自学教程：C++ EVP_Cipher函数代码示例

static int FIPS_des3_test(void){    int ret = 0;    unsigned char pltmp[8];    unsigned char citmp[8];    unsigned char key[] =    {   1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18,        19, 20, 21, 22, 23, 24    };    unsigned char plaintext[] = { 'e', 't', 'a', 'o', 'n', 'r', 'i', 's' };    EVP_CIPHER_CTX ctx;    EVP_CIPHER_CTX_init(&ctx);    if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(), NULL, key, NULL, 1) <= 0)        goto err;    EVP_Cipher(&ctx, citmp, plaintext, 8);    if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(), NULL, key, NULL, 0) <= 0)        goto err;    EVP_Cipher(&ctx, pltmp, citmp, 8);    if (memcmp(pltmp, plaintext, 8))        goto err;    ret = 1;err:    EVP_CIPHER_CTX_cleanup(&ctx);    return ret;}

/* * This function decrypts a buffer using AES GCM mode * * Parameters: *	c	Crypto context *	buf	data to encrypt *	enc_len	length of encrypt buffer */err_status_t aes_gcm_openssl_decrypt (aes_gcm_ctx_t *c, unsigned char *buf, 	                              unsigned int *enc_len){    if (c->dir != direction_encrypt && c->dir != direction_decrypt) {        return (err_status_bad_param);    }    /*     * Set the tag before decrypting     */    EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, 	                buf + (*enc_len - c->tag_len));    EVP_Cipher(&c->ctx, buf, buf, *enc_len - c->tag_len);    /*     * Check the tag     */    if (EVP_Cipher(&c->ctx, NULL, NULL, 0)) {        return (err_status_auth_fail);    }    /*     * Reduce the buffer size by the tag length since the tag     * is not part of the original payload     */    *enc_len -= c->tag_len;    return (err_status_ok);}

static inttest_cipher(int i, const EVP_CIPHER *c, struct tests *t){    EVP_CIPHER_CTX ectx;    EVP_CIPHER_CTX dctx;    void *d;    if (c == NULL) {	printf("%s not supported/n", t->name);	return 0;    }    EVP_CIPHER_CTX_init(&ectx);    EVP_CIPHER_CTX_init(&dctx);    if (EVP_CipherInit_ex(&ectx, c, NULL, NULL, NULL, 1) != 1)	errx(1, "%s: %d EVP_CipherInit_ex einit", t->name, i);    if (EVP_CipherInit_ex(&dctx, c, NULL, NULL, NULL, 0) != 1)	errx(1, "%s: %d EVP_CipherInit_ex dinit", t->name, i);    EVP_CIPHER_CTX_set_key_length(&ectx, t->keysize);    EVP_CIPHER_CTX_set_key_length(&dctx, t->keysize);    if (EVP_CipherInit_ex(&ectx, NULL, NULL, t->key, t->iv, 1) != 1)	errx(1, "%s: %d EVP_CipherInit_ex encrypt", t->name, i);    if (EVP_CipherInit_ex(&dctx, NULL, NULL, t->key, t->iv, 0) != 1)	errx(1, "%s: %d EVP_CipherInit_ex decrypt", t->name, i);    d = emalloc(t->datasize);    if (!EVP_Cipher(&ectx, d, t->indata, t->datasize))	errx(1, "%s: %d EVP_Cipher encrypt failed", t->name, i);    if (memcmp(d, t->outdata, t->datasize) != 0) {	char *s, *s2;	hex_encode(d, t->datasize, &s);	hex_encode(t->outdata, t->datasize, &s2);	errx(1, "%s: %d encrypt not the same: %s != %s", t->name, i, s, s2);    }    if (!EVP_Cipher(&dctx, d, d, t->datasize))	errx(1, "%s: %d EVP_Cipher decrypt failed", t->name, i);    if (memcmp(d, t->indata, t->datasize) != 0) {	char *s;	hex_encode(d, t->datasize, &s);	errx(1, "%s: %d decrypt not the same: %s", t->name, i, s);    }    if (t->outiv)	/* XXXX check  */;    EVP_CIPHER_CTX_cleanup(&ectx);    EVP_CIPHER_CTX_cleanup(&dctx);    free(d);    return 0;}

