Lines Matching +full:inl +full:- +full:supply
18 .\" Set up some character translations and predefined strings. \*(-- will
24 .tr \(*W-
27 . ds -- \(*W-
29 . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
30 . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
37 . ds -- \|\(em\|
71 .\" Fear. Run. Save yourself. No user-serviceable parts.
81 . ds #H ((1u-(\\\\n(.fu%2u))*.13m)
97 . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
98 . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
99 . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
100 . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
101 . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
102 . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
104 . \" troff and (daisy-wheel) nroff accents
123 . ds d- d\h'-1'\(ga
124 . ds D- D\h'-1'\(hy
134 .TH EVP_ENCRYPTINIT 3ossl "2023-09-19" "3.0.11" "OpenSSL"
232 \&\- EVP cipher routines
252 \& int *outl, const unsigned char *in, int inl);
261 \& int *outl, const unsigned char *in, int inl);
270 \& int *outl, const unsigned char *in, int inl);
286 \& const unsigned char *in, unsigned int inl);
367 hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value,
375 hidden entirely by defining \fB\s-1OPENSSL_API_COMPAT\s0\fR with a suitable version value,
383 The \s-1EVP\s0 cipher routines are a high-level interface to certain
386 The \fB\s-1EVP_CIPHER\s0\fR type is a structure for cipher method implementation.
391 See \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for further information.
395 Fetched \fB\s-1EVP_CIPHER\s0\fR structures are reference counted.
398 Increments the reference count for an \fB\s-1EVP_CIPHER\s0\fR structure.
401 Decrements the reference count for the fetched \fB\s-1EVP_CIPHER\s0\fR structure.
418 Performs cipher-specific control actions on context \fIctx\fR. The control command
423 If this function happens to be used with a fetched \fB\s-1EVP_CIPHER\s0\fR, it will
424 translate the controls that are known to OpenSSL into \s-1\fBOSSL_PARAM\s0\fR\|(3)
428 See \*(L"\s-1CONTROLS\*(R"\s0 below for more information, including what translations are
432 Retrieves the requested list of algorithm \fIparams\fR from a \s-1CIPHER\s0 \fIcipher\fR.
433 See \*(L"\s-1PARAMETERS\*(R"\s0 below for more information.
436 Retrieves the requested list of \fIparams\fR from \s-1CIPHER\s0 context \fIctx\fR.
437 See \*(L"\s-1PARAMETERS\*(R"\s0 below for more information.
440 Sets the list of \fIparams\fR into a \s-1CIPHER\s0 context \fIctx\fR.
441 See \*(L"\s-1PARAMETERS\*(R"\s0 below for more information.
444 Get a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes the retrievable parameters
448 Get a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes the retrievable parameters
455 Get a constant \s-1\fBOSSL_PARAM\s0\fR\|(3) array that describes the settable parameters
465 for new applications. \fIkey\fR is the symmetric key to use and \fIiv\fR is the \s-1IV\s0 to
466 use (if necessary), the actual number of bytes used for the key and \s-1IV\s0 depends
468 initialisation. It is possible to set all parameters to \s-1NULL\s0 except \fItype\fR in
469 an initial call and supply the remaining parameters in subsequent calls, all of
470 which have \fItype\fR set to \s-1NULL.\s0 This is done when the default cipher parameters
472 For \fB\s-1EVP_CIPH_GCM_MODE\s0\fR the \s-1IV\s0 will be generated internally if it is not
476 This legacy function is similar to \fBEVP_EncryptInit_ex2()\fR when \fIimpl\fR is \s-1NULL.\s0
481 Encrypts \fIinl\fR bytes from the buffer \fIin\fR and writes the encrypted version to
486 from zero bytes to (inl + cipher_block_size \- 1) bytes.
488 from zero bytes to (inl + cipher_block_size) bytes.
490 bytes to inl bytes.
498 It uses standard block padding (aka \s-1PKCS\s0 padding) as described in
499 the \s-1NOTES\s0 section, below. The encrypted
515 sufficient room for (\fIinl\fR + cipher_block_size) bytes unless the cipher block
516 size is 1 in which case \fIinl\fR bytes is sufficient.
521 for encryption, 0 for decryption and \-1 to leave the value unchanged
542 Encrypts or decrypts a maximum \fIinl\fR amount of bytes from \fIin\fR and leaves the
545 For legacy ciphers \- If the cipher doesn't have the flag
546 \&\fB\s-1EVP_CIPH_FLAG_CUSTOM_CIPHER\s0\fR set, then \fIinl\fR must be a multiple of
548 has that flag set, then \fIinl\fR can be any size.
550 Due to the constraints of the \s-1API\s0 contract of this function it shouldn't be used
555 Returns an \fB\s-1EVP_CIPHER\s0\fR structure when passed a cipher name, a cipher \fB\s-1NID\s0\fR or
556 an \fB\s-1ASN1_OBJECT\s0\fR structure respectively.
