From 5193ba640ee8bd3ccdb9fa14a116ba4e725105e1 Mon Sep 17 00:00:00 2001
From: Thorsten Sommer <SommerEngineering@users.noreply.github.com>
Date: Thu, 14 May 2026 15:36:55 +0200
Subject: [PATCH] Upgraded aes and cbc dependencies to their latest versions

---
 runtime/Cargo.lock        | 75 +++++++++++++++++++++++++++++++++------
 runtime/Cargo.toml        |  4 +--
 runtime/src/encryption.rs |  6 ++--
 3 files changed, 70 insertions(+), 15 deletions(-)

diff --git a/runtime/Cargo.lock b/runtime/Cargo.lock
index b0ee9a0d..e5eac6da 100644
--- a/runtime/Cargo.lock
+++ b/runtime/Cargo.lock
@@ -21,10 +21,21 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b169f7a6d4742236a0a00c541b845991d0ac43e546831af1249753ab4c3aa3a0"
 dependencies = [
  "cfg-if",
- "cipher",
+ "cipher 0.4.4",
  "cpufeatures 0.2.12",
 ]
 
+[[package]]
+name = "aes"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "66bd29a732b644c0431c6140f370d097879203d79b80c94a6747ba0872adaef8"
+dependencies = [
+ "cipher 0.5.1",
+ "cpubits",
+ "cpufeatures 0.3.0",
+]
+
 [[package]]
 name = "aho-corasick"
 version = "1.1.3"
@@ -526,6 +537,15 @@ dependencies = [
  "generic-array",
 ]
 
+[[package]]
+name = "block-padding"
+version = "0.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "710f1dd022ef4e93f8a438b4ba958de7f64308434fa6a87104481645cc30068b"
+dependencies = [
+ "hybrid-array",
+]
+
 [[package]]
 name = "block2"
 version = "0.5.1"
@@ -720,7 +740,16 @@ version = "0.1.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "26b52a9543ae338f279b96b0b9fed9c8093744685043739079ce85cd58f289a6"
 dependencies = [
- "cipher",
+ "cipher 0.4.4",
+]
+
+[[package]]
+name = "cbc"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "98db6aeaef0eeef2c1e3ce9a27b739218825dae116076352ac3777076aa22225"
+dependencies = [
+ "cipher 0.5.1",
 ]
 
 [[package]]
@@ -807,7 +836,17 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad"
 dependencies = [
  "crypto-common 0.1.6",
- "inout",
+ "inout 0.1.3",
+]
+
+[[package]]
+name = "cipher"
+version = "0.5.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e34d8227fe1ba289043aeb13792056ff80fd6de1a9f49137a5f499de8e8c78ea"
+dependencies = [
+ "crypto-common 0.2.1",
+ "inout 0.2.2",
 ]
 
 [[package]]
@@ -963,6 +1002,12 @@ dependencies = [
  "libc",
 ]
 
+[[package]]
+name = "cpubits"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "15b85f9c39137c3a891689859392b1bd49812121d0d61c9caf00d46ed5ce06ae"
+
 [[package]]
 name = "cpufeatures"
 version = "0.2.12"
@@ -1170,9 +1215,9 @@ version = "4.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "708b509edf7889e53d7efb0ffadd994cc6c2345ccb62f55cfd6b0682165e4fa6"
 dependencies = [
- "aes",
- "block-padding",
- "cbc",
+ "aes 0.8.4",
+ "block-padding 0.3.3",
+ "cbc 0.1.2",
  "dbus",
  "fastrand",
  "hkdf",
@@ -2620,10 +2665,20 @@ version = "0.1.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a0c10553d664a4d0bcff9f4215d0aac67a639cc68ef660840afe309b807bc9f5"
 dependencies = [
- "block-padding",
+ "block-padding 0.3.3",
  "generic-array",
 ]
 
+[[package]]
+name = "inout"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4250ce6452e92010fdf7268ccc5d14faa80bb12fc741938534c58f16804e03c7"
+dependencies = [
+ "block-padding 0.4.2",
+ "hybrid-array",
+]
+
 [[package]]
 name = "ipnet"
 version = "2.9.0"
@@ -2996,7 +3051,7 @@ checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a"
 name = "mindwork-ai-studio"
 version = "26.5.4"
 dependencies = [
- "aes",
+ "aes 0.9.0",
  "apple-native-keyring-store",
  "arboard",
  "async-stream",
@@ -3005,7 +3060,7 @@ dependencies = [
  "base64 0.22.1",
  "bytes",
  "calamine",
- "cbc",
+ "cbc 0.2.0",
  "cfg-if",
  "dbus-secret-service-keyring-store",
  "file-format",
@@ -7248,7 +7303,7 @@ version = "2.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "27c03817464f64e23f6f37574b4fdc8cf65925b5bfd2b0f2aedf959791941f88"
 dependencies = [
- "aes",
+ "aes 0.8.4",
  "arbitrary",
  "bzip2",
  "constant_time_eq",
diff --git a/runtime/Cargo.toml b/runtime/Cargo.toml
index b05a1390..3cd307f0 100644
--- a/runtime/Cargo.toml
+++ b/runtime/Cargo.toml
@@ -31,8 +31,8 @@ rustls = { version = "0.23.28", default-features = false, features = ["aws_lc_rs
 rand = "0.10.1"
 rand_chacha = "0.10.0"
 base64 = "0.22.1"
-aes = "0.8.4"
-cbc = "0.1.2"
+aes = "0.9.0"
+cbc = "0.2.0"
 pbkdf2 = "0.13.0"
 hmac = "0.13.0"
 sha2 = "0.11.0"
diff --git a/runtime/src/encryption.rs b/runtime/src/encryption.rs
index 2c7828b3..22e58806 100644
--- a/runtime/src/encryption.rs
+++ b/runtime/src/encryption.rs
@@ -2,7 +2,7 @@ use std::fmt;
 use std::time::Instant;
 use base64::Engine;
 use base64::prelude::BASE64_STANDARD;
-use aes::cipher::{block_padding::Pkcs7, BlockDecryptMut, BlockEncryptMut, KeyIvInit};
+use aes::cipher::{block_padding::Pkcs7, BlockModeDecrypt, BlockModeEncrypt, KeyIvInit};
 use hmac::Hmac;
 use log::{error, info};
 use once_cell::sync::Lazy;
@@ -107,7 +107,7 @@ impl Encryption {
         let mut buffer = vec![0u8; data.len() + 16];
         buffer[..data.len()].copy_from_slice(data);
         let encrypted = cipher
-            .encrypt_padded_mut::<Pkcs7>(&mut buffer, data.len())
+            .encrypt_padded::<Pkcs7>(&mut buffer, data.len())
             .map_err(|e| format!("Error encrypting data: {e}"))?;
         let mut result = BASE64_STANDARD.encode(self.secret_key_salt);
         result.push_str(&BASE64_STANDARD.encode(encrypted));
@@ -130,7 +130,7 @@ impl Encryption {
         let cipher = Aes256CbcDec::new(&self.key.into(), &self.iv.into());
         let mut buffer = encrypted.to_vec();
         let decrypted = cipher
-            .decrypt_padded_mut::<Pkcs7>(&mut buffer)
+            .decrypt_padded::<Pkcs7>(&mut buffer)
             .map_err(|e| format!("Error decrypting data: {e}"))?;
 
         String::from_utf8(decrypted.to_vec()).map_err(|e| format!("Error converting decrypted data to string: {}", e))