本文整理汇总了C++中EVP_CIPHER_CTX_new函数的典型用法代码示例。如果您正苦于以下问题:C++ EVP_CIPHER_CTX_new函数的具体用法?C++ EVP_CIPHER_CTX_new怎么用?C++ EVP_CIPHER_CTX_new使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了EVP_CIPHER_CTX_new函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: ssl3_change_cipher_state
int ssl3_change_cipher_state(SSL *s, int which)
{
unsigned char *p, *mac_secret;
unsigned char exp_key[EVP_MAX_KEY_LENGTH];
unsigned char exp_iv[EVP_MAX_IV_LENGTH];
unsigned char *ms, *key, *iv;
EVP_CIPHER_CTX *dd;
const EVP_CIPHER *c;
#ifndef OPENSSL_NO_COMP
COMP_METHOD *comp;
#endif
const EVP_MD *m;
int mdi;
size_t n, i, j, k, cl;
int reuse_dd = 0;
c = s->s3->tmp.new_sym_enc;
m = s->s3->tmp.new_hash;
/* m == NULL will lead to a crash later */
if (!ossl_assert(m != NULL)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
ERR_R_INTERNAL_ERROR);
goto err;
}
#ifndef OPENSSL_NO_COMP
if (s->s3->tmp.new_compression == NULL)
comp = NULL;
else
comp = s->s3->tmp.new_compression->method;
#endif
if (which & SSL3_CC_READ) {
if (s->enc_read_ctx != NULL) {
reuse_dd = 1;
} else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
ERR_R_MALLOC_FAILURE);
goto err;
} else {
/*
* make sure it's initialised in case we exit later with an error
*/
EVP_CIPHER_CTX_reset(s->enc_read_ctx);
}
dd = s->enc_read_ctx;
if (ssl_replace_hash(&s->read_hash, m) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
ERR_R_INTERNAL_ERROR);
goto err;
}
#ifndef OPENSSL_NO_COMP
/* COMPRESS */
COMP_CTX_free(s->expand);
s->expand = NULL;
if (comp != NULL) {
s->expand = COMP_CTX_new(comp);
if (s->expand == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_SSL3_CHANGE_CIPHER_STATE,
SSL_R_COMPRESSION_LIBRARY_ERROR);
goto err;
}
}
#endif
RECORD_LAYER_reset_read_sequence(&s->rlayer);
mac_secret = &(s->s3->read_mac_secret[0]);
} else {
if (s->enc_write_ctx != NULL) {
reuse_dd = 1;
} else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
ERR_R_MALLOC_FAILURE);
goto err;
} else {
/*
* make sure it's initialised in case we exit later with an error
*/
EVP_CIPHER_CTX_reset(s->enc_write_ctx);
}
dd = s->enc_write_ctx;
if (ssl_replace_hash(&s->write_hash, m) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
ERR_R_MALLOC_FAILURE);
goto err;
}
#ifndef OPENSSL_NO_COMP
/* COMPRESS */
COMP_CTX_free(s->compress);
s->compress = NULL;
if (comp != NULL) {
s->compress = COMP_CTX_new(comp);
if (s->compress == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_SSL3_CHANGE_CIPHER_STATE,
SSL_R_COMPRESSION_LIBRARY_ERROR);
goto err;
}
}
#endif
//.........这里部分代码省略.........
示例2: tls1_change_cipher_state
//.........这里部分代码省略.........
