1EVP_ENCRYPTINIT(3ossl)              OpenSSL             EVP_ENCRYPTINIT(3ossl)
2
3
4

NAME

6       EVP_CIPHER_fetch, EVP_CIPHER_up_ref, EVP_CIPHER_free,
7       EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX_free,
8       EVP_CIPHER_CTX_dup, EVP_CIPHER_CTX_copy, EVP_EncryptInit_ex,
9       EVP_EncryptInit_ex2, EVP_EncryptUpdate, EVP_EncryptFinal_ex,
10       EVP_DecryptInit_ex, EVP_DecryptInit_ex2, EVP_DecryptUpdate,
11       EVP_DecryptFinal_ex, EVP_CipherInit_ex, EVP_CipherInit_ex2,
12       EVP_CipherUpdate, EVP_CipherFinal_ex, EVP_CIPHER_CTX_set_key_length,
13       EVP_CIPHER_CTX_ctrl, EVP_EncryptInit, EVP_EncryptFinal,
14       EVP_DecryptInit, EVP_DecryptFinal, EVP_CipherInit, EVP_CipherFinal,
15       EVP_Cipher, EVP_get_cipherbyname, EVP_get_cipherbynid,
16       EVP_get_cipherbyobj, EVP_CIPHER_is_a, EVP_CIPHER_get0_name,
17       EVP_CIPHER_get0_description, EVP_CIPHER_names_do_all,
18       EVP_CIPHER_get0_provider, EVP_CIPHER_get_nid, EVP_CIPHER_get_params,
19       EVP_CIPHER_gettable_params, EVP_CIPHER_get_block_size,
20       EVP_CIPHER_get_key_length, EVP_CIPHER_get_iv_length,
21       EVP_CIPHER_get_flags, EVP_CIPHER_get_mode, EVP_CIPHER_get_type,
22       EVP_CIPHER_CTX_cipher, EVP_CIPHER_CTX_get0_cipher,
23       EVP_CIPHER_CTX_get1_cipher, EVP_CIPHER_CTX_get0_name,
24       EVP_CIPHER_CTX_get_nid, EVP_CIPHER_CTX_get_params,
25       EVP_CIPHER_gettable_ctx_params, EVP_CIPHER_CTX_gettable_params,
26       EVP_CIPHER_CTX_set_params, EVP_CIPHER_settable_ctx_params,
27       EVP_CIPHER_CTX_settable_params, EVP_CIPHER_CTX_get_block_size,
28       EVP_CIPHER_CTX_get_key_length, EVP_CIPHER_CTX_get_iv_length,
29       EVP_CIPHER_CTX_get_tag_length, EVP_CIPHER_CTX_get_app_data,
30       EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_flags,
31       EVP_CIPHER_CTX_set_flags, EVP_CIPHER_CTX_clear_flags,
32       EVP_CIPHER_CTX_test_flags, EVP_CIPHER_CTX_get_type,
33       EVP_CIPHER_CTX_get_mode, EVP_CIPHER_CTX_get_num,
34       EVP_CIPHER_CTX_set_num, EVP_CIPHER_CTX_is_encrypting,
35       EVP_CIPHER_param_to_asn1, EVP_CIPHER_asn1_to_param,
36       EVP_CIPHER_CTX_set_padding, EVP_enc_null, EVP_CIPHER_do_all_provided,
37       EVP_CIPHER_nid, EVP_CIPHER_name, EVP_CIPHER_block_size,
38       EVP_CIPHER_key_length, EVP_CIPHER_iv_length, EVP_CIPHER_flags,
39       EVP_CIPHER_mode, EVP_CIPHER_type, EVP_CIPHER_CTX_encrypting,
40       EVP_CIPHER_CTX_nid, EVP_CIPHER_CTX_block_size,
41       EVP_CIPHER_CTX_key_length, EVP_CIPHER_CTX_iv_length,
42       EVP_CIPHER_CTX_tag_length, EVP_CIPHER_CTX_num, EVP_CIPHER_CTX_type,
43       EVP_CIPHER_CTX_mode - EVP cipher routines
44

SYNOPSIS

46        #include <openssl/evp.h>
47
48        EVP_CIPHER *EVP_CIPHER_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
49                                     const char *properties);
50        int EVP_CIPHER_up_ref(EVP_CIPHER *cipher);
51        void EVP_CIPHER_free(EVP_CIPHER *cipher);
52        EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
53        int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx);
54        void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx);
55        EVP_CIPHER_CTX *EVP_CIPHER_CTX_dup(const EVP_CIPHER_CTX *in);
56        int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in);
57
58        int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
59                               ENGINE *impl, const unsigned char *key, const unsigned char *iv);
60        int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
61                                const unsigned char *key, const unsigned char *iv,
62                                const OSSL_PARAM params[]);
63        int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
64                              int *outl, const unsigned char *in, int inl);
65        int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
66
67        int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
68                               ENGINE *impl, const unsigned char *key, const unsigned char *iv);
69        int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
70                                const unsigned char *key, const unsigned char *iv,
71                                const OSSL_PARAM params[]);
72        int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
73                              int *outl, const unsigned char *in, int inl);
74        int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
75
76        int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
77                              ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc);
78        int EVP_CipherInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
79                               const unsigned char *key, const unsigned char *iv,
80                               int enc, const OSSL_PARAM params[]);
81        int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
82                             int *outl, const unsigned char *in, int inl);
83        int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
84
85        int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
86                            const unsigned char *key, const unsigned char *iv);
87        int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
88
89        int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
90                            const unsigned char *key, const unsigned char *iv);
91        int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
92
93        int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
94                           const unsigned char *key, const unsigned char *iv, int enc);
95        int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
96
97        int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
98                       const unsigned char *in, unsigned int inl);
99
100        int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding);
101        int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
102        int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int cmd, int p1, void *p2);
103        int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key);
104        void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags);
105        void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags);
106        int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
107
108        const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
109        const EVP_CIPHER *EVP_get_cipherbynid(int nid);
110        const EVP_CIPHER *EVP_get_cipherbyobj(const ASN1_OBJECT *a);
111
112        int EVP_CIPHER_get_nid(const EVP_CIPHER *e);
113        int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name);
114        int EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher,
115                                    void (*fn)(const char *name, void *data),
116                                    void *data);
117        const char *EVP_CIPHER_get0_name(const EVP_CIPHER *cipher);
118        const char *EVP_CIPHER_get0_description(const EVP_CIPHER *cipher);
119        const OSSL_PROVIDER *EVP_CIPHER_get0_provider(const EVP_CIPHER *cipher);
120        int EVP_CIPHER_get_block_size(const EVP_CIPHER *e);
121        int EVP_CIPHER_get_key_length(const EVP_CIPHER *e);
122        int EVP_CIPHER_get_iv_length(const EVP_CIPHER *e);
123        unsigned long EVP_CIPHER_get_flags(const EVP_CIPHER *e);
124        unsigned long EVP_CIPHER_get_mode(const EVP_CIPHER *e);
125        int EVP_CIPHER_get_type(const EVP_CIPHER *cipher);
126
127        const EVP_CIPHER *EVP_CIPHER_CTX_get0_cipher(const EVP_CIPHER_CTX *ctx);
128        EVP_CIPHER *EVP_CIPHER_CTX_get1_cipher(const EVP_CIPHER_CTX *ctx);
129        int EVP_CIPHER_CTX_get_nid(const EVP_CIPHER_CTX *ctx);
130        const char *EVP_CIPHER_CTX_get0_name(const EVP_CIPHER_CTX *ctx);
131
132        int EVP_CIPHER_get_params(EVP_CIPHER *cipher, OSSL_PARAM params[]);
133        int EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX *ctx, const OSSL_PARAM params[]);
134        int EVP_CIPHER_CTX_get_params(EVP_CIPHER_CTX *ctx, OSSL_PARAM params[]);
135        const OSSL_PARAM *EVP_CIPHER_gettable_params(const EVP_CIPHER *cipher);
136        const OSSL_PARAM *EVP_CIPHER_settable_ctx_params(const EVP_CIPHER *cipher);
137        const OSSL_PARAM *EVP_CIPHER_gettable_ctx_params(const EVP_CIPHER *cipher);
138        const OSSL_PARAM *EVP_CIPHER_CTX_settable_params(EVP_CIPHER_CTX *ctx);
139        const OSSL_PARAM *EVP_CIPHER_CTX_gettable_params(EVP_CIPHER_CTX *ctx);
140        int EVP_CIPHER_CTX_get_block_size(const EVP_CIPHER_CTX *ctx);
141        int EVP_CIPHER_CTX_get_key_length(const EVP_CIPHER_CTX *ctx);
142        int EVP_CIPHER_CTX_get_iv_length(const EVP_CIPHER_CTX *ctx);
143        int EVP_CIPHER_CTX_get_tag_length(const EVP_CIPHER_CTX *ctx);
144        void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
145        void EVP_CIPHER_CTX_set_app_data(const EVP_CIPHER_CTX *ctx, void *data);
146        int EVP_CIPHER_CTX_get_type(const EVP_CIPHER_CTX *ctx);
147        int EVP_CIPHER_CTX_get_mode(const EVP_CIPHER_CTX *ctx);
148        int EVP_CIPHER_CTX_get_num(const EVP_CIPHER_CTX *ctx);
149        int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num);
150        int EVP_CIPHER_CTX_is_encrypting(const EVP_CIPHER_CTX *ctx);
151
152        int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
153        int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
154
155        void EVP_CIPHER_do_all_provided(OSSL_LIB_CTX *libctx,
156                                        void (*fn)(EVP_CIPHER *cipher, void *arg),
157                                        void *arg);
158
159        #define EVP_CIPHER_nid EVP_CIPHER_get_nid
160        #define EVP_CIPHER_name EVP_CIPHER_get0_name
161        #define EVP_CIPHER_block_size EVP_CIPHER_get_block_size
162        #define EVP_CIPHER_key_length EVP_CIPHER_get_key_length
163        #define EVP_CIPHER_iv_length EVP_CIPHER_get_iv_length
164        #define EVP_CIPHER_flags EVP_CIPHER_get_flags
165        #define EVP_CIPHER_mode EVP_CIPHER_get_mode
166        #define EVP_CIPHER_type EVP_CIPHER_get_type
167        #define EVP_CIPHER_CTX_encrypting EVP_CIPHER_CTX_is_encrypting
168        #define EVP_CIPHER_CTX_nid EVP_CIPHER_CTX_get_nid
169        #define EVP_CIPHER_CTX_block_size EVP_CIPHER_CTX_get_block_size
170        #define EVP_CIPHER_CTX_key_length EVP_CIPHER_CTX_get_key_length
171        #define EVP_CIPHER_CTX_iv_length EVP_CIPHER_CTX_get_iv_length
172        #define EVP_CIPHER_CTX_tag_length EVP_CIPHER_CTX_get_tag_length
173        #define EVP_CIPHER_CTX_num EVP_CIPHER_CTX_get_num
174        #define EVP_CIPHER_CTX_type EVP_CIPHER_CTX_get_type
175        #define EVP_CIPHER_CTX_mode EVP_CIPHER_CTX_get_mode
176
177       The following function has been deprecated since OpenSSL 3.0, and can
178       be hidden entirely by defining OPENSSL_API_COMPAT with a suitable
179       version value, see openssl_user_macros(7):
180
181        const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
182
183       The following function has been deprecated since OpenSSL 1.1.0, and can
184       be hidden entirely by defining OPENSSL_API_COMPAT with a suitable
185       version value, see openssl_user_macros(7):
186
187        int EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx);
188

