Lines Matching +full:4 +full:- +full:data
1 .\" -*- mode: troff; coding: utf-8 -*-
58 .TH EVP_ENCRYPTINIT 3ossl 2025-09-30 3.5.4 OpenSSL
164 \&\- EVP cipher routines
259 \& void (*fn)(const char *name, void *data),
260 \& void *data);
289 \& void EVP_CIPHER_CTX_set_app_data(const EVP_CIPHER_CTX *ctx, void *data);
339 The EVP cipher routines are a high-level interface to certain
343 .IP \fBEVP_CIPHER_fetch()\fR 4
352 .IP \fBEVP_CIPHER_up_ref()\fR 4
355 .IP \fBEVP_CIPHER_free()\fR 4
360 .IP \fBEVP_CIPHER_CTX_new()\fR 4
363 .IP \fBEVP_CIPHER_CTX_free()\fR 4
369 .IP \fBEVP_CIPHER_CTX_dup()\fR 4
372 to avoid multiple \fBEVP_CIPHER_fetch()\fR calls or if large amounts of data are to be
374 .IP \fBEVP_CIPHER_CTX_copy()\fR 4
377 .IP \fBEVP_CIPHER_CTX_ctrl()\fR 4
383 Performs cipher-specific control actions on context \fIctx\fR. The control command
395 .IP \fBEVP_CIPHER_get_params()\fR 4
399 .IP \fBEVP_CIPHER_CTX_get_params()\fR 4
403 .IP \fBEVP_CIPHER_CTX_set_params()\fR 4
407 .IP \fBEVP_CIPHER_gettable_params()\fR 4
411 .IP "\fBEVP_CIPHER_gettable_ctx_params()\fR and \fBEVP_CIPHER_CTX_gettable_params()\fR" 4
418 .IP "\fBEVP_CIPHER_settable_ctx_params()\fR and \fBEVP_CIPHER_CTX_settable_params()\fR" 4
425 .IP \fBEVP_EncryptInit_ex2()\fR 4
439 .IP \fBEVP_EncryptInit_ex()\fR 4
444 .IP \fBEVP_EncryptUpdate()\fR 4
448 case the encryption will be done in-place. However, in-place encryption is
449 guaranteed to work only if the encryption context (\fIctx\fR) has processed data in
450 multiples of the block size. If the context contains an incomplete data block
451 from previous operations, in-place encryption will fail. \fIctx\fR \fBMUST NOT\fR be NULL.
457 of data. The amount of data written depends on the block alignment of the
458 encrypted data.
459 For most ciphers and modes, the amount of data written can be anything
460 from zero bytes to (inl + cipher_block_size \- 1) bytes.
461 For wrap cipher modes, the amount of data written can be anything
463 For stream ciphers, the amount of data written can be anything from zero
470 the "final" data, that is any data that remains in a partial block.
473 final data is written to \fIout\fR which should have sufficient space for
479 data and it will return an error if any data remains in a partial block:
480 that is if the total data length is not a multiple of the block size.
481 …_ex2()\fR, \fBEVP_DecryptInit_ex()\fR, \fBEVP_DecryptUpdate()\fR and \fBEVP_DecryptFinal_ex()\fR" 4
487 …nit_ex2()\fR, \fBEVP_CipherInit_ex()\fR, \fBEVP_CipherUpdate()\fR and \fBEVP_CipherFinal_ex()\fR" 4
491 for encryption, 0 for decryption and \-1 to leave the value unchanged
493 .IP \fBEVP_CipherInit_SKEY()\fR 4
497 .IP \fBEVP_CIPHER_CTX_reset()\fR 4
503 .IP "\fBEVP_EncryptInit()\fR, \fBEVP_DecryptInit()\fR and \fBEVP_CipherInit()\fR" 4
508 .IP "\fBEVP_EncryptFinal()\fR, \fBEVP_DecryptFinal()\fR and \fBEVP_CipherFinal()\fR" 4
514 .IP \fBEVP_Cipher()\fR 4
519 For legacy ciphers \- If the cipher doesn't have the flag
527 .IP \fBEVP_CIPHER_can_pipeline()\fR 4
531 This function will return 0 for non-fetched ciphers such as \fBEVP_aes_128_gcm()\fR.
532 There are currently no built-in ciphers that support pipelining.
535 data in one set of \fBEVP_CipherUpdate()\fR/EVP_CipherFinal calls, thereby allowing
540 For non-fetched ciphers, \fBEVP_CipherPipelineEncryptInit()\fR or
543 …erPipelineDecryptInit()\fR, \fBEVP_CipherPipelineUpdate()\fR and \fBEVP_CipherPipelineFinal()\fR" 4
558 containing the input data. The buffers can be of different sizes. The \fIinl\fR
561 each pointing to a buffer where the output data will be written. The \fIoutsize\fR
564 with the size of the output data written to the corresponding output buffer.