{
COMP_CTX_free(s->expand);
s->expand=NULL;
}
if (comp != NULL)
{
s->expand=COMP_CTX_new(comp->method);
if (s->expand == NULL)
{
SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
goto err2;
}
if (s->s3->rrec.comp == NULL)
s->s3->rrec.comp=(unsigned char *)
OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
if (s->s3->rrec.comp == NULL)
goto err;
}
#endif
/* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */
if (s->version != DTLS1_VERSION)
memset(&(s->s3->read_sequence[0]),0,8);
mac_secret= &(s->s3->read_mac_secret[0]);
mac_secret_size=&(s->s3->read_mac_secret_size);
}
else
{
if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
else
s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s))
reuse_dd = 1;
else if ((s->enc_write_ctx=EVP_CIPHER_CTX_new()) == NULL)
goto err;
dd= s->enc_write_ctx;
if (SSL_IS_DTLS(s))
{
mac_ctx = EVP_MD_CTX_create();
if (!mac_ctx)
goto err;
s->write_hash = mac_ctx;
}
else
mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
#ifndef OPENSSL_NO_COMP
if (s->compress != NULL)
{
COMP_CTX_free(s->compress);
s->compress=NULL;
}
if (comp != NULL)
{
s->compress=COMP_CTX_new(comp->method);
if (s->compress == NULL)
{
SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
goto err2;
}
}
#endif
/* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */
if (s->version != DTLS1_VERSION)
memset(&(s->s3->write_sequence[0]),0,8);
mac_secret= &(s->s3->write_mac_secret[0]);
mac_secret_size = &(s->s3->write_mac_secret_size);
示例3: crypto_aes_test
/**
* testing function
*/
int crypto_aes_test(void)
{
/* "opaque" encryption, decryption ctx structures
* that libcrypto uses to record status of enc/dec operations */
EVP_CIPHER_CTX *en = NULL;
EVP_CIPHER_CTX *de = NULL;
/* The salt paramter is used as a salt in the derivation:
* it should point to an 8 byte buffer or NULL if no salt is used. */
unsigned char salt[] = {1,2,3,4,5,6,7,8};
unsigned char *key_data;
int key_data_len, i;
char *input[] = {"Kamailio - The Open Source SIP Server",
"Thank you for flying Kamailio!",
"100 Trying\nYour call is important to us",
NULL
};
en = EVP_CIPHER_CTX_new();
if(en==NULL) {
LM_ERR("cannot get new cipher context\n");
return -1;
}
de = EVP_CIPHER_CTX_new();
if(de==NULL) {
EVP_CIPHER_CTX_free(en);
LM_ERR("cannot get new cipher context\n");
return -1;
}
/* the key_data for testing */
key_data = (unsigned char *)"kamailio-sip-server";
key_data_len = strlen((const char *)key_data);
/* gen key and iv. init the cipher ctx object */
if (crypto_aes_init(key_data, key_data_len, salt, en, de)) {
LM_ERR("couldn't initialize AES cipher\n");
return -1;
}
/* encrypt and decrypt each input string and compare with the original */
for (i = 0; input[i]; i++) {
char *plaintext;
unsigned char *ciphertext;
int olen, len;
/* The enc/dec functions deal with binary data and not C strings.
* strlen() will return length of the string without counting the '\0'
* string marker. We always pass in the marker byte to the
* encrypt/decrypt functions so that after decryption we end up with
* a legal C string */
olen = len = strlen(input[i])+1;
ciphertext = crypto_aes_encrypt(en, (unsigned char *)input[i], &len);
plaintext = (char *)crypto_aes_decrypt(de, ciphertext, &len);
if (strncmp(plaintext, input[i], olen))
LM_ERR("FAIL: enc/dec failed for \"%s\"\n", input[i]);
else
LM_NOTICE("OK: enc/dec ok for \"%s\"\n", plaintext);
free(ciphertext);
free(plaintext);
}
EVP_CIPHER_CTX_cleanup(de);
EVP_CIPHER_CTX_free(de);
EVP_CIPHER_CTX_cleanup(en);
EVP_CIPHER_CTX_free(en);
return 0;
}
示例4: init_encryption
void init_encryption(struct encryption_ctx *ctx) {
ctx->status = STATUS_EMPTY;
ctx->ctx = EVP_CIPHER_CTX_new();
ctx->cipher = cipher;
}
示例5: ssl3_change_cipher_state
int ssl3_change_cipher_state(SSL *s, int which)
{
unsigned char *p, *mac_secret;
unsigned char exp_key[EVP_MAX_KEY_LENGTH];
unsigned char exp_iv[EVP_MAX_IV_LENGTH];
unsigned char *ms, *key, *iv;
EVP_CIPHER_CTX *dd;
const EVP_CIPHER *c;
#ifndef OPENSSL_NO_COMP
COMP_METHOD *comp;
#endif
const EVP_MD *m;
int n, i, j, k, cl;
int reuse_dd = 0;
c = s->s3->tmp.new_sym_enc;
m = s->s3->tmp.new_hash;
/* m == NULL will lead to a crash later */
OPENSSL_assert(m);
#ifndef OPENSSL_NO_COMP
if (s->s3->tmp.new_compression == NULL)
comp = NULL;
else
comp = s->s3->tmp.new_compression->method;
#endif
if (which & SSL3_CC_READ) {
if (s->enc_read_ctx != NULL)
