Procházet zdrojové kódy

* Update String encrypt_string_cbc() to directly call AES_cbc_encrypt()

Bryan Drewery před 16 roky
rodič
revize
7527e10b9f
3 změnil soubory, kde provedl 18 přidání a 12 odebrání
  1. 3 5
      src/EncryptedStream.c
  2. 14 6
      src/crypto/aes_util.c
  3. 1 1
      src/crypto/aes_util.h

+ 3 - 5
src/EncryptedStream.c

@@ -64,11 +64,9 @@ int EncryptedStream::loadFile (const int fd) {
 }
 
 void EncryptedStream::apply_filters(bd::String& buf, const bd::String& IV) const {
-  if (enc_flags & ENC_AES_256_CBC) {
-    unsigned char* iv = (unsigned char*) IV.dup();
-    buf = encrypt_string_cbc(key, buf, iv);
-    delete[] iv;
-  } else if (enc_flags & ENC_AES_256_ECB)
+  if (enc_flags & ENC_AES_256_CBC)
+    buf = encrypt_string_cbc(key, buf, IV);
+  else if (enc_flags & ENC_AES_256_ECB)
     buf = encrypt_string(key, buf);
 
   if (enc_flags & ENC_BASE64_BROKEN)

+ 14 - 6
src/crypto/aes_util.c

@@ -34,13 +34,21 @@ bd::String encrypt_string(const bd::String& key, const bd::String& data) {
  * @param IV The IV to use (WARNING: This is modified inplace)
  * @return A new, encrypted string
  */
-bd::String encrypt_string_cbc(const bd::String& key, const bd::String& data, unsigned char* IV) {
+bd::String encrypt_string_cbc(const bd::String& key, bd::String data, bd::String IV) {
   if (!key) return data;
-  size_t len = data.length();
-  char *bdata = (char*) aes_encrypt_cbc_binary(key.c_str(), (unsigned char*) data.c_str(), &len, IV);
-  bd::String encrypted(bdata, len);
-  free(bdata);
-  return encrypted;
+
+  // Add padding
+  size_t padding = CRYPT_BLOCKSIZE;
+  if (data.length() % CRYPT_BLOCKSIZE)
+    padding = (CRYPT_BLOCKSIZE - (data.length() % CRYPT_BLOCKSIZE));
+  // Pad with padding bytes of padding
+  data.resize(data.length() + padding, padding);
+
+  AES_set_encrypt_key((const unsigned char *) key.c_str(), CRYPT_KEYBITS, &e_key);
+  AES_cbc_encrypt((const unsigned char*)data.data(), (unsigned char*)data.mdata(), data.length(), &e_key, (unsigned char*)IV.mdata(), AES_ENCRYPT);
+  OPENSSL_cleanse(&e_key, sizeof(e_key));
+
+  return data;
 }
 
 /**

+ 1 - 1
src/crypto/aes_util.h

@@ -16,7 +16,7 @@ unsigned char *aes_decrypt_ecb_binary(const char *, unsigned char *, size_t *);
 unsigned char *aes_encrypt_cbc_binary(const char *, unsigned char *, size_t *, unsigned char *);
 unsigned char *aes_decrypt_cbc_binary(const char *, unsigned char *, size_t *, unsigned char *);
 bd::String encrypt_string(const bd::String&, const bd::String&);
-bd::String encrypt_string_cbc(const bd::String&, const bd::String&, unsigned char *);
+bd::String encrypt_string_cbc(const bd::String&, bd::String, bd::String);
 bd::String decrypt_string(const bd::String&, const bd::String&);
 bd::String decrypt_string_cbc(const bd::String&, const bd::String&, unsigned char *);
 #endif