Fix decryption of ciphertext created with 'header' => 'randomiv'

pghmcfc · pghmcfc · commit 160af6095cf6 · 2023-09-05T10:27:28.000+01:00
Patch originally from Paulo Andrade: https://bugzilla.redhat.com/show_bug.cgi?id=2235322 The function sub key_and_iv () in the module Crypt/CBC/PBKDF.pm returns two values: key and iv In sub _read_key_and_iv in Crypt/CBC.pm, the key is set from the second return value rather than the first, causing decryption failures (#6). This commit changes sub _read_key_and_iv to use the first value instead, fixing the problem.
diff --git a/lib/Crypt/CBC.pm b/lib/Crypt/CBC.pm
@@ -661,7 +661,7 @@ sub _read_key_and_iv {
 	croak "Ciphertext does not begin with a valid header for 'randomiv' header mode" unless defined $self->{iv};
 	croak "randomiv header mode cannot be used securely when decrypting with a >8 byte block cipher.\n"
 	    unless $self->blocksize == 8;
-	(undef,$self->{key}) = $self->pbkdf_obj->key_and_iv(undef,$self->{passphrase});
+	($self->{key},undef) = $self->pbkdf_obj->key_and_iv(undef,$self->{passphrase});
 	substr($$input_stream,0,16) = ''; # truncate
     }
 

Original file line number	Diff line number	Diff line change
`@@ -661,7 +661,7 @@ sub _read_key_and_iv {`
`661`	`661`	`croak "Ciphertext does not begin with a valid header for 'randomiv' header mode" unless defined $self->{iv};`
`662`	`662`	`croak "randomiv header mode cannot be used securely when decrypting with a >8 byte block cipher.\n"`
`663`	`663`	`unless $self->blocksize == 8;`
`664`		`- (undef,$self->{key}) = $self->pbkdf_obj->key_and_iv(undef,$self->{passphrase});`
	`664`	`+ ($self->{key},undef) = $self->pbkdf_obj->key_and_iv(undef,$self->{passphrase});`
`665`	`665`	`substr($$input_stream,0,16) = ''; # truncate`
`666`	`666`	`}`
`667`	`667`