568 successive blocks of data. For AAD data, the \fIout\fR, and \fIoutsize\fR parameter
570 .IP "\fBEVP_get_cipherbyname()\fR, \fBEVP_get_cipherbynid()\fR and \fBEVP_get_cipherbyobj()\fR" 4
575 \&\fBEVP_get_cipherbyname()\fR will return NULL for algorithms such as "AES\-128\-SIV",
576 "AES\-128\-CBC\-CTS" and "CAMELLIA\-128\-CBC\-CTS" which were previously only
582 Additionally, it only knows about ciphers that are built-in to OpenSSL and have
596 .IP "\fBEVP_CIPHER_get_nid()\fR and \fBEVP_CIPHER_CTX_get_nid()\fR" 4
603 …HER_CTX_set_flags()\fR, \fBEVP_CIPHER_CTX_clear_flags()\fR and \fBEVP_CIPHER_CTX_test_flags()\fR" 4
610 .IP \fBEVP_CIPHER_CTX_set_padding()\fR 4
617 then no padding is performed, the total amount of data encrypted or decrypted
620 .IP "\fBEVP_CIPHER_get_key_length()\fR and \fBEVP_CIPHER_CTX_get_key_length()\fR" 4
627 .IP \fBEVP_CIPHER_CTX_set_key_length()\fR 4
632 .IP "\fBEVP_CIPHER_get_iv_length()\fR and \fBEVP_CIPHER_CTX_get_iv_length()\fR" 4
639 .IP \fBEVP_CIPHER_CTX_get_tag_length()\fR 4
644 .IP "\fBEVP_CIPHER_get_block_size()\fR and \fBEVP_CIPHER_CTX_get_block_size()\fR" 4
653 .IP "\fBEVP_CIPHER_get_type()\fR and \fBEVP_CIPHER_CTX_get_type()\fR" 4
660 .IP \fBEVP_CIPHER_is_a()\fR 4
667 .IP "\fBEVP_CIPHER_get0_name()\fR and \fBEVP_CIPHER_CTX_get0_name()\fR" 4
672 .IP \fBEVP_CIPHER_names_do_all()\fR 4
676 .IP \fBEVP_CIPHER_get0_description()\fR 4
680 .IP \fBEVP_CIPHER_get0_provider()\fR 4
684 .IP \fBEVP_CIPHER_CTX_get0_cipher()\fR 4
689 .IP "\fBEVP_CIPHER_get_mode()\fR and \fBEVP_CIPHER_CTX_get_mode()\fR" 4
696 .IP \fBEVP_CIPHER_get_flags()\fR 4
700 .IP "\fBEVP_CIPHER_CTX_get_num()\fR and \fBEVP_CIPHER_CTX_set_num()\fR" 4
703 Built-in ciphers typically use this to track how much of the current underlying block
705 .IP \fBEVP_CIPHER_CTX_is_encrypting()\fR 4
708 .IP \fBEVP_CIPHER_CTX_flags()\fR 4
712 .IP \fBEVP_CIPHER_param_to_asn1()\fR 4
720 .IP \fBEVP_CIPHER_asn1_to_param()\fR 4
732 .IP \fBEVP_CIPHER_CTX_rand_key()\fR 4
738 .IP \fBEVP_CIPHER_do_all_provided()\fR 4
752 .IP """mode"" (\fBOSSL_CIPHER_PARAM_MODE\fR) <unsigned integer>" 4
757 .IP """keylen"" (\fBOSSL_CIPHER_PARAM_KEYLEN\fR) <unsigned integer>" 4
761 .IP """ivlen"" (\fBOSSL_CIPHER_PARAM_IVLEN\fR) <unsigned integer>" 4
765 .IP """blocksize"" (\fBOSSL_CIPHER_PARAM_BLOCK_SIZE\fR) <unsigned integer>" 4
774 .IP """aead"" (\fBOSSL_CIPHER_PARAM_AEAD\fR) <integer>" 4
779 .IP """custom-iv"" (\fBOSSL_CIPHER_PARAM_CUSTOM_IV\fR) <integer>" 4
780 .IX Item """custom-iv"" (OSSL_CIPHER_PARAM_CUSTOM_IV) <integer>"
