23 EVP_CIPHER_CTX_set_key_length,
37 EVP_CIPHER_get0_description,
38 EVP_CIPHER_names_do_all,
39 EVP_CIPHER_get0_provider,
41 EVP_CIPHER_get_params,
42 EVP_CIPHER_gettable_params,
43 EVP_CIPHER_get_block_size,
44 EVP_CIPHER_get_key_length,
45 EVP_CIPHER_get_iv_length,
49 EVP_CIPHER_CTX_cipher,
50 EVP_CIPHER_CTX_get0_cipher,
51 EVP_CIPHER_CTX_get1_cipher,
52 EVP_CIPHER_CTX_get0_name,
53 EVP_CIPHER_CTX_get_nid,
54 EVP_CIPHER_CTX_get_params,
55 EVP_CIPHER_gettable_ctx_params,
56 EVP_CIPHER_CTX_gettable_params,
57 EVP_CIPHER_CTX_set_params,
58 EVP_CIPHER_settable_ctx_params,
59 EVP_CIPHER_CTX_settable_params,
60 EVP_CIPHER_CTX_get_block_size,
61 EVP_CIPHER_CTX_get_key_length,
62 EVP_CIPHER_CTX_get_iv_length,
63 EVP_CIPHER_CTX_get_tag_length,
64 EVP_CIPHER_CTX_get_app_data,
65 EVP_CIPHER_CTX_set_app_data,
67 EVP_CIPHER_CTX_set_flags,
68 EVP_CIPHER_CTX_clear_flags,
69 EVP_CIPHER_CTX_test_flags,
70 EVP_CIPHER_CTX_get_type,
71 EVP_CIPHER_CTX_get_mode,
72 EVP_CIPHER_CTX_get_num,
73 EVP_CIPHER_CTX_set_num,
74 EVP_CIPHER_CTX_is_encrypting,
75 EVP_CIPHER_param_to_asn1,
76 EVP_CIPHER_asn1_to_param,
77 EVP_CIPHER_CTX_set_padding,
79 EVP_CIPHER_do_all_provided,
82 EVP_CIPHER_block_size,
83 EVP_CIPHER_key_length,
88 EVP_CIPHER_CTX_encrypting,
90 EVP_CIPHER_CTX_block_size,
91 EVP_CIPHER_CTX_key_length,
92 EVP_CIPHER_CTX_iv_length,
93 EVP_CIPHER_CTX_tag_length,
103 #include <openssl/evp.h>
105 EVP_CIPHER *EVP_CIPHER_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
106 const char *properties);
107 int EVP_CIPHER_up_ref(EVP_CIPHER *cipher);
108 void EVP_CIPHER_free(EVP_CIPHER *cipher);
109 EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
110 int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx);
111 void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx);
113 int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
114 ENGINE *impl, const unsigned char *key, const unsigned char *iv);
115 int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
116 const unsigned char *key, const unsigned char *iv,
117 const OSSL_PARAM params[]);
118 int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
119 int *outl, const unsigned char *in, int inl);
120 int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
122 int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
123 ENGINE *impl, const unsigned char *key, const unsigned char *iv);
124 int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
125 const unsigned char *key, const unsigned char *iv,
126 const OSSL_PARAM params[]);
127 int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
128 int *outl, const unsigned char *in, int inl);
129 int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
131 int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
132 ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc);
133 int EVP_CipherInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
134 const unsigned char *key, const unsigned char *iv,
135 int enc, const OSSL_PARAM params[]);
136 int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
137 int *outl, const unsigned char *in, int inl);
138 int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
140 int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
141 const unsigned char *key, const unsigned char *iv);
142 int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
144 int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
145 const unsigned char *key, const unsigned char *iv);
146 int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
148 int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
149 const unsigned char *key, const unsigned char *iv, int enc);
150 int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
152 int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
153 const unsigned char *in, unsigned int inl);
155 int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding);
156 int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
157 int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int cmd, int p1, void *p2);
158 int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key);
159 void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags);
160 void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags);
161 int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
163 const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
164 const EVP_CIPHER *EVP_get_cipherbynid(int nid);
165 const EVP_CIPHER *EVP_get_cipherbyobj(const ASN1_OBJECT *a);
167 int EVP_CIPHER_get_nid(const EVP_CIPHER *e);
168 int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name);
169 int EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher,
170 void (*fn)(const char *name, void *data),
172 const char *EVP_CIPHER_get0_name(const EVP_CIPHER *cipher);
173 const char *EVP_CIPHER_get0_description(const EVP_CIPHER *cipher);
174 const OSSL_PROVIDER *EVP_CIPHER_get0_provider(const EVP_CIPHER *cipher);
175 int EVP_CIPHER_get_block_size(const EVP_CIPHER *e);
176 int EVP_CIPHER_get_key_length(const EVP_CIPHER *e);
177 int EVP_CIPHER_get_iv_length(const EVP_CIPHER *e);
178 unsigned long EVP_CIPHER_get_flags(const EVP_CIPHER *e);
179 unsigned long EVP_CIPHER_get_mode(const EVP_CIPHER *e);
180 int EVP_CIPHER_get_type(const EVP_CIPHER *cipher);
182 const EVP_CIPHER *EVP_CIPHER_CTX_get0_cipher(const EVP_CIPHER_CTX *ctx);
183 EVP_CIPHER *EVP_CIPHER_CTX_get1_cipher(const EVP_CIPHER_CTX *ctx);
184 int EVP_CIPHER_CTX_get_nid(const EVP_CIPHER_CTX *ctx);
185 const char *EVP_CIPHER_CTX_get0_name(const EVP_CIPHER_CTX *ctx);
187 int EVP_CIPHER_get_params(EVP_CIPHER *cipher, OSSL_PARAM params[]);
188 int EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX *ctx, const OSSL_PARAM params[]);
189 int EVP_CIPHER_CTX_get_params(EVP_CIPHER_CTX *ctx, OSSL_PARAM params[]);
190 const OSSL_PARAM *EVP_CIPHER_gettable_params(const EVP_CIPHER *cipher);
191 const OSSL_PARAM *EVP_CIPHER_settable_ctx_params(const EVP_CIPHER *cipher);
192 const OSSL_PARAM *EVP_CIPHER_gettable_ctx_params(const EVP_CIPHER *cipher);
193 const OSSL_PARAM *EVP_CIPHER_CTX_settable_params(EVP_CIPHER_CTX *ctx);
194 const OSSL_PARAM *EVP_CIPHER_CTX_gettable_params(EVP_CIPHER_CTX *ctx);
195 int EVP_CIPHER_CTX_get_block_size(const EVP_CIPHER_CTX *ctx);
196 int EVP_CIPHER_CTX_get_key_length(const EVP_CIPHER_CTX *ctx);
197 int EVP_CIPHER_CTX_get_iv_length(const EVP_CIPHER_CTX *ctx);
198 int EVP_CIPHER_CTX_get_tag_length(const EVP_CIPHER_CTX *ctx);
199 void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
200 void EVP_CIPHER_CTX_set_app_data(const EVP_CIPHER_CTX *ctx, void *data);
201 int EVP_CIPHER_CTX_get_type(const EVP_CIPHER_CTX *ctx);
202 int EVP_CIPHER_CTX_get_mode(const EVP_CIPHER_CTX *ctx);
203 int EVP_CIPHER_CTX_get_num(const EVP_CIPHER_CTX *ctx);
204 int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num);
205 int EVP_CIPHER_CTX_is_encrypting(const EVP_CIPHER_CTX *ctx);
207 int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
208 int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
210 void EVP_CIPHER_do_all_provided(OSSL_LIB_CTX *libctx,
211 void (*fn)(EVP_CIPHER *cipher, void *arg),
214 #define EVP_CIPHER_nid EVP_CIPHER_get_nid
215 #define EVP_CIPHER_name EVP_CIPHER_get0_name
216 #define EVP_CIPHER_block_size EVP_CIPHER_get_block_size
217 #define EVP_CIPHER_key_length EVP_CIPHER_get_key_length
218 #define EVP_CIPHER_iv_length EVP_CIPHER_get_iv_length
219 #define EVP_CIPHER_flags EVP_CIPHER_get_flags
220 #define EVP_CIPHER_mode EVP_CIPHER_get_mode
221 #define EVP_CIPHER_type EVP_CIPHER_get_type
222 #define EVP_CIPHER_CTX_encrypting EVP_CIPHER_CTX_is_encrypting
223 #define EVP_CIPHER_CTX_nid EVP_CIPHER_CTX_get_nid
224 #define EVP_CIPHER_CTX_block_size EVP_CIPHER_CTX_get_block_size
225 #define EVP_CIPHER_CTX_key_length EVP_CIPHER_CTX_get_key_length
226 #define EVP_CIPHER_CTX_iv_length EVP_CIPHER_CTX_get_iv_length
227 #define EVP_CIPHER_CTX_tag_length EVP_CIPHER_CTX_get_tag_length
228 #define EVP_CIPHER_CTX_num EVP_CIPHER_CTX_get_num
229 #define EVP_CIPHER_CTX_type EVP_CIPHER_CTX_get_type
230 #define EVP_CIPHER_CTX_mode EVP_CIPHER_CTX_get_mode
232 The following function has been deprecated since OpenSSL 3.0, and can be
233 hidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable version value,
234 see L<openssl_user_macros(7)>:
236 const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
238 The following function has been deprecated since OpenSSL 1.1.0, and can be
239 hidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable version value,
240 see L<openssl_user_macros(7)>:
242 int EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx);
246 The EVP cipher routines are a high-level interface to certain
249 The B<EVP_CIPHER> type is a structure for cipher method implementation.
253 =item EVP_CIPHER_fetch()
255 Fetches the cipher implementation for the given I<algorithm> from any provider
256 offering it, within the criteria given by the I<properties>.
