自学教程：C++ EVP_CIPHER_CTX_free函数代码示例

sgx_status_t sgx_aes_gcm_close(sgx_aes_state_handle_t aes_gcm_state){    if (aes_gcm_state != NULL) {        EVP_CIPHER_CTX_free((EVP_CIPHER_CTX *)aes_gcm_state);    }    return SGX_SUCCESS;}

voidtr_rc4_free (tr_rc4_ctx_t handle){  if (handle == NULL)    return;  EVP_CIPHER_CTX_free (handle);}

static intaes_ctr_release(archive_crypto_ctx *ctx){	EVP_CIPHER_CTX_free(ctx->ctx);	memset(ctx->key, 0, ctx->key_len);	memset(ctx->nonce, 0, sizeof(ctx->nonce));	return 0;}

sgx_status_t sgx_aes_gcm128_enc_init(const uint8_t *key, const uint8_t *iv, uint32_t iv_len, const uint8_t *aad,    uint32_t aad_len, sgx_aes_state_handle_t* aes_gcm_state){    if ((aad_len >= INT_MAX) || (key == NULL) || (iv_len != SGX_AESGCM_IV_SIZE) || ((aad_len > 0) && (aad == NULL))        || (iv == NULL) || (aes_gcm_state == NULL))    {        return SGX_ERROR_INVALID_PARAMETER;    }    int len = 0;    sgx_status_t ret = SGX_ERROR_UNEXPECTED;    EVP_CIPHER_CTX * pState = NULL;    do {        // Create and initialise the context        //        if (!(pState = EVP_CIPHER_CTX_new())) {            ret = SGX_ERROR_OUT_OF_MEMORY;            break;        }        // Initialize ctx with AES-128 GCM        //        if (!EVP_EncryptInit_ex(pState, EVP_aes_128_gcm(), NULL, NULL, NULL)) {            break;        }        // Set IV len        //        if (!EVP_CIPHER_CTX_ctrl(pState, EVP_CTRL_AEAD_SET_IVLEN, iv_len, NULL)) {            break;        }        // Initialize encryption key and IV        //        if (!EVP_EncryptInit_ex(pState, NULL, NULL, (unsigned char*)key, iv)) {            break;        }        // Provide AAD data if exist        //        if (NULL != aad) {            if (!EVP_EncryptUpdate(pState, NULL, &len, aad, aad_len)) {                break;            }        }        *aes_gcm_state = (EVP_CIPHER_CTX*)pState;        ret = SGX_SUCCESS;    } while (0);    if (ret != SGX_SUCCESS) {        if (pState != NULL) {            EVP_CIPHER_CTX_free(pState);        }    }    return ret;}

static intaes_ctr_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,             const unsigned char *iv, int enc) /* init key */{    /*     * variable "c" is leaked from this scope, but is later freed     * in aes_ctr_cleanup     */    aes_ctr_ctx *c;    const EVP_CIPHER *aes_cipher;    (void) enc;    switch(EVP_CIPHER_CTX_key_length(ctx)) {    case 16:        aes_cipher = EVP_aes_128_ecb();        break;    case 24:        aes_cipher = EVP_aes_192_ecb();        break;    case 32:        aes_cipher = EVP_aes_256_ecb();        break;    default:        return 0;    }    c = malloc(sizeof(*c));    if(c == NULL)        return 0;#ifdef HAVE_OPAQUE_STRUCTS    c->aes_ctx = EVP_CIPHER_CTX_new();#else    c->aes_ctx = malloc(sizeof(EVP_CIPHER_CTX));#endif    if(c->aes_ctx == NULL) {        free(c);        return 0;    }    if(EVP_EncryptInit(c->aes_ctx, aes_cipher, key, NULL) != 1) {#ifdef HAVE_OPAQUE_STRUCTS        EVP_CIPHER_CTX_free(c->aes_ctx);#else        free(c->aes_ctx);#endif        free(c);        return 0;    }    EVP_CIPHER_CTX_set_padding(c->aes_ctx, 0);    memcpy(c->ctr, iv, AES_BLOCK_SIZE);    EVP_CIPHER_CTX_set_app_data(ctx, c);    return 1;}