786 .IP """cts"" (\fBOSSL_CIPHER_PARAM_CTS\fR) <integer>" 4
794 .IP """tls-multi"" (\fBOSSL_CIPHER_PARAM_TLS1_MULTIBLOCK\fR) <integer>" 4
795 .IX Item """tls-multi"" (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK) <integer>"
801 .IP """has-randkey"" (\fBOSSL_CIPHER_PARAM_HAS_RANDKEY\fR) <integer>" 4
802 .IX Item """has-randkey"" (OSSL_CIPHER_PARAM_HAS_RANDKEY) <integer>"
806 .IP """decrypt-only"" (\fBOSSL_CIPHER_PARAM_DECRYPT_ONLY) <integer\fR" 4
807 .IX Item """decrypt-only"" (OSSL_CIPHER_PARAM_DECRYPT_ONLY) <integer"
815 .IP """padding"" (\fBOSSL_CIPHER_PARAM_PADDING\fR) <unsigned integer>" 4
820 .IP """num"" (\fBOSSL_CIPHER_PARAM_NUM\fR) <unsigned integer>" 4
823 Built-in ciphers typically use this to track how much of the current underlying
826 .IP """keylen"" (\fBOSSL_CIPHER_PARAM_KEYLEN\fR) <unsigned integer>" 4
831 .IP """tag"" (\fBOSSL_CIPHER_PARAM_AEAD_TAG\fR) <octet string>" 4
835 .IP """pipeline-tag"" (\fBOSSL_CIPHER_PARAM_PIPELINE_AEAD_TAG\fR) <octet ptr>" 4
836 .IX Item """pipeline-tag"" (OSSL_CIPHER_PARAM_PIPELINE_AEAD_TAG) <octet ptr>"
841 .IP """keybits"" (\fBOSSL_CIPHER_PARAM_RC2_KEYBITS\fR) <unsigned integer>" 4
845 .IP """rounds"" (\fBOSSL_CIPHER_PARAM_ROUNDS\fR) <unsigned integer>" 4
849 .IP """algorithm-id"" (\fBOSSL_CIPHER_PARAM_ALGORITHM_ID\fR) <octet string>" 4
850 .IX Item """algorithm-id"" (OSSL_CIPHER_PARAM_ALGORITHM_ID) <octet string>"
854 .IP """algorithm-id-params"" (\fBOSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS\fR) <octet string>" 4
855 .IX Item """algorithm-id-params"" (OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS) <octet string>"
860 .IP """alg_id_params"" (\fBOSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS_OLD\fR) <octet string>" 4
862 An deprecated alias for "algorithm-id-params", only used by
864 .IP """cts_mode"" (\fBOSSL_CIPHER_PARAM_CTS_MODE\fR) <UTF8 string>" 4
871 .RS 4
872 .IP """CS1""" 4
876 using a "AES-XXX-CBC" or "CAMELLIA-XXX-CBC" cipher otherwise the second last
878 .IP """CS2""" 4
881 using a "AES-XXX-CBC" or "CAMELLIA-XXX-CBC" cipher, otherwise it is the same as
883 .IP """CS3""" 4
888 then this is equivalent to using a "AES-XXX-CBC" or "CAMELLIA-XXX-CBC" cipher.
890 .RS 4
893 This is only supported for "AES\-128\-CBC\-CTS", "AES\-192\-CBC\-CTS", "AES\-256\-CBC\-CTS",
894 "CAMELLIA\-128\-CBC\-CTS", "CAMELLIA\-192\-CBC\-CTS" and "CAMELLIA\-256\-CBC\-CTS".
896 …""tls1multi_interleave"" (\fBOSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE\fR) <unsigned integer>" 4
899 cipher operation (either 4 or 8 records).