257 See L<crypto(7)/ALGORITHM FETCHING> for further information.
259 The returned value must eventually be freed with EVP_CIPHER_free().
261 Fetched B<EVP_CIPHER> structures are reference counted.
263 =item EVP_CIPHER_up_ref()
265 Increments the reference count for an B<EVP_CIPHER> structure.
267 =item EVP_CIPHER_free()
269 Decrements the reference count for the fetched B<EVP_CIPHER> structure.
270 If the reference count drops to 0 then the structure is freed.
272 =item EVP_CIPHER_CTX_new()
274 Allocates and returns a cipher context.
276 =item EVP_CIPHER_CTX_free()
278 Clears all information from a cipher context and frees any allocated memory
279 associated with it, including I<ctx> itself. This function should be called after
280 all operations using a cipher are complete so sensitive information does not
283 =item EVP_CIPHER_CTX_ctrl()
285 I<This is a legacy method.> EVP_CIPHER_CTX_set_params() and
286 EVP_CIPHER_CTX_get_params() is the mechanism that should be used to set and get
287 parameters that are used by providers.
289 Performs cipher-specific control actions on context I<ctx>. The control command
290 is indicated in I<cmd> and any additional arguments in I<p1> and I<p2>.
291 EVP_CIPHER_CTX_ctrl() must be called after EVP_CipherInit_ex2(). Other restrictions
292 may apply depending on the control type and cipher implementation.
294 If this function happens to be used with a fetched B<EVP_CIPHER>, it will
295 translate the controls that are known to OpenSSL into L<OSSL_PARAM(3)>
296 parameters with keys defined by OpenSSL and call EVP_CIPHER_CTX_get_params() or
297 EVP_CIPHER_CTX_set_params() as is appropriate for each control command.
299 See L</CONTROLS> below for more information, including what translations are
302 =item EVP_CIPHER_get_params()
304 Retrieves the requested list of algorithm I<params> from a CIPHER I<cipher>.
305 See L</PARAMETERS> below for more information.
307 =item EVP_CIPHER_CTX_get_params()
309 Retrieves the requested list of I<params> from CIPHER context I<ctx>.
310 See L</PARAMETERS> below for more information.
312 =item EVP_CIPHER_CTX_set_params()
314 Sets the list of I<params> into a CIPHER context I<ctx>.
315 See L</PARAMETERS> below for more information.
317 =item EVP_CIPHER_gettable_params()
319 Get a constant B<OSSL_PARAM> array that describes the retrievable parameters
320 that can be used with EVP_CIPHER_get_params(). See L<OSSL_PARAM(3)> for the
321 use of B<OSSL_PARAM> as a parameter descriptor.
323 =item EVP_CIPHER_gettable_ctx_params() and EVP_CIPHER_CTX_gettable_params()
325 Get a constant B<OSSL_PARAM> array that describes the retrievable parameters
326 that can be used with EVP_CIPHER_CTX_get_params().
327 EVP_CIPHER_gettable_ctx_params() returns the parameters that can be retrieved
328 from the algorithm, whereas EVP_CIPHER_CTX_gettable_params() returns the
329 parameters that can be retrieved in the context's current state.
330 See L<OSSL_PARAM(3)> for the use of B<OSSL_PARAM> as a parameter descriptor.
332 =item EVP_CIPHER_settable_ctx_params() and EVP_CIPHER_CTX_settable_params()
334 Get a constant B<OSSL_PARAM> array that describes the settable parameters
335 that can be used with EVP_CIPHER_CTX_set_params().
336 EVP_CIPHER_settable_ctx_params() returns the parameters that can be set from the
337 algorithm, whereas EVP_CIPHER_CTX_settable_params() returns the parameters that
338 can be set in the context's current state.
339 See L<OSSL_PARAM(3)> for the use of B<OSSL_PARAM> as a parameter descriptor.
341 =item EVP_EncryptInit_ex2()
343 Sets up cipher context I<ctx> for encryption with cipher I<type>. I<type> is
344 typically supplied by calling EVP_CIPHER_fetch(). I<type> may also be set
345 using legacy functions such as EVP_aes_256_cbc(), but this is not recommended
346 for new applications. I<key> is the symmetric key to use and I<iv> is the IV to
347 use (if necessary), the actual number of bytes used for the key and IV depends
348 on the cipher. The parameters I<params> will be set on the context after
349 initialisation. It is possible to set all parameters to NULL except I<type> in
350 an initial call and supply the remaining parameters in subsequent calls, all of
351 which have I<type> set to NULL. This is done when the default cipher parameters
353 For B<EVP_CIPH_GCM_MODE> the IV will be generated internally if it is not
356 =item EVP_EncryptInit_ex()
358 This legacy function is similar to EVP_EncryptInit_ex2() when I<impl> is NULL.
359 The implementation of the I<type> from the I<impl> engine will be used if it
362 =item EVP_EncryptUpdate()
364 Encrypts I<inl> bytes from the buffer I<in> and writes the encrypted version to
365 I<out>. This function can be called multiple times to encrypt successive blocks
366 of data. The amount of data written depends on the block alignment of the
368 For most ciphers and modes, the amount of data written can be anything
369 from zero bytes to (inl + cipher_block_size - 1) bytes.
370 For wrap cipher modes, the amount of data written can be anything
371 from zero bytes to (inl + cipher_block_size) bytes.
372 For stream ciphers, the amount of data written can be anything from zero
374 Thus, I<out> should contain sufficient room for the operation being performed.
375 The actual number of bytes written is placed in I<outl>. It also
376 checks if I<in> and I<out> are partially overlapping, and if they are
377 0 is returned to indicate failure.
379 If padding is enabled (the default) then EVP_EncryptFinal_ex() encrypts
380 the "final" data, that is any data that remains in a partial block.
381 It uses standard block padding (aka PKCS padding) as described in
382 the NOTES section, below. The encrypted
383 final data is written to I<out> which should have sufficient space for
384 one cipher block. The number of bytes written is placed in I<outl>. After
385 this function is called the encryption operation is finished and no further
386 calls to EVP_EncryptUpdate() should be made.
388 If padding is disabled then EVP_EncryptFinal_ex() will not encrypt any more
389 data and it will return an error if any data remains in a partial block:
390 that is if the total data length is not a multiple of the block size.
392 =item EVP_DecryptInit_ex2(), EVP_DecryptInit_ex(), EVP_DecryptUpdate()
393 and EVP_DecryptFinal_ex()
395 These functions are the corresponding decryption operations.
396 EVP_DecryptFinal() will return an error code if padding is enabled and the
397 final block is not correctly formatted. The parameters and restrictions are
398 identical to the encryption operations except that if padding is enabled the
399 decrypted data buffer I<out> passed to EVP_DecryptUpdate() should have
400 sufficient room for (I<inl> + cipher_block_size) bytes unless the cipher block
401 size is 1 in which case I<inl> bytes is sufficient.
403 =item EVP_CipherInit_ex2(), EVP_CipherInit_ex(), EVP_CipherUpdate() and
406 These functions can be used for decryption or encryption. The operation
407 performed depends on the value of the I<enc> parameter. It should be set to 1
408 for encryption, 0 for decryption and -1 to leave the value unchanged
409 (the actual value of 'enc' being supplied in a previous call).
411 =item EVP_CIPHER_CTX_reset()
413 Clears all information from a cipher context and free up any allocated memory
414 associated with it, except the I<ctx> itself. This function should be called
415 anytime I<ctx> is reused by another
416 EVP_CipherInit() / EVP_CipherUpdate() / EVP_CipherFinal() series of calls.
418 =item EVP_EncryptInit(), EVP_DecryptInit() and EVP_CipherInit()
420 Behave in a similar way to EVP_EncryptInit_ex(), EVP_DecryptInit_ex() and
421 EVP_CipherInit_ex() except if the I<type> is not a fetched cipher they use the
422 default implementation of the I<type>.
