From d58931925bf2a0c19fb1f424d0e23e45db448f59 Mon Sep 17 00:00:00 2001 From: Zhi Guan Date: Thu, 1 Nov 2018 11:21:14 +0800 Subject: [PATCH] Update some demos --- demos/sdf/README.md | 14 +++ demos/sdf/sdf-dev.sh | 18 ++++ demos/sdf/sdf-sm1.sh | 16 +++ demos/sdf/sdf-sm2enc.sh | 21 ++++ demos/sdf/sdf-sm2sign.sh | 20 ++++ demos/sdf/sdf-sm3.sh | 3 + demos/sdf/sdf-sm4.sh | 14 +++ demos/sdf/sdf-ssf33.sh | 16 +++ demos/sdf/sdf-ssl-server.sh | 7 ++ demos/sdf/sdf-zuc.sh | 16 +++ demos/sdf/sdf.cnf | 16 +++ demos/sm2/Makefile | 28 +++-- demos/sm2/sm2-encrypt.c | 75 +++++++++++++ demos/sm2/{keygen.c => sm2-keygen.c} | 0 demos/sm2/sm2-sign.c | 65 +++++++++++ demos/sm4/Makefile | 3 + demos/sm4/sms4.c | 35 +++--- demos/sm4/sms4evp.c | 155 +++++++++++++++++++++++++++ 18 files changed, 492 insertions(+), 30 deletions(-) create mode 100644 demos/sdf/README.md create mode 100755 demos/sdf/sdf-dev.sh create mode 100755 demos/sdf/sdf-sm1.sh create mode 100755 demos/sdf/sdf-sm2enc.sh create mode 100755 demos/sdf/sdf-sm2sign.sh create mode 100755 demos/sdf/sdf-sm3.sh create mode 100755 demos/sdf/sdf-sm4.sh create mode 100755 demos/sdf/sdf-ssf33.sh create mode 100755 demos/sdf/sdf-ssl-server.sh create mode 100755 demos/sdf/sdf-zuc.sh create mode 100644 demos/sdf/sdf.cnf create mode 100644 demos/sm2/sm2-encrypt.c rename demos/sm2/{keygen.c => sm2-keygen.c} (100%) create mode 100644 demos/sm2/sm2-sign.c create mode 100755 demos/sm4/sms4evp.c diff --git a/demos/sdf/README.md b/demos/sdf/README.md new file mode 100644 index 00000000..bdd199f5 --- /dev/null +++ b/demos/sdf/README.md @@ -0,0 +1,14 @@ +# SDF Demos + + - sdf-dev.sh - open device + - sdf-sm1.sh - encrypt/decrypt with sm1 + - sdf-sm2enc.sh - encypt with sm2 + - sdf-sm2sign.sh - sm2 sign/verify + - sdf-sm3.sh - sm3 test + - sdf-sm4.sh - sm4 + - sdf-ssf33.sh - ssf33 + - sdf-ssl-server.sh - TLS 1.2 server + - sdf-zuc.sh - zuc + - sdf.c - sdf open device + - sdf.cnf - configuration file for sdf engine + diff --git a/demos/sdf/sdf-dev.sh b/demos/sdf/sdf-dev.sh new file mode 100755 index 00000000..4d368266 --- /dev/null +++ b/demos/sdf/sdf-dev.sh @@ -0,0 +1,18 @@ +#!/bin/bash -x + + +SO_PATH="./libsdf.so" + +echo "[Commands]" +gmssl engine sdf -vvvv +echo "[Capabilities]" +gmssl engine sdf -c + +echo "[Change Device Label and Auth key]" +gmssl engine sdf -pre SO_PATH:$SO_PATH -pre OPEN_DEV +#gmssl engine sdf -pre SO_PATH:$SO_PATH -pre OPEN_DEV -pre OPEN_CONTAINER:1 + +echo "[Import/Export File]" +gmssl engine sdf -pre SO_PATH:$SO_PATH -pre IMPORT_FILE:localhost-signcer.pem + + diff --git a/demos/sdf/sdf-sm1.sh b/demos/sdf/sdf-sm1.sh new file mode 100755 index 00000000..04a6305f --- /dev/null +++ b/demos/sdf/sdf-sm1.sh @@ -0,0 +1,16 @@ +#!