int_krb5_evp_encrypt_iov(krb5_context context,		      struct _krb5_key_data *key,		      struct krb5_crypto_iov *iov,		      int niov,		      krb5_boolean encryptp,		      int usage,		      void *ivec){    size_t blocksize, blockmask, wholeblocks;    struct _krb5_evp_schedule *ctx = key->schedule->data;    unsigned char tmp[EVP_MAX_BLOCK_LENGTH];    EVP_CIPHER_CTX *c;    struct _krb5_evp_iov_cursor cursor;    c = encryptp ? &ctx->ectx : &ctx->dctx;    blocksize = EVP_CIPHER_CTX_block_size(c);    blockmask = ~(blocksize - 1);    if (ivec)	EVP_CipherInit_ex(c, NULL, NULL, NULL, ivec, -1);    else	EVP_CipherInit_ex(c, NULL, NULL, NULL, zero_ivec, -1);    _krb5_evp_iov_cursor_init(&cursor, iov, niov);    while (!_krb5_evp_iov_cursor_done(&cursor)) {	/* Number of bytes of data in this iovec that are in whole blocks */        wholeblocks = cursor.current.length & ~blockmask;        if (wholeblocks != 0) {            EVP_Cipher(c, cursor.current.data,                       cursor.current.data, wholeblocks);            _krb5_evp_iov_cursor_advance(&cursor, wholeblocks);        }        /* If there's a partial block of data remaining in the current         * iovec, steal enough from subsequent iovecs to form a whole block */        if (cursor.current.length > 0 && cursor.current.length < blocksize) {	    /* Build up a block's worth of data in tmp, leaving the cursor	     * pointing at where we started */            _krb5_evp_iov_cursor_fillbuf(&cursor, tmp, blocksize, NULL);            EVP_Cipher(c, tmp, tmp, blocksize);            /* Copy the data in tmp back into the iovecs that it came from,             * advancing the cursor */            _krb5_evp_iov_cursor_fillvec(&cursor, tmp, blocksize);        }    }    return 0;}

voidcipher_crypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len){	if (len % cc->cipher->block_size)		fatal("cipher_encrypt: bad plaintext length %d", len);#ifdef SSH_OLD_EVP	EVP_Cipher(&cc->evp, dest, (u_char *)src, len);#else	if (EVP_Cipher(&cc->evp, dest, (u_char *)src, len) == 0)		fatal("evp_crypt: EVP_Cipher failed");#endif}

static intssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, size_t len){	struct ssh1_3des_ctx *c;	if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL)		return 0;	if (EVP_Cipher(&c->k1, dest, __UNCONST(src), len) == 0 ||	    EVP_Cipher(&c->k2, dest, dest, len) == 0 ||	    EVP_Cipher(&c->k3, dest, dest, len) == 0)		return 0;	return 1;}

static intssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, size_t len){	struct ssh1_3des_ctx *c;	if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {		error("ssh1_3des_cbc: no context");		return (0);	}	if (EVP_Cipher(&c->k1, dest, (u_char *)src, len) == 0 ||	    EVP_Cipher(&c->k2, dest, dest, len) == 0 ||	    EVP_Cipher(&c->k3, dest, dest, len) == 0)		return (0);	return (1);}

static inttest_bulk_cipher(const char *cname, const EVP_CIPHER *c){    static unsigned char key[16];    static unsigned char iv[16];    int i;    int64_t M = 0;    for (i = 0; i < loops; i++) {        EVP_CIPHER_CTX ectx;        EVP_CIPHER_CTX dctx;        STATS_START(M)        EVP_CIPHER_CTX_init(&ectx);        EVP_CIPHER_CTX_init(&dctx);        if (EVP_CipherInit_ex(&ectx, c, NULL, NULL, NULL, 1) != 1)	    errx(1, "can't init encrypt");        if (EVP_CipherInit_ex(&dctx, c, NULL, NULL, NULL, 0) != 1)	    errx(1, "can't init decrypt");        EVP_CIPHER_CTX_set_key_length(&ectx, sizeof(key));        EVP_CIPHER_CTX_set_key_length(&dctx, sizeof(key));        if (EVP_CipherInit_ex(&ectx, NULL, NULL, key, iv, 1) != 1)	    errx(1, "can't init encrypt");        if (EVP_CipherInit_ex(&dctx, NULL, NULL, key, iv, 0) != 1)	    errx(1, "can't init decrypt");        if (!EVP_Cipher(&ectx, d, d, len))	    errx(1, "can't encrypt");        if (!EVP_Cipher(&dctx, d, d, len))	    errx(1, "can't decrypt");        EVP_CIPHER_CTX_cleanup(&ectx);        EVP_CIPHER_CTX_cleanup(&dctx);        STATS_END(M);	if (d[0] != 0x00 || d[len - 1] != ((len - 1) & 0xff))	    errx(1, "encrypt/decrypt inconsistent");    }    printf("%s: mean time %llu usec%s/n", cname, M, (M == 1) ? "" : "s");    return 0;}

