1=pod 2 3=head1 NAME 4 5EVP_CIPHER_fetch, 6EVP_CIPHER_up_ref, 7EVP_CIPHER_free, 8EVP_CIPHER_CTX_new, 9EVP_CIPHER_CTX_reset, 10EVP_CIPHER_CTX_free, 11EVP_CIPHER_CTX_dup, 12EVP_CIPHER_CTX_copy, 13EVP_EncryptInit_ex, 14EVP_EncryptInit_ex2, 15EVP_EncryptUpdate, 16EVP_EncryptFinal_ex, 17EVP_DecryptInit_ex, 18EVP_DecryptInit_ex2, 19EVP_DecryptUpdate, 20EVP_DecryptFinal_ex, 21EVP_CipherInit_ex, 22EVP_CipherInit_ex2, 23EVP_CipherInit_SKEY, 24EVP_CipherUpdate, 25EVP_CipherFinal_ex, 26EVP_CIPHER_CTX_set_key_length, 27EVP_CIPHER_CTX_ctrl, 28EVP_EncryptInit, 29EVP_EncryptFinal, 30EVP_DecryptInit, 31EVP_DecryptFinal, 32EVP_CipherInit, 33EVP_CipherFinal, 34EVP_Cipher, 35EVP_CIPHER_can_pipeline, 36EVP_CipherPipelineEncryptInit, 37EVP_CipherPipelineDecryptInit, 38EVP_CipherPipelineUpdate, 39EVP_CipherPipelineFinal, 40EVP_get_cipherbyname, 41EVP_get_cipherbynid, 42EVP_get_cipherbyobj, 43EVP_CIPHER_is_a, 44EVP_CIPHER_get0_name, 45EVP_CIPHER_get0_description, 46EVP_CIPHER_names_do_all, 47EVP_CIPHER_get0_provider, 48EVP_CIPHER_get_nid, 49EVP_CIPHER_get_params, 50EVP_CIPHER_gettable_params, 51EVP_CIPHER_get_block_size, 52EVP_CIPHER_get_key_length, 53EVP_CIPHER_get_iv_length, 54EVP_CIPHER_get_flags, 55EVP_CIPHER_get_mode, 56EVP_CIPHER_get_type, 57EVP_CIPHER_CTX_cipher, 58EVP_CIPHER_CTX_get0_cipher, 59EVP_CIPHER_CTX_get1_cipher, 60EVP_CIPHER_CTX_get0_name, 61EVP_CIPHER_CTX_get_nid, 62EVP_CIPHER_CTX_get_params, 63EVP_CIPHER_gettable_ctx_params, 64EVP_CIPHER_CTX_gettable_params, 65EVP_CIPHER_CTX_set_params, 66EVP_CIPHER_settable_ctx_params, 67EVP_CIPHER_CTX_settable_params, 68EVP_CIPHER_CTX_get_block_size, 69EVP_CIPHER_CTX_get_key_length, 70EVP_CIPHER_CTX_get_iv_length, 71EVP_CIPHER_CTX_get_tag_length, 72EVP_CIPHER_CTX_flags, 73EVP_CIPHER_CTX_set_flags, 74EVP_CIPHER_CTX_clear_flags, 75EVP_CIPHER_CTX_test_flags, 76EVP_CIPHER_CTX_get_type, 77EVP_CIPHER_CTX_get_mode, 78EVP_CIPHER_CTX_get_num, 79EVP_CIPHER_CTX_set_num, 80EVP_CIPHER_CTX_is_encrypting, 81EVP_CIPHER_param_to_asn1, 82EVP_CIPHER_asn1_to_param, 83EVP_CIPHER_CTX_set_padding, 84EVP_enc_null, 85EVP_CIPHER_do_all_provided, 86EVP_CIPHER_nid, 87EVP_CIPHER_name, 88EVP_CIPHER_block_size, 89EVP_CIPHER_key_length, 90EVP_CIPHER_iv_length, 91EVP_CIPHER_flags, 92EVP_CIPHER_mode, 93EVP_CIPHER_type, 94EVP_CIPHER_CTX_encrypting, 95EVP_CIPHER_CTX_nid, 96EVP_CIPHER_CTX_block_size, 97EVP_CIPHER_CTX_key_length, 98EVP_CIPHER_CTX_iv_length, 99EVP_CIPHER_CTX_tag_length, 100EVP_CIPHER_CTX_num, 101EVP_CIPHER_CTX_type, 102EVP_CIPHER_CTX_mode 103- EVP cipher routines 104 105=head1 SYNOPSIS 106 107=for openssl generic 108 109 #include <openssl/evp.h> 110 111 EVP_CIPHER *EVP_CIPHER_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, 112 const char *properties); 113 int EVP_CIPHER_up_ref(EVP_CIPHER *cipher); 114 void EVP_CIPHER_free(EVP_CIPHER *cipher); 115 EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); 116 int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx); 117 void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx); 118 EVP_CIPHER_CTX *EVP_CIPHER_CTX_dup(const EVP_CIPHER_CTX *in); 119 int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in); 120 121 int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, 122 ENGINE *impl, const unsigned char *key, const unsigned char *iv); 123 int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, 124 const unsigned char *key, const unsigned char *iv, 125 const OSSL_PARAM params[]); 126 int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, 127 int *outl, const unsigned char *in, int inl); 128 int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); 129 130 int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, 131 ENGINE *impl, const unsigned char *key, const unsigned char *iv); 132 int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, 133 const unsigned char *key, const unsigned char *iv, 134 const OSSL_PARAM params[]); 135 int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, 136 int *outl, const unsigned char *in, int inl); 137 int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); 138 139 int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, 140 ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc); 141 int EVP_CipherInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, 142 const unsigned char *key, const unsigned char *iv, 143 int enc, const OSSL_PARAM params[]); 144 int EVP_CipherInit_SKEY(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, 145 EVP_SKEY *skey, const unsigned char *iv, size_t iv_len, 146 int enc, const OSSL_PARAM params[]); 147 int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, 148 int *outl, const unsigned char *in, int inl); 149 int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); 150 151 int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, 152 const unsigned char *key, const unsigned char *iv); 153 int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); 154 155 int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, 156 const unsigned char *key, const unsigned char *iv); 157 int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); 158 159 int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, 160 const unsigned char *key, const unsigned char *iv, int enc); 161 int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); 162 163 int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 164 const unsigned char *in, unsigned int inl); 165 166 int EVP_CIPHER_can_pipeline(const EVP_CIPHER *cipher, int enc); 167 int EVP_CipherPipelineEncryptInit(EVP_CIPHER_CTX *ctx, 168 const EVP_CIPHER *cipher, 169 const unsigned char *key, size_t keylen, 170 size_t numpipes, 171 const unsigned char **iv, size_t ivlen); 172 int EVP_CipherPipelineDecryptInit(EVP_CIPHER_CTX *ctx, 173 const EVP_CIPHER *cipher, 174 const unsigned char *key, size_t keylen, 175 size_t numpipes, 176 const unsigned char **iv, size_t ivlen); 177 int EVP_CipherPipelineUpdate(EVP_CIPHER_CTX *ctx, 178 unsigned char **out, size_t *outl, 179 const size_t *outsize, 180 const unsigned char **in, const size_t *inl); 181 int EVP_CipherPipelineFinal(EVP_CIPHER_CTX *ctx, 182 unsigned char **outm, size_t *outl, 183 const size_t *outsize); 184 185 int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding); 186 int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); 187 int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int cmd, int p1, void *p2); 188 int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key); 189 void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); 190 void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags); 191 int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags); 192 193 const EVP_CIPHER *EVP_get_cipherbyname(const char *name); 194 const EVP_CIPHER *EVP_get_cipherbynid(int nid); 195 const EVP_CIPHER *EVP_get_cipherbyobj(const ASN1_OBJECT *a); 196 197 int EVP_CIPHER_get_nid(const EVP_CIPHER *e); 198 int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name); 199 int EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher, 200 void (*fn)(const char *name, void *data), 201 void *data); 202 const char *EVP_CIPHER_get0_name(const EVP_CIPHER *cipher); 203 const char *EVP_CIPHER_get0_description(const EVP_CIPHER *cipher); 204 const OSSL_PROVIDER *EVP_CIPHER_get0_provider(const EVP_CIPHER *cipher); 205 int EVP_CIPHER_get_block_size(const EVP_CIPHER *e); 206 int EVP_CIPHER_get_key_length(const EVP_CIPHER *e); 207 int EVP_CIPHER_get_iv_length(const EVP_CIPHER *e); 208 unsigned long EVP_CIPHER_get_flags(const EVP_CIPHER *e); 209 unsigned long EVP_CIPHER_get_mode(const EVP_CIPHER *e); 210 int EVP_CIPHER_get_type(const EVP_CIPHER *cipher); 211 212 const EVP_CIPHER *EVP_CIPHER_CTX_get0_cipher(const EVP_CIPHER_CTX *ctx); 213 EVP_CIPHER *EVP_CIPHER_CTX_get1_cipher(const EVP_CIPHER_CTX *ctx); 214 int EVP_CIPHER_CTX_get_nid(const EVP_CIPHER_CTX *ctx); 215 const char *EVP_CIPHER_CTX_get0_name(const EVP_CIPHER_CTX *ctx); 216 217 int EVP_CIPHER_get_params(EVP_CIPHER *cipher, OSSL_PARAM params[]); 218 int EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX *ctx, const OSSL_PARAM params[]); 219 int EVP_CIPHER_CTX_get_params(EVP_CIPHER_CTX *ctx, OSSL_PARAM params[]); 220 const OSSL_PARAM *EVP_CIPHER_gettable_params(const EVP_CIPHER *cipher); 221 const OSSL_PARAM *EVP_CIPHER_settable_ctx_params(const EVP_CIPHER *cipher); 222 const OSSL_PARAM *EVP_CIPHER_gettable_ctx_params(const EVP_CIPHER *cipher); 223 const OSSL_PARAM *EVP_CIPHER_CTX_settable_params(EVP_CIPHER_CTX *ctx); 224 const OSSL_PARAM *EVP_CIPHER_CTX_gettable_params(EVP_CIPHER_CTX *ctx); 225 int EVP_CIPHER_CTX_get_block_size(const EVP_CIPHER_CTX *ctx); 226 int EVP_CIPHER_CTX_get_key_length(const EVP_CIPHER_CTX *ctx); 227 int EVP_CIPHER_CTX_get_iv_length(const EVP_CIPHER_CTX *ctx); 228 int EVP_CIPHER_CTX_get_tag_length(const EVP_CIPHER_CTX *ctx); 229 int EVP_CIPHER_CTX_get_type(const EVP_CIPHER_CTX *ctx); 230 int EVP_CIPHER_CTX_get_mode(const EVP_CIPHER_CTX *ctx); 231 int EVP_CIPHER_CTX_get_num(const EVP_CIPHER_CTX *ctx); 232 int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num); 233 int EVP_CIPHER_CTX_is_encrypting(const EVP_CIPHER_CTX *ctx); 234 235 int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); 236 int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); 237 238 void EVP_CIPHER_do_all_provided(OSSL_LIB_CTX *libctx, 239 void (*fn)(EVP_CIPHER *cipher, void *arg), 240 void *arg); 241 242 #define EVP_CIPHER_nid EVP_CIPHER_get_nid 243 #define EVP_CIPHER_name EVP_CIPHER_get0_name 244 #define EVP_CIPHER_block_size EVP_CIPHER_get_block_size 245 #define EVP_CIPHER_key_length EVP_CIPHER_get_key_length 246 #define EVP_CIPHER_iv_length EVP_CIPHER_get_iv_length 247 #define EVP_CIPHER_flags EVP_CIPHER_get_flags 248 #define EVP_CIPHER_mode EVP_CIPHER_get_mode 249 #define EVP_CIPHER_type EVP_CIPHER_get_type 250 #define EVP_CIPHER_CTX_encrypting EVP_CIPHER_CTX_is_encrypting 251 #define EVP_CIPHER_CTX_nid EVP_CIPHER_CTX_get_nid 252 #define EVP_CIPHER_CTX_block_size EVP_CIPHER_CTX_get_block_size 253 #define EVP_CIPHER_CTX_key_length EVP_CIPHER_CTX_get_key_length 254 #define EVP_CIPHER_CTX_iv_length EVP_CIPHER_CTX_get_iv_length 255 #define EVP_CIPHER_CTX_tag_length EVP_CIPHER_CTX_get_tag_length 256 #define EVP_CIPHER_CTX_num EVP_CIPHER_CTX_get_num 257 #define EVP_CIPHER_CTX_type EVP_CIPHER_CTX_get_type 258 #define EVP_CIPHER_CTX_mode EVP_CIPHER_CTX_get_mode 259 260The following function has been deprecated since OpenSSL 3.0, and can be 261hidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable version value, 262see L<openssl_user_macros(7)>: 263 264 const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); 265 266The following function has been deprecated since OpenSSL 1.1.0, and can be 267hidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable version value, 268see L<openssl_user_macros(7)>: 269 270 int EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx); 271 272=head1 DESCRIPTION 273 274The EVP cipher routines are a high-level interface to certain 275symmetric ciphers. 