1// Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// https://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15#include <openssl/cipher.h> 16 17#include <assert.h> 18#include <limits.h> 19#include <string.h> 20 21#include <openssl/err.h> 22#include <openssl/mem.h> 23#include <openssl/nid.h> 24 25#include "../../internal.h" 26#include "../service_indicator/internal.h" 27#include "internal.h" 28 29 30void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) { 31 OPENSSL_memset(ctx, 0, sizeof(EVP_CIPHER_CTX)); 32} 33 34EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) { 35 EVP_CIPHER_CTX *ctx = reinterpret_cast<EVP_CIPHER_CTX *>( 36 OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))); 37 if (ctx) { 38 EVP_CIPHER_CTX_init(ctx); 39 } 40 return ctx; 41} 42 43int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) { 44 if (c->cipher != NULL && c->cipher->cleanup) { 45 c->cipher->cleanup(c); 46 } 47 OPENSSL_free(c->cipher_data); 48 49 OPENSSL_memset(c, 0, sizeof(EVP_CIPHER_CTX)); 50 return 1; 51} 52 53void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) { 54 if (ctx) { 55 EVP_CIPHER_CTX_cleanup(ctx); 56 OPENSSL_free(ctx); 57 } 58} 59 60int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) { 61 if (in == NULL || in->cipher == NULL) { 62 OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INPUT_NOT_INITIALIZED); 63 return 0; 64 } 65 66 if (in->poisoned) { 67 OPENSSL_PUT_ERROR(CIPHER, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 68 return 0; 69 } 70 71 EVP_CIPHER_CTX_cleanup(out); 72 OPENSSL_memcpy(out, in, sizeof(EVP_CIPHER_CTX)); 73 74 if (in->cipher_data && in->cipher->ctx_size) { 75 out->cipher_data = OPENSSL_memdup(in->cipher_data, in->cipher->ctx_size); 76 if (!out->cipher_data) { 77 out->cipher = NULL; 78 return 0; 79 } 80 } 81 82 if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY) { 83 if (!in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out)) { 84 out->cipher = NULL; 85 return 0; 86 } 87 } 88 89 return 1; 90} 91 92int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx) { 93 EVP_CIPHER_CTX_cleanup(ctx); 94 EVP_CIPHER_CTX_init(ctx); 95 return 1; 96} 97 98int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, 99 ENGINE *engine, const uint8_t *key, const uint8_t *iv, 100 int enc) { 101 if (enc == -1) { 102 enc = ctx->encrypt; 103 } else { 104 if (enc) { 105 enc = 1; 106 } 107 ctx->encrypt = enc; 108 } 109 110 if (cipher) { 111 // Ensure a context left from last time is cleared (the previous check 112 // attempted to avoid this if the same ENGINE and EVP_CIPHER could be 113 // used). 114 if (ctx->cipher) { 115 EVP_CIPHER_CTX_cleanup(ctx); 116 // Restore encrypt and flags 117 ctx->encrypt = enc; 118 } 119 120 ctx->cipher = cipher; 121 if (ctx->cipher->ctx_size) { 122 ctx->cipher_data = OPENSSL_malloc(ctx->cipher->ctx_size); 123 if (!ctx->cipher_data) { 124 ctx->cipher = NULL; 125 return 0; 126 } 127 } else { 128 ctx->cipher_data = NULL; 129 } 130 131 ctx->key_len = cipher->key_len; 132 ctx->flags = 0; 133 134 if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) { 135 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) { 136 ctx->cipher = NULL; 137 OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INITIALIZATION_ERROR); 138 return 0; 139 } 140 } 141 } else if (!ctx->cipher) { 142 OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_NO_CIPHER_SET); 143 return 0; 144 } 145 146 // we assume block size is a power of 2 in *cryptUpdate 147 assert(ctx->cipher->block_size == 1 || ctx->cipher->block_size == 8 || 148 