DESCRIPTION

190       The EVP cipher routines are a high-level interface to certain symmetric
191       ciphers.
192
193       The EVP_CIPHER type is a structure for cipher method implementation.
194
195       EVP_CIPHER_fetch()
196           Fetches the cipher implementation for the given algorithm from any
197           provider offering it, within the criteria given by the properties.
198           See "ALGORITHM FETCHING" in crypto(7) for further information.
199
200           The returned value must eventually be freed with EVP_CIPHER_free().
201
202           Fetched EVP_CIPHER structures are reference counted.
203
204       EVP_CIPHER_up_ref()
205           Increments the reference count for an EVP_CIPHER structure.
206
207       EVP_CIPHER_free()
208           Decrements the reference count for the fetched EVP_CIPHER
209           structure.  If the reference count drops to 0 then the structure is
210           freed.
211
212       EVP_CIPHER_CTX_new()
213           Allocates and returns a cipher context.
214
215       EVP_CIPHER_CTX_free()
216           Clears all information from a cipher context and frees any
217           allocated memory associated with it, including ctx itself. This
218           function should be called after all operations using a cipher are
219           complete so sensitive information does not remain in memory.
220
221       EVP_CIPHER_CTX_dup()
222           Can be used to duplicate the cipher state from in.  This is useful
223           to avoid multiple EVP_MD_fetch() calls or if large amounts of data
224           are to be hashed which only differ in the last few bytes.
225
226       EVP_CIPHER_CTX_copy()
227           Can be used to copy the cipher state from in to out.
228
229       EVP_CIPHER_CTX_ctrl()
230           This is a legacy method. EVP_CIPHER_CTX_set_params() and
231           EVP_CIPHER_CTX_get_params() is the mechanism that should be used to
232           set and get parameters that are used by providers.
233
234           Performs cipher-specific control actions on context ctx. The
235           control command is indicated in cmd and any additional arguments in
236           p1 and p2.  EVP_CIPHER_CTX_ctrl() must be called after
237           EVP_CipherInit_ex2(). Other restrictions may apply depending on the
238           control type and cipher implementation.
239
240           If this function happens to be used with a fetched EVP_CIPHER, it
241           will translate the controls that are known to OpenSSL into
242           OSSL_PARAM(3) parameters with keys defined by OpenSSL and call
243           EVP_CIPHER_CTX_get_params() or EVP_CIPHER_CTX_set_params() as is
244           appropriate for each control command.
245
246           See "CONTROLS" below for more information, including what
247           translations are being done.
248
249       EVP_CIPHER_get_params()
250           Retrieves the requested list of algorithm params from a CIPHER
251           cipher.  See "PARAMETERS" below for more information.
252
253       EVP_CIPHER_CTX_get_params()
254           Retrieves the requested list of params from CIPHER context ctx.
255           See "PARAMETERS" below for more information.
256
257       EVP_CIPHER_CTX_set_params()
258           Sets the list of params into a CIPHER context ctx.  See
259           "PARAMETERS" below for more information.
260
261       EVP_CIPHER_gettable_params()
262           Get a constant OSSL_PARAM(3) array that describes the retrievable
263           parameters that can be used with EVP_CIPHER_get_params().
264
265       EVP_CIPHER_gettable_ctx_params() and EVP_CIPHER_CTX_gettable_params()
266           Get a constant OSSL_PARAM(3) array that describes the retrievable
267           parameters that can be used with EVP_CIPHER_CTX_get_params().
268           EVP_CIPHER_gettable_ctx_params() returns the parameters that can be
269           retrieved from the algorithm, whereas
270           EVP_CIPHER_CTX_gettable_params() returns the parameters that can be
271           retrieved in the context's current state.
272
273       EVP_CIPHER_settable_ctx_params() and EVP_CIPHER_CTX_settable_params()
274           Get a constant OSSL_PARAM(3) array that describes the settable
275           parameters that can be used with EVP_CIPHER_CTX_set_params().
276           EVP_CIPHER_settable_ctx_params() returns the parameters that can be
277           set from the algorithm, whereas EVP_CIPHER_CTX_settable_params()
278           returns the parameters that can be set in the context's current
279           state.
280
281       EVP_EncryptInit_ex2()
282           Sets up cipher context ctx for encryption with cipher type. type is
283           typically supplied by calling EVP_CIPHER_fetch(). type may also be
284           set using legacy functions such as EVP_aes_256_cbc(), but this is
285           not recommended for new applications. key is the symmetric key to
286           use and iv is the IV to use (if necessary), the actual number of
287           bytes used for the key and IV depends on the cipher. The parameters
288           params will be set on the context after initialisation. It is
289           possible to set all parameters to NULL except type in an initial
290           call and supply the remaining parameters in subsequent calls, all
291           of which have type set to NULL. This is done when the default
292           cipher parameters are not appropriate.  For EVP_CIPH_GCM_MODE the
293           IV will be generated internally if it is not specified.
294
295       EVP_EncryptInit_ex()
296           This legacy function is similar to EVP_EncryptInit_ex2() when impl
297           is NULL.  The implementation of the type from the impl engine will
298           be used if it exists.
299
300       EVP_EncryptUpdate()
301           Encrypts inl bytes from the buffer in and writes the encrypted
302           version to out. This function can be called multiple times to
303           encrypt successive blocks of data. The amount of data written
304           depends on the block alignment of the encrypted data.  For most
305           ciphers and modes, the amount of data written can be anything from
306           zero bytes to (inl + cipher_block_size - 1) bytes.  For wrap cipher
307           modes, the amount of data written can be anything from zero bytes
308           to (inl + cipher_block_size) bytes.  For stream ciphers, the amount
309           of data written can be anything from zero bytes to inl bytes.
310           Thus, out should contain sufficient room for the operation being
311           performed.  The actual number of bytes written is placed in outl.
312           It also checks if in and out are partially overlapping, and if they
313           are 0 is returned to indicate failure.
314
315           If padding is enabled (the default) then EVP_EncryptFinal_ex()
316           encrypts the "final" data, that is any data that remains in a
317           partial block.  It uses standard block padding (aka PKCS padding)
318           as described in the NOTES section, below. The encrypted final data
319           is written to out which should have sufficient space for one cipher
320           block. The number of bytes written is placed in outl. After this
321           function is called the encryption operation is finished and no
322           further calls to EVP_EncryptUpdate() should be made.
323
324           If padding is disabled then EVP_EncryptFinal_ex() will not encrypt
325           any more data and it will return an error if any data remains in a
326           partial block: that is if the total data length is not a multiple
327           of the block size.
328
329       EVP_DecryptInit_ex2(), EVP_DecryptInit_ex(), EVP_DecryptUpdate() and
330       EVP_DecryptFinal_ex()
331           These functions are the corresponding decryption operations.
332           EVP_DecryptFinal() will return an error code if padding is enabled
333           and the final block is not correctly formatted. The parameters and
334           restrictions are identical to the encryption operations except that
335           if padding is enabled the decrypted data buffer out passed to
336           EVP_DecryptUpdate() should have sufficient room for (inl +
337           cipher_block_size) bytes unless the cipher block size is 1 in which
338           case inl bytes is sufficient.
339
340       EVP_CipherInit_ex2(), EVP_CipherInit_ex(), EVP_CipherUpdate() and
341       EVP_CipherFinal_ex()
342           These functions can be used for decryption or encryption. The
343           operation performed depends on the value of the enc parameter. It
344           should be set to 1 for encryption, 0 for decryption and -1 to leave
345           the value unchanged (the actual value of 'enc' being supplied in a
346           previous call).
347
348       EVP_CIPHER_CTX_reset()
349           Clears all information from a cipher context and free up any
350           allocated memory associated with it, except the ctx itself. This
351           function should be called anytime ctx is reused by another
352           EVP_CipherInit() / EVP_CipherUpdate() / EVP_CipherFinal() series of
353           calls.
354
355       EVP_EncryptInit(), EVP_DecryptInit() and EVP_CipherInit()
356           Behave in a similar way to EVP_EncryptInit_ex(),
357           EVP_DecryptInit_ex() and EVP_CipherInit_ex() except if the type is
358           not a fetched cipher they use the default implementation of the
359           type.
360
361       EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal()
362           Identical to EVP_EncryptFinal_ex(), EVP_DecryptFinal_ex() and
363           EVP_CipherFinal_ex(). In previous releases they also cleaned up the
364           ctx, but this is no longer done and EVP_CIPHER_CTX_cleanup() must
365           be called to free any context resources.
366
367       EVP_Cipher()
368           Encrypts or decrypts a maximum inl amount of bytes from in and
369           leaves the result in out.
370
371           For legacy ciphers - If the cipher doesn't have the flag
372           EVP_CIPH_FLAG_CUSTOM_CIPHER set, then inl must be a multiple of
373           EVP_CIPHER_get_block_size().  If it isn't, the result is undefined.
