1=pod 2 3=head1 NAME 4 5EVP_CIPHER_fetch, 6EVP_CIPHER_up_ref, 7EVP_CIPHER_free, 8EVP_CIPHER_CTX_new, 9EVP_CIPHER_CTX_reset, 10EVP_CIPHER_CTX_free, 11EVP_EncryptInit_ex, 12EVP_EncryptInit_ex2, 13EVP_EncryptUpdate, 14EVP_EncryptFinal_ex, 15EVP_DecryptInit_ex, 16EVP_DecryptInit_ex2, 17EVP_DecryptUpdate, 18EVP_DecryptFinal_ex, 19EVP_CipherInit_ex, 20EVP_CipherInit_ex2, 21EVP_CipherUpdate, 22EVP_CipherFinal_ex, 23EVP_CIPHER_CTX_set_key_length, 24EVP_CIPHER_CTX_ctrl, 25EVP_EncryptInit, 26EVP_EncryptFinal, 27EVP_DecryptInit, 28EVP_DecryptFinal, 29EVP_CipherInit, 30EVP_CipherFinal, 31EVP_Cipher, 32EVP_get_cipherbyname, 33EVP_get_cipherbynid, 34EVP_get_cipherbyobj, 35EVP_CIPHER_is_a, 36EVP_CIPHER_get0_name, 37EVP_CIPHER_get0_description, 38EVP_CIPHER_names_do_all, 39EVP_CIPHER_get0_provider, 40EVP_CIPHER_get_nid, 41EVP_CIPHER_get_params, 42EVP_CIPHER_gettable_params, 43EVP_CIPHER_get_block_size, 44EVP_CIPHER_get_key_length, 45EVP_CIPHER_get_iv_length, 46EVP_CIPHER_get_flags, 47EVP_CIPHER_get_mode, 48EVP_CIPHER_get_type, 49EVP_CIPHER_CTX_cipher, 50EVP_CIPHER_CTX_get0_cipher, 51EVP_CIPHER_CTX_get1_cipher, 52EVP_CIPHER_CTX_get0_name, 53EVP_CIPHER_CTX_get_nid, 54EVP_CIPHER_CTX_get_params, 55EVP_CIPHER_gettable_ctx_params, 56EVP_CIPHER_CTX_gettable_params, 57EVP_CIPHER_CTX_set_params, 58EVP_CIPHER_settable_ctx_params, 59EVP_CIPHER_CTX_settable_params, 60EVP_CIPHER_CTX_get_block_size, 61EVP_CIPHER_CTX_get_key_length, 62EVP_CIPHER_CTX_get_iv_length, 63EVP_CIPHER_CTX_get_tag_length, 64EVP_CIPHER_CTX_get_app_data, 65EVP_CIPHER_CTX_set_app_data, 66EVP_CIPHER_CTX_flags, 67EVP_CIPHER_CTX_set_flags, 68EVP_CIPHER_CTX_clear_flags, 69EVP_CIPHER_CTX_test_flags, 70EVP_CIPHER_CTX_get_type, 71EVP_CIPHER_CTX_get_mode, 72EVP_CIPHER_CTX_get_num, 73EVP_CIPHER_CTX_set_num, 74EVP_CIPHER_CTX_is_encrypting, 75EVP_CIPHER_param_to_asn1, 76EVP_CIPHER_asn1_to_param, 77EVP_CIPHER_CTX_set_padding, 78EVP_enc_null, 79EVP_CIPHER_do_all_provided, 80EVP_CIPHER_nid, 81EVP_CIPHER_name, 82EVP_CIPHER_block_size, 83EVP_CIPHER_key_length, 84EVP_CIPHER_iv_length, 85EVP_CIPHER_flags, 86EVP_CIPHER_mode, 87EVP_CIPHER_type, 88EVP_CIPHER_CTX_encrypting, 89EVP_CIPHER_CTX_nid, 90EVP_CIPHER_CTX_block_size, 91EVP_CIPHER_CTX_key_length, 92EVP_CIPHER_CTX_iv_length, 93EVP_CIPHER_CTX_tag_length, 94EVP_CIPHER_CTX_num, 95EVP_CIPHER_CTX_type, 96EVP_CIPHER_CTX_mode 97- EVP cipher routines 98 99=head1 SYNOPSIS 100 101=for openssl generic 102 103 #include <openssl/evp.h> 104 105 EVP_CIPHER *EVP_CIPHER_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, 106 const char *properties); 107 int EVP_CIPHER_up_ref(EVP_CIPHER *cipher); 108 void EVP_CIPHER_free(EVP_CIPHER *cipher); 109 EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); 110 int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx); 111 void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx); 112 113 int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, 114 ENGINE *impl, const unsigned char *key, const unsigned char *iv); 115 int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, 116 const unsigned char *key, const unsigned char *iv, 117 const OSSL_PARAM params[]); 118 int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, 119 int *outl, const unsigned char *in, int inl); 120 int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); 121 122 int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, 123 ENGINE *impl, const unsigned char *key, const unsigned char *iv); 124 int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, 125 const unsigned char *key, const unsigned char *iv, 126 const OSSL_PARAM params[]); 127 int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, 128 int *outl, const unsigned char *in, int inl); 129 int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); 130 131 int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, 132 ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc); 133 int EVP_CipherInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, 134 const unsigned char *key, const unsigned char *iv, 135 int enc, const OSSL_PARAM params[]); 136 int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, 137 int *outl, const unsigned char *in, int inl); 138 int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); 139 140 int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, 141 const unsigned char *key, const unsigned char *iv); 142 int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); 143 144 int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, 145 const unsigned char *key, const unsigned char *iv); 146 int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); 147 148 int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, 149 const unsigned char *key, const unsigned char *iv, int enc); 150 int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); 151 152 int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 153 const unsigned char *in, unsigned int inl); 154 155 int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding); 156 int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); 157 int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int cmd, int p1, void *p2); 158 int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key); 159 void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); 160 void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags); 161 int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags); 162 163 const EVP_CIPHER *EVP_get_cipherbyname(const char *name); 164 const EVP_CIPHER *EVP_get_cipherbynid(int nid); 165 const EVP_CIPHER *EVP_get_cipherbyobj(const ASN1_OBJECT *a); 166 167 int EVP_CIPHER_get_nid(const EVP_CIPHER *e); 168 int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name); 169 int EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher, 170 void (*fn)(const char *name, void *data), 171 void *data); 172 const char *EVP_CIPHER_get0_name(const EVP_CIPHER *cipher); 173 const char *EVP_CIPHER_get0_description(const EVP_CIPHER *cipher); 174 const OSSL_PROVIDER *EVP_CIPHER_get0_provider(const EVP_CIPHER *cipher); 175 int EVP_CIPHER_get_block_size(const EVP_CIPHER *e); 176 int EVP_CIPHER_get_key_length(const EVP_CIPHER *e); 177 int EVP_CIPHER_get_iv_length(const EVP_CIPHER *e); 178 unsigned long EVP_CIPHER_get_flags(const EVP_CIPHER *e); 179 unsigned long EVP_CIPHER_get_mode(const EVP_CIPHER *e); 180 int EVP_CIPHER_get_type(const EVP_CIPHER *cipher); 181 182 const EVP_CIPHER *EVP_CIPHER_CTX_get0_cipher(const EVP_CIPHER_CTX *ctx); 183 EVP_CIPHER *EVP_CIPHER_CTX_get1_cipher(const EVP_CIPHER_CTX *ctx); 184 int EVP_CIPHER_CTX_get_nid(const EVP_CIPHER_CTX *ctx); 185 const char *EVP_CIPHER_CTX_get0_name(const EVP_CIPHER_CTX *ctx); 186 187 int EVP_CIPHER_get_params(EVP_CIPHER *cipher, OSSL_PARAM params[]); 188 int EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX *ctx, const OSSL_PARAM params[]); 189 int EVP_CIPHER_CTX_get_params(EVP_CIPHER_CTX *ctx, OSSL_PARAM params[]); 190 const OSSL_PARAM *EVP_CIPHER_gettable_params(const EVP_CIPHER *cipher); 191 const OSSL_PARAM *EVP_CIPHER_settable_ctx_params(const EVP_CIPHER *cipher); 192 const OSSL_PARAM *EVP_CIPHER_gettable_ctx_params(const EVP_CIPHER *cipher); 193 const OSSL_PARAM *EVP_CIPHER_CTX_settable_params(EVP_CIPHER_CTX *ctx); 194 const OSSL_PARAM *EVP_CIPHER_CTX_gettable_params(EVP_CIPHER_CTX *ctx); 195 int EVP_CIPHER_CTX_get_block_size(const EVP_CIPHER_CTX *ctx); 196 int EVP_CIPHER_CTX_get_key_length(const EVP_CIPHER_CTX *ctx); 197 int EVP_CIPHER_CTX_get_iv_length(const EVP_CIPHER_CTX *ctx); 198 int EVP_CIPHER_CTX_get_tag_length(const EVP_CIPHER_CTX *ctx); 199 void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); 200 void EVP_CIPHER_CTX_set_app_data(const EVP_CIPHER_CTX *ctx, void *data); 201 int EVP_CIPHER_CTX_get_type(const EVP_CIPHER_CTX *ctx); 202 int EVP_CIPHER_CTX_get_mode(const EVP_CIPHER_CTX *ctx); 203 int EVP_CIPHER_CTX_get_num(const EVP_CIPHER_CTX *ctx); 204 int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num); 205 int EVP_CIPHER_CTX_is_encrypting(const EVP_CIPHER_CTX *ctx); 206 207 int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); 208 int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); 209 210 void EVP_CIPHER_do_all_provided(OSSL_LIB_CTX *libctx, 211 void (*fn)(EVP_CIPHER *cipher, void *arg), 212 void *arg); 213 214 #define EVP_CIPHER_nid EVP_CIPHER_get_nid 215 #define EVP_CIPHER_name EVP_CIPHER_get0_name 216 #define EVP_CIPHER_block_size EVP_CIPHER_get_block_size 217 #define EVP_CIPHER_key_length EVP_CIPHER_get_key_length 218 #define EVP_CIPHER_iv_length EVP_CIPHER_get_iv_length 219 #define EVP_CIPHER_flags EVP_CIPHER_get_flags 220 #define EVP_CIPHER_mode EVP_CIPHER_get_mode 221 #define EVP_CIPHER_type EVP_CIPHER_get_type 222 #define EVP_CIPHER_CTX_encrypting EVP_CIPHER_CTX_is_encrypting 223 #define EVP_CIPHER_CTX_nid EVP_CIPHER_CTX_get_nid 224 #define EVP_CIPHER_CTX_block_size EVP_CIPHER_CTX_get_block_size 225 #define EVP_CIPHER_CTX_key_length EVP_CIPHER_CTX_get_key_length 226 #define EVP_CIPHER_CTX_iv_length EVP_CIPHER_CTX_get_iv_length 227 #define EVP_CIPHER_CTX_tag_length EVP_CIPHER_CTX_get_tag_length 228 #define EVP_CIPHER_CTX_num EVP_CIPHER_CTX_get_num 229 #define EVP_CIPHER_CTX_type EVP_CIPHER_CTX_get_type 230 #define EVP_CIPHER_CTX_mode EVP_CIPHER_CTX_get_mode 231 232Deprecated since OpenSSL 3.0, can be hidden entirely by defining 233B<OPENSSL_API_COMPAT> with a suitable version value, see 234L<openssl_user_macros(7)>: 235 236 const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); 237 238Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining 239B<OPENSSL_API_COMPAT> with a suitable version value, see 240L<openssl_user_macros(7)>: 241 242 int EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx); 243 244=head1 DESCRIPTION 245 246The EVP cipher routines are a high-level interface to certain 247symmetric ciphers. 