424 =item EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal()
426 Identical to EVP_EncryptFinal_ex(), EVP_DecryptFinal_ex() and
427 EVP_CipherFinal_ex(). In previous releases they also cleaned up
428 the I<ctx>, but this is no longer done and EVP_CIPHER_CTX_cleanup()
429 must be called to free any context resources.
433 Encrypts or decrypts a maximum I<inl> amount of bytes from I<in> and leaves the
436 For legacy ciphers - If the cipher doesn't have the flag
437 B<EVP_CIPH_FLAG_CUSTOM_CIPHER> set, then I<inl> must be a multiple of
438 EVP_CIPHER_get_block_size(). If it isn't, the result is undefined. If the cipher
439 has that flag set, then I<inl> can be any size.
441 Due to the constraints of the API contract of this function it shouldn't be used
442 in applications, please consider using EVP_CipherUpdate() and
443 EVP_CipherFinal_ex() instead.
445 =item EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj()
447 Returns an B<EVP_CIPHER> structure when passed a cipher name, a cipher B<NID> or
448 an B<ASN1_OBJECT> structure respectively.
450 EVP_get_cipherbyname() will return NULL for algorithms such as "AES-128-SIV",
451 "AES-128-CBC-CTS" and "CAMELLIA-128-CBC-CTS" which were previously only
452 accessible via low level interfaces.
454 The EVP_get_cipherbyname() function is present for backwards compatibility with
455 OpenSSL prior to version 3 and is different to the EVP_CIPHER_fetch() function
456 since it does not attempt to "fetch" an implementation of the cipher.
457 Additionally, it only knows about ciphers that are built-in to OpenSSL and have
458 an associated NID. Similarly EVP_get_cipherbynid() and EVP_get_cipherbyobj()
459 also return objects without an associated implementation.
461 When the cipher objects returned by these functions are used (such as in a call
462 to EVP_EncryptInit_ex()) an implementation of the cipher will be implicitly
463 fetched from the loaded providers. This fetch could fail if no suitable
464 implementation is available. Use EVP_CIPHER_fetch() instead to explicitly fetch
465 the algorithm and an associated implementation from a provider.
467 See L<crypto(7)/ALGORITHM FETCHING> for more information about fetching.
469 The cipher objects returned from these functions do not need to be freed with
472 =item EVP_CIPHER_get_nid() and EVP_CIPHER_CTX_get_nid()
474 Return the NID of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>
475 structure. The actual NID value is an internal value which may not have a
476 corresponding OBJECT IDENTIFIER.
478 =item EVP_CIPHER_CTX_set_flags(), EVP_CIPHER_CTX_clear_flags() and EVP_CIPHER_CTX_test_flags()
480 Sets, clears and tests I<ctx> flags. See L</FLAGS> below for more information.
482 For provided ciphers EVP_CIPHER_CTX_set_flags() should be called only after the
483 fetched cipher has been assigned to the I<ctx>. It is recommended to use
484 L</PARAMETERS> instead.
486 =item EVP_CIPHER_CTX_set_padding()
488 Enables or disables padding. This function should be called after the context
489 is set up for encryption or decryption with EVP_EncryptInit_ex2(),
490 EVP_DecryptInit_ex2() or EVP_CipherInit_ex2(). By default encryption operations
491 are padded using standard block padding and the padding is checked and removed
492 when decrypting. If the I<pad> parameter is zero then no padding is
493 performed, the total amount of data encrypted or decrypted must then
494 be a multiple of the block size or an error will occur.
496 =item EVP_CIPHER_get_key_length() and EVP_CIPHER_CTX_get_key_length()
498 Return the key length of a cipher when passed an B<EVP_CIPHER> or
499 B<EVP_CIPHER_CTX> structure. The constant B<EVP_MAX_KEY_LENGTH> is the maximum
500 key length for all ciphers. Note: although EVP_CIPHER_get_key_length() is fixed for
501 a given cipher, the value of EVP_CIPHER_CTX_get_key_length() may be different for
502 variable key length ciphers.
504 =item EVP_CIPHER_CTX_set_key_length()
506 Sets the key length of the cipher context.
507 If the cipher is a fixed length cipher then attempting to set the key
508 length to any value other than the fixed value is an error.
510 =item EVP_CIPHER_get_iv_length() and EVP_CIPHER_CTX_get_iv_length()
512 Return the IV length of a cipher when passed an B<EVP_CIPHER> or
513 B<EVP_CIPHER_CTX>. It will return zero if the cipher does not use an IV.
514 The constant B<EVP_MAX_IV_LENGTH> is the maximum IV length for all ciphers.
516 =item EVP_CIPHER_CTX_get_tag_length()
518 Returns the tag length of an AEAD cipher when passed a B<EVP_CIPHER_CTX>. It will
519 return zero if the cipher does not support a tag. It returns a default value if
520 the tag length has not been set.
522 =item EVP_CIPHER_get_block_size() and EVP_CIPHER_CTX_get_block_size()
524 Return the block size of a cipher when passed an B<EVP_CIPHER> or
525 B<EVP_CIPHER_CTX> structure. The constant B<EVP_MAX_BLOCK_LENGTH> is also the
526 maximum block length for all ciphers.
528 =item EVP_CIPHER_get_type() and EVP_CIPHER_CTX_get_type()
530 Return the type of the passed cipher or context. This "type" is the actual NID
531 of the cipher OBJECT IDENTIFIER and as such it ignores the cipher parameters
532 (40 bit RC2 and 128 bit RC2 have the same NID). If the cipher does not have an
533 object identifier or does not have ASN1 support this function will return
536 =item EVP_CIPHER_is_a()
538 Returns 1 if I<cipher> is an implementation of an algorithm that's identifiable
539 with I<name>, otherwise 0. If I<cipher> is a legacy cipher (it's the return
540 value from the likes of EVP_aes128() rather than the result of an
541 EVP_CIPHER_fetch()), only cipher names registered with the default library
542 context (see L<OSSL_LIB_CTX(3)>) will be considered.
544 =item EVP_CIPHER_get0_name() and EVP_CIPHER_CTX_get0_name()
546 Return the name of the passed cipher or context. For fetched ciphers with
547 multiple names, only one of them is returned. See also EVP_CIPHER_names_do_all().
549 =item EVP_CIPHER_names_do_all()
551 Traverses all names for the I<cipher>, and calls I<fn> with each name and
552 I<data>. This is only useful with fetched B<EVP_CIPHER>s.
554 =item EVP_CIPHER_get0_description()
556 Returns a description of the cipher, meant for display and human consumption.
557 The description is at the discretion of the cipher implementation.
559 =item EVP_CIPHER_get0_provider()
561 Returns an B<OSSL_PROVIDER> pointer to the provider that implements the given
564 =item EVP_CIPHER_CTX_get0_cipher()
566 Returns the B<EVP_CIPHER> structure when passed an B<EVP_CIPHER_CTX> structure.
567 EVP_CIPHER_CTX_get1_cipher() is the same except the ownership is passed to
570 =item EVP_CIPHER_get_mode() and EVP_CIPHER_CTX_get_mode()
572 Return the block cipher mode:
573 EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE,
574 EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE,
575 EVP_CIPH_WRAP_MODE, EVP_CIPH_OCB_MODE or EVP_CIPH_SIV_MODE.
576 If the cipher is a stream cipher then EVP_CIPH_STREAM_CIPHER is returned.
578 =item EVP_CIPHER_get_flags()
580 Returns any flags associated with the cipher. See L</FLAGS>
581 for a list of currently defined flags.
583 =item EVP_CIPHER_CTX_get_num() and EVP_CIPHER_CTX_set_num()
585 Gets or sets the cipher specific "num" parameter for the associated I<ctx>.
586 Built-in ciphers typically use this to track how much of the current underlying block
587 has been "used" already.
589 =item EVP_CIPHER_CTX_is_encrypting()
591 Reports whether the I<ctx> is being used for encryption or decryption.
593 =item EVP_CIPHER_CTX_flags()
595 A deprecated macro calling C<EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx))>.
598 =item EVP_CIPHER_param_to_asn1()
600 Sets the AlgorithmIdentifier "parameter" based on the passed cipher. This will
601 typically include any parameters and an IV. The cipher IV (if any) must be set
602 when this call is made. This call should be made before the cipher is actually
603 "used" (before any EVP_EncryptUpdate(), EVP_DecryptUpdate() calls for example).
604 This function may fail if the cipher does not have any ASN1 support.
606 =item EVP_CIPHER_asn1_to_param()
608 Sets the cipher parameters based on an ASN1 AlgorithmIdentifier "parameter".
609 The precise effect depends on the cipher. In the case of B<RC2>, for example,
610 it will set the IV and effective key length.