558 \&\fBEVP_get_cipherbyname()\fR will return \s-1NULL\s0 for algorithms such as \*(L"\s-1AES\-128\-SI…
559 \&\*(L"AES\-128\-CBC\-CTS\*(R"\s0 and \*(L"\s-1CAMELLIA\-128\-CBC\-CTS\*(R"\s0 which were previousl…
565 Additionally, it only knows about ciphers that are built-in to OpenSSL and have
566 an associated \s-1NID.\s0 Similarly \fBEVP_get_cipherbynid()\fR and \fBEVP_get_cipherbyobj()\fR
575 See \*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7) for more information about fetching.
581 Return the \s-1NID\s0 of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s…
582 structure. The actual \s-1NID\s0 value is an internal value which may not have a
583 corresponding \s-1OBJECT IDENTIFIER.\s0
586 Sets, clears and tests \fIctx\fR flags. See \*(L"\s-1FLAGS\*(R"\s0 below for more information.
590 \&\*(L"\s-1PARAMETERS\*(R"\s0 instead.
602 Return the key length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or
603 \&\fB\s-1EVP_CIPHER_CTX\s0\fR structure. The constant \fB\s-1EVP_MAX_KEY_LENGTH\s0\fR is the maximum
614 Return the \s-1IV\s0 length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or
615 \&\fB\s-1EVP_CIPHER_CTX\s0\fR. It will return zero if the cipher does not use an \s-1IV.\s0
616 The constant \fB\s-1EVP_MAX_IV_LENGTH\s0\fR is the maximum \s-1IV\s0 length for all ciphers.
619 Returns the tag length of an \s-1AEAD\s0 cipher when passed a \fB\s-1EVP_CIPHER_CTX\s0\fR. It will
624 Return the block size of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or
625 \&\fB\s-1EVP_CIPHER_CTX\s0\fR structure. The constant \fB\s-1EVP_MAX_BLOCK_LENGTH\s0\fR is also the
629 Return the type of the passed cipher or context. This \*(L"type\*(R" is the actual \s-1NID\s0
630 of the cipher \s-1OBJECT IDENTIFIER\s0 and as such it ignores the cipher parameters
631 (40 bit \s-1RC2\s0 and 128 bit \s-1RC2\s0 have the same \s-1NID\s0). If the cipher does not have an
632 object identifier or does not have \s-1ASN1\s0 support this function will return
640 context (see \s-1\fBOSSL_LIB_CTX\s0\fR\|(3)) will be considered.
648 \&\fIdata\fR. This is only useful with fetched \fB\s-1EVP_CIPHER\s0\fRs.
655 Returns an \fB\s-1OSSL_PROVIDER\s0\fR pointer to the provider that implements the given
656 \&\fB\s-1EVP_CIPHER\s0\fR.
659 Returns the \fB\s-1EVP_CIPHER\s0\fR structure when passed an \fB\s-1EVP_CIPHER_CTX\s0\fR structure.
665 \&\s-1EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE,
667 EVP_CIPH_WRAP_MODE, EVP_CIPH_OCB_MODE\s0 or \s-1EVP_CIPH_SIV_MODE.\s0
668 If the cipher is a stream cipher then \s-1EVP_CIPH_STREAM_CIPHER\s0 is returned.
671 Returns any flags associated with the cipher. See \*(L"\s-1FLAGS\*(R"\s0
676 Built-in ciphers typically use this to track how much of the current underlying block
688 typically include any parameters and an \s-1IV.\s0 The cipher \s-1IV\s0 (if any) must be set
691 This function may fail if the cipher does not have any \s-1ASN1\s0 support.
694 Sets the cipher parameters based on an \s-1ASN1\s0 AlgorithmIdentifier \*(L"parameter\*(R".
695 The precise effect depends on the cipher. In the case of \fB\s-1RC2\s0\fR, for example,
696 it will set the \s-1IV\s0 and effective key length.
698 the key is set. For example \fBEVP_CipherInit()\fR will be called with the \s-1IV\s0 and
699 key set to \s-1NULL,\s0 \fBEVP_CIPHER_asn1_to_param()\fR will be called and finally
700 \&\fBEVP_CipherInit()\fR again with all parameters except the key set to \s-1NULL.\s0 It is
701 possible for this function to fail if the cipher does not have any \s-1ASN1\s0 support
702 or the parameters cannot be set (for example the \s-1RC2\s0 effective key length
707 The \fB\s-1EVP_CIPHER\s0\fR can provide its own random key generation routine to support
717 See \s-1\fBOSSL_PARAM\s0\fR\|(3) for information about passing parameters.
718 .SS "Gettable \s-1EVP_CIPHER\s0 parameters"
723 \&\fBEVP_CIPHER_get_params()\fR can be used with the following \s-1\fBOSSL_PARAM\s0\fR\|(3) keys:
738 Gets the \s-1IV\s0 length for the associated cipher algorithm \fIcipher\fR.
747 For example \s-1AES\s0 in \s-1CTR\s0 mode has a block size of 1 (because it operates like a
748 stream cipher), even though \s-1AES\s0 has a block size of 16.