903 …len"" (\fBOSSL_CIPHER_PARAM_IVLEN\fR and <\fBOSSL_CIPHER_PARAM_AEAD_IVLEN\fR) <unsigned integer>" 4
908 .IP """iv"" (\fBOSSL_CIPHER_PARAM_IV\fR) <octet string OR octet ptr>" 4
912 .IP """updated-iv"" (\fBOSSL_CIPHER_PARAM_UPDATED_IV\fR) <octet string OR octet ptr>" 4
913 .IX Item """updated-iv"" (OSSL_CIPHER_PARAM_UPDATED_IV) <octet string OR octet ptr>"
914 Gets the updated pseudo-IV state for the associated cipher context, e.g.,
919 .IP """randkey"" (\fBOSSL_CIPHER_PARAM_RANDOM_KEY\fR) <octet string>" 4
924 .IP """taglen"" (\fBOSSL_CIPHER_PARAM_AEAD_TAGLEN\fR) <unsigned integer>" 4
930 .IP """tlsaadpad"" (\fBOSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD\fR) <unsigned integer>" 4
935 .IP """tlsivgen"" (\fBOSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN\fR) <octet string>" 4
940 .IP """tls1multi_enclen"" (\fBOSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN\fR) <unsigned integer>" 4
943 …"""tls1multi_maxbufsz"" (\fBOSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE\fR) <unsigned integer>" 4
947 …"tls1multi_aadpacklen"" (\fBOSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN\fR) <unsigned integer>" 4
950 .IP """tls-mac"" (\fBOSSL_CIPHER_PARAM_TLS_MAC\fR) <octet ptr>" 4
951 .IX Item """tls-mac"" (OSSL_CIPHER_PARAM_TLS_MAC) <octet ptr>"
952 Used to pass the TLS MAC data.
953 .IP """fips-indicator"" (\fBOSSL_CIPHER_PARAM_FIPS_APPROVED_INDICATOR\fR) <integer>" 4
954 .IX Item """fips-indicator"" (OSSL_CIPHER_PARAM_FIPS_APPROVED_INDICATOR) <integer>"
959 \&\fBEVP_EncryptFinal_ex()\fR. It may return 0 if the "encrypt-check" option is set to 0.
960 .IP """iv-generated"" (\fBOSSL_CIPHER_PARAM_AEAD_IV_GENERATED\fR) <unsigned integer>" 4
961 .IX Item """iv-generated"" (OSSL_CIPHER_PARAM_AEAD_IV_GENERATED) <unsigned integer>"
968 See FIPS 140\-3 IG C.H for information related to IV requirements.
972 .IP """mackey"" (\fBOSSL_CIPHER_PARAM_AEAD_MAC_KEY\fR) <octet string>" 4
974 Sets the MAC key used by composite AEAD ciphers such as AES\-CBC\-HMAC\-SHA256.
975 .IP """speed"" (\fBOSSL_CIPHER_PARAM_SPEED\fR) <unsigned integer>" 4
981 .IP """use-bits"" (\fBOSSL_CIPHER_PARAM_USE_BITS\fR) <unsigned integer>" 4
982 .IX Item """use-bits"" (OSSL_CIPHER_PARAM_USE_BITS) <unsigned integer>"
985 Setting "use-bits" to 1 uses bits. The default is in bytes.
989 .IP """tls-version"" (\fBOSSL_CIPHER_PARAM_TLS_VERSION\fR) <integer>" 4
990 .IX Item """tls-version"" (OSSL_CIPHER_PARAM_TLS_VERSION) <integer>"
992 .IP """tls-mac-size"" (\fBOSSL_CIPHER_PARAM_TLS_MAC_SIZE\fR) <unsigned integer>" 4
993 .IX Item """tls-mac-size"" (OSSL_CIPHER_PARAM_TLS_MAC_SIZE) <unsigned integer>"
995 .IP """tlsaad"" (\fBOSSL_CIPHER_PARAM_AEAD_TLS1_AAD\fR) <octet string>" 4
1000 .IP """tlsivfixed"" (\fBOSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED\fR) <octet string>" 4
1032 .IP """tlsivinv"" (\fBOSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV\fR) <octet string>" 4
1037 .IP """tls1multi_enc"" (\fBOSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC\fR) <octet string>" 4
1040 supports sending 4 or 8 records in one go.