611 This function should be called after the base cipher type is set but before
612 the key is set. For example EVP_CipherInit() will be called with the IV and
613 key set to NULL, EVP_CIPHER_asn1_to_param() will be called and finally
614 EVP_CipherInit() again with all parameters except the key set to NULL. It is
615 possible for this function to fail if the cipher does not have any ASN1 support
616 or the parameters cannot be set (for example the RC2 effective key length
619 =item EVP_CIPHER_CTX_rand_key()
621 Generates a random key of the appropriate length based on the cipher context.
622 The B<EVP_CIPHER> can provide its own random key generation routine to support
623 keys of a specific form. I<key> must point to a buffer at least as big as the
624 value returned by EVP_CIPHER_CTX_get_key_length().
626 =item EVP_CIPHER_do_all_provided()
628 Traverses all ciphers implemented by all activated providers in the given
629 library context I<libctx>, and for each of the implementations, calls the given
630 function I<fn> with the implementation method and the given I<arg> as argument.
636 See L<OSSL_PARAM(3)> for information about passing parameters.
638 =head2 Gettable EVP_CIPHER parameters
640 When EVP_CIPHER_fetch() is called it internally calls EVP_CIPHER_get_params()
641 and caches the results.
643 EVP_CIPHER_get_params() can be used with the following B<OSSL_PARAM> keys:
647 =item "mode" (B<OSSL_CIPHER_PARAM_MODE>) <unsigned integer>
649 Gets the mode for the associated cipher algorithm I<cipher>.
650 See L</EVP_CIPHER_get_mode() and EVP_CIPHER_CTX_get_mode()> for a list of valid modes.
651 Use EVP_CIPHER_get_mode() to retrieve the cached value.
653 =item "keylen" (B<OSSL_CIPHER_PARAM_KEYLEN>) <unsigned integer>
655 Gets the key length for the associated cipher algorithm I<cipher>.
656 Use EVP_CIPHER_get_key_length() to retrieve the cached value.
658 =item "ivlen" (B<OSSL_CIPHER_PARAM_IVLEN>) <unsigned integer>
660 Gets the IV length for the associated cipher algorithm I<cipher>.
661 Use EVP_CIPHER_get_iv_length() to retrieve the cached value.
663 =item "blocksize" (B<OSSL_CIPHER_PARAM_BLOCK_SIZE>) <unsigned integer>
665 Gets the block size for the associated cipher algorithm I<cipher>.
666 The block size should be 1 for stream ciphers.
667 Note that the block size for a cipher may be different to the block size for
668 the underlying encryption/decryption primitive.
669 For example AES in CTR mode has a block size of 1 (because it operates like a
670 stream cipher), even though AES has a block size of 16.
671 Use EVP_CIPHER_get_block_size() to retrieve the cached value.
673 =item "aead" (B<OSSL_CIPHER_PARAM_AEAD>) <integer>
675 Gets 1 if this is an AEAD cipher algorithm, otherwise it gets 0.
676 Use (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) to retrieve the
679 =item "custom-iv" (B<OSSL_CIPHER_PARAM_CUSTOM_IV>) <integer>
681 Gets 1 if the cipher algorithm I<cipher> has a custom IV, otherwise it gets 0.
682 Storing and initializing the IV is left entirely to the implementation, if a
684 Use (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_CUSTOM_IV) to retrieve the
687 =item "cts" (B<OSSL_CIPHER_PARAM_CTS>) <integer>
689 Gets 1 if the cipher algorithm I<cipher> uses ciphertext stealing,
691 This is currently used to indicate that the cipher is a one shot that only
692 allows a single call to EVP_CipherUpdate().
693 Use (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_CTS) to retrieve the
696 =item "tls-multi" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK>) <integer>
698 Gets 1 if the cipher algorithm I<cipher> supports interleaving of crypto blocks,
699 otherwise it gets 0. The interleaving is an optimization only applicable to certain
701 Use (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) to retrieve the
704 =item "has-randkey" (B<OSSL_CIPHER_PARAM_HAS_RANDKEY>) <integer>
706 Gets 1 if the cipher algorithm I<cipher> supports the gettable EVP_CIPHER_CTX
707 parameter B<OSSL_CIPHER_PARAM_RANDOM_KEY>. Only DES and 3DES set this to 1,
708 all other OpenSSL ciphers return 0.
712 =head2 Gettable and Settable EVP_CIPHER_CTX parameters
714 The following B<OSSL_PARAM> keys can be used with both EVP_CIPHER_CTX_get_params()
715 and EVP_CIPHER_CTX_set_params().
719 =item "padding" (B<OSSL_CIPHER_PARAM_PADDING>) <unsigned integer>
721 Gets or sets the padding mode for the cipher context I<ctx>.
722 Padding is enabled if the value is 1, and disabled if the value is 0.
723 See also EVP_CIPHER_CTX_set_padding().
725 =item "num" (B<OSSL_CIPHER_PARAM_NUM>) <unsigned integer>
727 Gets or sets the cipher specific "num" parameter for the cipher context I<ctx>.
728 Built-in ciphers typically use this to track how much of the current underlying
729 block has been "used" already.
730 See also EVP_CIPHER_CTX_get_num() and EVP_CIPHER_CTX_set_num().
732 =item "keylen" (B<OSSL_CIPHER_PARAM_KEYLEN>) <unsigned integer>
734 Gets or sets the key length for the cipher context I<ctx>.
735 The length of the "keylen" parameter should not exceed that of a B<size_t>.
736 See also EVP_CIPHER_CTX_get_key_length() and EVP_CIPHER_CTX_set_key_length().
738 =item "tag" (B<OSSL_CIPHER_PARAM_AEAD_TAG>) <octet string>
740 Gets or sets the AEAD tag for the associated cipher context I<ctx>.
741 See L<EVP_EncryptInit(3)/AEAD Interface>.
743 =item "keybits" (B<OSSL_CIPHER_PARAM_RC2_KEYBITS>) <unsigned integer>
745 Gets or sets the effective keybits used for a RC2 cipher.
746 The length of the "keybits" parameter should not exceed that of a B<size_t>.
748 =item "rounds" (B<OSSL_CIPHER_PARAM_ROUNDS>) <unsigned integer>
750 Gets or sets the number of rounds to be used for a cipher.
751 This is used by the RC5 cipher.
753 =item "alg_id_param" (B<OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS>) <octet string>
755 Used to pass the DER encoded AlgorithmIdentifier parameter to or from
756 the cipher implementation. Functions like L<EVP_CIPHER_param_to_asn1(3)>
757 and L<EVP_CIPHER_asn1_to_param(3)> use this parameter for any implementation
758 that has the flag B<EVP_CIPH_FLAG_CUSTOM_ASN1> set.
760 =item "cts_mode" (B<OSSL_CIPHER_PARAM_CTS_MODE>) <UTF8 string>
762 Gets or sets the cipher text stealing mode. For all modes the output size is the
763 same as the input size. The input length must be greater than or equal to the
764 block size. (The block size for AES and CAMELLIA is 16 bytes).
766 Valid values for the mode are:
772 The NIST variant of cipher text stealing.
773 For input lengths that are multiples of the block size it is equivalent to
774 using a "AES-XXX-CBC" or "CAMELLIA-XXX-CBC" cipher otherwise the second last
775 cipher text block is a partial block.
779 For input lengths that are multiples of the block size it is equivalent to
780 using a "AES-XXX-CBC" or "CAMELLIA-XXX-CBC" cipher, otherwise it is the same as
785 The Kerberos5 variant of cipher text stealing which always swaps the last
786 cipher text block with the previous block (which may be a partial or full block
787 depending on the input length). If the input length is exactly one full block
788 then this is equivalent to using a "AES-XXX-CBC" or "CAMELLIA-XXX-CBC" cipher.
792 The default is "CS1".
793 This is only supported for "AES-128-CBC-CTS", "AES-192-CBC-CTS", "AES-256-CBC-CTS",
794 "CAMELLIA-128-CBC-CTS", "CAMELLIA-192-CBC-CTS" and "CAMELLIA-256-CBC-CTS".
796 =item "tls1multi_interleave" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE>) <unsigned integer>
798 Sets or gets the number of records being sent in one go for a tls1 multiblock
799 cipher operation (either 4 or 8 records).
803 =head2 Gettable EVP_CIPHER_CTX parameters
805 The following B<OSSL_PARAM> keys can be used with EVP_CIPHER_CTX_get_params():
809 =item "ivlen" (B<OSSL_CIPHER_PARAM_IVLEN> and <B<OSSL_CIPHER_PARAM_AEAD_IVLEN>) <unsigned integer>
811 Gets the IV length for the cipher context I<ctx>.
812 The length of the "ivlen" parameter should not exceed that of a B<size_t>.
813 See also EVP_CIPHER_CTX_get_iv_length().
815 =item "iv" (B<OSSL_CIPHER_PARAM_IV>) <octet string OR octet ptr>
817 Gets the IV used to initialize the associated cipher context I<ctx>.
818 See also EVP_CIPHER_CTX_get_original_iv().
820 =item "updated-iv" (B<OSSL_CIPHER_PARAM_UPDATED_IV>) <octet string OR octet ptr>
822 Gets the updated pseudo-IV state for the associated cipher context, e.g.,
823 the previous ciphertext block for CBC mode or the iteratively encrypted IV
824 value for OFB mode. Note that octet pointer access is deprecated and is
825 provided only for backwards compatibility with historical libcrypto APIs.