/bin/bash -x + +#key=00000000000000000000000000000000 +#iv=00000000000000000000000000000000 + +key=12345678123456781234567812345678 +iv=12345678123456781234567812345678 +plaintext="This is the plaintext message." + +# FIXME: sm1/ssf33 is unkonwn to enc command +ciphertext=`echo $plaintext | sudo gmssl enc -sm1 -engine sdf -K $key -iv $iv -a` +plaintext=`echo $ciphertext | sudo gmssl enc -sm1 -d -engine sdf -K $key -iv $iv -a` + +echo "Ciphertext: $ciphertext" +echo "Plaintext: $plaintext" + diff --git a/demos/sdf/sdf-sm2enc.sh b/demos/sdf/sdf-sm2enc.sh new file mode 100755 index 00000000..ddb76249 --- /dev/null +++ b/demos/sdf/sdf-sm2enc.sh @@ -0,0 +1,21 @@ +#!/bin/bash -x + +echo "######################################################################" +echo "# #" +echo "# Default PIN: 11111111 #" +echo "# #" +echo "######################################################################" + +echo "secret" | \ + sudo gmssl pkeyutl -encrypt -engine sdf -keyform engine -inkey ecc_1.exch -out sm2ciphertext.der + +# export the public key of the default encrypt/keyexchagne SM2 private key +# the default ID of the key container is `ecc_1.exch` +sudo gmssl pkey -engine sdf -inform engine -in ecc_1.exch -pubout -out sm2enckey.pem + +echo "secret" | \ + gmssl pkeyutl -encrypt -pkeyopt ec_scheme:sm2 -pkeyopt ec_encrypt_param:sm3 -pubin -inkey sm2enckey.pem -out sm2ciphertext2.der + +sudo gmssl pkeyutl -decrypt -engine sdf -keyform engine -inkey ecc_1.exch -in sm2ciphertext.der +sudo gmssl pkeyutl -decrypt -engine sdf -keyform engine -inkey ecc_1.exch -in sm2ciphertext2.der + diff --git a/demos/sdf/sdf-sm2sign.sh b/demos/sdf/sdf-sm2sign.sh new file mode 100755 index 00000000..1c21dc77 --- /dev/null +++ b/demos/sdf/sdf-sm2sign.sh @@ -0,0 +1,20 @@ +#!/bin/bash -x +# +# FIXME: if App already exist, this script will fail. +# + + +VERBOSE=2 +SO_PATH="./libsdf.so" +LABEL="MySKF" +APPNAME="MyApp1" +APPNAME2="MyApp2" + +echo "[Sign/Verify with SM2 Container]" +echo "abc" | gmssl sm3 -binary | sudo gmssl pkeyutl -sign -pkeyopt ec_scheme:sm2 -engine sdf -keyform engine -inkey ecc_1.sign -out sm2.sig +echo "abc" | gmssl sm3 -binary | sudo gmssl pkeyutl -verify -pkeyopt ec_scheme:sm2 -engine sdf -keyform engine -inkey ecc_1.sign -sigfile sm2.sig + +echo "[Verify with exported SM2 Verification Public Key]" +sudo gmssl pkey -engine sdf -inform engine -in ecc_1.sign -pubout -out sm2vkey.pem +echo "abc" | gmssl sm3 -binary | gmssl pkeyutl -verify -pkeyopt ec_scheme:sm2 -pubin -inkey sm2vkey.pem -sigfile sm2.sig + diff --git a/demos/sdf/sdf-sm3.sh b/demos/sdf/sdf-sm3.sh new file mode 100755 index 00000000..503deccf --- /dev/null +++ b/demos/sdf/sdf-sm3.sh @@ -0,0 +1,3 @@ +#!/bin/bash -x + +echo -n abc | sudo gmssl dgst -sm3 -engine sdf -engine_impl # -r diff --git a/demos/sdf/sdf-sm4.sh b/demos/sdf/sdf-sm4.sh new file mode 100755 index 00000000..146ed607 --- /dev/null +++ b/demos/sdf/sdf-sm4.sh @@ -0,0 +1,14 @@ +#!