ctx->cipher->block_size == 16); 149 150 if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) { 151 switch (EVP_CIPHER_CTX_mode(ctx)) { 152 case EVP_CIPH_STREAM_CIPHER: 153 case EVP_CIPH_ECB_MODE: 154 break; 155 156 case EVP_CIPH_CFB_MODE: 157 ctx->num = 0; 158 [[fallthrough]]; 159 160 case EVP_CIPH_CBC_MODE: 161 assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof(ctx->iv)); 162 if (iv) { 163 OPENSSL_memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); 164 } 165 OPENSSL_memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); 166 break; 167 168 case EVP_CIPH_CTR_MODE: 169 case EVP_CIPH_OFB_MODE: 170 ctx->num = 0; 171 // Don't reuse IV for CTR mode 172 if (iv) { 173 OPENSSL_memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx)); 174 } 175 break; 176 177 default: 178 return 0; 179 } 180 } 181 182 if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { 183 if (!ctx->cipher->init(ctx, key, iv, enc)) { 184 return 0; 185 } 186 } 187 188 ctx->buf_len = 0; 189 ctx->final_used = 0; 190 // Clear the poisoned flag to permit re-use of a CTX that previously had a 191 // failed operation. 192 ctx->poisoned = 0; 193 return 1; 194} 195 196int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, 197 ENGINE *impl, const uint8_t *key, const uint8_t *iv) { 198 return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1); 199} 200 201int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, 202 ENGINE *impl, const uint8_t *key, const uint8_t *iv) { 203 return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0); 204} 205 206// block_remainder returns the number of bytes to remove from |len| to get a 207// multiple of |ctx|'s block size. 208static int block_remainder(const EVP_CIPHER_CTX *ctx, int len) { 209 // |block_size| must be a power of two. 210 assert(ctx->cipher->block_size != 0); 211 assert((ctx->cipher->block_size & (ctx->cipher->block_size - 1)) == 0); 212 return len & (ctx->cipher->block_size - 1); 213} 214 215int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len, 216 const uint8_t *in, int in_len) { 217 if (ctx->poisoned) { 218 OPENSSL_PUT_ERROR(CIPHER, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 219 return 0; 220 } 221 // If the first call to |cipher| succeeds and the second fails, |ctx| may be 222 // left in an indeterminate state. We set a poison flag on failure to ensure 223 // callers do not continue to use the object in that case. 224 ctx->poisoned = 1; 225 226 // Ciphers that use blocks may write up to |bl| extra bytes. Ensure the output 227 // does not overflow |*out_len|. 228 int bl = ctx->cipher->block_size; 229 if (bl > 1 && in_len > INT_MAX - bl) { 230 OPENSSL_PUT_ERROR(CIPHER, ERR_R_OVERFLOW); 231 return 0; 232 } 233 234 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { 235 int ret = ctx->cipher->cipher(ctx, out, in, in_len); 236 if (ret < 0) { 237 return 0; 238 } else { 239 *out_len = ret; 240 } 241 ctx->poisoned = 0; 242 return 1; 243 } 244 245 if (in_len <= 0) { 246 *out_len = 0; 247 if (in_len == 0) { 248 ctx->poisoned = 0; 249 return 1; 250 } 251 return 0; 252 } 253 254 if (ctx->buf_len == 0 && block_remainder(ctx, in_len) == 0) { 255 if (ctx->cipher->cipher(ctx, out, in, in_len)) { 256 *out_len = in_len; 257 ctx->poisoned = 0; 258 return 1; 259 } else { 260 *out_len = 0; 261 return 0; 262 } 263 } 264 265 int i = ctx->buf_len; 266 assert(bl <= (int)sizeof(ctx->buf)); 267 if (i != 0) { 268 if (bl - i > in_len) { 269 OPENSSL_memcpy(&ctx->buf[i], in, in_len); 270 ctx->buf_len += in_len; 271 *out_len = 0; 272 ctx->poisoned = 0; 273 