bool Wallet::writeSecurityImage(const QPixmap* pixmap, const QString& outputFilePath) {    // aes requires a couple 128-bit keys (ckey and ivec).  For now, I'll just    // use the md5 of the salt as the ckey (md5 is 128-bit), and ivec will be    // a constant.  We can review this later - there are ways to generate keys    // from a password that may be better.    unsigned char ivec[16];    unsigned char ckey[32];    initializeAESKeys(ivec, ckey, _salt);    int tempSize, outSize;    QByteArray inputFileBuffer;    QBuffer buffer(&inputFileBuffer);    buffer.open(QIODevice::WriteOnly);    // another spot where we are assuming only jpgs    pixmap->save(&buffer, "jpg");    // reserve enough capacity for encrypted bytes    unsigned char* outputFileBuffer = new unsigned char[inputFileBuffer.size() + AES_BLOCK_SIZE];    EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new();    // TODO: add error handling!!!    if (!EVP_EncryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL, ckey, ivec)) {        qCDebug(commerce) << "encrypt init failure";        delete[] outputFileBuffer;        return false;    }    if (!EVP_EncryptUpdate(ctx, outputFileBuffer, &tempSize, (unsigned char*)inputFileBuffer.data(), inputFileBuffer.size())) {        qCDebug(commerce) << "encrypt update failure";        delete[] outputFileBuffer;        return false;    }    outSize = tempSize;    if (!EVP_EncryptFinal_ex(ctx, outputFileBuffer + outSize, &tempSize)) {        qCDebug(commerce) << "encrypt final failure";        delete[] outputFileBuffer;        return false;    }    outSize += tempSize;    EVP_CIPHER_CTX_free(ctx);    qCDebug(commerce) << "encrypted buffer size" << outSize;    QByteArray output((const char*)outputFileBuffer, outSize);    // now APPEND to the file,    QByteArray b64output = output.toBase64();    QFile outputFile(outputFilePath);    outputFile.open(QIODevice::Append);    outputFile.write(IMAGE_HEADER);    outputBase64WithNewlines(outputFile, b64output);    outputFile.write(IMAGE_FOOTER);    outputFile.close();    delete[] outputFileBuffer;    return true;}

int encrypt(unsigned char *plaintext, int plaintext_len, unsigned char *aad,    int aad_len, unsigned char *key, unsigned char *iv,    unsigned char *ciphertext, unsigned char *tag){    EVP_CIPHER_CTX *ctx;    int len;    int ciphertext_len;    /* Create and initialise the context */    if(!(ctx = EVP_CIPHER_CTX_new())) handleErrors();    /* Initialise the encryption operation. */    if(1 != EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL))        handleErrors();    /* Set IV length if default 12 bytes (96 bits) is not appropriate */    if(1 != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, 16, NULL))        handleErrors();    /* Initialise key and IV */    if(1 != EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) handleErrors();    /* Provide any AAD data. This can be called zero or more times as     * required     */    /*    if(1 != EVP_EncryptUpdate(ctx, NULL, &len, aad, aad_len))        handleErrors();        */    /* Provide the message to be encrypted, and obtain the encrypted output.     * EVP_EncryptUpdate can be called multiple times if necessary     */    if(1 != EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len))        handleErrors();    ciphertext_len = len;    /* Finalise the encryption. Normally ciphertext bytes may be written at     * this stage, but this does not occur in GCM mode     */    if(1 != EVP_EncryptFinal_ex(ctx, ciphertext + len, &len)) handleErrors();    ciphertext_len += len;    /* Get the tag */    /*    if(1 != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag))        handleErrors();        */    /* Clean up */    EVP_CIPHER_CTX_free(ctx);    return ciphertext_len;}

static void aes_cleanup(EVP_CIPHER_CTX* ctx){	EVP_CIPHER_CTX_free(ctx);	#if(OPENSSL_VERSION_NUMBER<0x10000000L)		ERR_remove_state(0);	#elif(OPENSSL_VERSION_NUMBER<0x10100000L)		ERR_remove_thread_state(NULL);	#endif}

