new()); + + int mode = EVP_CIPHER_mode(cipher); + if (mode == EVP_CIPH_WRAP_MODE) + EVP_CIPHER_CTX_set_flags(ctx_.get(), EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); + const bool encrypt = (kind_ == kCipher); EVP_CipherInit_ex(ctx_.get(), cipher, nullptr, nullptr, nullptr, encrypt); - int mode = EVP_CIPHER_CTX_mode(ctx_.get()); if (encrypt && (mode == EVP_CIPH_CTR_MODE || mode == EVP_CIPH_GCM_MODE || mode == EVP_CIPH_CCM_MODE)) { // Ignore the return value (i.e. possible exception) because we are @@ -2605,9 +2609,6 @@ void CipherBase::Init(const char* cipher_type, cipher_type); } - if (mode == EVP_CIPH_WRAP_MODE) - EVP_CIPHER_CTX_set_flags(ctx_.get(), EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); - if (IsAuthenticatedMode()) { if (!InitAuthenticated(cipher_type, EVP_CIPHER_iv_length(cipher), auth_tag_len)) From 94b36f37fd7a1d21ed6d008c715f9b3f95c35a2e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Thu, 14 Jun 2018 15:21:46 +0200 Subject: [PATCH 2/2] fixup! crypto: fix behavior of createCipher in wrap mode --- src/node_crypto.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/node_crypto.cc b/src/node_crypto.cc index 7d1c5cd766940d..cfe4353ef37e1e 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -2593,7 +2593,7 @@ void CipherBase::Init(const char* cipher_type, ctx_.reset(EVP_CIPHER_CTX_new()); - int mode = EVP_CIPHER_mode(cipher); + const int mode = EVP_CIPHER_mode(cipher); if (mode == EVP_CIPH_WRAP_MODE) EVP_CIPHER_CTX_set_flags(ctx_.get(), EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);