276 277The B<EVP_CIPHER> type is a structure for cipher method implementation. 278 279=over 4 280 281=item EVP_CIPHER_fetch() 282 283Fetches the cipher implementation for the given I<algorithm> from any provider 284offering it, within the criteria given by the I<properties>. 285See L<crypto(7)/ALGORITHM FETCHING> for further information. 286 287The returned value must eventually be freed with EVP_CIPHER_free(). 288 289Fetched B<EVP_CIPHER> structures are reference counted. 290 291=item EVP_CIPHER_up_ref() 292 293Increments the reference count for an B<EVP_CIPHER> structure. 294 295=item EVP_CIPHER_free() 296 297Decrements the reference count for the fetched B<EVP_CIPHER> structure. 298If the reference count drops to 0 then the structure is freed. 299If the argument is NULL, nothing is done. 300 301=item EVP_CIPHER_CTX_new() 302 303Allocates and returns a cipher context. 304 305=item EVP_CIPHER_CTX_free() 306 307Clears all information from a cipher context and frees any allocated memory 308associated with it, including I<ctx> itself. This function should be called 309after all operations using a cipher are complete so sensitive information does 310not remain in memory. If the argument is NULL, nothing is done. 311 312=item EVP_CIPHER_CTX_dup() 313 314Can be used to duplicate the cipher state from I<in>. This is useful 315to avoid multiple EVP_CIPHER_fetch() calls or if large amounts of data are to be 316fed which only differ in the last few bytes. 317 318=item EVP_CIPHER_CTX_copy() 319 320Can be used to copy the cipher state from I<in> to I<out>. 321 322=item EVP_CIPHER_CTX_ctrl() 323 324I<This is a legacy method.> EVP_CIPHER_CTX_set_params() and 325EVP_CIPHER_CTX_get_params() is the mechanism that should be used to set and get 326parameters that are used by providers. 327 328Performs cipher-specific control actions on context I<ctx>. The control command 329is indicated in I<cmd> and any additional arguments in I<p1> and I<p2>. 330EVP_CIPHER_CTX_ctrl() must be called after EVP_CipherInit_ex2(). Other restrictions 331may apply depending on the control type and cipher implementation. 332 333If this function happens to be used with a fetched B<EVP_CIPHER>, it will 334translate the controls that are known to OpenSSL into L<OSSL_PARAM(3)> 335parameters with keys defined by OpenSSL and call EVP_CIPHER_CTX_get_params() or 336EVP_CIPHER_CTX_set_params() as is appropriate for each control command. 337 338See L</CONTROLS> below for more information, including what translations are 339being done. 340 341=item EVP_CIPHER_get_params() 342 343Retrieves the requested list of algorithm I<params> from a CIPHER I<cipher>. 344See L</PARAMETERS> below for more information. 345 346=item EVP_CIPHER_CTX_get_params() 347 348Retrieves the requested list of I<params> from CIPHER context I<ctx>. 349See L</PARAMETERS> below for more information. 350 351=item EVP_CIPHER_CTX_set_params() 352 353Sets the list of I<params> into a CIPHER context I<ctx>. 354See L</PARAMETERS> below for more information. 355 356=item EVP_CIPHER_gettable_params() 357 358Get a constant L<OSSL_PARAM(3)> array that describes the retrievable parameters 359that can be used with EVP_CIPHER_get_params(). 360 361=item EVP_CIPHER_gettable_ctx_params() and EVP_CIPHER_CTX_gettable_params() 362 363Get a constant L<OSSL_PARAM(3)> array that describes the retrievable parameters 364that can be used with EVP_CIPHER_CTX_get_params(). 365EVP_CIPHER_gettable_ctx_params() returns the parameters that can be retrieved 366from the algorithm, whereas EVP_CIPHER_CTX_gettable_params() returns the 367parameters that can be retrieved in the context's current state. 368 369=item EVP_CIPHER_settable_ctx_params() and EVP_CIPHER_CTX_settable_params() 370 371Get a constant L<OSSL_PARAM(3)> array that describes the settable parameters 372that can be used with EVP_CIPHER_CTX_set_params(). 373EVP_CIPHER_settable_ctx_params() returns the parameters that can be set from the 374algorithm, whereas EVP_CIPHER_CTX_settable_params() returns the parameters that 375can be set in the context's current state. 376 377=item EVP_EncryptInit_ex2() 378 379Sets up cipher context I<ctx> for encryption with cipher I<type>. I<ctx> B<MUST NOT> be NULL. 380I<type> is typically supplied by calling EVP_CIPHER_fetch(). I<type> may also be set 381using legacy functions such as EVP_aes_256_cbc(), but this is not recommended 382for new applications. I<key> is the symmetric key to use and I<iv> is the IV to 383use (if necessary), the actual number of bytes used for the key and IV depends 384on the cipher. The parameters I<params> will be set on the context after 385initialisation. It is possible to set all parameters to NULL except I<type> in 386an initial call and supply the remaining parameters in subsequent calls, all of 387which have I<type> set to NULL. This is done when the default cipher parameters 388are not appropriate. 389For B<EVP_CIPH_GCM_MODE> the IV will be generated internally if it is not 390specified. 391 392=item EVP_EncryptInit_ex() 393 394This legacy function is similar to EVP_EncryptInit_ex2() when I<impl> is NULL. 395The implementation of the I<type> from the I<impl> engine will be used if it 396exists. 397 398=item EVP_EncryptUpdate() 399 400Encrypts I<inl> bytes from the buffer I<in> and writes the encrypted version to 401I<out>. The pointers I<out> and I<in> may point to the same location, in which 402case the encryption will be done in-place. However, in-place encryption is 403guaranteed to work only if the encryption context (I<ctx>) has processed data in 404multiples of the block size. If the context contains an incomplete data block 405from previous operations, in-place encryption will fail. I<ctx> B<MUST NOT> be NULL. 406 407If I<out> and I<in> point to different locations, the two buffers must be 408disjoint, otherwise the operation might fail or the outcome might be undefined. 409 410This function can be called multiple times to encrypt successive blocks 411of data. The amount of data written depends on the block alignment of the 412encrypted data. 413For most ciphers and modes, the amount of data written can be anything 414from zero bytes to (inl + cipher_block_size - 1) bytes. 415For wrap cipher modes, the amount of data written can be anything 416from zero bytes to (inl + cipher_block_size) bytes. 417For stream ciphers, the amount of data written can be anything from zero 418bytes to inl bytes. 419Thus, the buffer pointed to by I<out> must contain sufficient room for the 420operation being performed. 421The actual number of bytes written is placed in I<outl>. 422 423If padding is enabled (the default) then EVP_EncryptFinal_ex() encrypts 424the "final" data, that is any data that remains in a partial block. 425It uses standard block padding (aka PKCS padding) as described in 426the NOTES section, below. The encrypted 427final data is written to I<out> which should have sufficient space for 428one cipher block. The number of bytes written is placed in I<outl>. After 429this function is called the encryption operation is finished and no further 430calls to EVP_EncryptUpdate() should be made. 431 432If padding is disabled then EVP_EncryptFinal_ex() will not encrypt any more 433data and it will return an error if any data remains in a partial block: 434that is if the total data length is not a multiple of the block size. 435 436=item EVP_DecryptInit_ex2(), EVP_DecryptInit_ex(), EVP_DecryptUpdate() 437and EVP_DecryptFinal_ex() 438 439These functions are the corresponding decryption operations. 440EVP_DecryptFinal() will return an error code if padding is enabled and the 441final block is not correctly formatted. The parameters and restrictions are 442identical to the encryption operations. I<ctx> B<MUST NOT> be NULL. 443 444=item EVP_CipherInit_ex2(), EVP_CipherInit_ex(), EVP_CipherUpdate() and 445EVP_CipherFinal_ex() 446 447These functions can be used for decryption or encryption. The operation 448performed depends on the value of the I<enc> parameter. It should be set to 1 449for encryption, 0 for decryption and -1 to leave the value unchanged 450(the actual value of 'enc' being supplied in a previous call). 451 452=item EVP_CipherInit_SKEY() 453 454This function is similar to EVP_CipherInit_ex2() but accepts a 455symmetric key object of type I<EVP_SKEY> as a key. 456 457=item EVP_CIPHER_CTX_reset() 458 459Clears all information from a cipher context and free up any allocated memory 460associated with it, except the I<ctx> itself. This function should be called 461anytime I<ctx> is reused by another 462EVP_CipherInit() / EVP_CipherUpdate() / EVP_CipherFinal() series of calls. 463 464=item EVP_EncryptInit(), EVP_DecryptInit() and EVP_CipherInit() 465 466Behave in a similar way to EVP_EncryptInit_ex(), EVP_DecryptInit_ex() and 467EVP_CipherInit_ex() except if the I<type> is not a fetched cipher they use the 468default implementation of the I<type>. 469 470=item EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() 471 472Identical to EVP_EncryptFinal_ex(), EVP_DecryptFinal_ex() and 473EVP_CipherFinal_ex(). In previous releases they also cleaned up 474the I<ctx>, but this is no longer done and EVP_CIPHER_CTX_cleanup() 475must be called to free any context resources. 476 477=item EVP_Cipher() 478 479Encrypts or decrypts a maximum I<inl> amount of bytes from I<in> and leaves the 480result in I<out>. 481 482For legacy ciphers - If the cipher doesn't have the flag 483B<EVP_CIPH_FLAG_CUSTOM_CIPHER> set, then I<inl> must be a multiple of 484EVP_CIPHER_get_block_size(). If it isn't, the result is undefined. If the cipher 485has that flag set, then I<inl> can be any size. 486 487Due to the constraints of the API contract of this function it shouldn't be used 488in applications, please consider using EVP_CipherUpdate() and 489EVP_CipherFinal_ex() instead. 