summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorschwarze <>2016-11-26 20:26:25 +0000
committerschwarze <>2016-11-26 20:26:25 +0000
commit69bfe96157164698151caecc648932f8a838f130 (patch)
tree7d2d01d5b7a4751cb43f20fb940f56a2096cf4ed
parenta7748ec40ce8f1448ce107de1bcefb285eab9a5f (diff)
downloadopenbsd-69bfe96157164698151caecc648932f8a838f130.tar.gz
openbsd-69bfe96157164698151caecc648932f8a838f130.tar.bz2
openbsd-69bfe96157164698151caecc648932f8a838f130.zip
Add Copyright and license.
Merge from OpenSSL: Document EVP_CIPHER_CTX_new(3), EVP_CIPHER_CTX_free(3), EVP_chacha20(3). Drop duplicate .Nm EVP_idea_cbc. Add some missing EVP_aes_*() function names in the NAME section. In the SYNOPSIS, list prototypes, not #defines. Some typo fixes, some additional information, some wording improvements. In the CIPHER LISTING, drop the useless "void" arguments. Document GCM and CCM. Drop some prehistoric EXAMPLES that OpenSSL deleted as well. While here, mention that EVP_CIPHER_CTX_free(3) accepts NULL. Also move some text from RETURN VALUES to DESCRIPTION.
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/man/EVP_EncryptInit.3533
1 files changed, 390 insertions, 143 deletions
diff --git a/src/lib/libcrypto/man/EVP_EncryptInit.3 b/src/lib/libcrypto/man/EVP_EncryptInit.3
index 3757bfc815..1a7fe40a66 100644
--- a/src/lib/libcrypto/man/EVP_EncryptInit.3
+++ b/src/lib/libcrypto/man/EVP_EncryptInit.3
@@ -1,10 +1,61 @@
1.\" $OpenBSD: EVP_EncryptInit.3,v 1.3 2016/11/21 22:19:15 jmc Exp $ 1.\" $OpenBSD: EVP_EncryptInit.3,v 1.4 2016/11/26 20:26:25 schwarze Exp $
2.\" OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800
2.\" 3.\"
3.Dd $Mdocdate: November 21 2016 $ 4.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
5.\" Copyright (c) 2000-2002, 2005, 2012-2016 The OpenSSL Project.
6.\" All rights reserved.
7.\"
8.\" Redistribution and use in source and binary forms, with or without
9.\" modification, are permitted provided that the following conditions
10.\" are met:
11.\"
12.\" 1. Redistributions of source code must retain the above copyright
13.\" notice, this list of conditions and the following disclaimer.
14.\"
15.\" 2. Redistributions in binary form must reproduce the above copyright
16.\" notice, this list of conditions and the following disclaimer in
17.\" the documentation and/or other materials provided with the
18.\" distribution.
19.\"
20.\" 3. All advertising materials mentioning features or use of this
21.\" software must display the following acknowledgment:
22.\" "This product includes software developed by the OpenSSL Project
23.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
24.\"
25.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26.\" endorse or promote products derived from this software without
27.\" prior written permission. For written permission, please contact
28.\" openssl-core@openssl.org.
29.\"
30.\" 5. Products derived from this software may not be called "OpenSSL"
31.\" nor may "OpenSSL" appear in their names without prior written
32.\" permission of the OpenSSL Project.
33.\"
34.\" 6. Redistributions of any form whatsoever must retain the following
35.\" acknowledgment:
36.\" "This product includes software developed by the OpenSSL Project
37.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
38.\"
39.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50.\" OF THE POSSIBILITY OF SUCH DAMAGE.
