sgx_status_t sgx_aes_gcm_close(sgx_aes_state_handle_t aes_gcm_state) { if (aes_gcm_state != NULL) { EVP_CIPHER_CTX_free((EVP_CIPHER_CTX *)aes_gcm_state); } return SGX_SUCCESS; }
void tr_rc4_free (tr_rc4_ctx_t handle) { if (handle == NULL) return; EVP_CIPHER_CTX_free (handle); }
static int aes_ctr_release(archive_crypto_ctx *ctx) { EVP_CIPHER_CTX_free(ctx->ctx); memset(ctx->key, 0, ctx->key_len); memset(ctx->nonce, 0, sizeof(ctx->nonce)); return 0; }
sgx_status_t sgx_aes_gcm128_enc_init(const uint8_t *key, const uint8_t *iv, uint32_t iv_len, const uint8_t *aad, uint32_t aad_len, sgx_aes_state_handle_t* aes_gcm_state) { if ((aad_len >= INT_MAX) || (key == NULL) || (iv_len != SGX_AESGCM_IV_SIZE) || ((aad_len > 0) && (aad == NULL)) || (iv == NULL) || (aes_gcm_state == NULL)) { return SGX_ERROR_INVALID_PARAMETER; } int len = 0; sgx_status_t ret = SGX_ERROR_UNEXPECTED; EVP_CIPHER_CTX * pState = NULL; do { // Create and initialise the context // if (!(pState = EVP_CIPHER_CTX_new())) { ret = SGX_ERROR_OUT_OF_MEMORY; break; } // Initialize ctx with AES-128 GCM // if (!EVP_EncryptInit_ex(pState, EVP_aes_128_gcm(), NULL, NULL, NULL)) { break; } // Set IV len // if (!EVP_CIPHER_CTX_ctrl(pState, EVP_CTRL_AEAD_SET_IVLEN, iv_len, NULL)) { break; } // Initialize encryption key and IV // if (!EVP_EncryptInit_ex(pState, NULL, NULL, (unsigned char*)key, iv)) { break; } // Provide AAD data if exist // if (NULL != aad) { if (!EVP_EncryptUpdate(pState, NULL, &len, aad, aad_len)) { break; } } *aes_gcm_state = (EVP_CIPHER_CTX*)pState; ret = SGX_SUCCESS; } while (0); if (ret != SGX_SUCCESS) { if (pState != NULL) { EVP_CIPHER_CTX_free(pState); } } return ret; }
static int aes_ctr_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) /* init key */ { /* * variable "c" is leaked from this scope, but is later freed * in aes_ctr_cleanup */ aes_ctr_ctx *c; const EVP_CIPHER *aes_cipher; (void) enc; switch(EVP_CIPHER_CTX_key_length(ctx)) { case 16: aes_cipher = EVP_aes_128_ecb(); break; case 24: aes_cipher = EVP_aes_192_ecb(); break; case 32: aes_cipher = EVP_aes_256_ecb(); break; default: return 0; } c = malloc(sizeof(*c)); if(c == NULL) return 0; #ifdef HAVE_OPAQUE_STRUCTS c->aes_ctx = EVP_CIPHER_CTX_new(); #else c->aes_ctx = malloc(sizeof(EVP_CIPHER_CTX)); #endif if(c->aes_ctx == NULL) { free(c); return 0; } if(EVP_EncryptInit(c->aes_ctx, aes_cipher, key, NULL) != 1) { #ifdef HAVE_OPAQUE_STRUCTS EVP_CIPHER_CTX_free(c->aes_ctx); #else free(c->aes_ctx); #endif free(c); return 0; } EVP_CIPHER_CTX_set_padding(c->aes_ctx, 0); memcpy(c->ctr, iv, AES_BLOCK_SIZE); EVP_CIPHER_CTX_set_app_data(ctx, c); return 1; }
bool Wallet::writeSecurityImage(const QPixmap* pixmap, const QString& outputFilePath) { // aes requires a couple 128-bit keys (ckey and ivec). For now, I'll just // use the md5 of the salt as the ckey (md5 is 128-bit), and ivec will be // a constant. We can review this later - there are ways to generate keys // from a password that may be better. unsigned char ivec[16]; unsigned char ckey[32]; initializeAESKeys(ivec, ckey, _salt); int tempSize, outSize; QByteArray inputFileBuffer; QBuffer buffer(&inputFileBuffer); buffer.open(QIODevice::WriteOnly); // another spot where we are assuming only