reuse_dd = 1;
else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL)
goto err;
else
/*
* make sure it's intialized in case we exit later with an error
*/
EVP_CIPHER_CTX_reset(s->enc_read_ctx);
dd = s->enc_read_ctx;
if (ssl_replace_hash(&s->read_hash, m) == NULL) {
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
goto err2;
}
#ifndef OPENSSL_NO_COMP
/* COMPRESS */
COMP_CTX_free(s->expand);
s->expand = NULL;
if (comp != NULL) {
s->expand = COMP_CTX_new(comp);
if (s->expand == NULL) {
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,
SSL_R_COMPRESSION_LIBRARY_ERROR);
goto err2;
}
if (!RECORD_LAYER_setup_comp_buffer(&s->rlayer))
goto err;
}
#endif
RECORD_LAYER_reset_read_sequence(&s->rlayer);
mac_secret = &(s->s3->read_mac_secret[0]);
} else {
if (s->enc_write_ctx != NULL)
reuse_dd = 1;
else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL)
goto err;
else
/*
* make sure it's intialized in case we exit later with an error
*/
EVP_CIPHER_CTX_reset(s->enc_write_ctx);
dd = s->enc_write_ctx;
if (ssl_replace_hash(&s->write_hash, m) == NULL) {
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
goto err2;
}
#ifndef OPENSSL_NO_COMP
/* COMPRESS */
COMP_CTX_free(s->compress);
s->compress = NULL;
if (comp != NULL) {
s->compress = COMP_CTX_new(comp);
if (s->compress == NULL) {
SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,
SSL_R_COMPRESSION_LIBRARY_ERROR);
goto err2;
}
}
#endif
RECORD_LAYER_reset_write_sequence(&s->rlayer);
mac_secret = &(s->s3->write_mac_secret[0]);
}
if (reuse_dd)
EVP_CIPHER_CTX_reset(dd);
p = s->s3->tmp.key_block;
i = EVP_MD_size(m);
if (i < 0)
goto err2;
cl = EVP_CIPHER_key_length(c);
j = cl;
//.........这里部分代码省略.........
示例6: _cjose_jwe_encrypt_dat_a256gcm
static bool _cjose_jwe_encrypt_dat_a256gcm(
cjose_jwe_t *jwe,
const uint8_t *plaintext,
size_t plaintext_len,
cjose_err *err)
{
EVP_CIPHER_CTX *ctx = NULL;
if (NULL == plaintext)
{
CJOSE_ERROR(err, CJOSE_ERR_INVALID_ARG);
goto _cjose_jwe_encrypt_dat_fail;
}
// get A256GCM cipher
const EVP_CIPHER *cipher = EVP_aes_256_gcm();
if (NULL == cipher)
{
CJOSE_ERROR(err, CJOSE_ERR_CRYPTO);
goto _cjose_jwe_encrypt_dat_fail;
}
// instantiate and initialize a new openssl cipher context
ctx = EVP_CIPHER_CTX_new();
if (NULL == ctx)
{
CJOSE_ERROR(err, CJOSE_ERR_CRYPTO);
goto _cjose_jwe_encrypt_dat_fail;
}
EVP_CIPHER_CTX_init(ctx);
// initialize context for encryption using A256GCM cipher and CEK and IV
if (EVP_EncryptInit_ex(ctx, cipher, NULL, jwe->cek, jwe->part[2].raw) != 1)
{
CJOSE_ERROR(err, CJOSE_ERR_CRYPTO);
goto _cjose_jwe_encrypt_dat_fail;
}
// we need the header in base64url encoding as input for encryption
if ((NULL == jwe->part[0].b64u) && (!cjose_base64url_encode(
(const uint8_t *)jwe->part[0].raw, jwe->part[0].raw_len,
&jwe->part[0].b64u, &jwe->part[0].b64u_len, err)))
{
goto _cjose_jwe_encrypt_dat_fail;
}
// set GCM mode AAD data (hdr_b64u) by setting "out" to NULL
int bytes_encrypted = 0;
if (EVP_EncryptUpdate(ctx,
NULL, &bytes_encrypted,
(unsigned char *)jwe->part[0].b64u,
jwe->part[0].b64u_len) != 1 ||
bytes_encrypted != jwe->part[0].b64u_len)
{
CJOSE_ERROR(err, CJOSE_ERR_CRYPTO);
goto _cjose_jwe_encrypt_dat_fail;
}
// allocate buffer for the ciphertext
cjose_get_dealloc()(jwe->part[3].raw);
jwe->part[3].raw_len = plaintext_len;
if (!_cjose_jwe_malloc(jwe->part[3].raw_len, false, &jwe->part[3].raw, err))
{
goto _cjose_jwe_encrypt_dat_fail;
}
// encrypt entire plaintext to ciphertext buffer
if (EVP_EncryptUpdate(ctx,
jwe->part[3].raw, &bytes_encrypted,
plaintext, plaintext_len) != 1)
{
CJOSE_ERROR(err, CJOSE_ERR_CRYPTO);
goto _cjose_jwe_encrypt_dat_fail;
}
jwe->part[3].raw_len = bytes_encrypted;
// finalize the encryption and set the ciphertext length to correct value
if (EVP_EncryptFinal_ex(ctx, NULL, &bytes_encrypted) != 1)
{
CJOSE_ERROR(err, CJOSE_ERR_CRYPTO);
goto _cjose_jwe_encrypt_dat_fail;
}
// allocate buffer for the authentication tag
cjose_get_dealloc()(jwe->part[4].raw);
jwe->part[4].raw_len = 16;
if (!_cjose_jwe_malloc(jwe->part[4].raw_len, false, &jwe->part[4].raw, err))
{
goto _cjose_jwe_encrypt_dat_fail;
}
// get the GCM-mode authentication tag
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG,
jwe->part[4].raw_len, jwe->part[4].raw) != 1)
{
CJOSE_ERROR(err, CJOSE_ERR_CRYPTO);
goto _cjose_jwe_encrypt_dat_fail;
}
EVP_CIPHER_CTX_free(ctx);
//.........这里部分代码省略.........