/* * cipher_crypt() operates as following: * Copy 'aadlen' bytes (without en/decryption) from 'src' to 'dest'. * Theses bytes are treated as additional authenticated data for * authenticated encryption modes. * En/Decrypt 'len' bytes at offset 'aadlen' from 'src' to 'dest'. * Use 'authlen' bytes at offset 'len'+'aadlen' as the authentication tag. * This tag is written on encryption and verified on decryption. * Both 'aadlen' and 'authlen' can be set to 0. * cipher_crypt() returns 0 on success and -1 if the decryption integrity * check fails. */intcipher_crypt(CipherContext *cc, u_int seqnr, u_char *dest, const u_char *src,    u_int len, u_int aadlen, u_int authlen){	if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)		return chachapoly_crypt(&cc->cp_ctx, seqnr, dest, src, len,		    aadlen, authlen, cc->encrypt);	if (authlen) {		u_char lastiv[1];		if (authlen != cipher_authlen(cc->cipher))			fatal("%s: authlen mismatch %d", __func__, authlen);		/* increment IV */		if (!EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_IV_GEN,		    1, lastiv))			fatal("%s: EVP_CTRL_GCM_IV_GEN", __func__);		/* set tag on decyption */		if (!cc->encrypt &&		    !EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_SET_TAG,		    authlen, (u_char *)src + aadlen + len))			fatal("%s: EVP_CTRL_GCM_SET_TAG", __func__);	}	if (aadlen) {		if (authlen &&		    EVP_Cipher(&cc->evp, NULL, (u_char *)src, aadlen) < 0)			fatal("%s: EVP_Cipher(aad) failed", __func__);		memcpy(dest, src, aadlen);	}	if (len % cc->cipher->block_size)		fatal("%s: bad plaintext length %d", __func__, len);	if (EVP_Cipher(&cc->evp, dest + aadlen, (u_char *)src + aadlen,	    len) < 0)		fatal("%s: EVP_Cipher failed", __func__);	if (authlen) {		/* compute tag (on encrypt) or verify tag (on decrypt) */		if (EVP_Cipher(&cc->evp, NULL, NULL, 0) < 0) {			if (cc->encrypt)				fatal("%s: EVP_Cipher(final) failed", __func__);			else				return -1;		}		if (cc->encrypt &&		    !EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_GET_TAG,		    authlen, dest + aadlen + len))			fatal("%s: EVP_CTRL_GCM_GET_TAG", __func__);	}	return 0;}

krb5_error_code_krb5_evp_encrypt(krb5_context context,		struct _krb5_key_data *key,		void *data,		size_t len,		krb5_boolean encryptp,		int usage,		void *ivec){    struct _krb5_evp_schedule *ctx = key->schedule->data;    EVP_CIPHER_CTX *c;    c = encryptp ? &ctx->ectx : &ctx->dctx;    if (ivec == NULL) {	/* alloca ? */	size_t len2 = EVP_CIPHER_CTX_iv_length(c);	void *loiv = malloc(len2);	if (loiv == NULL)	    return krb5_enomem(context);	memset(loiv, 0, len2);	EVP_CipherInit_ex(c, NULL, NULL, NULL, loiv, -1);	free(loiv);    } else	EVP_CipherInit_ex(c, NULL, NULL, NULL, ivec, -1);    EVP_Cipher(c, data, data, len);    return 0;}

inttls_process_record_data(struct SSLConnection *conn, const opaque *fragment, const int len,                        uint8_t **out, uint32_t *outl){    EVP_CIPHER_CTX *evp;    unsigned char pad;    unsigned char *decoded;    uint32_t dlen;    if (conn->direction == 0) {        evp = &conn->client_cipher_ctx;    } else {        evp = &conn->server_cipher_ctx;    }    decoded = sng_malloc(len);    EVP_Cipher(evp, decoded, (unsigned char *) fragment, len);    // Get padding counter and remove from data    pad = decoded[len - 1];    dlen = (len - (pad + 1) - /* Trailing MAC */20);    if ((int32_t)dlen > 0 && dlen <= *outl) {        memcpy(*out, decoded, dlen);        *outl = dlen;    }    // Clenaup decoded memory    sng_free(decoded);    return *outl;}

KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL_krb5_des_checksum(krb5_context context,		   const EVP_MD *evp_md,		   struct _krb5_key_data *key,		   const void *data,		   size_t len,		   Checksum *cksum){    struct _krb5_evp_schedule *ctx = key->schedule->data;    EVP_MD_CTX *m;    DES_cblock ivec;    unsigned char *p = cksum->checksum.data;    krb5_generate_random_block(p, 8);    m = EVP_MD_CTX_create();    if (m == NULL)	return krb5_enomem(context);    EVP_DigestInit_ex(m, evp_md, NULL);    EVP_DigestUpdate(m, p, 8);    EVP_DigestUpdate(m, data, len);    EVP_DigestFinal_ex (m, p + 8, NULL);    EVP_MD_CTX_destroy(m);    memset (&ivec, 0, sizeof(ivec));    EVP_CipherInit_ex(&ctx->ectx, NULL, NULL, NULL, (void *)&ivec, -1);    EVP_Cipher(&ctx->ectx, p, p, 24);    return 0;}

int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, 			const EVP_CIPHER *cipher, ENGINE *impl)	{	static unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH];#ifdef OPENSSL_FIPS	if (FIPS_mode())		{		/* If we have an ENGINE need to allow non FIPS */		if ((impl || ctx->cctx.engine)			&& !(ctx->cctx.flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))			{			EVPerr(EVP_F_CMAC_INIT, EVP_R_DISABLED_FOR_FIPS);			return 0;			}		/* Other algorithm blocking will be done in FIPS_cmac_init,		 * via FIPS_cipherinit().		 */		if (!impl && !ctx->cctx.engine)			return FIPS_cmac_init(ctx, key, keylen, cipher, NULL);		}#endif	/* All zeros means restart */	if (!key && !cipher && !impl && keylen == 0)		{		/* Not initialised */		if (ctx->nlast_block == -1)			return 0;		if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv))			return 0;		return 1;		}	/* Initialiase context */	if (cipher && !EVP_EncryptInit_ex(&ctx->cctx, cipher, impl, NULL, NULL))		return 0;	/* Non-NULL key means initialisation complete */	if (key)		{		int bl;		if (!EVP_CIPHER_CTX_cipher(&ctx->cctx))			return 0;		if (!EVP_CIPHER_CTX_set_key_length(&ctx->cctx, keylen))			return 0;		if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, key, zero_iv))			return 0;		bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);		if (!EVP_Cipher(&ctx->cctx, ctx->tbl, zero_iv, bl))			return 0;		make_kn(ctx->k1, ctx->tbl, bl);		make_kn(ctx->k2, ctx->k1, bl);		OPENSSL_cleanse(ctx->tbl, bl);		/* Reset context again ready for first data block */		if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv))			return 0;		/* Zero tbl so resume works */		memset(ctx->tbl, 0, bl);		ctx->nlast_block = 0;		}	return 1;	}

/* * This function processes the AAD * * Parameters: *	c	Crypto context *	aad	Additional data to process for AEAD cipher suites *	aad_len	length of aad buffer */static srtp_err_status_t srtp_aes_gcm_openssl_set_aad(void *cv,                                                      const uint8_t *aad,                                                      uint32_t aad_len){    srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;    int rv;    /*     * Set dummy tag, OpenSSL requires the Tag to be set before     * processing AAD     */    /*     * OpenSSL never write to address pointed by the last parameter of     * EVP_CIPHER_CTX_ctrl while EVP_CTRL_GCM_SET_TAG (in reality,     * OpenSSL copy its content to the context), so we can make     * aad read-only in this function and all its wrappers.     */    unsigned char dummy_tag[GCM_AUTH_TAG_LEN];    memset(dummy_tag, 0x0, GCM_AUTH_TAG_LEN);    EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, &dummy_tag);    rv = EVP_Cipher(c->ctx, NULL, aad, aad_len);    if (rv != aad_len) {        return (srtp_err_status_algo_fail);    } else {        return (srtp_err_status_ok);    }}