51.\"
52.Dd $Mdocdate: November 26 2016 $
4.Dt EVP_ENCRYPTINIT 3 53.Dt EVP_ENCRYPTINIT 3
5.Os 54.Os
6.Sh NAME 55.Sh NAME
56.Nm EVP_CIPHER_CTX_new ,
7.Nm EVP_CIPHER_CTX_init , 57.Nm EVP_CIPHER_CTX_init ,
58.Nm EVP_CIPHER_CTX_free ,
8.Nm EVP_EncryptInit_ex , 59.Nm EVP_EncryptInit_ex ,
9.Nm EVP_EncryptUpdate , 60.Nm EVP_EncryptUpdate ,
10.Nm EVP_EncryptFinal_ex , 61.Nm EVP_EncryptFinal_ex ,
@@ -66,7 +117,6 @@
66.Nm EVP_idea_ecb , 117.Nm EVP_idea_ecb ,
67.Nm EVP_idea_cfb , 118.Nm EVP_idea_cfb ,
68.Nm EVP_idea_ofb , 119.Nm EVP_idea_ofb ,
69.Nm EVP_idea_cbc ,
70.Nm EVP_rc2_cbc , 120.Nm EVP_rc2_cbc ,
71.Nm EVP_rc2_ecb , 121.Nm EVP_rc2_ecb ,
72.Nm EVP_rc2_cfb , 122.Nm EVP_rc2_cfb ,
@@ -81,6 +131,18 @@
81.Nm EVP_cast5_ecb , 131.Nm EVP_cast5_ecb ,
82.Nm EVP_cast5_cfb , 132.Nm EVP_cast5_cfb ,
83.Nm EVP_cast5_ofb , 133.Nm EVP_cast5_ofb ,
134.Nm EVP_aes_128_cbc ,
135.Nm EVP_aes_128_ecb ,
136.Nm EVP_aes_128_cfb ,
137.Nm EVP_aes_128_ofb ,
138.Nm EVP_aes_192_cbc ,
139.Nm EVP_aes_192_ecb ,
140.Nm EVP_aes_192_cfb ,
141.Nm EVP_aes_192_ofb ,
142.Nm EVP_aes_256_cbc ,
143.Nm EVP_aes_256_ecb ,
144.Nm EVP_aes_256_cfb ,
145.Nm EVP_aes_256_ofb ,
84.Nm EVP_aes_128_gcm , 146.Nm EVP_aes_128_gcm ,
85.Nm EVP_aes_192_gcm , 147.Nm EVP_aes_192_gcm ,
86.Nm EVP_aes_256_gcm , 148.Nm EVP_aes_256_gcm ,
@@ -90,14 +152,21 @@
90.Nm EVP_rc5_32_12_16_cbc , 152.Nm EVP_rc5_32_12_16_cbc ,
91.Nm EVP_rc5_32_12_16_cfb , 153.Nm EVP_rc5_32_12_16_cfb ,
92.Nm EVP_rc5_32_12_16_ecb , 154.Nm EVP_rc5_32_12_16_ecb ,
93.Nm EVP_rc5_32_12_16_ofb 155.Nm EVP_rc5_32_12_16_ofb ,
156.Nm EVP_chacha20
94.Nd EVP cipher routines 157.Nd EVP cipher routines
95.Sh SYNOPSIS 158.Sh SYNOPSIS
96.In openssl/evp.h 159.In openssl/evp.h
160.Ft EVP_CIPHER_CTX *
161.Fn EVP_CIPHER_CTX_new void
97.Ft void 162.Ft void
98.Fo EVP_CIPHER_CTX_init 163.Fo EVP_CIPHER_CTX_init
99.Fa "EVP_CIPHER_CTX *ctx" 164.Fa "EVP_CIPHER_CTX *ctx"
100.Fc 165.Fc
166.Ft void
167.Fo EVP_CIPHER_CTX_free
168.Fa "EVP_CIPHER_CTX *ctx"
169.Fc
101.Ft int 170.Ft int
102.Fo EVP_EncryptInit_ex 171.Fo EVP_EncryptInit_ex
103.Fa "EVP_CIPHER_CTX *ctx" 172.Fa "EVP_CIPHER_CTX *ctx"
@@ -230,28 +299,83 @@
230.Fo EVP_get_cipherbyname 299.Fo EVP_get_cipherbyname
231.Fa "const char *name" 300.Fa "const char *name"
232.Fc 301.Fc
233.Fd #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) 302.Ft const EVP_CIPHER *
234.Fd #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) 303.Fo EVP_get_cipherbynid
235.Fd #define EVP_CIPHER_nid(e) ((e)->nid) 304.Fa "int nid"
236.Fd #define EVP_CIPHER_block_size(e) ((e)->block_size) 305.Fc
237.Fd #define EVP_CIPHER_key_length(e) ((e)->key_len) 306.Ft const EVP_CIPHER *
238.Fd #define EVP_CIPHER_iv_length(e) ((e)->iv_len) 307.Fo EVP_get_cipherbyobj