示例7: EVP_CIPHER_CTX_new
static EVP_PKEY *do_PVK_body(const unsigned char **in,
unsigned int saltlen, unsigned int keylen,
pem_password_cb *cb, void *u)
{
EVP_PKEY *ret = NULL;
const unsigned char *p = *in;
unsigned int magic;
unsigned char *enctmp = NULL, *q;
EVP_CIPHER_CTX *cctx = EVP_CIPHER_CTX_new();
if (saltlen) {
char psbuf[PEM_BUFSIZE];
unsigned char keybuf[20];
int enctmplen, inlen;
if (cb)
inlen = cb(psbuf, PEM_BUFSIZE, 0, u);
else
inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
if (inlen <= 0) {
PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ);
goto err;
}
enctmp = OPENSSL_malloc(keylen + 8);
if (enctmp == NULL) {
PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE);
goto err;
}
if (!derive_pvk_key(keybuf, p, saltlen,
(unsigned char *)psbuf, inlen))
goto err;
p += saltlen;
/* Copy BLOBHEADER across, decrypt rest */
memcpy(enctmp, p, 8);
p += 8;
if (keylen < 8) {
PEMerr(PEM_F_DO_PVK_BODY, PEM_R_PVK_TOO_SHORT);
goto err;
}
inlen = keylen - 8;
q = enctmp + 8;
if (!EVP_DecryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL))
goto err;
if (!EVP_DecryptUpdate(cctx, q, &enctmplen, p, inlen))
goto err;
if (!EVP_DecryptFinal_ex(cctx, q + enctmplen, &enctmplen))
goto err;
magic = read_ledword((const unsigned char **)&q);
if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) {
q = enctmp + 8;
memset(keybuf + 5, 0, 11);
if (!EVP_DecryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL))
goto err;
OPENSSL_cleanse(keybuf, 20);
if (!EVP_DecryptUpdate(cctx, q, &enctmplen, p, inlen))
goto err;
if (!EVP_DecryptFinal_ex(cctx, q + enctmplen, &enctmplen))
goto err;
magic = read_ledword((const unsigned char **)&q);
if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) {
PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_DECRYPT);
goto err;
}
} else
OPENSSL_cleanse(keybuf, 20);
p = enctmp;
}
ret = b2i_PrivateKey(&p, keylen);
err:
EVP_CIPHER_CTX_free(cctx);
OPENSSL_free(enctmp);
return ret;
}
示例8: initializeAESKeys
bool Wallet::readSecurityImage(const QString& inputFilePath, unsigned char** outputBufferPtr, int* outputBufferSize) {
unsigned char ivec[16];
unsigned char ckey[32];
initializeAESKeys(ivec, ckey, _salt);
// read encrypted file
QFile inputFile(inputFilePath);
if (!inputFile.exists()) {
qCDebug(commerce) << "cannot decrypt file" << inputFilePath << "it doesn't exist";
return false;
}
inputFile.open(QIODevice::ReadOnly | QIODevice::Text);
bool foundHeader = false;
bool foundFooter = false;
QByteArray base64EncryptedBuffer;
while (!inputFile.atEnd()) {
QString line(inputFile.readLine());
if (!foundHeader) {
foundHeader = (line == IMAGE_HEADER);
} else {
foundFooter = (line == IMAGE_FOOTER);
if (!foundFooter) {
base64EncryptedBuffer.append(line);
}
}
}
inputFile.close();
if (! (foundHeader && foundFooter)) {
qCDebug(commerce) << "couldn't parse" << inputFilePath << foundHeader << foundFooter;
return false;
}
// convert to bytes
auto encryptedBuffer = QByteArray::fromBase64(base64EncryptedBuffer);
// setup decrypted buffer
unsigned char* outputBuffer = new unsigned char[encryptedBuffer.size()];
int tempSize;
// TODO: add error handling
EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new();
if (!EVP_DecryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL, ckey, ivec)) {
qCDebug(commerce) << "decrypt init failure";
delete[] outputBuffer;
return false;
}
if (!EVP_DecryptUpdate(ctx, outputBuffer, &tempSize, (unsigned char*)encryptedBuffer.data(), encryptedBuffer.size())) {
qCDebug(commerce) << "decrypt update failure";
delete[] outputBuffer;
return false;
}
*outputBufferSize = tempSize;
if (!EVP_DecryptFinal_ex(ctx, outputBuffer + tempSize, &tempSize)) {
qCDebug(commerce) << "decrypt final failure";
delete[] outputBuffer;
return false;
}
EVP_CIPHER_CTX_free(ctx);
*outputBufferSize += tempSize;
*outputBufferPtr = outputBuffer;
qCDebug(commerce) << "decrypted buffer size" << *outputBufferSize;
return true;
}
示例9: main
//.........这里部分代码省略.........