490 491=item EVP_CIPHER_can_pipeline() 492 493This function checks if a B<EVP_CIPHER> fetched using EVP_CIPHER_fetch() supports 494cipher pipelining. If the cipher supports pipelining, it returns 1, otherwise 0. 495This function will return 0 for non-fetched ciphers such as EVP_aes_128_gcm(). 496There are currently no built-in ciphers that support pipelining. 497 498Cipher pipelining support allows an application to submit multiple chunks of 499data in one set of EVP_CipherUpdate()/EVP_CipherFinal calls, thereby allowing 500the provided implementation to take advantage of parallel computing. This is 501beneficial for hardware accelerators as pipeline amortizes the latency over 502multiple chunks. 503 504For non-fetched ciphers, EVP_CipherPipelineEncryptInit() or 505EVP_CipherPipelineDecryptInit() may be directly called, which will perform a 506fetch and return an error if a pipeline supported implementation is not found. 507 508=item EVP_CipherPipelineEncryptInit(), EVP_CipherPipelineDecryptInit(), EVP_CipherPipelineUpdate() and EVP_CipherPipelineFinal() 509 510These functions can be used to perform multiple encryption or decryption 511operations in parallel. EVP_CIPHER_can_pipeline() may be called to check if the 512cipher supports pipelining. These functions are analogous to 513EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2(), EVP_CipherUpdate() and 514EVP_CipherFinal() but take an array of pointers for iv, input and output buffers. 515 516The I<key>, of length I<keylen>, is the symmetric key to use. The I<numpipes> 517parameter specifies the number of parallel operations to perform. The 518I<numpipes> cannot exceed B<EVP_MAX_PIPES>. The I<iv> parameter is an array of 519buffer pointers, containing IVs. The array size must be equal to I<numpipes>. 520The size of each IV buffer must be equal to I<ivlen>. When IV is not provided, 521I<iv> must be NULL, rather than an array of NULL pointers. The I<in> 522parameters takes an array of buffer pointers, each pointing to a buffer 523containing the input data. The buffers can be of different sizes. The I<inl> 524parameter is an array of size_t, each specifying the size of the corresponding 525input buffer. The I<out> and I<outm> parameters are arrays of buffer pointers, 526each pointing to a buffer where the output data will be written. The I<outsize> 527parameter is an array of size_t, each specifying the size of the corresponding 528output buffer. The I<outl> parameter is an array of size_t which will be updated 529with the size of the output data written to the corresponding output buffer. 530For size requirement of the output buffers, see the description of EVP_CipherUpdate(). 531 532The EVP_CipherPipelineUpdate() function can be called multiple times to encrypt 533successive blocks of data. For AAD data, the I<out>, and I<outsize> parameter 534should be NULL, rather than an array of NULL pointers. 535 536=item EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj() 537 538Returns an B<EVP_CIPHER> structure when passed a cipher name, a cipher B<NID> or 539an B<ASN1_OBJECT> structure respectively. 540 541EVP_get_cipherbyname() will return NULL for algorithms such as "AES-128-SIV", 542"AES-128-CBC-CTS" and "CAMELLIA-128-CBC-CTS" which were previously only 543accessible via low level interfaces. 544 545The EVP_get_cipherbyname() function is present for backwards compatibility with 546OpenSSL prior to version 3 and is different to the EVP_CIPHER_fetch() function 547since it does not attempt to "fetch" an implementation of the cipher. 548Additionally, it only knows about ciphers that are built-in to OpenSSL and have 549an associated NID. Similarly EVP_get_cipherbynid() and EVP_get_cipherbyobj() 550also return objects without an associated implementation. 551 552When the cipher objects returned by these functions are used (such as in a call 553to EVP_EncryptInit_ex()) an implementation of the cipher will be implicitly 554fetched from the loaded providers. This fetch could fail if no suitable 555implementation is available. Use EVP_CIPHER_fetch() instead to explicitly fetch 556the algorithm and an associated implementation from a provider. 557 558See L<crypto(7)/ALGORITHM FETCHING> for more information about fetching. 559 560The cipher objects returned from these functions do not need to be freed with 561EVP_CIPHER_free(). 562 563=item EVP_CIPHER_get_nid() and EVP_CIPHER_CTX_get_nid() 564 565Return the NID of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX> 566structure. The actual NID value is an internal value which may not have a 567corresponding OBJECT IDENTIFIER. NID_undef is returned in the event that the 568nid is unknown or if the cipher has not been properly initialized via a call to 569B<EVP_CipherInit>. 570 571=item EVP_CIPHER_CTX_set_flags(), EVP_CIPHER_CTX_clear_flags() and EVP_CIPHER_CTX_test_flags() 572 573Sets, clears and tests I<ctx> flags. See L</FLAGS> below for more information. 574 575For provided ciphers EVP_CIPHER_CTX_set_flags() should be called only after the 576fetched cipher has been assigned to the I<ctx>. It is recommended to use 577L</PARAMETERS> instead. 578 579=item EVP_CIPHER_CTX_set_padding() 580 581Enables or disables padding. This function should be called after the context 582is set up for encryption or decryption with EVP_EncryptInit_ex2(), 583EVP_DecryptInit_ex2(), EVP_CipherInit_ex2(), or EVP_CipherInit_SKEY(). By 584default encryption operations are padded using standard block padding and the 585padding is checked and removed when decrypting. If the I<pad> parameter is zero 586then no padding is performed, the total amount of data encrypted or decrypted 587must then be a multiple of the block size or an error will occur. I<x> B<MUST 588NOT> be NULL. 589 590=item EVP_CIPHER_get_key_length() and EVP_CIPHER_CTX_get_key_length() 591 592Return the key length of a cipher when passed an B<EVP_CIPHER> or 593B<EVP_CIPHER_CTX> structure. The constant B<EVP_MAX_KEY_LENGTH> is the maximum 594key length for all ciphers. Note: although EVP_CIPHER_get_key_length() is fixed for 595a given cipher, the value of EVP_CIPHER_CTX_get_key_length() may be different for 596variable key length ciphers. 597 598=item EVP_CIPHER_CTX_set_key_length() 599 600Sets the key length of the cipher context. 601If the cipher is a fixed length cipher then attempting to set the key 602length to any value other than the fixed value is an error. 603 604=item EVP_CIPHER_get_iv_length() and EVP_CIPHER_CTX_get_iv_length() 605 606Return the IV length of a cipher when passed an B<EVP_CIPHER> or 607B<EVP_CIPHER_CTX>. It will return zero if the cipher does not use an IV, if 608the cipher has not yet been initialized within the B<EVP_CIPHER_CTX>, or if the 609passed cipher is NULL. The constant B<EVP_MAX_IV_LENGTH> is the maximum IV 610length for all ciphers. 611 612=item EVP_CIPHER_CTX_get_tag_length() 613 614Returns the tag length of an AEAD cipher when passed a B<EVP_CIPHER_CTX>. It will 615return zero if the cipher does not support a tag. It returns a default value if 616the tag length has not been set. 617 618=item EVP_CIPHER_get_block_size() and EVP_CIPHER_CTX_get_block_size() 619 620Return the block size of a cipher when passed an B<EVP_CIPHER> or 621B<EVP_CIPHER_CTX> structure. The constant B<EVP_MAX_BLOCK_LENGTH> is also the 622maximum block length for all ciphers. 623A value of 0 is returned if, with B<EVP_CIPHER_get_block_size()>, the cipher 624I<e> is NULL, or, with B<EVP_CIPHER_CTX_get_block_size()>, the context 625I<ctx> is NULL or has not been properly initialized with a call to 626B<EVP_CipherInit>. 627 628=item EVP_CIPHER_get_type() and EVP_CIPHER_CTX_get_type() 629 630Return the type of the passed cipher or context. This "type" is the actual NID 631of the cipher OBJECT IDENTIFIER and as such it ignores the cipher parameters 632(40 bit RC2 and 128 bit RC2 have the same NID). If the cipher does not have an 633object identifier or does not have ASN1 support this function will return 634B<NID_undef>. 635 636=item EVP_CIPHER_is_a() 637 638Returns 1 if I<cipher> is an implementation of an algorithm that's identifiable 639with I<name>, otherwise 0. If I<cipher> is a legacy cipher (it's the return 640value from the likes of EVP_aes128() rather than the result of an 641EVP_CIPHER_fetch()), only cipher names registered with the default library 642context (see L<OSSL_LIB_CTX(3)>) will be considered. 643 644=item EVP_CIPHER_get0_name() and EVP_CIPHER_CTX_get0_name() 645 646Return the name of the passed cipher or context. For fetched ciphers with 647multiple names, only one of them is returned. See also EVP_CIPHER_names_do_all(). 648I<cipher> B<MUST NOT> be NULL. 649 650=item EVP_CIPHER_names_do_all() 651 652Traverses all names for the I<cipher>, and calls I<fn> with each name and 653I<data>. This is only useful with fetched B<EVP_CIPHER>s. 654 655=item EVP_CIPHER_get0_description() 656 657Returns a description of the cipher, meant for display and human consumption. 658The description is at the discretion of the cipher implementation. 659 660=item EVP_CIPHER_get0_provider() 661 662Returns an B<OSSL_PROVIDER> pointer to the provider that implements the given 663B<EVP_CIPHER>. 664 665=item EVP_CIPHER_CTX_get0_cipher() 666 667Returns the B<EVP_CIPHER> structure when passed an B<EVP_CIPHER_CTX> structure. 668EVP_CIPHER_CTX_get1_cipher() is the same except the ownership is passed to 669the caller. Both functions return NULL on error. 670 671=item EVP_CIPHER_get_mode() and EVP_CIPHER_CTX_get_mode() 672 673Return the block cipher mode: 674EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, 675EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, 676EVP_CIPH_WRAP_MODE, EVP_CIPH_OCB_MODE or EVP_CIPH_SIV_MODE. 677If the cipher is a stream cipher then EVP_CIPH_STREAM_CIPHER is returned. 678 679=item EVP_CIPHER_get_flags() 680 681Returns any flags associated with the cipher. See L</FLAGS> 682for a list of currently defined flags. 683 684=item EVP_CIPHER_CTX_get_num() and EVP_CIPHER_CTX_set_num() 685 686Gets or sets the cipher specific "num" parameter for the associated I<ctx>. 687Built-in ciphers typically use this to track how much of the current underlying block 688has been "used" already. 