374           If the cipher has that flag set, then inl can be any size.
375
376           Due to the constraints of the API contract of this function it
377           shouldn't be used in applications, please consider using
378           EVP_CipherUpdate() and EVP_CipherFinal_ex() instead.
379
380       EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj()
381           Returns an EVP_CIPHER structure when passed a cipher name, a cipher
382           NID or an ASN1_OBJECT structure respectively.
383
384           EVP_get_cipherbyname() will return NULL for algorithms such as
385           "AES-128-SIV", "AES-128-CBC-CTS" and "CAMELLIA-128-CBC-CTS" which
386           were previously only accessible via low level interfaces.
387
388           The EVP_get_cipherbyname() function is present for backwards
389           compatibility with OpenSSL prior to version 3 and is different to
390           the EVP_CIPHER_fetch() function since it does not attempt to
391           "fetch" an implementation of the cipher.  Additionally, it only
392           knows about ciphers that are built-in to OpenSSL and have an
393           associated NID. Similarly EVP_get_cipherbynid() and
394           EVP_get_cipherbyobj() also return objects without an associated
395           implementation.
396
397           When the cipher objects returned by these functions are used (such
398           as in a call to EVP_EncryptInit_ex()) an implementation of the
399           cipher will be implicitly fetched from the loaded providers. This
400           fetch could fail if no suitable implementation is available. Use
401           EVP_CIPHER_fetch() instead to explicitly fetch the algorithm and an
402           associated implementation from a provider.
403
404           See "ALGORITHM FETCHING" in crypto(7) for more information about
405           fetching.
406
407           The cipher objects returned from these functions do not need to be
408           freed with EVP_CIPHER_free().
409
410       EVP_CIPHER_get_nid() and EVP_CIPHER_CTX_get_nid()
411           Return the NID of a cipher when passed an EVP_CIPHER or
412           EVP_CIPHER_CTX structure.  The actual NID value is an internal
413           value which may not have a corresponding OBJECT IDENTIFIER.
414
415       EVP_CIPHER_CTX_set_flags(), EVP_CIPHER_CTX_clear_flags() and
416       EVP_CIPHER_CTX_test_flags()
417           Sets, clears and tests ctx flags.  See "FLAGS" below for more
418           information.
419
420           For provided ciphers EVP_CIPHER_CTX_set_flags() should be called
421           only after the fetched cipher has been assigned to the ctx. It is
422           recommended to use "PARAMETERS" instead.
423
424       EVP_CIPHER_CTX_set_padding()
425           Enables or disables padding. This function should be called after
426           the context is set up for encryption or decryption with
427           EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or
428           EVP_CipherInit_ex2(). By default encryption operations are padded
429           using standard block padding and the padding is checked and removed
430           when decrypting. If the pad parameter is zero then no padding is
431           performed, the total amount of data encrypted or decrypted must
432           then be a multiple of the block size or an error will occur.
433
434       EVP_CIPHER_get_key_length() and EVP_CIPHER_CTX_get_key_length()
435           Return the key length of a cipher when passed an EVP_CIPHER or
436           EVP_CIPHER_CTX structure. The constant EVP_MAX_KEY_LENGTH is the
437           maximum key length for all ciphers. Note: although
438           EVP_CIPHER_get_key_length() is fixed for a given cipher, the value
439           of EVP_CIPHER_CTX_get_key_length() may be different for variable
440           key length ciphers.
441
442       EVP_CIPHER_CTX_set_key_length()
443           Sets the key length of the cipher context.  If the cipher is a
444           fixed length cipher then attempting to set the key length to any
445           value other than the fixed value is an error.
446
447       EVP_CIPHER_get_iv_length() and EVP_CIPHER_CTX_get_iv_length()
448           Return the IV length of a cipher when passed an EVP_CIPHER or
449           EVP_CIPHER_CTX. It will return zero if the cipher does not use an
450           IV.  The constant EVP_MAX_IV_LENGTH is the maximum IV length for
451           all ciphers.
452
453       EVP_CIPHER_CTX_get_tag_length()
454           Returns the tag length of an AEAD cipher when passed a
455           EVP_CIPHER_CTX. It will return zero if the cipher does not support
456           a tag. It returns a default value if the tag length has not been
457           set.
458
459       EVP_CIPHER_get_block_size() and EVP_CIPHER_CTX_get_block_size()
460           Return the block size of a cipher when passed an EVP_CIPHER or
461           EVP_CIPHER_CTX structure. The constant EVP_MAX_BLOCK_LENGTH is also
462           the maximum block length for all ciphers.
463
464       EVP_CIPHER_get_type() and EVP_CIPHER_CTX_get_type()
465           Return the type of the passed cipher or context. This "type" is the
466           actual NID of the cipher OBJECT IDENTIFIER and as such it ignores
467           the cipher parameters (40 bit RC2 and 128 bit RC2 have the same
468           NID). If the cipher does not have an object identifier or does not
469           have ASN1 support this function will return NID_undef.
470
471       EVP_CIPHER_is_a()
472           Returns 1 if cipher is an implementation of an algorithm that's
473           identifiable with name, otherwise 0. If cipher is a legacy cipher
474           (it's the return value from the likes of EVP_aes128() rather than
475           the result of an EVP_CIPHER_fetch()), only cipher names registered
476           with the default library context (see OSSL_LIB_CTX(3)) will be
477           considered.
478
479       EVP_CIPHER_get0_name() and EVP_CIPHER_CTX_get0_name()
480           Return the name of the passed cipher or context.  For fetched
481           ciphers with multiple names, only one of them is returned. See also
482           EVP_CIPHER_names_do_all().
483
484       EVP_CIPHER_names_do_all()
485           Traverses all names for the cipher, and calls fn with each name and
486           data.  This is only useful with fetched EVP_CIPHERs.
487
488       EVP_CIPHER_get0_description()
489           Returns a description of the cipher, meant for display and human
490           consumption.  The description is at the discretion of the cipher
491           implementation.
492
493       EVP_CIPHER_get0_provider()
494           Returns an OSSL_PROVIDER pointer to the provider that implements
495           the given EVP_CIPHER.
496
497       EVP_CIPHER_CTX_get0_cipher()
498           Returns the EVP_CIPHER structure when passed an EVP_CIPHER_CTX
499           structure.  EVP_CIPHER_CTX_get1_cipher() is the same except the
500           ownership is passed to the caller.
501
502       EVP_CIPHER_get_mode() and EVP_CIPHER_CTX_get_mode()
503           Return the block cipher mode: EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE,
504           EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE,
505           EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE,
506           EVP_CIPH_WRAP_MODE, EVP_CIPH_OCB_MODE or EVP_CIPH_SIV_MODE.  If the
507           cipher is a stream cipher then EVP_CIPH_STREAM_CIPHER is returned.
508
509       EVP_CIPHER_get_flags()
510           Returns any flags associated with the cipher. See "FLAGS" for a
511           list of currently defined flags.
512
513       EVP_CIPHER_CTX_get_num() and EVP_CIPHER_CTX_set_num()
514           Gets or sets the cipher specific "num" parameter for the associated
515           ctx.  Built-in ciphers typically use this to track how much of the
516           current underlying block has been "used" already.
517
518       EVP_CIPHER_CTX_is_encrypting()
519           Reports whether the ctx is being used for encryption or decryption.
520
521       EVP_CIPHER_CTX_flags()
522           A deprecated macro calling
523           "EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx))".  Do not
524           use.
525
526       EVP_CIPHER_param_to_asn1()
527           Sets the AlgorithmIdentifier "parameter" based on the passed
528           cipher. This will typically include any parameters and an IV. The
529           cipher IV (if any) must be set when this call is made. This call
530           should be made before the cipher is actually "used" (before any
531           EVP_EncryptUpdate(), EVP_DecryptUpdate() calls for example).  This
532           function may fail if the cipher does not have any ASN1 support.
533
534       EVP_CIPHER_asn1_to_param()
535           Sets the cipher parameters based on an ASN1 AlgorithmIdentifier
536           "parameter".  The precise effect depends on the cipher. In the case
537           of RC2, for example, it will set the IV and effective key length.
538           This function should be called after the base cipher type is set
539           but before the key is set. For example EVP_CipherInit() will be
540           called with the IV and key set to NULL, EVP_CIPHER_asn1_to_param()
541           will be called and finally EVP_CipherInit() again with all
542           parameters except the key set to NULL. It is possible for this
543           function to fail if the cipher does not have any ASN1 support or
544           the parameters cannot be set (for example the RC2 effective key
545           length is not supported.
546
547       EVP_CIPHER_CTX_rand_key()
548           Generates a random key of the appropriate length based on the
549           cipher context.  The EVP_CIPHER can provide its own random key
550           generation routine to support keys of a specific form. key must
551           point to a buffer at least as big as the value returned by
552           EVP_CIPHER_CTX_get_key_length().
553
554       EVP_CIPHER_do_all_provided()
555           Traverses all ciphers implemented by all activated providers in the
556           given library context libctx, and for each of the implementations,
557           calls the given function fn with the implementation method and the
558           given arg as argument.
559