239.Fd #define EVP_CIPHER_flags(e) ((e)->flags) 308.Fa "const ASN1_OBJECT *a"
240.Fd #define EVP_CIPHER_mode(e) ((e)->flags) & EVP_CIPH_MODE) 309.Fc
310.Ft int
311.Fo EVP_CIPHER_nid
312.Fa "const EVP_CIPHER *e"
313.Fc
314.Ft int
315.Fo EVP_CIPHER_block_size
316.Fa "const EVP_CIPHER *e"
317.Fc
318.Ft int
319.Fo EVP_CIPHER_key_length
320.Fa "const EVP_CIPHER *e"
321.Fc
322.Ft int
323.Fo EVP_CIPHER_iv_length
324.Fa "const EVP_CIPHER *e"
325.Fc
326.Ft unsigned long
327.Fo EVP_CIPHER_flags
328.Fa "const EVP_CIPHER *e"
329.Fc
330.Ft unsigned long
331.Fo EVP_CIPHER_mode
332.Fa "const EVP_CIPHER *e"
333.Fc
241.Ft int 334.Ft int
242.Fo EVP_CIPHER_type 335.Fo EVP_CIPHER_type
243.Fa "const EVP_CIPHER *ctx" 336.Fa "const EVP_CIPHER *ctx"
244.Fc 337.Fc
245.Fd #define EVP_CIPHER_CTX_cipher(e) ((e)->cipher) 338.Ft const EVP_CIPHER *
246.Fd #define EVP_CIPHER_CTX_nid(e) ((e)->cipher->nid) 339.Fo EVP_CIPHER_CTX_cipher
247.Fd #define EVP_CIPHER_CTX_block_size(e) ((e)->cipher->block_size) 340.Fa "const EVP_CIPHER_CTX *ctx"
248.Fd #define EVP_CIPHER_CTX_key_length(e) ((e)->key_len) 341.Fc
249.Fd #define EVP_CIPHER_CTX_iv_length(e) ((e)->cipher->iv_len) 342.Ft int
250.Fd #define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) 343.Fo EVP_CIPHER_CTX_nid
251.Fd #define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d)) 344.Fa "const EVP_CIPHER_CTX *ctx"
252.Fd #define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) 345.Fc
253.Fd #define EVP_CIPHER_CTX_flags(e) ((e)->cipher->flags) 346.Ft int
254.Fd #define EVP_CIPHER_CTX_mode(e) ((e)->cipher->flags & EVP_CIPH_MODE) 347.Fo EVP_CIPHER_CTX_block_size
348.Fa "const EVP_CIPHER_CTX *ctx"
349.Fc
350.Ft int
351.Fo EVP_CIPHER_CTX_key_length
352.Fa "const EVP_CIPHER_CTX *ctx"
353.Fc
354.Ft int
355.Fo EVP_CIPHER_CTX_iv_length
356.Fa "const EVP_CIPHER_CTX *ctx"
357.Fc
358.Ft void *
359.Fo EVP_CIPHER_CTX_get_app_data
360.Fa "const EVP_CIPHER_CTX *ctx"
361.Fc
362.Ft void
363.Fo EVP_CIPHER_CTX_set_app_data
364.Fa "const EVP_CIPHER_CTX *ctx"
365.Fa "void *data"
366.Fc
367.Ft int
368.Fo EVP_CIPHER_CTX_type
369.Fa "const EVP_CIPHER_CTX *ctx"
370.Fc
371.Ft unsigned long
372.Fo EVP_CIPHER_CTX_flags
373.Fa "const EVP_CIPHER_CTX *ctx"
374.Fc
375.Ft unsigned long
376.Fo EVP_CIPHER_CTX_mode
377.Fa "const EVP_CIPHER_CTX *ctx"
378.Fc
255.Ft int 379.Ft int
256.Fo EVP_CIPHER_param_to_asn1 380.Fo EVP_CIPHER_param_to_asn1
257.Fa "EVP_CIPHER_CTX *c" 381.Fa "EVP_CIPHER_CTX *c"
@@ -266,10 +390,26 @@
266The EVP cipher routines are a high level interface to certain symmetric 390The EVP cipher routines are a high level interface to certain symmetric
267ciphers. 391ciphers.