file_size = ftell(fp);
ciphertext_len = file_size;
if (file_size < 0 || file_size != (long)ciphertext_len) {
fprintf(stderr, "file too large\n");
return 1;
}
if (fseek(fp, 0L, SEEK_SET)) {
fprintf(stderr, "fseek failed\n");
return 1;
}
ciphertext = malloc(file_size);
plaintext = malloc(file_size);
if (!ciphertext || !plaintext) {
fprintf(stderr, "malloc failed\n");
return 1;
}
if (fread(ciphertext, 1, file_size, fp) != file_size) {
fprintf(stderr, "read error\n");
return 1;
}
if (fclose(fp)) {
fprintf(stderr, "close error\n");
return 1;
}
/* Verify file size */
if (file_size < IV_LEN + HMAC_LEN) {
fprintf(stderr, "ciphertext file is impossibly small\n");
return 1;
}
/* Verify HMAC */
{
unsigned int md_len = HMAC_LEN;
HMAC(EVP_sha256(), hmac_key, HMAC_KEY_LEN, ciphertext, ciphertext_len - HMAC_LEN, md, &md_len);
if (memcmp(md, ciphertext + ciphertext_len - HMAC_LEN, HMAC_LEN) || md_len != HMAC_LEN) {
fprintf(stderr, "HMAC FAILED\n");
return 1;
}
}
/* Get cipher type */
if (!strcmp(argv[1], "PBKDF2-SHA1-AES256-HMAC-SHA256")) {
cipher_type = EVP_aes_256_cbc();
} else {
fprintf(stderr, "cipher type '%s' not found\n", argv[1]);
return 1;
}
/* Decrypt */
if (!(ctx = EVP_CIPHER_CTX_new())) {
fprintf(stderr, "EVP_CIPHER_CTX_new failed\n");
return 1;
}
if (EVP_DecryptInit_ex(ctx, cipher_type, NULL, cipher_key, ciphertext) != 1) {
fprintf(stderr, "EVP_DecryptInit_ex failed\n");
return 1;
}
if (EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext + IV_LEN, ciphertext_len - IV_LEN - HMAC_LEN) != 1) {
fprintf(stderr, "EVP_DecryptUpdate failed\n");
return 1;
}
plaintext_len = len;
if (EVP_DecryptFinal_ex(ctx, plaintext + len, &len) != 1) {
fprintf(stderr, "EVP_DecryptFinal_ex failed\n");
return 1;
}
plaintext_len += len;
/* Write plaintext */
if (argc >= 6) {
/* to file */
fp = fopen(argv[5], "w");
if (!fp) {
fprintf(stderr, "cannot open output plaintext file %s\n", argv[4]);
return 1;
}
if (fwrite(plaintext, 1, plaintext_len, fp) != plaintext_len) {
fprintf(stderr, "write error\n");
return 1;
}
if (fclose(fp)) {
fprintf(stderr, "close error\n");
return 1;
}
} else {
/* to stdout */
if (fwrite(plaintext, 1, plaintext_len, stdout) != plaintext_len) {
fprintf(stderr, "write error\n");
return 1;
}
}
EVP_CIPHER_CTX_free(ctx);
free(ciphertext);
free(plaintext);
return 0;
}
示例10: LUA_FUNCTION
static LUA_FUNCTION(openssl_evp_encrypt)
{
const EVP_CIPHER* cipher = NULL;
if (lua_istable(L, 1))
{
if (lua_getmetatable(L, 1) && lua_equal(L, 1, -1))
{
lua_pop(L, 1);
lua_remove(L, 1);
}
else
luaL_error(L, "call function with invalid state");
}
cipher = get_cipher(L, 1, NULL);
if (cipher)
{
size_t input_len = 0;
const char *input = luaL_checklstring(L, 2, &input_len);
size_t key_len = 0;
const char *key = luaL_optlstring(L, 3, NULL, &key_len); /* can be NULL */
size_t iv_len = 0;
const char *iv = luaL_optlstring(L, 4, NULL, &iv_len); /* can be NULL */
int pad = lua_isnoneornil(L, 5) ? 1 : lua_toboolean(L, 5);