248 249The B<EVP_CIPHER> type is a structure for cipher method implementation. 250 251=over 4 252 253=item EVP_CIPHER_fetch() 254 255Fetches the cipher implementation for the given I<algorithm> from any provider 256offering it, within the criteria given by the I<properties>. 257See L<crypto(7)/ALGORITHM FETCHING> for further information. 258 259The returned value must eventually be freed with EVP_CIPHER_free(). 260 261Fetched B<EVP_CIPHER> structures are reference counted. 262 263=item EVP_CIPHER_up_ref() 264 265Increments the reference count for an B<EVP_CIPHER> structure. 266 267=item EVP_CIPHER_free() 268 269Decrements the reference count for the fetched B<EVP_CIPHER> structure. 270If the reference count drops to 0 then the structure is freed. 271 272=item EVP_CIPHER_CTX_new() 273 274Allocates and returns a cipher context. 275 276=item EVP_CIPHER_CTX_free() 277 278Clears all information from a cipher context and frees any allocated memory 279associated with it, including I<ctx> itself. This function should be called after 280all operations using a cipher are complete so sensitive information does not 281remain in memory. 282 283=item EVP_CIPHER_CTX_ctrl() 284 285I<This is a legacy method.> EVP_CIPHER_CTX_set_params() and 286EVP_CIPHER_CTX_get_params() is the mechanism that should be used to set and get 287parameters that are used by providers. 288 289Performs cipher-specific control actions on context I<ctx>. The control command 290is indicated in I<cmd> and any additional arguments in I<p1> and I<p2>. 291EVP_CIPHER_CTX_ctrl() must be called after EVP_CipherInit_ex2(). Other restrictions 292may apply depending on the control type and cipher implementation. 293 294If this function happens to be used with a fetched B<EVP_CIPHER>, it will 295translate the controls that are known to OpenSSL into L<OSSL_PARAM(3)> 296parameters with keys defined by OpenSSL and call EVP_CIPHER_CTX_get_params() or 297EVP_CIPHER_CTX_set_params() as is appropriate for each control command. 298 299See L</CONTROLS> below for more information, including what translations are 300being done. 301 302=item EVP_CIPHER_get_params() 303 304Retrieves the requested list of algorithm I<params> from a CIPHER I<cipher>. 305See L</PARAMETERS> below for more information. 306 307=item EVP_CIPHER_CTX_get_params() 308 309Retrieves the requested list of I<params> from CIPHER context I<ctx>. 310See L</PARAMETERS> below for more information. 311 312=item EVP_CIPHER_CTX_set_params() 313 314Sets the list of I<params> into a CIPHER context I<ctx>. 315See L</PARAMETERS> below for more information. 316 317=item EVP_CIPHER_gettable_params() 318 319Get a constant B<OSSL_PARAM> array that describes the retrievable parameters 320that can be used with EVP_CIPHER_get_params(). See L<OSSL_PARAM(3)> for the 321use of B<OSSL_PARAM> as a parameter descriptor. 322 323=item EVP_CIPHER_gettable_ctx_params() and EVP_CIPHER_CTX_gettable_params() 324 325Get a constant B<OSSL_PARAM> array that describes the retrievable parameters 326that can be used with EVP_CIPHER_CTX_get_params(). 327EVP_CIPHER_gettable_ctx_params() returns the parameters that can be retrieved 328from the algorithm, whereas EVP_CIPHER_CTX_gettable_params() returns the 329parameters that can be retrieved in the context's current state. 330See L<OSSL_PARAM(3)> for the use of B<OSSL_PARAM> as a parameter descriptor. 331 332=item EVP_CIPHER_settable_ctx_params() and EVP_CIPHER_CTX_settable_params() 333 334Get a constant B<OSSL_PARAM> array that describes the settable parameters 335that can be used with EVP_CIPHER_CTX_set_params(). 336EVP_CIPHER_settable_ctx_params() returns the parameters that can be set from the 337algorithm, whereas EVP_CIPHER_CTX_settable_params() returns the parameters that 338can be set in the context's current state. 339See L<OSSL_PARAM(3)> for the use of B<OSSL_PARAM> as a parameter descriptor. 340 341=item EVP_EncryptInit_ex2() 342 343Sets up cipher context I<ctx> for encryption with cipher I<type>. I<type> is 344typically supplied by calling EVP_CIPHER_fetch(). I<type> may also be set 345using legacy functions such as EVP_aes_256_cbc(), but this is not recommended 346for new applications. I<key> is the symmetric key to use and I<iv> is the IV to 347use (if necessary), the actual number of bytes used for the key and IV depends 348on the cipher. The parameters I<params> will be set on the context after 349initialisation. It is possible to set all parameters to NULL except I<type> in 350an initial call and supply the remaining parameters in subsequent calls, all of 351which have I<type> set to NULL. This is done when the default cipher parameters 352are not appropriate. 353For B<EVP_CIPH_GCM_MODE> the IV will be generated internally if it is not 354specified. 355 356=item EVP_EncryptInit_ex() 357 358This legacy function is similar to EVP_EncryptInit_ex2() when I<impl> is NULL. 359The implementation of the I<type> from the I<impl> engine will be used if it 360exists. 361 362=item EVP_EncryptUpdate() 363 364Encrypts I<inl> bytes from the buffer I<in> and writes the encrypted version to 365I<out>. This function can be called multiple times to encrypt successive blocks 366of data. The amount of data written depends on the block alignment of the 367encrypted data. 368For most ciphers and modes, the amount of data written can be anything 369from zero bytes to (inl + cipher_block_size - 1) bytes. 370For wrap cipher modes, the amount of data written can be anything 371from zero bytes to (inl + cipher_block_size) bytes. 372For stream ciphers, the amount of data written can be anything from zero 373bytes to inl bytes. 374Thus, I<out> should contain sufficient room for the operation being performed. 375The actual number of bytes written is placed in I<outl>. It also 376checks if I<in> and I<out> are partially overlapping, and if they are 3770 is returned to indicate failure. 378 379If padding is enabled (the default) then EVP_EncryptFinal_ex() encrypts 380the "final" data, that is any data that remains in a partial block. 381It uses standard block padding (aka PKCS padding) as described in 382the NOTES section, below. The encrypted 383final data is written to I<out> which should have sufficient space for 384one cipher block. The number of bytes written is placed in I<outl>. After 385this function is called the encryption operation is finished and no further 386calls to EVP_EncryptUpdate() should be made. 387 388If padding is disabled then EVP_EncryptFinal_ex() will not encrypt any more 389data and it will return an error if any data remains in a partial block: 390that is if the total data length is not a multiple of the block size. 391 392=item EVP_DecryptInit_ex2(), EVP_DecryptInit_ex(), EVP_DecryptUpdate() 393and EVP_DecryptFinal_ex() 394 395These functions are the corresponding decryption operations. 396EVP_DecryptFinal() will return an error code if padding is enabled and the 397final block is not correctly formatted. The parameters and restrictions are 398identical to the encryption operations except that if padding is enabled the 399decrypted data buffer I<out> passed to EVP_DecryptUpdate() should have 400sufficient room for (I<inl> + cipher_block_size) bytes unless the cipher block 401size is 1 in which case I<inl> bytes is sufficient. 402 403=item EVP_CipherInit_ex2(), EVP_CipherInit_ex(), EVP_CipherUpdate() and 404EVP_CipherFinal_ex() 405 406These functions can be used for decryption or encryption. The operation 407performed depends on the value of the I<enc> parameter. It should be set to 1 408for encryption, 0 for decryption and -1 to leave the value unchanged 409(the actual value of 'enc' being supplied in a previous call). 