EVP_DecryptFinal,
EVP_CipherInit,
EVP_CipherFinal,
+EVP_Cipher,
EVP_get_cipherbyname,
EVP_get_cipherbynid,
EVP_get_cipherbyobj,
EVP_CIPHER_is_a,
EVP_CIPHER_name,
+EVP_CIPHER_number,
+EVP_CIPHER_names_do_all,
EVP_CIPHER_provider,
EVP_CIPHER_nid,
EVP_CIPHER_get_params,
EVP_CIPHER_CTX_name,
EVP_CIPHER_CTX_nid,
EVP_CIPHER_CTX_get_params,
-EVP_CIPHER_CTX_gettable_params,
+EVP_CIPHER_gettable_ctx_params,
EVP_CIPHER_CTX_set_params,
-EVP_CIPHER_CTX_settable_params,
+EVP_CIPHER_settable_ctx_params,
EVP_CIPHER_CTX_block_size,
EVP_CIPHER_CTX_key_length,
EVP_CIPHER_CTX_iv_length,
EVP_CIPHER_asn1_to_param,
EVP_CIPHER_CTX_set_padding,
EVP_enc_null,
-EVP_CIPHER_do_all_ex
+EVP_CIPHER_do_all_provided
- EVP cipher routines
=head1 SYNOPSIS
-=for comment generic
+=for openssl generic
#include <openssl/evp.h>
const unsigned char *key, const unsigned char *iv, int enc);
int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+ int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, unsigned int inl);
+
int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding);
int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
const EVP_CIPHER *EVP_get_cipherbyobj(const ASN1_OBJECT *a);
int EVP_CIPHER_nid(const EVP_CIPHER *e);
+ int EVP_CIPHER_number(const EVP_CIPHER *e);
int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name);
+ void EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher,
+ void (*fn)(const char *name, void *data),
+ void *data);
const char *EVP_CIPHER_name(const EVP_CIPHER *cipher);
const OSSL_PROVIDER *EVP_CIPHER_provider(const EVP_CIPHER *cipher);
int EVP_CIPHER_block_size(const EVP_CIPHER *e);
int EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX *ctx, const OSSL_PARAM params[]);
int EVP_CIPHER_CTX_get_params(EVP_CIPHER_CTX *ctx, OSSL_PARAM params[]);
const OSSL_PARAM *EVP_CIPHER_gettable_params(const EVP_CIPHER *cipher);
- const OSSL_PARAM *EVP_CIPHER_CTX_settable_params(const EVP_CIPHER *cipher);
- const OSSL_PARAM *EVP_CIPHER_CTX_gettable_params(const EVP_CIPHER *cipher);
+ const OSSL_PARAM *EVP_CIPHER_settable_ctx_params(const EVP_CIPHER *cipher);
+ const OSSL_PARAM *EVP_CIPHER_gettable_ctx_params(const EVP_CIPHER *cipher);
int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
- void EVP_CIPHER_do_all_ex(OPENSSL_CTX *libctx,
- void (*fn)(EVP_CIPHER *cipher, void *arg),
- void *arg);
+ void EVP_CIPHER_do_all_provided(OPENSSL_CTX *libctx,
+ void (*fn)(EVP_CIPHER *cipher, void *arg),
+ void *arg);
=head1 DESCRIPTION
the B<ctx>, but this is no longer done and EVP_CIPHER_CTX_clean()
must be called to free any context resources.
+EVP_Cipher() encrypts or decrypts a maximum I<inl> amount of bytes from
+I<in> and leaves the result in I<out>.
+If the cipher doesn't have the flag B<EVP_CIPH_FLAG_CUSTOM_CIPHER> set,
+then I<inl> must be a multiple of EVP_CIPHER_block_size(). If it isn't,
+the result is undefined. If the cipher has that flag set, then I<inl>
+can be any size.
+This function is historic and shouldn't be used in an application, please
+consider using EVP_CipherUpdate() and EVP_CipherFinal_ex instead.
+
EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj()
return an EVP_CIPHER structure when passed a cipher name, a NID or an
ASN1_OBJECT structure.
EVP_CIPHER_CTX_get_params() retrieves the requested list of operation
B<params> from CIPHER context B<ctx>.
-EVP_CIPHER_gettable_params(), EVP_CIPHER_CTX_gettable_params(), and
-EVP_CIPHER_CTX_settable_params() get a constant B<OSSL_PARAM> array
+EVP_CIPHER_gettable_params(), EVP_CIPHER_gettable_ctx_params(), and
+EVP_CIPHER_settable_ctx_params() get a constant B<OSSL_PARAM> array
that decribes the retrievable and settable parameters, i.e. parameters
that can be used with EVP_CIPHER_get_params(), EVP_CIPHER_CTX_get_params()
and EVP_CIPHER_CTX_set_params(), respectively.
identifier or does not have ASN1 support this function will return
B<NID_undef>.
