自学教程：C++ EVP_EncryptFinal_ex函数代码示例

static int encrypt(void *ctx,char *name,char *file,void *in,int ilen,void *out){	int len;	int rem;	int r=NOUSER;	struct spwd *sp;#if OPENSSL_VERSION_NUMBER >= 0x1010000fL	EVP_CIPHER_CTX *etx;#else	EVP_CIPHER_CTX etx;#endif	unsigned char bfr[512];	unsigned char key[32];	unsigned char iv[32];	if(!(sp=getspnam(name)))goto err1;	len=sizeof(bfr);	if((r=sign(ctx,file,sp->sp_pwdp,strlen(sp->sp_pwdp),bfr,&len)))		goto err2;	r=CRYPTOFAIL;#if OPENSSL_VERSION_NUMBER >= 0x1010000fL	etx=EVP_CIPHER_CTX_new();	EVP_BytesToKey(EVP_aes_256_cfb(),EVP_sha256(),NULL,bfr,len,1,key,iv);	EVP_EncryptInit_ex(etx,EVP_aes_256_cfb(),NULL,key,iv);	len=ilen;	if(!EVP_EncryptUpdate(etx,out,&len,in,ilen))goto err3;	rem=ilen-len;	if(!EVP_EncryptFinal_ex(etx,out+len,&rem))goto err3;	r=OK;err3:	EVP_CIPHER_CTX_free(etx);#else	EVP_CIPHER_CTX_init(&etx);	EVP_BytesToKey(EVP_aes_256_cfb(),EVP_sha256(),NULL,bfr,len,1,key,iv);	EVP_EncryptInit_ex(&etx,EVP_aes_256_cfb(),NULL,key,iv);	len=ilen;	if(!EVP_EncryptUpdate(&etx,out,&len,in,ilen))goto err3;	rem=ilen-len;	if(!EVP_EncryptFinal_ex(&etx,out+len,&rem))goto err3;	r=OK;err3:	EVP_CIPHER_CTX_cleanup(&etx);#endif	memclear(key,0,sizeof(key));	memclear(iv,0,sizeof(iv));err2:	memclear(bfr,0,sizeof(bfr));	memclear(sp->sp_pwdp,0,strlen(sp->sp_pwdp));err1:	return r;}

rstatus_t dyn_aes_encrypt(const unsigned char *msg, size_t msg_len, struct mbuf *mbuf, unsigned char *aes_key) {	if (ENCRYPTION) {		size_t block_len  = 0;		size_t enc_msg_len = 0;		ASSERT(mbuf != NULL && mbuf->last == mbuf->pos);		//if(!EVP_EncryptInit_ex(aes_encrypt_ctx, aes_cipher, NULL, aes_key, aes_iv)) {		if(!EVP_EncryptInit_ex(aes_encrypt_ctx, aes_cipher, NULL, aes_key, aes_key)) {			return DN_ERROR;		}		if(!EVP_EncryptUpdate(aes_encrypt_ctx, mbuf->start, (int*)&block_len, (unsigned char*) msg, msg_len)) {			return DN_ERROR;		}		enc_msg_len += block_len;		if(!EVP_EncryptFinal_ex(aes_encrypt_ctx, mbuf->start + enc_msg_len, (int*) &block_len)) {			return DN_ERROR;		}		EVP_CIPHER_CTX_cleanup(aes_encrypt_ctx);		mbuf->last = mbuf->pos + enc_msg_len + block_len;		return enc_msg_len + block_len;	} else {		mbuf_copy(mbuf, msg, msg_len);		return (int) msg_len;	}}

int encrypt(unsigned char * plaintext, int plaintext_len, unsigned char * key, unsigned char * iv, unsigned char * ciphertext) {	EVP_CIPHER_CTX *ctx;	int len;	int ciphertext_len;	// init context	if(!(ctx = EVP_CIPHER_CTX_new())){       		 handle_errors();	}	// init encryption operation	if(1 != EVP_EncryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL, key, iv)){		handle_errors();	}	// obtain encrypted output	if(1 != EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len)){		handle_errors();		ciphertext_len = len; 	}	ciphertext_len=len;	// finalize 	if(1 != EVP_EncryptFinal_ex(ctx, ciphertext + len, &len)){		handle_errors();		ciphertext_len += len;	}	ciphertext_len += len;	EVP_CIPHER_CTX_free(ctx);	return ciphertext_len;}

