1=pod 2 3=head1 NAME 4 5EVP_CIPHER_fetch, 6EVP_CIPHER_up_ref, 7EVP_CIPHER_free, 8EVP_CIPHER_CTX_new, 9EVP_CIPHER_CTX_reset, 10EVP_CIPHER_CTX_free, 11EVP_CIPHER_CTX_dup, 12EVP_CIPHER_CTX_copy, 13EVP_EncryptInit_ex, 14EVP_EncryptInit_ex2, 15EVP_EncryptUpdate, 16EVP_EncryptFinal_ex, 17EVP_DecryptInit_ex, 18EVP_DecryptInit_ex2, 19EVP_DecryptUpdate, 20EVP_DecryptFinal_ex, 21EVP_CipherInit_ex, 22EVP_CipherInit_ex2, 23EVP_CipherInit_SKEY, 24EVP_CipherUpdate, 25EVP_CipherFinal_ex, 26EVP_CIPHER_CTX_set_key_length, 27EVP_CIPHER_CTX_ctrl, 28EVP_EncryptInit, 29EVP_EncryptFinal, 30EVP_DecryptInit, 31EVP_DecryptFinal, 32EVP_CipherInit, 33EVP_CipherFinal, 34EVP_Cipher, 35EVP_CIPHER_can_pipeline, 36EVP_CipherPipelineEncryptInit, 37EVP_CipherPipelineDecryptInit, 38EVP_CipherPipelineUpdate, 39EVP_CipherPipelineFinal, 40EVP_get_cipherbyname, 41EVP_get_cipherbynid, 42EVP_get_cipherbyobj, 43EVP_CIPHER_is_a, 44EVP_CIPHER_get0_name, 45EVP_CIPHER_get0_description, 46EVP_CIPHER_names_do_all, 47EVP_CIPHER_get0_provider, 48EVP_CIPHER_get_nid, 49EVP_CIPHER_get_params, 50EVP_CIPHER_gettable_params, 51EVP_CIPHER_get_block_size, 52EVP_CIPHER_get_key_length, 53EVP_CIPHER_get_iv_length, 54EVP_CIPHER_get_flags, 55EVP_CIPHER_get_mode, 56EVP_CIPHER_get_type, 57EVP_CIPHER_CTX_cipher, 58EVP_CIPHER_CTX_get0_cipher, 59EVP_CIPHER_CTX_get1_cipher, 60EVP_CIPHER_CTX_get0_name, 61EVP_CIPHER_CTX_get_nid, 62EVP_CIPHER_CTX_get_params, 63EVP_CIPHER_gettable_ctx_params, 64EVP_CIPHER_CTX_gettable_params, 65EVP_CIPHER_CTX_set_params, 66EVP_CIPHER_settable_ctx_params, 67EVP_CIPHER_CTX_settable_params, 68EVP_CIPHER_CTX_get_block_size, 69EVP_CIPHER_CTX_get_key_length, 70EVP_CIPHER_CTX_get_iv_length, 71EVP_CIPHER_CTX_get_tag_length, 72EVP_CIPHER_CTX_flags, 73EVP_CIPHER_CTX_set_flags, 74EVP_CIPHER_CTX_clear_flags, 75EVP_CIPHER_CTX_test_flags, 76EVP_CIPHER_CTX_get_type, 77EVP_CIPHER_CTX_get_mode, 78EVP_CIPHER_CTX_get_num, 79EVP_CIPHER_CTX_set_num, 80EVP_CIPHER_CTX_is_encrypting, 81EVP_CIPHER_param_to_asn1, 82EVP_CIPHER_asn1_to_param, 83EVP_CIPHER_CTX_set_padding, 84EVP_enc_null, 85EVP_CIPHER_do_all_provided, 86EVP_CIPHER_nid, 87EVP_CIPHER_name, 88EVP_CIPHER_block_size, 89EVP_CIPHER_key_length, 90EVP_CIPHER_iv_length, 91EVP_CIPHER_flags, 92EVP_CIPHER_mode, 93EVP_CIPHER_type, 94EVP_CIPHER_CTX_encrypting, 95EVP_CIPHER_CTX_nid, 96EVP_CIPHER_CTX_block_size, 97EVP_CIPHER_CTX_key_length, 98EVP_CIPHER_CTX_iv_length, 99EVP_CIPHER_CTX_tag_length, 100EVP_CIPHER_CTX_num, 101EVP_CIPHER_CTX_type, 102EVP_CIPHER_CTX_mode 103- EVP cipher routines 104 105=head1 SYNOPSIS 106 107=for openssl generic 108 109 #include <openssl/evp.h> 110 111 EVP_CIPHER *EVP_CIPHER_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, 112 const char *properties); 113 int EVP_CIPHER_up_ref(EVP_CIPHER *cipher); 114 void EVP_CIPHER_free(EVP_CIPHER *cipher); 115 EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); 116 int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx); 117 void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx); 118 EVP_CIPHER_CTX *EVP_CIPHER_CTX_dup(const EVP_CIPHER_CTX *in); 119 int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in); 120 121 int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, 122 ENGINE *impl, const unsigned char *key, const unsigned char *iv); 123 int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, 124 const unsigned char *key, const unsigned char *iv, 125 const OSSL_PARAM params[]); 126 int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, 127 int *outl, const unsigned char *in, int inl); 128 int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); 129 130 int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, 131 ENGINE *impl, const unsigned char *key, const unsigned char *iv); 132 int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, 133 const unsigned char *key, const unsigned char *iv, 134 const OSSL_PARAM params[]); 135 int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, 136 int *outl, const unsigned char *in, int inl); 137 int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); 138 139 int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, 140 ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc); 141 int EVP_CipherInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, 142 const unsigned char *key, const unsigned char *iv, 143 int enc, const OSSL_PARAM params[]); 144 int EVP_CipherInit_SKEY(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, 145 EVP_SKEY *skey, const unsigned char *iv, size_t iv_len, 146 int enc, const OSSL_PARAM params[]); 147 int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, 148 int *outl, const unsigned char *in, int inl); 149 int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); 150 151 int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, 152 const unsigned char *key, const unsigned char *iv); 153 int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); 154 155 int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, 156 const unsigned char *key, const unsigned char *iv); 157 int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); 158 159 int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, 160 const unsigned char *key, const unsigned char *iv, int enc); 161 int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); 162 163 int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 164 const unsigned char *in, unsigned int inl); 165 166 int EVP_CIPHER_can_pipeline(const EVP_CIPHER *cipher, int enc); 167 int EVP_CipherPipelineEncryptInit(EVP_CIPHER_CTX *ctx, 168 const EVP_CIPHER *cipher, 169 const unsigned char *key, size_t keylen, 170 size_t numpipes, 171 const unsigned char **iv, size_t ivlen); 172 int EVP_CipherPipelineDecryptInit(EVP_CIPHER_CTX *ctx, 173 const EVP_CIPHER *cipher, 174 const unsigned char *key, size_t keylen, 175 size_t numpipes, 176 const unsigned char **iv, size_t ivlen); 177 int EVP_CipherPipelineUpdate(EVP_CIPHER_CTX *ctx, 178 unsigned char **out, size_t *outl, 179 const size_t *outsize, 180 const unsigned char **in, const size_t *inl); 181 int EVP_CipherPipelineFinal(EVP_CIPHER_CTX *ctx, 182 unsigned char **outm, size_t *outl, 183 const size_t *outsize); 184 185 int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding); 186 int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); 187 int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int cmd, int p1, void *p2); 188 int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key); 189 void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); 190 void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags); 191 int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags); 192 193 const EVP_CIPHER *EVP_get_cipherbyname(const char *name); 194 const EVP_CIPHER *EVP_get_cipherbynid(int nid); 195 const EVP_CIPHER *EVP_get_cipherbyobj(const ASN1_OBJECT *a); 196 197 int EVP_CIPHER_get_nid(const EVP_CIPHER *e); 198 int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name); 199 int EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher, 200 void (*fn)(const char *name, void *data), 201 void *data); 202 const char *EVP_CIPHER_get0_name(const EVP_CIPHER *cipher); 203 const char *EVP_CIPHER_get0_description(const EVP_CIPHER *cipher); 204 const OSSL_PROVIDER *EVP_CIPHER_get0_provider(const EVP_CIPHER *cipher); 205 int EVP_CIPHER_get_block_size(const EVP_CIPHER *e); 206 int EVP_CIPHER_get_key_length(const EVP_CIPHER *e); 207 int EVP_CIPHER_get_iv_length(const EVP_CIPHER *e); 208 unsigned long EVP_CIPHER_get_flags(const EVP_CIPHER *e); 209 unsigned long EVP_CIPHER_get_mode(const EVP_CIPHER *e); 210 int EVP_CIPHER_get_type(const EVP_CIPHER *cipher); 211 212 const EVP_CIPHER *EVP_CIPHER_CTX_get0_cipher(const EVP_CIPHER_CTX *ctx); 213 EVP_CIPHER *EVP_CIPHER_CTX_get1_cipher(const EVP_CIPHER_CTX *ctx); 214 int EVP_CIPHER_CTX_get_nid(const EVP_CIPHER_CTX *ctx); 215 const char *EVP_CIPHER_CTX_get0_name(const EVP_CIPHER_CTX *ctx); 216 217 int EVP_CIPHER_get_params(EVP_CIPHER *cipher, OSSL_PARAM params[]); 218 int EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX *ctx, const OSSL_PARAM params[]); 219 int EVP_CIPHER_CTX_get_params(EVP_CIPHER_CTX *ctx, OSSL_PARAM params[]); 220 const OSSL_PARAM *EVP_CIPHER_gettable_params(const EVP_CIPHER *cipher); 221 const OSSL_PARAM *EVP_CIPHER_settable_ctx_params(const EVP_CIPHER *cipher); 222 const OSSL_PARAM *EVP_CIPHER_gettable_ctx_params(const EVP_CIPHER *cipher); 223 const OSSL_PARAM *EVP_CIPHER_CTX_settable_params(EVP_CIPHER_CTX *ctx); 224 const OSSL_PARAM *EVP_CIPHER_CTX_gettable_params(EVP_CIPHER_CTX *ctx); 225 int EVP_CIPHER_CTX_get_block_size(const EVP_CIPHER_CTX *ctx); 226 int EVP_CIPHER_CTX_get_key_length(const EVP_CIPHER_CTX *ctx); 227 int EVP_CIPHER_CTX_get_iv_length(const EVP_CIPHER_CTX *ctx); 228 int EVP_CIPHER_CTX_get_tag_length(const EVP_CIPHER_CTX *ctx); 229 int EVP_CIPHER_CTX_get_type(const EVP_CIPHER_CTX *ctx); 230 int EVP_CIPHER_CTX_get_mode(const EVP_CIPHER_CTX *ctx); 231 int EVP_CIPHER_CTX_get_num(const EVP_CIPHER_CTX *ctx); 232 int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num); 233 int EVP_CIPHER_CTX_is_encrypting(const EVP_CIPHER_CTX *ctx); 234 235 int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); 236 int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); 237 238 void EVP_CIPHER_do_all_provided(OSSL_LIB_CTX *libctx, 239 void (*fn)(EVP_CIPHER *cipher, void *arg), 240 void *arg); 241 242 #define EVP_CIPHER_nid EVP_CIPHER_get_nid 243 #define EVP_CIPHER_name EVP_CIPHER_get0_name 244 #define EVP_CIPHER_block_size EVP_CIPHER_get_block_size 245 #define EVP_CIPHER_key_length EVP_CIPHER_get_key_length 246 #define EVP_CIPHER_iv_length EVP_CIPHER_get_iv_length 247 #define EVP_CIPHER_flags EVP_CIPHER_get_flags 248 #define EVP_CIPHER_mode EVP_CIPHER_get_mode 249 #define EVP_CIPHER_type EVP_CIPHER_get_type 250 #define EVP_CIPHER_CTX_encrypting EVP_CIPHER_CTX_is_encrypting 251 #define EVP_CIPHER_CTX_nid EVP_CIPHER_CTX_get_nid 252 #define EVP_CIPHER_CTX_block_size EVP_CIPHER_CTX_get_block_size 253 #define EVP_CIPHER_CTX_key_length EVP_CIPHER_CTX_get_key_length 254 #define EVP_CIPHER_CTX_iv_length EVP_CIPHER_CTX_get_iv_length 255 #define EVP_CIPHER_CTX_tag_length EVP_CIPHER_CTX_get_tag_length 256 #define EVP_CIPHER_CTX_num EVP_CIPHER_CTX_get_num 257 #define EVP_CIPHER_CTX_type EVP_CIPHER_CTX_get_type 258 #define EVP_CIPHER_CTX_mode EVP_CIPHER_CTX_get_mode 259 260The following function has been deprecated since OpenSSL 3.0, and can be 261hidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable version value, 262see L<openssl_user_macros(7)>: 263 264 const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); 265 266The following function has been deprecated since OpenSSL 1.1.0, and can be 267hidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable version value, 268see L<openssl_user_macros(7)>: 269 270 int EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx); 271 272=head1 DESCRIPTION 273 274The EVP cipher routines are a high-level interface to certain 275symmetric ciphers. 