From: Matt Caswell Date: Wed, 13 Mar 2019 16:17:17 +0000 (+0000) Subject: Make EVP_Digest* functions provider aware X-Git-Tag: openssl-3.0.0-alpha1~2316 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=8c8cf0d96240663749897b44898b3964fa3363e0;p=oweals%2Fopenssl.git Make EVP_Digest* functions provider aware Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8513) --- diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 7309ed8fe4..f52beb131e 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -781,7 +781,9 @@ EVP_F_EVP_CIPHER_PARAM_TO_ASN1:205:EVP_CIPHER_param_to_asn1 EVP_F_EVP_DECRYPTFINAL_EX:101:EVP_DecryptFinal_ex EVP_F_EVP_DECRYPTUPDATE:166:EVP_DecryptUpdate EVP_F_EVP_DIGESTFINALXOF:174:EVP_DigestFinalXOF +EVP_F_EVP_DIGESTFINAL_EX:230:EVP_DigestFinal_ex EVP_F_EVP_DIGESTINIT_EX:128:EVP_DigestInit_ex +EVP_F_EVP_DIGESTUPDATE:231:EVP_DigestUpdate EVP_F_EVP_ENCRYPTDECRYPTUPDATE:219:evp_EncryptDecryptUpdate EVP_F_EVP_ENCRYPTFINAL_EX:127:EVP_EncryptFinal_ex EVP_F_EVP_ENCRYPTUPDATE:167:EVP_EncryptUpdate @@ -2356,6 +2358,7 @@ EVP_R_EXPECTING_A_DSA_KEY:129:expecting a dsa key EVP_R_EXPECTING_A_EC_KEY:142:expecting a ec key EVP_R_EXPECTING_A_POLY1305_KEY:164:expecting a poly1305 key EVP_R_EXPECTING_A_SIPHASH_KEY:175:expecting a siphash key +EVP_R_FINAL_ERROR:188:final error EVP_R_FIPS_MODE_NOT_SUPPORTED:167:fips mode not supported EVP_R_GET_RAW_KEY_FAILED:182:get raw key failed EVP_R_ILLEGAL_SCRYPT_PARAMETERS:171:illegal scrypt parameters @@ -2374,6 +2377,7 @@ EVP_R_MEMORY_LIMIT_EXCEEDED:172:memory limit exceeded EVP_R_MESSAGE_DIGEST_IS_NULL:159:message digest is null EVP_R_METHOD_NOT_SUPPORTED:144:method not supported EVP_R_MISSING_PARAMETERS:103:missing parameters +EVP_R_NOT_ABLE_TO_COPY_CTX:190:not able to copy ctx EVP_R_NOT_XOF_OR_INVALID_LENGTH:178:not XOF or invalid length EVP_R_NO_CIPHER_SET:131:no cipher set EVP_R_NO_DEFAULT_DIGEST:158:no default digest @@ -2407,6 +2411,7 @@ EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS:135:unsupported number of rounds EVP_R_UNSUPPORTED_PRF:125:unsupported prf EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM:118:unsupported private key algorithm EVP_R_UNSUPPORTED_SALT_TYPE:126:unsupported salt type +EVP_R_UPDATE_ERROR:189:update error EVP_R_WRAP_MODE_NOT_ALLOWED:170:wrap mode not allowed EVP_R_WRONG_FINAL_BLOCK_LENGTH:109:wrong final block length KDF_R_INVALID_DIGEST:100:invalid digest diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 08b5198f04..9e8aaf2203 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -22,6 +22,24 @@ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) if (ctx == NULL) return 1; + if (ctx->digest == NULL || ctx->digest->prov == NULL) + goto legacy; + + if (ctx->provctx != NULL) { + if (ctx->digest->freectx != NULL) + ctx->digest->freectx(ctx->provctx); + ctx->provctx = NULL; + EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); + } + + if (ctx->pctx != NULL) + goto legacy; + + return 1; + + /* TODO(3.0): Remove legacy code below */ + legacy: + /* * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because * sometimes only copies of the context are ever finalised. @@ -54,6 +72,23 @@ EVP_MD_CTX *EVP_MD_CTX_new(void) void EVP_MD_CTX_free(EVP_MD_CTX *ctx) { + if (ctx == NULL) + return; + + if (ctx->digest == NULL || ctx->digest->prov == NULL) + goto legacy; + + EVP_MD_CTX_reset(ctx); + + EVP_MD_meth_free(ctx->fetched_digest); + ctx->fetched_digest = NULL; + ctx->digest = NULL; + + OPENSSL_free(ctx); + return; + + /* TODO(3.0): Remove legacy code below */ + legacy: EVP_MD_CTX_reset(ctx); OPENSSL_free(ctx); } @@ -66,7 +101,12 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) { + EVP_MD *provmd; + ENGINE *tmpimpl = NULL; + EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); + + /* TODO(3.0): Legacy work around code below. Remove this */ #ifndef OPENSSL_NO_ENGINE /* * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so @@ -77,6 +117,72 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) if (ctx->engine && ctx->digest && (type == NULL || (type->type == ctx->digest->type))) goto skip_to_init; + + if (type != NULL && impl == NULL) + tmpimpl = ENGINE_get_digest_engine(type->type); +#endif + + /* + * If there are engines involved or if we're being used as part of + * EVP_DigestSignInit then we should use legacy handling for now. + */ + if (ctx->engine != NULL + || impl != NULL + || tmpimpl != NULL + || ctx->pctx != NULL + || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0) { + if (ctx->digest == ctx->fetched_digest) + ctx->digest = NULL; + EVP_MD_meth_free(ctx->fetched_digest); + ctx->fetched_digest = NULL; + goto legacy; + } + + if (type->prov == NULL) { + switch(type->type) { + default: + goto legacy; + } + } + + if (ctx->digest != NULL && ctx->digest->ctx_size > 0) { + OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); + ctx->md_data = NULL; + } + + /* TODO(3.0): Start of non-legacy code below */ + + if (type->prov == NULL) { + provmd = EVP_MD_fetch(NULL, OBJ_nid2sn(type->type), ""); + if (provmd == NULL) { + EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR); + return 0; + } + type = provmd; + EVP_MD_meth_free(ctx->fetched_digest); + ctx->fetched_digest = provmd; + } + + ctx->digest = type; + if (ctx->provctx == NULL) { + ctx->provctx = ctx->digest->newctx(); + if (ctx->provctx == NULL) { + EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR); + return 0; + } + } + + if (ctx->digest->dinit == NULL) { + EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR); + return 0; + } + + return ctx->digest->dinit(ctx->provctx); + + /* TODO(3.0): Remove legacy code below */ + legacy: + +#ifndef OPENSSL_NO_ENGINE if (type) { /* * Ensure an ENGINE left lying around from last time is cleared (the @@ -91,7 +197,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) } } else { /* Ask if an ENGINE is reserved for this job */ - impl = ENGINE_get_digest_engine(type->type); + impl = tmpimpl; } if (impl != NULL) { /* There's an ENGINE for this job ... (apparently) */ @@ -151,6 +257,17 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) { + if (ctx->digest == NULL || ctx->digest->prov == NULL) + goto legacy; + + if (ctx->digest->dupdate == NULL) { + EVPerr(EVP_F_EVP_DIGESTUPDATE, EVP_R_UPDATE_ERROR); + return 0; + } + return ctx->digest->dupdate(ctx->provctx, data, count); + + /* TODO(3.0): Remove legacy code below */ + legacy: return ctx->update(ctx, data, count); } @@ -164,14 +281,40 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) } /* The caller can assume that this removes any secret data from the context */ -int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) +int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *isize) { int ret; + size_t size = 0; + + if (ctx->digest == NULL || ctx->digest->prov == NULL) + goto legacy; + if (ctx->digest->dfinal == NULL) { + EVPerr(EVP_F_EVP_DIGESTFINAL_EX, EVP_R_FINAL_ERROR); + return 0; + } + + ret = ctx->digest->dfinal(ctx->provctx, md, &size); + + if (isize != NULL) { + if (size <= UINT_MAX) { + *isize = (int)size; + } else { + EVPerr(EVP_F_EVP_DIGESTFINAL_EX, EVP_R_FINAL_ERROR); + ret = 0; + } + } + + EVP_MD_CTX_reset(ctx); + + return ret; + + /* TODO(3.0): Remove legacy code below */ + legacy: OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret = ctx->digest->final(ctx, md); - if (size != NULL) - *size = ctx->digest->md_size; + if (isize != NULL) + *isize = ctx->digest->md_size; if (ctx->digest->cleanup) { ctx->digest->cleanup(ctx); EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); @@ -210,10 +353,52 @@ int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) { unsigned char *tmp_buf; - if ((in == NULL) || (in->digest == NULL)) { + + if (in == NULL || in->digest == NULL) { EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, EVP_R_INPUT_NOT_INITIALIZED); return 0; } + + if (in->digest->prov == NULL) + goto legacy; + + if (in->digest->dupctx == NULL) { + EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, EVP_R_NOT_ABLE_TO_COPY_CTX); + return 0; + } + + EVP_MD_CTX_reset(out); + if (out->fetched_digest != NULL) + EVP_MD_meth_free(out->fetched_digest); + *out = *in; + /* NULL out pointers in case of error */ + out->pctx = NULL; + out->provctx = NULL; + + if (in->fetched_digest != NULL) + EVP_MD_upref(in->fetched_digest); + + out->provctx = in->digest->dupctx(in->provctx); + if (out->provctx == NULL) { + EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, EVP_R_NOT_ABLE_TO_COPY_CTX); + return 0; + } + + /* copied EVP_MD_CTX should free the copied EVP_PKEY_CTX */ + EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); + if (in->pctx != NULL) { + out->pctx = EVP_PKEY_CTX_dup(in->pctx); + if (out->pctx == NULL) { + EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, EVP_R_NOT_ABLE_TO_COPY_CTX); + EVP_MD_CTX_reset(out); + return 0; + } + } + + return 1; + + /* TODO(3.0): Remove legacy code below */ + legacy: #ifndef OPENSSL_NO_ENGINE /* Make sure it's safe to copy a digest context using an ENGINE */ if (in->engine && !ENGINE_init(in->engine)) { @@ -302,13 +487,12 @@ static void *evp_md_from_dispatch(int mdtype, const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov) { EVP_MD *md = NULL; + int fncnt = 0; if ((md = EVP_MD_meth_new(mdtype, NID_undef)) == NULL) return NULL; for (; fns->function_id != 0; fns++) { - int fncnt = 0; - switch (fns->function_id) { case OSSL_FUNC_DIGEST_NEWCTX: if (md->newctx != NULL) @@ -340,29 +524,35 @@ static void *evp_md_from_dispatch(int mdtype, const OSSL_DISPATCH *fns, md->digest = OSSL_get_OP_digest_digest(fns); /* We don't increment fnct for this as it is stand alone */ break; - case OSSL_FUNC_DIGEST_CLEANCTX: - if (md->cleanctx != NULL) - break; - md->cleanctx = OSSL_get_OP_digest_cleanctx(fns); - fncnt++; - break; case OSSL_FUNC_DIGEST_FREECTX: if (md->freectx != NULL) break; md->freectx = OSSL_get_OP_digest_freectx(fns); fncnt++; break; + case OSSL_FUNC_DIGEST_DUPCTX: + if (md->dupctx != NULL) + break; + md->dupctx = OSSL_get_OP_digest_dupctx(fns); + break; + case OSSL_FUNC_DIGEST_SIZE: + if (md->size != NULL) + break; + md->size = OSSL_get_OP_digest_size(fns); + break; } - if ((fncnt != 0 && fncnt != 6) || (fncnt == 0 && md->digest == NULL)) { - /* - * In order to be