ENGINE *e = lua_isnoneornil(L, 6) ? NULL : CHECK_OBJECT(6, ENGINE, "openssl.engine");
EVP_CIPHER_CTX *c = EVP_CIPHER_CTX_new();
int output_len = 0;
int len = 0;
char *buffer = NULL;
char evp_key[EVP_MAX_KEY_LENGTH] = {0};
char evp_iv[EVP_MAX_IV_LENGTH] = {0};
int ret = 0;
if (key)
{
key_len = EVP_MAX_KEY_LENGTH > key_len ? key_len : EVP_MAX_KEY_LENGTH;
memcpy(evp_key, key, key_len);
}
if (iv_len > 0 && iv)
{
iv_len = EVP_MAX_IV_LENGTH > iv_len ? iv_len : EVP_MAX_IV_LENGTH;
memcpy(evp_iv, iv, iv_len);
}
EVP_CIPHER_CTX_init(c);
ret = EVP_EncryptInit_ex(c, cipher, e, (const byte*)evp_key, iv_len > 0 ? (const byte*)evp_iv : NULL);
if (ret == 1)
{
ret = EVP_CIPHER_CTX_set_padding(c, pad);
if (ret == 1)
{
buffer = OPENSSL_malloc(input_len + EVP_CIPHER_CTX_block_size(c));
ret = EVP_EncryptUpdate(c, (byte*) buffer, &len, (const byte*)input, input_len);
if ( ret == 1 )
{
output_len += len;
ret = EVP_EncryptFinal(c, (byte*)buffer + len, &len);
if (ret == 1)
{
output_len += len;
lua_pushlstring(L, buffer, output_len);
}
}
OPENSSL_free(buffer);
}
}
EVP_CIPHER_CTX_cleanup(c);
EVP_CIPHER_CTX_free(c);
return (ret == 1) ? ret : openssl_pushresult(L, ret);
}
else
luaL_error(L, "argument #1 is not a valid cipher algorithm or openssl.evp_cipher object");
return 0;
}
示例11: m_ctx
ARC4::ARC4(uint32 len) : m_ctx(EVP_CIPHER_CTX_new())
{
EVP_CIPHER_CTX_init(m_ctx);
EVP_EncryptInit_ex(m_ctx, EVP_rc4(), nullptr, nullptr, nullptr);
EVP_CIPHER_CTX_set_key_length(m_ctx, len);
}
示例12: alg_wrap_unw
static bool
alg_wrap_unw(const jose_hook_alg_t *alg, jose_cfg_t *cfg, const json_t *jwe,
const json_t *rcp, const json_t *jwk, json_t *cek)
{
const EVP_CIPHER *cph = NULL;
EVP_CIPHER_CTX *ecc = NULL;
bool ret = false;
size_t ctl = 0;
size_t ptl = 0;
int len = 0;
switch (str2enum(alg->name, NAMES, NULL)) {
case 0: cph = EVP_aes_128_wrap(); break;
case 1: cph = EVP_aes_192_wrap(); break;
case 2: cph = EVP_aes_256_wrap(); break;
default: return NULL;
}
uint8_t ky[EVP_CIPHER_key_length(cph)];
uint8_t iv[EVP_CIPHER_iv_length(cph)];
uint8_t ct[KEYMAX + EVP_CIPHER_block_size(cph) * 2];
uint8_t pt[sizeof(ct)];
memset(iv, 0xA6, sizeof(iv));
if (jose_b64_dec(json_object_get(jwk, "k"), NULL, 0) != sizeof(ky))
goto egress;
if (jose_b64_dec(json_object_get(jwk, "k"), ky, sizeof(ky)) != sizeof(ky))
goto egress;
ctl = jose_b64_dec(json_object_get(rcp, "encrypted_key"), NULL, 0);
if (ctl > sizeof(ct))
goto egress;
if (jose_b64_dec(json_object_get(rcp, "encrypted_key"), ct, ctl) != ctl)
goto egress;
ecc = EVP_CIPHER_CTX_new();
if (!ecc)
goto egress;
EVP_CIPHER_CTX_set_flags(ecc, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
if (EVP_DecryptInit_ex(ecc, cph, NULL, ky, iv) <= 0)
goto egress;
if (EVP_DecryptUpdate(ecc, pt, &len, ct, ctl) <= 0)
goto egress;
ptl = len;
if (EVP_DecryptFinal(ecc, &pt[len], &len) <= 0)
goto egress;
ptl += len;
ret = json_object_set_new(cek, "k", jose_b64_enc(pt, ptl)) == 0;
egress:
OPENSSL_cleanse(ky, sizeof(ky));
OPENSSL_cleanse(pt, sizeof(pt));
EVP_CIPHER_CTX_free(ecc);
return ret;
}