return 1; 274 } else { 275 int j = bl - i; 276 OPENSSL_memcpy(&ctx->buf[i], in, j); 277 if (!ctx->cipher->cipher(ctx, out, ctx->buf, bl)) { 278 return 0; 279 } 280 in_len -= j; 281 in += j; 282 out += bl; 283 *out_len = bl; 284 } 285 } else { 286 *out_len = 0; 287 } 288 289 i = block_remainder(ctx, in_len); 290 in_len -= i; 291 if (in_len > 0) { 292 if (!ctx->cipher->cipher(ctx, out, in, in_len)) { 293 return 0; 294 } 295 *out_len += in_len; 296 } 297 298 if (i != 0) { 299 OPENSSL_memcpy(ctx->buf, &in[in_len], i); 300 } 301 ctx->buf_len = i; 302 ctx->poisoned = 0; 303 return 1; 304} 305 306int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len) { 307 int n; 308 unsigned int i, b, bl; 309 310 if (ctx->poisoned) { 311 OPENSSL_PUT_ERROR(CIPHER, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 312 return 0; 313 } 314 315 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { 316 // When EVP_CIPH_FLAG_CUSTOM_CIPHER is set, the return value of |cipher| is 317 // the number of bytes written, or -1 on error. Otherwise the return value 318 // is one on success and zero on error. 319 const int num_bytes = ctx->cipher->cipher(ctx, out, NULL, 0); 320 if (num_bytes < 0) { 321 return 0; 322 } 323 *out_len = num_bytes; 324 goto out; 325 } 326 327 b = ctx->cipher->block_size; 328 assert(b <= sizeof(ctx->buf)); 329 if (b == 1) { 330 *out_len = 0; 331 goto out; 332 } 333 334 bl = ctx->buf_len; 335 if (ctx->flags & EVP_CIPH_NO_PADDING) { 336 if (bl) { 337 OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); 338 return 0; 339 } 340 *out_len = 0; 341 goto out; 342 } 343 344 n = b - bl; 345 for (i = bl; i < b; i++) { 346 ctx->buf[i] = n; 347 } 348 if (!ctx->cipher->cipher(ctx, out, ctx->buf, b)) { 349 return 0; 350 } 351 *out_len = b; 352 353out: 354 EVP_Cipher_verify_service_indicator(ctx); 355 return 1; 356} 357 358int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len, 359 const uint8_t *in, int in_len) { 360 if (ctx->poisoned) { 361 OPENSSL_PUT_ERROR(CIPHER, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 362 return 0; 363 } 364 365 // Ciphers that use blocks may write up to |bl| extra bytes. Ensure the output 366 // does not overflow |*out_len|. 367 unsigned int b = ctx->cipher->block_size; 368 if (b > 1 && in_len > INT_MAX - (int)b) { 369 OPENSSL_PUT_ERROR(CIPHER, ERR_R_OVERFLOW); 370 return 0; 371 } 372 373 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { 374 int r = ctx->cipher->cipher(ctx, out, in, in_len); 375 if (r < 0) { 376 *out_len = 0; 377 return 0; 378 } else { 379 *out_len = r; 380 } 381 return 1; 382 } 383 384 if (in_len <= 0) { 385 *out_len = 0; 386 return in_len == 0; 387 } 388 389 if (ctx->flags & EVP_CIPH_NO_PADDING) { 390 return EVP_EncryptUpdate(ctx, out, out_len, in, in_len); 391 } 392 393 assert(b <= sizeof(ctx->final)); 394 int fix_len = 0; 395 if (ctx->final_used) { 396 OPENSSL_memcpy(out, ctx->final, b); 397 out += b; 398 fix_len = 1; 399 } 400 401 if (!EVP_EncryptUpdate(ctx, out, out_len, in, in_len)) { 402 return 0; 403 } 404 405 // if we have 'decrypted' a multiple of block size, make sure 406 // we have a copy of this last block 407 if (b > 1 && !ctx->buf_len) { 408 *out_len -= b; 409 ctx->final_used = 1; 410 OPENSSL_memcpy(ctx->final, &out[*out_len], b); 411 } else { 412 ctx->final_used = 0; 413 } 414 415 if (fix_len) { 416 *out_len += b; 417 } 418 419 return 1; 420} 421 422int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len) { 423 int i, n; 424 unsigned int b; 425 *out_len = 0; 426 427 if (ctx->poisoned) { 428 