PARAMETERS

561       See OSSL_PARAM(3) for information about passing parameters.
562
563   Gettable EVP_CIPHER parameters
564       When EVP_CIPHER_fetch() is called it internally calls
565       EVP_CIPHER_get_params() and caches the results.
566
567       EVP_CIPHER_get_params() can be used with the following OSSL_PARAM(3)
568       keys:
569
570       "mode" (OSSL_CIPHER_PARAM_MODE) <unsigned integer>
571           Gets the mode for the associated cipher algorithm cipher.  See
572           "EVP_CIPHER_get_mode() and EVP_CIPHER_CTX_get_mode()" for a list of
573           valid modes.  Use EVP_CIPHER_get_mode() to retrieve the cached
574           value.
575
576       "keylen" (OSSL_CIPHER_PARAM_KEYLEN) <unsigned integer>
577           Gets the key length for the associated cipher algorithm cipher.
578           Use EVP_CIPHER_get_key_length() to retrieve the cached value.
579
580       "ivlen" (OSSL_CIPHER_PARAM_IVLEN) <unsigned integer>
581           Gets the IV length for the associated cipher algorithm cipher.  Use
582           EVP_CIPHER_get_iv_length() to retrieve the cached value.
583
584       "blocksize" (OSSL_CIPHER_PARAM_BLOCK_SIZE) <unsigned integer>
585           Gets the block size for the associated cipher algorithm cipher.
586           The block size should be 1 for stream ciphers.  Note that the block
587           size for a cipher may be different to the block size for the
588           underlying encryption/decryption primitive.  For example AES in CTR
589           mode has a block size of 1 (because it operates like a stream
590           cipher), even though AES has a block size of 16.  Use
591           EVP_CIPHER_get_block_size() to retrieve the cached value.
592
593       "aead" (OSSL_CIPHER_PARAM_AEAD) <integer>
594           Gets 1 if this is an AEAD cipher algorithm, otherwise it gets 0.
595           Use (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) to
596           retrieve the cached value.
597
598       "custom-iv" (OSSL_CIPHER_PARAM_CUSTOM_IV) <integer>
599           Gets 1 if the cipher algorithm cipher has a custom IV, otherwise it
600           gets 0.  Storing and initializing the IV is left entirely to the
601           implementation, if a custom IV is used.  Use
602           (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_CUSTOM_IV) to retrieve the
603           cached value.
604
605       "cts" (OSSL_CIPHER_PARAM_CTS) <integer>
606           Gets 1 if the cipher algorithm cipher uses ciphertext stealing,
607           otherwise it gets 0.  This is currently used to indicate that the
608           cipher is a one shot that only allows a single call to
609           EVP_CipherUpdate().  Use (EVP_CIPHER_get_flags(cipher) &
610           EVP_CIPH_FLAG_CTS) to retrieve the cached value.
611
612       "tls-multi" (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK) <integer>
613           Gets 1 if the cipher algorithm cipher supports interleaving of
614           crypto blocks, otherwise it gets 0. The interleaving is an
615           optimization only applicable to certain TLS ciphers.  Use
616           (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) to
617           retrieve the cached value.
618
619       "has-randkey" (OSSL_CIPHER_PARAM_HAS_RANDKEY) <integer>
620           Gets 1 if the cipher algorithm cipher supports the gettable
621           EVP_CIPHER_CTX parameter OSSL_CIPHER_PARAM_RANDOM_KEY. Only DES and
622           3DES set this to 1, all other OpenSSL ciphers return 0.
623
624   Gettable and Settable EVP_CIPHER_CTX parameters
625       The following OSSL_PARAM(3) keys can be used with both
626       EVP_CIPHER_CTX_get_params() and EVP_CIPHER_CTX_set_params().
627
628       "padding" (OSSL_CIPHER_PARAM_PADDING) <unsigned integer>
629           Gets or sets the padding mode for the cipher context ctx.  Padding
630           is enabled if the value is 1, and disabled if the value is 0.  See
631           also EVP_CIPHER_CTX_set_padding().
632
633       "num" (OSSL_CIPHER_PARAM_NUM) <unsigned integer>
634           Gets or sets the cipher specific "num" parameter for the cipher
635           context ctx.  Built-in ciphers typically use this to track how much
636           of the current underlying block has been "used" already.  See also
637           EVP_CIPHER_CTX_get_num() and EVP_CIPHER_CTX_set_num().
638
639       "keylen" (OSSL_CIPHER_PARAM_KEYLEN) <unsigned integer>
640           Gets or sets the key length for the cipher context ctx.  The length
641           of the "keylen" parameter should not exceed that of a size_t.  See
642           also EVP_CIPHER_CTX_get_key_length() and
643           EVP_CIPHER_CTX_set_key_length().
644
645       "tag" (OSSL_CIPHER_PARAM_AEAD_TAG) <octet string>
646           Gets or sets the AEAD tag for the associated cipher context ctx.
647           See "AEAD Interface" in EVP_EncryptInit(3).
648
649       "keybits" (OSSL_CIPHER_PARAM_RC2_KEYBITS) <unsigned integer>
650           Gets or sets the effective keybits used for a RC2 cipher.  The
651           length of the "keybits" parameter should not exceed that of a
652           size_t.
653
654       "rounds" (OSSL_CIPHER_PARAM_ROUNDS) <unsigned integer>
655           Gets or sets the number of rounds to be used for a cipher.  This is
656           used by the RC5 cipher.
657
658       "alg_id_param" (OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS) <octet string>
659           Used to pass the DER encoded AlgorithmIdentifier parameter to or
660           from the cipher implementation.  Functions like
661           EVP_CIPHER_param_to_asn1(3) and EVP_CIPHER_asn1_to_param(3) use
662           this parameter for any implementation that has the flag
663           EVP_CIPH_FLAG_CUSTOM_ASN1 set.
664
665       "cts_mode" (OSSL_CIPHER_PARAM_CTS_MODE) <UTF8 string>
666           Gets or sets the cipher text stealing mode. For all modes the
667           output size is the same as the input size. The input length must be
668           greater than or equal to the block size. (The block size for AES
669           and CAMELLIA is 16 bytes).
670
671           Valid values for the mode are:
672
673           "CS1"
674               The NIST variant of cipher text stealing.  For input lengths
675               that are multiples of the block size it is equivalent to using
676               a "AES-XXX-CBC" or "CAMELLIA-XXX-CBC" cipher otherwise the
677               second last cipher text block is a partial block.
678
679           "CS2"
680               For input lengths that are multiples of the block size it is
681               equivalent to using a "AES-XXX-CBC" or "CAMELLIA-XXX-CBC"
682               cipher, otherwise it is the same as "CS3" mode.
683
684           "CS3"
685               The Kerberos5 variant of cipher text stealing which always
686               swaps the last cipher text block with the previous block (which
687               may be a partial or full block depending on the input length).
688               If the input length is exactly one full block then this is
689               equivalent to using a "AES-XXX-CBC" or "CAMELLIA-XXX-CBC"
690               cipher.
691
692           The default is "CS1".  This is only supported for
693           "AES-128-CBC-CTS", "AES-192-CBC-CTS", "AES-256-CBC-CTS",
694           "CAMELLIA-128-CBC-CTS", "CAMELLIA-192-CBC-CTS" and
695           "CAMELLIA-256-CBC-CTS".
696
697       "tls1multi_interleave" (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE)
698       <unsigned integer>
699           Sets or gets the number of records being sent in one go for a tls1
700           multiblock cipher operation (either 4 or 8 records).
701
702   Gettable EVP_CIPHER_CTX parameters
703       The following OSSL_PARAM(3) keys can be used with
704       EVP_CIPHER_CTX_get_params():
705
706       "ivlen" (OSSL_CIPHER_PARAM_IVLEN and <OSSL_CIPHER_PARAM_AEAD_IVLEN)
707       <unsigned integer>
708           Gets the IV length for the cipher context ctx.  The length of the
709           "ivlen" parameter should not exceed that of a size_t.  See also
710           EVP_CIPHER_CTX_get_iv_length().
711
712       "iv" (OSSL_CIPHER_PARAM_IV) <octet string OR octet ptr>
713           Gets the IV used to initialize the associated cipher context ctx.
714           See also EVP_CIPHER_CTX_get_original_iv().
715
716       "updated-iv" (OSSL_CIPHER_PARAM_UPDATED_IV) <octet string OR octet ptr>
717           Gets the updated pseudo-IV state for the associated cipher context,
718           e.g., the previous ciphertext block for CBC mode or the iteratively
719           encrypted IV value for OFB mode.  Note that octet pointer access is
720           deprecated and is provided only for backwards compatibility with
721           historical libcrypto APIs.  See also
722           EVP_CIPHER_CTX_get_updated_iv().
723
724       "randkey" (OSSL_CIPHER_PARAM_RANDOM_KEY) <octet string>
725           Gets an implementation specific randomly generated key for the
726           associated cipher context ctx. This is currently only supported by
727           DES and 3DES (which set the key to odd parity).
728
729       "taglen" (OSSL_CIPHER_PARAM_AEAD_TAGLEN) <unsigned integer>
730           Gets the tag length to be used for an AEAD cipher for the
731           associated cipher context ctx. It gets a default value if it has
732           not been set.  The length of the "taglen" parameter should not
733           exceed that of a size_t.  See also EVP_CIPHER_CTX_get_tag_length().
734
735       "tlsaadpad" (OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD) <unsigned integer>
736           Gets the length of the tag that will be added to a TLS record for
737           the AEAD tag for the associated cipher context ctx.  The length of
738           the "tlsaadpad" parameter should not exceed that of a size_t.
739
740       "tlsivgen" (OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN) <octet string>
741           Gets the invocation field generated for encryption.  Can only be
742           called after "tlsivfixed" is set.  This is only used for GCM mode.
743
744       "tls1multi_enclen" (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN)
745       <unsigned integer>
746           Get the total length of the record returned from the
747           "tls1multi_enc" operation.
748
749       "tls1multi_maxbufsz" (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE)
750       <unsigned integer>
751           Gets the maximum record length for a TLS1 multiblock cipher
752           operation.  The length of the "tls1multi_maxbufsz" parameter should
753           not exceed that of a size_t.
754
755       "tls1multi_aadpacklen" (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN)
756       <unsigned integer>
757           Gets the result of running the "tls1multi_aad" operation.
758
759       "tls-mac" (OSSL_CIPHER_PARAM_TLS_MAC) <octet ptr>
760           Used to pass the TLS MAC data.
761
762   Settable EVP_CIPHER_CTX parameters
763       The following OSSL_PARAM(3) keys can be used with
764       EVP_CIPHER_CTX_set_params():
765
766       "mackey" (OSSL_CIPHER_PARAM_AEAD_MAC_KEY) <octet string>
767           Sets the MAC key used by composite AEAD ciphers such as
768           AES-CBC-HMAC-SHA256.
769
770       "speed" (OSSL_CIPHER_PARAM_SPEED) <unsigned integer>
771           Sets the speed option for the associated cipher context. This is
772           only supported by AES SIV ciphers which disallow multiple
773           operations by default.  Setting "speed" to 1 allows another encrypt
774           or decrypt operation to be performed. This is used for performance
775           testing.
776
777       "use-bits" (OSSL_CIPHER_PARAM_USE_BITS) <unsigned integer>
778           Determines if the input length inl passed to EVP_EncryptUpdate(),
779           EVP_DecryptUpdate() and EVP_CipherUpdate() is the number of bits or
780           number of bytes.  Setting "use-bits" to 1 uses bits. The default is
781           in bytes.  This is only used for CFB1 ciphers.
782
783           This can be set using EVP_CIPHER_CTX_set_flags(ctx,
784           EVP_CIPH_FLAG_LENGTH_BITS).
785
786       "tls-version" (OSSL_CIPHER_PARAM_TLS_VERSION) <integer>
787           Sets the TLS version.
788
789       "tls-mac-size" (OSSL_CIPHER_PARAM_TLS_MAC_SIZE) <unsigned integer>
790           Set the TLS MAC size.
791
792       "tlsaad" (OSSL_CIPHER_PARAM_AEAD_TLS1_AAD) <octet string>
793           Sets TLSv1.2 AAD information for the associated cipher context ctx.
794           TLSv1.2 AAD information is always 13 bytes in length and is as
795           defined for the "additional_data" field described in section
796           6.2.3.3 of RFC5246.
797
798       "tlsivfixed" (OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED) <octet string>
799           Sets the fixed portion of an IV for an AEAD cipher used in a TLS
800           record encryption/ decryption for the associated cipher context.
801           TLS record encryption/decryption always occurs "in place" so that
802           the input and output buffers are always the same memory location.
803           AEAD IVs in TLSv1.2 consist of an implicit "fixed" part and an
804           explicit part that varies with every record.  Setting a TLS fixed
805           IV changes a cipher to encrypt/decrypt TLS records.  TLS records
806           are encrypted/decrypted using a single OSSL_FUNC_cipher_cipher call
807           per record.  For a record decryption the first bytes of the input
808           buffer will be the explicit part of the IV and the final bytes of
809           the input buffer will be the AEAD tag.  The length of the explicit
810           part of the IV and the tag length will depend on the cipher in use
811           and will be defined in the RFC for the relevant ciphersuite.  In
812           order to allow for "in place" decryption the plaintext output
813           should be written to the same location in the output buffer that
814           the ciphertext payload was read from, i.e. immediately after the
815           explicit IV.
816
817           When encrypting a record the first bytes of the input buffer should
818           be empty to allow space for the explicit IV, as will the final
819           bytes where the tag will be written.  The length of the input
820           buffer will include the length of the explicit IV, the payload, and
821           the tag bytes.  The cipher implementation should generate the
822           explicit IV and write it to the beginning of the output buffer, do
823           "in place" encryption of the payload and write that to the output
824           buffer, and finally add the tag onto the end of the output buffer.
825
826           Whether encrypting or decrypting the value written to *outl in the
827           OSSL_FUNC_cipher_cipher call should be the length of the payload
828           excluding the explicit IV length and the tag length.
829
830       "tlsivinv" (OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV) <octet string>
831           Sets the invocation field used for decryption.  Can only be called
832           after "tlsivfixed" is set.  This is only used for GCM mode.
833
834       "tls1multi_enc" (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC) <octet string>
835           Triggers a multiblock TLS1 encrypt operation for a TLS1 aware
836           cipher that supports sending 4 or 8 records in one go.  The cipher
837           performs both the MAC and encrypt stages and constructs the record
838           headers itself.  "tls1multi_enc" supplies the output buffer for the
839           encrypt operation, "tls1multi_encin" & "tls1multi_interleave" must
840           also be set in order to supply values to the encrypt operation.
841
842       "tls1multi_encin" (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN) <octet
843       string>
844           Supplies the data to encrypt for a TLS1 multiblock cipher
845           operation.
846
847       "tls1multi_maxsndfrag"
848       (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT) <unsigned
849       integer>
850           Sets the maximum send fragment size for a TLS1 multiblock cipher
851           operation.  It must be set before using "tls1multi_maxbufsz".  The
852           length of the "tls1multi_maxsndfrag" parameter should not exceed
853           that of a size_t.
854
855       "tls1multi_aad" (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD) <octet string>
856           Sets the authenticated additional data used by a TLS1 multiblock
857           cipher operation.  The supplied data consists of 13 bytes of record
858           data containing: Bytes 0-7: The sequence number of the first record
859           Byte 8: The record type Byte 9-10: The protocol version Byte 11-12:
860           Input length (Always 0)
861
862           "tls1multi_interleave" must also be set for this operation.
863