689 690=item EVP_CIPHER_CTX_is_encrypting() 691 692Reports whether the I<ctx> is being used for encryption or decryption. 693 694=item EVP_CIPHER_CTX_flags() 695 696A deprecated macro calling C<EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx))>. 697Do not use. 698 699=item EVP_CIPHER_param_to_asn1() 700 701Sets the AlgorithmIdentifier "parameter" based on the passed cipher. This will 702typically include any parameters and an IV. The cipher IV (if any) must be set 703when this call is made. This call should be made before the cipher is actually 704"used" (before any EVP_EncryptUpdate(), EVP_DecryptUpdate() calls for example). 705This function may fail if the cipher does not have any ASN1 support, or if an 706uninitialized cipher is passed to it. 707 708=item EVP_CIPHER_asn1_to_param() 709 710Sets the cipher parameters based on an ASN1 AlgorithmIdentifier "parameter". 711The precise effect depends on the cipher. In the case of B<RC2>, for example, 712it will set the IV and effective key length. 713This function should be called after the base cipher type is set but before 714the key is set. For example EVP_CipherInit() will be called with the IV and 715key set to NULL, EVP_CIPHER_asn1_to_param() will be called and finally 716EVP_CipherInit() again with all parameters except the key set to NULL. It is 717possible for this function to fail if the cipher does not have any ASN1 support 718or the parameters cannot be set (for example the RC2 effective key length 719is not supported. 720 721=item EVP_CIPHER_CTX_rand_key() 722 723Generates a random key of the appropriate length based on the cipher context. 724The B<EVP_CIPHER> can provide its own random key generation routine to support 725keys of a specific form. I<key> must point to a buffer at least as big as the 726value returned by EVP_CIPHER_CTX_get_key_length(). 727 728=item EVP_CIPHER_do_all_provided() 729 730Traverses all ciphers implemented by all activated providers in the given 731library context I<libctx>, and for each of the implementations, calls the given 732function I<fn> with the implementation method and the given I<arg> as argument. 733 734=back 735 736=head1 PARAMETERS 737 738See L<OSSL_PARAM(3)> for information about passing parameters. 739 740=head2 Gettable EVP_CIPHER parameters 741 742When EVP_CIPHER_fetch() is called it internally calls EVP_CIPHER_get_params() 743and caches the results. 744 745EVP_CIPHER_get_params() can be used with the following L<OSSL_PARAM(3)> keys: 746 747=over 4 748 749=item "mode" (B<OSSL_CIPHER_PARAM_MODE>) <unsigned integer> 750 751Gets the mode for the associated cipher algorithm I<cipher>. 752See L</EVP_CIPHER_get_mode() and EVP_CIPHER_CTX_get_mode()> for a list of valid modes. 753Use EVP_CIPHER_get_mode() to retrieve the cached value. 754 755=item "keylen" (B<OSSL_CIPHER_PARAM_KEYLEN>) <unsigned integer> 756 757Gets the key length for the associated cipher algorithm I<cipher>. 758Use EVP_CIPHER_get_key_length() to retrieve the cached value. 759 760=item "ivlen" (B<OSSL_CIPHER_PARAM_IVLEN>) <unsigned integer> 761 762Gets the IV length for the associated cipher algorithm I<cipher>. 763Use EVP_CIPHER_get_iv_length() to retrieve the cached value. 764 765=item "blocksize" (B<OSSL_CIPHER_PARAM_BLOCK_SIZE>) <unsigned integer> 766 767Gets the block size for the associated cipher algorithm I<cipher>. 768The block size should be 1 for stream ciphers. 769Note that the block size for a cipher may be different to the block size for 770the underlying encryption/decryption primitive. 771For example AES in CTR mode has a block size of 1 (because it operates like a 772stream cipher), even though AES has a block size of 16. 773Use EVP_CIPHER_get_block_size() to retrieve the cached value. 774 775=item "aead" (B<OSSL_CIPHER_PARAM_AEAD>) <integer> 776 777Gets 1 if this is an AEAD cipher algorithm, otherwise it gets 0. 778Use (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) to retrieve the 779cached value. 780 781=item "custom-iv" (B<OSSL_CIPHER_PARAM_CUSTOM_IV>) <integer> 782 783Gets 1 if the cipher algorithm I<cipher> has a custom IV, otherwise it gets 0. 784Storing and initializing the IV is left entirely to the implementation, if a 785custom IV is used. 786Use (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_CUSTOM_IV) to retrieve the 787cached value. 788 789=item "cts" (B<OSSL_CIPHER_PARAM_CTS>) <integer> 790 791Gets 1 if the cipher algorithm I<cipher> uses ciphertext stealing, 792otherwise it gets 0. 793This is currently used to indicate that the cipher is a one shot that only 794allows a single call to EVP_CipherUpdate(). 795Use (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_CTS) to retrieve the 796cached value. 797 798=item "tls-multi" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK>) <integer> 799 800Gets 1 if the cipher algorithm I<cipher> supports interleaving of crypto blocks, 801otherwise it gets 0. The interleaving is an optimization only applicable to certain 802TLS ciphers. 803Use (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) to retrieve the 804cached value. 805 806=item "has-randkey" (B<OSSL_CIPHER_PARAM_HAS_RANDKEY>) <integer> 807 808Gets 1 if the cipher algorithm I<cipher> supports the gettable EVP_CIPHER_CTX 809parameter B<OSSL_CIPHER_PARAM_RANDOM_KEY>. Only DES and 3DES set this to 1, 810all other OpenSSL ciphers return 0. 811 812=item "decrypt-only" (B<OSSL_CIPHER_PARAM_DECRYPT_ONLY) <integer> 813 814Gets 1 if the cipher algorithm I<cipher> implementation supports only 815the decryption operation such as the 3DES ciphers in the fips provider. 816Otherwise gets 0 or the parameter might not be present at all. 817 818=back 819 820=head2 Gettable and Settable EVP_CIPHER_CTX parameters 821 822The following L<OSSL_PARAM(3)> keys can be used with both EVP_CIPHER_CTX_get_params() 823and EVP_CIPHER_CTX_set_params(). 824 825=over 4 826 827=item "padding" (B<OSSL_CIPHER_PARAM_PADDING>) <unsigned integer> 828 829Gets or sets the padding mode for the cipher context I<ctx>. 830Padding is enabled if the value is 1, and disabled if the value is 0. 831See also EVP_CIPHER_CTX_set_padding(). 832 833=item "num" (B<OSSL_CIPHER_PARAM_NUM>) <unsigned integer> 834 835Gets or sets the cipher specific "num" parameter for the cipher context I<ctx>. 836Built-in ciphers typically use this to track how much of the current underlying 837block has been "used" already. 838See also EVP_CIPHER_CTX_get_num() and EVP_CIPHER_CTX_set_num(). 839 840=item "keylen" (B<OSSL_CIPHER_PARAM_KEYLEN>) <unsigned integer> 841 842Gets or sets the key length for the cipher context I<ctx>. 843The length of the "keylen" parameter should not exceed that of a B<size_t>. 844See also EVP_CIPHER_CTX_get_key_length() and EVP_CIPHER_CTX_set_key_length(). 845 846=item "tag" (B<OSSL_CIPHER_PARAM_AEAD_TAG>) <octet string> 847 848Gets or sets the AEAD tag for the associated cipher context I<ctx>. 849See L<EVP_EncryptInit(3)/AEAD INTERFACE>. 850 851=item "pipeline-tag" (B<OSSL_CIPHER_PARAM_PIPELINE_AEAD_TAG>) <octet ptr> 852 853Gets or sets the AEAD tag when using cipher pipelining. The pointer must 854point to an array of buffers, where the aead tag will be read from or written to. 855The array size must be equal to I<numpipes> used in 856EVP_CipherPipelineEncryptInit() or EVP_CipherPipelineDecryptInit(). 857 858=item "keybits" (B<OSSL_CIPHER_PARAM_RC2_KEYBITS>) <unsigned integer> 859 860Gets or sets the effective keybits used for a RC2 cipher. 861The length of the "keybits" parameter should not exceed that of a B<size_t>. 862 863=item "rounds" (B<OSSL_CIPHER_PARAM_ROUNDS>) <unsigned integer> 864 865Gets or sets the number of rounds to be used for a cipher. 866This is used by the RC5 cipher. 867 868=item "algorithm-id" (B<OSSL_CIPHER_PARAM_ALGORITHM_ID>) <octet string> 869 870Used to get the DER encoded AlgorithmIdentifier from the cipher 871implementation. Functions like L<EVP_PKEY_CTX_get_algor(3)> use this 872parameter. 873 874=item "algorithm-id-params" (B<OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS>) <octet string> 875 876Used to pass the DER encoded AlgorithmIdentifier parameter to or from 877the cipher implementation. 878Functions like L<EVP_CIPHER_CTX_set_algor_params(3)> and 879L<EVP_CIPHER_CTX_get_algor_params(3)> use this parameter. 880 881=item "alg_id_params" (B<OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS_OLD>) <octet string> 882 883An deprecated alias for "algorithm-id-params", only used by 884L<EVP_CIPHER_param_to_asn1(3)> and L<EVP_CIPHER_asn1_to_param(3)>. 885 886=item "cts_mode" (B<OSSL_CIPHER_PARAM_CTS_MODE>) <UTF8 string> 887 888Gets or sets the cipher text stealing mode. For all modes the output size is the 889same as the input size. The input length must be greater than or equal to the 890block size. (The block size for AES and CAMELLIA is 16 bytes). 891 892Valid values for the mode are: 893 894=over 4 895 896=item "CS1" 897 898The NIST variant of cipher text stealing. 899For input lengths that are multiples of the block size it is equivalent to 900using a "AES-XXX-CBC" or "CAMELLIA-XXX-CBC" cipher otherwise the second last 901cipher text block is a partial block. 902 903=item "CS2" 904 905For input lengths that are multiples of the block size it is equivalent to 906using a "AES-XXX-CBC" or "CAMELLIA-XXX-CBC" cipher, otherwise it is the same as 907"CS3" mode. 908 909=item "CS3" 910 911The Kerberos5 variant of cipher text stealing which always swaps the last 912cipher text block with the previous block (which may be a partial or full block 913depending on the input length). If the input length is exactly one full block 914then this is equivalent to using a "AES-XXX-CBC" or "CAMELLIA-XXX-CBC" cipher. 915 916=back 917 918The default is "CS1". 919This is only supported for "AES-128-CBC-CTS", "AES-192-CBC-CTS", "AES-256-CBC-CTS", 920"CAMELLIA-128-CBC-CTS", "CAMELLIA-192-CBC-CTS" and "CAMELLIA-256-CBC-CTS". 921 922=item "tls1multi_interleave" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE>) <unsigned integer> 923 924Sets or gets the number of records being sent in one go for a tls1 multiblock 925cipher operation (either 4 or 8 records). 926 927=back 928 929=head2 Gettable EVP_CIPHER_CTX parameters 930 931The following L<OSSL_PARAM(3)> keys can be used with EVP_CIPHER_CTX_get_params(): 932 933=over 4 934 935=item "ivlen" (B<OSSL_CIPHER_PARAM_IVLEN> and <B<OSSL_CIPHER_PARAM_AEAD_IVLEN>) <unsigned integer> 936 937Gets the IV length for the cipher context I<ctx>. 