int decryptccm(unsigned char *ciphertext, int ciphertext_len, unsigned char *tag, unsigned char *key, unsigned char *iv,	unsigned char *plaintext){	EVP_CIPHER_CTX *ctx;	int len;	int plaintext_len;	int ret;	/* Create and initialise the context */	if(!(ctx = EVP_CIPHER_CTX_new())) handleErrors("Create and initialise the context");	/* Initialise the decryption operation. */	if(1 != EVP_DecryptInit_ex(ctx, EVP_aes_256_ccm(), NULL, NULL, NULL))		handleErrors("Initialise the decryption operation.");	/* Setting IV len to 7. Not strictly necessary as this is the default	 * but shown here for the purposes of this example */	if(1 != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, 7, NULL))		handleErrors("Setting IV len to 7. ");	/* Set expected tag value. */	if(1 != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, 14, tag))		handleErrors("Set expected tag value.");	/* Initialise key and IV */	if(1 != EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv))		handleErrors("Initialise key and IV");	/* Provide the total ciphertext length	 */	if(1 != EVP_DecryptUpdate(ctx, NULL, &len, NULL, ciphertext_len))		handleErrors("rovide the total ciphertext length");	/* Provide the message to be decrypted, and obtain the plaintext output.	 * EVP_DecryptUpdate can be called multiple times if necessary	 */	ret = EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len);	plaintext_len = len;	/* Clean up */	EVP_CIPHER_CTX_free(ctx);	if(ret > 0)	{		/* Success */		return plaintext_len;	}	else	{		/* Verify failed */		return -1;	}}

static LUA_FUNCTION(openssl_cipher_ctx_free){  EVP_CIPHER_CTX *ctx = CHECK_OBJECT(1, EVP_CIPHER_CTX, "openssl.evp_cipher_ctx");  lua_pushnil(L);  lua_rawsetp(L, LUA_REGISTRYINDEX, ctx);  EVP_CIPHER_CTX_cleanup(ctx);  EVP_CIPHER_CTX_free(ctx);  return 0;}

voidaes_cipher_free(aes_cnt_cipher_t *cipher_){  if (!cipher_)    return;  EVP_CIPHER_CTX *cipher = (EVP_CIPHER_CTX *) cipher_;  EVP_CIPHER_CTX_cleanup(cipher);  EVP_CIPHER_CTX_free(cipher);}

/* Test copying of contexts */static void test_ctx_replace(EVP_CIPHER_CTX **pctx)	{	/* Make copy of context and replace original */	EVP_CIPHER_CTX *ctx_copy;	ctx_copy = EVP_CIPHER_CTX_new();	EVP_CIPHER_CTX_copy(ctx_copy, *pctx);	EVP_CIPHER_CTX_free(*pctx);	*pctx = ctx_copy;	}

int crypto_encrypt_final(CipherContext *ctx, char *ciphertext) {    int ciphertext_len;    if (EVP_EncryptFinal_ex(ctx, (unsigned char *)ciphertext, &ciphertext_len) != 1)        crypto_handle_error();    EVP_CIPHER_CTX_free(ctx);    return ciphertext_len;}