jpgs pixmap->save(&buffer, "jpg"); // reserve enough capacity for encrypted bytes unsigned char* outputFileBuffer = new unsigned char[inputFileBuffer.size() + AES_BLOCK_SIZE]; EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new(); // TODO: add error handling!!! if (!EVP_EncryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL, ckey, ivec)) { qCDebug(commerce) << "encrypt init failure"; delete[] outputFileBuffer; return false; } if (!EVP_EncryptUpdate(ctx, outputFileBuffer, &tempSize, (unsigned char*)inputFileBuffer.data(), inputFileBuffer.size())) { qCDebug(commerce) << "encrypt update failure"; delete[] outputFileBuffer; return false; } outSize = tempSize; if (!EVP_EncryptFinal_ex(ctx, outputFileBuffer + outSize, &tempSize)) { qCDebug(commerce) << "encrypt final failure"; delete[] outputFileBuffer; return false; } outSize += tempSize; EVP_CIPHER_CTX_free(ctx); qCDebug(commerce) << "encrypted buffer size" << outSize; QByteArray output((const char*)outputFileBuffer, outSize); // now APPEND to the file, QByteArray b64output = output.toBase64(); QFile outputFile(outputFilePath); outputFile.open(QIODevice::Append); outputFile.write(IMAGE_HEADER); outputBase64WithNewlines(outputFile, b64output); outputFile.write(IMAGE_FOOTER); outputFile.close(); delete[] outputFileBuffer; return true; }
int encrypt(unsigned char *plaintext, int plaintext_len, unsigned char *aad, int aad_len, unsigned char *key, unsigned char *iv, unsigned char *ciphertext, unsigned char *tag) { EVP_CIPHER_CTX *ctx; int len; int ciphertext_len; /* Create and initialise the context */ if(!(ctx = EVP_CIPHER_CTX_new())) handleErrors(); /* Initialise the encryption operation. */ if(1 != EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL)) handleErrors(); /* Set IV length if default 12 bytes (96 bits) is not appropriate */ if(1 != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, 16, NULL)) handleErrors(); /* Initialise key and IV */ if(1 != EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) handleErrors(); /* Provide any AAD data. This can be called zero or more times as * required */ /* if(1 != EVP_EncryptUpdate(ctx, NULL, &len, aad, aad_len)) handleErrors(); */ /* Provide the message to be encrypted, and obtain the encrypted output. * EVP_EncryptUpdate can be called multiple times if necessary */ if(1 != EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len)) handleErrors(); ciphertext_len = len; /* Finalise the encryption. Normally ciphertext bytes may be written at * this stage, but this does not occur in GCM mode */ if(1 != EVP_EncryptFinal_ex(ctx, ciphertext + len, &len)) handleErrors(); ciphertext_len += len; /* Get the tag */ /* if(1 != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag)) handleErrors(); */ /* Clean up */ EVP_CIPHER_CTX_free(ctx); return ciphertext_len; }
static void aes_cleanup(EVP_CIPHER_CTX* ctx) { EVP_CIPHER_CTX_free(ctx); #if(OPENSSL_VERSION_NUMBER<0x10000000L) ERR_remove_state(0); #elif(OPENSSL_VERSION_NUMBER<0x10100000L) ERR_remove_thread_state(NULL); #endif }