753 Gets 1 if this is an \s-1AEAD\s0 cipher algorithm, otherwise it gets 0.
754 Use (EVP_CIPHER_get_flags(cipher) & \s-1EVP_CIPH_FLAG_AEAD_CIPHER\s0) to retrieve the
758 .IX Item "custom-iv (OSSL_CIPHER_PARAM_CUSTOM_IV) <integer>"
759 Gets 1 if the cipher algorithm \fIcipher\fR has a custom \s-1IV,\s0 otherwise it gets 0.
760 Storing and initializing the \s-1IV\s0 is left entirely to the implementation, if a
761 custom \s-1IV\s0 is used.
762 Use (EVP_CIPHER_get_flags(cipher) & \s-1EVP_CIPH_CUSTOM_IV\s0) to retrieve the
771 Use (EVP_CIPHER_get_flags(cipher) & \s-1EVP_CIPH_FLAG_CTS\s0) to retrieve the
775 .IX Item "tls-multi (OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK) <integer>"
778 \&\s-1TLS\s0 ciphers.
779 Use (EVP_CIPHER_get_flags(cipher) & \s-1EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK\s0) to retrieve the
783 .IX Item "has-randkey (OSSL_CIPHER_PARAM_HAS_RANDKEY) <integer>"
784 Gets 1 if the cipher algorithm \fIcipher\fR supports the gettable \s-1EVP_CIPHER_CTX\s0
785 parameter \fB\s-1OSSL_CIPHER_PARAM_RANDOM_KEY\s0\fR. Only \s-1DES\s0 and 3DES set this to 1,
787 .SS "Gettable and Settable \s-1EVP_CIPHER_CTX\s0 parameters"
789 The following \s-1\fBOSSL_PARAM\s0\fR\|(3) keys can be used with both \fBEVP_CIPHER_CTX_get_params(…
801 Built-in ciphers typically use this to track how much of the current underlying
813 Gets or sets the \s-1AEAD\s0 tag for the associated cipher context \fIctx\fR.
814 See \*(L"\s-1AEAD\s0 Interface\*(R" in \fBEVP_EncryptInit\fR\|(3).
818 Gets or sets the effective keybits used for a \s-1RC2\s0 cipher.
824 This is used by the \s-1RC5\s0 cipher.
828 Used to pass the \s-1DER\s0 encoded AlgorithmIdentifier parameter to or from
831 that has the flag \fB\s-1EVP_CIPH_FLAG_CUSTOM_ASN1\s0\fR set.
837 block size. (The block size for \s-1AES\s0 and \s-1CAMELLIA\s0 is 16 bytes).
844 The \s-1NIST\s0 variant of cipher text stealing.
846 using a \*(L"AES-XXX-CBC\*(R" or \*(L"CAMELLIA-XXX-CBC\*(R" cipher otherwise the second last
852 using a \*(L"AES-XXX-CBC\*(R" or \*(L"CAMELLIA-XXX-CBC\*(R" cipher, otherwise it is the same as
853 \&\*(L"\s-1CS3\*(R"\s0 mode.
860 then this is equivalent to using a \*(L"AES-XXX-CBC\*(R" or \*(L"CAMELLIA-XXX-CBC\*(R" cipher.
864 The default is \*(L"\s-1CS1\*(R".\s0
865 This is only supported for \*(L"\s-1AES\-128\-CBC\-CTS\*(R", \*(L"AES\-192\-CBC\-CTS\*(R", \*(L"AES…
866 \&\*(L"CAMELLIA\-128\-CBC\-CTS\*(R", \*(L"CAMELLIA\-192\-CBC\-CTS\*(R"\s0 and \*(L"\s-1CAMELLIA\-25…
873 .SS "Gettable \s-1EVP_CIPHER_CTX\s0 parameters"
875 The following \s-1\fBOSSL_PARAM\s0\fR\|(3) keys can be used with \fBEVP_CIPHER_CTX_get_params()\fR:
879 Gets the \s-1IV\s0 length for the cipher context \fIctx\fR.
885 Gets the \s-1IV\s0 used to initialize the associated cipher context \fIctx\fR.
889 .IX Item "updated-iv (OSSL_CIPHER_PARAM_UPDATED_IV) <octet string OR octet ptr>"
890 Gets the updated pseudo-IV state for the associated cipher context, e.g.,
891 the previous ciphertext block for \s-1CBC\s0 mode or the iteratively encrypted \s-1IV\s0
892 value for \s-1OFB\s0 mode. Note that octet pointer access is deprecated and is
899 cipher context \fIctx\fR. This is currently only supported by \s-1DES\s0 and 3DES (which set