/** Decrypt a buffer. * @param cipher cipher ID * @param enc encrypted buffer * @param enc_size number of bytes in @p enc * @param plain on return contains plain text data * @param plain_size size in bytes of @p plain * @return number of bytes that were in the encrypted buffer (this can be shorter if the data * did not exactly fit the AES block size. */size_tBufferDecryptor::decrypt(int cipher, const void *enc, size_t enc_size, void *plain, size_t plain_size){#ifdef HAVE_LIBCRYPTO  if (keys_.find(cipher) == keys_.end()) {    generate_key(cipher);  }  const EVP_CIPHER *evp_cipher = cipher_by_id(cipher);  const size_t iv_size = EVP_CIPHER_iv_length(evp_cipher);  const unsigned char *iv = (const unsigned char *)enc;  unsigned char *enc_m = (unsigned char *)enc + iv_size;  enc_size -= iv_size;  EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();  if ( ! EVP_DecryptInit(ctx, evp_cipher, (const unsigned char *)keys_[cipher].c_str(), iv))  {    EVP_CIPHER_CTX_free(ctx);    throw std::runtime_error("Could not initialize cipher context");  }  int outl = plain_size;  if ( ! EVP_DecryptUpdate(ctx,			   (unsigned char *)plain, &outl, enc_m, enc_size))  {    EVP_CIPHER_CTX_free(ctx);    throw std::runtime_error("DecryptUpdate failed");  }  int plen = 0;  if ( ! EVP_DecryptFinal(ctx, (unsigned char *)plain + outl, &plen) ) {    EVP_CIPHER_CTX_free(ctx);    throw std::runtime_error("DecryptFinal failed");  }  outl += plen;  EVP_CIPHER_CTX_free(ctx);  return outl;#else  throw std::runtime_error("Decryption support not available");#endif}

static krb5_error_codeAES_PRF(krb5_context context,	krb5_crypto crypto,	const krb5_data *in,	krb5_data *out){    struct _krb5_checksum_type *ct = crypto->et->checksum;    krb5_error_code ret;    Checksum result;    krb5_keyblock *derived;    result.cksumtype = ct->type;    ret = krb5_data_alloc(&result.checksum, ct->checksumsize);    if (ret) {	krb5_set_error_message(context, ret, N_("malloc: out memory", ""));	return ret;    }    ret = (*ct->checksum)(context, NULL, in->data, in->length, 0, &result);    if (ret) {	krb5_data_free(&result.checksum);	return ret;    }    if (result.checksum.length < crypto->et->blocksize)	krb5_abortx(context, "internal prf error");    derived = NULL;    ret = krb5_derive_key(context, crypto->key.key,			  crypto->et->type, "prf", 3, &derived);    if (ret)	krb5_abortx(context, "krb5_derive_key");    ret = krb5_data_alloc(out, crypto->et->blocksize);    if (ret)	krb5_abortx(context, "malloc failed");    {	const EVP_CIPHER *c = (*crypto->et->keytype->evp)();	EVP_CIPHER_CTX *ctx;	ctx = EVP_CIPHER_CTX_new(); /* ivec all zero */	if (ctx == NULL)	    krb5_abortx(context, "malloc failed");	EVP_CipherInit_ex(ctx, c, NULL, derived->keyvalue.data, NULL, 1);	EVP_Cipher(ctx, out->data, result.checksum.data,		   crypto->et->blocksize);	EVP_CIPHER_CTX_free(ctx);    }    krb5_data_free(&result.checksum);    krb5_free_keyblock(context, derived);    return ret;}

/** * @brief Clean encryption / decryption context. * @note After cleanup, a context is free to be reused if necessary. * @param ctx The block context to use. * @return Returns APR_ENOTIMPL if not supported. */static apr_status_t crypto_block_cleanup(apr_crypto_block_t *ctx){    if (ctx->initialised) {        EVP_CIPHER_CTX_free(ctx->cipherCtx);        ctx->initialised = 0;    }    return APR_SUCCESS;}

static int entersafe_cipher_apdu(sc_card_t *card, sc_apdu_t *apdu,								 u8 *key, size_t keylen,								 u8 *buff, size_t buffsize){	 EVP_CIPHER_CTX * ctx = NULL;	 u8 iv[8]={0};	 int len;	SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);	 assert(card);	 assert(apdu);	 assert(key);	 assert(buff);	 /* padding as 0x80 0x00 0x00...... */	 memset(buff,0,buffsize);	 buff[0]=apdu->lc;	 memcpy(buff+1,apdu->data,apdu->lc);	 buff[apdu->lc+1]=0x80;	 ctx = EVP_CIPHER_CTX_new();	 if (ctx == NULL)		 SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY);	 EVP_CIPHER_CTX_set_padding(ctx,0);	 if(keylen == 8)		  EVP_EncryptInit_ex(ctx, EVP_des_ecb(), NULL, key, iv);	 else if (keylen == 16) 		  EVP_EncryptInit_ex(ctx, EVP_des_ede(), NULL, key, iv);	 else		  SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INTERNAL);	 	 len = apdu->lc;	 if(!EVP_EncryptUpdate(ctx, buff, &len, buff, buffsize)){		  sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "entersafe encryption error.");		  SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INTERNAL);	 }	 apdu->lc = len;	 EVP_CIPHER_CTX_free(ctx);	 if(apdu->lc!=buffsize)	 {		  sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "entersafe build cipher apdu failed.");		  SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INTERNAL);	 }	 apdu->data=buff;	 apdu->datalen=apdu->lc;	 SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_SUCCESS);}