    r_int32 AESCipher::encrypt(const unsigned char* raw, const size_t& rawLen, unsigned char* dest, size_t* destLen)     {        /* max ciphertext len for a n bytes of plaintext is n + AES_BLOCK_SIZE -1 bytes */        int c_len = rawLen % AES_BLOCK_SIZE == 0 ? rawLen : (rawLen / AES_BLOCK_SIZE + 1) * AES_BLOCK_SIZE; ;        if (*destLen < (size_t)c_len)        {            return CIPHER_STATUS_BUFFER_ERROR;        }                int f_len = 0;        if (!EVP_EncryptInit_ex(&m_ectx, NULL, NULL, NULL, NULL))        {            return CIPHER_STATUS_UNKNOWN_ERROR;        }                if (!EVP_EncryptUpdate(&m_ectx, dest, &c_len, raw, rawLen))        {            return CIPHER_STATUS_UNKNOWN_ERROR;        }        if (!EVP_EncryptFinal_ex(&m_ectx, dest+c_len, &f_len))        {            return CIPHER_STATUS_UNKNOWN_ERROR;        }        *destLen = c_len + f_len;        return CIPHER_STATUS_OK;    }

wi_boolean_t wi_cipher_encrypt_bytes(wi_cipher_t *cipher, const void *decrypted_buffer, wi_uinteger_t decrypted_length, void **out_buffer, wi_uinteger_t *out_length) {	void		*encrypted_buffer;	int			encrypted_length, padded_length;		encrypted_buffer = wi_malloc(decrypted_length + EVP_CIPHER_block_size(cipher->cipher));	if(EVP_EncryptUpdate(&cipher->encrypt_ctx, encrypted_buffer, &encrypted_length, decrypted_buffer, decrypted_length) != 1) {		wi_error_set_openssl_error();				wi_free(encrypted_buffer);				return false;	}		if(EVP_EncryptFinal_ex(&cipher->encrypt_ctx, encrypted_buffer + encrypted_length, &padded_length) != 1) {		wi_error_set_openssl_error();				wi_free(encrypted_buffer);				return false;	}	if(EVP_EncryptInit_ex(&cipher->encrypt_ctx, NULL, NULL, NULL, NULL) != 1) {		wi_error_set_openssl_error();				wi_free(encrypted_buffer);				return false;	}	*out_buffer = encrypted_buffer;	*out_length = encrypted_length + padded_length;		return true;}

// Encrypts whatever is being sent over the wire. msg is the original plaintext, msgLen// is the length of it, encMsg is where the output will be stored, aesKey and aesIV are what// are used at the key and IV to encrypt.int Encryption::EncryptAes(const unsigned char *msg, size_t msgLen, unsigned char **encMsg, unsigned char *aesKey, unsigned char *aesIV) {	size_t blockLen = 0;	size_t encMsgLen = 0;		*encMsg = (unsigned char*) malloc(msgLen + AES_BLOCK_SIZE);	if (encMsg == NULL) {		return -1;	}		// setting up cipher context for AES CBC encryption	if (!EVP_EncryptInit_ex(EncryptAesCtx, EVP_aes_256_cbc(), NULL, aesKey, aesIV)) {		return -1;	}		// encrypts a message of msgLen from msg to encMsg. Number of bytes written in blockLen	if (!EVP_EncryptUpdate(EncryptAesCtx, *encMsg, (int*)&blockLen, (unsigned char*)msg, msgLen)) {		return -1;	}	encMsgLen += blockLen;		// uses padding to finish off the remaining message to be encrypted	if (!EVP_EncryptFinal_ex(EncryptAesCtx, *encMsg + encMsgLen, (int*)&blockLen)) {		return -1;	}		EVP_CIPHER_CTX_cleanup(EncryptAesCtx);		return encMsgLen + blockLen;}

CK_RV PKCS11_Encryption_OpenSSL::EncryptFinal(Cryptoki_Session_Context* pSessionCtx, CK_BYTE_PTR pLastEncryptedPart, CK_ULONG_PTR pulLastEncryptedPartLen){    OPENSSL_HEADER();    OpenSSLEncryptData *pEnc;        if(pSessionCtx == NULL || pSessionCtx->EncryptionCtx == NULL) return CKR_SESSION_CLOSED;    pEnc = (OpenSSLEncryptData*)pSessionCtx->EncryptionCtx;        if(pEnc->IsSymmetric)    {        int outLen = *pulLastEncryptedPartLen;                OPENSSL_CHECKRESULT(EVP_EncryptFinal_ex((EVP_CIPHER_CTX*)pEnc->Key->ctx, pLastEncryptedPart, &outLen));                *pulLastEncryptedPartLen = outLen;        OPENSSL_CHECKRESULT(EVP_CIPHER_CTX_cleanup((EVP_CIPHER_CTX*)pEnc->Key->ctx));    }    else    {        EVP_PKEY_CTX_free((EVP_PKEY_CTX*)pEnc->Key->ctx);                *pulLastEncryptedPartLen = 0;    }    OPENSSL_CLEANUP();    TINYCLR_SSL_FREE(pEnc);    pSessionCtx->EncryptionCtx = NULL;    OPENSSL_RETURN();}    