int decryptccm(unsigned char *ciphertext, int ciphertext_len, unsigned char *tag, unsigned char *key, unsigned char *iv, unsigned char *plaintext) { EVP_CIPHER_CTX *ctx; int len; int plaintext_len; int ret; /* Create and initialise the context */ if(!(ctx = EVP_CIPHER_CTX_new())) handleErrors("Create and initialise the context"); /* Initialise the decryption operation. */ if(1 != EVP_DecryptInit_ex(ctx, EVP_aes_256_ccm(), NULL, NULL, NULL)) handleErrors("Initialise the decryption operation."); /* Setting IV len to 7. Not strictly necessary as this is the default * but shown here for the purposes of this example */ if(1 != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, 7, NULL)) handleErrors("Setting IV len to 7. "); /* Set expected tag value. */ if(1 != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, 14, tag)) handleErrors("Set expected tag value."); /* Initialise key and IV */ if(1 != EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv)) handleErrors("Initialise key and IV"); /* Provide the total ciphertext length */ if(1 != EVP_DecryptUpdate(ctx, NULL, &len, NULL, ciphertext_len)) handleErrors("rovide the total ciphertext length"); /* Provide the message to be decrypted, and obtain the plaintext output. * EVP_DecryptUpdate can be called multiple times if necessary */ ret = EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len); plaintext_len = len; /* Clean up */ EVP_CIPHER_CTX_free(ctx); if(ret > 0) { /* Success */ return plaintext_len; } else { /* Verify failed */ return -1; } }
static LUA_FUNCTION(openssl_cipher_ctx_free) { EVP_CIPHER_CTX *ctx = CHECK_OBJECT(1, EVP_CIPHER_CTX, "openssl.evp_cipher_ctx"); lua_pushnil(L); lua_rawsetp(L, LUA_REGISTRYINDEX, ctx); EVP_CIPHER_CTX_cleanup(ctx); EVP_CIPHER_CTX_free(ctx); return 0; }
void aes_cipher_free(aes_cnt_cipher_t *cipher_) { if (!cipher_) return; EVP_CIPHER_CTX *cipher = (EVP_CIPHER_CTX *) cipher_; EVP_CIPHER_CTX_cleanup(cipher); EVP_CIPHER_CTX_free(cipher); }
/* Test copying of contexts */ static void test_ctx_replace(EVP_CIPHER_CTX **pctx) { /* Make copy of context and replace original */ EVP_CIPHER_CTX *ctx_copy; ctx_copy = EVP_CIPHER_CTX_new(); EVP_CIPHER_CTX_copy(ctx_copy, *pctx); EVP_CIPHER_CTX_free(*pctx); *pctx = ctx_copy; }
int crypto_encrypt_final(CipherContext *ctx, char *ciphertext) { int ciphertext_len; if (EVP_EncryptFinal_ex(ctx, (unsigned char *)ciphertext, &ciphertext_len) != 1) crypto_handle_error(); EVP_CIPHER_CTX_free(ctx); return ciphertext_len; }
/** Decrypt a buffer. * @param cipher cipher ID * @param enc encrypted buffer * @param enc_size number of bytes in @p enc * @param plain on return contains plain text data * @param plain_size size in bytes of @p plain * @return number of bytes that were in the encrypted buffer (this can be shorter if the data * did not exactly fit the AES block size. */ size_t BufferDecryptor::decrypt(int cipher, const void *enc, size_t enc_size, void *plain, size_t plain_size) { #ifdef HAVE_LIBCRYPTO if (keys_.find(cipher) == keys_.end()) { generate_key(cipher); } const EVP_CIPHER *evp_cipher = cipher_by_id(cipher); const size_t iv_size = EVP_CIPHER_iv_length(evp_cipher); const unsigned char *iv = (const unsigned char *)enc; unsigned char *enc_m = (unsigned char *)enc + iv_size; enc_size -= iv_size; EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); if ( ! EVP_DecryptInit(ctx, evp_cipher, (const unsigned char *)keys_[cipher].c_str(), iv)) { EVP_CIPHER_CTX_free(ctx); throw std::runtime_error("Could not initialize cipher context"); } int outl = plain_size; if ( ! EVP_DecryptUpdate(ctx, (unsigned char *)plain, &outl, enc_m, enc_size)) { EVP_CIPHER_CTX_free(ctx); throw std::runtime_error("DecryptUpdate failed"); } int plen = 0; if ( ! EVP_DecryptFinal(ctx, (unsigned char *)plain + outl, &plen) ) { EVP_CIPHER_CTX_free(ctx); throw std::runtime_error("DecryptFinal failed"); } outl += plen; EVP_CIPHER_CTX_free(ctx); return outl; #else throw std::runtime_error("Decryption support not available"); #endif }
static krb5_error_code AES_PRF(krb5_context context, krb5_crypto crypto, const krb5_data *in, krb5_data *out) { struct _krb5_checksum_type *ct = crypto->et->checksum; krb5_error_code ret; Checksum result; krb5_keyblock *derived; result.cksumtype = ct->type; ret = krb5_data_alloc(&result.checksum, ct->checksumsize); if (ret) { krb5_set_error_message(context, ret, N_("malloc: out memory", "")); return ret; } ret = (*ct->checksum)(context, NULL, in->data, in->length, 0, &result); if (ret) { krb5_data_free(&result.checksum); return ret; } if (result.checksum.length < crypto->et->blocksize) krb5_abortx(context, "internal prf error"); derived = NULL; ret = krb5_derive_key(context, crypto->key.key, crypto->et->type, "prf", 3, &derived); if (ret) krb5_abortx(context, "krb5_derive_key"); ret = krb5_data_alloc(out, crypto->et->blocksize); if (ret) krb5_abortx(context, "malloc failed"); { const EVP_CIPHER *c = (*crypto->et->keytype->evp)(); EVP_CIPHER_CTX *ctx; ctx = EVP_CIPHER_CTX_new(); /* ivec all zero */ if (ctx == NULL) krb5_abortx(context, "malloc failed"); EVP_CipherInit_ex(ctx, c, NULL, derived->keyvalue.data, NULL, 1); EVP_Cipher(ctx, out->data, result.checksum.data, crypto->et->blocksize); EVP_CIPHER_CTX_free(ctx); } krb5_data_free(&result.checksum); krb5_free_keyblock(context, derived); return ret; }
tr_rc4_ctx_t tr_rc4_new (void) { EVP_CIPHER_CTX * handle = EVP_CIPHER_CTX_new (); if (check_result (EVP_CipherInit_ex (handle, EVP_rc4 (), NULL, NULL, NULL, -1))) return handle; EVP_CIPHER_CTX_free (handle); return NULL; }
/** * @brief Clean encryption / decryption context. * @note After cleanup, a context is free to be reused if necessary. * @param ctx The block context to use. * @return Returns APR_ENOTIMPL if not supported. */ static apr_status_t crypto_block_cleanup(apr_crypto_block_t *ctx) { if (ctx->initialised) { EVP_CIPHER_CTX_free(ctx->cipherCtx); ctx->initialised = 0; } return APR_SUCCESS; }
static int entersafe_cipher_apdu(sc_card_t *card, sc_apdu_t *apdu, u8 *key, size_t keylen, u8 *buff, size_t buffsize) { EVP_CIPHER_CTX * ctx = NULL; u8 iv[8]={0}; int len; SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); assert(card); assert(apdu); assert(key); assert(buff); /* padding as 0x80 0x00 0x00...... */ memset(buff,0,buffsize); buff[0]=apdu->lc; memcpy(buff+1,apdu->data,apdu->lc); buff[apdu->lc+1]=0x80; ctx = EVP_CIPHER_CTX_new(); if (ctx == NULL) SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY); EVP_CIPHER_CTX_set_padding(ctx,0); if(keylen == 8) EVP_EncryptInit_ex(ctx, EVP_des_ecb(), NULL, key, iv); else if (keylen == 16) EVP_EncryptInit_ex(ctx, EVP_des_ede(), NULL, key, iv); else SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INTERNAL); len = apdu->lc; if(!EVP_EncryptUpdate(ctx, buff, &len, buff, buffsize)){ sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "entersafe encryption error."); SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INTERNAL); } apdu->lc = len; EVP_CIPHER_CTX_free(ctx); if(apdu->lc!