904 Gets the tag length to be used for an \s-1AEAD\s0 cipher for the associated cipher
911 Gets the length of the tag that will be added to a \s-1TLS\s0 record for the \s-1AEAD\s0
919 This is only used for \s-1GCM\s0 mode.
927 Gets the maximum record length for a \s-1TLS1\s0 multiblock cipher operation.
935 .IX Item "tls-mac (OSSL_CIPHER_PARAM_TLS_MAC) <octet ptr>"
936 Used to pass the \s-1TLS MAC\s0 data.
937 .SS "Settable \s-1EVP_CIPHER_CTX\s0 parameters"
939 The following \s-1\fBOSSL_PARAM\s0\fR\|(3) keys can be used with \fBEVP_CIPHER_CTX_set_params()\fR:
943 Sets the \s-1MAC\s0 key used by composite \s-1AEAD\s0 ciphers such as \s-1AES\-CBC\-HMAC\-SHA256.\s0
948 by \s-1AES SIV\s0 ciphers which disallow multiple operations by default.
953 .IX Item "use-bits (OSSL_CIPHER_PARAM_USE_BITS) <unsigned integer>"
954 Determines if the input length \fIinl\fR passed to \fBEVP_EncryptUpdate()\fR,
956 Setting \*(L"use-bits\*(R" to 1 uses bits. The default is in bytes.
957 This is only used for \fB\s-1CFB1\s0\fR ciphers.
959 This can be set using EVP_CIPHER_CTX_set_flags(ctx, \s-1EVP_CIPH_FLAG_LENGTH_BITS\s0).
962 .IX Item "tls-version (OSSL_CIPHER_PARAM_TLS_VERSION) <integer>"
963 Sets the \s-1TLS\s0 version.
966 .IX Item "tls-mac-size (OSSL_CIPHER_PARAM_TLS_MAC_SIZE) <unsigned integer>"
967 Set the \s-1TLS MAC\s0 size.
971 Sets TLSv1.2 \s-1AAD\s0 information for the associated cipher context \fIctx\fR.
972 TLSv1.2 \s-1AAD\s0 information is always 13 bytes in length and is as defined for the
973 \&\*(L"additional_data\*(R" field described in section 6.2.3.3 of \s-1RFC5246.\s0
977 Sets the fixed portion of an \s-1IV\s0 for an \s-1AEAD\s0 cipher used in a \s-1TLS\s0 record
979 \&\s-1TLS\s0 record encryption/decryption always occurs \*(L"in place\*(R" so that the input and
981 \&\s-1AEAD\s0 IVs in TLSv1.2 consist of an implicit \*(L"fixed\*(R" part and an explicit part
983 Setting a \s-1TLS\s0 fixed \s-1IV\s0 changes a cipher to encrypt/decrypt \s-1TLS\s0 records.
984 \&\s-1TLS\s0 records are encrypted/decrypted using a single OSSL_FUNC_cipher_cipher call per
987 part of the \s-1IV\s0 and the final bytes of the input buffer will be the \s-1AEAD\s0 tag.
988 The length of the explicit part of the \s-1IV\s0 and the tag length will depend on the
989 cipher in use and will be defined in the \s-1RFC\s0 for the relevant ciphersuite.
992 was read from, i.e. immediately after the explicit \s-1IV.\s0
995 allow space for the explicit \s-1IV,\s0 as will the final bytes where the tag will
997 The length of the input buffer will include the length of the explicit \s-1IV,\s0 the
999 The cipher implementation should generate the explicit \s-1IV\s0 and write it to the
1006 \&\s-1IV\s0 length and the tag length.
1012 This is only used for \s-1GCM\s0 mode.
1016 Triggers a multiblock \s-1TLS1\s0 encrypt operation for a \s-1TLS1\s0 aware cipher that
1018 The cipher performs both the \s-1MAC\s0 and encrypt stages and constructs the record
1021 \&\*(L"tls1multi_encin\*(R" & \*(L"tls1multi_interleave\*(R" must also be set in order to supply
1026 Supplies the data to encrypt for a \s-1TLS1\s0 multiblock cipher operation.
1030 Sets the maximum send fragment size for a \s-1TLS1\s0 multiblock cipher operation.
1036 Sets the authenticated additional data used by a \s-1TLS1\s0 multiblock cipher operation.
1038 Bytes 0\-7: The sequence number of the first record
1040 Byte 9\-10: The protocol version
1041 Byte 11\-12: Input length (Always 0)
1046 The Mappings from \fBEVP_CIPHER_CTX_ctrl()\fR identifiers to \s-1PARAMETERS\s0 are listed
1047 in the following section. See the \*(L"\s-1PARAMETERS\*(R"\s0 section for more details.
1050 .IP "\s-1EVP_CTRL_AEAD_SET_IVLEN\s0 and \s-1EVP_CTRL_GET_IVLEN\s0" 4
1052 When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR and
1053 \&\fBEVP_CIPHER_CTX_get_params()\fR get called with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the
1054 key \*(L"ivlen\*(R" (\fB\s-1OSSL_CIPHER_PARAM_IVLEN\s0\fR).