276 277The B<EVP_CIPHER> type is a structure for cipher method implementation. 278 279=over 4 280 281=item EVP_CIPHER_fetch() 282 283Fetches the cipher implementation for the given I<algorithm> from any provider 284offering it, within the criteria given by the I<properties>. 285See L<crypto(7)/ALGORITHM FETCHING> for further information. 286 287The returned value must eventually be freed with EVP_CIPHER_free(). 288 289Fetched B<EVP_CIPHER> structures are reference counted. 290 291=item EVP_CIPHER_up_ref() 292 293Increments the reference count for an B<EVP_CIPHER> structure. 294 295=item EVP_CIPHER_free() 296 297Decrements the reference count for the fetched B<EVP_CIPHER> structure. 298If the reference count drops to 0 then the structure is freed. 299If the argument is NULL, nothing is done. 300 301=item EVP_CIPHER_CTX_new() 302 303Allocates and returns a cipher context. 304 305=item EVP_CIPHER_CTX_free() 306 307Clears all information from a cipher context and frees any allocated memory 308associated with it, including I<ctx> itself. This function should be called 309after all operations using a cipher are complete so sensitive information does 310not remain in memory. If the argument is NULL, nothing is done. 311 312=item EVP_CIPHER_CTX_dup() 313 314Can be used to duplicate the cipher state from I<in>. This is useful 315to avoid multiple EVP_CIPHER_fetch() calls or if large amounts of data are to be 316fed which only differ in the last few bytes. 317 318=item EVP_CIPHER_CTX_copy() 319 320Can be used to copy the cipher state from I<in> to I<out>. 321 322=item EVP_CIPHER_CTX_ctrl() 323 324I<This is a legacy method.> EVP_CIPHER_CTX_set_params() and 325EVP_CIPHER_CTX_get_params() is the mechanism that should be used to set and get 326parameters that are used by providers. 327 328Performs cipher-specific control actions on context I<ctx>. The control command 329is indicated in I<cmd> and any additional arguments in I<p1> and I<p2>. 330EVP_CIPHER_CTX_ctrl() must be called after EVP_CipherInit_ex2(). Other restrictions 331may apply depending on the control type and cipher implementation. 332 333If this function happens to be used with a fetched B<EVP_CIPHER>, it will 334translate the controls that are known to OpenSSL into L<OSSL_PARAM(3)> 335parameters with keys defined by OpenSSL and call EVP_CIPHER_CTX_get_params() or 336EVP_CIPHER_CTX_set_params() as is appropriate for each control command. 337 338See L</CONTROLS> below for more information, including what translations are 339being done. 340 341=item EVP_CIPHER_get_params() 342 343Retrieves the requested list of algorithm I<params> from a CIPHER I<cipher>. 344See L</PARAMETERS> below for more information. 345 346=item EVP_CIPHER_CTX_get_params() 347 348Retrieves the requested list of I<params> from CIPHER context I<ctx>. 349See L</PARAMETERS> below for more information. 350 351=item EVP_CIPHER_CTX_set_params() 352 353Sets the list of I<params> into a CIPHER context I<ctx>. 354See L</PARAMETERS> below for more information. 355 356=item EVP_CIPHER_gettable_params() 357 358Get a constant L<OSSL_PARAM(3)> array that describes the retrievable parameters 359that can be used with EVP_CIPHER_get_params(). 360 361=item EVP_CIPHER_gettable_ctx_params() and EVP_CIPHER_CTX_gettable_params() 362 363Get a constant L<OSSL_PARAM(3)> array that describes the retrievable parameters 364that can be used with EVP_CIPHER_CTX_get_params(). 365EVP_CIPHER_gettable_ctx_params() returns the parameters that can be retrieved 366from the algorithm, whereas EVP_CIPHER_CTX_gettable_params() returns the 367parameters that can be retrieved in the context's current state. 368 369=item EVP_CIPHER_settable_ctx_params() and EVP_CIPHER_CTX_settable_params() 370 371Get a constant L<OSSL_PARAM(3)> array that describes the settable parameters 372that can be used with EVP_CIPHER_CTX_set_params(). 373EVP_CIPHER_settable_ctx_params() returns the parameters that can be set from the 374algorithm, whereas EVP_CIPHER_CTX_settable_params() returns the parameters that 375can be set in the context's current state. 376 377=item EVP_EncryptInit_ex2() 378 379Sets up cipher context I<ctx> for encryption with cipher I<type>. I<ctx> B<MUST NOT> be NULL. 380I<type> is typically supplied by calling EVP_CIPHER_fetch(). I<type> may also be set 381using legacy functions such as EVP_aes_256_cbc(), but this is not recommended 382for new applications. I<key> is the symmetric key to use and I<iv> is the IV to 383use (if necessary), the actual number of bytes used for the key and IV depends 384on the cipher. The parameters I<params> will be set on the context after 385initialisation. It is possible to set all parameters to NULL except I<type> in 386an initial call and supply the remaining parameters in subsequent calls, all of 387which have I<type> set to NULL. This is done when the default cipher parameters 388are not appropriate. 389For B<EVP_CIPH_GCM_MODE> the IV will be generated internally if it is not 390specified. 391 392=item EVP_EncryptInit_ex() 393 394This legacy function is similar to EVP_EncryptInit_ex2() when I<impl> is NULL. 395The implementation of the I<type> from the I<impl> engine will be used if it 396exists. 397 398=item EVP_EncryptUpdate() 399 400Encrypts I<inl> bytes from the buffer I<in> and writes the encrypted version to 401I<out>. The pointers I<out> and I<in> may point to the same location, in which 402case the encryption will be done in-place. However, in-place encryption is 403guaranteed to work only if the encryption context (I<ctx>) has processed data in 404multiples of the block size. If the context contains an incomplete data block 405from previous operations, in-place encryption will fail. I<ctx> B<MUST NOT> be NULL. 406 407If I<out> and I<in> point to different locations, the two buffers must be 408disjoint, otherwise the operation might fail or the outcome might be undefined. 409 410This function can be called multiple times to encrypt successive blocks 411of data. The amount of data written depends on the block alignment of the 412encrypted data. 413For most ciphers and modes, the amount of data written can be anything 414from zero bytes to (inl + cipher_block_size - 1) bytes. 415For wrap cipher modes, the amount of data written can be anything 416from zero bytes to (inl + cipher_block_size) bytes. 417For stream ciphers, the amount of data written can be anything from zero 418bytes to inl bytes. 419Thus, the buffer pointed to by I<out> must contain sufficient room for the 420operation being performed. 421The actual number of bytes written is placed in I<outl>. 422 423If padding is enabled (the default) then EVP_EncryptFinal_ex() encrypts 424the "final" data, that is any data that remains in a partial block. 425It uses standard block padding (aka PKCS padding) as described in 426the NOTES section, below. The encrypted 427final data is written to I<out> which should have sufficient space for 428one cipher block. The number of bytes written is placed in I<outl>. After 429this function is called the encryption operation is finished and no further 430calls to EVP_EncryptUpdate() should be made. 431 432If padding is disabled then EVP_EncryptFinal_ex() will not encrypt any more 433data and it will return an error if any data remains in a partial block: 434that is if the total data length is not a multiple of the block size. 435 436=item EVP_DecryptInit_ex2(), EVP_DecryptInit_ex(), EVP_DecryptUpdate() 437and EVP_DecryptFinal_ex() 438 439These functions are the corresponding decryption operations. 440EVP_DecryptFinal() will return an error code if padding is enabled and the 441final block is not correctly formatted. The parameters and restrictions are 442identical to the encryption operations. I<ctx> B<MUST NOT> be NULL. 443 444=item EVP_CipherInit_ex2(), EVP_CipherInit_ex(), EVP_CipherUpdate() and 445EVP_CipherFinal_ex() 446 447These functions can be used for decryption or encryption. The operation 448performed depends on the value of the I<enc> parameter. It should be set to 1 449for encryption, 0 for decryption and -1 to leave the value unchanged 450(the actual value of 'enc' being supplied in a previous call). 451 452=item EVP_CipherInit_SKEY() 453 454This function is similar to EVP_CipherInit_ex2() but accepts a 455symmetric key object of type I<EVP_SKEY> as a key. 456 457=item EVP_CIPHER_CTX_reset() 458 459Clears all information from a cipher context and free up any allocated memory 460associated with it, except the I<ctx> itself. This function should be called 461anytime I<ctx> is reused by another 462EVP_CipherInit() / EVP_CipherUpdate() / EVP_CipherFinal() series of calls. 463 464=item EVP_EncryptInit(), EVP_DecryptInit() and EVP_CipherInit() 465 466Behave in a similar way to EVP_EncryptInit_ex(), EVP_DecryptInit_ex() and 467EVP_CipherInit_ex() except if the I<type> is not a fetched cipher they use the 468default implementation of the I<type>. 469 470=item EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() 471 472Identical to EVP_EncryptFinal_ex(), EVP_DecryptFinal_ex() and 473EVP_CipherFinal_ex(). In previous releases they also cleaned up 474the I<ctx>, but this is no longer done and EVP_CIPHER_CTX_cleanup() 475must be called to free any context resources. 476 477=item EVP_Cipher() 478 479Encrypts or decrypts a maximum I<inl> amount of bytes from I<in> and leaves the 480result in I<out>. 481 482For legacy ciphers - If the cipher doesn't have the flag 483B<EVP_CIPH_FLAG_CUSTOM_CIPHER> set, then I<inl> must be a multiple of 484EVP_CIPHER_get_block_size(). If it isn't, the result is undefined. If the cipher 485has that flag set, then I<inl> can be any size. 486 487Due to the constraints of the API contract of this function it shouldn't be used 488in applications, please consider using EVP_CipherUpdate() and 489EVP_CipherFinal_ex() instead. 