in src/ecdh_support.c [293:344]
int AES_CBC_IV0_DECRYPT(octet *k,const octet *c,octet *m)
{
/* padding is removed */
amcl_aes a;
int i;
int ipt;
int opt;
int ch;
char buff[16];
int fin;
int bad;
int padlen;
ipt=opt=0;
OCT_clear(m);
if (c->len==0) return 1;
ch=c->val[ipt++];
AES_init(&a,CBC,k->len,k->val,NULL);
fin=0;
for(;;)
{
for (i=0; i<16; i++)
{
buff[i]=(char)ch;
if (ipt>=c->len)
{
fin=1;
break;
}
else ch=c->val[ipt++];
}
AES_decrypt(&a,buff);
if (fin) break;
for (i=0; i<16; i++)
if (opt<m->max) m->val[opt++]=buff[i];
}
AES_end(&a);
bad=0;
padlen=buff[15];
if (i!=15 || padlen<1 || padlen>16) bad=1;
if (padlen>=2 && padlen<=16)
for (i=16-padlen; i<16; i++) if (buff[i]!=padlen) bad=1;
if (!bad) for (i=0; i<16-padlen; i++)
if (opt<m->max) m->val[opt++]=buff[i];
m->len=opt;
if (bad) return 0;
return 1;
}