1055 .IP "\s-1EVP_CTRL_AEAD_SET_IV_FIXED\s0" 4
1057 When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR gets called
1058 with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the key \*(L"tlsivfixed\*(R"
1059 (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED\s0\fR).
1060 .IP "\s-1EVP_CTRL_AEAD_SET_MAC_KEY\s0" 4
1062 When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR gets called
1063 with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the key \*(L"mackey\*(R"
1064 (\fB\s-1OSSL_CIPHER_PARAM_AEAD_MAC_KEY\s0\fR).
1065 .IP "\s-1EVP_CTRL_AEAD_SET_TAG\s0 and \s-1EVP_CTRL_AEAD_GET_TAG\s0" 4
1067 When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR and
1068 \&\fBEVP_CIPHER_CTX_get_params()\fR get called with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the
1069 key \*(L"tag\*(R" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TAG\s0\fR).
1070 .IP "\s-1EVP_CTRL_CCM_SET_L\s0" 4
1072 When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR gets called
1073 with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the key \*(L"ivlen\*(R" (\fB\s-1OSSL_CIPHER_PARAM_IV…
1074 with a value of (15 \- L)
1075 .IP "\s-1EVP_CTRL_COPY\s0" 4
1077 There is no \s-1OSSL_PARAM\s0 mapping for this. Use \fBEVP_CIPHER_CTX_copy()\fR instead.
1078 .IP "\s-1EVP_CTRL_GCM_SET_IV_INV\s0" 4
1080 When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR gets called
1081 with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the key \*(L"tlsivinv\*(R"
1082 (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV\s0\fR).
1083 .IP "\s-1EVP_CTRL_RAND_KEY\s0" 4
1085 When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR gets called
1086 with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the key \*(L"randkey\*(R"
1087 (\fB\s-1OSSL_CIPHER_PARAM_RANDOM_KEY\s0\fR).
1088 .IP "\s-1EVP_CTRL_SET_KEY_LENGTH\s0" 4
1090 When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR gets called
1091 with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the key \*(L"keylen\*(R" (\fB\s-1OSSL_CIPHER_PARAM_K…
1092 .IP "\s-1EVP_CTRL_SET_RC2_KEY_BITS\s0 and \s-1EVP_CTRL_GET_RC2_KEY_BITS\s0" 4
1094 When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR and
1095 \&\fBEVP_CIPHER_CTX_get_params()\fR get called with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the
1096 key \*(L"keybits\*(R" (\fB\s-1OSSL_CIPHER_PARAM_RC2_KEYBITS\s0\fR).
1097 .IP "\s-1EVP_CTRL_SET_RC5_ROUNDS\s0 and \s-1EVP_CTRL_GET_RC5_ROUNDS\s0" 4
1099 When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR and
1100 \&\fBEVP_CIPHER_CTX_get_params()\fR get called with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the
1101 key \*(L"rounds\*(R" (\fB\s-1OSSL_CIPHER_PARAM_ROUNDS\s0\fR).
1102 .IP "\s-1EVP_CTRL_SET_SPEED\s0" 4
1104 When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR gets called
1105 with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the key \*(L"speed\*(R" (\fB\s-1OSSL_CIPHER_PARAM_SP…
1106 .IP "\s-1EVP_CTRL_GCM_IV_GEN\s0" 4
1108 When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_get_params()\fR gets called
1109 with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the key
1110 \&\*(L"tlsivgen\*(R" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN\s0\fR).
1111 .IP "\s-1EVP_CTRL_AEAD_TLS1_AAD\s0" 4
1113 When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR get called
1114 with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the key
1115 \&\*(L"tlsaad\*(R" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_AAD\s0\fR)
1117 \&\*(L"tlsaadpad\*(R" (\fB\s-1OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD\s0\fR).
1118 .IP "\s-1EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE\s0" 4
1120 When used with a fetched \fB\s-1EVP_CIPHER\s0\fR,
1121 \&\fBEVP_CIPHER_CTX_set_params()\fR gets called with an \s-1\fBOSSL_PARAM\s0\fR\|(3) item with the
1122 key \s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT\s0
1124 \&\*(L"tls1multi_maxbufsz\*(R" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE\s0\fR).
1125 .IP "\s-1EVP_CTRL_TLS1_1_MULTIBLOCK_AAD\s0" 4
1127 When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR gets called
1128 with \s-1\fBOSSL_PARAM\s0\fR\|(3) items with the keys
1129 \&\*(L"tls1multi_aad\*(R" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD\s0\fR) and
1130 \&\*(L"tls1multi_interleave\*(R" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE\s0\fR)
1132 \&\*(L"tls1multi_aadpacklen\*(R" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN\s0\fR) and
1133 \&\*(L"tls1multi_interleave\*(R" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE\s0\fR).