1046 .IP """tls1multi_encin"" (\fBOSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN\fR) <octet string>" 4
1048 Supplies the data to encrypt for a TLS1 multiblock cipher operation.
1049 …ulti_maxsndfrag"" (\fBOSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT\fR) <unsigned integer>" 4
1054 .IP """tls1multi_aad"" (\fBOSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD\fR) <octet string>" 4
1056 Sets the authenticated additional data used by a TLS1 multiblock cipher operation.
1057 The supplied data consists of 13 bytes of record data containing:
1058 Bytes 0\-7: The sequence number of the first record
1060 Byte 9\-10: The protocol version
1061 Byte 11\-12: Input length (Always 0)
1064 .IP """xts_standard"" (\fBOSSL_CIPHER_PARAM_XTS_STANDARD\fR) <UTF8 string>" 4
1066 Sets the XTS standard to use with SM4\-XTS algorithm. XTS mode has two
1067 implementations, one is standardized in IEEE Std. 1619\-2007 and has
1069 (GB/T 17964\-2021 implemented in May 2022) and is currently only used
1074 Std 1619\-2007 noted that the multiplication "is a left shift of each
1077 significant bit. But in GB/T 17964\-2021, the rightmost bit is the
1083 .RS 4
1084 .IP """GB""" 4
1086 The GB/T 17964\-2021 variant of SM4\-XTS algorithm.
1087 .IP """IEEE""" 4
1089 The IEEE Std. 1619\-2007 variant of SM4\-XTS algorithm.
1091 .RS 4
1095 .IP """encrypt-check"" (\fBOSSL_CIPHER_PARAM_FIPS_ENCRYPT_CHECK\fR) <integer>" 4
1096 .IX Item """encrypt-check"" (OSSL_CIPHER_PARAM_FIPS_ENCRYPT_CHECK) <integer>"
1102 Setting this to 0 will ignore the error and set the approved "fips-indicator" to
1104 This option breaks FIPS compliance if it causes the approved "fips-indicator"
1112 .IP "EVP_CTRL_AEAD_SET_IVLEN and EVP_CTRL_GET_IVLEN" 4
1117 .IP EVP_CTRL_AEAD_SET_IV_FIXED 4
1122 .IP EVP_CTRL_AEAD_SET_MAC_KEY 4
1127 .IP "EVP_CTRL_AEAD_SET_TAG and EVP_CTRL_AEAD_GET_TAG" 4
1132 .IP EVP_CTRL_CCM_SET_L 4
1136 with a value of (15 \- L)