krb5_error_code_krb5_des_checksum(krb5_context context,		   CCDigestAlg alg,		   struct _krb5_key_data *key,		   const void *data,		   size_t len,		   Checksum *cksum){    struct _krb5_evp_schedule *ctx = key->schedule->data;    CCDigestRef m;    unsigned char ivec[8];    unsigned char *p = cksum->checksum.data;    krb5_generate_random_block(p, 8);    m = CCDigestCreate(alg);    if (m == NULL) {	krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));	return ENOMEM;    }    CCDigestUpdate(m, p, 8);    CCDigestUpdate(m, data, len);    CCDigestFinal(m, p + 8);    CCDigestDestroy(m);    memset (&ivec, 0, sizeof(ivec));    EVP_CipherInit_ex(&ctx->ectx, NULL, NULL, NULL, (void *)ivec, -1);    EVP_Cipher(&ctx->ectx, p, p, 24);    return 0;}

int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen)	{	int i, bl, lb;#ifdef OPENSSL_FIPS	if (FIPS_mode() && !ctx->cctx.engine)		return FIPS_cmac_final(ctx, out, poutlen);#endif	if (ctx->nlast_block == -1)		return 0;	bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);	*poutlen = (size_t)bl;	if (!out)		return 1;	lb = ctx->nlast_block;	/* Is last block complete? */	if (lb == bl)		{		for (i = 0; i < bl; i++)			out[i] = ctx->last_block[i] ^ ctx->k1[i];		}	else		{		ctx->last_block[lb] = 0x80;		if (bl - lb > 1)			memset(ctx->last_block + lb + 1, 0, bl - lb - 1);		for (i = 0; i < bl; i++)			out[i] = ctx->last_block[i] ^ ctx->k2[i];		}	if (!EVP_Cipher(&ctx->cctx, out, out, bl))		{		OPENSSL_cleanse(out, bl);			return 0;		}	return 1;	}

/* read/writes from s->s2->mac_data using length for encrypt and  * decrypt.  It sets s->s2->padding and s->[rw]length * if we are encrypting */void ssl2_enc(SSL *s, int send)	{	EVP_CIPHER_CTX *ds;	unsigned long l;	int bs;	if (send)		{		ds=s->enc_write_ctx;		l=s->s2->wlength;		}	else		{		ds=s->enc_read_ctx;		l=s->s2->rlength;		}	/* check for NULL cipher */	if (ds == NULL) return;	bs=ds->cipher->block_size;	/* This should be using (bs-1) and bs instead of 7 and 8, but	 * what the hell. */	if (bs == 8)		l=(l+7)/8*8;	EVP_Cipher(ds,s->s2->mac_data,s->s2->mac_data,l);	}

static inttest_cipher(struct tests *t){    const EVP_CIPHER *c = t->cipher();    EVP_CIPHER_CTX ectx;    EVP_CIPHER_CTX dctx;    void *d;    EVP_CIPHER_CTX_init(&ectx);    EVP_CIPHER_CTX_init(&dctx);    if (EVP_CipherInit_ex(&ectx, c, NULL, NULL, NULL, 1) != 1)	errx(1, "%s: EVP_CipherInit_ex einit", t->name);    if (EVP_CipherInit_ex(&dctx, c, NULL, NULL, NULL, 0) != 1)	errx(1, "%s: EVP_CipherInit_ex dinit", t->name);    EVP_CIPHER_CTX_set_key_length(&ectx, t->keysize);    EVP_CIPHER_CTX_set_key_length(&dctx, t->keysize);    if (EVP_CipherInit_ex(&ectx, NULL, NULL, t->key, t->iv, 1) != 1)	errx(1, "%s: EVP_CipherInit_ex encrypt", t->name);    if (EVP_CipherInit_ex(&dctx, NULL, NULL, t->key, t->iv, 0) != 1)	errx(1, "%s: EVP_CipherInit_ex decrypt", t->name);    d = emalloc(t->datasize);    if (!EVP_Cipher(&ectx, d, t->indata, t->datasize))	return 1;    if (memcmp(d, t->outdata, t->datasize) != 0)	errx(1, "%s: encrypt not the same", t->name);    if (!EVP_Cipher(&dctx, d, d, t->datasize))	return 1;    if (memcmp(d, t->indata, t->datasize) != 0)	errx(1, "%s: decrypt not the same", t->name);    if (t->outiv)	/* XXXX check  */;    EVP_CIPHER_CTX_cleanup(&ectx);    EVP_CIPHER_CTX_cleanup(&dctx);    free(d);    return 0;}