OPENSSL_PUT_ERROR(CIPHER, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 429 return 0; 430 } 431 432 if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { 433 i = ctx->cipher->cipher(ctx, out, NULL, 0); 434 if (i < 0) { 435 return 0; 436 } else { 437 *out_len = i; 438 } 439 goto out; 440 } 441 442 b = ctx->cipher->block_size; 443 if (ctx->flags & EVP_CIPH_NO_PADDING) { 444 if (ctx->buf_len) { 445 OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); 446 return 0; 447 } 448 *out_len = 0; 449 goto out; 450 } 451 452 if (b > 1) { 453 if (ctx->buf_len || !ctx->final_used) { 454 OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_WRONG_FINAL_BLOCK_LENGTH); 455 return 0; 456 } 457 assert(b <= sizeof(ctx->final)); 458 459 // The following assumes that the ciphertext has been authenticated. 460 // Otherwise it provides a padding oracle. 461 n = ctx->final[b - 1]; 462 if (n == 0 || n > (int)b) { 463 OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); 464 return 0; 465 } 466 467 for (i = 0; i < n; i++) { 468 if (ctx->final[--b] != n) { 469 OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); 470 return 0; 471 } 472 } 473 474 n = ctx->cipher->block_size - n; 475 for (i = 0; i < n; i++) { 476 out[i] = ctx->final[i]; 477 } 478 *out_len = n; 479 } else { 480 *out_len = 0; 481 } 482 483out: 484 EVP_Cipher_verify_service_indicator(ctx); 485 return 1; 486} 487 488int EVP_Cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, 489 size_t in_len) { 490 const int ret = ctx->cipher->cipher(ctx, out, in, in_len); 491 492 // |EVP_CIPH_FLAG_CUSTOM_CIPHER| never sets the FIPS indicator via 493 // |EVP_Cipher| because it's complicated whether the operation has completed 494 // or not. E.g. AES-GCM with a non-NULL |in| argument hasn't completed an 495 // operation. Callers should use the |EVP_AEAD| API or, at least, 496 // |EVP_CipherUpdate| etc. 497 // 498 // This call can't be pushed into |EVP_Cipher_verify_service_indicator| 499 // because whether |ret| indicates success or not depends on whether 500 // |EVP_CIPH_FLAG_CUSTOM_CIPHER| is set. (This unreasonable, but matches 501 // OpenSSL.) 502 if (!(ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) && ret) { 503 EVP_Cipher_verify_service_indicator(ctx); 504 } 505 506 return ret; 507} 508 509int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len, 510 const uint8_t *in, int in_len) { 511 if (ctx->encrypt) { 512 return EVP_EncryptUpdate(ctx, out, out_len, in, in_len); 513 } else { 514 return EVP_DecryptUpdate(ctx, out, out_len, in, in_len); 515 } 516} 517 518int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len) { 519 if (ctx->encrypt) { 520 return EVP_EncryptFinal_ex(ctx, out, out_len); 521 } else { 522 return EVP_DecryptFinal_ex(ctx, out, out_len); 523 } 524} 525 526const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx) { 527 return ctx->cipher; 528} 529 530int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx) { return ctx->cipher->nid; } 531 532int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx) { 533 return ctx->encrypt; 534} 535 536unsigned EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx) { 537 return ctx->cipher->block_size; 538} 539 540unsigned EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx) { 541 return ctx->key_len; 542} 543 544unsigned EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) { 545 if (EVP_CIPHER_mode(ctx->cipher) == EVP_CIPH_GCM_MODE) { 546 int length; 547 int res = EVP_CIPHER_CTX_ctrl((EVP_CIPHER_CTX *)ctx, EVP_CTRL_GET_IVLEN, 0, 548 &length); 549 // EVP_CIPHER_CTX_ctrl returning