a consistent set of functions we either need the - * whole set of init/update/final etc functions or none of them. - * The "digest" function can standalone. We at least need one way to - * generate digests. - */ - EVP_MD_meth_free(md); - return NULL; - } + } + if ((fncnt != 0 && fncnt != 5) + || (fncnt == 0 && md->digest == NULL) + || md->size == NULL) { + /* + * In order to be a consistent set of functions we either need the + * whole set of init/update/final etc functions or none of them. + * The "digest" function can standalone. We at least need one way to + * generate digests. + */ + EVP_MD_meth_free(md); + return NULL; } md->prov = prov; if (prov != NULL) diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index ef889b0a5c..068120ef7b 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -54,7 +54,9 @@ static const ERR_STRING_DATA EVP_str_functs[] = { "EVP_DecryptFinal_ex"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DECRYPTUPDATE, 0), "EVP_DecryptUpdate"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DIGESTFINALXOF, 0), "EVP_DigestFinalXOF"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DIGESTFINAL_EX, 0), "EVP_DigestFinal_ex"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DIGESTINIT_EX, 0), "EVP_DigestInit_ex"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DIGESTUPDATE, 0), "EVP_DigestUpdate"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTDECRYPTUPDATE, 0), "evp_EncryptDecryptUpdate"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTFINAL_EX, 0), @@ -219,6 +221,7 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { "expecting a poly1305 key"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_SIPHASH_KEY), "expecting a siphash key"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_FINAL_ERROR), "final error"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_GET_RAW_KEY_FAILED), "get raw key failed"}, @@ -246,6 +249,8 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_METHOD_NOT_SUPPORTED), "method not supported"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_MISSING_PARAMETERS), "missing parameters"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NOT_ABLE_TO_COPY_CTX), + "not able to copy ctx"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NOT_XOF_OR_INVALID_LENGTH), "not XOF or invalid length"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_CIPHER_SET), "no cipher set"}, @@ -293,6 +298,7 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { "unsupported private key algorithm"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_SALT_TYPE), "unsupported salt type"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UPDATE_ERROR), "update error"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRAP_MODE_NOT_ALLOWED), "wrap mode not allowed"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRONG_FINAL_BLOCK_LENGTH), diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index ed95dd5eec..219ae532d1 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -317,6 +317,10 @@ int EVP_MD_size(const EVP_MD *md) EVPerr(EVP_F_EVP_MD_SIZE, EVP_R_MESSAGE_DIGEST_IS_NULL); return -1; } + + if (md->prov != NULL && md->size != NULL) + return (int)md->size(); + return md->md_size; } diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h index 82e7bf8b11..936824a851 100644 --- a/crypto/evp/evp_locl.h +++ b/crypto/evp/evp_locl.h @@ -19,6 +19,10 @@ struct evp_md_ctx_st { EVP_PKEY_CTX *pctx; /* Update function: usually copied from EVP_MD */ int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); + + /* Provider ctx */ + void *provctx; + EVP_MD *fetched_digest; } /* EVP_MD_CTX */ ; struct evp_cipher_ctx_st { diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h index ba0eedd46b..ab8ce00e47 100644 --- a/crypto/include/internal/evp_int.h +++ b/crypto/include/internal/evp_int.h @@ -202,6 +202,8 @@ struct evp_md_st { OSSL_OP_digest_final_fn *dfinal; OSSL_OP_digest_digest_fn *digest; OSSL_OP_digest_freectx_fn *freectx; + OSSL_OP_digest_dupctx_fn *dupctx; + OSSL_OP_digest_size_fn *size; } /* EVP_MD */ ; diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index 9bce619e99..a7238547aa 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -82,18 +82,22 @@ OSSL_CORE_MAKE_FUNC(const OSSL_ALGORITHM *,provider_query_operation, # define OSSL_FUNC_DIGEST_FINAL 4 # define OSSL_FUNC_DIGEST_DIGEST 5 # define OSSL_FUNC_DIGEST_FREECTX 6 +# define OSSL_FUNC_DIGEST_DUPCTX 7 +# define OSSL_FUNC_DIGEST_SIZE 8 OSSL_CORE_MAKE_FUNC(void *, OP_digest_newctx, (void)) OSSL_CORE_MAKE_FUNC(int, OP_digest_init, (void *vctx)) OSSL_CORE_MAKE_FUNC(int, OP_digest_update, - (void *vctx, unsigned char *in, size_t inl)) + (void *, const unsigned char *in, size_t inl)) OSSL_CORE_MAKE_FUNC(int, OP_digest_final, - (void *vctx, unsigned char *out, size_t *outl)) + (void *, unsigned char *out, size_t *outl)) OSSL_CORE_MAKE_FUNC(int, OP_digest_digest, - (unsigned char *in, size_t inl, unsigned char *out, + (const unsigned char *in, size_t inl, unsigned char *out, size_t *out_l)) OSSL_CORE_MAKE_FUNC(void, OP_digest_cleanctx, (void *vctx)) OSSL_CORE_MAKE_FUNC(void, OP_digest_freectx, (void *vctx)) +OSSL_CORE_MAKE_FUNC(void *, OP_digest_dupctx, (void *vctx)) +OSSL_CORE_MAKE_FUNC(size_t, OP_digest_size, (void)) # ifdef __cplusplus } diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h index 445d173c08..598930af32 100644 --- a/include/openssl/evperr.h +++ b/include/openssl/evperr.h @@ -55,7 +55,9 @@ int ERR_load_EVP_strings(void); # define EVP_F_EVP_DECRYPTFINAL_EX 101 # define EVP_F_EVP_DECRYPTUPDATE 166 # define EVP_F_EVP_DIGESTFINALXOF 174 +# define EVP_F_EVP_DIGESTFINAL_EX 230 # define EVP_F_EVP_DIGESTINIT_EX 128 +# define EVP_F_EVP_DIGESTUPDATE 231 # define EVP_F_EVP_ENCRYPTDECRYPTUPDATE 219 # define EVP_F_EVP_ENCRYPTFINAL_EX 127 # define EVP_F_EVP_ENCRYPTUPDATE 167 @@ -170,6 +172,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_EXPECTING_A_EC_KEY 142 # define EVP_R_EXPECTING_A_POLY1305_KEY 164 # define EVP_R_EXPECTING_A_SIPHASH_KEY 175 +# define EVP_R_FINAL_ERROR 188 # define EVP_R_FIPS_MODE_NOT_SUPPORTED 167 # define EVP_R_GET_RAW_KEY_FAILED 182 # define EVP_R_ILLEGAL_SCRYPT_PARAMETERS 171 @@ -188,6 +191,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_MESSAGE_DIGEST_IS_NULL 159 # define EVP_R_METHOD_NOT_SUPPORTED 144 # define EVP_R_MISSING_PARAMETERS 103 +# define EVP_R_NOT_ABLE_TO_COPY_CTX 190 # define EVP_R_NOT_XOF_OR_INVALID_LENGTH 178 # define EVP_R_NO_CIPHER_SET 131 # define EVP_R_NO_DEFAULT_DIGEST 158 @@ -218,6 +222,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_UNSUPPORTED_PRF 125 # define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118 # define EVP_R_UNSUPPORTED_SALT_TYPE 126 +# define EVP_R_UPDATE_ERROR 189 # define EVP_R_WRAP_MODE_NOT_ALLOWED 170 # define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109