826 See also EVP_CIPHER_CTX_get_updated_iv().
828 =item "randkey" (B<OSSL_CIPHER_PARAM_RANDOM_KEY>) <octet string>
830 Gets an implementation specific randomly generated key for the associated
831 cipher context I<ctx>. This is currently only supported by DES and 3DES (which set
832 the key to odd parity).
834 =item "taglen" (B<OSSL_CIPHER_PARAM_AEAD_TAGLEN>) <unsigned integer>
836 Gets the tag length to be used for an AEAD cipher for the associated cipher
837 context I<ctx>. It gets a default value if it has not been set.
838 The length of the "taglen" parameter should not exceed that of a B<size_t>.
839 See also EVP_CIPHER_CTX_get_tag_length().
841 =item "tlsaadpad" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD>) <unsigned integer>
843 Gets the length of the tag that will be added to a TLS record for the AEAD
844 tag for the associated cipher context I<ctx>.
845 The length of the "tlsaadpad" parameter should not exceed that of a B<size_t>.
847 =item "tlsivgen" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN>) <octet string>
849 Gets the invocation field generated for encryption.
850 Can only be called after "tlsivfixed" is set.
851 This is only used for GCM mode.
853 =item "tls1multi_enclen" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN>) <unsigned integer>
855 Get the total length of the record returned from the "tls1multi_enc" operation.
857 =item "tls1multi_maxbufsz" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE>) <unsigned integer>
859 Gets the maximum record length for a TLS1 multiblock cipher operation.
860 The length of the "tls1multi_maxbufsz" parameter should not exceed that of a B<size_t>.
862 =item "tls1multi_aadpacklen" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN>) <unsigned integer>
864 Gets the result of running the "tls1multi_aad" operation.
866 =item "tls-mac" (B<OSSL_CIPHER_PARAM_TLS_MAC>) <octet ptr>
868 Used to pass the TLS MAC data.
872 =head2 Settable EVP_CIPHER_CTX parameters
874 The following B<OSSL_PARAM> keys can be used with EVP_CIPHER_CTX_set_params():
878 =item "mackey" (B<OSSL_CIPHER_PARAM_AEAD_MAC_KEY>) <octet string>
880 Sets the MAC key used by composite AEAD ciphers such as AES-CBC-HMAC-SHA256.
882 =item "speed" (B<OSSL_CIPHER_PARAM_SPEED>) <unsigned integer>
884 Sets the speed option for the associated cipher context. This is only supported
885 by AES SIV ciphers which disallow multiple operations by default.
886 Setting "speed" to 1 allows another encrypt or decrypt operation to be
887 performed. This is used for performance testing.
889 =item "use-bits" (B<OSSL_CIPHER_PARAM_USE_BITS>) <unsigned integer>
891 Determines if the input length I<inl> passed to EVP_EncryptUpdate(),
892 EVP_DecryptUpdate() and EVP_CipherUpdate() is the number of bits or number of bytes.
893 Setting "use-bits" to 1 uses bits. The default is in bytes.
894 This is only used for B<CFB1> ciphers.
896 This can be set using EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS).
898 =item "tls-version" (B<OSSL_CIPHER_PARAM_TLS_VERSION>) <integer>
900 Sets the TLS version.
902 =item "tls-mac-size" (B<OSSL_CIPHER_PARAM_TLS_MAC_SIZE>) <unsigned integer>
904 Set the TLS MAC size.
906 =item "tlsaad" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD>) <octet string>
908 Sets TLSv1.2 AAD information for the associated cipher context I<ctx>.
909 TLSv1.2 AAD information is always 13 bytes in length and is as defined for the
910 "additional_data" field described in section 6.2.3.3 of RFC5246.
912 =item "tlsivfixed" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED>) <octet string>
914 Sets the fixed portion of an IV for an AEAD cipher used in a TLS record
915 encryption/ decryption for the associated cipher context.
916 TLS record encryption/decryption always occurs "in place" so that the input and
917 output buffers are always the same memory location.
918 AEAD IVs in TLSv1.2 consist of an implicit "fixed" part and an explicit part
919 that varies with every record.
920 Setting a TLS fixed IV changes a cipher to encrypt/decrypt TLS records.
921 TLS records are encrypted/decrypted using a single OSSL_FUNC_cipher_cipher call per
923 For a record decryption the first bytes of the input buffer will be the explicit
924 part of the IV and the final bytes of the input buffer will be the AEAD tag.
925 The length of the explicit part of the IV and the tag length will depend on the
926 cipher in use and will be defined in the RFC for the relevant ciphersuite.
927 In order to allow for "in place" decryption the plaintext output should be
928 written to the same location in the output buffer that the ciphertext payload
929 was read from, i.e. immediately after the explicit IV.
931 When encrypting a record the first bytes of the input buffer should be empty to
932 allow space for the explicit IV, as will the final bytes where the tag will
934 The length of the input buffer will include the length of the explicit IV, the
935 payload, and the tag bytes.
936 The cipher implementation should generate the explicit IV and write it to the
937 beginning of the output buffer, do "in place" encryption of the payload and
938 write that to the output buffer, and finally add the tag onto the end of the
941 Whether encrypting or decrypting the value written to I<*outl> in the
942 OSSL_FUNC_cipher_cipher call should be the length of the payload excluding the explicit
943 IV length and the tag length.
945 =item "tlsivinv" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV>) <octet string>
947 Sets the invocation field used for decryption.
948 Can only be called after "tlsivfixed" is set.
949 This is only used for GCM mode.
951 =item "tls1multi_enc" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC>) <octet string>
953 Triggers a multiblock TLS1 encrypt operation for a TLS1 aware cipher that
954 supports sending 4 or 8 records in one go.
955 The cipher performs both the MAC and encrypt stages and constructs the record
957 "tls1multi_enc" supplies the output buffer for the encrypt operation,
958 "tls1multi_encin" & "tls1multi_interleave" must also be set in order to supply
959 values to the encrypt operation.
961 =item "tls1multi_encin" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN>) <octet string>
963 Supplies the data to encrypt for a TLS1 multiblock cipher operation.
965 =item "tls1multi_maxsndfrag" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT>) <unsigned integer>
967 Sets the maximum send fragment size for a TLS1 multiblock cipher operation.
968 It must be set before using "tls1multi_maxbufsz".
969 The length of the "tls1multi_maxsndfrag" parameter should not exceed that of a B<size_t>.
971 =item "tls1multi_aad" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD>) <octet string>
973 Sets the authenticated additional data used by a TLS1 multiblock cipher operation.
974 The supplied data consists of 13 bytes of record data containing:
975 Bytes 0-7: The sequence number of the first record
976 Byte 8: The record type
977 Byte 9-10: The protocol version
978 Byte 11-12: Input length (Always 0)
980 "tls1multi_interleave" must also be set for this operation.
986 The Mappings from EVP_CIPHER_CTX_ctrl() identifiers to PARAMETERS are listed
987 in the following section. See the L</PARAMETERS> section for more details.
989 EVP_CIPHER_CTX_ctrl() can be used to send the following standard controls:
993 =item EVP_CTRL_AEAD_SET_IVLEN and EVP_CTRL_GET_IVLEN
995 When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() and
996 EVP_CIPHER_CTX_get_params() get called with an L<OSSL_PARAM(3)> item with the
997 key "ivlen" (B<OSSL_CIPHER_PARAM_IVLEN>).
999 =item EVP_CTRL_AEAD_SET_IV_FIXED
1001 When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called
1002 with an L<OSSL_PARAM(3)> item with the key "tlsivfixed"
1003 (B<OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED>).
1005 =item EVP_CTRL_AEAD_SET_MAC_KEY
1007 When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called
1008 with an L<OSSL_PARAM(3)> item with the key "mackey"
1009 (B<OSSL_CIPHER_PARAM_AEAD_MAC_KEY>).
1011 =item EVP_CTRL_AEAD_SET_TAG and EVP_CTRL_AEAD_GET_TAG
1013 When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() and
1014 EVP_CIPHER_CTX_get_params() get called with an L<OSSL_PARAM(3)> item with the
1015 key "tag" (B<OSSL_CIPHER_PARAM_AEAD_TAG>).