voidcipher_crypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len){	if (len % cc->cipher->block_size)		fatal("cipher_encrypt: bad plaintext length %d", len);	if (EVP_Cipher(&cc->evp, dest, __UNCONST(src), len) == 0)		fatal("evp_crypt: EVP_Cipher failed");}

voidcipher_init(CipherContext *cc, Cipher *cipher,    const u_char *key, u_int keylen, const u_char *iv, u_int ivlen,    int do_encrypt){	static int dowarn = 1;	const EVP_CIPHER *type;	int klen;	u_char *junk, *discard;	if (cipher->number == SSH_CIPHER_DES) {		if (dowarn) {			error("Warning: use of DES is strongly discouraged "			    "due to cryptographic weaknesses");			dowarn = 0;		}		if (keylen > 8)			keylen = 8;	}	cc->plaintext = (cipher->number == SSH_CIPHER_NONE);	if (keylen < cipher->key_len)		fatal("cipher_init: key length %d is insufficient for %s.",		    keylen, cipher->name);	if (iv != NULL && ivlen < cipher->block_size)		fatal("cipher_init: iv length %d is insufficient for %s.",		    ivlen, cipher->name);	cc->cipher = cipher;	type = (*cipher->evptype)();	EVP_CIPHER_CTX_init(&cc->evp);	if (EVP_CipherInit(&cc->evp, type, NULL, __UNCONST(iv),	    (do_encrypt == CIPHER_ENCRYPT)) == 0)		fatal("cipher_init: EVP_CipherInit failed for %s",		    cipher->name);	klen = EVP_CIPHER_CTX_key_length(&cc->evp);	if (klen > 0 && keylen != (u_int)klen) {		debug2("cipher_init: set keylen (%d -> %d)", klen, keylen);		if (EVP_CIPHER_CTX_set_key_length(&cc->evp, keylen) == 0)			fatal("cipher_init: set keylen failed (%d -> %d)",			    klen, keylen);	}	if (EVP_CipherInit(&cc->evp, NULL, __UNCONST(key), NULL, -1) == 0)		fatal("cipher_init: EVP_CipherInit: set key failed for %s",		    cipher->name);	if (cipher->discard_len > 0) {		junk = xmalloc(cipher->discard_len);		discard = xmalloc(cipher->discard_len);		if (EVP_Cipher(&cc->evp, discard, junk,		    cipher->discard_len) == 0)			fatal("evp_crypt: EVP_Cipher failed during discard");		memset(discard, 0, cipher->discard_len);		xfree(junk);		xfree(discard);	}}

int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen)	{	const unsigned char *data = in;	size_t bl;#ifdef OPENSSL_FIPS	if (FIPS_mode() && !ctx->cctx.engine)		return FIPS_cmac_update(ctx, in, dlen);#endif	if (ctx->nlast_block == -1)		return 0;	if (dlen == 0)		return 1;	bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);	/* Copy into partial block if we need to */	if (ctx->nlast_block > 0)		{		size_t nleft;		nleft = bl - ctx->nlast_block;		if (dlen < nleft)			nleft = dlen;		memcpy(ctx->last_block + ctx->nlast_block, data, nleft);		dlen -= nleft;		ctx->nlast_block += nleft;		/* If no more to process return */		if (dlen == 0)			return 1;		data += nleft;		/* Else not final block so encrypt it */		if (!EVP_Cipher(&ctx->cctx, ctx->tbl, ctx->last_block,bl))			return 0;		}	/* Encrypt all but one of the complete blocks left */	while(dlen > bl)		{		if (!EVP_Cipher(&ctx->cctx, ctx->tbl, data, bl))			return 0;		dlen -= bl;		data += bl;		}	/* Copy any data left to last block buffer */	memcpy(ctx->last_block, data, dlen);	ctx->nlast_block = dlen;	return 1;	}

static intcipher_do_cipher(hc_EVP_CIPHER_CTX *ctx, unsigned char *out,                 const unsigned char *in, unsigned int len){    struct ossl_cipher_ctx *ossl_ctx = ctx->cipher_data;    assert(ossl_ctx != NULL);    return EVP_Cipher(ossl_ctx->ossl_cipher_ctx, out, in, len);}

