crypto: fix built-in AES decrypt function

The qcrypto_cipher_decrypt_aes method was using the wrong
key material, and passing the wrong mode. This caused it
to incorrectly decrypt ciphertext.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1437740634-6261-1-git-send-email-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

1 files changed, 4 insertions, 4 deletions

diff --git a/crypto/cipher-builtin.c b/crypto/cipher-builtin.c
index 912c1b947d..30f4853c86 100644
--- a/crypto/cipher-builtin.c
+++ b/crypto/cipher-builtin.c
@@ -117,7 +117,7 @@ static int qcrypto_cipher_decrypt_aes(QCryptoCipher *cipher,
         uint8_t *outptr = out;
         while (len) {
             if (len > AES_BLOCK_SIZE) {
-                AES_decrypt(inptr, outptr, &ctxt->state.aes.encrypt_key);
+                AES_decrypt(inptr, outptr, &ctxt->state.aes.decrypt_key);
                 inptr += AES_BLOCK_SIZE;
                 outptr += AES_BLOCK_SIZE;
                 len -= AES_BLOCK_SIZE;
@@ -126,15 +126,15 @@ static int qcrypto_cipher_decrypt_aes(QCryptoCipher *cipher,
                 memcpy(tmp1, inptr, len);
                 /* Fill with 0 to avoid valgrind uninitialized reads */
                 memset(tmp1 + len, 0, sizeof(tmp1) - len);
-                AES_decrypt(tmp1, tmp2, &ctxt->state.aes.encrypt_key);
+                AES_decrypt(tmp1, tmp2, &ctxt->state.aes.decrypt_key);
                 memcpy(outptr, tmp2, len);
                 len = 0;
             }
         }
     } else {
         AES_cbc_encrypt(in, out, len,
-                        &ctxt->state.aes.encrypt_key,
-                        ctxt->state.aes.iv, 1);
+                        &ctxt->state.aes.decrypt_key,
+                        ctxt->state.aes.iv, 0);
     }
 
     return 0;