938The length of the "ivlen" parameter should not exceed that of a B<size_t>. 939See also EVP_CIPHER_CTX_get_iv_length(). 940 941=item "iv" (B<OSSL_CIPHER_PARAM_IV>) <octet string OR octet ptr> 942 943Gets the IV used to initialize the associated cipher context I<ctx>. 944See also EVP_CIPHER_CTX_get_original_iv(). 945 946=item "updated-iv" (B<OSSL_CIPHER_PARAM_UPDATED_IV>) <octet string OR octet ptr> 947 948Gets the updated pseudo-IV state for the associated cipher context, e.g., 949the previous ciphertext block for CBC mode or the iteratively encrypted IV 950value for OFB mode. Note that octet pointer access is deprecated and is 951provided only for backwards compatibility with historical libcrypto APIs. 952See also EVP_CIPHER_CTX_get_updated_iv(). 953 954=item "randkey" (B<OSSL_CIPHER_PARAM_RANDOM_KEY>) <octet string> 955 956Gets an implementation specific randomly generated key for the associated 957cipher context I<ctx>. This is currently only supported by DES and 3DES (which set 958the key to odd parity). 959 960=item "taglen" (B<OSSL_CIPHER_PARAM_AEAD_TAGLEN>) <unsigned integer> 961 962Gets the tag length to be used for an AEAD cipher for the associated cipher 963context I<ctx>. It gets a default value if it has not been set. 964The length of the "taglen" parameter should not exceed that of a B<size_t>. 965See also EVP_CIPHER_CTX_get_tag_length(). 966 967=item "tlsaadpad" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD>) <unsigned integer> 968 969Gets the length of the tag that will be added to a TLS record for the AEAD 970tag for the associated cipher context I<ctx>. 971The length of the "tlsaadpad" parameter should not exceed that of a B<size_t>. 972 973=item "tlsivgen" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN>) <octet string> 974 975Gets the invocation field generated for encryption. 976Can only be called after "tlsivfixed" is set. 977This is only used for GCM mode. 978 979=item "tls1multi_enclen" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN>) <unsigned integer> 980 981Get the total length of the record returned from the "tls1multi_enc" operation. 982 983=item "tls1multi_maxbufsz" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE>) <unsigned integer> 984 985Gets the maximum record length for a TLS1 multiblock cipher operation. 986The length of the "tls1multi_maxbufsz" parameter should not exceed that of a B<size_t>. 987 988=item "tls1multi_aadpacklen" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN>) <unsigned integer> 989 990Gets the result of running the "tls1multi_aad" operation. 991 992=item "tls-mac" (B<OSSL_CIPHER_PARAM_TLS_MAC>) <octet ptr> 993 994Used to pass the TLS MAC data. 995 996=item "fips-indicator" (B<OSSL_CIPHER_PARAM_FIPS_APPROVED_INDICATOR>) <integer> 997 998This option is used by the OpenSSL FIPS provider. 999 1000A getter that returns 1 if the operation is FIPS approved, or 0 otherwise. 1001This may be used after calling a cipher final operation such as 1002EVP_EncryptFinal_ex(). It may return 0 if the "encrypt-check" option is set to 0. 1003 1004=item "iv-generated" (B<OSSL_CIPHER_PARAM_AEAD_IV_GENERATED>) <unsigned integer> 1005 1006An indicator that returns 1 if an IV was generated internally during encryption, 1007or O otherwise. 1008This may be used by GCM ciphers after calling a cipher final operation such 1009as EVP_EncryptFinal_ex(). 1010GCM should generate an IV internally if the IV is not specified during a 1011cipher initialisation call such as EVP_CipherInit_ex(). 1012See FIPS 140-3 IG C.H for information related to IV requirements. 1013 1014=back 1015 1016=head2 Settable EVP_CIPHER_CTX parameters 1017 1018The following L<OSSL_PARAM(3)> keys can be used with EVP_CIPHER_CTX_set_params(): 1019 1020=over 4 1021 1022=item "mackey" (B<OSSL_CIPHER_PARAM_AEAD_MAC_KEY>) <octet string> 1023 1024Sets the MAC key used by composite AEAD ciphers such as AES-CBC-HMAC-SHA256. 1025 1026=item "speed" (B<OSSL_CIPHER_PARAM_SPEED>) <unsigned integer> 1027 1028Sets the speed option for the associated cipher context. This is only supported 1029by AES SIV ciphers which disallow multiple operations by default. 1030Setting "speed" to 1 allows another encrypt or decrypt operation to be 1031performed. This is used for performance testing. 1032 1033=item "use-bits" (B<OSSL_CIPHER_PARAM_USE_BITS>) <unsigned integer> 1034 1035Determines if the input length I<inl> passed to EVP_EncryptUpdate(), 1036EVP_DecryptUpdate() and EVP_CipherUpdate() is the number of bits or number of bytes. 1037Setting "use-bits" to 1 uses bits. The default is in bytes. 1038This is only used for B<CFB1> ciphers. 1039 1040This can be set using EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS). 1041 1042=item "tls-version" (B<OSSL_CIPHER_PARAM_TLS_VERSION>) <integer> 1043 1044Sets the TLS version. 1045 1046=item "tls-mac-size" (B<OSSL_CIPHER_PARAM_TLS_MAC_SIZE>) <unsigned integer> 1047 1048Set the TLS MAC size. 1049 1050=item "tlsaad" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD>) <octet string> 1051 1052Sets TLSv1.2 AAD information for the associated cipher context I<ctx>. 1053TLSv1.2 AAD information is always 13 bytes in length and is as defined for the 1054"additional_data" field described in section 6.2.3.3 of RFC5246. 1055 1056=item "tlsivfixed" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED>) <octet string> 1057 1058Sets the fixed portion of an IV for an AEAD cipher used in a TLS record 1059encryption/ decryption for the associated cipher context. 1060TLS record encryption/decryption always occurs "in place" so that the input and 1061output buffers are always the same memory location. 1062AEAD IVs in TLSv1.2 consist of an implicit "fixed" part and an explicit part 1063that varies with every record. 1064Setting a TLS fixed IV changes a cipher to encrypt/decrypt TLS records. 1065TLS records are encrypted/decrypted using a single OSSL_FUNC_cipher_cipher call per 1066record. 1067For a record decryption the first bytes of the input buffer will be the explicit 1068part of the IV and the final bytes of the input buffer will be the AEAD tag. 1069The length of the explicit part of the IV and the tag length will depend on the 1070cipher in use and will be defined in the RFC for the relevant ciphersuite. 1071In order to allow for "in place" decryption the plaintext output should be 1072written to the same location in the output buffer that the ciphertext payload 1073was read from, i.e. immediately after the explicit IV. 1074 1075When encrypting a record the first bytes of the input buffer should be empty to 1076allow space for the explicit IV, as will the final bytes where the tag will 1077be written. 1078The length of the input buffer will include the length of the explicit IV, the 1079payload, and the tag bytes. 1080The cipher implementation should generate the explicit IV and write it to the 1081beginning of the output buffer, do "in place" encryption of the payload and 1082write that to the output buffer, and finally add the tag onto the end of the 1083output buffer. 1084 1085Whether encrypting or decrypting the value written to I<*outl> in the 1086OSSL_FUNC_cipher_cipher call should be the length of the payload excluding the explicit 1087IV length and the tag length. 1088 1089=item "tlsivinv" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV>) <octet string> 1090 1091Sets the invocation field used for decryption. 1092Can only be called after "tlsivfixed" is set. 1093This is only used for GCM mode. 1094 1095=item "tls1multi_enc" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC>) <octet string> 1096 1097Triggers a multiblock TLS1 encrypt operation for a TLS1 aware cipher that 1098supports sending 4 or 8 records in one go. 1099The cipher performs both the MAC and encrypt stages and constructs the record 1100headers itself. 1101"tls1multi_enc" supplies the output buffer for the encrypt operation, 1102"tls1multi_encin" & "tls1multi_interleave" must also be set in order to supply 1103values to the encrypt operation. 1104 1105=item "tls1multi_encin" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN>) <octet string> 1106 1107Supplies the data to encrypt for a TLS1 multiblock cipher operation. 1108 1109=item "tls1multi_maxsndfrag" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT>) <unsigned integer> 1110 1111Sets the maximum send fragment size for a TLS1 multiblock cipher operation. 1112It must be set before using "tls1multi_maxbufsz". 1113The length of the "tls1multi_maxsndfrag" parameter should not exceed that of a B<size_t>. 1114 1115=item "tls1multi_aad" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD>) <octet string> 1116 1117Sets the authenticated additional data used by a TLS1 multiblock cipher operation. 1118The supplied data consists of 13 bytes of record data containing: 1119Bytes 0-7: The sequence number of the first record 1120Byte 8: The record type 1121Byte 9-10: The protocol version 1122Byte 11-12: Input length (Always 0) 1123 1124"tls1multi_interleave" must also be set for this operation. 1125 1126=item "xts_standard" (B<OSSL_CIPHER_PARAM_XTS_STANDARD>) <UTF8 string> 1127 1128Sets the XTS standard to use with SM4-XTS algorithm. XTS mode has two 1129implementations, one is standardized in IEEE Std. 1619-2007 and has 1130been widely used (e.g., XTS AES), the other is proposed recently 1131(GB/T 17964-2021 implemented in May 2022) and is currently only used 1132in SM4. 1133 1134The main difference between them is the multiplication by the 1135primitive element E<alpha> to calculate the tweak values. The IEEE 1136Std 1619-2007 noted that the multiplication "is a left shift of each 1137byte by one bit with carry propagating from one byte to the next 1138one", which means that in each byte, the leftmost bit is the most 1139significant bit. But in GB/T 17964-2021, the rightmost bit is the 1140most significant bit, thus the multiplication becomes a right shift 1141of each byte by one bit with carry propagating from one byte to the 1142next one. 1143 1144Valid values for the mode are: 1145 1146=over 4 1147 1148=item "GB" 1149 1150The GB/T 17964-2021 variant of SM4-XTS algorithm. 1151 1152=item "IEEE" 1153 1154The IEEE Std. 1619-2007 variant of SM4-XTS algorithm. 1155 1156=back 1157 1158The default value is "GB". 