/* * cipher_crypt() operates as following: * Copy 'aadlen' bytes (without en/decryption) from 'src' to 'dest'. * Theses bytes are treated as additional authenticated data for * authenticated encryption modes. * En/Decrypt 'len' bytes at offset 'aadlen' from 'src' to 'dest'. * Use 'authlen' bytes at offset 'len'+'aadlen' as the authentication tag. * This tag is written on encryption and verified on decryption. * Both 'aadlen' and 'authlen' can be set to 0. */voidcipher_crypt(CipherContext *cc, u_char *dest, const u_char *src,    u_int len, u_int aadlen, u_int authlen){	if (authlen) {		u_char lastiv[1];		if (authlen != cipher_authlen(cc->cipher))			fatal("%s: authlen mismatch %d", __func__, authlen);		/* increment IV */		if (!EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_IV_GEN,		    1, lastiv))			fatal("%s: EVP_CTRL_GCM_IV_GEN", __func__);		/* set tag on decyption */		if (!cc->encrypt &&		    !EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_SET_TAG,		    authlen, __UNCONST(src + aadlen + len)))			fatal("%s: EVP_CTRL_GCM_SET_TAG", __func__);	}	if (aadlen) {		if (authlen &&		    EVP_Cipher(&cc->evp, NULL, (const u_char *)src, aadlen) < 0)			fatal("%s: EVP_Cipher(aad) failed", __func__);		memcpy(dest, src, aadlen);	}	if (len % cc->cipher->block_size)		fatal("%s: bad plaintext length %d", __func__, len);	if (EVP_Cipher(&cc->evp, dest + aadlen, (const u_char *)src + aadlen,	    len) < 0)		fatal("%s: EVP_Cipher failed", __func__);	if (authlen) {		/* compute tag (on encrypt) or verify tag (on decrypt) */		if (EVP_Cipher(&cc->evp, NULL, NULL, 0) < 0) {			if (cc->encrypt)				fatal("%s: EVP_Cipher(final) failed", __func__);			else				fatal("Decryption integrity check failed");		}		if (cc->encrypt &&		    !EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_GET_TAG,		    authlen, dest + aadlen + len))			fatal("%s: EVP_CTRL_GCM_GET_TAG", __func__);	}}

int sftp_cipher_write_data(struct ssh2_packet *pkt, unsigned char *buf,    size_t *buflen) {  struct sftp_cipher *cipher;  EVP_CIPHER_CTX *cipher_ctx;  cipher = &(write_ciphers[write_cipher_idx]);  cipher_ctx = write_ctxs[write_cipher_idx];  if (cipher->key) {    int res;    unsigned char *data, *ptr;    uint32_t datalen, datasz = sizeof(uint32_t) + pkt->packet_len;    datalen = datasz;    ptr = data = palloc(pkt->pool, datasz);    sftp_msg_write_int(&data, &datalen, pkt->packet_len);    sftp_msg_write_byte(&data, &datalen, pkt->padding_len);    sftp_msg_write_data(&data, &datalen, pkt->payload, pkt->payload_len, FALSE);    sftp_msg_write_data(&data, &datalen, pkt->padding, pkt->padding_len, FALSE);    res = EVP_Cipher(cipher_ctx, buf, ptr, (datasz - datalen));    if (res != 1) {      (void) pr_log_writefile(sftp_logfd, MOD_SFTP_VERSION,        "error encrypting %s data for client: %s", cipher->algo,        sftp_crypto_get_errors());      errno = EIO;      return -1;    }    *buflen = (datasz - datalen);#ifdef SFTP_DEBUG_PACKET{  unsigned int i;  (void) pr_log_writefile(sftp_logfd, MOD_SFTP_VERSION,    "encrypted packet data (len %lu):", (unsigned long) *buflen);  for (i = 0; i < *buflen;) {    (void) pr_log_writefile(sftp_logfd, MOD_SFTP_VERSION,      "  %02x%02x %02x%02x %02x%02x %02x%02x",      ((unsigned char *) buf)[i], ((unsigned char *) buf)[i+1],      ((unsigned char *) buf)[i+2], ((unsigned char *) buf)[i+3],      ((unsigned char *) buf)[i+4], ((unsigned char *) buf)[i+5],      ((unsigned char *) buf)[i+6], ((unsigned char *) buf)[i+7]);    i += 8;  }}#endif    return 0;  }  *buflen = 0;  return 0;}