CONTROLS

865       The Mappings from EVP_CIPHER_CTX_ctrl() identifiers to PARAMETERS are
866       listed in the following section. See the "PARAMETERS" section for more
867       details.
868
869       EVP_CIPHER_CTX_ctrl() can be used to send the following standard
870       controls:
871
872       EVP_CTRL_AEAD_SET_IVLEN and EVP_CTRL_GET_IVLEN
873           When used with a fetched EVP_CIPHER, EVP_CIPHER_CTX_set_params()
874           and EVP_CIPHER_CTX_get_params() get called with an OSSL_PARAM(3)
875           item with the key "ivlen" (OSSL_CIPHER_PARAM_IVLEN).
876
877       EVP_CTRL_AEAD_SET_IV_FIXED
878           When used with a fetched EVP_CIPHER, EVP_CIPHER_CTX_set_params()
879           gets called with an OSSL_PARAM(3) item with the key "tlsivfixed"
880           (OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED).
881
882       EVP_CTRL_AEAD_SET_MAC_KEY
883           When used with a fetched EVP_CIPHER, EVP_CIPHER_CTX_set_params()
884           gets called with an OSSL_PARAM(3) item with the key "mackey"
885           (OSSL_CIPHER_PARAM_AEAD_MAC_KEY).
886
887       EVP_CTRL_AEAD_SET_TAG and EVP_CTRL_AEAD_GET_TAG
888           When used with a fetched EVP_CIPHER, EVP_CIPHER_CTX_set_params()
889           and EVP_CIPHER_CTX_get_params() get called with an OSSL_PARAM(3)
890           item with the key "tag" (OSSL_CIPHER_PARAM_AEAD_TAG).
891
892       EVP_CTRL_CCM_SET_L
893           When used with a fetched EVP_CIPHER, EVP_CIPHER_CTX_set_params()
894           gets called with an OSSL_PARAM(3) item with the key "ivlen"
895           (OSSL_CIPHER_PARAM_IVLEN) with a value of (15 - L)
896
897       EVP_CTRL_COPY
898           There is no OSSL_PARAM mapping for this. Use EVP_CIPHER_CTX_copy()
899           instead.
900
901       EVP_CTRL_GCM_SET_IV_INV
902           When used with a fetched EVP_CIPHER, EVP_CIPHER_CTX_set_params()
903           gets called with an OSSL_PARAM(3) item with the key "tlsivinv"
904           (OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV).
905
906       EVP_CTRL_RAND_KEY
907           When used with a fetched EVP_CIPHER, EVP_CIPHER_CTX_set_params()
908           gets called with an OSSL_PARAM(3) item with the key "randkey"
909           (OSSL_CIPHER_PARAM_RANDOM_KEY).
910
911       EVP_CTRL_SET_KEY_LENGTH
912           When used with a fetched EVP_CIPHER, EVP_CIPHER_CTX_set_params()
913           gets called with an OSSL_PARAM(3) item with the key "keylen"
914           (OSSL_CIPHER_PARAM_KEYLEN).
915
916       EVP_CTRL_SET_RC2_KEY_BITS and EVP_CTRL_GET_RC2_KEY_BITS
917           When used with a fetched EVP_CIPHER, EVP_CIPHER_CTX_set_params()
918           and EVP_CIPHER_CTX_get_params() get called with an OSSL_PARAM(3)
919           item with the key "keybits" (OSSL_CIPHER_PARAM_RC2_KEYBITS).
920
921       EVP_CTRL_SET_RC5_ROUNDS and EVP_CTRL_GET_RC5_ROUNDS
922           When used with a fetched EVP_CIPHER, EVP_CIPHER_CTX_set_params()
923           and EVP_CIPHER_CTX_get_params() get called with an OSSL_PARAM(3)
924           item with the key "rounds" (OSSL_CIPHER_PARAM_ROUNDS).
925
926       EVP_CTRL_SET_SPEED
927           When used with a fetched EVP_CIPHER, EVP_CIPHER_CTX_set_params()
928           gets called with an OSSL_PARAM(3) item with the key "speed"
929           (OSSL_CIPHER_PARAM_SPEED).
930
931       EVP_CTRL_GCM_IV_GEN
932           When used with a fetched EVP_CIPHER, EVP_CIPHER_CTX_get_params()
933           gets called with an OSSL_PARAM(3) item with the key "tlsivgen"
934           (OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN).
935
936       EVP_CTRL_AEAD_TLS1_AAD
937           When used with a fetched EVP_CIPHER, EVP_CIPHER_CTX_set_params()
938           get called with an OSSL_PARAM(3) item with the key "tlsaad"
939           (OSSL_CIPHER_PARAM_AEAD_TLS1_AAD) followed by
940           EVP_CIPHER_CTX_get_params() with a key of "tlsaadpad"
941           (OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD).
942
943       EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE
944           When used with a fetched EVP_CIPHER, EVP_CIPHER_CTX_set_params()
945           gets called with an OSSL_PARAM(3) item with the key
946           OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT followed by
947           EVP_CIPHER_CTX_get_params() with a key of "tls1multi_maxbufsz"
948           (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE).
949
950       EVP_CTRL_TLS1_1_MULTIBLOCK_AAD
951           When used with a fetched EVP_CIPHER, EVP_CIPHER_CTX_set_params()
952           gets called with OSSL_PARAM(3) items with the keys "tls1multi_aad"
953           (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD) and "tls1multi_interleave"
954           (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE) followed by
955           EVP_CIPHER_CTX_get_params() with keys of "tls1multi_aadpacklen"
956           (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN) and
957           "tls1multi_interleave"
958           (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE).
959
960       EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT
961           When used with a fetched EVP_CIPHER, EVP_CIPHER_CTX_set_params()
962           gets called with OSSL_PARAM(3) items with the keys "tls1multi_enc"
963           (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC), "tls1multi_encin"
964           (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN) and
965           "tls1multi_interleave"
966           (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE), followed by
967           EVP_CIPHER_CTX_get_params() with a key of "tls1multi_enclen"
968           (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN).
969