an error should be impossible under this 550 // circumstance. If it somehow did, fallback to the static cipher iv_len. 551 if (res == 1) { 552 return length; 553 } 554 } 555 return ctx->cipher->iv_len; 556} 557 558void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx) { 559 return ctx->app_data; 560} 561 562void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data) { 563 ctx->app_data = data; 564} 565 566uint32_t EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx) { 567 return ctx->cipher->flags & ~EVP_CIPH_MODE_MASK; 568} 569 570uint32_t EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx) { 571 return ctx->cipher->flags & EVP_CIPH_MODE_MASK; 572} 573 574int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int command, int arg, void *ptr) { 575 int ret; 576 if (!ctx->cipher) { 577 OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_NO_CIPHER_SET); 578 return 0; 579 } 580 581 if (!ctx->cipher->ctrl) { 582 OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_CTRL_NOT_IMPLEMENTED); 583 return 0; 584 } 585 586 ret = ctx->cipher->ctrl(ctx, command, arg, ptr); 587 if (ret == -1) { 588 OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_CTRL_OPERATION_NOT_IMPLEMENTED); 589 return 0; 590 } 591 592 return ret; 593} 594 595int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad) { 596 if (pad) { 597 ctx->flags &= ~EVP_CIPH_NO_PADDING; 598 } else { 599 ctx->flags |= EVP_CIPH_NO_PADDING; 600 } 601 return 1; 602} 603 604int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, unsigned key_len) { 605 if (c->key_len == key_len) { 606 return 1; 607 } 608 609 if (key_len == 0 || !(c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) { 610 OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_KEY_LENGTH); 611 return 0; 612 } 613 614 c->key_len = key_len; 615 return 1; 616} 617 618int EVP_CIPHER_nid(const EVP_CIPHER *cipher) { return cipher->nid; } 619 620unsigned EVP_CIPHER_block_size(const EVP_CIPHER *cipher) { 621 return cipher->block_size; 622} 623 624unsigned EVP_CIPHER_key_length(const EVP_CIPHER *cipher) { 625 return cipher->key_len; 626} 627 628unsigned EVP_CIPHER_iv_length(const EVP_CIPHER *cipher) { 629 return cipher->iv_len; 630} 631 632uint32_t EVP_CIPHER_flags(const EVP_CIPHER *cipher) { 633 return cipher->flags & ~EVP_CIPH_MODE_MASK; 634} 635 636uint32_t EVP_CIPHER_mode(const EVP_CIPHER *cipher) { 637 return cipher->flags & EVP_CIPH_MODE_MASK; 638} 639 640int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, 641 const uint8_t *key, const uint8_t *iv, int enc) { 642 if (cipher) { 643 EVP_CIPHER_CTX_init(ctx); 644 } 645 return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc); 646} 647 648int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, 649 const uint8_t *key, const uint8_t *iv) { 650 return EVP_CipherInit(ctx, cipher, key, iv, 1); 651} 652 653int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, 654 const uint8_t *key, const uint8_t *iv) { 655 return EVP_CipherInit(ctx, cipher, key, iv, 0); 656} 657 658int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len) { 659 return EVP_CipherFinal_ex(ctx, out, out_len); 660} 661 662int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len) { 663 return EVP_EncryptFinal_ex(ctx, out, out_len); 664} 665 666int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len) { 667 return EVP_DecryptFinal_ex(ctx, out, out_len); 668} 669 670int EVP_add_cipher_alias(const char *a, const char *b) { return 1; } 671 672void EVP_CIPHER_CTX_set_flags(const EVP_CIPHER_CTX *ctx, uint32_t flags) {} 673