drbg: Use AES_ECB encryption

src/libstrongswan/plugins/drbg/drbg_ctr.c

@@ -90,14 +90,10 @@ METHOD(drbg_t, get_strength, uint32_t,
 
 static bool encrypt_ctr(private_drbg_ctr_t *this, chunk_t out)
 {
-	chunk_t iv = chunk_alloca(this->value.len);
 	chunk_t bl = chunk_alloca(this->value.len);
 	chunk_t block;
 	size_t delta, pos = 0;
 
-	/* Initialize IV to all zeroes for ECB mode */
-	memset(iv.ptr, 0x00, iv.len);
-
 	if (!this->crypter->set_key(this->crypter, this->key))
 	{
 		return FALSE;
@@ -115,7 +111,7 @@ static bool encrypt_ctr(private_drbg_ctr_t *this, chunk_t out)
 		memcpy(block.ptr, this->value.ptr, this->value.len);
 
 		/* ECB encryption */
-		if (!this->crypter->encrypt(this->crypter, block, iv, NULL))
+		if (!this->crypter->encrypt(this->crypter, block, chunk_empty, NULL))
 		{
 			return FALSE;
 		}
@@ -261,15 +257,15 @@ drbg_ctr_t *drbg_ctr_create(drbg_type_t type, uint32_t strength,
 	switch (type)
 	{
 		case DRBG_CTR_AES128:
-			crypter_type = ENCR_AES_CBC;
+			crypter_type = ENCR_AES_ECB;
 			key_len = 16;
 			break;
 		case DRBG_CTR_AES192:
-			crypter_type = ENCR_AES_CBC;
+			crypter_type = ENCR_AES_ECB;
 			key_len = 24;
 			break;
 		case DRBG_CTR_AES256:
-			crypter_type = ENCR_AES_CBC;
+			crypter_type = ENCR_AES_ECB;
 			key_len = 32;
 			break;
 		default:

src/libstrongswan/plugins/drbg/drbg_plugin.c

@@ -45,11 +45,11 @@ METHOD(plugin_t, get_features, int,
 		/* NIST CTR DRBG */
 		PLUGIN_REGISTER(DRBG, drbg_ctr_create),
 			PLUGIN_PROVIDE(DRBG, DRBG_CTR_AES128),
-				PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16),
+				PLUGIN_DEPENDS(CRYPTER, ENCR_AES_ECB, 16),
 			PLUGIN_PROVIDE(DRBG, DRBG_CTR_AES192),
-				PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 24),
+				PLUGIN_DEPENDS(CRYPTER, ENCR_AES_ECB, 24),
 			PLUGIN_PROVIDE(DRBG, DRBG_CTR_AES256),
-				PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 32),
+				PLUGIN_DEPENDS(CRYPTER, ENCR_AES_ECB, 32),
 		/* NIST HMAC DRBG */
 		PLUGIN_REGISTER(DRBG, drbg_hmac_create),
 			PLUGIN_PROVIDE(DRBG, DRBG_HMAC_SHA1),