/bin/bash -x + +#key=00000000000000000000000000000000 +#iv=00000000000000000000000000000000 + +key=12345678123456781234567812345678 +iv=12345678123456781234567812345678 +plaintext="This is the plaintext message." + +ciphertext=`echo $plaintext | sudo gmssl sms4 -K $key -iv $iv -a` + +echo $ciphertext +echo $plaintext | sudo gmssl sms4 -engine sdf -K $key -iv $iv -a +echo $ciphertext | sudo gmssl sms4 -d -engine sdf -K $key -iv $iv -a diff --git a/demos/sdf/sdf-ssf33.sh b/demos/sdf/sdf-ssf33.sh new file mode 100755 index 00000000..04a6305f --- /dev/null +++ b/demos/sdf/sdf-ssf33.sh @@ -0,0 +1,16 @@ +#!/bin/bash -x + +#key=00000000000000000000000000000000 +#iv=00000000000000000000000000000000 + +key=12345678123456781234567812345678 +iv=12345678123456781234567812345678 +plaintext="This is the plaintext message." + +# FIXME: sm1/ssf33 is unkonwn to enc command +ciphertext=`echo $plaintext | sudo gmssl enc -sm1 -engine sdf -K $key -iv $iv -a` +plaintext=`echo $ciphertext | sudo gmssl enc -sm1 -d -engine sdf -K $key -iv $iv -a` + +echo "Ciphertext: $ciphertext" +echo "Plaintext: $plaintext" + diff --git a/demos/sdf/sdf-ssl-server.sh b/demos/sdf/sdf-ssl-server.sh new file mode 100755 index 00000000..24550a24 --- /dev/null +++ b/demos/sdf/sdf-ssl-server.sh @@ -0,0 +1,7 @@ +#!/bin/bash +# `-trace` option require `.config enable-ssl-trace` + +#trace="-trace" + +#sudo gmssl s_server -tls1_2 -unlink -port 443 -cipher SM2 -engine sdf -keyform ENGINE -key ecc_1.sign -cert localhost-signcer.pem -msg -rev +sudo gmssl s_server -rev $trace -tls1_2 -unlink -port 4433 -cipher SM2 -engine sdf -keyform ENGINE -cert localhost.pem -key ecc_1.sign diff --git a/demos/sdf/sdf-zuc.sh b/demos/sdf/sdf-zuc.sh new file mode 100755 index 00000000..04a6305f --- /dev/null +++ b/demos/sdf/sdf-zuc.sh @@ -0,0 +1,16 @@ +#!/bin/bash -x + +#key=00000000000000000000000000000000 +#iv=00000000000000000000000000000000 + +key=12345678123456781234567812345678 +iv=12345678123456781234567812345678 +plaintext="This is the plaintext message." + +# FIXME: sm1/ssf33 is unkonwn to enc command +ciphertext=`echo $plaintext | sudo gmssl enc -sm1 -engine sdf -K $key -iv $iv -a` +plaintext=`echo $ciphertext | sudo gmssl enc -sm1 -d -engine sdf -K $key -iv $iv -a` + +echo "Ciphertext: $ciphertext" +echo "Plaintext: $plaintext" + diff --git a/demos/sdf/sdf.cnf b/demos/sdf/sdf.cnf new file mode 100644 index 00000000..fbb17ac2 --- /dev/null +++ b/demos/sdf/sdf.cnf @@ -0,0 +1,16 @@ +# conf file for gmssl sdf engine +openssl_conf = openssl_init + +[openssl_init] +engines = engine_section + +[engine_section] +sdf = sdf_section + +[sdf_section] +engine_id = sdf +SO_PATH = ./libswsds.so +VENDOR = sansec +OPEN_DEV = +init = 1 + diff --git a/demos/sm2/Makefile