410 411=item EVP_CIPHER_CTX_reset() 412 413Clears all information from a cipher context and free up any allocated memory 414associated with it, except the I<ctx> itself. This function should be called 415anytime I<ctx> is reused by another 416EVP_CipherInit() / EVP_CipherUpdate() / EVP_CipherFinal() series of calls. 417 418=item EVP_EncryptInit(), EVP_DecryptInit() and EVP_CipherInit() 419 420Behave in a similar way to EVP_EncryptInit_ex(), EVP_DecryptInit_ex() and 421EVP_CipherInit_ex() except if the I<type> is not a fetched cipher they use the 422default implementation of the I<type>. 423 424=item EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() 425 426Identical to EVP_EncryptFinal_ex(), EVP_DecryptFinal_ex() and 427EVP_CipherFinal_ex(). In previous releases they also cleaned up 428the I<ctx>, but this is no longer done and EVP_CIPHER_CTX_cleanup() 429must be called to free any context resources. 430 431=item EVP_Cipher() 432 433Encrypts or decrypts a maximum I<inl> amount of bytes from I<in> and leaves the 434result in I<out>. 435 436For legacy ciphers - If the cipher doesn't have the flag 437B<EVP_CIPH_FLAG_CUSTOM_CIPHER> set, then I<inl> must be a multiple of 438EVP_CIPHER_get_block_size(). If it isn't, the result is undefined. If the cipher 439has that flag set, then I<inl> can be any size. 440 441Due to the constraints of the API contract of this function it shouldn't be used 442in applications, please consider using EVP_CipherUpdate() and 443EVP_CipherFinal_ex() instead. 444 445=item EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj() 446 447Return an EVP_CIPHER structure when passed a cipher name, a NID or an 448ASN1_OBJECT structure. 449 450EVP_get_cipherbyname() will return NULL for algorithms such as "AES-128-SIV", 451"AES-128-CBC-CTS" and "CAMELLIA-128-CBC-CTS" which were previously only 452accessible via low level interfaces. Use EVP_CIPHER_fetch() instead to retrieve 453these algorithms from a provider. 454 455=item EVP_CIPHER_get_nid() and EVP_CIPHER_CTX_get_nid() 456 457Return the NID of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX> 458structure. The actual NID value is an internal value which may not have a 459corresponding OBJECT IDENTIFIER. 460 461=item EVP_CIPHER_CTX_set_flags(), EVP_CIPHER_CTX_clear_flags() and EVP_CIPHER_CTX_test_flags() 462 463Sets, clears and tests I<ctx> flags. See L</FLAGS> below for more information. 464 465For provided ciphers EVP_CIPHER_CTX_set_flags() should be called only after the 466fetched cipher has been assigned to the I<ctx>. It is recommended to use 467L</PARAMETERS> instead. 468 469=item EVP_CIPHER_CTX_set_padding() 470 471Enables or disables padding. This function should be called after the context 472is set up for encryption or decryption with EVP_EncryptInit_ex2(), 473EVP_DecryptInit_ex2() or EVP_CipherInit_ex2(). By default encryption operations 474are padded using standard block padding and the padding is checked and removed 475when decrypting. If the I<pad> parameter is zero then no padding is 476performed, the total amount of data encrypted or decrypted must then 477be a multiple of the block size or an error will occur. 478 479=item EVP_CIPHER_get_key_length() and EVP_CIPHER_CTX_get_key_length() 480 481Return the key length of a cipher when passed an B<EVP_CIPHER> or 482B<EVP_CIPHER_CTX> structure. The constant B<EVP_MAX_KEY_LENGTH> is the maximum 483key length for all ciphers. Note: although EVP_CIPHER_get_key_length() is fixed for 484a given cipher, the value of EVP_CIPHER_CTX_get_key_length() may be different for 485variable key length ciphers. 486 487=item EVP_CIPHER_CTX_set_key_length() 488 489Sets the key length of the cipher context. 490If the cipher is a fixed length cipher then attempting to set the key 491length to any value other than the fixed value is an error. 492 493=item EVP_CIPHER_get_iv_length() and EVP_CIPHER_CTX_get_iv_length() 494 495Return the IV length of a cipher when passed an B<EVP_CIPHER> or 496B<EVP_CIPHER_CTX>. It will return zero if the cipher does not use an IV. 497The constant B<EVP_MAX_IV_LENGTH> is the maximum IV length for all ciphers. 498 499=item EVP_CIPHER_CTX_get_tag_length() 500 501Returns the tag length of an AEAD cipher when passed a B<EVP_CIPHER_CTX>. It will 502return zero if the cipher does not support a tag. It returns a default value if 503the tag length has not been set. 504 505=item EVP_CIPHER_get_block_size() and EVP_CIPHER_CTX_get_block_size() 506 507Return the block size of a cipher when passed an B<EVP_CIPHER> or 508B<EVP_CIPHER_CTX> structure. The constant B<EVP_MAX_BLOCK_LENGTH> is also the 509maximum block length for all ciphers. 510 511=item EVP_CIPHER_get_type() and EVP_CIPHER_CTX_get_type() 512 513Return the type of the passed cipher or context. This "type" is the actual NID 514of the cipher OBJECT IDENTIFIER and as such it ignores the cipher parameters 515(40 bit RC2 and 128 bit RC2 have the same NID). If the cipher does not have an 516object identifier or does not have ASN1 support this function will return 517B<NID_undef>. 518 519=item EVP_CIPHER_is_a() 520 521Returns 1 if I<cipher> is an implementation of an algorithm that's identifiable 522with I<name>, otherwise 0. If I<cipher> is a legacy cipher (it's the return 523value from the likes of EVP_aes128() rather than the result of an 524EVP_CIPHER_fetch()), only cipher names registered with the default library 525context (see L<OSSL_LIB_CTX(3)>) will be considered. 526 527=item EVP_CIPHER_get0_name() and EVP_CIPHER_CTX_get0_name() 528 529Return the name of the passed cipher or context. For fetched ciphers with 530multiple names, only one of them is returned. See also EVP_CIPHER_names_do_all(). 531 532=item EVP_CIPHER_names_do_all() 533 534Traverses all names for the I<cipher>, and calls I<fn> with each name and 535I<data>. This is only useful with fetched B<EVP_CIPHER>s. 536 537=item EVP_CIPHER_get0_description() 538 539Returns a description of the cipher, meant for display and human consumption. 540The description is at the discretion of the cipher implementation. 541 542=item EVP_CIPHER_get0_provider() 543 544Returns an B<OSSL_PROVIDER> pointer to the provider that implements the given 545B<EVP_CIPHER>. 546 547=item EVP_CIPHER_CTX_get0_cipher() 548 549Returns the B<EVP_CIPHER> structure when passed an B<EVP_CIPHER_CTX> structure. 550EVP_CIPHER_CTX_get1_cipher() is the same except the ownership is passed to 551the caller. 552 553=item EVP_CIPHER_get_mode() and EVP_CIPHER_CTX_get_mode() 554 555Return the block cipher mode: 556EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, 557EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, 558EVP_CIPH_WRAP_MODE, EVP_CIPH_OCB_MODE or EVP_CIPH_SIV_MODE. 559If the cipher is a stream cipher then EVP_CIPH_STREAM_CIPHER is returned. 560 561=item EVP_CIPHER_get_flags() 562 563Returns any flags associated with the cipher. See L</FLAGS> 564for a list of currently defined flags. 565 566=item EVP_CIPHER_CTX_get_num() and EVP_CIPHER_CTX_set_num() 567 568Gets or sets the cipher specific "num" parameter for the associated I<ctx>. 569Built-in ciphers typically use this to track how much of the current underlying block 570has been "used" already. 571 572=item EVP_CIPHER_CTX_is_encrypting() 573 574Reports whether the I<ctx> is being used for encryption or decryption. 575 576=item EVP_CIPHER_CTX_flags() 577 578A deprecated macro calling C<EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx))>. 579Do not use. 580 581=item EVP_CIPHER_param_to_asn1() 582 583Sets the AlgorithmIdentifier "parameter" based on the passed cipher. This will 584typically include any parameters and an IV. The cipher IV (if any) must be set 585when this call is made. This call should be made before the cipher is actually 586"used" (before any EVP_EncryptUpdate(), EVP_DecryptUpdate() calls for example). 587This function may fail if the cipher does not have any ASN1 support. 588 589=item EVP_CIPHER_asn1_to_param() 590 591Sets the cipher parameters based on an ASN1 AlgorithmIdentifier "parameter". 592The precise effect depends on the cipher. In the case of B<RC2>, for example, 593it will set the IV and effective key length. 594This function should be called after the base cipher type is set but before 595the key is set. For example EVP_CipherInit() will be called with the IV and 596key set to NULL, EVP_CIPHER_asn1_to_param() will be called and finally 597EVP_CipherInit() again with all parameters except the key set to NULL. It is 598possible for this function to fail if the cipher does not have any ASN1 support 599or the parameters cannot be set (for example the RC2 effective key length 600is not supported. 