#include <string.h>
#include <array>
+#include <memory>
using namespace CKM;
return RawBuffer();
}
+typedef std::unique_ptr<EVP_CIPHER_CTX, decltype(&EVP_CIPHER_CTX_free)> CipherCtxPtr;
+
int encryptAes256Gcm(const unsigned char *plaintext,
int plaintext_len, const unsigned char *key, const unsigned char *iv,
unsigned char *ciphertext, unsigned char *tag)
{
- EVP_CIPHER_CTX *ctx;
int len;
int ciphertext_len = 0;
- if (!(ctx = EVP_CIPHER_CTX_new()))
+ CipherCtxPtr ctx(EVP_CIPHER_CTX_new(), EVP_CIPHER_CTX_free);
+ if (!ctx)
return OPENSSL_ENGINE_ERROR;
- if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL))
+ if (!EVP_EncryptInit_ex(ctx.get(), EVP_aes_256_gcm(), NULL, NULL, NULL))
return OPENSSL_ENGINE_ERROR;
- if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
+ if (!EVP_EncryptInit_ex(ctx.get(), NULL, NULL, key, iv))
return OPENSSL_ENGINE_ERROR;
- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL))
+ if (!EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL))
return OPENSSL_ENGINE_ERROR;
- if (!EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len))
+ if (!EVP_EncryptUpdate(ctx.get(), ciphertext, &len, plaintext, plaintext_len))
return OPENSSL_ENGINE_ERROR;
ciphertext_len = len;
- if (!EVP_EncryptFinal_ex(ctx, ciphertext + len, &len))
+ if (!EVP_EncryptFinal_ex(ctx.get(), ciphertext + len, &len))
return OPENSSL_ENGINE_ERROR;
ciphertext_len += len;
- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, MAX_IV_SIZE, tag))
+ if (!EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_GET_TAG, MAX_IV_SIZE, tag))
return OPENSSL_ENGINE_ERROR;
- EVP_CIPHER_CTX_free(ctx);
-
return ciphertext_len;
}
int ciphertext_len, unsigned char *tag, const unsigned char *key,
const unsigned char *iv, unsigned char *plaintext)
{
- EVP_CIPHER_CTX *ctx;
int len;
int plaintext_len;
int ret;
- if (!(ctx = EVP_CIPHER_CTX_new()))
+ CipherCtxPtr ctx(EVP_CIPHER_CTX_new(), EVP_CIPHER_CTX_free);
+ if (!ctx)
return OPENSSL_ENGINE_ERROR;
- if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL))
+ if (!EVP_DecryptInit_ex(ctx.get(), EVP_aes_256_gcm(), NULL, NULL, NULL))
return OPENSSL_ENGINE_ERROR;
- if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv))
+ if (!EVP_DecryptInit_ex(ctx.get(), NULL, NULL, key, iv))
return OPENSSL_ENGINE_ERROR;
- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL))
+ if (!EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL))
return OPENSSL_ENGINE_ERROR;
- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, MAX_IV_SIZE, tag))
+ if (!EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_SET_TAG, MAX_IV_SIZE, tag))
return OPENSSL_ENGINE_ERROR;
- if (!EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len))
+ if (!EVP_DecryptUpdate(ctx.get(), plaintext, &len, ciphertext, ciphertext_len))
return OPENSSL_ENGINE_ERROR;
plaintext_len = len;
- if (!(ret = EVP_DecryptFinal_ex(ctx, plaintext + len, &len)))
+ if (!(ret = EVP_DecryptFinal_ex(ctx.get(), plaintext + len, &len)))
return OPENSSL_ENGINE_ERROR;
- EVP_CIPHER_CTX_free(ctx);
-
if (ret > 0) {
plaintext_len += len;
return plaintext_len;