1134 .IP "\s-1EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT\s0" 4
1136 When used with a fetched \fB\s-1EVP_CIPHER\s0\fR, \fBEVP_CIPHER_CTX_set_params()\fR gets called
1137 with \s-1\fBOSSL_PARAM\s0\fR\|(3) items with the keys
1138 \&\*(L"tls1multi_enc\*(R" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC\s0\fR),
1139 \&\*(L"tls1multi_encin\*(R" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN\s0\fR) and
1140 \&\*(L"tls1multi_interleave\*(R" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE\s0\fR),
1142 \&\*(L"tls1multi_enclen\*(R" (\fB\s-1OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN\s0\fR).
1146 can be used to manipulate and test these \fB\s-1EVP_CIPHER_CTX\s0\fR flags:
1147 .IP "\s-1EVP_CIPH_NO_PADDING\s0" 4
1151 See also \*(L"Gettable and Settable \s-1EVP_CIPHER_CTX\s0 parameters\*(R" \*(L"padding\*(R"
1152 .IP "\s-1EVP_CIPH_FLAG_LENGTH_BITS\s0" 4
1154 See \*(L"Settable \s-1EVP_CIPHER_CTX\s0 parameters\*(R" \*(L"use-bits\*(R".
1155 .IP "\s-1EVP_CIPHER_CTX_FLAG_WRAP_ALLOW\s0" 4
1161 have mappings to \*(L"Gettable \s-1EVP_CIPHER\s0 parameters\*(R":
1162 .IP "\s-1EVP_CIPH_FLAG_AEAD_CIPHER\s0" 4
1164 See \*(L"Gettable \s-1EVP_CIPHER\s0 parameters\*(R" \*(L"aead\*(R".
1165 .IP "\s-1EVP_CIPH_CUSTOM_IV\s0" 4
1167 See \*(L"Gettable \s-1EVP_CIPHER\s0 parameters\*(R" \*(L"custom-iv\*(R".
1168 .IP "\s-1EVP_CIPH_FLAG_CTS\s0" 4
1170 See \*(L"Gettable \s-1EVP_CIPHER\s0 parameters\*(R" \*(L"cts\*(R".
1171 .IP "\s-1EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK\s0;" 4
1173 See \*(L"Gettable \s-1EVP_CIPHER\s0 parameters\*(R" \*(L"tls-multi\*(R".
1174 .IP "\s-1EVP_CIPH_RAND_KEY\s0" 4
1176 See \*(L"Gettable \s-1EVP_CIPHER\s0 parameters\*(R" \*(L"has-randkey\*(R".
1179 .IP "\s-1EVP_CIPH_VARIABLE_LENGTH\s0" 4
1182 .IP "\s-1EVP_CIPH_FLAG_CUSTOM_CIPHER\s0" 4
1184 .IP "\s-1EVP_CIPH_ALWAYS_CALL_INIT\s0" 4
1186 .IP "\s-1EVP_CIPH_CTRL_INIT\s0" 4
1188 .IP "\s-1EVP_CIPH_CUSTOM_KEY_LENGTH\s0" 4
1190 .IP "\s-1EVP_CIPH_CUSTOM_COPY\s0" 4
1192 .IP "\s-1EVP_CIPH_FLAG_DEFAULT_ASN1\s0" 4
1199 \&\fBEVP_CIPHER_fetch()\fR returns a pointer to a \fB\s-1EVP_CIPHER\s0\fR for success
1200 and \fB\s-1NULL\s0\fR for failure.
1205 \&\fB\s-1EVP_CIPHER_CTX\s0\fR for success and \fB\s-1NULL\s0\fR for failure.
1217 \&\fB\s-1EVP_CIPH_FLAG_CUSTOM_CIPHER\s0\fR is not set for the cipher.
1219 the number of bytes authenticated in a call specifying \s-1AAD\s0 for an \s-1AEAD\s0 cipher, if the…
1220 \&\fB\s-1EVP_CIPH_FLAG_CUSTOM_CIPHER\s0\fR is set for the cipher.
1225 return an \fB\s-1EVP_CIPHER\s0\fR structure or \s-1NULL\s0 on error.
1227 \&\fBEVP_CIPHER_get_nid()\fR and \fBEVP_CIPHER_CTX_get_nid()\fR return a \s-1NID.\s0
1237 \&\fBEVP_CIPHER_get_iv_length()\fR and \fBEVP_CIPHER_CTX_get_iv_length()\fR return the \s-1IV\s0
1238 length or zero if the cipher does not use an \s-1IV.\s0
1243 \&\fBEVP_CIPHER_get_type()\fR and \fBEVP_CIPHER_CTX_get_type()\fR return the \s-1NID\s0 of the
1244 cipher's \s-1OBJECT IDENTIFIER\s0 or NID_undef if it has no defined
1245 \&\s-1OBJECT IDENTIFIER.\s0
1247 \&\fBEVP_CIPHER_CTX_cipher()\fR returns an \fB\s-1EVP_CIPHER\s0\fR structure.