601 602=item EVP_CIPHER_CTX_rand_key() 603 604Generates a random key of the appropriate length based on the cipher context. 605The B<EVP_CIPHER> can provide its own random key generation routine to support 606keys of a specific form. I<key> must point to a buffer at least as big as the 607value returned by EVP_CIPHER_CTX_get_key_length(). 608 609=item EVP_CIPHER_do_all_provided() 610 611Traverses all ciphers implemented by all activated providers in the given 612library context I<libctx>, and for each of the implementations, calls the given 613function I<fn> with the implementation method and the given I<arg> as argument. 614 615=back 616 617=head1 PARAMETERS 618 619See L<OSSL_PARAM(3)> for information about passing parameters. 620 621=head2 Gettable EVP_CIPHER parameters 622 623When EVP_CIPHER_fetch() is called it internally calls EVP_CIPHER_get_params() 624and caches the results. 625 626EVP_CIPHER_get_params() can be used with the following B<OSSL_PARAM> keys: 627 628=over 4 629 630=item "mode" (B<OSSL_CIPHER_PARAM_MODE>) <unsigned integer> 631 632Gets the mode for the associated cipher algorithm I<cipher>. 633See L</EVP_CIPHER_get_mode() and EVP_CIPHER_CTX_get_mode()> for a list of valid modes. 634Use EVP_CIPHER_get_mode() to retrieve the cached value. 635 636=item "keylen" (B<OSSL_CIPHER_PARAM_KEYLEN>) <unsigned integer> 637 638Gets the key length for the associated cipher algorithm I<cipher>. 639Use EVP_CIPHER_get_key_length() to retrieve the cached value. 640 641=item "ivlen" (B<OSSL_CIPHER_PARAM_IVLEN>) <unsigned integer> 642 643Gets the IV length for the associated cipher algorithm I<cipher>. 644Use EVP_CIPHER_get_iv_length() to retrieve the cached value. 645 646=item "blocksize" (B<OSSL_CIPHER_PARAM_BLOCK_SIZE>) <unsigned integer> 647 648Gets the block size for the associated cipher algorithm I<cipher>. 649The block size should be 1 for stream ciphers. 650Note that the block size for a cipher may be different to the block size for 651the underlying encryption/decryption primitive. 652For example AES in CTR mode has a block size of 1 (because it operates like a 653stream cipher), even though AES has a block size of 16. 654Use EVP_CIPHER_get_block_size() to retreive the cached value. 655 656=item "aead" (B<OSSL_CIPHER_PARAM_AEAD>) <integer> 657 658Gets 1 if this is an AEAD cipher algorithm, otherwise it gets 0. 659Use (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) to retrieve the 660cached value. 661 662=item "custom-iv" (B<OSSL_CIPHER_PARAM_CUSTOM_IV>) <integer> 663 664Gets 1 if the cipher algorithm I<cipher> has a custom IV, otherwise it gets 0. 665Storing and initializing the IV is left entirely to the implementation, if a 666custom IV is used. 667Use (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_CUSTOM_IV) to retrieve the 668cached value. 669 670=item "cts" (B<OSSL_CIPHER_PARAM_CTS>) <integer> 671 672Gets 1 if the cipher algorithm I<cipher> uses ciphertext stealing, 673otherwise it gets 0. 674This is currently used to indicate that the cipher is a one shot that only 675allows a single call to EVP_CipherUpdate(). 676Use (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_CTS) to retrieve the 677cached value. 678 679=item "tls-multi" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK>) <integer> 680 681Gets 1 if the cipher algorithm I<cipher> supports interleaving of crypto blocks, 682otherwise it gets 0. The interleaving is an optimization only applicable to certain 683TLS ciphers. 684Use (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) to retrieve the 685cached value. 686 687=item "has-randkey" (B<OSSL_CIPHER_PARAM_HAS_RANDKEY>) <integer> 688 689Gets 1 if the cipher algorithm I<cipher> supports the gettable EVP_CIPHER_CTX 690parameter B<OSSL_CIPHER_PARAM_RANDOM_KEY>. Only DES and 3DES set this to 1, 691all other OpenSSL ciphers return 0. 692 693=back 694 695=head2 Gettable and Settable EVP_CIPHER_CTX parameters 696 697The following B<OSSL_PARAM> keys can be used with both EVP_CIPHER_CTX_get_params() 698and EVP_CIPHER_CTX_set_params(). 699 700=over 4 701 702=item "padding" (B<OSSL_CIPHER_PARAM_PADDING>) <unsigned integer> 703 704Gets or sets the padding mode for the cipher context I<ctx>. 705Padding is enabled if the value is 1, and disabled if the value is 0. 706See also EVP_CIPHER_CTX_set_padding(). 707 708=item "num" (B<OSSL_CIPHER_PARAM_NUM>) <unsigned integer> 709 710Gets or sets the cipher specific "num" parameter for the cipher context I<ctx>. 711Built-in ciphers typically use this to track how much of the current underlying 712block has been "used" already. 713See also EVP_CIPHER_CTX_get_num() and EVP_CIPHER_CTX_set_num(). 714 715=item "keylen" (B<OSSL_CIPHER_PARAM_KEYLEN>) <unsigned integer> 716 717Gets or sets the key length for the cipher context I<ctx>. 718The length of the "keylen" parameter should not exceed that of a B<size_t>. 719See also EVP_CIPHER_CTX_get_key_length() and EVP_CIPHER_CTX_set_key_length(). 720 721=item "tag" (B<OSSL_CIPHER_PARAM_AEAD_TAG>) <octet string> 722 723Gets or sets the AEAD tag for the associated cipher context I<ctx>. 724See L<EVP_EncryptInit(3)/AEAD Interface>. 725 726=item "keybits" (B<OSSL_CIPHER_PARAM_RC2_KEYBITS>) <unsigned integer> 727 728Gets or sets the effective keybits used for a RC2 cipher. 729The length of the "keybits" parameter should not exceed that of a B<size_t>. 730 731=item "rounds" (B<OSSL_CIPHER_PARAM_ROUNDS>) <unsigned integer> 732 733Gets or sets the number of rounds to be used for a cipher. 734This is used by the RC5 cipher. 735 736=item "alg_id_param" (B<OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS>) <octet string> 737 738Used to pass the DER encoded AlgorithmIdentifier parameter to or from 739the cipher implementation. Functions like L<EVP_CIPHER_param_to_asn1(3)> 740and L<EVP_CIPHER_asn1_to_param(3)> use this parameter for any implementation 741that has the flag B<EVP_CIPH_FLAG_CUSTOM_ASN1> set. 742 743=item "cts_mode" (B<OSSL_CIPHER_PARAM_CTS_MODE>) <UTF8 string> 744 745Gets or sets the cipher text stealing mode. For all modes the output size is the 746same as the input size. The input length must be greater than or equal to the 747block size. (The block size for AES and CAMELLIA is 16 bytes). 748 749Valid values for the mode are: 750 751=over 4 752 753=item "CS1" 754 755The NIST variant of cipher text stealing. 756For input lengths that are multiples of the block size it is equivalent to 757using a "AES-XXX-CBC" or "CAMELLIA-XXX-CBC" cipher otherwise the second last 758cipher text block is a partial block. 759 760=item "CS2" 761 762For input lengths that are multiples of the block size it is equivalent to 763using a "AES-XXX-CBC" or "CAMELLIA-XXX-CBC" cipher, otherwise it is the same as 764"CS3" mode. 765 766=item "CS3" 767 768The Kerberos5 variant of cipher text stealing which always swaps the last 769cipher text block with the previous block (which may be a partial or full block 770depending on the input length). If the input length is exactly one full block 771then this is equivalent to using a "AES-XXX-CBC" or "CAMELLIA-XXX-CBC" cipher. 772 773=back 774 775The default is "CS1". 776This is only supported for "AES-128-CBC-CTS", "AES-192-CBC-CTS", "AES-256-CBC-CTS", 777"CAMELLIA-128-CBC-CTS", "CAMELLIA-192-CBC-CTS" and "CAMELLIA-256-CBC-CTS". 778 779=item "tls1multi_interleave" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE>) <unsigned integer> 780 781Sets or gets the number of records being sent in one go for a tls1 multiblock 782cipher operation (either 4 or 8 records). 783 784=back 785 786=head2 Gettable EVP_CIPHER_CTX parameters 787 788The following B<OSSL_PARAM> keys can be used with EVP_CIPHER_CTX_get_params(): 789 790=over 4 791 792=item "ivlen" (B<OSSL_CIPHER_PARAM_IVLEN> and <B<OSSL_CIPHER_PARAM_AEAD_IVLEN>) <unsigned integer> 793 794Gets the IV length for the cipher context I<ctx>. 795The length of the "ivlen" parameter should not exceed that of a B<size_t>. 796See also EVP_CIPHER_CTX_get_iv_length(). 797 798=item "iv" (B<OSSL_CIPHER_PARAM_IV>) <octet string OR octet ptr> 799 800Gets the IV used to initialize the associated cipher context I<ctx>. 801See also EVP_CIPHER_CTX_get_original_iv(). 802 803=item "updated-iv" (B<OSSL_CIPHER_PARAM_UPDATED_IV>) <octet string OR octet ptr> 804 805Gets the updated pseudo-IV state for the associated cipher context, e.g., 806the previous ciphertext block for CBC mode or the iteratively encrypted IV 807value for OFB mode. Note that octet pointer access is deprecated and is 808provided only for backwards compatibility with historical libcrypto APIs. 809See also EVP_CIPHER_CTX_get_updated_iv(). 