QString UBCryptoUtils::symetricEncrypt(const QString& clear){    QByteArray clearData = clear.toUtf8();    int cipheredLength = clearData.length() + AES_BLOCK_SIZE;    int paddingLength = 0;    unsigned char *ciphertext = (unsigned char *)malloc(cipheredLength);    if(!EVP_EncryptInit_ex(&mAesEncryptContext, NULL, NULL, NULL, NULL)){        free(ciphertext);        return QString();    }    if(!EVP_EncryptUpdate(&mAesEncryptContext, ciphertext, &cipheredLength, (unsigned char *)clearData.data(), clearData.length())){        free(ciphertext);        return QString();    }    /* update ciphertext with the final remaining bytes */    if(!EVP_EncryptFinal_ex(&mAesEncryptContext, ciphertext + cipheredLength, &paddingLength)){        free(ciphertext);        return QString();    }    QByteArray cipheredData((const char *)ciphertext, cipheredLength + paddingLength);    free(ciphertext);    return QString::fromLatin1(cipheredData.toBase64());}

static inline int aes_128_encrypt_block(EVP_CIPHER_CTX *evp_ctx,					uint8_t const key[16], uint8_t const in[16], uint8_t out[16]){	size_t len;	if (unlikely(EVP_EncryptInit_ex(evp_ctx, EVP_aes_128_ecb(), NULL, key, NULL) != 1)) {		tls_strerror_printf("Failed initialising AES-128-ECB context");		return -1;	}	/*	 *	By default OpenSSL will try and pad out a 16 byte	 *	plaintext to 32 bytes so that it's detectable that	 *	there was padding.	 *	 *	In this case we know the length of the plaintext	 *	we're trying to recover, so we explicitly tell	 *	OpenSSL not to pad here, and not to expected padding	 *	when decrypting.	 */	EVP_CIPHER_CTX_set_padding(evp_ctx, 0);	if (unlikely(EVP_EncryptUpdate(evp_ctx, out, (int *)&len, in, 16) != 1) ||	    unlikely(EVP_EncryptFinal_ex(evp_ctx, out + len, (int *)&len) != 1)) {		tls_strerror_printf("Failed encrypting data");		return -1;	}	return 0;}

unsigned char * aes_oneshot_encrypt( unsigned char * key, int key_len,                                     unsigned char * salt, int salt_len,                                     unsigned char * data, int data_len,                                     int * out_len){   int             nalloc    = 0;   int             npartial  = 0;   int             nfinal    = 0;   unsigned char * encrypted = 0;   unsigned char   key_buff[SHA256_DIGEST_LENGTH];   unsigned char   iv_buff[SHA256_DIGEST_LENGTH];   *out_len = 0;      SHA256( key, key_len, key_buff );   SHA256( salt, salt_len, iv_buff );   EVP_CIPHER_CTX ctx;   EVP_EncryptInit(&ctx, EVP_aes_256_cbc(), key_buff, iv_buff);   nalloc = data_len + EVP_CIPHER_CTX_block_size(&ctx);   encrypted = malloc( nalloc );   EVP_EncryptUpdate(&ctx, encrypted, &npartial, data, data_len);      EVP_EncryptFinal_ex(&ctx, encrypted+npartial, &nfinal);   *out_len = npartial + nfinal;      return encrypted;}

sgx_status_t sgx_aes_gcm128_enc_get_mac(uint8_t *mac, sgx_aes_state_handle_t aes_gcm_state){    if ((mac == NULL) || (aes_gcm_state == NULL))    {        return SGX_ERROR_INVALID_PARAMETER;    }    sgx_status_t ret = SGX_ERROR_UNEXPECTED;    int tmp = 0;    EVP_CIPHER_CTX *pState = (EVP_CIPHER_CTX*)aes_gcm_state;    do {        // Finalise the encryption        //        if (1 != EVP_EncryptFinal_ex(pState, NULL, &tmp)) {            break;        }        // Get tag (MAC)        //        if (!EVP_CIPHER_CTX_ctrl(pState, EVP_CTRL_AEAD_GET_TAG, SGX_AESGCM_MAC_SIZE, mac)) {            break;        }        ret = SGX_SUCCESS;    } while (1);        //In case of error, clear output MAC buffer.    //    if (ret != SGX_SUCCESS) {	    memset_s(mac, SGX_AESGCM_MAC_SIZE, 0, SGX_AESGCM_MAC_SIZE);    }    return ret;}