=buffsize) { sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "entersafe build cipher apdu failed."); SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INTERNAL); } apdu->data=buff; apdu->datalen=apdu->lc; SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_SUCCESS); }
/* * Encrypt/Decrypt a buffer based on password and algor, result in a * OPENSSL_malloc'ed buffer */ unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, const char *pass, int passlen, const unsigned char *in, int inlen, unsigned char **data, int *datalen, int en_de) { unsigned char *out = NULL; int outlen, i; EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); if (ctx == NULL) { PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE); goto err; } /* Decrypt data */ if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen, algor->parameter, ctx, en_de)) { PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR); goto err; } if ((out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(ctx))) == NULL) { PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE); goto err; } if (!EVP_CipherUpdate(ctx, out, &i, in, inlen)) { OPENSSL_free(out); out = NULL; PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_EVP_LIB); goto err; } outlen = i; if (!EVP_CipherFinal_ex(ctx, out + i, &i)) { OPENSSL_free(out); out = NULL; PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, PKCS12_R_PKCS12_CIPHERFINAL_ERROR); goto err; } outlen += i; if (datalen) *datalen = outlen; if (data) *data = out; err: EVP_CIPHER_CTX_free(ctx); return out; }
void RarVolume::DecryptFree() { if (m_context) { #ifdef HAVE_OPENSSL EVP_CIPHER_CTX_free((EVP_CIPHER_CTX*)m_context); #elif defined(HAVE_NETTLE) delete (aes_ctx*)m_context; #endif m_context = nullptr; } }
int crypto_decrypt_final(CipherContext *ctx, char *decryptedtext) { int decryptedtext_len; if (EVP_DecryptFinal_ex(ctx, (unsigned char *)decryptedtext, &decryptedtext_len) != 1) crypto_handle_error(); EVP_CIPHER_CTX_free(ctx); /* Add a NULL terminator. We are expecting printable text */ decryptedtext[decryptedtext_len] = '\0'; return decryptedtext_len; }
static int decrypt(void *ctx,char *name,char *file,void *in,int ilen,void *out) { int len; int rem; int r=NOUSER; struct spwd *sp; #if OPENSSL_VERSION_NUMBER >= 0x1010000fL EVP_CIPHER_CTX *etx; #else EVP_CIPHER_CTX etx; #endif unsigned char bfr[512]; unsigned char key[32]; unsigned char iv[32]; if(!