From 57b158478c59d13fa2a5d44ca0d2fcf7b7bd7bbc Mon Sep 17 00:00:00 2001 From: fduncanh Date: Wed, 3 Nov 2021 00:29:16 -0400 Subject: [PATCH] important fix (last 16 decrypted bytes were missing in each audio packet) --- lib/raop_buffer.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/lib/raop_buffer.c b/lib/raop_buffer.c index ddff15d..5faf765 100755 --- a/lib/raop_buffer.c +++ b/lib/raop_buffer.c @@ -170,12 +170,23 @@ raop_buffer_decrypt(raop_buffer_t *raop_buffer, unsigned char *data, unsigned ch fwrite(&data[12], payloadsize, 1, file_source); } #endif + + /* Need to be initialized externally */ + aes_ctx_t *aes_ctx_audio = aes_cbc_init(raop_buffer->aeskey, raop_buffer->aesiv, AES_DECRYPT); encryptedlen = (payload_size / 16) * 16; memset(output, 0, payload_size); - // Need to be initialized internally - aes_ctx_t *aes_ctx_audio = aes_cbc_init(raop_buffer->aeskey, raop_buffer->aesiv, AES_DECRYPT); - aes_cbc_decrypt(aes_ctx_audio, &data[12], output, encryptedlen); + + /* Adding 15 to encryptedlen in the call to aes_cbc_decrypt is a fix (hack) to ensure that */ + /* all encryptedlen encrypted bytes are decrypted .*/ + /* The implementation of aes_cbc_decrypt in crypto.c calls OpenSSL function EVP_EncryptUpdate */ + /* but does not call EVP_EncryptFinal_ex to finalize the decryption of the packet. */ + /* Without the fix, the last 16 encrypted bytes are lost; */ + /* with the fix all (encryptedlen + 15) /16 * 16 = encryptedlen encrypted bytes are written into output,*/ + /* with no risk of buffer overflow */ + + aes_cbc_decrypt(aes_ctx_audio, &data[12], output, encryptedlen + 15); + aes_cbc_destroy(aes_ctx_audio); memcpy(output + encryptedlen, &data[12 + encryptedlen], payload_size - encryptedlen);