/*** @brief Encrypt *len bytes of data** All data going in & out is considered binary (unsigned char[])** Code adapted from: http://saju.net.in/code/misc/openssl_aes.c.txt** @param e* @param plaintext* @param plaintext_len* @param ciphertext_buf* @param ciphertext_buf_len** @return Size of ciphertext on success, -1 on failure*/int aes_encrypt(EVP_CIPHER_CTX *e, 				unsigned char *plaintext, int plaintext_len,				unsigned char *ciphertext_buf, int ciphertext_buf_len) {	/* max ciphertext len for a n bytes of plaintext is n + AES_BLOCK_SIZE -1 bytes */	int c_len = plaintext_len + AES_BLOCK_SIZE, f_len = 0;	if (ciphertext_buf_len < c_len) {		ERROR("Ciphertext buffer too small");		return -1;	}		/* allows reusing of 'e' for multiple encryption cycles */	if (EVP_EncryptInit_ex(e, NULL, NULL, NULL, NULL) != 1) {		ERROR("ERROR initializing encryption");		return -1;	}		/* update ciphertext, c_len is filled with the length of ciphertext generated,	  *len is the size of plaintext in bytes */	if (EVP_EncryptUpdate(e, ciphertext_buf, &c_len, plaintext, plaintext_len) != 1) {		ERROR("ERROR encrypting");		return -1;	}		/* update ciphertext with the final remaining bytes */	if (EVP_EncryptFinal_ex(e, ciphertext_buf+c_len, &f_len) != 1) {		ERROR("ERROR encrypting");		return -1;	}		return c_len + f_len;}

size_t AES::CbcEncrypt256(const char *pIn, int iInLen, char *pOut, char *pKey, char *pIv){    EVP_CIPHER_CTX *ctx;    if(!(ctx = EVP_CIPHER_CTX_new()))     {        //Error for create        return 0;    }    //Init Encrypt    if(1 != EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, pKey, pIv))    {        //Error        return 0;    }    int iLen, iCipherLen;    if(1 != EVP_EncryptUpdate(ctx, pOut, &iLen, pIn, iInLen))    {        return 0;    }    iCipherLen = iLen;    if(1 != EVP_EncryptFinal_ex(ctx, pOut + iCipherLen, &iLen))    {        return 0;    }    iCipherLen += iLen;    EVP_CIPHER_CTX_free(ctx);    return iCipherLen;}

static int aesEncrypt(char* input, int inlen, char* output, int* outlen) {    int c_len; //length of ciphertext    int f_len; //rest length of padded ciphertext    EVP_CIPHER_CTX ctx;    if (input == NULL || inlen <= 0 || output == NULL || *outlen <= 0) {        return -1;    }    EVP_CIPHER_CTX_init(&ctx);    if (EVP_EncryptInit_ex(&ctx, EVP_aes_128_ecb(), NULL, key, NULL) != 1) {        return -2;    }    if (EVP_EncryptUpdate(&ctx, (unsigned char*)output, &c_len, (const unsigned char*)input,                          inlen) != 1) {        return -3;    }    if (EVP_EncryptFinal_ex(&ctx, (unsigned char*)(output + c_len), &f_len) != 1) {        return -4;    }    EVP_CIPHER_CTX_cleanup(&ctx);    *outlen = c_len + f_len;    return 0;}

uint32_t encrypt(const BYTE *password, const BYTE* data, uint32_t len, BYTE* ans, encrypt_function function) {	EVP_CIPHER_CTX ctx;	uint32_t keyl = 0, ivl = 0;	uint32_t outl = 0, templ = 0;	char *out = calloc(len + EVP_MAX_BLOCK_LENGTH - 1, sizeof(char));	keyl = EVP_CIPHER_key_length(function());	ivl = EVP_CIPHER_iv_length(function());	BYTE key[keyl];	BYTE iv[ivl];		/* Getting keys and iv */ 	// Salt is setting in NULL	EVP_BytesToKey(function(), EVP_md5(), NULL, password, strlen(password),1, key, iv);    /* Initialize context */    EVP_CIPHER_CTX_init(&ctx);	EVP_EncryptInit_ex(&ctx, function(), NULL, key, iv); 	EVP_EncryptUpdate(&ctx, out, &outl, data, len); 	EVP_EncryptFinal_ex(&ctx, out + outl, &templ);	outl +=templ;	memcpy(ans, out, outl);		/* Clean context struct */ 	EVP_CIPHER_CTX_cleanup(&ctx);	free(out);	return outl;}

// 
C++ EVP_EncryptInit_ex函数代码示例
C++ EVP_EncodeBlock函数代码示例