1017 =item EVP_CTRL_CCM_SET_L
1019 When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called
1020 with an L<OSSL_PARAM(3)> item with the key "ivlen" (B<OSSL_CIPHER_PARAM_IVLEN>)
1021 with a value of (15 - L)
1025 There is no OSSL_PARAM mapping for this. Use EVP_CIPHER_CTX_copy() instead.
1027 =item EVP_CTRL_GCM_SET_IV_INV
1029 When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called
1030 with an L<OSSL_PARAM(3)> item with the key "tlsivinv"
1031 (B<OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV>).
1033 =item EVP_CTRL_RAND_KEY
1035 When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called
1036 with an L<OSSL_PARAM(3)> item with the key "randkey"
1037 (B<OSSL_CIPHER_PARAM_RANDOM_KEY>).
1039 =item EVP_CTRL_SET_KEY_LENGTH
1041 When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called
1042 with an L<OSSL_PARAM(3)> item with the key "keylen" (B<OSSL_CIPHER_PARAM_KEYLEN>).
1044 =item EVP_CTRL_SET_RC2_KEY_BITS and EVP_CTRL_GET_RC2_KEY_BITS
1046 When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() and
1047 EVP_CIPHER_CTX_get_params() get called with an L<OSSL_PARAM(3)> item with the
1048 key "keybits" (B<OSSL_CIPHER_PARAM_RC2_KEYBITS>).
1050 =item EVP_CTRL_SET_RC5_ROUNDS and EVP_CTRL_GET_RC5_ROUNDS
1052 When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() and
1053 EVP_CIPHER_CTX_get_params() get called with an L<OSSL_PARAM(3)> item with the
1054 key "rounds" (B<OSSL_CIPHER_PARAM_ROUNDS>).
1056 =item EVP_CTRL_SET_SPEED
1058 When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called
1059 with an L<OSSL_PARAM(3)> item with the key "speed" (B<OSSL_CIPHER_PARAM_SPEED>).
1061 =item EVP_CTRL_GCM_IV_GEN
1063 When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_get_params() gets called
1064 with an L<OSSL_PARAM(3)> item with the key
1065 "tlsivgen" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN>).
1067 =item EVP_CTRL_AEAD_TLS1_AAD
1069 When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() get called
1070 with an L<OSSL_PARAM(3)> item with the key
1071 "tlsaadpad" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD>)
1072 followed by EVP_CIPHER_CTX_get_params() with a key of
1073 "tlsaadpad" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD>).
1075 =item EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE
1077 When used with a fetched B<EVP_CIPHER>,
1078 EVP_CIPHER_CTX_set_params() gets called with an L<OSSL_PARAM(3)> item with the
1079 key OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT
1080 followed by EVP_CIPHER_CTX_get_params() with a key of
1081 "tls1multi_maxbufsz" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE>).
1083 =item EVP_CTRL_TLS1_1_MULTIBLOCK_AAD
1085 When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called
1086 with L<OSSL_PARAM(3)> items with the keys
1087 "tls1multi_aad" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD>) and
1088 "tls1multi_interleave" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE>)
1089 followed by EVP_CIPHER_CTX_get_params() with keys of
1090 "tls1multi_aadpacklen" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN>) and
1091 "tls1multi_interleave" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE>).
1093 =item EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT
1095 When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called
1096 with L<OSSL_PARAM(3)> items with the keys
1097 "tls1multi_enc" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC>),
1098 "tls1multi_encin" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN>) and
1099 "tls1multi_interleave" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE>),
1100 followed by EVP_CIPHER_CTX_get_params() with a key of
1101 "tls1multi_enclen" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN>).
1107 EVP_CIPHER_CTX_set_flags(), EVP_CIPHER_CTX_clear_flags() and EVP_CIPHER_CTX_test_flags().
1108 can be used to manipulate and test these B<EVP_CIPHER_CTX> flags:
1112 =item EVP_CIPH_NO_PADDING
1114 Used by EVP_CIPHER_CTX_set_padding().
1116 See also L</Gettable and Settable EVP_CIPHER_CTX parameters> "padding"
1118 =item EVP_CIPH_FLAG_LENGTH_BITS
1120 See L</Settable EVP_CIPHER_CTX parameters> "use-bits".
1122 =item EVP_CIPHER_CTX_FLAG_WRAP_ALLOW
1124 Used for Legacy purposes only. This flag needed to be set to indicate the
1125 cipher handled wrapping.
1129 EVP_CIPHER_flags() uses the following flags that
1130 have mappings to L</Gettable EVP_CIPHER parameters>:
1134 =item EVP_CIPH_FLAG_AEAD_CIPHER
1136 See L</Gettable EVP_CIPHER parameters> "aead".
1138 =item EVP_CIPH_CUSTOM_IV
1140 See L</Gettable EVP_CIPHER parameters> "custom-iv".
1142 =item EVP_CIPH_FLAG_CTS
1144 See L</Gettable EVP_CIPHER parameters> "cts".
1146 =item EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK;
1148 See L</Gettable EVP_CIPHER parameters> "tls-multi".
1150 =item EVP_CIPH_RAND_KEY
1152 See L</Gettable EVP_CIPHER parameters> "has-randkey".
1156 EVP_CIPHER_flags() uses the following flags for legacy purposes only:
1160 =item EVP_CIPH_VARIABLE_LENGTH
1162 =item EVP_CIPH_FLAG_CUSTOM_CIPHER
1164 =item EVP_CIPH_ALWAYS_CALL_INIT
1166 =item EVP_CIPH_CTRL_INIT
1168 =item EVP_CIPH_CUSTOM_KEY_LENGTH
1170 =item EVP_CIPH_CUSTOM_COPY
1172 =item EVP_CIPH_FLAG_DEFAULT_ASN1
1174 See L<EVP_CIPHER_meth_set_flags(3)> for further information related to the above
1179 =head1 RETURN VALUES
1181 EVP_CIPHER_fetch() returns a pointer to a B<EVP_CIPHER> for success
1182 and B<NULL> for failure.
1184 EVP_CIPHER_up_ref() returns 1 for success or 0 otherwise.
1186 EVP_CIPHER_CTX_new() returns a pointer to a newly created
1187 B<EVP_CIPHER_CTX> for success and B<NULL> for failure.
1189 EVP_EncryptInit_ex2(), EVP_EncryptUpdate() and EVP_EncryptFinal_ex()
1190 return 1 for success and 0 for failure.
1192 EVP_DecryptInit_ex2() and EVP_DecryptUpdate() return 1 for success and 0 for failure.
1193 EVP_DecryptFinal_ex() returns 0 if the decrypt failed or 1 for success.
1195 EVP_CipherInit_ex2() and EVP_CipherUpdate() return 1 for success and 0 for failure.
1196 EVP_CipherFinal_ex() returns 0 for a decryption failure or 1 for success.
1198 EVP_Cipher() returns the amount of encrypted / decrypted bytes, or -1
1199 on failure if the flag B<EVP_CIPH_FLAG_CUSTOM_CIPHER> is set for the
1200 cipher. EVP_Cipher() returns 1 on success or 0 on failure, if the flag
1201 B<EVP_CIPH_FLAG_CUSTOM_CIPHER> is not set for the cipher.
1203 EVP_CIPHER_CTX_reset() returns 1 for success and 0 for failure.
1205 EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj()
1206 return an B<EVP_CIPHER> structure or NULL on error.
1208 EVP_CIPHER_get_nid() and EVP_CIPHER_CTX_get_nid() return a NID.
1210 EVP_CIPHER_get_block_size() and EVP_CIPHER_CTX_get_block_size() return the
1213 EVP_CIPHER_get_key_length() and EVP_CIPHER_CTX_get_key_length() return the key
1216 EVP_CIPHER_CTX_set_padding() always returns 1.
1218 EVP_CIPHER_get_iv_length() and EVP_CIPHER_CTX_get_iv_length() return the IV
1219 length or zero if the cipher does not use an IV.
1221 EVP_CIPHER_CTX_get_tag_length() return the tag length or zero if the cipher
1224 EVP_CIPHER_get_type() and EVP_CIPHER_CTX_get_type() return the NID of the
1225 cipher's OBJECT IDENTIFIER or NID_undef if it has no defined
1228 EVP_CIPHER_CTX_cipher() returns an B<EVP_CIPHER> structure.
1230 EVP_CIPHER_CTX_get_num() returns a nonnegative num value or
1231 B<EVP_CTRL_RET_UNSUPPORTED> if the implementation does not support the call
1232 or on any other error.
1234 EVP_CIPHER_CTX_set_num() returns 1 on success and 0 if the implementation
1235 does not support the call or on any other error.
1237 EVP_CIPHER_CTX_is_encrypting() returns 1 if the I<ctx> is set up for encryption
1240 EVP_CIPHER_param_to_asn1() and EVP_CIPHER_asn1_to_param() return greater
1241 than zero for success and zero or a negative number on failure.