FLAGS

971       EVP_CIPHER_CTX_set_flags(), EVP_CIPHER_CTX_clear_flags() and
972       EVP_CIPHER_CTX_test_flags().  can be used to manipulate and test these
973       EVP_CIPHER_CTX flags:
974
975       EVP_CIPH_NO_PADDING
976           Used by EVP_CIPHER_CTX_set_padding().
977
978           See also "Gettable and Settable EVP_CIPHER_CTX parameters"
979           "padding"
980
981       EVP_CIPH_FLAG_LENGTH_BITS
982           See "Settable EVP_CIPHER_CTX parameters" "use-bits".
983
984       EVP_CIPHER_CTX_FLAG_WRAP_ALLOW
985           Used for Legacy purposes only. This flag needed to be set to
986           indicate the cipher handled wrapping.
987
988       EVP_CIPHER_flags() uses the following flags that have mappings to
989       "Gettable EVP_CIPHER parameters":
990
991       EVP_CIPH_FLAG_AEAD_CIPHER
992           See "Gettable EVP_CIPHER parameters" "aead".
993
994       EVP_CIPH_CUSTOM_IV
995           See "Gettable EVP_CIPHER parameters" "custom-iv".
996
997       EVP_CIPH_FLAG_CTS
998           See "Gettable EVP_CIPHER parameters" "cts".
999
1000       EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK;
1001           See "Gettable EVP_CIPHER parameters" "tls-multi".
1002
1003       EVP_CIPH_RAND_KEY
1004           See "Gettable EVP_CIPHER parameters" "has-randkey".
1005
1006       EVP_CIPHER_flags() uses the following flags for legacy purposes only:
1007
1008       EVP_CIPH_VARIABLE_LENGTH
1009       EVP_CIPH_FLAG_CUSTOM_CIPHER
1010       EVP_CIPH_ALWAYS_CALL_INIT
1011       EVP_CIPH_CTRL_INIT
1012       EVP_CIPH_CUSTOM_KEY_LENGTH
1013       EVP_CIPH_CUSTOM_COPY
1014       EVP_CIPH_FLAG_DEFAULT_ASN1
1015           See EVP_CIPHER_meth_set_flags(3) for further information related to
1016           the above flags.
1017

RETURN VALUES

1019       EVP_CIPHER_fetch() returns a pointer to a EVP_CIPHER for success and
1020       NULL for failure.
1021
1022       EVP_CIPHER_up_ref() returns 1 for success or 0 otherwise.
1023
1024       EVP_CIPHER_CTX_new() returns a pointer to a newly created
1025       EVP_CIPHER_CTX for success and NULL for failure.
1026
1027       EVP_CIPHER_CTX_dup() returns a new EVP_MD_CTX if successful or NULL on
1028       failure.
1029
1030       EVP_CIPHER_CTX_copy() returns 1 if successful or 0 for failure.
1031
1032       EVP_EncryptInit_ex2(), EVP_EncryptUpdate() and EVP_EncryptFinal_ex()
1033       return 1 for success and 0 for failure.
1034
1035       EVP_DecryptInit_ex2() and EVP_DecryptUpdate() return 1 for success and
1036       0 for failure.  EVP_DecryptFinal_ex() returns 0 if the decrypt failed
1037       or 1 for success.
1038
1039       EVP_CipherInit_ex2() and EVP_CipherUpdate() return 1 for success and 0
1040       for failure.  EVP_CipherFinal_ex() returns 0 for a decryption failure
1041       or 1 for success.
1042
1043       EVP_Cipher() returns the amount of encrypted / decrypted bytes, or -1
1044       on failure if the flag EVP_CIPH_FLAG_CUSTOM_CIPHER is set for the
1045       cipher.  EVP_Cipher() returns 1 on success or 0 on failure, if the flag
1046       EVP_CIPH_FLAG_CUSTOM_CIPHER is not set for the cipher.
1047
1048       EVP_CIPHER_CTX_reset() returns 1 for success and 0 for failure.
1049
1050       EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj()
1051       return an EVP_CIPHER structure or NULL on error.
1052
1053       EVP_CIPHER_get_nid() and EVP_CIPHER_CTX_get_nid() return a NID.
1054
1055       EVP_CIPHER_get_block_size() and EVP_CIPHER_CTX_get_block_size() return
1056       the block size.
1057
1058       EVP_CIPHER_get_key_length() and EVP_CIPHER_CTX_get_key_length() return
1059       the key length.
1060
1061       EVP_CIPHER_CTX_set_padding() always returns 1.
1062
1063       EVP_CIPHER_get_iv_length() and EVP_CIPHER_CTX_get_iv_length() return
1064       the IV length or zero if the cipher does not use an IV.
1065
1066       EVP_CIPHER_CTX_get_tag_length() return the tag length or zero if the
1067       cipher does not use a tag.
1068
1069       EVP_CIPHER_get_type() and EVP_CIPHER_CTX_get_type() return the NID of
1070       the cipher's OBJECT IDENTIFIER or NID_undef if it has no defined OBJECT
1071       IDENTIFIER.
1072
1073       EVP_CIPHER_CTX_cipher() returns an EVP_CIPHER structure.
1074
1075       EVP_CIPHER_CTX_get_num() returns a nonnegative num value or
1076       EVP_CTRL_RET_UNSUPPORTED if the implementation does not support the
1077       call or on any other error.
1078
1079       EVP_CIPHER_CTX_set_num() returns 1 on success and 0 if the
1080       implementation does not support the call or on any other error.
1081
1082       EVP_CIPHER_CTX_is_encrypting() returns 1 if the ctx is set up for
1083       encryption 0 otherwise.
1084
1085       EVP_CIPHER_param_to_asn1() and EVP_CIPHER_asn1_to_param() return
1086       greater than zero for success and zero or a negative number on failure.
1087
1088       EVP_CIPHER_CTX_rand_key() returns 1 for success and zero or a negative
1089       number for failure.
1090
1091       EVP_CIPHER_names_do_all() returns 1 if the callback was called for all
1092       names.  A return value of 0 means that the callback was not called for
1093       any names.
1094

CIPHER LISTING

1096       All algorithms have a fixed key length unless otherwise stated.
1097
1098       Refer to "SEE ALSO" for the full list of ciphers available through the
1099       EVP interface.
1100
1101       EVP_enc_null()
1102           Null cipher: does nothing.
1103