490 491=item EVP_CIPHER_can_pipeline() 492 493This function checks if a B<EVP_CIPHER> fetched using EVP_CIPHER_fetch() supports 494cipher pipelining. If the cipher supports pipelining, it returns 1, otherwise 0. 495This function will return 0 for non-fetched ciphers such as EVP_aes_128_gcm(). 496There are currently no built-in ciphers that support pipelining. 497 498Cipher pipelining support allows an application to submit multiple chunks of 499data in one set of EVP_CipherUpdate()/EVP_CipherFinal calls, thereby allowing 500the provided implementation to take advantage of parallel computing. This is 501beneficial for hardware accelerators as pipeline amortizes the latency over 502multiple chunks. 503 504For non-fetched ciphers, EVP_CipherPipelineEncryptInit() or 505EVP_CipherPipelineDecryptInit() may be directly called, which will perform a 506fetch and return an error if a pipeline supported implementation is not found. 507 508=item EVP_CipherPipelineEncryptInit(), EVP_CipherPipelineDecryptInit(), EVP_CipherPipelineUpdate() and EVP_CipherPipelineFinal() 509 510These functions can be used to perform multiple encryption or decryption 511operations in parallel. EVP_CIPHER_can_pipeline() may be called to check if the 512cipher supports pipelining. These functions are analogous to 513EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2(), EVP_CipherUpdate() and 514EVP_CipherFinal() but take an array of pointers for iv, input and output buffers. 515 516The I<key>, of length I<keylen>, is the symmetric key to use. The I<numpipes> 517parameter specifies the number of parallel operations to perform. The 518I<numpipes> cannot exceed B<EVP_MAX_PIPES>. The I<iv> parameter is an array of 519buffer pointers, containing IVs. The array size must be equal to I<numpipes>. 520The size of each IV buffer must be equal to I<ivlen>. When IV is not provided, 521I<iv> must be NULL, rather than an array of NULL pointers. The I<in> 522parameters takes an array of buffer pointers, each pointing to a buffer 523containing the input data. The buffers can be of different sizes. The I<inl> 524parameter is an array of size_t, each specifying the size of the corresponding 525input buffer. The I<out> and I<outm> parameters are arrays of buffer pointers, 526each pointing to a buffer where the output data will be written. The I<outsize> 527parameter is an array of size_t, each specifying the size of the corresponding 528output buffer. The I<outl> parameter is an array of size_t which will be updated 529with the size of the output data written to the corresponding output buffer. 530For size requirement of the output buffers, see the description of EVP_CipherUpdate(). 531 532The EVP_CipherPipelineUpdate() function can be called multiple times to encrypt 533successive blocks of data. For AAD data, the I<out>, and I<outsize> parameter 534should be NULL, rather than an array of NULL pointers. 535 536=item EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj() 537 538Returns an B<EVP_CIPHER> structure when passed a cipher name, a cipher B<NID> or 539an B<ASN1_OBJECT> structure respectively. 540 541EVP_get_cipherbyname() will return NULL for algorithms such as "AES-128-SIV", 542"AES-128-CBC-CTS" and "CAMELLIA-128-CBC-CTS" which were previously only 543accessible via low level interfaces. 544 545The EVP_get_cipherbyname() function is present for backwards compatibility with 546OpenSSL prior to version 3 and is different to the EVP_CIPHER_fetch() function 547since it does not attempt to "fetch" an implementation of the cipher. 548Additionally, it only knows about ciphers that are built-in to OpenSSL and have 549an associated NID. Similarly EVP_get_cipherbynid() and EVP_get_cipherbyobj() 550also return objects without an associated implementation. 551 552When the cipher objects returned by these functions are used (such as in a call 553to EVP_EncryptInit_ex()) an implementation of the cipher will be implicitly 554fetched from the loaded providers. This fetch could fail if no suitable 555implementation is available. Use EVP_CIPHER_fetch() instead to explicitly fetch 556the algorithm and an associated implementation from a provider. 557 558See L<crypto(7)/ALGORITHM FETCHING> for more information about fetching. 559 560The cipher objects returned from these functions do not need to be freed with 561EVP_CIPHER_free(). 562 563=item EVP_CIPHER_get_nid() and EVP_CIPHER_CTX_get_nid() 564 565Return the NID of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX> 566structure. The actual NID value is an internal value which may not have a 567corresponding OBJECT IDENTIFIER. NID_undef is returned in the event that the 568nid is unknown or if the cipher has not been properly initialized via a call to 569B<EVP_CipherInit>. 570 571=item EVP_CIPHER_CTX_set_flags(), EVP_CIPHER_CTX_clear_flags() and EVP_CIPHER_CTX_test_flags() 572 573Sets, clears and tests I<ctx> flags. See L</FLAGS> below for more information. 574 575For provided ciphers EVP_CIPHER_CTX_set_flags() should be called only after the 576fetched cipher has been assigned to the I<ctx>. It is recommended to use 577L</PARAMETERS> instead. 578 579=item EVP_CIPHER_CTX_set_padding() 580 581Enables or disables padding. This function should be called after the context 582is set up for encryption or decryption with EVP_EncryptInit_ex2(), 583EVP_DecryptInit_ex2(), EVP_CipherInit_ex2(), or EVP_CipherInit_SKEY(). By 584default encryption operations are padded using standard block padding and the 585padding is checked and removed when decrypting. If the I<pad> parameter is zero 586then no padding is performed, the total amount of data encrypted or decrypted 587must then be a multiple of the block size or an error will occur. I<x> B<MUST 588NOT> be NULL. 589 590=item EVP_CIPHER_get_key_length() and EVP_CIPHER_CTX_get_key_length() 591 592Return the key length of a cipher when passed an B<EVP_CIPHER> or 593B<EVP_CIPHER_CTX> structure. The constant B<EVP_MAX_KEY_LENGTH> is the maximum 594key length for all ciphers. Note: although EVP_CIPHER_get_key_length() is fixed for 595a given cipher, the value of EVP_CIPHER_CTX_get_key_length() may be different for 596variable key length ciphers. 597 598=item EVP_CIPHER_CTX_set_key_length() 599 600Sets the key length of the cipher context. 601If the cipher is a fixed length cipher then attempting to set the key 602length to any value other than the fixed value is an error. 603 604=item EVP_CIPHER_get_iv_length() and EVP_CIPHER_CTX_get_iv_length() 605 606Return the IV length of a cipher when passed an B<EVP_CIPHER> or 607B<EVP_CIPHER_CTX>. It will return zero if the cipher does not use an IV, if 608the cipher has not yet been initialized within the B<EVP_CIPHER_CTX>, or if the 609passed cipher is NULL. The constant B<EVP_MAX_IV_LENGTH> is the maximum IV 610length for all ciphers. 611 612=item EVP_CIPHER_CTX_get_tag_length() 613 614Returns the tag length of an AEAD cipher when passed a B<EVP_CIPHER_CTX>. It will 615return zero if the cipher does not support a tag. It returns a default value if 616the tag length has not been set. 617 618=item EVP_CIPHER_get_block_size() and EVP_CIPHER_CTX_get_block_size() 619 620Return the block size of a cipher when passed an B<EVP_CIPHER> or 621B<EVP_CIPHER_CTX> structure. The constant B<EVP_MAX_BLOCK_LENGTH> is also the 622maximum block length for all ciphers. 623A value of 0 is returned if, with B<EVP_CIPHER_get_block_size()>, the cipher 624I<e> is NULL, or, with B<EVP_CIPHER_CTX_get_block_size()>, the context 625I<ctx> is NULL or has not been properly initialized with a call to 626B<EVP_CipherInit>. 627 628=item EVP_CIPHER_get_type() and EVP_CIPHER_CTX_get_type() 629 630Return the type of the passed cipher or context. This "type" is the actual NID 631of the cipher OBJECT IDENTIFIER and as such it ignores the cipher parameters 632(40 bit RC2 and 128 bit RC2 have the same NID). If the cipher does not have an 633object identifier or does not have ASN1 support this function will return 634B<NID_undef>. 635 636=item EVP_CIPHER_is_a() 637 638Returns 1 if I<cipher> is an implementation of an algorithm that's identifiable 639with I<name>, otherwise 0. If I<cipher> is a legacy cipher (it's the return 640value from the likes of EVP_aes128() rather than the result of an 641EVP_CIPHER_fetch()), only cipher names registered with the default library 642context (see L<OSSL_LIB_CTX(3)>) will be considered. 643 644=item EVP_CIPHER_get0_name() and EVP_CIPHER_CTX_get0_name() 645 646Return the name of the passed cipher or context. For fetched ciphers with 647multiple names, only one of them is returned. See also EVP_CIPHER_names_do_all(). 648I<cipher> B<MUST NOT> be NULL. 649 650=item EVP_CIPHER_names_do_all() 651 652Traverses all names for the I<cipher>, and calls I<fn> with each name and 653I<data>. This is only useful with fetched B<EVP_CIPHER>s. 654 655=item EVP_CIPHER_get0_description() 656 657Returns a description of the cipher, meant for display and human consumption. 658The description is at the discretion of the cipher implementation. 659 660=item EVP_CIPHER_get0_provider() 661 662Returns an B<OSSL_PROVIDER> pointer to the provider that implements the given 663B<EVP_CIPHER>. 664 665=item EVP_CIPHER_CTX_get0_cipher() 666 667Returns the B<EVP_CIPHER> structure when passed an B<EVP_CIPHER_CTX> structure. 668EVP_CIPHER_CTX_get1_cipher() is the same except the ownership is passed to 669the caller. Both functions return NULL on error. 670 671=item EVP_CIPHER_get_mode() and EVP_CIPHER_CTX_get_mode() 672 673Return the block cipher mode: 674EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, 675EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, 676EVP_CIPH_WRAP_MODE, EVP_CIPH_OCB_MODE or EVP_CIPH_SIV_MODE. 677If the cipher is a stream cipher then EVP_CIPH_STREAM_CIPHER is returned. 678 679=item EVP_CIPHER_get_flags() 680 681Returns any flags associated with the cipher. See L</FLAGS> 682for a list of currently defined flags. 683 684=item EVP_CIPHER_CTX_get_num() and EVP_CIPHER_CTX_set_num() 685 686Gets or sets the cipher specific "num" parameter for the associated I<ctx>. 687Built-in ciphers typically use this to track how much of the current underlying block 688has been "used" already. 689 690=item EVP_CIPHER_CTX_is_encrypting() 691 692Reports whether the I<ctx> is being used for encryption or decryption. 