1243 EVP_CIPHER_CTX_rand_key() returns 1 for success.
1245 EVP_CIPHER_names_do_all() returns 1 if the callback was called for all names.
1246 A return value of 0 means that the callback was not called for any names.
1248 =head1 CIPHER LISTING
1250 All algorithms have a fixed key length unless otherwise stated.
1252 Refer to L</SEE ALSO> for the full list of ciphers available through the EVP
1257 =item EVP_enc_null()
1259 Null cipher: does nothing.
1263 =head1 AEAD INTERFACE
1265 The EVP interface for Authenticated Encryption with Associated Data (AEAD)
1266 modes are subtly altered and several additional I<ctrl> operations are supported
1267 depending on the mode specified.
1269 To specify additional authenticated data (AAD), a call to EVP_CipherUpdate(),
1270 EVP_EncryptUpdate() or EVP_DecryptUpdate() should be made with the output
1271 parameter I<out> set to B<NULL>.
1273 When decrypting, the return value of EVP_DecryptFinal() or EVP_CipherFinal()
1274 indicates whether the operation was successful. If it does not indicate success,
1275 the authentication operation has failed and any output data B<MUST NOT> be used
1278 =head2 GCM and OCB Modes
1280 The following I<ctrl>s are supported in GCM and OCB modes.
1284 =item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)
1286 Sets the IV length. This call can only be made before specifying an IV. If
1287 not called a default IV length is used.
1289 For GCM AES and OCB AES the default is 12 (i.e. 96 bits). For OCB mode the
1292 =item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag)
1294 Writes C<taglen> bytes of the tag value to the buffer indicated by C<tag>.
1295 This call can only be made when encrypting data and B<after> all data has been
1296 processed (e.g. after an EVP_EncryptFinal() call).
1298 For OCB, C<taglen> must either be 16 or the value previously set via
1299 B<EVP_CTRL_AEAD_SET_TAG>.
1301 =item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)
1303 When decrypting, this call sets the expected tag to C<taglen> bytes from C<tag>.
1304 C<taglen> must be between 1 and 16 inclusive.
1305 The tag must be set prior to any call to EVP_DecryptFinal() or
1306 EVP_DecryptFinal_ex().
1308 For GCM, this call is only valid when decrypting data.
1310 For OCB, this call is valid when decrypting data to set the expected tag,
1311 and when encrypting to set the desired tag length.
1313 In OCB mode, calling this when encrypting with C<tag> set to C<NULL> sets the
1314 tag length. The tag length can only be set before specifying an IV. If this is
1315 not called prior to setting the IV during encryption, then a default tag length
1318 For OCB AES, the default tag length is 16 (i.e. 128 bits). It is also the
1319 maximum tag length for OCB.
1325 The EVP interface for CCM mode is similar to that of the GCM mode but with a
1326 few additional requirements and different I<ctrl> values.
1328 For CCM mode, the total plaintext or ciphertext length B<MUST> be passed to
1329 EVP_CipherUpdate(), EVP_EncryptUpdate() or EVP_DecryptUpdate() with the output
1330 and input parameters (I<in> and I<out>) set to B<NULL> and the length passed in
1331 the I<inl> parameter.
1333 The following I<ctrl>s are supported in CCM mode.
1337 =item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)
1339 This call is made to set the expected B<CCM> tag value when decrypting or
1340 the length of the tag (with the C<tag> parameter set to NULL) when encrypting.
1341 The tag length is often referred to as B<M>. If not set a default value is
1342 used (12 for AES). When decrypting, the tag needs to be set before passing
1343 in data to be decrypted, but as in GCM and OCB mode, it can be set after
1344 passing additional authenticated data (see L</AEAD INTERFACE>).
1346 =item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_L, ivlen, NULL)
1348 Sets the CCM B<L> value. If not set a default is used (8 for AES).
1350 =item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)
1352 Sets the CCM nonce (IV) length. This call can only be made before specifying a
1353 nonce value. The nonce length is given by B<15 - L> so it is 7 by default for
1360 For SIV mode ciphers the behaviour of the EVP interface is subtly
1361 altered and several additional ctrl operations are supported.
1363 To specify any additional authenticated data (AAD) and/or a Nonce, a call to
1364 EVP_CipherUpdate(), EVP_EncryptUpdate() or EVP_DecryptUpdate() should be made
1365 with the output parameter I<out> set to B<NULL>.
1367 RFC5297 states that the Nonce is the last piece of AAD before the actual
1368 encrypt/decrypt takes place. The API does not differentiate the Nonce from
1371 When decrypting the return value of EVP_DecryptFinal() or EVP_CipherFinal()
1372 indicates if the operation was successful. If it does not indicate success
1373 the authentication operation has failed and any output data B<MUST NOT>
1374 be used as it is corrupted.
1376 The following ctrls are supported in both SIV modes.
1380 =item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag);
1382 Writes I<taglen> bytes of the tag value to the buffer indicated by I<tag>.
1383 This call can only be made when encrypting data and B<after> all data has been
1384 processed (e.g. after an EVP_EncryptFinal() call). For SIV mode the taglen must
1387 =item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag);
1389 Sets the expected tag to I<taglen> bytes from I<tag>. This call is only legal
1390 when decrypting data and must be made B<before> any data is processed (e.g.
1391 before any EVP_DecryptUpdate() call). For SIV mode the taglen must be 16.
1395 SIV mode makes two passes over the input data, thus, only one call to
1396 EVP_CipherUpdate(), EVP_EncryptUpdate() or EVP_DecryptUpdate() should be made
1397 with I<out> set to a non-B<NULL> value. A call to EVP_Decrypt_Final() or
1398 EVP_CipherFinal() is not required, but will indicate if the update
1399 operation succeeded.
1401 =head2 ChaCha20-Poly1305
1403 The following I<ctrl>s are supported for the ChaCha20-Poly1305 AEAD algorithm.
1407 =item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)
1409 Sets the nonce length. This call can only be made before specifying the nonce.
1410 If not called a default nonce length of 12 (i.e. 96 bits) is used. The maximum
1411 nonce length is 12 bytes (i.e. 96-bits). If a nonce of less than 12 bytes is set
1412 then the nonce is automatically padded with leading 0 bytes to make it 12 bytes
1415 =item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag)
1417 Writes C<taglen> bytes of the tag value to the buffer indicated by C<tag>.
1418 This call can only be made when encrypting data and B<after> all data has been
1419 processed (e.g. after an EVP_EncryptFinal() call).
1421 C<taglen> specified here must be 16 (B<POLY1305_BLOCK_SIZE>, i.e. 128-bits) or
1424 =item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)
1426 Sets the expected tag to C<taglen> bytes from C<tag>.
1427 The tag length can only be set before specifying an IV.
1428 C<taglen> must be between 1 and 16 (B<POLY1305_BLOCK_SIZE>) inclusive.
1429 This call is only valid when decrypting data.
1435 Where possible the B<EVP> interface to symmetric ciphers should be used in
1436 preference to the low-level interfaces. This is because the code then becomes
1437 transparent to the cipher used and much more flexible. Additionally, the
1438 B<EVP> interface will ensure the use of platform specific cryptographic
1439 acceleration such as AES-NI (the low-level interfaces do not provide the
1442 PKCS padding works by adding B<n> padding bytes of value B<n> to make the total
1443 length of the encrypted data a multiple of the block size. Padding is always
1444 added so if the data is already a multiple of the block size B<n> will equal
1445 the block size. For example if the block size is 8 and 11 bytes are to be
1446 encrypted then 5 padding bytes of value 5 will be added.
1448 When decrypting the final block is checked to see if it has the correct form.
1450 Although the decryption operation can produce an error if padding is enabled,
1451 it is not a strong test that the input data or key is correct. A random block
1452 has better than 1 in 256 chance of being of the correct format and problems with
1453 the input data earlier on will not produce a final decrypt error.
1455 If padding is disabled then the decryption operation will always succeed if
1456 the total amount of data decrypted is a multiple of the block size.
1458 The functions EVP_EncryptInit(), EVP_EncryptInit_ex(),
1459 EVP_EncryptFinal(), EVP_DecryptInit(), EVP_DecryptInit_ex(),
1460 EVP_CipherInit(), EVP_CipherInit_ex() and EVP_CipherFinal() are obsolete
1461 but are retained for compatibility with existing code. New code should
1462 use EVP_EncryptInit_ex2(), EVP_EncryptFinal_ex(), EVP_DecryptInit_ex2(),
1463 EVP_DecryptFinal_ex(), EVP_CipherInit_ex2() and EVP_CipherFinal_ex()
1464 because they can reuse an existing context without allocating and freeing
1467 There are some differences between functions EVP_CipherInit() and
1468 EVP_CipherInit_ex(), significant in some circumstances. EVP_CipherInit() fills
1469 the passed context object with zeros. As a consequence, EVP_CipherInit() does
1470 not allow step-by-step initialization of the ctx when the I<key> and I<iv> are
1471 passed in separate calls. It also means that the flags set for the CTX are
1472 removed, and it is especially important for the
1473 B<EVP_CIPHER_CTX_FLAG_WRAP_ALLOW> flag treated specially in
1474 EVP_CipherInit_ex().
1476 EVP_get_cipherbynid(), and EVP_get_cipherbyobj() are implemented as macros.
1480 B<EVP_MAX_KEY_LENGTH> and B<EVP_MAX_IV_LENGTH> only refer to the internal
1481 ciphers with default key lengths. If custom ciphers exceed these values the
1482 results are unpredictable. This is because it has become standard practice to
1483 define a generic key as a fixed unsigned char array containing
1484 B<EVP_MAX_KEY_LENGTH> bytes.
1486 The ASN1 code is incomplete (and sometimes inaccurate) it has only been tested
1487 for certain common S/MIME ciphers (RC2, DES, triple DES) in CBC mode.