示例13: evp_cipher_init
static void evp_cipher_init(struct ssh_cipher_struct *cipher) {
if (cipher->ctx == NULL) {
cipher->ctx = EVP_CIPHER_CTX_new();
}
switch(cipher->ciphertype){
case SSH_AES128_CBC:
cipher->cipher = EVP_aes_128_cbc();
break;
case SSH_AES192_CBC:
cipher->cipher = EVP_aes_192_cbc();
break;
case SSH_AES256_CBC:
cipher->cipher = EVP_aes_256_cbc();
break;
#ifdef HAVE_OPENSSL_EVP_AES_CTR
case SSH_AES128_CTR:
cipher->cipher = EVP_aes_128_ctr();
break;
case SSH_AES192_CTR:
cipher->cipher = EVP_aes_192_ctr();
break;
case SSH_AES256_CTR:
cipher->cipher = EVP_aes_256_ctr();
break;
#else
case SSH_AES128_CTR:
case SSH_AES192_CTR:
case SSH_AES256_CTR:
SSH_LOG(SSH_LOG_WARNING, "This cipher is not available in evp_cipher_init");
break;
#endif
#ifdef HAVE_OPENSSL_EVP_AES_GCM
case SSH_AEAD_AES128_GCM:
cipher->cipher = EVP_aes_128_gcm();
break;
case SSH_AEAD_AES256_GCM:
cipher->cipher = EVP_aes_256_gcm();
break;
#else
case SSH_AEAD_AES128_GCM:
case SSH_AEAD_AES256_GCM:
SSH_LOG(SSH_LOG_WARNING, "This cipher is not available in evp_cipher_init");
break;
#endif /* HAVE_OPENSSL_EVP_AES_GCM */
case SSH_3DES_CBC:
cipher->cipher = EVP_des_ede3_cbc();
break;
#ifdef WITH_BLOWFISH_CIPHER
case SSH_BLOWFISH_CBC:
cipher->cipher = EVP_bf_cbc();
break;
/* ciphers not using EVP */
#endif
case SSH_AEAD_CHACHA20_POLY1305:
SSH_LOG(SSH_LOG_WARNING, "The ChaCha cipher cannot be handled here");
break;
case SSH_NO_CIPHER:
SSH_LOG(SSH_LOG_WARNING, "No valid ciphertype found");
break;
}
}
示例14: tls13_change_cipher_state
int tls13_change_cipher_state(SSL *s, int which)
{
static const unsigned char client_handshake_traffic[] =
"client handshake traffic secret";
static const unsigned char client_application_traffic[] =
"client application traffic secret";
static const unsigned char server_handshake_traffic[] =
"server handshake traffic secret";
static const unsigned char server_application_traffic[] =
"server application traffic secret";
unsigned char key[EVP_MAX_KEY_LENGTH];
unsigned char iv[EVP_MAX_IV_LENGTH];
unsigned char secret[EVP_MAX_MD_SIZE];
unsigned char *insecret;
unsigned char *finsecret = NULL;
EVP_CIPHER_CTX *ciph_ctx;
const EVP_CIPHER *ciph = s->s3->tmp.new_sym_enc;
size_t ivlen, keylen, finsecretlen = 0;
const unsigned char *label;
size_t labellen;
int ret = 0;
if (which & SSL3_CC_READ) {
if (s->enc_read_ctx != NULL) {
EVP_CIPHER_CTX_reset(s->enc_read_ctx);
} else {
s->enc_read_ctx = EVP_CIPHER_CTX_new();
if (s->enc_read_ctx == NULL) {
SSLerr(SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
goto err;
}
}
ciph_ctx = s->enc_read_ctx;
RECORD_LAYER_reset_read_sequence(&s->rlayer);
} else {
if (s->enc_write_ctx != NULL) {
EVP_CIPHER_CTX_reset(s->enc_write_ctx);
} else {
s->enc_write_ctx = EVP_CIPHER_CTX_new();
if (s->enc_write_ctx == NULL) {
SSLerr(SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
goto err;
}
}
ciph_ctx = s->enc_write_ctx;
RECORD_LAYER_reset_write_sequence(&s->rlayer);
}
if (((which & SSL3_CC_CLIENT) && (which & SSL3_CC_WRITE))