/* * Encrypt/Decrypt a buffer based on password and algor, result in a * OPENSSL_malloc'ed buffer */unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,                                const char *pass, int passlen,                                const unsigned char *in, int inlen,                                unsigned char **data, int *datalen, int en_de){    unsigned char *out = NULL;    int outlen, i;    EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();    if (ctx == NULL) {        PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE);        goto err;    }    /* Decrypt data */    if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,                            algor->parameter, ctx, en_de)) {        PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,                  PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);        goto err;    }    if ((out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(ctx)))            == NULL) {        PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE);        goto err;    }    if (!EVP_CipherUpdate(ctx, out, &i, in, inlen)) {        OPENSSL_free(out);        out = NULL;        PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_EVP_LIB);        goto err;    }    outlen = i;    if (!EVP_CipherFinal_ex(ctx, out + i, &i)) {        OPENSSL_free(out);        out = NULL;        PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,                  PKCS12_R_PKCS12_CIPHERFINAL_ERROR);        goto err;    }    outlen += i;    if (datalen)        *datalen = outlen;    if (data)        *data = out; err:    EVP_CIPHER_CTX_free(ctx);    return out;}

void RarVolume::DecryptFree(){	if (m_context)	{#ifdef HAVE_OPENSSL		EVP_CIPHER_CTX_free((EVP_CIPHER_CTX*)m_context);#elif defined(HAVE_NETTLE)		delete (aes_ctx*)m_context;#endif		m_context = nullptr;	}}

int crypto_decrypt_final(CipherContext *ctx, char *decryptedtext) {    int decryptedtext_len;    if (EVP_DecryptFinal_ex(ctx, (unsigned char *)decryptedtext, &decryptedtext_len) != 1)        crypto_handle_error();    EVP_CIPHER_CTX_free(ctx);    /* Add a NULL terminator. We are expecting printable text */    decryptedtext[decryptedtext_len] = '/0';    return decryptedtext_len;}

static int decrypt(void *ctx,char *name,char *file,void *in,int ilen,void *out){	int len;	int rem;	int r=NOUSER;	struct spwd *sp;#if OPENSSL_VERSION_NUMBER >= 0x1010000fL	EVP_CIPHER_CTX *etx;#else	EVP_CIPHER_CTX etx;#endif	unsigned char bfr[512];	unsigned char key[32];	unsigned char iv[32];	if(!(sp=getspnam(name)))goto err1;	len=sizeof(bfr);	if((r=sign(ctx,file,sp->sp_pwdp,strlen(sp->sp_pwdp),bfr,&len)))		goto err2;	r=CRYPTOFAIL;#if OPENSSL_VERSION_NUMBER >= 0x1010000fL	etx=EVP_CIPHER_CTX_new();	EVP_BytesToKey(EVP_aes_256_cfb(),EVP_sha256(),NULL,bfr,len,1,key,iv);	EVP_DecryptInit_ex(etx,EVP_aes_256_cfb(),NULL,key,iv);	len=ilen;	if(!EVP_DecryptUpdate(etx,out,&len,in,ilen))goto err3;	rem=ilen-len;	if(!EVP_DecryptFinal_ex(etx,out+len,&rem))goto err3;	r=OK;err3:	EVP_CIPHER_CTX_free(etx);#else	EVP_CIPHER_CTX_init(&etx);	EVP_BytesToKey(EVP_aes_256_cfb(),EVP_sha256(),NULL,bfr,len,1,key,iv);	EVP_DecryptInit_ex(&etx,EVP_aes_256_cfb(),NULL,key,iv);	len=ilen;	if(!EVP_DecryptUpdate(&etx,out,&len,in,ilen))goto err3;	rem=ilen-len;	if(!EVP_DecryptFinal_ex(&etx,out+len,&rem))goto err3;	r=OK;err3:	EVP_CIPHER_CTX_cleanup(&etx);#endif	memclear(key,0,sizeof(key));	memclear(iv,0,sizeof(iv));err2:	memclear(bfr,0,sizeof(bfr));	memclear(sp->sp_pwdp,0,strlen(sp->sp_pwdp));err1:	return r;}