693 694=item EVP_CIPHER_CTX_flags() 695 696A deprecated macro calling C<EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx))>. 697Do not use. 698 699=item EVP_CIPHER_param_to_asn1() 700 701Sets the AlgorithmIdentifier "parameter" based on the passed cipher. This will 702typically include any parameters and an IV. The cipher IV (if any) must be set 703when this call is made. This call should be made before the cipher is actually 704"used" (before any EVP_EncryptUpdate(), EVP_DecryptUpdate() calls for example). 705This function may fail if the cipher does not have any ASN1 support, or if an 706uninitialized cipher is passed to it. 707 708=item EVP_CIPHER_asn1_to_param() 709 710Sets the cipher parameters based on an ASN1 AlgorithmIdentifier "parameter". 711The precise effect depends on the cipher. In the case of B<RC2>, for example, 712it will set the IV and effective key length. 713This function should be called after the base cipher type is set but before 714the key is set. For example EVP_CipherInit() will be called with the IV and 715key set to NULL, EVP_CIPHER_asn1_to_param() will be called and finally 716EVP_CipherInit() again with all parameters except the key set to NULL. It is 717possible for this function to fail if the cipher does not have any ASN1 support 718or the parameters cannot be set (for example the RC2 effective key length 719is not supported. 720 721=item EVP_CIPHER_CTX_rand_key() 722 723Generates a random key of the appropriate length based on the cipher context. 724The B<EVP_CIPHER> can provide its own random key generation routine to support 725keys of a specific form. I<key> must point to a buffer at least as big as the 726value returned by EVP_CIPHER_CTX_get_key_length(). 727 728=item EVP_CIPHER_do_all_provided() 729 730Traverses all ciphers implemented by all activated providers in the given 731library context I<libctx>, and for each of the implementations, calls the given 732function I<fn> with the implementation method and the given I<arg> as argument. 733 734=back 735 736=head1 PARAMETERS 737 738See L<OSSL_PARAM(3)> for information about passing parameters. 739 740=head2 Gettable EVP_CIPHER parameters 741 742When EVP_CIPHER_fetch() is called it internally calls EVP_CIPHER_get_params() 743and caches the results. 744 745EVP_CIPHER_get_params() can be used with the following L<OSSL_PARAM(3)> keys: 746 747=over 4 748 749=item "mode" (B<OSSL_CIPHER_PARAM_MODE>) <unsigned integer> 750 751Gets the mode for the associated cipher algorithm I<cipher>. 752See L</EVP_CIPHER_get_mode() and EVP_CIPHER_CTX_get_mode()> for a list of valid modes. 753Use EVP_CIPHER_get_mode() to retrieve the cached value. 754 755=item "keylen" (B<OSSL_CIPHER_PARAM_KEYLEN>) <unsigned integer> 756 757Gets the key length for the associated cipher algorithm I<cipher>. 758Use EVP_CIPHER_get_key_length() to retrieve the cached value. 759 760=item "ivlen" (B<OSSL_CIPHER_PARAM_IVLEN>) <unsigned integer> 761 762Gets the IV length for the associated cipher algorithm I<cipher>. 763Use EVP_CIPHER_get_iv_length() to retrieve the cached value. 764 765=item "blocksize" (B<OSSL_CIPHER_PARAM_BLOCK_SIZE>) <unsigned integer> 766 767Gets the block size for the associated cipher algorithm I<cipher>. 768The block size should be 1 for stream ciphers. 769Note that the block size for a cipher may be different to the block size for 770the underlying encryption/decryption primitive. 771For example AES in CTR mode has a block size of 1 (because it operates like a 772stream cipher), even though AES has a block size of 16. 773Use EVP_CIPHER_get_block_size() to retrieve the cached value. 774 775=item "aead" (B<OSSL_CIPHER_PARAM_AEAD>) <integer> 776 777Gets 1 if this is an AEAD cipher algorithm, otherwise it gets 0. 778Use (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) to retrieve the 779cached value. 780 781=item "custom-iv" (B<OSSL_CIPHER_PARAM_CUSTOM_IV>) <integer> 782 783Gets 1 if the cipher algorithm I<cipher> has a custom IV, otherwise it gets 0. 784Storing and initializing the IV is left entirely to the implementation, if a 785custom IV is used. 786Use (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_CUSTOM_IV) to retrieve the 787cached value. 788 789=item "cts" (B<OSSL_CIPHER_PARAM_CTS>) <integer> 790 791Gets 1 if the cipher algorithm I<cipher> uses ciphertext stealing, 792otherwise it gets 0. 793This is currently used to indicate that the cipher is a one shot that only 794allows a single call to EVP_CipherUpdate(). 795Use (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_CTS) to retrieve the 796cached value. 797 798=item "tls-multi" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK>) <integer> 799 800Gets 1 if the cipher algorithm I<cipher> supports interleaving of crypto blocks, 801otherwise it gets 0. The interleaving is an optimization only applicable to certain 802TLS ciphers. 803Use (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) to retrieve the 804cached value. 805 806=item "has-randkey" (B<OSSL_CIPHER_PARAM_HAS_RANDKEY>) <integer> 807 808Gets 1 if the cipher algorithm I<cipher> supports the gettable EVP_CIPHER_CTX 809parameter B<OSSL_CIPHER_PARAM_RANDOM_KEY>. Only DES and 3DES set this to 1, 810all other OpenSSL ciphers return 0. 811 812=item "decrypt-only" (B<OSSL_CIPHER_PARAM_DECRYPT_ONLY) <integer> 813 814Gets 1 if the cipher algorithm I<cipher> implementation supports only 815the decryption operation such as the 3DES ciphers in the fips provider. 816Otherwise gets 0 or the parameter might not be present at all. 817 818=back 819 820=head2 Gettable and Settable EVP_CIPHER_CTX parameters 821 822The following L<OSSL_PARAM(3)> keys can be used with both EVP_CIPHER_CTX_get_params() 823and EVP_CIPHER_CTX_set_params(). 824 825=over 4 826 827=item "padding" (B<OSSL_CIPHER_PARAM_PADDING>) <unsigned integer> 828 829Gets or sets the padding mode for the cipher context I<ctx>. 830Padding is enabled if the value is 1, and disabled if the value is 0. 831See also EVP_CIPHER_CTX_set_padding(). 832 833=item "num" (B<OSSL_CIPHER_PARAM_NUM>) <unsigned integer> 834 835Gets or sets the cipher specific "num" parameter for the cipher context I<ctx>. 836Built-in ciphers typically use this to track how much of the current underlying 837block has been "used" already. 838See also EVP_CIPHER_CTX_get_num() and EVP_CIPHER_CTX_set_num(). 839 840=item "keylen" (B<OSSL_CIPHER_PARAM_KEYLEN>) <unsigned integer> 841 842Gets or sets the key length for the cipher context I<ctx>. 843The length of the "keylen" parameter should not exceed that of a B<size_t>. 844See also EVP_CIPHER_CTX_get_key_length() and EVP_CIPHER_CTX_set_key_length(). 845 846=item "tag" (B<OSSL_CIPHER_PARAM_AEAD_TAG>) <octet string> 847 848Gets or sets the AEAD tag for the associated cipher context I<ctx>. 849See L<EVP_EncryptInit(3)/AEAD INTERFACE>. 850 851=item "pipeline-tag" (B<OSSL_CIPHER_PARAM_PIPELINE_AEAD_TAG>) <octet ptr> 852 853Gets or sets the AEAD tag when using cipher pipelining. The pointer must 854point to an array of buffers, where the aead tag will be read from or written to. 855The array size must be equal to I<numpipes> used in 856EVP_CipherPipelineEncryptInit() or EVP_CipherPipelineDecryptInit(). 857 858=item "keybits" (B<OSSL_CIPHER_PARAM_RC2_KEYBITS>) <unsigned integer> 859 860Gets or sets the effective keybits used for a RC2 cipher. 861The length of the "keybits" parameter should not exceed that of a B<size_t>. 862 863=item "rounds" (B<OSSL_CIPHER_PARAM_ROUNDS>) <unsigned integer> 864 865Gets or sets the number of rounds to be used for a cipher. 866This is used by the RC5 cipher. 867 868=item "algorithm-id" (B<OSSL_CIPHER_PARAM_ALGORITHM_ID>) <octet string> 869 870Used to get the DER encoded AlgorithmIdentifier from the cipher 871implementation. Functions like L<EVP_PKEY_CTX_get_algor(3)> use this 872parameter. 873 874=item "algorithm-id-params" (B<OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS>) <octet string> 875 876Used to pass the DER encoded AlgorithmIdentifier parameter to or from 877the cipher implementation. 878Functions like L<EVP_CIPHER_CTX_set_algor_params(3)> and 879L<EVP_CIPHER_CTX_get_algor_params(3)> use this parameter. 880 881=item "alg_id_params" (B<OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS_OLD>) <octet string> 882 883An deprecated alias for "algorithm-id-params", only used by 884L<EVP_CIPHER_param_to_asn1(3)> and L<EVP_CIPHER_asn1_to_param(3)>. 885 886=item "cts_mode" (B<OSSL_CIPHER_PARAM_CTS_MODE>) <UTF8 string> 887 888Gets or sets the cipher text stealing mode. For all modes the output size is the 889same as the input size. The input length must be greater than or equal to the 890block size. (The block size for AES and CAMELLIA is 16 bytes). 891 892Valid values for the mode are: 893 894=over 4 895 896=item "CS1" 897 898The NIST variant of cipher text stealing. 899For input lengths that are multiples of the block size it is equivalent to 900using a "AES-XXX-CBC" or "CAMELLIA-XXX-CBC" cipher otherwise the second last 901cipher text block is a partial block. 902 903=item "CS2" 904 905For input lengths that are multiples of the block size it is equivalent to 906using a "AES-XXX-CBC" or "CAMELLIA-XXX-CBC" cipher, otherwise it is the same as 907"CS3" mode. 908 909=item "CS3" 910 911The Kerberos5 variant of cipher text stealing which always swaps the last 912cipher text block with the previous block (which may be a partial or full block 913depending on the input length). If the input length is exactly one full block 914then this is equivalent to using a "AES-XXX-CBC" or "CAMELLIA-XXX-CBC" cipher. 915 916=back 917 918The default is "CS1". 919This is only supported for "AES-128-CBC-CTS", "AES-192-CBC-CTS", "AES-256-CBC-CTS", 920"CAMELLIA-128-CBC-CTS", "CAMELLIA-192-CBC-CTS" and "CAMELLIA-256-CBC-CTS". 921 922=item "tls1multi_interleave" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE>) <unsigned integer> 923 924Sets or gets the number of records being sent in one go for a tls1 multiblock 925cipher operation (either 4 or 8 records). 926 927=back 928 929=head2 Gettable EVP_CIPHER_CTX parameters 930 931The following L<OSSL_PARAM(3)> keys can be used with EVP_CIPHER_CTX_get_params(): 932 933=over 4 934 935=item "ivlen" (B<OSSL_CIPHER_PARAM_IVLEN> and <B<OSSL_CIPHER_PARAM_AEAD_IVLEN>) <unsigned integer> 936 937Gets the IV length for the cipher context I<ctx>. 938The length of the "ivlen" parameter should not exceed that of a B<size_t>. 