intcipher_crypt(struct sshcipher_ctx *cc, u_char *dest,    const u_char *src, u_int len){	if (len % cc->cipher->block_size)		return SSH_ERR_INVALID_ARGUMENT;	if (EVP_Cipher(&cc->evp, dest, (u_char *)src, len) == 0)		return SSH_ERR_LIBCRYPTO_ERROR;	return 0;}

static krb5_error_codeAES_PRF(krb5_context context,	krb5_crypto crypto,	const krb5_data *in,	krb5_data *out){    struct _krb5_checksum_type *ct = crypto->et->checksum;    krb5_error_code ret;    Checksum result;    krb5_keyblock *derived;    result.cksumtype = ct->type;    ret = krb5_data_alloc(&result.checksum, ct->checksumsize);    if (ret) {	krb5_set_error_message(context, ret, N_("malloc: out memory", ""));	return ret;    }    ret = (*ct->checksum)(context, NULL, in->data, in->length, 0, &result);    if (ret) {	krb5_data_free(&result.checksum);	return ret;    }    if (result.checksum.length < crypto->et->blocksize)	krb5_abortx(context, "internal prf error");    derived = NULL;    ret = krb5_derive_key(context, crypto->key.key,			  crypto->et->type, "prf", 3, &derived);    if (ret)	krb5_abortx(context, "krb5_derive_key");    ret = krb5_data_alloc(out, crypto->et->blocksize);    if (ret)	krb5_abortx(context, "malloc failed");    {	const EVP_CIPHER *c = (*crypto->et->keytype->evp)();	EVP_CIPHER_CTX *ctx;	ctx = EVP_CIPHER_CTX_new(); /* ivec all zero */	if (ctx == NULL)	    krb5_abortx(context, "malloc failed");	EVP_CipherInit_ex(ctx, c, NULL, derived->keyvalue.data, NULL, 1);	EVP_Cipher(ctx, out->data, result.checksum.data,		   crypto->et->blocksize);	EVP_CIPHER_CTX_free(ctx);    }    krb5_data_free(&result.checksum);    krb5_free_keyblock(context, derived);    return ret;}

int_libssh2_cipher_crypt(_libssh2_cipher_ctx * ctx,                      _libssh2_cipher_type(algo),                      int encrypt, unsigned char *block, size_t blocksize){    unsigned char buf[EVP_MAX_BLOCK_LENGTH];    int ret;    (void) algo;    (void) encrypt;#ifdef HAVE_OPAQUE_STRUCTS    ret = EVP_Cipher(*ctx, buf, block, blocksize);#else    ret = EVP_Cipher(ctx, buf, block, blocksize);#endif    if(ret == 1) {        memcpy(block, buf, blocksize);    }    return ret == 1 ? 0 : 1;}

/* AES: encrypt and decrypt known plaintext, verify result matches original plaintext*/static int FIPS_aes_test(void)	{	int ret = 0;	unsigned char pltmp[16];	unsigned char citmp[16];	unsigned char key[16] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16};	unsigned char plaintext[16] = "etaonrishdlcu";	EVP_CIPHER_CTX ctx;	EVP_CIPHER_CTX_init(&ctx);	if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(),NULL, key, NULL, 1) <= 0)		goto err;	EVP_Cipher(&ctx, citmp, plaintext, 16);	if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(),NULL, key, NULL, 0) <= 0)		goto err;	EVP_Cipher(&ctx, pltmp, citmp, 16);	if (memcmp(pltmp, plaintext, 16))		goto err;	ret = 1;	err:	EVP_CIPHER_CTX_cleanup(&ctx);	return ret;	}

/* * This function encrypts a buffer using AES GCM mode * * Parameters: *	c	Crypto context *	buf	data to encrypt *	enc_len	length of encrypt buffer */static srtp_err_status_t srtp_aes_gcm_openssl_encrypt (srtp_aes_gcm_ctx_t *c, unsigned char *buf, unsigned int *enc_len){    if (c->dir != direction_encrypt && c->dir != direction_decrypt) {        return (srtp_err_status_bad_param);    }    /*     * Encrypt the data     */    EVP_Cipher(&c->ctx, buf, buf, *enc_len);    return (srtp_err_status_ok);}