int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,                  pem_password_cb *callback, void *u){    int i = 0, j, o, klen;    long len;    EVP_CIPHER_CTX *ctx;    unsigned char key[EVP_MAX_KEY_LENGTH];    char buf[PEM_BUFSIZE];    len = *plen;    if (cipher->cipher == NULL)        return (1);    if (callback == NULL)        klen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u);    else        klen = callback(buf, PEM_BUFSIZE, 0, u);    if (klen <= 0) {        PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ);        return (0);    }#ifdef CHARSET_EBCDIC    /* Convert the pass phrase from EBCDIC */    ebcdic2ascii(buf, buf, klen);#endif    if (!EVP_BytesToKey(cipher->cipher, EVP_md5(), &(cipher->iv[0]),                        (unsigned char *)buf, klen, 1, key, NULL))        return 0;    j = (int)len;    ctx = EVP_CIPHER_CTX_new();    if (ctx == NULL)        return 0;    o = EVP_DecryptInit_ex(ctx, cipher->cipher, NULL, key, &(cipher->iv[0]));    if (o)        o = EVP_DecryptUpdate(ctx, data, &i, data, j);    if (o)        o = EVP_DecryptFinal_ex(ctx, &(data[i]), &j);    EVP_CIPHER_CTX_free(ctx);    OPENSSL_cleanse((char *)buf, sizeof(buf));    OPENSSL_cleanse((char *)key, sizeof(key));    if (o)        j += i;    else {        PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_DECRYPT);        return (0);    }    *plen = j;    return (1);}

	int crypt_ec_helper::decrypt(unsigned char* cipherText, int cipherTextLen, unsigned char *secret, int secretLength, unsigned char* plainText)	{		EVP_CIPHER_CTX *ctx;		int len, plaintext_len;		unsigned char* key = new unsigned char[32];		unsigned char* iv = new unsigned char[16];		int keyLen = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha512(),			NULL,			secret, secretLength, 150000,			key, iv);		/* Create and initialise the context */		if (!(ctx = EVP_CIPHER_CTX_new()))			throw std::runtime_error("Decrypt: Failed to create cipher context./n");		/* Initialise the decryption operation. IMPORTANT - ensure you use a key		* and IV size appropriate for your cipher		* In this example we are using 256 bit AES (i.e. a 256 bit key). The		* IV size for *most* modes is the same as the block size. For AES this		* is 128 bits */		if (1 != EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv))			throw std::runtime_error("Decrypt: Failed to initialize cipher./n");		plaintext_len = 0;		/* Provide the message to be decrypted, and obtain the plaintext output.		* EVP_DecryptUpdate can be called multiple times if necessary		*/		if (1 != EVP_DecryptUpdate(ctx, plainText, &len, cipherText, cipherTextLen))			throw std::runtime_error("Decrypt: Failed to decrypt message./n");		plaintext_len += len;		/* Finalise the decryption. Further plaintext bytes may be written at		* this stage.		*/		if (1 != EVP_DecryptFinal_ex(ctx, plainText + len, &len))			throw std::runtime_error("Encrypt: Failed to finalize message encryption./n");		plaintext_len += len;		/* Clean up */		free(key);		free(iv);		EVP_CIPHER_CTX_free(ctx);		return plaintext_len;	}