(sp=getspnam(name)))goto err1; len=sizeof(bfr); if((r=sign(ctx,file,sp->sp_pwdp,strlen(sp->sp_pwdp),bfr,&len))) goto err2; r=CRYPTOFAIL; #if OPENSSL_VERSION_NUMBER >= 0x1010000fL etx=EVP_CIPHER_CTX_new(); EVP_BytesToKey(EVP_aes_256_cfb(),EVP_sha256(),NULL,bfr,len,1,key,iv); EVP_DecryptInit_ex(etx,EVP_aes_256_cfb(),NULL,key,iv); len=ilen; if(!EVP_DecryptUpdate(etx,out,&len,in,ilen))goto err3; rem=ilen-len; if(!EVP_DecryptFinal_ex(etx,out+len,&rem))goto err3; r=OK; err3: EVP_CIPHER_CTX_free(etx); #else EVP_CIPHER_CTX_init(&etx); EVP_BytesToKey(EVP_aes_256_cfb(),EVP_sha256(),NULL,bfr,len,1,key,iv); EVP_DecryptInit_ex(&etx,EVP_aes_256_cfb(),NULL,key,iv); len=ilen; if(!EVP_DecryptUpdate(&etx,out,&len,in,ilen))goto err3; rem=ilen-len; if(!EVP_DecryptFinal_ex(&etx,out+len,&rem))goto err3; r=OK; err3: EVP_CIPHER_CTX_cleanup(&etx); #endif memclear(key,0,sizeof(key)); memclear(iv,0,sizeof(iv)); err2: memclear(bfr,0,sizeof(bfr)); memclear(sp->sp_pwdp,0,strlen(sp->sp_pwdp)); err1: return r; }
int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, pem_password_cb *callback, void *u) { int i = 0, j, o, klen; long len; EVP_CIPHER_CTX *ctx; unsigned char key[EVP_MAX_KEY_LENGTH]; char buf[PEM_BUFSIZE]; len = *plen; if (cipher->cipher == NULL) return (1); if (callback == NULL) klen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u); else klen = callback(buf, PEM_BUFSIZE, 0, u); if (klen <= 0) { PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ); return (0); } #ifdef CHARSET_EBCDIC /* Convert the pass phrase from EBCDIC */ ebcdic2ascii(buf, buf, klen); #endif if (!EVP_BytesToKey(cipher->cipher, EVP_md5(), &(cipher->iv[0]), (unsigned char *)buf, klen, 1, key, NULL)) return 0; j = (int)len; ctx = EVP_CIPHER_CTX_new(); if (ctx == NULL) return 0; o = EVP_DecryptInit_ex(ctx, cipher->cipher, NULL, key, &(cipher->iv[0])); if (o) o = EVP_DecryptUpdate(ctx, data, &i, data, j); if (o) o = EVP_DecryptFinal_ex(ctx, &(data[i]), &j); EVP_CIPHER_CTX_free(ctx); OPENSSL_cleanse((char *)buf, sizeof(buf)); OPENSSL_cleanse((char *)key, sizeof(key)); if (o) j += i; else { PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_DECRYPT); return (0); } *plen = j; return (1); }
int crypt_ec_helper::decrypt(unsigned char* cipherText, int cipherTextLen, unsigned char *secret, int secretLength, unsigned char* plainText) { EVP_CIPHER_CTX *ctx; int len, plaintext_len; unsigned char* key = new unsigned char[32]; unsigned char* iv = new unsigned char[16]; int keyLen = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha512(), NULL, secret, secretLength, 150000, key, iv); /* Create and initialise the context */ if (!(ctx = EVP_CIPHER_CTX_new())) throw std::runtime_error("Decrypt: Failed to create cipher context.\n"); /* Initialise the decryption operation. IMPORTANT - ensure you use a key * and IV size appropriate for your cipher * In this example we are using 256 bit AES (i.e. a 256 bit key). The * IV size for *most* modes is the same as the block size. For AES this * is 128 bits */ if (1 != EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv)) throw std::runtime_error("Decrypt: Failed to initialize cipher.\n"); plaintext_len = 0; /* Provide the message to be decrypted, and obtain the plaintext output. * EVP_DecryptUpdate can be called multiple times if necessary */ if (1 != EVP_DecryptUpdate(ctx, plainText, &len, cipherText, cipherTextLen)) throw std::runtime_error("Decrypt: Failed to decrypt message.\n"); plaintext_len += len; /* Finalise the decryption. Further plaintext bytes may be written at * this stage. */ if (1 != EVP_DecryptFinal_ex(ctx, plainText + len, &len)) throw std::runtime_error("Encrypt: Failed to finalize message encryption.\n"); plaintext_len += len; /* Clean up */ free(key); free(iv); EVP_CIPHER_CTX_free(ctx); return plaintext_len; }