939See also EVP_CIPHER_CTX_get_iv_length(). 940 941=item "iv" (B<OSSL_CIPHER_PARAM_IV>) <octet string OR octet ptr> 942 943Gets the IV used to initialize the associated cipher context I<ctx>. 944See also EVP_CIPHER_CTX_get_original_iv(). 945 946=item "updated-iv" (B<OSSL_CIPHER_PARAM_UPDATED_IV>) <octet string OR octet ptr> 947 948Gets the updated pseudo-IV state for the associated cipher context, e.g., 949the previous ciphertext block for CBC mode or the iteratively encrypted IV 950value for OFB mode. Note that octet pointer access is deprecated and is 951provided only for backwards compatibility with historical libcrypto APIs. 952See also EVP_CIPHER_CTX_get_updated_iv(). 953 954=item "randkey" (B<OSSL_CIPHER_PARAM_RANDOM_KEY>) <octet string> 955 956Gets an implementation specific randomly generated key for the associated 957cipher context I<ctx>. This is currently only supported by DES and 3DES (which set 958the key to odd parity). 959 960=item "taglen" (B<OSSL_CIPHER_PARAM_AEAD_TAGLEN>) <unsigned integer> 961 962Gets the tag length to be used for an AEAD cipher for the associated cipher 963context I<ctx>. It gets a default value if it has not been set. 964The length of the "taglen" parameter should not exceed that of a B<size_t>. 965See also EVP_CIPHER_CTX_get_tag_length(). 966 967=item "tlsaadpad" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD>) <unsigned integer> 968 969Gets the length of the tag that will be added to a TLS record for the AEAD 970tag for the associated cipher context I<ctx>. 971The length of the "tlsaadpad" parameter should not exceed that of a B<size_t>. 972 973=item "tlsivgen" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN>) <octet string> 974 975Gets the invocation field generated for encryption. 976Can only be called after "tlsivfixed" is set. 977This is only used for GCM mode. 978 979=item "tls1multi_enclen" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN>) <unsigned integer> 980 981Get the total length of the record returned from the "tls1multi_enc" operation. 982 983=item "tls1multi_maxbufsz" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE>) <unsigned integer> 984 985Gets the maximum record length for a TLS1 multiblock cipher operation. 986The length of the "tls1multi_maxbufsz" parameter should not exceed that of a B<size_t>. 987 988=item "tls1multi_aadpacklen" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN>) <unsigned integer> 989 990Gets the result of running the "tls1multi_aad" operation. 991 992=item "tls-mac" (B<OSSL_CIPHER_PARAM_TLS_MAC>) <octet ptr> 993 994Used to pass the TLS MAC data. 995 996=item "fips-indicator" (B<OSSL_CIPHER_PARAM_FIPS_APPROVED_INDICATOR>) <integer> 997 998This option is used by the OpenSSL FIPS provider. 999 1000A getter that returns 1 if the operation is FIPS approved, or 0 otherwise. 1001This may be used after calling a cipher final operation such as 1002EVP_EncryptFinal_ex(). It may return 0 if the "encrypt-check" option is set to 0. 1003 1004=item "iv-generated" (B<OSSL_CIPHER_PARAM_AEAD_IV_GENERATED>) <unsigned integer> 1005 1006An indicator that returns 1 if an IV was generated internally during encryption, 1007or O otherwise. 1008This may be used by GCM ciphers after calling a cipher final operation such 1009as EVP_EncryptFinal_ex(). 1010GCM should generate an IV internally if the IV is not specified during a 1011cipher initialisation call such as EVP_CipherInit_ex(). 1012See FIPS 140-3 IG C.H for information related to IV requirements. 1013 1014=back 1015 1016=head2 Settable EVP_CIPHER_CTX parameters 1017 1018The following L<OSSL_PARAM(3)> keys can be used with EVP_CIPHER_CTX_set_params(): 1019 1020=over 4 1021 1022=item "mackey" (B<OSSL_CIPHER_PARAM_AEAD_MAC_KEY>) <octet string> 1023 1024Sets the MAC key used by composite AEAD ciphers such as AES-CBC-HMAC-SHA256. 1025 1026=item "speed" (B<OSSL_CIPHER_PARAM_SPEED>) <unsigned integer> 1027 1028Sets the speed option for the associated cipher context. This is only supported 1029by AES SIV ciphers which disallow multiple operations by default. 1030Setting "speed" to 1 allows another encrypt or decrypt operation to be 1031performed. This is used for performance testing. 1032 1033=item "use-bits" (B<OSSL_CIPHER_PARAM_USE_BITS>) <unsigned integer> 1034 1035Determines if the input length I<inl> passed to EVP_EncryptUpdate(), 1036EVP_DecryptUpdate() and EVP_CipherUpdate() is the number of bits or number of bytes. 1037Setting "use-bits" to 1 uses bits. The default is in bytes. 1038This is only used for B<CFB1> ciphers. 1039 1040This can be set using EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS). 1041 1042=item "tls-version" (B<OSSL_CIPHER_PARAM_TLS_VERSION>) <integer> 1043 1044Sets the TLS version. 1045 1046=item "tls-mac-size" (B<OSSL_CIPHER_PARAM_TLS_MAC_SIZE>) <unsigned integer> 1047 1048Set the TLS MAC size. 1049 1050=item "tlsaad" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD>) <octet string> 1051 1052Sets TLSv1.2 AAD information for the associated cipher context I<ctx>. 1053TLSv1.2 AAD information is always 13 bytes in length and is as defined for the 1054"additional_data" field described in section 6.2.3.3 of RFC5246. 1055 1056=item "tlsivfixed" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED>) <octet string> 1057 1058Sets the fixed portion of an IV for an AEAD cipher used in a TLS record 1059encryption/ decryption for the associated cipher context. 1060TLS record encryption/decryption always occurs "in place" so that the input and 1061output buffers are always the same memory location. 1062AEAD IVs in TLSv1.2 consist of an implicit "fixed" part and an explicit part 1063that varies with every record. 1064Setting a TLS fixed IV changes a cipher to encrypt/decrypt TLS records. 1065TLS records are encrypted/decrypted using a single OSSL_FUNC_cipher_cipher call per 1066record. 1067For a record decryption the first bytes of the input buffer will be the explicit 1068part of the IV and the final bytes of the input buffer will be the AEAD tag. 1069The length of the explicit part of the IV and the tag length will depend on the 1070cipher in use and will be defined in the RFC for the relevant ciphersuite. 1071In order to allow for "in place" decryption the plaintext output should be 1072written to the same location in the output buffer that the ciphertext payload 1073was read from, i.e. immediately after the explicit IV. 1074 1075When encrypting a record the first bytes of the input buffer should be empty to 1076allow space for the explicit IV, as will the final bytes where the tag will 1077be written. 1078The length of the input buffer will include the length of the explicit IV, the 1079payload, and the tag bytes. 1080The cipher implementation should generate the explicit IV and write it to the 1081beginning of the output buffer, do "in place" encryption of the payload and 1082write that to the output buffer, and finally add the tag onto the end of the 1083output buffer. 1084 1085Whether encrypting or decrypting the value written to I<*outl> in the 1086OSSL_FUNC_cipher_cipher call should be the length of the payload excluding the explicit 1087IV length and the tag length. 1088 1089=item "tlsivinv" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV>) <octet string> 1090 1091Sets the invocation field used for decryption. 1092Can only be called after "tlsivfixed" is set. 1093This is only used for GCM mode. 1094 1095=item "tls1multi_enc" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC>) <octet string> 1096 1097Triggers a multiblock TLS1 encrypt operation for a TLS1 aware cipher that 1098supports sending 4 or 8 records in one go. 1099The cipher performs both the MAC and encrypt stages and constructs the record 1100headers itself. 1101"tls1multi_enc" supplies the output buffer for the encrypt operation, 1102"tls1multi_encin" & "tls1multi_interleave" must also be set in order to supply 1103values to the encrypt operation. 1104 1105=item "tls1multi_encin" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN>) <octet string> 1106 1107Supplies the data to encrypt for a TLS1 multiblock cipher operation. 1108 1109=item "tls1multi_maxsndfrag" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT>) <unsigned integer> 1110 1111Sets the maximum send fragment size for a TLS1 multiblock cipher operation. 1112It must be set before using "tls1multi_maxbufsz". 1113The length of the "tls1multi_maxsndfrag" parameter should not exceed that of a B<size_t>. 1114 1115=item "tls1multi_aad" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD>) <octet string> 1116 1117Sets the authenticated additional data used by a TLS1 multiblock cipher operation. 1118The supplied data consists of 13 bytes of record data containing: 1119Bytes 0-7: The sequence number of the first record 1120Byte 8: The record type 1121Byte 9-10: The protocol version 1122Byte 11-12: Input length (Always 0) 1123 1124"tls1multi_interleave" must also be set for this operation. 1125 1126=item "xts_standard" (B<OSSL_CIPHER_PARAM_XTS_STANDARD>) <UTF8 string> 1127 1128Sets the XTS standard to use with SM4-XTS algorithm. XTS mode has two 1129implementations, one is standardized in IEEE Std. 1619-2007 and has 1130been widely used (e.g., XTS AES), the other is proposed recently 1131(GB/T 17964-2021 implemented in May 2022) and is currently only used 1132in SM4. 1133 1134The main difference between them is the multiplication by the 1135primitive element E<alpha> to calculate the tweak values. The IEEE 1136Std 1619-2007 noted that the multiplication "is a left shift of each 1137byte by one bit with carry propagating from one byte to the next 1138one", which means that in each byte, the leftmost bit is the most 1139significant bit. But in GB/T 17964-2021, the rightmost bit is the 1140most significant bit, thus the multiplication becomes a right shift 1141of each byte by one bit with carry propagating from one byte to the 1142next one. 1143 1144Valid values for the mode are: 1145 1146=over 4 1147 1148=item "GB" 1149 1150The GB/T 17964-2021 variant of SM4-XTS algorithm. 1151 1152=item "IEEE" 1153 1154The IEEE Std. 1619-2007 variant of SM4-XTS algorithm. 1155 1156=back 1157 1158The default value is "GB". 1159 1160=item "encrypt-check" (B<OSSL_CIPHER_PARAM_FIPS_ENCRYPT_CHECK>) <integer> 1161 1162This option is used by the OpenSSL FIPS provider. 1163 1164If required this parameter should be set early via an cipher encrypt init 1165function such as EVP_EncryptInit_ex2(). 