1250 \&\fB\s-1EVP_CTRL_RET_UNSUPPORTED\s0\fR if the implementation does not support the call
1271 Refer to \*(L"\s-1SEE ALSO\*(R"\s0 for the full list of ciphers available through the \s-1EVP\s0
1278 The \s-1EVP\s0 interface for Authenticated Encryption with Associated Data (\s-1AEAD\s0)
1282 To specify additional authenticated data (\s-1AAD\s0), a call to \fBEVP_CipherUpdate()\fR,
1284 parameter \fIout\fR set to \fB\s-1NULL\s0\fR. In this case, on success, the parameter
1289 the authentication operation has failed and any output data \fB\s-1MUST NOT\s0\fR be used
1291 .SS "\s-1GCM\s0 and \s-1OCB\s0 Modes"
1293 The following \fIctrl\fRs are supported in \s-1GCM\s0 and \s-1OCB\s0 modes.
1294 .IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_IVLEN,\s0 ivlen, \s-1NULL\s0)" 4
1296 Sets the \s-1IV\s0 length. This call can only be made before specifying an \s-1IV.\s0 If
1297 not called a default \s-1IV\s0 length is used.
1299 For \s-1GCM AES\s0 and \s-1OCB AES\s0 the default is 12 (i.e. 96 bits). For \s-1OCB\s0 mode the
1301 .IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_GET_TAG,\s0 taglen, tag)" 4
1307 For \s-1OCB,\s0 \f(CW\*(C`taglen\*(C'\fR must either be 16 or the value previously set via
1308 \&\fB\s-1EVP_CTRL_AEAD_SET_TAG\s0\fR.
1309 .IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_TAG,\s0 taglen, tag)" 4
1316 For \s-1GCM,\s0 this call is only valid when decrypting data.
1318 For \s-1OCB,\s0 this call is valid when decrypting data to set the expected tag,
1321 In \s-1OCB\s0 mode, calling this when encrypting with \f(CW\*(C`tag\*(C'\fR set to \f(CW\*(C`NULL\*…
1322 tag length. The tag length can only be set before specifying an \s-1IV.\s0 If this is
1323 not called prior to setting the \s-1IV\s0 during encryption, then a default tag length
1326 For \s-1OCB AES,\s0 the default tag length is 16 (i.e. 128 bits). It is also the
1327 maximum tag length for \s-1OCB.\s0
1328 .SS "\s-1CCM\s0 Mode"
1330 The \s-1EVP\s0 interface for \s-1CCM\s0 mode is similar to that of the \s-1GCM\s0 mode but with a
1333 For \s-1CCM\s0 mode, the total plaintext or ciphertext length \fB\s-1MUST\s0\fR be passed to
1335 and input parameters (\fIin\fR and \fIout\fR) set to \fB\s-1NULL\s0\fR and the length passed in
1336 the \fIinl\fR parameter.
1338 The following \fIctrl\fRs are supported in \s-1CCM\s0 mode.
1339 .IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_TAG,\s0 taglen, tag)" 4
1341 This call is made to set the expected \fB\s-1CCM\s0\fR tag value when decrypting or
1342 the length of the tag (with the \f(CW\*(C`tag\*(C'\fR parameter set to \s-1NULL\s0) when encrypting.
1344 used (12 for \s-1AES\s0). When decrypting, the tag needs to be set before passing
1345 in data to be decrypted, but as in \s-1GCM\s0 and \s-1OCB\s0 mode, it can be set after
1346 passing additional authenticated data (see \*(L"\s-1AEAD INTERFACE\*(R"\s0).
1347 .IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_CCM_SET_L,\s0 ivlen, \s-1NULL\s0)" 4
1349 Sets the \s-1CCM\s0 \fBL\fR value. If not set a default is used (8 for \s-1AES\s0).
1350 .IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_IVLEN,\s0 ivlen, \s-1NULL\s0)" 4
1352 Sets the \s-1CCM\s0 nonce (\s-1IV\s0) length. This call can only be made before specifying a
1353 nonce value. The nonce length is given by \fB15 \- L\fR so it is 7 by default for
1354 \&\s-1AES.\s0
1355 .SS "\s-1SIV\s0 Mode"
1357 For \s-1SIV\s0 mode ciphers the behaviour of the \s-1EVP\s0 interface is subtly
1360 To specify any additional authenticated data (\s-1AAD\s0) and/or a Nonce, a call to
1362 with the output parameter \fIout\fR set to \fB\s-1NULL\s0\fR.