268.Pp 392.Pp
393.Fn EVP_CIPHER_CTX_new
394creates a cipher context.
395.Pp
269.Fn EVP_CIPHER_CTX_init 396.Fn EVP_CIPHER_CTX_init
270initializes the cipher context 397initializes the cipher context
271.Fa ctx . 398.Fa ctx .
272.Pp 399.Pp
400.Fn EVP_CIPHER_CTX_free
401clears all information from a cipher context and frees up any
402allocated memory associate with it, including
403.Fa ctx
404itself.
405This function should be called after all operations using a cipher
406are complete, so sensitive information does not remain in memory.
407If
408.Fa ctx
409is a
410.Dv NULL
411pointer, no action occurs.
412.Pp
273.Fn EVP_EncryptInit_ex 413.Fn EVP_EncryptInit_ex
274sets up the cipher context 414sets up the cipher context
275.Fa ctx 415.Fa ctx
@@ -317,7 +457,7 @@ of data.
317The amount of data written depends on the block alignment of the 457The amount of data written depends on the block alignment of the
318encrypted data: as a result the amount of data written may be anything 458encrypted data: as a result the amount of data written may be anything
319from zero bytes to (inl + cipher_block_size - 1) so 459from zero bytes to (inl + cipher_block_size - 1) so
320.Fa outl 460.Fa out
321should contain sufficient room. 461should contain sufficient room.
322The actual number of bytes written is placed in 462The actual number of bytes written is placed in
323.Fa outl . 463.Fa outl .
@@ -432,10 +572,16 @@ corresponding OBJECT IDENTIFIER.
432.Pp 572.Pp
433.Fn EVP_CIPHER_CTX_set_padding 573.Fn EVP_CIPHER_CTX_set_padding
434enables or disables padding. 574enables or disables padding.
575This function should be called after the context is set up for
576encryption or decryption with
577.Fn EVP_EncryptInit_ex ,
578.Fn EVP_DecryptInit_ex ,
579or
580EVP_CipherInit_ex .
435By default encryption operations are padded using standard block padding 581By default encryption operations are padded using standard block padding
436and the padding is checked and removed when decrypting. 582and the padding is checked and removed when decrypting.
437If the 583If the
438.Sy padding 584.Fa padding
439parameter is zero, then no padding is performed, the total amount of data 585parameter is zero, then no padding is performed, the total amount of data
440encrypted or decrypted must then be a multiple of the block size or an 586encrypted or decrypted must then be a multiple of the block size or an
441error will occur. 587error will occur.
@@ -483,7 +629,7 @@ or
483.Vt EVP_CIPHER_CTX 629.Vt EVP_CIPHER_CTX
484structure. 630structure.
485The constant 631The constant
486.Dv EVP_MAX_IV_LENGTH 632.Dv EVP_MAX_BLOCK_LENGTH
487is also the maximum block length for all ciphers. 633is also the maximum block length for all ciphers.
488.Pp 634.Pp
489.Fn EVP_CIPHER_type 635.Fn EVP_CIPHER_type
@@ -553,7 +699,62 @@ the RC2 effective key length is not supported).
553allows various cipher specific parameters to be determined and set. 699allows various cipher specific parameters to be determined and set.
554Currently only the RC2 effective key length and the number of rounds of 700Currently only the RC2 effective key length and the number of rounds of
555RC5 can be set. 701RC5 can be set.
702.Pp
703Where possible the EVP interface to symmetric ciphers should be
704used in preference to the low level interfaces.
705This is because the code then becomes transparent to the cipher used and
706much more flexible.
707.Pp
708PKCS padding works by adding n padding bytes of value n to make the
709total length of the encrypted data a multiple of the block size.
710Padding is always added so if the data is already a multiple of the
711block size n will equal the block size.
712For example if the block size is 8 and 11 bytes are to be encrypted then
7135 padding bytes of value 5 will be added.
714.Pp
715When decrypting the final block is checked to see if it has the correct
716form.
717.Pp
718Although the decryption operation can produce an error if padding is
719enabled, it is not a strong test that the input data or key is correct.
720A random block has better than 1 in 256 chance of being of the correct
721format and problems with the input data earlier on will not produce a
722final decrypt error.