810 811=item "randkey" (B<OSSL_CIPHER_PARAM_RANDOM_KEY>) <octet string> 812 813Gets an implementation specific randomly generated key for the associated 814cipher context I<ctx>. This is currently only supported by DES and 3DES (which set 815the key to odd parity). 816 817=item "taglen" (B<OSSL_CIPHER_PARAM_AEAD_TAGLEN>) <unsigned integer> 818 819Gets the tag length to be used for an AEAD cipher for the associated cipher 820context I<ctx>. It gets a default value if it has not been set. 821The length of the "taglen" parameter should not exceed that of a B<size_t>. 822See also EVP_CIPHER_CTX_get_tag_length(). 823 824=item "tlsaadpad" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD>) <unsigned integer> 825 826Gets the length of the tag that will be added to a TLS record for the AEAD 827tag for the associated cipher context I<ctx>. 828The length of the "tlsaadpad" parameter should not exceed that of a B<size_t>. 829 830=item "tlsivgen" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN>) <octet string> 831 832Gets the invocation field generated for encryption. 833Can only be called after "tlsivfixed" is set. 834This is only used for GCM mode. 835 836=item "tls1multi_enclen" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN>) <unsigned integer> 837 838Get the total length of the record returned from the "tls1multi_enc" operation. 839 840=item "tls1multi_maxbufsz" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE>) <unsigned integer> 841 842Gets the maximum record length for a TLS1 multiblock cipher operation. 843The length of the "tls1multi_maxbufsz" parameter should not exceed that of a B<size_t>. 844 845=item "tls1multi_aadpacklen" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN>) <unsigned integer> 846 847Gets the result of running the "tls1multi_aad" operation. 848 849=item "tls-mac" (B<OSSL_CIPHER_PARAM_TLS_MAC>) <octet ptr> 850 851Used to pass the TLS MAC data. 852 853=back 854 855=head2 Settable EVP_CIPHER_CTX parameters 856 857The following B<OSSL_PARAM> keys can be used with EVP_CIPHER_CTX_set_params(): 858 859=over 4 860 861=item "mackey" (B<OSSL_CIPHER_PARAM_AEAD_MAC_KEY>) <octet string> 862 863Sets the MAC key used by composite AEAD ciphers such as AES-CBC-HMAC-SHA256. 864 865=item "speed" (B<OSSL_CIPHER_PARAM_SPEED>) <unsigned integer> 866 867Sets the speed option for the associated cipher context. This is only supported 868by AES SIV ciphers which disallow multiple operations by default. 869Setting "speed" to 1 allows another encrypt or decrypt operation to be 870performed. This is used for performance testing. 871 872=item "use-bits" (B<OSSL_CIPHER_PARAM_USE_BITS>) <unsigned integer> 873 874Determines if the input length I<inl> passed to EVP_EncryptUpdate(), 875EVP_DecryptUpdate() and EVP_CipherUpdate() is the number of bits or number of bytes. 876Setting "use-bits" to 1 uses bits. The default is in bytes. 877This is only used for B<CFB1> ciphers. 878 879This can be set using EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS). 880 881=item "tls-version" (B<OSSL_CIPHER_PARAM_TLS_VERSION>) <integer> 882 883Sets the TLS version. 884 885=item "tls-mac-size" (B<OSSL_CIPHER_PARAM_TLS_MAC_SIZE>) <unsigned integer> 886 887Set the TLS MAC size. 888 889=item "tlsaad" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD>) <octet string> 890 891Sets TLSv1.2 AAD information for the associated cipher context I<ctx>. 892TLSv1.2 AAD information is always 13 bytes in length and is as defined for the 893"additional_data" field described in section 6.2.3.3 of RFC5246. 894 895=item "tlsivfixed" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED>) <octet string> 896 897Sets the fixed portion of an IV for an AEAD cipher used in a TLS record 898encryption/ decryption for the associated cipher context. 899TLS record encryption/decryption always occurs "in place" so that the input and 900output buffers are always the same memory location. 901AEAD IVs in TLSv1.2 consist of an implicit "fixed" part and an explicit part 902that varies with every record. 903Setting a TLS fixed IV changes a cipher to encrypt/decrypt TLS records. 904TLS records are encrypted/decrypted using a single OSSL_FUNC_cipher_cipher call per 905record. 906For a record decryption the first bytes of the input buffer will be the explicit 907part of the IV and the final bytes of the input buffer will be the AEAD tag. 908The length of the explicit part of the IV and the tag length will depend on the 909cipher in use and will be defined in the RFC for the relevant ciphersuite. 910In order to allow for "in place" decryption the plaintext output should be 911written to the same location in the output buffer that the ciphertext payload 912was read from, i.e. immediately after the explicit IV. 913 914When encrypting a record the first bytes of the input buffer should be empty to 915allow space for the explicit IV, as will the final bytes where the tag will 916be written. 917The length of the input buffer will include the length of the explicit IV, the 918payload, and the tag bytes. 919The cipher implementation should generate the explicit IV and write it to the 920beginning of the output buffer, do "in place" encryption of the payload and 921write that to the output buffer, and finally add the tag onto the end of the 922output buffer. 923 924Whether encrypting or decrypting the value written to I<*outl> in the 925OSSL_FUNC_cipher_cipher call should be the length of the payload excluding the explicit 926IV length and the tag length. 927 928=item "tlsivinv" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV>) <octet string> 929 930Sets the invocation field used for decryption. 931Can only be called after "tlsivfixed" is set. 932This is only used for GCM mode. 933 934=item "tls1multi_enc" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC>) <octet string> 935 936Triggers a multiblock TLS1 encrypt operation for a TLS1 aware cipher that 937supports sending 4 or 8 records in one go. 938The cipher performs both the MAC and encrypt stages and constructs the record 939headers itself. 940"tls1multi_enc" supplies the output buffer for the encrypt operation, 941"tls1multi_encin" & "tls1multi_interleave" must also be set in order to supply 942values to the encrypt operation. 943 944=item "tls1multi_encin" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN>) <octet string> 945 946Supplies the data to encrypt for a TLS1 multiblock cipher operation. 947 948=item "tls1multi_maxsndfrag" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT>) <unsigned integer> 949 950Sets the maximum send fragment size for a TLS1 multiblock cipher operation. 951It must be set before using "tls1multi_maxbufsz". 952The length of the "tls1multi_maxsndfrag" parameter should not exceed that of a B<size_t>. 953 954=item "tls1multi_aad" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD>) <octet string> 955 956Sets the authenticated additional data used by a TLS1 multiblock cipher operation. 957The supplied data consists of 13 bytes of record data containing: 958Bytes 0-7: The sequence number of the first record 959Byte 8: The record type 960Byte 9-10: The protocol version 961Byte 11-12: Input length (Always 0) 962 963"tls1multi_interleave" must also be set for this operation. 964 965=back 966 967=head1 CONTROLS 968 969The Mappings from EVP_CIPHER_CTX_ctrl() identifiers to PARAMETERS are listed 970in the following section. See the L</PARAMETERS> section for more details. 971 972EVP_CIPHER_CTX_ctrl() can be used to send the following standard controls: 973 974=over 4 975 976=item EVP_CTRL_AEAD_SET_IVLEN and EVP_CTRL_GET_IVLEN 977 978When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() and 979EVP_CIPHER_CTX_get_params() get called with an L<OSSL_PARAM(3)> item with the 980key "ivlen" (B<OSSL_CIPHER_PARAM_IVLEN>). 981 982=item EVP_CTRL_AEAD_SET_IV_FIXED 983 984When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called 985with an L<OSSL_PARAM(3)> item with the key "tlsivfixed" 986(B<OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED>). 987 988=item EVP_CTRL_AEAD_SET_MAC_KEY 989 990When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called 991with an L<OSSL_PARAM(3)> item with the key "mackey" 992(B<OSSL_CIPHER_PARAM_AEAD_MAC_KEY>). 993 994=item EVP_CTRL_AEAD_SET_TAG and EVP_CTRL_AEAD_GET_TAG 995 996When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() and 997EVP_CIPHER_CTX_get_params() get called with an L<OSSL_PARAM(3)> item with the 998key "tag" (B<OSSL_CIPHER_PARAM_AEAD_TAG>). 