b/demos/sm2/Makefile index e70f6954..53677a6b 100644 --- a/demos/sm2/Makefile +++ b/demos/sm2/Makefile @@ -1,15 +1,25 @@ all: - gcc keygen.c -L /usr/local/lib -lcrypto -o keygen - gcc keygen.c -DENCRYPT_KEY -DNO_PROMPT -L /usr/local/lib -lcrypto -o keygen-enc - gcc keygen.c -DENCRYPT_KEY -L /usr/local/lib -lcrypto -o keygen-enc-prompt + gcc sm2-keygen.c -L /usr/local/lib -lcrypto -o sm2-keygen + gcc sm2-keygen.c -DENCRYPT_KEY -DNO_PROMPT -L /usr/local/lib -lcrypto -o sm2-keygen-enc + gcc sm2-keygen.c -DENCRYPT_KEY -L /usr/local/lib -lcrypto -o sm2-keygen-enc-prompt + gcc sm2-sign.c -L /usr/local/lib -lcrypto -o sm2-sign + gcc sm2-encrypt.c -L /usr/local/lib -lcrypto -o sm2-encrypt test: - ./keygen - ./keygen-enc - ./keygen-enc-prompt + ./sm2-keygen + echo + ./sm2-keygen-enc + echo + #./sm2-keygen-enc-prompt + ./sm2-sign + echo + ./sm2-encrypt + echo clean: rm -fr a.out - rm -fr keygen - rm -fr keygen-enc - rm -fr keygen-enc-prompt + rm -fr sm2-keygen + rm -fr sm2-keygen-enc + rm -fr sm2-keygen-enc-prompt + rm -fr sm2-sign + rm -fr sm2-encrypt diff --git a/demos/sm2/sm2-encrypt.c b/demos/sm2/sm2-encrypt.c new file mode 100644 index 00000000..d1e06b62 --- /dev/null +++ b/demos/sm2/sm2-encrypt.c @@ -0,0 +1,75 @@ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + + +int main(int argc, char **argv) +{ + int ret = -1; + EC_KEY *ec_key = NULL; + unsigned char key[64]; + unsigned char cbuf[1024]; + unsigned char pbuf[1024] = {0}; + size_t clen = sizeof(cbuf); + size_t plen = sizeof(pbuf); + int i; + + /* generate sm2 key pair */ + if (!(ec_key = EC_KEY_new_by_curve_name(NID_sm2p256v1)) + || !EC_KEY_generate_key(ec_key)) { + ERR_print_errors_fp(stderr); + goto end; + } + + /* generate to be encrypted symmetric key + * Notice: sm2 encrypt should only be used to encrypt short data + */ + if (!RAND_bytes(key, sizeof(key))) { + ERR_print_errors_fp(stderr); + goto end; + } + + printf("M = "); + for (i = 0; i < sizeof(key); i++) { + printf("%02X", key[i]); + } + printf("\n"); + + /* sm2 encrypt, hash algorithm is required for KDF */ + if (!SM2_encrypt(NID_sm3, key, sizeof(key), cbuf, &clen, ec_key)) { + ERR_print_errors_fp(stderr); + goto end; + } + + printf("C = "); + for (i = 0; i < clen; i++) { + printf("%02X", cbuf[i]); + } + printf("\n"); + + /* sm2 decrypt */ + if (!SM2_decrypt(NID_sm3, cbuf, clen, pbuf, &plen, ec_key)) { + ERR_print_errors_fp(stderr); + goto end; + } + + printf("M' = "); + for (i = 0; i < plen; i++) { + printf("%02X", pbuf[i]); + } + printf("\n"); + + ret = 0; + +end: + EC_KEY_free(ec_key); + return ret; +} diff --git a/demos/sm2/keygen.c b/demos/sm2/sm2-keygen.c similarity index 100% rename from demos/sm2/keygen.c rename to demos/sm2/sm2-keygen.c diff --git a/demos/sm2/sm2-sign.c b/demos/sm2/sm2-sign.c new file mode 100644 index 