Explorar o código

* Update String decrypt_string_cbc() to directly call AES_cbc_encrypt()

Bryan Drewery %!s(int64=16) %!d(string=hai) anos
pai
achega
8fe85f115c
Modificáronse 3 ficheiros con 17 adicións e 14 borrados
  1. 2 5
      src/EncryptedStream.c
  2. 14 8
      src/crypto/aes_util.c
  3. 1 1
      src/crypto/aes_util.h

+ 2 - 5
src/EncryptedStream.c

@@ -81,11 +81,8 @@ void EncryptedStream::unapply_filters(bd::String& buf, const bd::String& IV) con
   if (enc_flags & ENC_BASE64)
     buf = bd::base64Decode(buf);
 
-  if (enc_flags & ENC_AES_256_CBC) {
-    unsigned char* iv = (unsigned char*) IV.dup();
-    buf = decrypt_string_cbc(key, buf, iv);
-    delete[] iv;
-  }
+  if (enc_flags & ENC_AES_256_CBC)
+    buf = decrypt_string_cbc(key, buf, IV);
   else if (enc_flags & ENC_AES_256_ECB)
     buf = decrypt_string(key, buf);
 }

+ 14 - 8
src/crypto/aes_util.c

@@ -74,17 +74,23 @@ bd::String decrypt_string(const bd::String& key, const bd::String& data) {
  * @param IV The IV to use (WARNING: This is modified inplace)
  * @return A new, decrypted string
  */
-bd::String decrypt_string_cbc(const bd::String& key, const bd::String& data, unsigned char* IV) {
+bd::String decrypt_string_cbc(const bd::String& key, bd::String data, bd::String IV) {
   if (!key) return data;
-  size_t len = data.length();
-  char *bdata = (char*) aes_decrypt_cbc_binary(key.c_str(), (unsigned char*) data.c_str(), &len, IV);
-  bd::String decrypted(bdata, len);
-  OPENSSL_cleanse(bdata, len);
-  free(bdata);
-  return decrypted;
-}
 
+  data.resize(data.length() - (data.length() % CRYPT_BLOCKSIZE));
+  AES_set_decrypt_key((const unsigned char *) key.c_str(), CRYPT_KEYBITS, &d_key);
+  AES_cbc_encrypt((const unsigned char*)data.data(), (unsigned char*)data.mdata(), data.length(), &d_key, (unsigned char*)IV.mdata(), AES_DECRYPT);
+  OPENSSL_cleanse(&d_key, sizeof(d_key));
 
+  // How much padding?
+  size_t padding = data[data.length() - 1];
+
+  if (!padding || padding > 16)
+    data.resize(strlen((char*) data.c_str()));
+  else
+    data.resize(data.length() - padding);
+  return data;
+}
 
 unsigned char *
 aes_encrypt_ecb_binary(const char *keydata, unsigned char *in, size_t *inlen)

+ 1 - 1
src/crypto/aes_util.h

@@ -18,5 +18,5 @@ unsigned char *aes_decrypt_cbc_binary(const char *, unsigned char *, size_t *, u
 bd::String encrypt_string(const bd::String&, const bd::String&);
 bd::String encrypt_string_cbc(const bd::String&, bd::String, bd::String);
 bd::String decrypt_string(const bd::String&, const bd::String&);
-bd::String decrypt_string_cbc(const bd::String&, const bd::String&, unsigned char *);
+bd::String decrypt_string_cbc(const bd::String&, bd::String, bd::String);
 #endif