1364 \&\s-1RFC5297\s0 states that the Nonce is the last piece of \s-1AAD\s0 before the actual
1365 encrypt/decrypt takes place. The \s-1API\s0 does not differentiate the Nonce from
1366 other \s-1AAD.\s0
1370 the authentication operation has failed and any output data \fB\s-1MUST NOT\s0\fR
1373 The \s-1API\s0 does not store the the \s-1SIV\s0 (Synthetic Initialization Vector) in
1374 the cipher text. Instead, it is stored as the tag within the \s-1EVP_CIPHER_CTX.\s0
1375 The \s-1SIV\s0 must be retrieved from the context after encryption, and set into
1378 This differs from \s-1RFC5297\s0 in that the cipher output from encryption, and
1379 the cipher input to decryption, does not contain the \s-1SIV.\s0 This also means
1382 The following ctrls are supported in \s-1SIV\s0 mode, and are used to get and set
1384 .IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_GET_TAG,\s0 taglen, tag);" 4
1389 call). For \s-1SIV\s0 mode the taglen must be 16.
1390 .IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_TAG,\s0 taglen, tag);" 4
1395 calls). For \s-1SIV\s0 mode the taglen must be 16.
1397 \&\s-1SIV\s0 mode makes two passes over the input data, thus, only one call to
1399 with \fIout\fR set to a non\-\fB\s-1NULL\s0\fR value. A call to \fBEVP_DecryptFinal()\fR or
1402 .SS "ChaCha20\-Poly1305"
1403 .IX Subsection "ChaCha20-Poly1305"
1404 The following \fIctrl\fRs are supported for the ChaCha20\-Poly1305 \s-1AEAD\s0 algorithm.
1405 .IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_IVLEN,\s0 ivlen, \s-1NULL\s0)" 4
1411 .IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_GET_TAG,\s0 taglen, tag)" 4
1417 \&\f(CW\*(C`taglen\*(C'\fR specified here must be 16 (\fB\s-1POLY1305_BLOCK_SIZE\s0\fR, i.e. 128\-b…
1419 .IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_TAG,\s0 taglen, tag)" 4
1422 The tag length can only be set before specifying an \s-1IV.\s0
1423 \&\f(CW\*(C`taglen\*(C'\fR must be between 1 and 16 (\fB\s-1POLY1305_BLOCK_SIZE\s0\fR) inclusive.
1427 Where possible the \fB\s-1EVP\s0\fR interface to symmetric ciphers should be used in
1428 preference to the low-level interfaces. This is because the code then becomes
1430 \&\fB\s-1EVP\s0\fR interface will ensure the use of platform specific cryptographic
1431 acceleration such as AES-NI (the low-level interfaces do not provide the
1434 \&\s-1PKCS\s0 padding works by adding \fBn\fR padding bytes of value \fBn\fR to make the total
1462 not allow step-by-step initialization of the ctx when the \fIkey\fR and \fIiv\fR are
1463 passed in separate calls. It also means that the flags set for the \s-1CTX\s0 are
1465 \&\fB\s-1EVP_CIPHER_CTX_FLAG_WRAP_ALLOW\s0\fR flag treated specially in
1468 Ignoring failure returns of the \fB\s-1EVP_CIPHER_CTX\s0\fR initialization functions can
1470 finalize the context. The only valid calls on the \fB\s-1EVP_CIPHER_CTX\s0\fR when
1477 \&\fB\s-1EVP_MAX_KEY_LENGTH\s0\fR and \fB\s-1EVP_MAX_IV_LENGTH\s0\fR only refer to the internal
1481 \&\fB\s-1EVP_MAX_KEY_LENGTH\s0\fR bytes.
1483 The \s-1ASN1\s0 code is incomplete (and sometimes inaccurate) it has only been tested
1484 for certain common S/MIME ciphers (\s-1RC2, DES,\s0 triple \s-1DES\s0) in \s-1CBC\s0 mode.
1487 Encrypt a string using \s-1IDEA:\s0
1548 \& openssl idea \-d \e
1549 \& \-K 000102030405060708090A0B0C0D0E0F \-iv 0102030405060708 <filename
1552 General encryption and decryption function example using \s-1FILE I/O\s0 and \s-1AES128\s0
1553 with a 128\-bit key:
1610 Encryption using AES-CBC with a 256\-bit key with \*(L"\s-1CS1\*(R"\s0 ciphertext stealing.
1628 \& cipher = EVP_CIPHER_fetch(NULL, "AES\-256\-CBC\-CTS", NULL);
1659 \&\*(L"\s-1ALGORITHM FETCHING\*(R"\s0 in \fBcrypto\fR\|(7),
1660 \&\fBprovider\-cipher\fR\|(7),
1661 \&\fBlife_cycle\-cipher\fR\|(7)
1681 Support for \s-1OCB\s0 mode was added in OpenSSL 1.1.0.
1683 \&\fB\s-1EVP_CIPHER_CTX\s0\fR was made opaque in OpenSSL 1.1.0. As a result,
1707 OpenSSL 3.0, respectively. The old names are kept as non-deprecated
1712 non-deprecated alias macro.
1717 Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved.
1721 in the file \s-1LICENSE\s0 in the source distribution or at