diff options
author | Tobias Nießen <tniessen@tnie.de> | 2018-06-12 16:14:46 +0200 |
---|---|---|
committer | Tobias Nießen <tniessen@tnie.de> | 2018-06-15 17:58:52 +0200 |
commit | a703df9785b79987ca03a2ad66f13afcfa2e4ade (patch) | |
tree | 36ec8ffc47122738ec0f5a2e055341b7a9f1faf8 /src | |
parent | 0179e940cc3cbd81e6abaf7b12677b72070f94c5 (diff) | |
download | android-node-v8-a703df9785b79987ca03a2ad66f13afcfa2e4ade.tar.gz android-node-v8-a703df9785b79987ca03a2ad66f13afcfa2e4ade.tar.bz2 android-node-v8-a703df9785b79987ca03a2ad66f13afcfa2e4ade.zip |
crypto: fix behavior of createCipher in wrap mode
The old implementation silently failed in EVP_CipherInit_ex in
EVP_CIPH_WRAP_MODE, this commit should fix that.
PR-URL: https://github.com/nodejs/node/pull/21287
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/node_crypto.cc | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/src/node_crypto.cc b/src/node_crypto.cc index 3fcd2910bb..8b152e65c3 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -2611,10 +2611,14 @@ void CipherBase::Init(const char* cipher_type, iv); ctx_.reset(EVP_CIPHER_CTX_new()); + + const int mode = EVP_CIPHER_mode(cipher); + if (mode == EVP_CIPH_WRAP_MODE) + EVP_CIPHER_CTX_set_flags(ctx_.get(), EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); + const bool encrypt = (kind_ == kCipher); EVP_CipherInit_ex(ctx_.get(), cipher, nullptr, nullptr, nullptr, encrypt); - int mode = EVP_CIPHER_CTX_mode(ctx_.get()); if (encrypt && (mode == EVP_CIPH_CTR_MODE || mode == EVP_CIPH_GCM_MODE || mode == EVP_CIPH_CCM_MODE)) { // Ignore the return value (i.e. possible exception) because we are @@ -2624,9 +2628,6 @@ void CipherBase::Init(const char* cipher_type, cipher_type); } - if (mode == EVP_CIPH_WRAP_MODE) - EVP_CIPHER_CTX_set_flags(ctx_.get(), EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); - if (IsAuthenticatedMode()) { if (!InitAuthenticated(cipher_type, EVP_CIPHER_iv_length(cipher), auth_tag_len)) |