|| ((which & SSL3_CC_SERVER) && (which & SSL3_CC_READ))) {
if (which & SSL3_CC_HANDSHAKE) {
insecret = s->handshake_secret;
finsecret = s->client_finished_secret;
finsecretlen = sizeof(s->client_finished_secret);
label = client_handshake_traffic;
labellen = sizeof(client_handshake_traffic) - 1;
} else {
insecret = s->session->master_key;
label = client_application_traffic;
labellen = sizeof(client_application_traffic) - 1;
}
} else {
if (which & SSL3_CC_HANDSHAKE) {
insecret = s->handshake_secret;
finsecret = s->server_finished_secret;
finsecretlen = sizeof(s->server_finished_secret);
label = server_handshake_traffic;
labellen = sizeof(server_handshake_traffic) - 1;
} else {
insecret = s->session->master_key;
label = server_application_traffic;
labellen = sizeof(server_application_traffic) - 1;
}
}
if (!tls13_derive_secret(s, insecret, label, labellen, secret)) {
SSLerr(SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
goto err;
}
/* TODO(size_t): convert me */
keylen = EVP_CIPHER_key_length(ciph);
if (EVP_CIPHER_mode(ciph) == EVP_CIPH_GCM_MODE)
ivlen = EVP_GCM_TLS_FIXED_IV_LEN;
else if (EVP_CIPHER_mode(ciph) == EVP_CIPH_CCM_MODE)
ivlen = EVP_CCM_TLS_FIXED_IV_LEN;
else
ivlen = EVP_CIPHER_iv_length(ciph);
if (!tls13_derive_key(s, secret, key, keylen)
|| !tls13_derive_iv(s, secret, iv, ivlen)
|| (finsecret != NULL && !tls13_derive_finishedkey(s, secret,
finsecret,
finsecretlen))) {
SSLerr(SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
goto err;
}
//.........这里部分代码省略.........
示例15: Encrypt
int Encrypt(char **cipher, const char *plain, int plen, unsigned char *aesKey, unsigned char *aesIV){
EVP_CIPHER_CTX *ctx;
unsigned char *cipher_tmp = { 0 };
int len = 0, cipherTextLen = 0;
if (!(ctx = EVP_CIPHER_CTX_new())) {
return 0;
}
if (1 != EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, aesKey, aesIV)) {
if (ctx) EVP_CIPHER_CTX_free(ctx);
return 0;
}
cipher_tmp = (unsigned char *)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, plen + 16);
if (cipher_tmp == NULL) {
if (ctx) EVP_CIPHER_CTX_free(ctx);
return 0;
}
if (1 != EVP_EncryptUpdate(ctx, cipher_tmp, &len, plain, plen - 1)) {
if (ctx) EVP_CIPHER_CTX_free(ctx);
if (cipher_tmp) {
HeapFree(GetProcessHeap(), 0, cipher_tmp);
cipher_tmp = NULL;
}
return 0;
}
cipherTextLen = len;
if (1 != EVP_EncryptFinal_ex(ctx, cipher_tmp + len, &len)) {
if (ctx) EVP_CIPHER_CTX_free(ctx);
if (cipher_tmp) {
HeapFree(GetProcessHeap(), 0, cipher_tmp);
cipher_tmp = NULL;
}
return 0;
}
cipherTextLen += len;
if (ctx) EVP_CIPHER_CTX_free(ctx);
if (cipherTextLen <= 0) {
if (cipher_tmp) {
HeapFree(GetProcessHeap(), 0, cipher_tmp);
cipher_tmp = NULL;
}
return 0;
}
cipher_tmp[cipherTextLen] = '\0';
if ((cipherTextLen = Base64Encode(cipher, cipher_tmp, cipherTextLen + 1)) <= 0){
if (cipher_tmp) {
HeapFree(GetProcessHeap(), 0, cipher_tmp);
cipher_tmp = NULL;
}
return 0;
}
if (cipher_tmp) {
HeapFree(GetProcessHeap(), 0, cipher_tmp);
cipher_tmp = NULL;
}
return cipherTextLen;
}