bool ocryptostreambuf::update() { int inl = pptr() - pbase(); // number of bytes to input pbump(-inl); int outl = 0; if (1 != EVP_CipherUpdate(ctx, (uint8_t*)out.data(), &outl, (uint8_t*)pbase(), inl)) { EVP_CIPHER_CTX_free(ctx); ctx = NULL; return false; } // output to underlying stream return ( output.sputn(out.data(), outl) == outl ); }
int decrypt(char *message, uint32_t message_size, char *password, char *plaintext){ EVP_CIPHER_CTX *ctx; int len; int plaintext_len; char key[KEY_SIZE_BYTES]; int status = generateKey(password, SALT, key); if(!status){ return -1; } const char *ciphertext = getEncryptedBody(message); /* Create and initialise the context */ if(!(ctx = EVP_CIPHER_CTX_new())){ return -1; } /* Initialise the decryption operation. IMPORTANT - ensure you use a key * and IV size appropriate for your cipher * In this example we are using 256 bit AES (i.e. a 256 bit key). The * IV size for *most* modes is the same as the block size. For AES this * is 128 bits */ if(1 != EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, (unsigned char *) key, (unsigned char *) message)){ return -1; } /* Provide the message to be decrypted, and obtain the plaintext output. * EVP_DecryptUpdate can be called multiple times if necessary */ if(1 != EVP_DecryptUpdate(ctx, (unsigned char *) plaintext, &len, (unsigned char *) ciphertext, message_size - IV_SIZE_BYTES)){ return -1; } plaintext_len = len; /* Finalise the decryption. Further plaintext bytes may be written at * this stage. */ if(1 != EVP_DecryptFinal_ex(ctx, (unsigned char *) plaintext + len, &len)){ return -1; } plaintext_len += len; /* Clean up */ EVP_CIPHER_CTX_free(ctx); return plaintext_len; }
ocryptostreambuf::ocryptostreambuf(std::streambuf* out, const crypto_key& key, const crypto_iv& iv, int enc) :ctx(EVP_CIPHER_CTX_new()), output(*out) { if (!ctx) return; if (1 != EVP_CipherInit_ex(ctx, EVP_aes_256_cbc(), NULL, key.data(), iv.data(), enc)) { EVP_CIPHER_CTX_free(ctx); ctx = NULL; } setp(in.data(),in.data()+in.size()); }
icryptostreambuf::icryptostreambuf(std::streambuf *in, const crypto_key& key, const crypto_iv& iv, int enc) :ctx(EVP_CIPHER_CTX_new()), input(*in) { if (!ctx) return; if (1 != EVP_CipherInit_ex(ctx, EVP_aes_256_cbc(), NULL, key.data(), iv.data(), enc)) { // something went wrong, just leave ctx to NULL EVP_CIPHER_CTX_free(ctx); ctx = NULL; } setg(NULL,NULL,NULL); }
void cipher_free(struct sshcipher_ctx *cc) { if (cc == NULL) return; if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) explicit_bzero(&cc->cp_ctx, sizeof(cc->cp_ctx)); else if ((cc->cipher->flags & CFLAG_AESCTR) != 0) explicit_bzero(&cc->ac_ctx, sizeof(cc->ac_ctx)); #ifdef WITH_OPENSSL EVP_CIPHER_CTX_free(cc->evp); cc->evp = NULL; #endif explicit_bzero(cc, sizeof(*cc)); free(cc); }
static int cipher_cleanup(hc_EVP_CIPHER_CTX *ctx) { struct ossl_cipher_ctx *ossl_ctx = ctx->cipher_data; if (ossl_ctx == NULL || !ossl_ctx->initialized) return 1; if (ossl_ctx->ossl_cipher_ctx != NULL) EVP_CIPHER_CTX_free(ossl_ctx->ossl_cipher_ctx); ossl_ctx->ossl_cipher_ctx = NULL; ossl_ctx->ossl_cipher = NULL; ossl_ctx->initialized = 0; return 1; }