999 1000=item EVP_CTRL_CCM_SET_L 1001 1002When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called 1003with an L<OSSL_PARAM(3)> item with the key "ivlen" (B<OSSL_CIPHER_PARAM_IVLEN>) 1004with a value of (15 - L) 1005 1006=item EVP_CTRL_COPY 1007 1008There is no OSSL_PARAM mapping for this. Use EVP_CIPHER_CTX_copy() instead. 1009 1010=item EVP_CTRL_GCM_SET_IV_INV 1011 1012When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called 1013with an L<OSSL_PARAM(3)> item with the key "tlsivinv" 1014(B<OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV>). 1015 1016=item EVP_CTRL_RAND_KEY 1017 1018When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called 1019with an L<OSSL_PARAM(3)> item with the key "randkey" 1020(B<OSSL_CIPHER_PARAM_RANDOM_KEY>). 1021 1022=item EVP_CTRL_SET_KEY_LENGTH 1023 1024When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called 1025with an L<OSSL_PARAM(3)> item with the key "keylen" (B<OSSL_CIPHER_PARAM_KEYLEN>). 1026 1027=item EVP_CTRL_SET_RC2_KEY_BITS and EVP_CTRL_GET_RC2_KEY_BITS 1028 1029When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() and 1030EVP_CIPHER_CTX_get_params() get called with an L<OSSL_PARAM(3)> item with the 1031key "keybits" (B<OSSL_CIPHER_PARAM_RC2_KEYBITS>). 1032 1033=item EVP_CTRL_SET_RC5_ROUNDS and EVP_CTRL_GET_RC5_ROUNDS 1034 1035When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() and 1036EVP_CIPHER_CTX_get_params() get called with an L<OSSL_PARAM(3)> item with the 1037key "rounds" (B<OSSL_CIPHER_PARAM_ROUNDS>). 1038 1039=item EVP_CTRL_SET_SPEED 1040 1041When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called 1042with an L<OSSL_PARAM(3)> item with the key "speed" (B<OSSL_CIPHER_PARAM_SPEED>). 1043 1044=item EVP_CTRL_GCM_IV_GEN 1045 1046When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_get_params() gets called 1047with an L<OSSL_PARAM(3)> item with the key 1048"tlsivgen" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN>). 1049 1050=item EVP_CTRL_AEAD_TLS1_AAD 1051 1052When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() get called 1053with an L<OSSL_PARAM(3)> item with the key 1054"tlsaadpad" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD>) 1055followed by EVP_CIPHER_CTX_get_params() with a key of 1056"tlsaadpad" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD>). 1057 1058=item EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE 1059 1060When used with a fetched B<EVP_CIPHER>, 1061EVP_CIPHER_CTX_set_params() gets called with an L<OSSL_PARAM(3)> item with the 1062key OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT 1063followed by EVP_CIPHER_CTX_get_params() with a key of 1064"tls1multi_maxbufsz" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE>). 1065 1066=item EVP_CTRL_TLS1_1_MULTIBLOCK_AAD 1067 1068When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called 1069with L<OSSL_PARAM(3)> items with the keys 1070"tls1multi_aad" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD>) and 1071"tls1multi_interleave" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE>) 1072followed by EVP_CIPHER_CTX_get_params() with keys of 1073"tls1multi_aadpacklen" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN>) and 1074"tls1multi_interleave" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE>). 1075 1076=item EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT 1077 1078When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called 1079with L<OSSL_PARAM(3)> items with the keys 1080"tls1multi_enc" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC>), 1081"tls1multi_encin" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN>) and 1082"tls1multi_interleave" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE>), 1083followed by EVP_CIPHER_CTX_get_params() with a key of 1084"tls1multi_enclen" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN>). 1085 1086=back 1087 1088=head1 FLAGS 1089 1090EVP_CIPHER_CTX_set_flags(), EVP_CIPHER_CTX_clear_flags() and EVP_CIPHER_CTX_test_flags(). 1091can be used to manipulate and test these B<EVP_CIPHER_CTX> flags: 1092 1093=over 4 1094 1095=item EVP_CIPH_NO_PADDING 1096 1097Used by EVP_CIPHER_CTX_set_padding(). 1098 1099See also L</Gettable and Settable EVP_CIPHER_CTX parameters> "padding" 1100 1101=item EVP_CIPH_FLAG_LENGTH_BITS 1102 1103See L</Settable EVP_CIPHER_CTX parameters> "use-bits". 1104 1105=item EVP_CIPHER_CTX_FLAG_WRAP_ALLOW 1106 1107Used for Legacy purposes only. This flag needed to be set to indicate the 1108cipher handled wrapping. 1109 1110=back 1111 1112EVP_CIPHER_flags() uses the following flags that 1113have mappings to L</Gettable EVP_CIPHER parameters>: 1114 1115=over 4 1116 1117=item EVP_CIPH_FLAG_AEAD_CIPHER 1118 1119See L</Gettable EVP_CIPHER parameters> "aead". 1120 1121=item EVP_CIPH_CUSTOM_IV 1122 1123See L</Gettable EVP_CIPHER parameters> "custom-iv". 1124 1125=item EVP_CIPH_FLAG_CTS 1126 1127See L</Gettable EVP_CIPHER parameters> "cts". 1128 1129=item EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK; 1130 1131See L</Gettable EVP_CIPHER parameters> "tls-multi". 1132 1133=item EVP_CIPH_RAND_KEY 1134 1135See L</Gettable EVP_CIPHER parameters> "has-randkey". 1136 1137=back 1138 1139EVP_CIPHER_flags() uses the following flags for legacy purposes only: 1140 1141=over 4 1142 1143=item EVP_CIPH_VARIABLE_LENGTH 1144 1145=item EVP_CIPH_FLAG_CUSTOM_CIPHER 1146 1147=item EVP_CIPH_ALWAYS_CALL_INIT 1148 1149=item EVP_CIPH_CTRL_INIT 1150 1151=item EVP_CIPH_CUSTOM_KEY_LENGTH 1152 1153=item EVP_CIPH_CUSTOM_COPY 1154 1155=item EVP_CIPH_FLAG_DEFAULT_ASN1 1156 1157See L<EVP_CIPHER_meth_set_flags(3)> for further information related to the above 1158flags. 1159 1160=back 1161 1162=head1 RETURN VALUES 1163 1164EVP_CIPHER_fetch() returns a pointer to a B<EVP_CIPHER> for success 1165and B<NULL> for failure. 1166 1167EVP_CIPHER_up_ref() returns 1 for success or 0 otherwise. 1168 1169EVP_CIPHER_CTX_new() returns a pointer to a newly created 1170B<EVP_CIPHER_CTX> for success and B<NULL> for failure. 1171 1172EVP_EncryptInit_ex2(), EVP_EncryptUpdate() and EVP_EncryptFinal_ex() 1173return 1 for success and 0 for failure. 1174 1175EVP_DecryptInit_ex2() and EVP_DecryptUpdate() return 1 for success and 0 for failure. 1176EVP_DecryptFinal_ex() returns 0 if the decrypt failed or 1 for success. 1177 1178EVP_CipherInit_ex2() and EVP_CipherUpdate() return 1 for success and 0 for failure. 1179EVP_CipherFinal_ex() returns 0 for a decryption failure or 1 for success. 1180 1181EVP_Cipher() returns the amount of encrypted / decrypted bytes, or -1 1182on failure if the flag B<EVP_CIPH_FLAG_CUSTOM_CIPHER> is set for the 1183cipher. EVP_Cipher() returns 1 on success or 0 on failure, if the flag 1184B<EVP_CIPH_FLAG_CUSTOM_CIPHER> is not set for the cipher. 1185 1186EVP_CIPHER_CTX_reset() returns 1 for success and 0 for failure. 1187 1188EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj() 1189return an B<EVP_CIPHER> structure or NULL on error. 1190 1191EVP_CIPHER_get_nid() and EVP_CIPHER_CTX_get_nid() return a NID. 1192 1193EVP_CIPHER_get_block_size() and EVP_CIPHER_CTX_get_block_size() return the 1194block size. 1195 1196EVP_CIPHER_get_key_length() and EVP_CIPHER_CTX_get_key_length() return the key 1197length. 1198 1199EVP_CIPHER_CTX_set_padding() always returns 1. 1200 1201EVP_CIPHER_get_iv_length() and EVP_CIPHER_CTX_get_iv_length() return the IV 1202length or zero if the cipher does not use an IV. 1203 1204EVP_CIPHER_CTX_get_tag_length() return the tag length or zero if the cipher 1205does not use a tag. 1206 1207EVP_CIPHER_get_type() and EVP_CIPHER_CTX_get_type() return the NID of the 1208cipher's OBJECT IDENTIFIER or NID_undef if it has no defined 1209OBJECT IDENTIFIER. 1210 1211EVP_CIPHER_CTX_cipher() returns an B<EVP_CIPHER> structure. 1212 1213EVP_CIPHER_CTX_get_num() returns a nonnegative num value or 1214B<EVP_CTRL_RET_UNSUPPORTED> if the implementation does not support the call 1215or on any other error. 1216 1217EVP_CIPHER_CTX_set_num() returns 1 on success and 0 if the implementation 1218does not support the call or on any other error. 1219 1220EVP_CIPHER_CTX_is_encrypting() returns 1 if the I<ctx> is set up for encryption 12210 otherwise. 1222 1223EVP_CIPHER_param_to_asn1() and EVP_CIPHER_asn1_to_param() return greater 1224than zero for success and zero or a negative number on failure. 1225 1226EVP_CIPHER_CTX_rand_key() returns 1 for success. 1227 1228EVP_CIPHER_names_do_all() returns 1 if the callback was called for all names. 1229A return value of 0 means that the callback was not called for any names. 1230 1231=head1 CIPHER LISTING 1232 1233All algorithms have a fixed key length unless otherwise stated. 1234 1235Refer to L</SEE ALSO> for the full list of ciphers available through the EVP 1236interface. 1237 1238=over 4 1239 1240=item EVP_enc_null() 1241 1242Null cipher: does nothing. 