723.Pp
724If padding is disabled then the decryption operation will always succeed
725if the total amount of data decrypted is a multiple of the block size.
726.Pp
727The functions
728.Fn EVP_EncryptInit ,
729.Fn EVP_EncryptFinal ,
730.Fn EVP_DecryptInit ,
731.Fn EVP_CipherInit ,
732and
733.Fn EVP_CipherFinal
734are obsolete but are retained for compatibility with existing code.
735New code should use
736.Fn EVP_EncryptInit_ex ,
737.Fn EVP_EncryptFinal_ex ,
738.Fn EVP_DecryptInit_ex ,
739.Fn EVP_DecryptFinal_ex ,
740.Fn EVP_CipherInit_ex ,
741and
742.Fn EVP_CipherFinal_ex
743because they can reuse an existing context without allocating and
744freeing it up on each call.
745.Pp
746.Fn EVP_get_cipherbynid
747and
748.Fn EVP_get_cipherbyobj
749are implemented as macros.
556.Sh RETURN VALUES 750.Sh RETURN VALUES
751.Fn EVP_CIPHER_CTX_new
752returns a pointer to a newly created
753.Vt EVP_CIPHER_CTX
754for success or
755.Dv NULL
756for failure.
757.Pp
557.Fn EVP_EncryptInit_ex , 758.Fn EVP_EncryptInit_ex ,
558.Fn EVP_EncryptUpdate , 759.Fn EVP_EncryptUpdate ,
559and 760and
@@ -625,103 +826,61 @@ structure.
625.Fn EVP_CIPHER_param_to_asn1 826.Fn EVP_CIPHER_param_to_asn1
626and 827and
627.Fn EVP_CIPHER_asn1_to_param 828.Fn EVP_CIPHER_asn1_to_param
628return 1 for success or 0 for failure. 829return greater than zero for success and zero or a negative number
629.Pp 830for failure.
630Where possible the EVP interface to symmetric ciphers should be
631used in preference to the low level interfaces.
632This is because the code then becomes transparent to the cipher used and
633much more flexible.
634.Pp
635PKCS padding works by adding n padding bytes of value n to make the
636total length of the encrypted data a multiple of the block size.
637Padding is always added so if the data is already a multiple of the
638block size n will equal the block size.
639For example if the block size is 8 and 11 bytes are to be encrypted then
6405 padding bytes of value 5 will be added.
641.Pp
642When decrypting the final block is checked to see if it has the correct
643form.
644.Pp
645Although the decryption operation can produce an error if padding is
646enabled, it is not a strong test that the input data or key is correct.
647A random block has better than 1 in 256 chance of being of the correct
648format and problems with the input data earlier on will not produce a
649final decrypt error.
650.Pp
651If padding is disabled then the decryption operation will always succeed
652if the total amount of data decrypted is a multiple of the block size.
653.Pp
654The functions
655.Fn EVP_EncryptInit ,
656.Fn EVP_EncryptFinal ,
657.Fn EVP_DecryptInit ,
658.Fn EVP_CipherInit ,
659and
660.Fn EVP_CipherFinal
661are obsolete but are retained for compatibility with existing code.
662New code should use
663.Fn EVP_EncryptInit_ex ,
664.Fn EVP_EncryptFinal_ex ,
665.Fn EVP_DecryptInit_ex ,
666.Fn EVP_DecryptFinal_ex ,
667.Fn EVP_CipherInit_ex ,
668and
669.Fn EVP_CipherFinal_ex
670because they can reuse an existing context without allocating and
671freeing it up on each call.
672.Sh CIPHER LISTING 831.Sh CIPHER LISTING
673All algorithms have a fixed key length unless otherwise stated. 832All algorithms have a fixed key length unless otherwise stated.
674.Bl -tag -width Ds 833.Bl -tag -width Ds
675.It Fn EVP_enc_null void 834.It Fn EVP_enc_null
676Null cipher: does nothing. 835Null cipher: does nothing.
677.It Xo 836.It Xo
678.Fn EVP_aes_128_cbc void , 837.Fn EVP_aes_128_cbc ,
679.Fn EVP_aes_128_ecb void , 838.Fn EVP_aes_128_ecb ,
680.Fn EVP_aes_128_cfb void , 839.Fn EVP_aes_128_cfb ,
681.Fn EVP_aes_128_ofb void 840.Fn EVP_aes_128_ofb
682.Xc 841.Xc
683128-bit AES in CBC, ECB, CFB and OFB modes respectively. 842AES with a 128-bit key in CBC, ECB, CFB and OFB modes respectively.