1491 Encrypt a string using IDEA:
1493 int do_crypt(char *outfile)
1495 unsigned char outbuf[1024];
1498 * Bogus key and IV: we'd normally set these from
1501 unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
1502 unsigned char iv[] = {1,2,3,4,5,6,7,8};
1503 char intext[] = "Some Crypto Text";
1504 EVP_CIPHER_CTX *ctx;
1507 ctx = EVP_CIPHER_CTX_new();
1508 EVP_EncryptInit_ex2(ctx, EVP_idea_cbc(), key, iv, NULL);
1510 if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, intext, strlen(intext))) {
1512 EVP_CIPHER_CTX_free(ctx);
1516 * Buffer passed to EVP_EncryptFinal() must be after data just
1517 * encrypted to avoid overwriting it.
1519 if (!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen)) {
1521 EVP_CIPHER_CTX_free(ctx);
1525 EVP_CIPHER_CTX_free(ctx);
1527 * Need binary mode for fopen because encrypted data is
1528 * binary data. Also cannot use strlen() on it because
1529 * it won't be NUL terminated and may contain embedded
1532 out = fopen(outfile, "wb");
1537 fwrite(outbuf, 1, outlen, out);
1542 The ciphertext from the above example can be decrypted using the B<openssl>
1543 utility with the command line (shown on two lines for clarity):
1546 -K 000102030405060708090A0B0C0D0E0F -iv 0102030405060708 <filename
1548 General encryption and decryption function example using FILE I/O and AES128
1551 int do_crypt(FILE *in, FILE *out, int do_encrypt)
1553 /* Allow enough space in output buffer for additional block */
1554 unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH];
1556 EVP_CIPHER_CTX *ctx;
1558 * Bogus key and IV: we'd normally set these from
1561 unsigned char key[] = "0123456789abcdeF";
1562 unsigned char iv[] = "1234567887654321";
1564 /* Don't set key or IV right away; we want to check lengths */
1565 ctx = EVP_CIPHER_CTX_new();
1566 EVP_CipherInit_ex2(ctx, EVP_aes_128_cbc(), NULL, NULL,
1568 OPENSSL_assert(EVP_CIPHER_CTX_get_key_length(ctx) == 16);
1569 OPENSSL_assert(EVP_CIPHER_CTX_get_iv_length(ctx) == 16);
1571 /* Now we can set key and IV */
1572 EVP_CipherInit_ex2(ctx, NULL, key, iv, do_encrypt, NULL);
1575 inlen = fread(inbuf, 1, 1024, in);
1578 if (!EVP_CipherUpdate(ctx, outbuf, &outlen, inbuf, inlen)) {
1580 EVP_CIPHER_CTX_free(ctx);
1583 fwrite(outbuf, 1, outlen, out);
1585 if (!EVP_CipherFinal_ex(ctx, outbuf, &outlen)) {
1587 EVP_CIPHER_CTX_free(ctx);
1590 fwrite(outbuf, 1, outlen, out);
1592 EVP_CIPHER_CTX_free(ctx);
1596 Encryption using AES-CBC with a 256-bit key with "CS1" ciphertext stealing.
1598 int encrypt(const unsigned char *key, const unsigned char *iv,
1599 const unsigned char *msg, size_t msg_len, unsigned char *out)
1602 * This assumes that key size is 32 bytes and the iv is 16 bytes.
1603 * For ciphertext stealing mode the length of the ciphertext "out" will be
1604 * the same size as the plaintext size "msg_len".
1605 * The "msg_len" can be any size >= 16.
1607 int ret = 0, encrypt = 1, outlen, len;
1608 EVP_CIPHER_CTX *ctx = NULL;
1609 EVP_CIPHER *cipher = NULL;
1610 OSSL_PARAM params[2];
1612 ctx = EVP_CIPHER_CTX_new();
1613 cipher = EVP_CIPHER_fetch(NULL, "AES-256-CBC-CTS", NULL);
1614 if (ctx == NULL || cipher == NULL)
1618 * The default is "CS1" so this is not really needed,
1619 * but would be needed to set either "CS2" or "CS3".
1621 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_CIPHER_PARAM_CTS_MODE,
1623 params[1] = OSSL_PARAM_construct_end();
1625 if (!EVP_CipherInit_ex2(ctx, cipher, key, iv, encrypt, params))
1628 /* NOTE: CTS mode does not support multiple calls to EVP_CipherUpdate() */
1629 if (!EVP_CipherUpdate(ctx, encrypted, &outlen, msg, msglen))
1631 if (!EVP_CipherFinal_ex(ctx, encrypted + outlen, &len))
1635 EVP_CIPHER_free(cipher);
1636 EVP_CIPHER_CTX_free(ctx);
1644 L<crypto(7)/ALGORITHM FETCHING>,
1645 L<provider-cipher(7)>,
1646 L<life_cycle-cipher(7)>
1648 Supported ciphers are listed in:
1650 L<EVP_aes_128_gcm(3)>,
1651 L<EVP_aria_128_gcm(3)>,
1653 L<EVP_camellia_128_ecb(3)>,
1654 L<EVP_cast5_cbc(3)>,
1661 L<EVP_rc5_32_12_16_cbc(3)>,
1667 Support for OCB mode was added in OpenSSL 1.1.0.
1669 B<EVP_CIPHER_CTX> was made opaque in OpenSSL 1.1.0. As a result,
1670 EVP_CIPHER_CTX_reset() appeared and EVP_CIPHER_CTX_cleanup()
1671 disappeared. EVP_CIPHER_CTX_init() remains as an alias for
1672 EVP_CIPHER_CTX_reset().
1674 The EVP_CIPHER_CTX_cipher() function was deprecated in OpenSSL 3.0; use
1675 EVP_CIPHER_CTX_get0_cipher() instead.
1677 The EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2(), EVP_CipherInit_ex2(),
1678 EVP_CIPHER_fetch(), EVP_CIPHER_free(), EVP_CIPHER_up_ref(),
1679 EVP_CIPHER_CTX_get0_cipher(), EVP_CIPHER_CTX_get1_cipher(),
1680 EVP_CIPHER_get_params(), EVP_CIPHER_CTX_set_params(),
1681 EVP_CIPHER_CTX_get_params(), EVP_CIPHER_gettable_params(),
1682 EVP_CIPHER_settable_ctx_params(), EVP_CIPHER_gettable_ctx_params(),
1683 EVP_CIPHER_CTX_settable_params() and EVP_CIPHER_CTX_gettable_params()
1684 functions were added in 3.0.
1686 The EVP_CIPHER_nid(), EVP_CIPHER_name(), EVP_CIPHER_block_size(),
1687 EVP_CIPHER_key_length(), EVP_CIPHER_iv_length(), EVP_CIPHER_flags(),
1688 EVP_CIPHER_mode(), EVP_CIPHER_type(), EVP_CIPHER_CTX_nid(),
1689 EVP_CIPHER_CTX_block_size(), EVP_CIPHER_CTX_key_length(),
1690 EVP_CIPHER_CTX_iv_length(), EVP_CIPHER_CTX_tag_length(),
1691 EVP_CIPHER_CTX_num(), EVP_CIPHER_CTX_type(), and EVP_CIPHER_CTX_mode()
1692 functions were renamed to include C<get> or C<get0> in their names in
1693 OpenSSL 3.0, respectively. The old names are kept as non-deprecated
1696 The EVP_CIPHER_CTX_encrypting() function was renamed to
1697 EVP_CIPHER_CTX_is_encrypting() in OpenSSL 3.0. The old name is kept as
1698 non-deprecated alias macro.
1700 The EVP_CIPHER_CTX_flags() macro was deprecated in OpenSSL 1.1.0.
1704 Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
1706 Licensed under the Apache License 2.0 (the "License"). You may not use
1707 this file except in compliance with the License. You can obtain a copy
1708 in the file LICENSE in the source distribution or at
1709 L<https://www.openssl.org/source/license.html>.