1159 1160=item "encrypt-check" (B<OSSL_CIPHER_PARAM_FIPS_ENCRYPT_CHECK>) <integer> 1161 1162This option is used by the OpenSSL FIPS provider. 1163 1164If required this parameter should be set early via an cipher encrypt init 1165function such as EVP_EncryptInit_ex2(). 1166The default value of 1 causes an error when an encryption operation is triggered. 1167Setting this to 0 will ignore the error and set the approved "fips-indicator" to 11680. 1169This option breaks FIPS compliance if it causes the approved "fips-indicator" 1170to return 0. 1171 1172=back 1173 1174=head1 CONTROLS 1175 1176The Mappings from EVP_CIPHER_CTX_ctrl() identifiers to PARAMETERS are listed 1177in the following section. See the L</PARAMETERS> section for more details. 1178 1179EVP_CIPHER_CTX_ctrl() can be used to send the following standard controls: 1180 1181=over 4 1182 1183=item EVP_CTRL_AEAD_SET_IVLEN and EVP_CTRL_GET_IVLEN 1184 1185When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() and 1186EVP_CIPHER_CTX_get_params() get called with an L<OSSL_PARAM(3)> item with the 1187key "ivlen" (B<OSSL_CIPHER_PARAM_IVLEN>). 1188 1189=item EVP_CTRL_AEAD_SET_IV_FIXED 1190 1191When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called 1192with an L<OSSL_PARAM(3)> item with the key "tlsivfixed" 1193(B<OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED>). 1194 1195=item EVP_CTRL_AEAD_SET_MAC_KEY 1196 1197When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called 1198with an L<OSSL_PARAM(3)> item with the key "mackey" 1199(B<OSSL_CIPHER_PARAM_AEAD_MAC_KEY>). 1200 1201=item EVP_CTRL_AEAD_SET_TAG and EVP_CTRL_AEAD_GET_TAG 1202 1203When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() and 1204EVP_CIPHER_CTX_get_params() get called with an L<OSSL_PARAM(3)> item with the 1205key "tag" (B<OSSL_CIPHER_PARAM_AEAD_TAG>). 1206 1207=item EVP_CTRL_CCM_SET_L 1208 1209When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called 1210with an L<OSSL_PARAM(3)> item with the key "ivlen" (B<OSSL_CIPHER_PARAM_IVLEN>) 1211with a value of (15 - L) 1212 1213=item EVP_CTRL_COPY 1214 1215There is no OSSL_PARAM mapping for this. Use EVP_CIPHER_CTX_copy() instead. 1216 1217=item EVP_CTRL_GCM_SET_IV_INV 1218 1219When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called 1220with an L<OSSL_PARAM(3)> item with the key "tlsivinv" 1221(B<OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV>). 1222 1223=item EVP_CTRL_RAND_KEY 1224 1225When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called 1226with an L<OSSL_PARAM(3)> item with the key "randkey" 1227(B<OSSL_CIPHER_PARAM_RANDOM_KEY>). 1228 1229=item EVP_CTRL_SET_KEY_LENGTH 1230 1231When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called 1232with an L<OSSL_PARAM(3)> item with the key "keylen" (B<OSSL_CIPHER_PARAM_KEYLEN>). 1233 1234=item EVP_CTRL_SET_RC2_KEY_BITS and EVP_CTRL_GET_RC2_KEY_BITS 1235 1236When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() and 1237EVP_CIPHER_CTX_get_params() get called with an L<OSSL_PARAM(3)> item with the 1238key "keybits" (B<OSSL_CIPHER_PARAM_RC2_KEYBITS>). 1239 1240=item EVP_CTRL_SET_RC5_ROUNDS and EVP_CTRL_GET_RC5_ROUNDS 1241 1242When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() and 1243EVP_CIPHER_CTX_get_params() get called with an L<OSSL_PARAM(3)> item with the 1244key "rounds" (B<OSSL_CIPHER_PARAM_ROUNDS>). 1245 1246=item EVP_CTRL_SET_SPEED 1247 1248When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called 1249with an L<OSSL_PARAM(3)> item with the key "speed" (B<OSSL_CIPHER_PARAM_SPEED>). 1250 1251=item EVP_CTRL_GCM_IV_GEN 1252 1253When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_get_params() gets called 1254with an L<OSSL_PARAM(3)> item with the key 1255"tlsivgen" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN>). 1256 1257=item EVP_CTRL_AEAD_TLS1_AAD 1258 1259When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() get called 1260with an L<OSSL_PARAM(3)> item with the key 1261"tlsaad" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD>) 1262followed by EVP_CIPHER_CTX_get_params() with a key of 1263"tlsaadpad" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD>). 1264 1265=item EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE 1266 1267When used with a fetched B<EVP_CIPHER>, 1268EVP_CIPHER_CTX_set_params() gets called with an L<OSSL_PARAM(3)> item with the 1269key OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT 1270followed by EVP_CIPHER_CTX_get_params() with a key of 1271"tls1multi_maxbufsz" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE>). 1272 1273=item EVP_CTRL_TLS1_1_MULTIBLOCK_AAD 1274 1275When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called 1276with L<OSSL_PARAM(3)> items with the keys 1277"tls1multi_aad" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD>) and 1278"tls1multi_interleave" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE>) 1279followed by EVP_CIPHER_CTX_get_params() with keys of 1280"tls1multi_aadpacklen" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN>) and 1281"tls1multi_interleave" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE>). 1282 1283=item EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT 1284 1285When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() gets called 1286with L<OSSL_PARAM(3)> items with the keys 1287"tls1multi_enc" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC>), 1288"tls1multi_encin" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN>) and 1289"tls1multi_interleave" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE>), 1290followed by EVP_CIPHER_CTX_get_params() with a key of 1291"tls1multi_enclen" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN>). 1292 1293=back 1294 1295=head1 FLAGS 1296 1297EVP_CIPHER_CTX_set_flags(), EVP_CIPHER_CTX_clear_flags() and EVP_CIPHER_CTX_test_flags(). 1298can be used to manipulate and test these B<EVP_CIPHER_CTX> flags: 1299 1300=over 4 1301 1302=item EVP_CIPH_NO_PADDING 1303 1304Used by EVP_CIPHER_CTX_set_padding(). 1305 1306See also L</Gettable and Settable EVP_CIPHER_CTX parameters> "padding" 1307 1308=item EVP_CIPH_FLAG_LENGTH_BITS 1309 1310See L</Settable EVP_CIPHER_CTX parameters> "use-bits". 1311 1312=item EVP_CIPHER_CTX_FLAG_WRAP_ALLOW 1313 1314Used for Legacy purposes only. This flag needed to be set to indicate the 1315cipher handled wrapping. 1316 1317=back 1318 1319EVP_CIPHER_flags() uses the following flags that 1320have mappings to L</Gettable EVP_CIPHER parameters>: 1321 1322=over 4 1323 1324=item EVP_CIPH_FLAG_AEAD_CIPHER 1325 1326See L</Gettable EVP_CIPHER parameters> "aead". 1327 1328=item EVP_CIPH_CUSTOM_IV 1329 1330See L</Gettable EVP_CIPHER parameters> "custom-iv". 1331 1332=item EVP_CIPH_FLAG_CTS 1333 1334See L</Gettable EVP_CIPHER parameters> "cts". 1335 1336=item EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK; 1337 1338See L</Gettable EVP_CIPHER parameters> "tls-multi". 1339 1340=item EVP_CIPH_RAND_KEY 1341 1342See L</Gettable EVP_CIPHER parameters> "has-randkey". 1343 1344=back 1345 1346EVP_CIPHER_flags() uses the following flags for legacy purposes only: 1347 1348=over 4 1349 1350=item EVP_CIPH_VARIABLE_LENGTH 1351 1352=item EVP_CIPH_FLAG_CUSTOM_CIPHER 1353 1354=item EVP_CIPH_ALWAYS_CALL_INIT 1355 1356=item EVP_CIPH_CTRL_INIT 1357 1358=item EVP_CIPH_CUSTOM_KEY_LENGTH 1359 1360=item EVP_CIPH_CUSTOM_COPY 1361 1362=item EVP_CIPH_FLAG_DEFAULT_ASN1 1363 1364See L<EVP_CIPHER_meth_set_flags(3)> for further information related to the above 1365flags. 1366 1367=back 1368 1369=head1 RETURN VALUES 1370 1371EVP_CIPHER_fetch() returns a pointer to a B<EVP_CIPHER> for success 1372and NULL for failure. 1373 1374EVP_CIPHER_up_ref() returns 1 for success or 0 otherwise. 1375 1376EVP_CIPHER_CTX_new() returns a pointer to a newly created 1377B<EVP_CIPHER_CTX> for success and NULL for failure. 1378 1379EVP_CIPHER_CTX_dup() returns a new EVP_CIPHER_CTX if successful or NULL on failure. 1380 1381EVP_CIPHER_CTX_copy() returns 1 if successful or 0 for failure. 1382 1383EVP_EncryptInit_ex2(), EVP_EncryptUpdate() and EVP_EncryptFinal_ex() 1384return 1 for success and 0 for failure. 1385 1386EVP_DecryptInit_ex2() and EVP_DecryptUpdate() return 1 for success and 0 for failure. 1387EVP_DecryptFinal_ex() returns 0 if the decrypt failed or 1 for success. 1388 1389EVP_CipherInit_ex2(), EVP_CipherInit_SKEY() and EVP_CipherUpdate() return 1 for 1390success and 0 for failure. 1391EVP_CipherFinal_ex() returns 0 for an encryption/decryption failure or 1 for 1392success. 1393 1394EVP_Cipher() returns 1 on success and <= 0 on failure, if the flag 1395B<EVP_CIPH_FLAG_CUSTOM_CIPHER> is not set for the cipher, or if the cipher has 1396not been initialized via a call to B<EVP_CipherInit_ex2>. 1397EVP_Cipher() returns the number of bytes written to I<out> for 1398encryption/decryption, or the number of bytes authenticated in a call specifying 1399AAD for an AEAD cipher, if the flag B<EVP_CIPH_FLAG_CUSTOM_CIPHER> is set for 1400the cipher. 1401 1402EVP_CIPHER_can_pipeline() returns 1 if the cipher can be used in a pipeline, 0 otherwise. 1403 1404EVP_CipherPipelineEncryptInit() and EVP_CipherPipelineDecryptInit() 1405return 1 for success and 0 for failure. 1406 1407EVP_CipherPipelineUpdate() and EVP_CipherPipelineFinal() 1408return 1 for success and 0 for failure. 1409 1410EVP_CIPHER_CTX_reset() returns 1 for success and 0 for failure. 1411 1412EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj() 1413return an B<EVP_CIPHER> structure or NULL on error. 1414 1415EVP_CIPHER_get_nid() and EVP_CIPHER_CTX_get_nid() return a NID. 1416 1417EVP_CIPHER_get_block_size() and EVP_CIPHER_CTX_get_block_size() return the 1418block size, or 0 on error. 1419 1420EVP_CIPHER_get_key_length() and EVP_CIPHER_CTX_get_key_length() return the key 1421length. 1422 1423EVP_CIPHER_CTX_set_padding() always returns 1. 1424 1425EVP_CIPHER_get_iv_length() and EVP_CIPHER_CTX_get_iv_length() return the IV 1426length, zero if the cipher does not use an IV and a negative value on error. 1427 1428EVP_CIPHER_CTX_get_tag_length() return the tag length or zero if the cipher 1429does not use a tag. 1430 1431EVP_CIPHER_get_type() and EVP_CIPHER_CTX_get_type() return the NID of the 1432cipher's OBJECT IDENTIFIER or NID_undef if it has no defined 1433OBJECT IDENTIFIER. 1434 1435EVP_CIPHER_CTX_cipher() returns an B<EVP_CIPHER> structure. 