1166The default value of 1 causes an error when an encryption operation is triggered. 1167Setting this to 0 will ignore the error and set the approved "fips-indicator" to 11680. 1169This option breaks FIPS compliance if it causes the approved "fips-indicator" 1170to return 0. 1171 1172=back 1173 1174=head1 CONTROLS 1175 1176The Mappings from EVP_CIPHER_CTX_ctrl() identifiers to PARAMETERS are listed 1177in the following section. See the L</PARAMETERS> section for more details. 1178 1179EVP_CIPHER_CTX_ctrl() can be used to send the following standard controls: 1180 1181=over 4 1182 1183=item EVP_CTRL_AEAD_SET_IVLEN and EVP_CTRL_GET_IVLEN 1184 1185When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() and 1186EVP_CIPHER_CTX_get_params() get called with an L<OSSL_PARAM(3)> item with the 1187key "ivlen" (B<OSSL_CIPHER_PARAM_IVLEN>). 1188 1189=item EVP_CTRL_AEAD_SET_IV_FIXED 1190 1191When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called 1192with an L<OSSL_PARAM(3)> item with the key "tlsivfixed" 1193(B<OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED>). 1194 1195=item EVP_CTRL_AEAD_SET_MAC_KEY 1196 1197When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called 1198with an L<OSSL_PARAM(3)> item with the key "mackey" 1199(B<OSSL_CIPHER_PARAM_AEAD_MAC_KEY>). 1200 1201=item EVP_CTRL_AEAD_SET_TAG and EVP_CTRL_AEAD_GET_TAG 1202 1203When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() and 1204EVP_CIPHER_CTX_get_params() get called with an L<OSSL_PARAM(3)> item with the 1205key "tag" (B<OSSL_CIPHER_PARAM_AEAD_TAG>). 1206 1207=item EVP_CTRL_CCM_SET_L 1208 1209When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called 1210with an L<OSSL_PARAM(3)> item with the key "ivlen" (B<OSSL_CIPHER_PARAM_IVLEN>) 1211with a value of (15 - L) 1212 1213=item EVP_CTRL_COPY 1214 1215There is no OSSL_PARAM mapping for this. Use EVP_CIPHER_CTX_copy() instead. 1216 1217=item EVP_CTRL_GCM_SET_IV_INV 1218 1219When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called 1220with an L<OSSL_PARAM(3)> item with the key "tlsivinv" 1221(B<OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV>). 1222 1223=item EVP_CTRL_RAND_KEY 1224 1225When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called 1226with an L<OSSL_PARAM(3)> item with the key "randkey" 1227(B<OSSL_CIPHER_PARAM_RANDOM_KEY>). 1228 1229=item EVP_CTRL_SET_KEY_LENGTH 1230 1231When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called 1232with an L<OSSL_PARAM(3)> item with the key "keylen" (B<OSSL_CIPHER_PARAM_KEYLEN>). 1233 1234=item EVP_CTRL_SET_RC2_KEY_BITS and EVP_CTRL_GET_RC2_KEY_BITS 1235 1236When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() and 1237EVP_CIPHER_CTX_get_params() get called with an L<OSSL_PARAM(3)> item with the 1238key "keybits" (B<OSSL_CIPHER_PARAM_RC2_KEYBITS>). 1239 1240=item EVP_CTRL_SET_RC5_ROUNDS and EVP_CTRL_GET_RC5_ROUNDS 1241 1242When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() and 1243EVP_CIPHER_CTX_get_params() get called with an L<OSSL_PARAM(3)> item with the 1244key "rounds" (B<OSSL_CIPHER_PARAM_ROUNDS>). 1245 1246=item EVP_CTRL_SET_SPEED 1247 1248When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called 1249with an L<OSSL_PARAM(3)> item with the key "speed" (B<OSSL_CIPHER_PARAM_SPEED>). 1250 1251=item EVP_CTRL_GCM_IV_GEN 1252 1253When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_get_params() gets called 1254with an L<OSSL_PARAM(3)> item with the key 1255"tlsivgen" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN>). 1256 1257=item EVP_CTRL_AEAD_TLS1_AAD 1258 1259When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() get called 1260with an L<OSSL_PARAM(3)> item with the key 1261"tlsaad" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD>) 1262followed by EVP_CIPHER_CTX_get_params() with a key of 1263"tlsaadpad" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD>). 1264 1265=item EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE 1266 1267When used with a fetched B<EVP_CIPHER>, 1268EVP_CIPHER_CTX_set_params() gets called with an L<OSSL_PARAM(3)> item with the 1269key OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT 1270followed by EVP_CIPHER_CTX_get_params() with a key of 1271"tls1multi_maxbufsz" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE>). 1272 1273=item EVP_CTRL_TLS1_1_MULTIBLOCK_AAD 1274 1275When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called 1276with L<OSSL_PARAM(3)> items with the keys 1277"tls1multi_aad" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD>) and 1278"tls1multi_interleave" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE>) 1279followed by EVP_CIPHER_CTX_get_params() with keys of 1280"tls1multi_aadpacklen" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN>) and 1281"tls1multi_interleave" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE>). 1282 1283=item EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT 1284 1285When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called 1286with L<OSSL_PARAM(3)> items with the keys 1287"tls1multi_enc" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC>), 1288"tls1multi_encin" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN>) and 1289"tls1multi_interleave" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE>), 1290followed by EVP_CIPHER_CTX_get_params() with a key of 1291"tls1multi_enclen" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN>). 1292 1293=back 1294 1295=head1 FLAGS 1296 1297EVP_CIPHER_CTX_set_flags(), EVP_CIPHER_CTX_clear_flags() and EVP_CIPHER_CTX_test_flags(). 1298can be used to manipulate and test these B<EVP_CIPHER_CTX> flags: 1299 1300=over 4 1301 1302=item EVP_CIPH_NO_PADDING 1303 1304Used by EVP_CIPHER_CTX_set_padding(). 1305 1306See also L</Gettable and Settable EVP_CIPHER_CTX parameters> "padding" 1307 1308=item EVP_CIPH_FLAG_LENGTH_BITS 1309 1310See L</Settable EVP_CIPHER_CTX parameters> "use-bits". 1311 1312=item EVP_CIPHER_CTX_FLAG_WRAP_ALLOW 1313 1314Used for Legacy purposes only. This flag needed to be set to indicate the 1315cipher handled wrapping. 1316 1317=back 1318 1319EVP_CIPHER_flags() uses the following flags that 1320have mappings to L</Gettable EVP_CIPHER parameters>: 1321 1322=over 4 1323 1324=item EVP_CIPH_FLAG_AEAD_CIPHER 1325 1326See L</Gettable EVP_CIPHER parameters> "aead". 1327 1328=item EVP_CIPH_CUSTOM_IV 1329 1330See L</Gettable EVP_CIPHER parameters> "custom-iv". 1331 1332=item EVP_CIPH_FLAG_CTS 1333 1334See L</Gettable EVP_CIPHER parameters> "cts". 1335 1336=item EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK; 1337 1338See L</Gettable EVP_CIPHER parameters> "tls-multi". 1339 1340=item EVP_CIPH_RAND_KEY 1341 1342See L</Gettable EVP_CIPHER parameters> "has-randkey". 1343 1344=back 1345 1346EVP_CIPHER_flags() uses the following flags for legacy purposes only: 1347 1348=over 4 1349 1350=item EVP_CIPH_VARIABLE_LENGTH 1351 1352=item EVP_CIPH_FLAG_CUSTOM_CIPHER 1353 1354=item EVP_CIPH_ALWAYS_CALL_INIT 1355 1356=item EVP_CIPH_CTRL_INIT 1357 1358=item EVP_CIPH_CUSTOM_KEY_LENGTH 1359 1360=item EVP_CIPH_CUSTOM_COPY 1361 1362=item EVP_CIPH_FLAG_DEFAULT_ASN1 1363 1364See L<EVP_CIPHER_meth_set_flags(3)> for further information related to the above 1365flags. 1366 1367=back 1368 1369=head1 RETURN VALUES 1370 1371EVP_CIPHER_fetch() returns a pointer to a B<EVP_CIPHER> for success 1372and NULL for failure. 1373 1374EVP_CIPHER_up_ref() returns 1 for success or 0 otherwise. 1375 1376EVP_CIPHER_CTX_new() returns a pointer to a newly created 1377B<EVP_CIPHER_CTX> for success and NULL for failure. 1378 1379EVP_CIPHER_CTX_dup() returns a new EVP_CIPHER_CTX if successful or NULL on failure. 1380 1381EVP_CIPHER_CTX_copy() returns 1 if successful or 0 for failure. 1382 1383EVP_EncryptInit_ex2(), EVP_EncryptUpdate() and EVP_EncryptFinal_ex() 1384return 1 for success and 0 for failure. 1385 1386EVP_DecryptInit_ex2() and EVP_DecryptUpdate() return 1 for success and 0 for failure. 1387EVP_DecryptFinal_ex() returns 0 if the decrypt failed or 1 for success. 1388 1389EVP_CipherInit_ex2(), EVP_CipherInit_SKEY() and EVP_CipherUpdate() return 1 for 1390success and 0 for failure. 1391EVP_CipherFinal_ex() returns 0 for an encryption/decryption failure or 1 for 1392success. 1393 1394EVP_Cipher() returns 1 on success and <= 0 on failure, if the flag 1395B<EVP_CIPH_FLAG_CUSTOM_CIPHER> is not set for the cipher, or if the cipher has 1396not been initialized via a call to B<EVP_CipherInit_ex2>. 1397EVP_Cipher() returns the number of bytes written to I<out> for 1398encryption/decryption, or the number of bytes authenticated in a call specifying 1399AAD for an AEAD cipher, if the flag B<EVP_CIPH_FLAG_CUSTOM_CIPHER> is set for 1400the cipher. 1401 1402EVP_CIPHER_can_pipeline() returns 1 if the cipher can be used in a pipeline, 0 otherwise. 1403 1404EVP_CipherPipelineEncryptInit() and EVP_CipherPipelineDecryptInit() 1405return 1 for success and 0 for failure. 1406 1407EVP_CipherPipelineUpdate() and EVP_CipherPipelineFinal() 1408return 1 for success and 0 for failure. 1409 1410EVP_CIPHER_CTX_reset() returns 1 for success and 0 for failure. 1411 1412EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj() 1413return an B<EVP_CIPHER> structure or NULL on error. 1414 1415EVP_CIPHER_get_nid() and EVP_CIPHER_CTX_get_nid() return a NID. 1416 1417EVP_CIPHER_get_block_size() and EVP_CIPHER_CTX_get_block_size() return the 1418block size, or 0 on error. 1419 1420EVP_CIPHER_get_key_length() and EVP_CIPHER_CTX_get_key_length() return the key 1421length. 1422 1423EVP_CIPHER_CTX_set_padding() always returns 1. 1424 1425EVP_CIPHER_get_iv_length() and EVP_CIPHER_CTX_get_iv_length() return the IV 1426length, zero if the cipher does not use an IV and a negative value on error. 1427 1428EVP_CIPHER_CTX_get_tag_length() return the tag length or zero if the cipher 1429does not use a tag. 1430 1431EVP_CIPHER_get_type() and EVP_CIPHER_CTX_get_type() return the NID of the 1432cipher's OBJECT IDENTIFIER or NID_undef if it has no defined 1433OBJECT IDENTIFIER. 1434 1435EVP_CIPHER_CTX_cipher() returns an B<EVP_CIPHER> structure. 1436 1437EVP_CIPHER_CTX_get_num() returns a nonnegative num value or 1438B<EVP_CTRL_RET_UNSUPPORTED> if the implementation does not support the call 1439or on any other error. 1440 1441EVP_CIPHER_CTX_set_num() returns 1 on success and 0 if the implementation 1442does not support the call or on any other error. 