bool ocryptostreambuf::update(){  int inl = pptr() - pbase(); // number of bytes to input  pbump(-inl);  int outl = 0;  if (1 != EVP_CipherUpdate(ctx, (uint8_t*)out.data(), &outl, (uint8_t*)pbase(), inl))    {      EVP_CIPHER_CTX_free(ctx);      ctx = NULL;      return false;    }  // output to underlying stream  return ( output.sputn(out.data(), outl) == outl );}

int decrypt(char *message, uint32_t message_size, char *password, char *plaintext){  EVP_CIPHER_CTX *ctx;  int len;  int plaintext_len;  char key[KEY_SIZE_BYTES];  int status = generateKey(password, SALT, key);  if(!status){    return -1;  }  const char *ciphertext = getEncryptedBody(message);  /* Create and initialise the context */  if(!(ctx = EVP_CIPHER_CTX_new())){    return -1;  }     /* Initialise the decryption operation. IMPORTANT - ensure you use a key   * and IV size appropriate for your cipher   * In this example we are using 256 bit AES (i.e. a 256 bit key). The   * IV size for *most* modes is the same as the block size. For AES this   * is 128 bits */  if(1 != EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, (unsigned char *) key, (unsigned char *) message)){    return -1;  }  /* Provide the message to be decrypted, and obtain the plaintext output.   * EVP_DecryptUpdate can be called multiple times if necessary   */  if(1 != EVP_DecryptUpdate(ctx, (unsigned char *) plaintext, &len, (unsigned char *) ciphertext, message_size - IV_SIZE_BYTES)){    return -1;  }  plaintext_len = len;  /* Finalise the decryption. Further plaintext bytes may be written at   * this stage.   */  if(1 != EVP_DecryptFinal_ex(ctx, (unsigned char *) plaintext + len, &len)){    return -1;  }   plaintext_len += len;  /* Clean up */  EVP_CIPHER_CTX_free(ctx);  return plaintext_len;}

ocryptostreambuf::ocryptostreambuf(std::streambuf* out, const crypto_key& key, const crypto_iv& iv, int enc)  :ctx(EVP_CIPHER_CTX_new()),   output(*out){  if (!ctx)    return;  if (1 != EVP_CipherInit_ex(ctx, EVP_aes_256_cbc(), NULL, key.data(), iv.data(), enc))    {      EVP_CIPHER_CTX_free(ctx);      ctx = NULL;    }  setp(in.data(),in.data()+in.size());}

icryptostreambuf::icryptostreambuf(std::streambuf *in, const crypto_key& key, const crypto_iv& iv, int enc)  :ctx(EVP_CIPHER_CTX_new()),   input(*in){  if (!ctx)    return;  if (1 != EVP_CipherInit_ex(ctx, EVP_aes_256_cbc(), NULL, key.data(), iv.data(), enc))    {      // something went wrong, just leave ctx to NULL      EVP_CIPHER_CTX_free(ctx);      ctx = NULL;    }  setg(NULL,NULL,NULL);}

voidcipher_free(struct sshcipher_ctx *cc){	if (cc == NULL)		return;	if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)		explicit_bzero(&cc->cp_ctx, sizeof(cc->cp_ctx));	else if ((cc->cipher->flags & CFLAG_AESCTR) != 0)		explicit_bzero(&cc->ac_ctx, sizeof(cc->ac_ctx));#ifdef WITH_OPENSSL	EVP_CIPHER_CTX_free(cc->evp);	cc->evp = NULL;#endif	explicit_bzero(cc, sizeof(*cc));	free(cc);}

static intcipher_cleanup(hc_EVP_CIPHER_CTX *ctx){    struct ossl_cipher_ctx *ossl_ctx = ctx->cipher_data;    if (ossl_ctx == NULL || !ossl_ctx->initialized)        return 1;    if (ossl_ctx->ossl_cipher_ctx != NULL)        EVP_CIPHER_CTX_free(ossl_ctx->ossl_cipher_ctx);    ossl_ctx->ossl_cipher_ctx = NULL;    ossl_ctx->ossl_cipher = NULL;    ossl_ctx->initialized = 0;    return 1;}