00000000..3b2dfb0a --- /dev/null +++ b/demos/sm2/sm2-sign.c @@ -0,0 +1,65 @@ +#include +#include +#include +#include +#include +#include +#include +#include +#include + + +int main(int argc, char **argv) +{ + int ret = -1; + EC_KEY *ec_key = NULL; + char *id = "Alice"; + unsigned char msg[] = "This is the message to be signed"; + unsigned char dgst[EVP_MAX_MD_SIZE]; + size_t dgstlen = sizeof(dgst); + unsigned char sig[256]; + unsigned int siglen = sizeof(sig); + int i; + + if (!(ec_key = EC_KEY_new_by_curve_name(NID_sm2p256v1)) + || !EC_KEY_generate_key(ec_key)) { + ERR_print_errors_fp(stderr); + goto end; + } + + printf("M = %s\n", (char *)msg); + printf("ID = %s\n", id); + + if (!SM2_compute_message_digest(EVP_sm3(), EVP_sm3(), msg, sizeof(msg), + id, strlen(id), dgst, &dgstlen, ec_key)) { + ERR_print_errors_fp(stderr); + goto end; + } + printf("H(Z||M) = "); + for (i = 0; i < dgstlen; i++) { + printf("%02X", dgst[i]); + } + printf("\n"); + + if (!SM2_sign(NID_undef, dgst, dgstlen, sig, &siglen, ec_key)) { + ERR_print_errors_fp(stderr); + goto end; + } + printf("Signature = "); + for (i = 0; i < siglen; i++) { + printf("%02X", sig[i]); + } + printf("\n"); + + if (1 != SM2_verify(NID_undef, dgst, dgstlen, sig, siglen, ec_key)) { + ERR_print_errors_fp(stderr); + goto end; + } + printf("Verification Success!\n"); + + ret = 0; + +end: + EC_KEY_free(ec_key); + return ret; +} diff --git a/demos/sm4/Makefile b/demos/sm4/Makefile index 2833f370..898aed20 100644 --- a/demos/sm4/Makefile +++ b/demos/sm4/Makefile @@ -1,11 +1,14 @@ all: gcc sms4.c -L /usr/local/lib -lcrypto -o sms4 gcc sms4.c -DUSE_RANDOM -L /usr/local/lib -lcrypto -o sms4rnd + gcc sms4evp.c -DMSG_LEN=20 -L /usr/local/lib -lcrypto -o sms4evp test: ./sms4 ./sms4rnd + ./sms4evp clean: rm -fr sms4 rm -fr sms4rnd + rm -fr sms4evp diff --git a/demos/sm4/sms4.c b/demos/sm4/sms4.c index 19e1a87d..dbd6d586 100755 --- a/demos/sm4/sms4.c +++ b/demos/sm4/sms4.c @@ -61,6 +61,16 @@ #include +static void print_buf(const char *s, const unsigned char *buf, size_t buflen) +{ + int i; + printf("%s = ", s); + for (i = 0; i < buflen; i++) { + printf("%02X", buf[i]); + } + printf("\n"); +} + int main(int argc, char **argv) { sms4_key_t sms4; @@ -76,17 +86,8 @@ int main(int argc, char **argv) } #endif - printf("key = "); - for (i = 0; i < sizeof(key); i++) { - printf("%02X", key[i]); - } - printf("\n"); - - printf("plaintext block = "); - for (i = 0; i < sizeof(block); i++) { - printf("%02X", block[i]); - } - printf("\n"); + print_buf("key", key, sizeof(key)); + print_buf("plaintext block", block, sizeof(block)); /* expand key for encryption */ sms4_set_encrypt_key(&sms4, key); @@ -94,11 +95,7 @@ int main(int argc, char **argv) /* encrypt a block */ sms4_encrypt(block, block, &sms4); - printf("ciphertext block = "); - for (i = 0; i < sizeof(block); i++) { - printf("%02X", block[i]); - } - printf("\n"); + print_buf("ciphertext block", block, sizeof(block)); /* expand key for decryption */ sms4_set_decrypt_key(&sms4, key); @@ -106,11 +103,7 @@ int main(int argc, char **argv) /* decrypt a block */ sms4_decrypt(block, block, &sms4); - printf("decrypted block = "); - for (i = 0; i < sizeof(block); i++) { - printf("%02X", block[i]); - } - printf("\n"); + print_buf("decrypted block", block, sizeof(block)); return 0; } diff --git a/demos/sm4/sms4evp.c b/demos/sm4/sms4evp.c new file mode 100755 index 00000000..9463fb4f --- /dev/null +++ b/demos/sm4/sms4evp.c @@ -0,0 +1,155 @@ +/* ==================================================================== + * Copyright (c) 2014 - 2018 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ +/* + * This sm4 demo use the EVP API. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +static void print_buf(const char *s, const unsigned char *buf, size_t buflen) +{ + int i; + printf("%s = ", s); + for (i = 0; i < buflen; i++) { + printf("%02X", buf[i]); + } + printf("\n"); +} + +int main(int argc, char **argv) +{ + int ret = -1; + EVP_CIPHER_CTX *ctx = NULL; + const EVP_CIPHER *cipher = EVP_sms4_cbc(); + unsigned char key[SMS4_KEY_LENGTH] = {0}; + unsigned char iv[SMS4_IV_LENGTH] = {0}; + unsigned char msg[MSG_LEN]; + unsigned char cbuf[sizeof(msg) + SMS4_BLOCK_SIZE]; + unsigned char pbuf[sizeof(cbuf)]; + unsigned int clen, plen; + int len; + + /* generate random key/iv/msg */ + if (!RAND_bytes(key, sizeof(key)) + || !RAND_bytes(iv, sizeof(iv)) + || !RAND_bytes(msg, sizeof(msg))) { + ERR_print_errors_fp(stderr); + return -1; + } + + print_buf("key", key, sizeof(key)); + print_buf("iv", iv, sizeof(iv)); + print_buf("msg", msg, sizeof(msg)); + + /* create encrypt/decrypt context */ + if (!(ctx = EVP_CIPHER_CTX_new())) { + ERR_print_errors_fp(stderr); + goto end; + } + + + /* encrypt */ + if (!EVP_EncryptInit(ctx, cipher, key, iv)) { + ERR_print_errors_fp(stderr); + goto end; + } + + clen = 0; + + if (!EVP_EncryptUpdate(ctx, cbuf, &len, msg, sizeof(msg))) { + ERR_print_errors_fp(stderr); + goto end; + } + clen += len; + + if (!EVP_EncryptFinal(ctx, cbuf + len, &len)) { + ERR_print_errors_fp(stderr); + goto end; + } + clen += len; + + print_buf("ciphertext", cbuf, clen); + + /* decrypt */ + if (!EVP_DecryptInit(ctx, cipher, key, iv)) { + ERR_print_errors_fp(stderr); + goto end; + } + + plen = 0; + + if (!EVP_DecryptUpdate(ctx, pbuf, &len, cbuf, clen)) { + ERR_print_errors_fp(stderr); + goto end; + } + plen += len; + + if (!EVP_DecryptFinal(ctx, pbuf + len, &len)) { + ERR_print_errors_fp(stderr); + goto end; + } + plen += len; + + print_buf("decrypted", pbuf, plen); + + ret = 0; + +end: + EVP_CIPHER_CTX_free(ctx); + return ret; +}