From 9981220e2aa567765e8a03759a267bbeaa88d6a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Tue, 12 Jun 2018 16:14:46 +0200 Subject: [PATCH] crypto: fix behavior of createCipher in wrap mode The old implementation silently failed in EVP_CipherInit_ex in EVP_CIPH_WRAP_MODE, this commit should fix that. PR-URL: https://github.com/nodejs/node/pull/21287 Reviewed-By: Ujjwal Sharma Reviewed-By: Ben Noordhuis Reviewed-By: James M Snell --- src/node_crypto.cc | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/node_crypto.cc b/src/node_crypto.cc index f5d42a2baf1ef1..c6dc4c2828044c 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -2611,10 +2611,14 @@ void CipherBase::Init(const char* cipher_type, iv); ctx_.reset(EVP_CIPHER_CTX_new()); + + const int mode = EVP_CIPHER_mode(cipher); + if (mode == EVP_CIPH_WRAP_MODE) + EVP_CIPHER_CTX_set_flags(ctx_.get(), EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); + const bool encrypt = (kind_ == kCipher); EVP_CipherInit_ex(ctx_.get(), cipher, nullptr, nullptr, nullptr, encrypt); - int mode = EVP_CIPHER_CTX_mode(ctx_.get()); if (encrypt && (mode == EVP_CIPH_CTR_MODE || mode == EVP_CIPH_GCM_MODE || mode == EVP_CIPH_CCM_MODE)) { // Ignore the return value (i.e. possible exception) because we are @@ -2624,9 +2628,6 @@ void CipherBase::Init(const char* cipher_type, cipher_type); } - if (mode == EVP_CIPH_WRAP_MODE) - EVP_CIPHER_CTX_set_flags(ctx_.get(), EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); - if (IsAuthenticatedMode()) { if (!InitAuthenticated(cipher_type, EVP_CIPHER_iv_length(cipher), auth_tag_len))