AEAD INTERFACE

1105       The EVP interface for Authenticated Encryption with Associated Data
1106       (AEAD) modes are subtly altered and several additional ctrl operations
1107       are supported depending on the mode specified.
1108
1109       To specify additional authenticated data (AAD), a call to
1110       EVP_CipherUpdate(), EVP_EncryptUpdate() or EVP_DecryptUpdate() should
1111       be made with the output parameter out set to NULL.
1112
1113       When decrypting, the return value of EVP_DecryptFinal() or
1114       EVP_CipherFinal() indicates whether the operation was successful. If it
1115       does not indicate success, the authentication operation has failed and
1116       any output data MUST NOT be used as it is corrupted.
1117
1118   GCM and OCB Modes
1119       The following ctrls are supported in GCM and OCB modes.
1120
1121       EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)
1122           Sets the IV length. This call can only be made before specifying an
1123           IV. If not called a default IV length is used.
1124
1125           For GCM AES and OCB AES the default is 12 (i.e. 96 bits). For OCB
1126           mode the maximum is 15.
1127
1128       EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag)
1129           Writes "taglen" bytes of the tag value to the buffer indicated by
1130           "tag".  This call can only be made when encrypting data and after
1131           all data has been processed (e.g. after an EVP_EncryptFinal()
1132           call).
1133
1134           For OCB, "taglen" must either be 16 or the value previously set via
1135           EVP_CTRL_AEAD_SET_TAG.
1136
1137       EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)
1138           When decrypting, this call sets the expected tag to "taglen" bytes
1139           from "tag".  "taglen" must be between 1 and 16 inclusive.  The tag
1140           must be set prior to any call to EVP_DecryptFinal() or
1141           EVP_DecryptFinal_ex().
1142
1143           For GCM, this call is only valid when decrypting data.
1144
1145           For OCB, this call is valid when decrypting data to set the
1146           expected tag, and when encrypting to set the desired tag length.
1147
1148           In OCB mode, calling this when encrypting with "tag" set to "NULL"
1149           sets the tag length. The tag length can only be set before
1150           specifying an IV. If this is not called prior to setting the IV
1151           during encryption, then a default tag length is used.
1152
1153           For OCB AES, the default tag length is 16 (i.e. 128 bits).  It is
1154           also the maximum tag length for OCB.
1155
1156   CCM Mode
1157       The EVP interface for CCM mode is similar to that of the GCM mode but
1158       with a few additional requirements and different ctrl values.
1159
1160       For CCM mode, the total plaintext or ciphertext length MUST be passed
1161       to EVP_CipherUpdate(), EVP_EncryptUpdate() or EVP_DecryptUpdate() with
1162       the output and input parameters (in and out) set to NULL and the length
1163       passed in the inl parameter.
1164
1165       The following ctrls are supported in CCM mode.
1166
1167       EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)
1168           This call is made to set the expected CCM tag value when decrypting
1169           or the length of the tag (with the "tag" parameter set to NULL)
1170           when encrypting.  The tag length is often referred to as M. If not
1171           set a default value is used (12 for AES). When decrypting, the tag
1172           needs to be set before passing in data to be decrypted, but as in
1173           GCM and OCB mode, it can be set after passing additional
1174           authenticated data (see "AEAD INTERFACE").
1175
1176       EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_L, ivlen, NULL)
1177           Sets the CCM L value. If not set a default is used (8 for AES).
1178
1179       EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)
1180           Sets the CCM nonce (IV) length. This call can only be made before
1181           specifying a nonce value. The nonce length is given by 15 - L so it
1182           is 7 by default for AES.
1183
1184   SIV Mode
1185       For SIV mode ciphers the behaviour of the EVP interface is subtly
1186       altered and several additional ctrl operations are supported.
1187
1188       To specify any additional authenticated data (AAD) and/or a Nonce, a
1189       call to EVP_CipherUpdate(), EVP_EncryptUpdate() or EVP_DecryptUpdate()
1190       should be made with the output parameter out set to NULL.
1191
1192       RFC5297 states that the Nonce is the last piece of AAD before the
1193       actual encrypt/decrypt takes place. The API does not differentiate the
1194       Nonce from other AAD.
1195
1196       When decrypting the return value of EVP_DecryptFinal() or
1197       EVP_CipherFinal() indicates if the operation was successful. If it does
1198       not indicate success the authentication operation has failed and any
1199       output data MUST NOT be used as it is corrupted.
1200
1201       The API does not store the the SIV (Synthetic Initialization Vector) in
1202       the cipher text. Instead, it is stored as the tag within the
1203       EVP_CIPHER_CTX.  The SIV must be retrieved from the context after
1204       encryption, and set into the context before decryption.
1205
1206       This differs from RFC5297 in that the cipher output from encryption,
1207       and the cipher input to decryption, does not contain the SIV. This also
1208       means that the plain text and cipher text lengths are identical.
1209
1210       The following ctrls are supported in SIV mode, and are used to get and
1211       set the Synthetic Initialization Vector:
1212
1213       EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag);
1214           Writes taglen bytes of the tag value (the Synthetic Initialization
1215           Vector) to the buffer indicated by tag. This call can only be made
1216           when encrypting data and after all data has been processed (e.g.
1217           after an EVP_EncryptFinal() call). For SIV mode the taglen must be
1218           16.
1219
1220       EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag);
1221           Sets the expected tag (the Synthetic Initialization Vector) to
1222           taglen bytes from tag. This call is only legal when decrypting data
1223           and must be made before any data is processed (e.g. before any
1224           EVP_DecryptUpdate() calls). For SIV mode the taglen must be 16.
1225
1226       SIV mode makes two passes over the input data, thus, only one call to
1227       EVP_CipherUpdate(), EVP_EncryptUpdate() or EVP_DecryptUpdate() should
1228       be made with out set to a non-NULL value. A call to EVP_DecryptFinal()
1229       or EVP_CipherFinal() is not required, but will indicate if the update
1230       operation succeeded.
1231
1232   ChaCha20-Poly1305
1233       The following ctrls are supported for the ChaCha20-Poly1305 AEAD
1234       algorithm.
1235
1236       EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)
1237           Sets the nonce length. This call is now redundant since the only
1238           valid value is the default length of 12 (i.e. 96 bits).  Prior to
1239           OpenSSL 3.0 a nonce of less than 12 bytes could be used to
1240           automatically pad the iv with leading 0 bytes to make it 12 bytes
1241           in length.
1242
1243       EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag)
1244           Writes "taglen" bytes of the tag value to the buffer indicated by
1245           "tag".  This call can only be made when encrypting data and after
1246           all data has been processed (e.g. after an EVP_EncryptFinal()
1247           call).
1248
1249           "taglen" specified here must be 16 (POLY1305_BLOCK_SIZE, i.e.
1250           128-bits) or less.
1251
1252       EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)
1253           Sets the expected tag to "taglen" bytes from "tag".  The tag length
1254           can only be set before specifying an IV.  "taglen" must be between
1255           1 and 16 (POLY1305_BLOCK_SIZE) inclusive.  This call is only valid
1256           when decrypting data.
1257

NOTES

1259       Where possible the EVP interface to symmetric ciphers should be used in
1260       preference to the low-level interfaces. This is because the code then
1261       becomes transparent to the cipher used and much more flexible.
1262       Additionally, the EVP interface will ensure the use of platform
1263       specific cryptographic acceleration such as AES-NI (the low-level
1264       interfaces do not provide the guarantee).
1265
1266       PKCS padding works by adding n padding bytes of value n to make the
1267       total length of the encrypted data a multiple of the block size.
1268       Padding is always added so if the data is already a multiple of the
1269       block size n will equal the block size. For example if the block size
1270       is 8 and 11 bytes are to be encrypted then 5 padding bytes of value 5
1271       will be added.
1272
1273       When decrypting the final block is checked to see if it has the correct
1274       form.
1275
1276       Although the decryption operation can produce an error if padding is
1277       enabled, it is not a strong test that the input data or key is correct.
1278       A random block has better than 1 in 256 chance of being of the correct
1279       format and problems with the input data earlier on will not produce a
1280       final decrypt error.
1281
1282       If padding is disabled then the decryption operation will always
1283       succeed if the total amount of data decrypted is a multiple of the
1284       block size.
1285
1286       The functions EVP_EncryptInit(), EVP_EncryptInit_ex(),
1287       EVP_EncryptFinal(), EVP_DecryptInit(), EVP_DecryptInit_ex(),
1288       EVP_CipherInit(), EVP_CipherInit_ex() and EVP_CipherFinal() are
1289       obsolete but are retained for compatibility with existing code. New
1290       code should use EVP_EncryptInit_ex2(), EVP_EncryptFinal_ex(),
1291       EVP_DecryptInit_ex2(), EVP_DecryptFinal_ex(), EVP_CipherInit_ex2() and
1292       EVP_CipherFinal_ex() because they can reuse an existing context without
1293       allocating and freeing it up on each call.
1294
1295       There are some differences between functions EVP_CipherInit() and
1296       EVP_CipherInit_ex(), significant in some circumstances.
1297       EVP_CipherInit() fills the passed context object with zeros.  As a
1298       consequence, EVP_CipherInit() does not allow step-by-step
1299       initialization of the ctx when the key and iv are passed in separate
1300       calls. It also means that the flags set for the CTX are removed, and it
1301       is especially important for the EVP_CIPHER_CTX_FLAG_WRAP_ALLOW flag
1302       treated specially in EVP_CipherInit_ex().
1303
1304       Ignoring failure returns of the EVP_CIPHER_CTX initialization functions
1305       can lead to subsequent undefined behavior when calling the functions
1306       that update or finalize the context. The only valid calls on the
1307       EVP_CIPHER_CTX when initialization fails are calls that attempt another
1308       initialization of the context or release the context.
1309
1310       EVP_get_cipherbynid(), and EVP_get_cipherbyobj() are implemented as
1311       macros.
1312

BUGS

1314       EVP_MAX_KEY_LENGTH and EVP_MAX_IV_LENGTH only refer to the internal
1315       ciphers with default key lengths. If custom ciphers exceed these values
1316       the results are unpredictable. This is because it has become standard
1317       practice to define a generic key as a fixed unsigned char array
1318       containing EVP_MAX_KEY_LENGTH bytes.
1319
1320       The ASN1 code is incomplete (and sometimes inaccurate) it has only been
1321       tested for certain common S/MIME ciphers (RC2, DES, triple DES) in CBC
1322       mode.
1323