1443 1444EVP_CIPHER_CTX_is_encrypting() returns 1 if the I<ctx> is set up for encryption 14450 otherwise. 1446 1447EVP_CIPHER_param_to_asn1() and EVP_CIPHER_asn1_to_param() return greater 1448than zero for success and zero or a negative number on failure. 1449 1450EVP_CIPHER_CTX_rand_key() returns 1 for success and zero or a negative number 1451for failure. 1452 1453EVP_CIPHER_names_do_all() returns 1 if the callback was called for all names. 1454A return value of 0 means that the callback was not called for any names. 1455 1456EVP_CIPHER_get_params(), EVP_CIPHER_CTX_get_params() and 1457EVP_CIPHER_CTX_set_params() return 1 for success and 0 for failure. 1458 1459=head1 CIPHER LISTING 1460 1461All algorithms have a fixed key length unless otherwise stated. 1462 1463Refer to L</SEE ALSO> for the full list of ciphers available through the EVP 1464interface. 1465 1466=over 4 1467 1468=item EVP_enc_null() 1469 1470Null cipher: does nothing. 1471 1472=back 1473 1474=head1 AEAD INTERFACE 1475 1476The EVP interface for Authenticated Encryption with Associated Data (AEAD) 1477modes are subtly altered and several additional I<ctrl> operations are supported 1478depending on the mode specified. 1479 1480To specify additional authenticated data (AAD), a call to EVP_CipherUpdate(), 1481EVP_EncryptUpdate() or EVP_DecryptUpdate() should be made with the output 1482parameter I<out> set to NULL. In this case, on success, the parameter 1483I<outl> is set to the number of AAD bytes processed in that call 1484(that is, the value of I<inl>), and does not include any plaintext 1485or ciphertext bytes processed by other calls. 1486 1487If no AAD is used, this call can be omitted. See the mode-specific notes 1488below for any exceptions. 1489 1490When decrypting, the return value of EVP_DecryptFinal() or EVP_CipherFinal() 1491indicates whether the operation was successful. If it does not indicate success, 1492the authentication operation has failed and any output data B<MUST NOT> be used 1493as it is corrupted. 1494 1495Please note that the number of authenticated bytes returned by 1496EVP_CipherUpdate() depends on the cipher used. Stream ciphers, such as ChaCha20 1497or ciphers in GCM mode, can handle 1 byte at a time, resulting in an effective 1498"block" size of 1. Conversely, ciphers in OCB mode must process data one block 1499at a time, and the block size is returned. 1500 1501Regardless of the returned size, it is safe to pass unpadded data to an 1502EVP_CipherUpdate() call in a single operation. 1503 1504=head2 GCM and OCB Modes 1505 1506The following I<ctrl>s are supported in GCM and OCB modes. 1507 1508=over 4 1509 1510=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL) 1511 1512Sets the IV length. This call can only be made before specifying an IV. If 1513not called a default IV length is used. 1514 1515For GCM AES and OCB AES the default is 12 (i.e. 96 bits). For OCB mode the 1516maximum is 15. 1517 1518=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag) 1519 1520Writes C<taglen> bytes of the tag value to the buffer indicated by C<tag>. 1521This call can only be made when encrypting data and B<after> all data has been 1522processed (e.g. after an EVP_EncryptFinal() call). 1523 1524For OCB, C<taglen> must either be 16 or the value previously set via 1525B<EVP_CTRL_AEAD_SET_TAG>. 1526 1527=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag) 1528 1529When decrypting, this call sets the expected tag to C<taglen> bytes from C<tag>. 1530C<taglen> must be between 1 and 16 inclusive. 1531The tag must be set prior to any call to EVP_DecryptFinal() or 1532EVP_DecryptFinal_ex(). 1533 1534For GCM, this call is only valid when decrypting data. 1535 1536For OCB, this call is valid when decrypting data to set the expected tag, 1537and when encrypting to set the desired tag length. 1538 1539In OCB mode, calling this with C<tag> set to C<NULL> sets the tag length. 1540The tag length can only be set before specifying an IV. If this is not called 1541prior to setting the IV, then a default tag length is used. 1542 1543For OCB AES, the default tag length is 16 (i.e. 128 bits). It is also the 1544maximum tag length for OCB. 1545 1546=back 1547 1548=head2 CCM Mode 1549 1550The EVP interface for CCM mode is similar to that of the GCM mode but with a 1551few additional requirements and different I<ctrl> values. 1552 1553For CCM mode, the total plaintext or ciphertext length B<MUST> be passed to 1554EVP_CipherUpdate(), EVP_EncryptUpdate() or EVP_DecryptUpdate() with the output 1555and input parameters (I<in> and I<out>) set to NULL and the length passed in 1556the I<inl> parameter. 1557 1558The following I<ctrl>s are supported in CCM mode. 1559 1560=over 4 1561 1562=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag) 1563 1564This call is made to set the expected B<CCM> tag value when decrypting or 1565the length of the tag (with the C<tag> parameter set to NULL) when encrypting. 1566The tag length is often referred to as B<M>. If not set a default value is 1567used (12 for AES). When decrypting, the tag needs to be set before passing 1568in data to be decrypted, but as in GCM and OCB mode, it can be set after 1569passing additional authenticated data (see L</AEAD INTERFACE>). 1570 1571=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_L, ivlen, NULL) 1572 1573Sets the CCM B<L> value. If not set a default is used (8 for AES). 1574 1575=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL) 1576 1577Sets the CCM nonce (IV) length. This call can only be made before specifying a 1578nonce value. The nonce length is given by B<15 - L> so it is 7 by default for 1579AES. 1580 1581=back 1582 1583=head2 SIV Mode 1584 1585Both the AES-SIV and AES-GCM-SIV ciphers fall under this mode. 1586 1587For SIV mode ciphers the behaviour of the EVP interface is subtly 1588altered and several additional ctrl operations are supported. 1589 1590To specify any additional authenticated data (AAD) and/or a Nonce, a call to 1591EVP_CipherUpdate(), EVP_EncryptUpdate() or EVP_DecryptUpdate() should be made 1592with the output parameter I<out> set to NULL. 1593 1594RFC5297 states that the Nonce is the last piece of AAD before the actual 1595encrypt/decrypt takes place. The API does not differentiate the Nonce from 1596other AAD. 1597 1598When decrypting the return value of EVP_DecryptFinal() or EVP_CipherFinal() 1599indicates if the operation was successful. If it does not indicate success 1600the authentication operation has failed and any output data B<MUST NOT> 1601be used as it is corrupted. 1602 1603The API does not store the SIV (Synthetic Initialization Vector) in 1604the cipher text. Instead, it is stored as the tag within the EVP_CIPHER_CTX. 1605The SIV must be retrieved from the context after encryption, and set into 1606the context before decryption. 1607 1608This differs from RFC5297 in that the cipher output from encryption, and 1609the cipher input to decryption, does not contain the SIV. This also means 1610that the plain text and cipher text lengths are identical. 1611 1612The following ctrls are supported in SIV mode, and are used to get and set 1613the Synthetic Initialization Vector: 1614 1615=over 4 1616 1617=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag); 1618 1619Writes I<taglen> bytes of the tag value (the Synthetic Initialization Vector) 1620to the buffer indicated by I<tag>. This call can only be made when encrypting 1621data and B<after> all data has been processed (e.g. after an EVP_EncryptFinal() 1622call). For SIV mode the taglen must be 16. 1623 1624=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag); 1625 1626Sets the expected tag (the Synthetic Initialization Vector) to I<taglen> 1627bytes from I<tag>. This call is only legal when decrypting data and must be 1628made B<before> any data is processed (e.g. before any EVP_DecryptUpdate() 1629calls). For SIV mode the taglen must be 16. 1630 1631=back 1632 1633SIV mode makes two passes over the input data, thus, only one call to 1634EVP_CipherUpdate(), EVP_EncryptUpdate() or EVP_DecryptUpdate() should be made 1635with I<out> set to a non-NULL value. A call to EVP_DecryptFinal() or 1636EVP_CipherFinal() is not required, but will indicate if the update 1637operation succeeded. 1638 1639=head2 ChaCha20-Poly1305 1640 1641The following I<ctrl>s are supported for the ChaCha20-Poly1305 AEAD algorithm. 1642 1643=over 4 1644 1645=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL) 1646 1647Sets the nonce length. This call is now redundant since the only valid value 1648is the default length of 12 (i.e. 96 bits). 1649Prior to OpenSSL 3.0 a nonce of less than 12 bytes could be used to automatically 1650pad the iv with leading 0 bytes to make it 12 bytes in length. 1651 1652=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag) 1653 1654Writes C<taglen> bytes of the tag value to the buffer indicated by C<tag>. 1655This call can only be made when encrypting data and B<after> all data has been 1656processed (e.g. after an EVP_EncryptFinal() call). 1657 1658C<taglen> specified here must be 16 (B<POLY1305_BLOCK_SIZE>, i.e. 128-bits) or 1659less. 1660 1661=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag) 1662 1663Sets the expected tag to C<taglen> bytes from C<tag>. 1664The tag length can only be set before specifying an IV. 1665C<taglen> must be between 1 and 16 (B<POLY1305_BLOCK_SIZE>) inclusive. 1666This call is only valid when decrypting data. 1667 1668=back 1669 1670=head1 NOTES 1671 1672Where possible the B<EVP> interface to symmetric ciphers should be used in 1673preference to the low-level interfaces. This is because the code then becomes 1674transparent to the cipher used and much more flexible. Additionally, the 1675B<EVP> interface will ensure the use of platform specific cryptographic 1676acceleration such as AES-NI (the low-level interfaces do not provide the 1677guarantee). 1678 1679PKCS padding works by adding B<n> padding bytes of value B<n> to make the total 1680length of the encrypted data a multiple of the block size. Padding is always 1681added so if the data is already a multiple of the block size B<n> will equal 1682the block size. For example if the block size is 8 and 11 bytes are to be 1683encrypted then 5 padding bytes of value 5 will be added. 