Skip to content

Commit

Permalink
src: remove OCB support ifdef OPENSSL_NO_OCB
Browse files Browse the repository at this point in the history
Electron uses BoringSSL which does not support OCB . It is also
possible to build OpenSSL without support for OCB for Node.js.
This commit disables OCB if OPENSSL_NO_OCB is defined.

PR-URL: #23635
Reviewed-By: Tobias Nießen <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
  • Loading branch information
codebytere authored and jasnell committed Oct 17, 2018
1 parent e2258ad commit da52c3f
Showing 1 changed file with 8 additions and 3 deletions.
11 changes: 8 additions & 3 deletions src/node_crypto.cc
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,11 @@ using v8::Uint32;
using v8::Undefined;
using v8::Value;

#ifdef OPENSSL_NO_OCB
# define IS_OCB_MODE(mode) false
#else
# define IS_OCB_MODE(mode) ((mode) == EVP_CIPH_OCB_MODE)
#endif

struct StackOfX509Deleter {
void operator()(STACK_OF(X509)* p) const { sk_X509_pop_free(p, X509_free); }
Expand Down Expand Up @@ -2544,7 +2549,7 @@ int VerifyCallback(int preverify_ok, X509_STORE_CTX* ctx) {
static bool IsSupportedAuthenticatedMode(int mode) {
return mode == EVP_CIPH_CCM_MODE ||
mode == EVP_CIPH_GCM_MODE ||
mode == EVP_CIPH_OCB_MODE;
IS_OCB_MODE(mode);
}

void CipherBase::Initialize(Environment* env, Local<Object> target) {
Expand Down Expand Up @@ -2769,7 +2774,7 @@ bool CipherBase::InitAuthenticated(const char* cipher_type, int iv_len,
}

const int mode = EVP_CIPHER_CTX_mode(ctx_.get());
if (mode == EVP_CIPH_CCM_MODE || mode == EVP_CIPH_OCB_MODE) {
if (mode == EVP_CIPH_CCM_MODE || IS_OCB_MODE(mode)) {
if (auth_tag_len == kNoAuthTagLength) {
char msg[128];
snprintf(msg, sizeof(msg), "authTagLength required for %s", cipher_type);
Expand Down Expand Up @@ -2885,7 +2890,7 @@ void CipherBase::SetAuthTag(const FunctionCallbackInfo<Value>& args) {
} else {
// At this point, the tag length is already known and must match the
// length of the given authentication tag.
CHECK(mode == EVP_CIPH_CCM_MODE || mode == EVP_CIPH_OCB_MODE);
CHECK(mode == EVP_CIPH_CCM_MODE || IS_OCB_MODE(mode));
CHECK_NE(cipher->auth_tag_len_, kNoAuthTagLength);
is_valid = cipher->auth_tag_len_ == tag_len;
}
Expand Down

0 comments on commit da52c3f

Please sign in to comment.