1137 .IP EVP_CTRL_COPY 4
1140 .IP EVP_CTRL_GCM_SET_IV_INV 4
1145 .IP EVP_CTRL_RAND_KEY 4
1150 .IP EVP_CTRL_SET_KEY_LENGTH 4
1154 .IP "EVP_CTRL_SET_RC2_KEY_BITS and EVP_CTRL_GET_RC2_KEY_BITS" 4
1159 .IP "EVP_CTRL_SET_RC5_ROUNDS and EVP_CTRL_GET_RC5_ROUNDS" 4
1164 .IP EVP_CTRL_SET_SPEED 4
1168 .IP EVP_CTRL_GCM_IV_GEN 4
1173 .IP EVP_CTRL_AEAD_TLS1_AAD 4
1180 .IP EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE 4
1187 .IP EVP_CTRL_TLS1_1_MULTIBLOCK_AAD 4
1196 .IP EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT 4
1209 .IP EVP_CIPH_NO_PADDING 4
1214 .IP EVP_CIPH_FLAG_LENGTH_BITS 4
1216 See "Settable EVP_CIPHER_CTX parameters" "use-bits".
1217 .IP EVP_CIPHER_CTX_FLAG_WRAP_ALLOW 4
1224 .IP EVP_CIPH_FLAG_AEAD_CIPHER 4
1227 .IP EVP_CIPH_CUSTOM_IV 4
1229 See "Gettable EVP_CIPHER parameters" "custom-iv".
1230 .IP EVP_CIPH_FLAG_CTS 4
1233 .IP EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK; 4
1235 See "Gettable EVP_CIPHER parameters" "tls-multi".
1236 .IP EVP_CIPH_RAND_KEY 4
1238 See "Gettable EVP_CIPHER parameters" "has-randkey".
1241 .IP EVP_CIPH_VARIABLE_LENGTH 4
1244 .IP EVP_CIPH_FLAG_CUSTOM_CIPHER 4
1246 .IP EVP_CIPH_ALWAYS_CALL_INIT 4
1248 .IP EVP_CIPH_CTRL_INIT 4
1250 .IP EVP_CIPH_CUSTOM_KEY_LENGTH 4
1252 .IP EVP_CIPH_CUSTOM_COPY 4
1254 .IP EVP_CIPH_FLAG_DEFAULT_ASN1 4
1351 .IP \fBEVP_enc_null()\fR 4
1356 The EVP interface for Authenticated Encryption with Associated Data (AEAD)
1360 To specify additional authenticated data (AAD), a call to \fBEVP_CipherUpdate()\fR,
1367 the authentication operation has failed and any output data \fBMUST NOT\fR be used
1373 "block" size of 1. Conversely, ciphers in OCB mode must process data one block
1376 Regardless of the returned size, it is safe to pass unpadded data to an
1381 .IP "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)" 4
1388 .IP "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag)" 4
1391 This call can only be made when encrypting data and \fBafter\fR all data has been
1396 .IP "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)" 4
1403 For GCM, this call is only valid when decrypting data.
1405 For OCB, this call is valid when decrypting data to set the expected tag,
1425 .IP "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)" 4
1431 in data to be decrypted, but as in GCM and OCB mode, it can be set after
1432 passing additional authenticated data (see "AEAD INTERFACE").
1433 .IP "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_L, ivlen, NULL)" 4
1436 .IP "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)" 4
1439 nonce value. The nonce length is given by \fB15 \- L\fR so it is 7 by default for
1443 Both the AES-SIV and AES-GCM-SIV ciphers fall under this mode.
1448 To specify any additional authenticated data (AAD) and/or a Nonce, a call to
1458 the authentication operation has failed and any output data \fBMUST NOT\fR
1472 .IP "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag);" 4
1476 data and \fBafter\fR all data has been processed (e.g. after an \fBEVP_EncryptFinal()\fR
1478 .IP "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag);" 4
1481 bytes from \fItag\fR. This call is only legal when decrypting data and must be
1482 made \fBbefore\fR any data is processed (e.g. before any \fBEVP_DecryptUpdate()\fR
1485 SIV mode makes two passes over the input data, thus, only one call to
1487 with \fIout\fR set to a non-NULL value. A call to \fBEVP_DecryptFinal()\fR or
1490 .SS ChaCha20\-Poly1305
1491 .IX Subsection "ChaCha20-Poly1305"
1492 The following \fIctrl\fRs are supported for the ChaCha20\-Poly1305 AEAD algorithm.
1493 .IP "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)" 4
1499 .IP "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag)" 4
1502 This call can only be made when encrypting data and \fBafter\fR all data has been
1505 \&\f(CW\*(C`taglen\*(C'\fR specified here must be 16 (\fBPOLY1305_BLOCK_SIZE\fR, i.e. 128\-bits) or
1507 .IP "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)" 4
1512 This call is only valid when decrypting data.
1516 preference to the low-level interfaces. This is because the code then becomes
1519 acceleration such as AES-NI (the low-level interfaces do not provide the
1523 length of the encrypted data a multiple of the block size. Padding is always
1524 added so if the data is already a multiple of the block size \fBn\fR will equal
1531 it is not a strong test that the input data or key is correct. A random block
1533 the input data earlier on will not produce a final decrypt error.
1536 the total amount of data decrypted is a multiple of the block size.
1550 not allow step-by-step initialization of the ctx when the \fIkey\fR and \fIiv\fR are
1586 \& unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
1587 \& unsigned char iv[] = {1,2,3,4,5,6,7,8};
1605 \& * Buffer passed to EVP_EncryptFinal() must be after data just
1616 \& * Need binary mode for fopen because encrypted data is
1617 \& * binary data. Also cannot use strlen() on it because
1636 \& openssl idea \-d \e
1637 \& \-K 000102030405060708090A0B0C0D0E0F \-iv 0102030405060708 <filename
1641 with a 128\-bit key:
1698 Encryption using AES-CBC with a 256\-bit key with "CS1" ciphertext stealing.
1716 \& cipher = EVP_CIPHER_fetch(NULL, "AES\-256\-CBC\-CTS", NULL);
1748 \&\fBprovider\-cipher\fR\|(7),
1749 \&\fBlife_cycle\-cipher\fR\|(7)
1795 OpenSSL 3.0, respectively. The old names are kept as non-deprecated
1800 non-deprecated alias macro.
1813 Copyright 2000\-2025 The OpenSSL Project Authors. All Rights Reserved.