-EVP_CIPHER_is_a() returns 1 if the given I<cipher> is an implementation of an
+EVP_CIPHER_is_a() returns 1 if I<cipher> is an implementation of an
algorithm that's identifiable with I<name>, otherwise 0.
+EVP_CIPHER_number() returns the internal dynamic number assigned to
+the I<cipher>. This is only useful with fetched B<EVP_CIPHER>s.
+
EVP_CIPHER_name() and EVP_CIPHER_CTX_name() return the name of the passed
-cipher or context.
+cipher or context. For fetched ciphers with multiple names, only one
+of them is returned; it's recommended to use EVP_CIPHER_names_do_all()
+instead.
+
+EVP_CIPHER_names_do_all() traverses all names for the I<cipher>, and
+calls I<fn> with each name and I<data>. This is only useful with
+fetched B<EVP_CIPHER>s.
EVP_CIPHER_provider() returns an B<OSSL_PROVIDER> pointer to the provider
that implements the given B<EVP_CIPHER>.
generation routine to support keys of a specific form. B<Key> must point to a
buffer at least as big as the value returned by EVP_CIPHER_CTX_key_length().
-EVP_CIPHER_do_all_ex() traverses all ciphers implemented by all activated
+EVP_CIPHER_do_all_provided() traverses all ciphers implemented by all activated
providers in the given library context I<libctx>, and for each of the
implementations, calls the given function I<fn> with the implementation method
and the given I<arg> as argument.
EVP_CipherInit_ex() and EVP_CipherUpdate() return 1 for success and 0 for failure.
EVP_CipherFinal_ex() returns 0 for a decryption failure or 1 for success.
+EVP_Cipher() returns the amount of encrypted / decrypted bytes, or -1
+on failure, if the flag B<EVP_CIPH_FLAG_CUSTOM_CIPHER> is set for the
+cipher. EVP_Cipher() returns 1 on success or 0 on failure, if the flag
+B<EVP_CIPH_FLAG_CUSTOM_CIPHER> is not set for the cipher.
+
EVP_CIPHER_CTX_reset() returns 1 for success and 0 for failure.
EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj()
All algorithms have a fixed key length unless otherwise stated.
-Refer to L<SEE ALSO> for the full list of ciphers available through the EVP
+Refer to L</SEE ALSO> for the full list of ciphers available through the EVP
interface.
=over 4
EVP_CipherInit_ex() and EVP_CipherFinal_ex() because they can reuse an
existing context without allocating and freeing it up on each call.
+There are some differences between functions EVP_CipherInit() and
+EVP_CipherInit_ex(), significant in some circumstances. EVP_CipherInit() fills
+the passed context object with zeros. As a consequence, EVP_CipherInit() does
+not allow step-by-step initialization of the ctx when the I<key> and I<iv> are
+passed in separate calls. It also means that the flags set for the CTX are
+removed, and it is especially important for the
+B<EVP_CIPHER_CTX_FLAG_WRAP_ALLOW> flag treated specially in
+EVP_CipherInit_ex().
+
EVP_get_cipherbynid(), and EVP_get_cipherbyobj() are implemented as macros.
=head1 BUGS
Supported ciphers are listed in:
-L<EVP_aes(3)>,
-L<EVP_aria(3)>,
-L<EVP_bf(3)>,
-L<EVP_camellia(3)>,
-L<EVP_cast5(3)>,
+L<EVP_aes_128_gcm(3)>,
+L<EVP_aria_128_gcm(3)>,
+L<EVP_bf_cbc(3)>,
+L<EVP_camellia_128_ecb(3)>,
+L<EVP_cast5_cbc(3)>,
L<EVP_chacha20(3)>,
-L<EVP_des(3)>,
-L<EVP_desx(3)>,
-L<EVP_idea(3)>,
-L<EVP_rc2(3)>,
+L<EVP_des_cbc(3)>,
+L<EVP_desx_cbc(3)>,
+L<EVP_idea_cbc(3)>,
+L<EVP_rc2_cbc(3)>,
L<EVP_rc4(3)>,
-L<EVP_rc5(3)>,
-L<EVP_seed(3)>,
-L<EVP_sm4(3)>
+L<EVP_rc5_32_12_16_cbc(3)>,
+L<EVP_seed_cbc(3)>,
+L<EVP_sm4_cbc(3)>
=head1 HISTORY