1436 1437EVP_CIPHER_CTX_get_num() returns a nonnegative num value or 1438B<EVP_CTRL_RET_UNSUPPORTED> if the implementation does not support the call 1439or on any other error. 1440 1441EVP_CIPHER_CTX_set_num() returns 1 on success and 0 if the implementation 1442does not support the call or on any other error. 1443 1444EVP_CIPHER_CTX_is_encrypting() returns 1 if the I<ctx> is set up for encryption 14450 otherwise. 1446 1447EVP_CIPHER_param_to_asn1() and EVP_CIPHER_asn1_to_param() return greater 1448than zero for success and zero or a negative number on failure. 1449 1450EVP_CIPHER_CTX_rand_key() returns 1 for success and zero or a negative number 1451for failure. 1452 1453EVP_CIPHER_names_do_all() returns 1 if the callback was called for all names. 1454A return value of 0 means that the callback was not called for any names. 1455 1456=head1 CIPHER LISTING 1457 1458All algorithms have a fixed key length unless otherwise stated. 1459 1460Refer to L</SEE ALSO> for the full list of ciphers available through the EVP 1461interface. 1462 1463=over 4 1464 1465=item EVP_enc_null() 1466 1467Null cipher: does nothing. 1468 1469=back 1470 1471=head1 AEAD INTERFACE 1472 1473The EVP interface for Authenticated Encryption with Associated Data (AEAD) 1474modes are subtly altered and several additional I<ctrl> operations are supported 1475depending on the mode specified. 1476 1477To specify additional authenticated data (AAD), a call to EVP_CipherUpdate(), 1478EVP_EncryptUpdate() or EVP_DecryptUpdate() should be made with the output 1479parameter I<out> set to NULL. In this case, on success, the parameter 1480I<outl> is set to the number of bytes authenticated. 1481 1482When decrypting, the return value of EVP_DecryptFinal() or EVP_CipherFinal() 1483indicates whether the operation was successful. If it does not indicate success, 1484the authentication operation has failed and any output data B<MUST NOT> be used 1485as it is corrupted. 1486 1487Please note that the number of authenticated bytes returned by 1488EVP_CipherUpdate() depends on the cipher used. Stream ciphers, such as ChaCha20 1489or ciphers in GCM mode, can handle 1 byte at a time, resulting in an effective 1490"block" size of 1. Conversely, ciphers in OCB mode must process data one block 1491at a time, and the block size is returned. 1492 1493Regardless of the returned size, it is safe to pass unpadded data to an 1494EVP_CipherUpdate() call in a single operation. 1495 1496=head2 GCM and OCB Modes 1497 1498The following I<ctrl>s are supported in GCM and OCB modes. 1499 1500=over 4 1501 1502=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL) 1503 1504Sets the IV length. This call can only be made before specifying an IV. If 1505not called a default IV length is used. 1506 1507For GCM AES and OCB AES the default is 12 (i.e. 96 bits). For OCB mode the 1508maximum is 15. 1509 1510=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag) 1511 1512Writes C<taglen> bytes of the tag value to the buffer indicated by C<tag>. 1513This call can only be made when encrypting data and B<after> all data has been 1514processed (e.g. after an EVP_EncryptFinal() call). 1515 1516For OCB, C<taglen> must either be 16 or the value previously set via 1517B<EVP_CTRL_AEAD_SET_TAG>. 1518 1519=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag) 1520 1521When decrypting, this call sets the expected tag to C<taglen> bytes from C<tag>. 1522C<taglen> must be between 1 and 16 inclusive. 1523The tag must be set prior to any call to EVP_DecryptFinal() or 1524EVP_DecryptFinal_ex(). 1525 1526For GCM, this call is only valid when decrypting data. 1527 1528For OCB, this call is valid when decrypting data to set the expected tag, 1529and when encrypting to set the desired tag length. 1530 1531In OCB mode, calling this with C<tag> set to C<NULL> sets the tag length. 1532The tag length can only be set before specifying an IV. If this is not called 1533prior to setting the IV, then a default tag length is used. 1534 1535For OCB AES, the default tag length is 16 (i.e. 128 bits). It is also the 1536maximum tag length for OCB. 1537 1538=back 1539 1540=head2 CCM Mode 1541 1542The EVP interface for CCM mode is similar to that of the GCM mode but with a 1543few additional requirements and different I<ctrl> values. 1544 1545For CCM mode, the total plaintext or ciphertext length B<MUST> be passed to 1546EVP_CipherUpdate(), EVP_EncryptUpdate() or EVP_DecryptUpdate() with the output 1547and input parameters (I<in> and I<out>) set to NULL and the length passed in 1548the I<inl> parameter. 1549 1550The following I<ctrl>s are supported in CCM mode. 1551 1552=over 4 1553 1554=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag) 1555 1556This call is made to set the expected B<CCM> tag value when decrypting or 1557the length of the tag (with the C<tag> parameter set to NULL) when encrypting. 1558The tag length is often referred to as B<M>. If not set a default value is 1559used (12 for AES). When decrypting, the tag needs to be set before passing 1560in data to be decrypted, but as in GCM and OCB mode, it can be set after 1561passing additional authenticated data (see L</AEAD INTERFACE>). 1562 1563=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_L, ivlen, NULL) 1564 1565Sets the CCM B<L> value. If not set a default is used (8 for AES). 1566 1567=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL) 1568 1569Sets the CCM nonce (IV) length. This call can only be made before specifying a 1570nonce value. The nonce length is given by B<15 - L> so it is 7 by default for 1571AES. 1572 1573=back 1574 1575=head2 SIV Mode 1576 1577Both the AES-SIV and AES-GCM-SIV ciphers fall under this mode. 1578 1579For SIV mode ciphers the behaviour of the EVP interface is subtly 1580altered and several additional ctrl operations are supported. 1581 1582To specify any additional authenticated data (AAD) and/or a Nonce, a call to 1583EVP_CipherUpdate(), EVP_EncryptUpdate() or EVP_DecryptUpdate() should be made 1584with the output parameter I<out> set to NULL. 1585 1586RFC5297 states that the Nonce is the last piece of AAD before the actual 1587encrypt/decrypt takes place. The API does not differentiate the Nonce from 1588other AAD. 1589 1590When decrypting the return value of EVP_DecryptFinal() or EVP_CipherFinal() 1591indicates if the operation was successful. If it does not indicate success 1592the authentication operation has failed and any output data B<MUST NOT> 1593be used as it is corrupted. 1594 1595The API does not store the SIV (Synthetic Initialization Vector) in 1596the cipher text. Instead, it is stored as the tag within the EVP_CIPHER_CTX. 1597The SIV must be retrieved from the context after encryption, and set into 1598the context before decryption. 1599 1600This differs from RFC5297 in that the cipher output from encryption, and 1601the cipher input to decryption, does not contain the SIV. This also means 1602that the plain text and cipher text lengths are identical. 1603 1604The following ctrls are supported in SIV mode, and are used to get and set 1605the Synthetic Initialization Vector: 1606 1607=over 4 1608 1609=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag); 1610 1611Writes I<taglen> bytes of the tag value (the Synthetic Initialization Vector) 1612to the buffer indicated by I<tag>. This call can only be made when encrypting 1613data and B<after> all data has been processed (e.g. after an EVP_EncryptFinal() 1614call). For SIV mode the taglen must be 16. 1615 1616=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag); 1617 1618Sets the expected tag (the Synthetic Initialization Vector) to I<taglen> 1619bytes from I<tag>. This call is only legal when decrypting data and must be 1620made B<before> any data is processed (e.g. before any EVP_DecryptUpdate() 1621calls). For SIV mode the taglen must be 16. 1622 1623=back 1624 1625SIV mode makes two passes over the input data, thus, only one call to 1626EVP_CipherUpdate(), EVP_EncryptUpdate() or EVP_DecryptUpdate() should be made 1627with I<out> set to a non-NULL value. A call to EVP_DecryptFinal() or 1628EVP_CipherFinal() is not required, but will indicate if the update 1629operation succeeded. 1630 1631=head2 ChaCha20-Poly1305 1632 1633The following I<ctrl>s are supported for the ChaCha20-Poly1305 AEAD algorithm. 1634 1635=over 4 1636 1637=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL) 1638 1639Sets the nonce length. This call is now redundant since the only valid value 1640is the default length of 12 (i.e. 96 bits). 1641Prior to OpenSSL 3.0 a nonce of less than 12 bytes could be used to automatically 1642pad the iv with leading 0 bytes to make it 12 bytes in length. 1643 1644=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag) 1645 1646Writes C<taglen> bytes of the tag value to the buffer indicated by C<tag>. 1647This call can only be made when encrypting data and B<after> all data has been 1648processed (e.g. after an EVP_EncryptFinal() call). 1649 1650C<taglen> specified here must be 16 (B<POLY1305_BLOCK_SIZE>, i.e. 128-bits) or 1651less. 1652 1653=item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag) 1654 1655Sets the expected tag to C<taglen> bytes from C<tag>. 1656The tag length can only be set before specifying an IV. 1657C<taglen> must be between 1 and 16 (B<POLY1305_BLOCK_SIZE>) inclusive. 1658This call is only valid when decrypting data. 1659 1660=back 1661 1662=head1 NOTES 1663 1664Where possible the B<EVP> interface to symmetric ciphers should be used in 1665preference to the low-level interfaces. This is because the code then becomes 1666transparent to the cipher used and much more flexible. Additionally, the 1667B<EVP> interface will ensure the use of platform specific cryptographic 1668acceleration such as AES-NI (the low-level interfaces do not provide the 1669guarantee). 1670 1671PKCS padding works by adding B<n> padding bytes of value B<n> to make the total 1672length of the encrypted data a multiple of the block size. Padding is always 1673added so if the data is already a multiple of the block size B<n> will equal 1674the block size. For example if the block size is 8 and 11 bytes are to be 1675encrypted then 5 padding bytes of value 5 will be added. 