Skip to content

fix: migrate from deprecated OpenSSL AES API to EVP API #523

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
TomasULR wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: migrate from deprecated OpenSSL AES API to EVP API #523

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 34 additions & 12 deletions linux/ble/bleutils.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#include <openssl/aes.h>
#include <openssl/evp.h>
#include "deviceinfo.hpp"
#include "bleutils.h"
#include <QDebug>
Expand Down Expand Up @@ -67,15 +67,27 @@ QByteArray BLEUtils::e(const QByteArray &key, const QByteArray &data)
QByteArray reversedData(data);
std::reverse(reversedData.begin(), reversedData.end());

// Set up AES encryption
AES_KEY aesKey;
if (AES_set_encrypt_key(reinterpret_cast<const unsigned char *>(reversedKey.constData()), 128, &aesKey) != 0)
// Set up AES-128-ECB encryption using EVP API
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
if (!ctx)
{
return QByteArray();
}

unsigned char out[16];
AES_encrypt(reinterpret_cast<const unsigned char *>(reversedData.constData()), out, &aesKey);
int outLen = 0;

if (EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), nullptr,
reinterpret_cast<const unsigned char *>(reversedKey.constData()), nullptr) != 1 ||
EVP_CIPHER_CTX_set_padding(ctx, 0) != 1 ||
EVP_EncryptUpdate(ctx, out, &outLen,
reinterpret_cast<const unsigned char *>(reversedData.constData()), 16) != 1)
{
EVP_CIPHER_CTX_free(ctx);
return QByteArray();
}

EVP_CIPHER_CTX_free(ctx);

// Convert output to QByteArray and reverse it
QByteArray result(reinterpret_cast<char *>(out), 16);
Expand Down Expand Up @@ -115,21 +127,31 @@ QByteArray BLEUtils::decryptLastBytes(const QByteArray &data, const QByteArray &
// Extract the last 16 bytes
QByteArray block = data.right(16);

// Set up AES decryption key (use key directly, no reversal)
AES_KEY aesKey;
if (AES_set_decrypt_key(reinterpret_cast<const unsigned char *>(key.constData()), 128, &aesKey) != 0)
// Set up AES-128-CBC decryption with zero IV using EVP API
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
if (!ctx)
{
qDebug() << "Failed to set AES decryption key";
qDebug() << "Failed to create EVP cipher context";
return QByteArray();
}

unsigned char out[16];
unsigned char iv[16];
memset(iv, 0, 16); // Zero IV for CBC mode
int outLen = 0;

if (EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), nullptr,
reinterpret_cast<const unsigned char *>(key.constData()), iv) != 1 ||
EVP_CIPHER_CTX_set_padding(ctx, 0) != 1 ||
EVP_DecryptUpdate(ctx, out, &outLen,
reinterpret_cast<const unsigned char *>(block.constData()), 16) != 1)
{
qDebug() << "AES decryption failed";
EVP_CIPHER_CTX_free(ctx);
return QByteArray();
}

// Perform AES decryption using CBC mode with zero IV
// AES_cbc_encrypt is used for both encryption and decryption depending on the key schedule
AES_cbc_encrypt(reinterpret_cast<const unsigned char *>(block.constData()), out, 16, &aesKey, iv, AES_DECRYPT);
EVP_CIPHER_CTX_free(ctx);

// Convert output to QByteArray (no reversal)
QByteArray result(reinterpret_cast<char *>(out), 16);
Expand Down