1684 1685When decrypting the final block is checked to see if it has the correct form. 1686 1687Although the decryption operation can produce an error if padding is enabled, 1688it is not a strong test that the input data or key is correct. A random block 1689has better than 1 in 256 chance of being of the correct format and problems with 1690the input data earlier on will not produce a final decrypt error. 1691 1692If padding is disabled then the decryption operation will always succeed if 1693the total amount of data decrypted is a multiple of the block size. 1694 1695The functions EVP_EncryptInit(), EVP_EncryptInit_ex(), 1696EVP_EncryptFinal(), EVP_DecryptInit(), EVP_DecryptInit_ex(), 1697EVP_CipherInit(), EVP_CipherInit_ex() and EVP_CipherFinal() are obsolete 1698but are retained for compatibility with existing code. New code should 1699use EVP_EncryptInit_ex2(), EVP_EncryptFinal_ex(), EVP_DecryptInit_ex2(), 1700EVP_DecryptFinal_ex(), EVP_CipherInit_ex2() and EVP_CipherFinal_ex() 1701because they can reuse an existing context without allocating and freeing 1702it up on each call. 1703 1704There are some differences between functions EVP_CipherInit() and 1705EVP_CipherInit_ex(), significant in some circumstances. EVP_CipherInit() fills 1706the passed context object with zeros. As a consequence, EVP_CipherInit() does 1707not allow step-by-step initialization of the ctx when the I<key> and I<iv> are 1708passed in separate calls. It also means that the flags set for the CTX are 1709removed, and it is especially important for the 1710B<EVP_CIPHER_CTX_FLAG_WRAP_ALLOW> flag treated specially in 1711EVP_CipherInit_ex(). 1712 1713Ignoring failure returns of the B<EVP_CIPHER_CTX> initialization functions can 1714lead to subsequent undefined behavior when calling the functions that update or 1715finalize the context. The only valid calls on the B<EVP_CIPHER_CTX> when 1716initialization fails are calls that attempt another initialization of the 1717context or release the context. 1718 1719EVP_get_cipherbynid(), and EVP_get_cipherbyobj() are implemented as macros. 1720 1721=head1 BUGS 1722 1723B<EVP_MAX_KEY_LENGTH> and B<EVP_MAX_IV_LENGTH> only refer to the internal 1724ciphers with default key lengths. If custom ciphers exceed these values the 1725results are unpredictable. This is because it has become standard practice to 1726define a generic key as a fixed unsigned char array containing 1727B<EVP_MAX_KEY_LENGTH> bytes. 1728 1729The ASN1 code is incomplete (and sometimes inaccurate) it has only been tested 1730for certain common S/MIME ciphers (RC2, DES, triple DES) in CBC mode. 1731 1732=head1 EXAMPLES 1733 1734Encrypt a string using IDEA: 1735 1736 int do_crypt(char *outfile) 1737 { 1738 unsigned char outbuf[1024]; 1739 int outlen, tmplen; 1740 /* 1741 * Bogus key and IV: we'd normally set these from 1742 * another source. 1743 */ 1744 unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}; 1745 unsigned char iv[] = {1,2,3,4,5,6,7,8}; 1746 char intext[] = "Some Crypto Text"; 1747 EVP_CIPHER_CTX *ctx; 1748 FILE *out; 1749 1750 ctx = EVP_CIPHER_CTX_new(); 1751 if (!EVP_EncryptInit_ex2(ctx, EVP_idea_cbc(), key, iv, NULL)) { 1752 /* Error */ 1753 EVP_CIPHER_CTX_free(ctx); 1754 return 0; 1755 } 1756 1757 if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, intext, strlen(intext))) { 1758 /* Error */ 1759 EVP_CIPHER_CTX_free(ctx); 1760 return 0; 1761 } 1762 /* 1763 * Buffer passed to EVP_EncryptFinal() must be after data just 1764 * encrypted to avoid overwriting it. 1765 */ 1766 if (!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen)) { 1767 /* Error */ 1768 EVP_CIPHER_CTX_free(ctx); 1769 return 0; 1770 } 1771 outlen += tmplen; 1772 EVP_CIPHER_CTX_free(ctx); 1773 /* 1774 * Need binary mode for fopen because encrypted data is 1775 * binary data. Also cannot use strlen() on it because 1776 * it won't be NUL terminated and may contain embedded 1777 * NULs. 1778 */ 1779 out = fopen(outfile, "wb"); 1780 if (out == NULL) { 1781 /* Error */ 1782 return 0; 1783 } 1784 fwrite(outbuf, 1, outlen, out); 1785 fclose(out); 1786 return 1; 1787 } 1788 1789The ciphertext from the above example can be decrypted using the B<openssl> 1790utility with the command line (shown on two lines for clarity): 1791 1792 openssl idea -d \ 1793 -K 000102030405060708090A0B0C0D0E0F -iv 0102030405060708 <filename 1794 1795General encryption and decryption function example using FILE I/O and AES128 1796with a 128-bit key: 1797 1798 int do_crypt(FILE *in, FILE *out, int do_encrypt) 1799 { 1800 /* Allow enough space in output buffer for additional block */ 1801 unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH]; 1802 int inlen, outlen; 1803 EVP_CIPHER_CTX *ctx; 1804 /* 1805 * Bogus key and IV: we'd normally set these from 1806 * another source. 1807 */ 1808 unsigned char key[] = "0123456789abcdeF"; 1809 unsigned char iv[] = "1234567887654321"; 1810 1811 /* Don't set key or IV right away; we want to check lengths */ 1812 ctx = EVP_CIPHER_CTX_new(); 1813 if (!EVP_CipherInit_ex2(ctx, EVP_aes_128_cbc(), NULL, NULL, 1814 do_encrypt, NULL)) { 1815 /* Error */ 1816 EVP_CIPHER_CTX_free(ctx); 1817 return 0; 1818 } 1819 OPENSSL_assert(EVP_CIPHER_CTX_get_key_length(ctx) == 16); 1820 OPENSSL_assert(EVP_CIPHER_CTX_get_iv_length(ctx) == 16); 1821 1822 /* Now we can set key and IV */ 1823 if (!EVP_CipherInit_ex2(ctx, NULL, key, iv, do_encrypt, NULL)) { 1824 /* Error */ 1825 EVP_CIPHER_CTX_free(ctx); 1826 return 0; 1827 } 1828 1829 for (;;) { 1830 inlen = fread(inbuf, 1, 1024, in); 1831 if (inlen <= 0) 1832 break; 1833 if (!EVP_CipherUpdate(ctx, outbuf, &outlen, inbuf, inlen)) { 1834 /* Error */ 1835 EVP_CIPHER_CTX_free(ctx); 1836 return 0; 1837 } 1838 fwrite(outbuf, 1, outlen, out); 1839 } 1840 if (!EVP_CipherFinal_ex(ctx, outbuf, &outlen)) { 1841 /* Error */ 1842 EVP_CIPHER_CTX_free(ctx); 1843 return 0; 1844 } 1845 fwrite(outbuf, 1, outlen, out); 1846 1847 EVP_CIPHER_CTX_free(ctx); 1848 return 1; 1849 } 1850 1851Encryption using AES-CBC with a 256-bit key with "CS1" ciphertext stealing. 1852 1853 int encrypt(const unsigned char *key, const unsigned char *iv, 1854 const unsigned char *msg, size_t msg_len, unsigned char *out) 1855 { 1856 /* 1857 * This assumes that key size is 32 bytes and the iv is 16 bytes. 1858 * For ciphertext stealing mode the length of the ciphertext "out" will be 1859 * the same size as the plaintext size "msg_len". 1860 * The "msg_len" can be any size >= 16. 1861 */ 1862 int ret = 0, encrypt = 1, outlen, len; 1863 EVP_CIPHER_CTX *ctx = NULL; 1864 EVP_CIPHER *cipher = NULL; 1865 OSSL_PARAM params[2]; 1866 1867 ctx = EVP_CIPHER_CTX_new(); 1868 cipher = EVP_CIPHER_fetch(NULL, "AES-256-CBC-CTS", NULL); 1869 if (ctx == NULL || cipher == NULL) 1870 goto err; 1871 1872 /* 1873 * The default is "CS1" so this is not really needed, 1874 * but would be needed to set either "CS2" or "CS3". 1875 */ 1876 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_CIPHER_PARAM_CTS_MODE, 1877 "CS1", 0); 1878 params[1] = OSSL_PARAM_construct_end(); 1879 1880 if (!EVP_CipherInit_ex2(ctx, cipher, key, iv, encrypt, params)) 1881 goto err; 1882 1883 /* NOTE: CTS mode does not support multiple calls to EVP_CipherUpdate() */ 1884 if (!EVP_CipherUpdate(ctx, out, &outlen, msg, msg_len)) 1885 goto err; 1886 if (!EVP_CipherFinal_ex(ctx, out + outlen, &len)) 1887 goto err; 1888 ret = 1; 1889 err: 1890 EVP_CIPHER_free(cipher); 1891 EVP_CIPHER_CTX_free(ctx); 1892 return ret; 1893 } 1894 1895=head1 SEE ALSO 1896 1897L<evp(7)>, 1898L<property(7)>, 1899L<crypto(7)/ALGORITHM FETCHING>, 1900L<provider-cipher(7)>, 1901L<life_cycle-cipher(7)> 1902 1903Supported ciphers are listed in: 1904 1905L<EVP_aes_128_gcm(3)>, 1906L<EVP_aria_128_gcm(3)>, 1907L<EVP_bf_cbc(3)>, 1908L<EVP_camellia_128_ecb(3)>, 1909L<EVP_cast5_cbc(3)>, 1910L<EVP_chacha20(3)>, 1911L<EVP_des_cbc(3)>, 1912L<EVP_desx_cbc(3)>, 1913L<EVP_idea_cbc(3)>, 1914L<EVP_rc2_cbc(3)>, 1915L<EVP_rc4(3)>, 1916L<EVP_rc5_32_12_16_cbc(3)>, 1917L<EVP_seed_cbc(3)>, 1918L<EVP_sm4_cbc(3)>, 1919 1920=head1 HISTORY 1921 1922Support for OCB mode was added in OpenSSL 1.1.0. 1923 1924B<EVP_CIPHER_CTX> was made opaque in OpenSSL 1.1.0. As a result, 1925EVP_CIPHER_CTX_reset() appeared and EVP_CIPHER_CTX_cleanup() 1926disappeared. EVP_CIPHER_CTX_init() remains as an alias for 1927EVP_CIPHER_CTX_reset(). 1928 1929The EVP_CIPHER_CTX_cipher() function was deprecated in OpenSSL 3.0; use 1930EVP_CIPHER_CTX_get0_cipher() instead. 1931 1932The EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2(), EVP_CipherInit_ex2(), 1933EVP_CIPHER_fetch(), EVP_CIPHER_free(), EVP_CIPHER_up_ref(), 1934EVP_CIPHER_CTX_get0_cipher(), EVP_CIPHER_CTX_get1_cipher(), 1935EVP_CIPHER_get_params(), EVP_CIPHER_CTX_set_params(), 1936EVP_CIPHER_CTX_get_params(), EVP_CIPHER_gettable_params(), 1937EVP_CIPHER_settable_ctx_params(), EVP_CIPHER_gettable_ctx_params(), 1938EVP_CIPHER_CTX_settable_params() and EVP_CIPHER_CTX_gettable_params() 1939functions were added in 3.0. 1940 1941The EVP_CIPHER_nid(), EVP_CIPHER_name(), EVP_CIPHER_block_size(), 1942EVP_CIPHER_key_length(), EVP_CIPHER_iv_length(), EVP_CIPHER_flags(), 1943EVP_CIPHER_mode(), EVP_CIPHER_type(), EVP_CIPHER_CTX_nid(), 1944EVP_CIPHER_CTX_block_size(), EVP_CIPHER_CTX_key_length(), 1945EVP_CIPHER_CTX_iv_length(), EVP_CIPHER_CTX_tag_length(), 1946EVP_CIPHER_CTX_num(), EVP_CIPHER_CTX_type(), and EVP_CIPHER_CTX_mode() 1947functions were renamed to include C<get> or C<get0> in their names in 1948OpenSSL 3.0, respectively. The old names are kept as non-deprecated 1949alias macros. 1950 1951The EVP_CIPHER_CTX_encrypting() function was renamed to 1952EVP_CIPHER_CTX_is_encrypting() in OpenSSL 3.0. The old name is kept as 1953non-deprecated alias macro. 1954 1955The EVP_CIPHER_CTX_flags() macro was deprecated in OpenSSL 1.1.0. 1956 1957EVP_CIPHER_CTX_dup() was added in OpenSSL 3.2. 1958 1959EVP_CipherInit_SKEY() was added in OpenSSL 3.5. 1960 1961Prior to OpenSSL 3.5, passing a NULL I<ctx> to 1962B<EVP_CIPHER_CTX_get_block_size()> would result in a NULL pointer dereference, 1963rather than a 0 return value indicating an error. 1964 1965=head1 COPYRIGHT 1966 1967Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved. 1968 1969Licensed under the Apache License 2.0 (the "License"). You may not use 1970this file except in compliance with the License. You can obtain a copy 1971in the file LICENSE in the source distribution or at 1972L<https://www.openssl.org/source/license.html>. 1973 1974=cut 1975