changed aes transform to cipher text stealing mode

4 years ago · 680248d154
3 changed files with 7 additions and 5 deletions
--- a/include/aes.h
+++ b/include/aes.h
@ -48,10 +48,10 @@ typedef struct aes_context_t {


 int aes_cbc_encrypt (unsigned char *out, const unsigned char *in, size_t in_len,
-                     const unsigned char *iv, aes_context_t *ctx);
+                     unsigned char *iv, aes_context_t *ctx);

 int aes_cbc_decrypt (unsigned char *out, const unsigned char *in, size_t in_len,
-                     const unsigned char *iv, aes_context_t *ctx);
+                     unsigned char *iv, aes_context_t *ctx);

 int aes_ecb_decrypt (unsigned char *out, const unsigned char *in, aes_context_t *ctx);

--- a/src/aes.c
+++ b/src/aes.c
@ -45,7 +45,7 @@ static char *openssl_err_as_string (void) {
 /* ****************************************************** */

 int aes_cbc_encrypt (unsigned char *out, const unsigned char *in, size_t in_len,
-                     const unsigned char *iv, aes_context_t *ctx) {
+                     unsigned char *iv, aes_context_t *ctx) {

 #ifdef HAVE_OPENSSL_1_1
  int evp_len;
@ -81,13 +81,14 @@ int aes_cbc_encrypt (unsigned char *out, const unsigned char *in, size_t in_len,
                  &(ctx->enc_key),
                  iv,
                  AES_ENCRYPT);
+  memset(iv, 0, AES_BLOCK_SIZE);
 #endif
 }

 /* ****************************************************** */

 int aes_cbc_decrypt (unsigned char *out, const unsigned char *in, size_t in_len,
-                     const unsigned char *iv, aes_context_t *ctx) {
+                     unsigned char *iv, aes_context_t *ctx) {

 #ifdef HAVE_OPENSSL_1_1
  int evp_len;
@ -123,6 +124,7 @@ int aes_cbc_decrypt (unsigned char *out, const unsigned char *in, size_t in_len,
                  &(ctx->dec_key),
                  iv,
                  AES_DECRYPT);
+    memset(iv, 0, AES_BLOCK_SIZE);
 #endif

  return 0;
--- a/src/transform_aes.c
+++ b/src/transform_aes.c
@ -35,7 +35,7 @@

 // cbc mode is being used with random value prepended to plaintext
 // instead of iv so, actual iv is null_iv
-const uint8_t null_iv[AES_IV_SIZE] = {0};
+uint8_t null_iv[AES_IV_SIZE] = {0};

 typedef struct transop_aes {
  aes_context_t       *ctx;