1676 1677When decrypting the final block is checked to see if it has the correct form. 1678 1679Although the decryption operation can produce an error if padding is enabled, 1680it is not a strong test that the input data or key is correct. A random block 1681has better than 1 in 256 chance of being of the correct format and problems with 1682the input data earlier on will not produce a final decrypt error. 1683 1684If padding is disabled then the decryption operation will always succeed if 1685the total amount of data decrypted is a multiple of the block size. 1686 1687The functions EVP_EncryptInit(), EVP_EncryptInit_ex(), 1688EVP_EncryptFinal(), EVP_DecryptInit(), EVP_DecryptInit_ex(), 1689EVP_CipherInit(), EVP_CipherInit_ex() and EVP_CipherFinal() are obsolete 1690but are retained for compatibility with existing code. New code should 1691use EVP_EncryptInit_ex2(), EVP_EncryptFinal_ex(), EVP_DecryptInit_ex2(), 1692EVP_DecryptFinal_ex(), EVP_CipherInit_ex2() and EVP_CipherFinal_ex() 1693because they can reuse an existing context without allocating and freeing 1694it up on each call. 1695 1696There are some differences between functions EVP_CipherInit() and 1697EVP_CipherInit_ex(), significant in some circumstances. EVP_CipherInit() fills 1698the passed context object with zeros. As a consequence, EVP_CipherInit() does 1699not allow step-by-step initialization of the ctx when the I<key> and I<iv> are 1700passed in separate calls. It also means that the flags set for the CTX are 1701removed, and it is especially important for the 1702B<EVP_CIPHER_CTX_FLAG_WRAP_ALLOW> flag treated specially in 1703EVP_CipherInit_ex(). 1704 1705Ignoring failure returns of the B<EVP_CIPHER_CTX> initialization functions can 1706lead to subsequent undefined behavior when calling the functions that update or 1707finalize the context. The only valid calls on the B<EVP_CIPHER_CTX> when 1708initialization fails are calls that attempt another initialization of the 1709context or release the context. 1710 1711EVP_get_cipherbynid(), and EVP_get_cipherbyobj() are implemented as macros. 1712 1713=head1 BUGS 1714 1715B<EVP_MAX_KEY_LENGTH> and B<EVP_MAX_IV_LENGTH> only refer to the internal 1716ciphers with default key lengths. If custom ciphers exceed these values the 1717results are unpredictable. This is because it has become standard practice to 1718define a generic key as a fixed unsigned char array containing 1719B<EVP_MAX_KEY_LENGTH> bytes. 1720 1721The ASN1 code is incomplete (and sometimes inaccurate) it has only been tested 1722for certain common S/MIME ciphers (RC2, DES, triple DES) in CBC mode. 1723 1724=head1 EXAMPLES 1725 1726Encrypt a string using IDEA: 1727 1728 int do_crypt(char *outfile) 1729 { 1730 unsigned char outbuf[1024]; 1731 int outlen, tmplen; 1732 /* 1733 * Bogus key and IV: we'd normally set these from 1734 * another source. 1735 */ 1736 unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}; 1737 unsigned char iv[] = {1,2,3,4,5,6,7,8}; 1738 char intext[] = "Some Crypto Text"; 1739 EVP_CIPHER_CTX *ctx; 1740 FILE *out; 1741 1742 ctx = EVP_CIPHER_CTX_new(); 1743 if (!EVP_EncryptInit_ex2(ctx, EVP_idea_cbc(), key, iv, NULL)) { 1744 /* Error */ 1745 EVP_CIPHER_CTX_free(ctx); 1746 return 0; 1747 } 1748 1749 if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, intext, strlen(intext))) { 1750 /* Error */ 1751 EVP_CIPHER_CTX_free(ctx); 1752 return 0; 1753 } 1754 /* 1755 * Buffer passed to EVP_EncryptFinal() must be after data just 1756 * encrypted to avoid overwriting it. 1757 */ 1758 if (!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen)) { 1759 /* Error */ 1760 EVP_CIPHER_CTX_free(ctx); 1761 return 0; 1762 } 1763 outlen += tmplen; 1764 EVP_CIPHER_CTX_free(ctx); 1765 /* 1766 * Need binary mode for fopen because encrypted data is 1767 * binary data. Also cannot use strlen() on it because 1768 * it won't be NUL terminated and may contain embedded 1769 * NULs. 1770 */ 1771 out = fopen(outfile, "wb"); 1772 if (out == NULL) { 1773 /* Error */ 1774 return 0; 1775 } 1776 fwrite(outbuf, 1, outlen, out); 1777 fclose(out); 1778 return 1; 1779 } 1780 1781The ciphertext from the above example can be decrypted using the B<openssl> 1782utility with the command line (shown on two lines for clarity): 1783 1784 openssl idea -d \ 1785 -K 000102030405060708090A0B0C0D0E0F -iv 0102030405060708 <filename 1786 1787General encryption and decryption function example using FILE I/O and AES128 1788with a 128-bit key: 1789 1790 int do_crypt(FILE *in, FILE *out, int do_encrypt) 1791 { 1792 /* Allow enough space in output buffer for additional block */ 1793 unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH]; 1794 int inlen, outlen; 1795 EVP_CIPHER_CTX *ctx; 1796 /* 1797 * Bogus key and IV: we'd normally set these from 1798 * another source. 1799 */ 1800 unsigned char key[] = "0123456789abcdeF"; 1801 unsigned char iv[] = "1234567887654321"; 1802 1803 /* Don't set key or IV right away; we want to check lengths */ 1804 ctx = EVP_CIPHER_CTX_new(); 1805 if (!EVP_CipherInit_ex2(ctx, EVP_aes_128_cbc(), NULL, NULL, 1806 do_encrypt, NULL)) { 1807 /* Error */ 1808 EVP_CIPHER_CTX_free(ctx); 1809 return 0; 1810 } 1811 OPENSSL_assert(EVP_CIPHER_CTX_get_key_length(ctx) == 16); 1812 OPENSSL_assert(EVP_CIPHER_CTX_get_iv_length(ctx) == 16); 1813 1814 /* Now we can set key and IV */ 1815 if (!EVP_CipherInit_ex2(ctx, NULL, key, iv, do_encrypt, NULL)) { 1816 /* Error */ 1817 EVP_CIPHER_CTX_free(ctx); 1818 return 0; 1819 } 1820 1821 for (;;) { 1822 inlen = fread(inbuf, 1, 1024, in); 1823 if (inlen <= 0) 1824 break; 1825 if (!EVP_CipherUpdate(ctx, outbuf, &outlen, inbuf, inlen)) { 1826 /* Error */ 1827 EVP_CIPHER_CTX_free(ctx); 1828 return 0; 1829 } 1830 fwrite(outbuf, 1, outlen, out); 1831 } 1832 if (!EVP_CipherFinal_ex(ctx, outbuf, &outlen)) { 1833 /* Error */ 1834 EVP_CIPHER_CTX_free(ctx); 1835 return 0; 1836 } 1837 fwrite(outbuf, 1, outlen, out); 1838 1839 EVP_CIPHER_CTX_free(ctx); 1840 return 1; 1841 } 1842 1843Encryption using AES-CBC with a 256-bit key with "CS1" ciphertext stealing. 1844 1845 int encrypt(const unsigned char *key, const unsigned char *iv, 1846 const unsigned char *msg, size_t msg_len, unsigned char *out) 1847 { 1848 /* 1849 * This assumes that key size is 32 bytes and the iv is 16 bytes. 1850 * For ciphertext stealing mode the length of the ciphertext "out" will be 1851 * the same size as the plaintext size "msg_len". 1852 * The "msg_len" can be any size >= 16. 1853 */ 1854 int ret = 0, encrypt = 1, outlen, len; 1855 EVP_CIPHER_CTX *ctx = NULL; 1856 EVP_CIPHER *cipher = NULL; 1857 OSSL_PARAM params[2]; 1858 1859 ctx = EVP_CIPHER_CTX_new(); 1860 cipher = EVP_CIPHER_fetch(NULL, "AES-256-CBC-CTS", NULL); 1861 if (ctx == NULL || cipher == NULL) 1862 goto err; 1863 1864 /* 1865 * The default is "CS1" so this is not really needed, 1866 * but would be needed to set either "CS2" or "CS3". 1867 */ 1868 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_CIPHER_PARAM_CTS_MODE, 1869 "CS1", 0); 1870 params[1] = OSSL_PARAM_construct_end(); 1871 1872 if (!EVP_CipherInit_ex2(ctx, cipher, key, iv, encrypt, params)) 1873 goto err; 1874 1875 /* NOTE: CTS mode does not support multiple calls to EVP_CipherUpdate() */ 1876 if (!EVP_CipherUpdate(ctx, out, &outlen, msg, msg_len)) 1877 goto err; 1878 if (!EVP_CipherFinal_ex(ctx, out + outlen, &len)) 1879 goto err; 1880 ret = 1; 1881 err: 1882 EVP_CIPHER_free(cipher); 1883 EVP_CIPHER_CTX_free(ctx); 1884 return ret; 1885 } 1886 1887=head1 SEE ALSO 1888 1889L<evp(7)>, 1890L<property(7)>, 1891L<crypto(7)/ALGORITHM FETCHING>, 1892L<provider-cipher(7)>, 1893L<life_cycle-cipher(7)> 1894 1895Supported ciphers are listed in: 1896 1897L<EVP_aes_128_gcm(3)>, 1898L<EVP_aria_128_gcm(3)>, 1899L<EVP_bf_cbc(3)>, 1900L<EVP_camellia_128_ecb(3)>, 1901L<EVP_cast5_cbc(3)>, 1902L<EVP_chacha20(3)>, 1903L<EVP_des_cbc(3)>, 1904L<EVP_desx_cbc(3)>, 1905L<EVP_idea_cbc(3)>, 1906L<EVP_rc2_cbc(3)>, 1907L<EVP_rc4(3)>, 1908L<EVP_rc5_32_12_16_cbc(3)>, 1909L<EVP_seed_cbc(3)>, 1910L<EVP_sm4_cbc(3)>, 1911 1912=head1 HISTORY 1913 1914Support for OCB mode was added in OpenSSL 1.1.0. 1915 1916B<EVP_CIPHER_CTX> was made opaque in OpenSSL 1.1.0. As a result, 1917EVP_CIPHER_CTX_reset() appeared and EVP_CIPHER_CTX_cleanup() 1918disappeared. EVP_CIPHER_CTX_init() remains as an alias for 1919EVP_CIPHER_CTX_reset(). 1920 1921The EVP_CIPHER_CTX_cipher() function was deprecated in OpenSSL 3.0; use 1922EVP_CIPHER_CTX_get0_cipher() instead. 1923 1924The EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2(), EVP_CipherInit_ex2(), 1925EVP_CIPHER_fetch(), EVP_CIPHER_free(), EVP_CIPHER_up_ref(), 1926EVP_CIPHER_CTX_get0_cipher(), EVP_CIPHER_CTX_get1_cipher(), 1927EVP_CIPHER_get_params(), EVP_CIPHER_CTX_set_params(), 1928EVP_CIPHER_CTX_get_params(), EVP_CIPHER_gettable_params(), 1929EVP_CIPHER_settable_ctx_params(), EVP_CIPHER_gettable_ctx_params(), 1930EVP_CIPHER_CTX_settable_params() and EVP_CIPHER_CTX_gettable_params() 1931functions were added in 3.0. 1932 1933The EVP_CIPHER_nid(), EVP_CIPHER_name(), EVP_CIPHER_block_size(), 1934EVP_CIPHER_key_length(), EVP_CIPHER_iv_length(), EVP_CIPHER_flags(), 1935EVP_CIPHER_mode(), EVP_CIPHER_type(), EVP_CIPHER_CTX_nid(), 1936EVP_CIPHER_CTX_block_size(), EVP_CIPHER_CTX_key_length(), 1937EVP_CIPHER_CTX_iv_length(), EVP_CIPHER_CTX_tag_length(), 1938EVP_CIPHER_CTX_num(), EVP_CIPHER_CTX_type(), and EVP_CIPHER_CTX_mode() 1939functions were renamed to include C<get> or C<get0> in their names in 1940OpenSSL 3.0, respectively. The old names are kept as non-deprecated 1941alias macros. 1942 1943The EVP_CIPHER_CTX_encrypting() function was renamed to 1944EVP_CIPHER_CTX_is_encrypting() in OpenSSL 3.0. The old name is kept as 1945non-deprecated alias macro. 1946 1947The EVP_CIPHER_CTX_flags() macro was deprecated in OpenSSL 1.1.0. 1948 1949EVP_CIPHER_CTX_dup() was added in OpenSSL 3.2. 1950 1951EVP_CipherInit_SKEY() was added in OpenSSL 3.5. 1952 1953Prior to OpenSSL 3.5, passing a NULL I<ctx> to 1954B<EVP_CIPHER_CTX_get_block_size()> would result in a NULL pointer dereference, 1955rather than a 0 return value indicating an error. 1956 1957=head1 COPYRIGHT 1958 1959Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved. 1960 1961Licensed under the Apache License 2.0 (the "License"). You may not use 1962this file except in compliance with the License. You can obtain a copy 1963in the file LICENSE in the source distribution or at 1964L<https://www.openssl.org/source/license.html>. 1965 1966=cut 1967