1243 1244=back 1245 1246=head1 AEAD INTERFACE 1247 1248The EVP interface for Authenticated Encryption with Associated Data (AEAD) 1249modes are subtly altered and several additional I<ctrl> operations are supported 1250depending on the mode specified. 1251 1252To specify additional authenticated data (AAD), a call to EVP_CipherUpdate(), 1253EVP_EncryptUpdate() or EVP_DecryptUpdate() should be made with the output 1254parameter I<out> set to B<NULL>. 1255 1256When decrypting, the return value of EVP_DecryptFinal() or EVP_CipherFinal() 1257indicates whether the operation was successful. If it does not indicate success, 1258the authentication operation has failed and any output data B<MUST NOT> be used 1259as it is corrupted. 1260 1261=head2 GCM and OCB Modes 1262 1263The following I<ctrl>s are supported in GCM and OCB modes. 1264 1265=over 4 1266 1267=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL) 1268 1269Sets the IV length. This call can only be made before specifying an IV. If 1270not called a default IV length is used. 1271 1272For GCM AES and OCB AES the default is 12 (i.e. 96 bits). For OCB mode the 1273maximum is 15. 1274 1275=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag) 1276 1277Writes C<taglen> bytes of the tag value to the buffer indicated by C<tag>. 1278This call can only be made when encrypting data and B<after> all data has been 1279processed (e.g. after an EVP_EncryptFinal() call). 1280 1281For OCB, C<taglen> must either be 16 or the value previously set via 1282B<EVP_CTRL_AEAD_SET_TAG>. 1283 1284=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag) 1285 1286Sets the expected tag to C<taglen> bytes from C<tag>. 1287The tag length can only be set before specifying an IV. 1288C<taglen> must be between 1 and 16 inclusive. 1289 1290For GCM, this call is only valid when decrypting data. 1291 1292For OCB, this call is valid when decrypting data to set the expected tag, 1293and before encryption to set the desired tag length. 1294 1295In OCB mode, calling this before encryption with C<tag> set to C<NULL> sets the 1296tag length. If this is not called prior to encryption, a default tag length is 1297used. 1298 1299For OCB AES, the default tag length is 16 (i.e. 128 bits). It is also the 1300maximum tag length for OCB. 1301 1302=back 1303 1304=head2 CCM Mode 1305 1306The EVP interface for CCM mode is similar to that of the GCM mode but with a 1307few additional requirements and different I<ctrl> values. 1308 1309For CCM mode, the total plaintext or ciphertext length B<MUST> be passed to 1310EVP_CipherUpdate(), EVP_EncryptUpdate() or EVP_DecryptUpdate() with the output 1311and input parameters (I<in> and I<out>) set to B<NULL> and the length passed in 1312the I<inl> parameter. 1313 1314The following I<ctrl>s are supported in CCM mode. 1315 1316=over 4 1317 1318=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag) 1319 1320This call is made to set the expected B<CCM> tag value when decrypting or 1321the length of the tag (with the C<tag> parameter set to NULL) when encrypting. 1322The tag length is often referred to as B<M>. If not set a default value is 1323used (12 for AES). When decrypting, the tag needs to be set before passing 1324in data to be decrypted, but as in GCM and OCB mode, it can be set after 1325passing additional authenticated data (see L</AEAD INTERFACE>). 1326 1327=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_L, ivlen, NULL) 1328 1329Sets the CCM B<L> value. If not set a default is used (8 for AES). 1330 1331=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL) 1332 1333Sets the CCM nonce (IV) length. This call can only be made before specifying a 1334nonce value. The nonce length is given by B<15 - L> so it is 7 by default for 1335AES. 1336 1337=back 1338 1339=head2 SIV Mode 1340 1341For SIV mode ciphers the behaviour of the EVP interface is subtly 1342altered and several additional ctrl operations are supported. 1343 1344To specify any additional authenticated data (AAD) and/or a Nonce, a call to 1345EVP_CipherUpdate(), EVP_EncryptUpdate() or EVP_DecryptUpdate() should be made 1346with the output parameter I<out> set to B<NULL>. 1347 1348RFC5297 states that the Nonce is the last piece of AAD before the actual 1349encrypt/decrypt takes place. The API does not differentiate the Nonce from 1350other AAD. 1351 1352When decrypting the return value of EVP_DecryptFinal() or EVP_CipherFinal() 1353indicates if the operation was successful. If it does not indicate success 1354the authentication operation has failed and any output data B<MUST NOT> 1355be used as it is corrupted. 1356 1357The following ctrls are supported in both SIV modes. 1358 1359=over 4 1360 1361=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag); 1362 1363Writes I<taglen> bytes of the tag value to the buffer indicated by I<tag>. 1364This call can only be made when encrypting data and B<after> all data has been 1365processed (e.g. after an EVP_EncryptFinal() call). For SIV mode the taglen must 1366be 16. 1367 1368=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag); 1369 1370Sets the expected tag to I<taglen> bytes from I<tag>. This call is only legal 1371when decrypting data and must be made B<before> any data is processed (e.g. 1372before any EVP_DecryptUpdate() call). For SIV mode the taglen must be 16. 1373 1374=back 1375 1376SIV mode makes two passes over the input data, thus, only one call to 1377EVP_CipherUpdate(), EVP_EncryptUpdate() or EVP_DecryptUpdate() should be made 1378with I<out> set to a non-B<NULL> value. A call to EVP_Decrypt_Final() or 1379EVP_CipherFinal() is not required, but will indicate if the update 1380operation succeeded. 1381 1382=head2 ChaCha20-Poly1305 1383 1384The following I<ctrl>s are supported for the ChaCha20-Poly1305 AEAD algorithm. 1385 1386=over 4 1387 1388=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL) 1389 1390Sets the nonce length. This call can only be made before specifying the nonce. 1391If not called a default nonce length of 12 (i.e. 96 bits) is used. The maximum 1392nonce length is 12 bytes (i.e. 96-bits). If a nonce of less than 12 bytes is set 1393then the nonce is automatically padded with leading 0 bytes to make it 12 bytes 1394in length. 1395 1396=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag) 1397 1398Writes C<taglen> bytes of the tag value to the buffer indicated by C<tag>. 1399This call can only be made when encrypting data and B<after> all data has been 1400processed (e.g. after an EVP_EncryptFinal() call). 1401 1402C<taglen> specified here must be 16 (B<POLY1305_BLOCK_SIZE>, i.e. 128-bits) or 1403less. 1404 1405=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag) 1406 1407Sets the expected tag to C<taglen> bytes from C<tag>. 1408The tag length can only be set before specifying an IV. 1409C<taglen> must be between 1 and 16 (B<POLY1305_BLOCK_SIZE>) inclusive. 1410This call is only valid when decrypting data. 1411 1412=back 1413 1414=head1 NOTES 1415 1416Where possible the B<EVP> interface to symmetric ciphers should be used in 1417preference to the low-level interfaces. This is because the code then becomes 1418transparent to the cipher used and much more flexible. Additionally, the 1419B<EVP> interface will ensure the use of platform specific cryptographic 1420acceleration such as AES-NI (the low-level interfaces do not provide the 1421guarantee). 1422 1423PKCS padding works by adding B<n> padding bytes of value B<n> to make the total 1424length of the encrypted data a multiple of the block size. Padding is always 1425added so if the data is already a multiple of the block size B<n> will equal 1426the block size. For example if the block size is 8 and 11 bytes are to be 1427encrypted then 5 padding bytes of value 5 will be added. 1428 1429When decrypting the final block is checked to see if it has the correct form. 1430 1431Although the decryption operation can produce an error if padding is enabled, 1432it is not a strong test that the input data or key is correct. A random block 1433has better than 1 in 256 chance of being of the correct format and problems with 1434the input data earlier on will not produce a final decrypt error. 