EXAMPLES

1325       Encrypt a string using IDEA:
1326
1327        int do_crypt(char *outfile)
1328        {
1329            unsigned char outbuf[1024];
1330            int outlen, tmplen;
1331            /*
1332             * Bogus key and IV: we'd normally set these from
1333             * another source.
1334             */
1335            unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
1336            unsigned char iv[] = {1,2,3,4,5,6,7,8};
1337            char intext[] = "Some Crypto Text";
1338            EVP_CIPHER_CTX *ctx;
1339            FILE *out;
1340
1341            ctx = EVP_CIPHER_CTX_new();
1342            if (!EVP_EncryptInit_ex2(ctx, EVP_idea_cbc(), key, iv, NULL)) {
1343                /* Error */
1344                EVP_CIPHER_CTX_free(ctx);
1345                return 0;
1346            }
1347
1348            if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, intext, strlen(intext))) {
1349                /* Error */
1350                EVP_CIPHER_CTX_free(ctx);
1351                return 0;
1352            }
1353            /*
1354             * Buffer passed to EVP_EncryptFinal() must be after data just
1355             * encrypted to avoid overwriting it.
1356             */
1357            if (!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen)) {
1358                /* Error */
1359                EVP_CIPHER_CTX_free(ctx);
1360                return 0;
1361            }
1362            outlen += tmplen;
1363            EVP_CIPHER_CTX_free(ctx);
1364            /*
1365             * Need binary mode for fopen because encrypted data is
1366             * binary data. Also cannot use strlen() on it because
1367             * it won't be NUL terminated and may contain embedded
1368             * NULs.
1369             */
1370            out = fopen(outfile, "wb");
1371            if (out == NULL) {
1372                /* Error */
1373                return 0;
1374            }
1375            fwrite(outbuf, 1, outlen, out);
1376            fclose(out);
1377            return 1;
1378        }
1379
1380       The ciphertext from the above example can be decrypted using the
1381       openssl utility with the command line (shown on two lines for clarity):
1382
1383        openssl idea -d \
1384            -K 000102030405060708090A0B0C0D0E0F -iv 0102030405060708 <filename
1385
1386       General encryption and decryption function example using FILE I/O and
1387       AES128 with a 128-bit key:
1388
1389        int do_crypt(FILE *in, FILE *out, int do_encrypt)
1390        {
1391            /* Allow enough space in output buffer for additional block */
1392            unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH];
1393            int inlen, outlen;
1394            EVP_CIPHER_CTX *ctx;
1395            /*
1396             * Bogus key and IV: we'd normally set these from
1397             * another source.
1398             */
1399            unsigned char key[] = "0123456789abcdeF";
1400            unsigned char iv[] = "1234567887654321";
1401
1402            /* Don't set key or IV right away; we want to check lengths */
1403            ctx = EVP_CIPHER_CTX_new();
1404            if (!EVP_CipherInit_ex2(ctx, EVP_aes_128_cbc(), NULL, NULL,
1405                                    do_encrypt, NULL)) {
1406                /* Error */
1407                EVP_CIPHER_CTX_free(ctx);
1408                return 0;
1409            }
1410            OPENSSL_assert(EVP_CIPHER_CTX_get_key_length(ctx) == 16);
1411            OPENSSL_assert(EVP_CIPHER_CTX_get_iv_length(ctx) == 16);
1412
1413            /* Now we can set key and IV */
1414            if (!EVP_CipherInit_ex2(ctx, NULL, key, iv, do_encrypt, NULL)) {
1415                /* Error */
1416                EVP_CIPHER_CTX_free(ctx);
1417                return 0;
1418            }
1419
1420            for (;;) {
1421                inlen = fread(inbuf, 1, 1024, in);
1422                if (inlen <= 0)
1423                    break;
1424                if (!EVP_CipherUpdate(ctx, outbuf, &outlen, inbuf, inlen)) {
1425                    /* Error */
1426                    EVP_CIPHER_CTX_free(ctx);
1427                    return 0;
1428                }
1429                fwrite(outbuf, 1, outlen, out);
1430            }
1431            if (!EVP_CipherFinal_ex(ctx, outbuf, &outlen)) {
1432                /* Error */
1433                EVP_CIPHER_CTX_free(ctx);
1434                return 0;
1435            }
1436            fwrite(outbuf, 1, outlen, out);
1437
1438            EVP_CIPHER_CTX_free(ctx);
1439            return 1;
1440        }
1441
1442       Encryption using AES-CBC with a 256-bit key with "CS1" ciphertext
1443       stealing.
1444
1445        int encrypt(const unsigned char *key, const unsigned char *iv,
1446                    const unsigned char *msg, size_t msg_len, unsigned char *out)
1447        {
1448           /*
1449            * This assumes that key size is 32 bytes and the iv is 16 bytes.
1450            * For ciphertext stealing mode the length of the ciphertext "out" will be
1451            * the same size as the plaintext size "msg_len".
1452            * The "msg_len" can be any size >= 16.
1453            */
1454            int ret = 0, encrypt = 1, outlen, len;
1455            EVP_CIPHER_CTX *ctx = NULL;
1456            EVP_CIPHER *cipher = NULL;
1457            OSSL_PARAM params[2];
1458
1459            ctx = EVP_CIPHER_CTX_new();
1460            cipher = EVP_CIPHER_fetch(NULL, "AES-256-CBC-CTS", NULL);
1461            if (ctx == NULL || cipher == NULL)
1462                goto err;
1463
1464            /*
1465             * The default is "CS1" so this is not really needed,
1466             * but would be needed to set either "CS2" or "CS3".
1467             */
1468            params[0] = OSSL_PARAM_construct_utf8_string(OSSL_CIPHER_PARAM_CTS_MODE,
1469                                                         "CS1", 0);
1470            params[1] = OSSL_PARAM_construct_end();
1471
1472            if (!EVP_CipherInit_ex2(ctx, cipher, key, iv, encrypt, params))
1473                goto err;
1474
1475            /* NOTE: CTS mode does not support multiple calls to EVP_CipherUpdate() */
1476            if (!EVP_CipherUpdate(ctx, out, &outlen, msg, msg_len))
1477                goto err;
1478             if (!EVP_CipherFinal_ex(ctx, out + outlen, &len))
1479                goto err;
1480            ret = 1;
1481        err:
1482            EVP_CIPHER_free(cipher);
1483            EVP_CIPHER_CTX_free(ctx);
1484            return ret;
1485        }
1486

SEE ALSO

1488       evp(7), property(7), "ALGORITHM FETCHING" in crypto(7),
1489       provider-cipher(7), life_cycle-cipher(7)
1490
1491       Supported ciphers are listed in:
1492
1493       EVP_aes_128_gcm(3), EVP_aria_128_gcm(3), EVP_bf_cbc(3),
1494       EVP_camellia_128_ecb(3), EVP_cast5_cbc(3), EVP_chacha20(3),
1495       EVP_des_cbc(3), EVP_desx_cbc(3), EVP_idea_cbc(3), EVP_rc2_cbc(3),
1496       EVP_rc4(3), EVP_rc5_32_12_16_cbc(3), EVP_seed_cbc(3), EVP_sm4_cbc(3),
1497

HISTORY

1499       Support for OCB mode was added in OpenSSL 1.1.0.
1500
1501       EVP_CIPHER_CTX was made opaque in OpenSSL 1.1.0.  As a result,
1502       EVP_CIPHER_CTX_reset() appeared and EVP_CIPHER_CTX_cleanup()
1503       disappeared.  EVP_CIPHER_CTX_init() remains as an alias for
1504       EVP_CIPHER_CTX_reset().
1505
1506       The EVP_CIPHER_CTX_cipher() function was deprecated in OpenSSL 3.0; use
1507       EVP_CIPHER_CTX_get0_cipher() instead.
1508
1509       The EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2(), EVP_CipherInit_ex2(),
1510       EVP_CIPHER_fetch(), EVP_CIPHER_free(), EVP_CIPHER_up_ref(),
1511       EVP_CIPHER_CTX_get0_cipher(), EVP_CIPHER_CTX_get1_cipher(),
1512       EVP_CIPHER_get_params(), EVP_CIPHER_CTX_set_params(),
1513       EVP_CIPHER_CTX_get_params(), EVP_CIPHER_gettable_params(),
1514       EVP_CIPHER_settable_ctx_params(), EVP_CIPHER_gettable_ctx_params(),
1515       EVP_CIPHER_CTX_settable_params() and EVP_CIPHER_CTX_gettable_params()
1516       functions were added in 3.0.
1517
1518       The EVP_CIPHER_nid(), EVP_CIPHER_name(), EVP_CIPHER_block_size(),
1519       EVP_CIPHER_key_length(), EVP_CIPHER_iv_length(), EVP_CIPHER_flags(),
1520       EVP_CIPHER_mode(), EVP_CIPHER_type(), EVP_CIPHER_CTX_nid(),
1521       EVP_CIPHER_CTX_block_size(), EVP_CIPHER_CTX_key_length(),
1522       EVP_CIPHER_CTX_iv_length(), EVP_CIPHER_CTX_tag_length(),
1523       EVP_CIPHER_CTX_num(), EVP_CIPHER_CTX_type(), and EVP_CIPHER_CTX_mode()
1524       functions were renamed to include "get" or "get0" in their names in
1525       OpenSSL 3.0, respectively. The old names are kept as non-deprecated
1526       alias macros.
1527
1528       The EVP_CIPHER_CTX_encrypting() function was renamed to
1529       EVP_CIPHER_CTX_is_encrypting() in OpenSSL 3.0. The old name is kept as
1530       non-deprecated alias macro.
1531
1532       The EVP_CIPHER_CTX_flags() macro was deprecated in OpenSSL 1.1.0.
1533
1534       EVP_CIPHER_CTX_dup() was added in OpenSSL 3.1.
1535
1537       Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
1538
1539       Licensed under the Apache License 2.0 (the "License").  You may not use
1540       this file except in compliance with the License.  You can obtain a copy
1541       in the file LICENSE in the source distribution or at
1542       <https://www.openssl.org/source/license.html>.
1543
1544
1545
15463.1.1                             2023-08-31            EVP_ENCRYPTINIT(3ossl)
Impressum