1435 1436If padding is disabled then the decryption operation will always succeed if 1437the total amount of data decrypted is a multiple of the block size. 1438 1439The functions EVP_EncryptInit(), EVP_EncryptInit_ex(), 1440EVP_EncryptFinal(), EVP_DecryptInit(), EVP_DecryptInit_ex(), 1441EVP_CipherInit(), EVP_CipherInit_ex() and EVP_CipherFinal() are obsolete 1442but are retained for compatibility with existing code. New code should 1443use EVP_EncryptInit_ex2(), EVP_EncryptFinal_ex(), EVP_DecryptInit_ex2(), 1444EVP_DecryptFinal_ex(), EVP_CipherInit_ex2() and EVP_CipherFinal_ex() 1445because they can reuse an existing context without allocating and freeing 1446it up on each call. 1447 1448There are some differences between functions EVP_CipherInit() and 1449EVP_CipherInit_ex(), significant in some circumstances. EVP_CipherInit() fills 1450the passed context object with zeros. As a consequence, EVP_CipherInit() does 1451not allow step-by-step initialization of the ctx when the I<key> and I<iv> are 1452passed in separate calls. It also means that the flags set for the CTX are 1453removed, and it is especially important for the 1454B<EVP_CIPHER_CTX_FLAG_WRAP_ALLOW> flag treated specially in 1455EVP_CipherInit_ex(). 1456 1457EVP_get_cipherbynid(), and EVP_get_cipherbyobj() are implemented as macros. 1458 1459=head1 BUGS 1460 1461B<EVP_MAX_KEY_LENGTH> and B<EVP_MAX_IV_LENGTH> only refer to the internal 1462ciphers with default key lengths. If custom ciphers exceed these values the 1463results are unpredictable. This is because it has become standard practice to 1464define a generic key as a fixed unsigned char array containing 1465B<EVP_MAX_KEY_LENGTH> bytes. 1466 1467The ASN1 code is incomplete (and sometimes inaccurate) it has only been tested 1468for certain common S/MIME ciphers (RC2, DES, triple DES) in CBC mode. 1469 1470=head1 EXAMPLES 1471 1472Encrypt a string using IDEA: 1473 1474 int do_crypt(char *outfile) 1475 { 1476 unsigned char outbuf[1024]; 1477 int outlen, tmplen; 1478 /* 1479 * Bogus key and IV: we'd normally set these from 1480 * another source. 1481 */ 1482 unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}; 1483 unsigned char iv[] = {1,2,3,4,5,6,7,8}; 1484 char intext[] = "Some Crypto Text"; 1485 EVP_CIPHER_CTX *ctx; 1486 FILE *out; 1487 1488 ctx = EVP_CIPHER_CTX_new(); 1489 EVP_EncryptInit_ex2(ctx, EVP_idea_cbc(), key, iv, NULL); 1490 1491 if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, intext, strlen(intext))) { 1492 /* Error */ 1493 EVP_CIPHER_CTX_free(ctx); 1494 return 0; 1495 } 1496 /* 1497 * Buffer passed to EVP_EncryptFinal() must be after data just 1498 * encrypted to avoid overwriting it. 1499 */ 1500 if (!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen)) { 1501 /* Error */ 1502 EVP_CIPHER_CTX_free(ctx); 1503 return 0; 1504 } 1505 outlen += tmplen; 1506 EVP_CIPHER_CTX_free(ctx); 1507 /* 1508 * Need binary mode for fopen because encrypted data is 1509 * binary data. Also cannot use strlen() on it because 1510 * it won't be NUL terminated and may contain embedded 1511 * NULs. 1512 */ 1513 out = fopen(outfile, "wb"); 1514 if (out == NULL) { 1515 /* Error */ 1516 return 0; 1517 } 1518 fwrite(outbuf, 1, outlen, out); 1519 fclose(out); 1520 return 1; 1521 } 1522 1523The ciphertext from the above example can be decrypted using the B<openssl> 1524utility with the command line (shown on two lines for clarity): 1525 1526 openssl idea -d \ 1527 -K 000102030405060708090A0B0C0D0E0F -iv 0102030405060708 <filename 1528 1529General encryption and decryption function example using FILE I/O and AES128 1530with a 128-bit key: 1531 1532 int do_crypt(FILE *in, FILE *out, int do_encrypt) 1533 { 1534 /* Allow enough space in output buffer for additional block */ 1535 unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH]; 1536 int inlen, outlen; 1537 EVP_CIPHER_CTX *ctx; 1538 /* 1539 * Bogus key and IV: we'd normally set these from 1540 * another source. 1541 */ 1542 unsigned char key[] = "0123456789abcdeF"; 1543 unsigned char iv[] = "1234567887654321"; 1544 1545 /* Don't set key or IV right away; we want to check lengths */ 1546 ctx = EVP_CIPHER_CTX_new(); 1547 EVP_CipherInit_ex2(ctx, EVP_aes_128_cbc(), NULL, NULL, 1548 do_encrypt, NULL); 1549 OPENSSL_assert(EVP_CIPHER_CTX_get_key_length(ctx) == 16); 1550 OPENSSL_assert(EVP_CIPHER_CTX_get_iv_length(ctx) == 16); 1551 1552 /* Now we can set key and IV */ 1553 EVP_CipherInit_ex2(ctx, NULL, key, iv, do_encrypt, NULL); 1554 1555 for (;;) { 1556 inlen = fread(inbuf, 1, 1024, in); 1557 if (inlen <= 0) 1558 break; 1559 if (!EVP_CipherUpdate(ctx, outbuf, &outlen, inbuf, inlen)) { 1560 /* Error */ 1561 EVP_CIPHER_CTX_free(ctx); 1562 return 0; 1563 } 1564 fwrite(outbuf, 1, outlen, out); 1565 } 1566 if (!EVP_CipherFinal_ex(ctx, outbuf, &outlen)) { 1567 /* Error */ 1568 EVP_CIPHER_CTX_free(ctx); 1569 return 0; 1570 } 1571 fwrite(outbuf, 1, outlen, out); 1572 1573 EVP_CIPHER_CTX_free(ctx); 1574 return 1; 1575 } 1576 1577Encryption using AES-CBC with a 256-bit key with "CS1" ciphertext stealing. 1578 1579 int encrypt(const unsigned char *key, const unsigned char *iv, 1580 const unsigned char *msg, size_t msg_len, unsigned char *out) 1581 { 1582 /* 1583 * This assumes that key size is 32 bytes and the iv is 16 bytes. 1584 * For ciphertext stealing mode the length of the ciphertext "out" will be 1585 * the same size as the plaintext size "msg_len". 1586 * The "msg_len" can be any size >= 16. 1587 */ 1588 int ret = 0, encrypt = 1, outlen, len; 1589 EVP_CIPHER_CTX *ctx = NULL; 1590 EVP_CIPHER *cipher = NULL; 1591 OSSL_PARAM params[2]; 1592 1593 ctx = EVP_CIPHER_CTX_new(); 1594 cipher = EVP_CIPHER_fetch(NULL, "AES-256-CBC-CTS", NULL); 1595 if (ctx == NULL || cipher == NULL) 1596 goto err; 1597 1598 /* 1599 * The default is "CS1" so this is not really needed, 1600 * but would be needed to set either "CS2" or "CS3". 1601 */ 1602 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_CIPHER_PARAM_CTS_MODE, 1603 "CS1", 0); 1604 params[1] = OSSL_PARAM_construct_end(); 1605 1606 if (!EVP_CipherInit_ex2(ctx, cipher, key, iv, encrypt, params)) 1607 goto err; 1608 1609 /* NOTE: CTS mode does not support multiple calls to EVP_CipherUpdate() */ 1610 if (!EVP_CipherUpdate(ctx, encrypted, &outlen, msg, msglen)) 1611 goto err; 1612 if (!EVP_CipherFinal_ex(ctx, encrypted + outlen, &len)) 1613 goto err; 1614 ret = 1; 1615 err: 1616 EVP_CIPHER_free(cipher); 1617 EVP_CIPHER_CTX_free(ctx); 1618 return ret; 1619 } 1620 1621=head1 SEE ALSO 1622 1623L<evp(7)>, 1624L<property(7)>, 1625L<crypto(7)/ALGORITHM FETCHING>, 1626L<provider-cipher(7)>, 1627L<life_cycle-cipher(7)> 1628 1629Supported ciphers are listed in: 1630 1631L<EVP_aes_128_gcm(3)>, 1632L<EVP_aria_128_gcm(3)>, 1633L<EVP_bf_cbc(3)>, 1634L<EVP_camellia_128_ecb(3)>, 1635L<EVP_cast5_cbc(3)>, 1636L<EVP_chacha20(3)>, 1637L<EVP_des_cbc(3)>, 1638L<EVP_desx_cbc(3)>, 1639L<EVP_idea_cbc(3)>, 1640L<EVP_rc2_cbc(3)>, 1641L<EVP_rc4(3)>, 1642L<EVP_rc5_32_12_16_cbc(3)>, 1643L<EVP_seed_cbc(3)>, 1644L<EVP_sm4_cbc(3)>, 1645 1646=head1 HISTORY 1647 1648Support for OCB mode was added in OpenSSL 1.1.0. 1649 1650B<EVP_CIPHER_CTX> was made opaque in OpenSSL 1.1.0. As a result, 1651EVP_CIPHER_CTX_reset() appeared and EVP_CIPHER_CTX_cleanup() 1652disappeared. EVP_CIPHER_CTX_init() remains as an alias for 1653EVP_CIPHER_CTX_reset(). 1654 1655The EVP_CIPHER_CTX_cipher() function was deprecated in OpenSSL 3.0; use 1656EVP_CIPHER_CTX_get0_cipher() instead. 1657 1658The EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2(), EVP_CipherInit_ex2(), 1659EVP_CIPHER_fetch(), EVP_CIPHER_free(), EVP_CIPHER_up_ref(), 1660EVP_CIPHER_CTX_get0_cipher(), EVP_CIPHER_CTX_get1_cipher(), 1661EVP_CIPHER_get_params(), EVP_CIPHER_CTX_set_params(), 1662EVP_CIPHER_CTX_get_params(), EVP_CIPHER_gettable_params(), 1663EVP_CIPHER_settable_ctx_params(), EVP_CIPHER_gettable_ctx_params(), 1664EVP_CIPHER_CTX_settable_params() and EVP_CIPHER_CTX_gettable_params() 1665functions were added in 3.0. 1666 1667The EVP_CIPHER_nid(), EVP_CIPHER_name(), EVP_CIPHER_block_size(), 1668EVP_CIPHER_key_length(), EVP_CIPHER_iv_length(), EVP_CIPHER_flags(), 1669EVP_CIPHER_mode(), EVP_CIPHER_type(), EVP_CIPHER_CTX_nid(), 1670EVP_CIPHER_CTX_block_size(), EVP_CIPHER_CTX_key_length(), 1671EVP_CIPHER_CTX_iv_length(), EVP_CIPHER_CTX_tag_length(), 1672EVP_CIPHER_CTX_num(), EVP_CIPHER_CTX_type(), and EVP_CIPHER_CTX_mode() 1673functions were renamed to include C<get> or C<get0> in their names in 1674OpenSSL 3.0, respectively. The old names are kept as non-deprecated 1675alias macros. 1676 1677The EVP_CIPHER_CTX_encrypting() function was renamed to 1678EVP_CIPHER_CTX_is_encrypting() in OpenSSL 3.0. The old name is kept as 1679non-deprecated alias macro. 1680 1681The EVP_CIPHER_CTX_flags() macro was deprecated in OpenSSL 1.1.0. 1682 1683=head1 COPYRIGHT 1684 1685Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. 1686 1687Licensed under the Apache License 2.0 (the "License"). You may not use 1688this file except in compliance with the License. You can obtain a copy 1689in the file LICENSE in the source distribution or at 1690L<https://www.openssl.org/source/license.html>. 1691 1692=cut 1693