684.It Xo 843.It Xo
685.Fn EVP_aes_192_cbc void , 844.Fn EVP_aes_192_cbc ,
686.Fn EVP_aes_192_ecb void , 845.Fn EVP_aes_192_ecb ,
687.Fn EVP_aes_192_cfb void , 846.Fn EVP_aes_192_cfb ,
688.Fn EVP_aes_192_ofb void 847.Fn EVP_aes_192_ofb
689.Xc 848.Xc
690192-bit AES in CBC, ECB, CFB and OFB modes respectively. 849AES with a 192-bit key in CBC, ECB, CFB and OFB modes respectively.
691.It Xo 850.It Xo
692.Fn EVP_aes_256_cbc void , 851.Fn EVP_aes_256_cbc ,
693.Fn EVP_aes_256_ecb void , 852.Fn EVP_aes_256_ecb ,
694.Fn EVP_aes_256_cfb void , 853.Fn EVP_aes_256_cfb ,
695.Fn EVP_aes_256_ofb void 854.Fn EVP_aes_256_ofb
696.Xc 855.Xc
697256-bit AES in CBC, ECB, CFB and OFB modes respectively. 856AES with a 256-bit key in CBC, ECB, CFB and OFB modes respectively.
698.It Xo 857.It Xo
699.Fn EVP_des_cbc void , 858.Fn EVP_des_cbc ,
700.Fn EVP_des_ecb void , 859.Fn EVP_des_ecb ,
701.Fn EVP_des_cfb void , 860.Fn EVP_des_cfb ,
702.Fn EVP_des_ofb void 861.Fn EVP_des_ofb
703.Xc 862.Xc
704DES in CBC, ECB, CFB and OFB modes respectively. 863DES in CBC, ECB, CFB and OFB modes respectively.
705.It Xo 864.It Xo
706.Fn EVP_des_ede_cbc void , 865.Fn EVP_des_ede_cbc ,
707.Fn EVP_des_ede void , 866.Fn EVP_des_ede ,
708.Fn EVP_des_ede_ofb void , 867.Fn EVP_des_ede_ofb ,
709.Fn EVP_des_ede_cfb void 868.Fn EVP_des_ede_cfb
710.Xc 869.Xc
711Two key triple DES in CBC, ECB, CFB and OFB modes respectively. 870Two key triple DES in CBC, ECB, CFB and OFB modes respectively.
712.It Xo 871.It Xo
713.Fn EVP_des_ede3_cbc void , 872.Fn EVP_des_ede3_cbc ,
714.Fn EVP_des_ede3 void , 873.Fn EVP_des_ede3 ,
715.Fn EVP_des_ede3_ofb void , 874.Fn EVP_des_ede3_ofb ,
716.Fn EVP_des_ede3_cfb void 875.Fn EVP_des_ede3_cfb
717.Xc 876.Xc
718Three key triple DES in CBC, ECB, CFB and OFB modes respectively. 877Three key triple DES in CBC, ECB, CFB and OFB modes respectively.
719.It Fn EVP_desx_cbc void 878.It Fn EVP_desx_cbc
720DESX algorithm in CBC mode. 879DESX algorithm in CBC mode.
721.It Fn EVP_rc4 void 880.It Fn EVP_rc4
722RC4 stream cipher. 881RC4 stream cipher.
723This is a variable key length cipher with default key length 128 bits. 882This is a variable key length cipher with default key length 128 bits.
724.It Fn EVP_rc4_40 void 883.It Fn EVP_rc4_40
725RC4 stream cipher with 40-bit key length. 884RC4 stream cipher with 40-bit key length.
726This is obsolete and new code should use 885This is obsolete and new code should use
727.Fn EVP_rc4 886.Fn EVP_rc4
@@ -729,25 +888,25 @@ and the
729.Fn EVP_CIPHER_CTX_set_key_length 888.Fn EVP_CIPHER_CTX_set_key_length
730function. 889function.
731.It Xo 890.It Xo
732.Fn EVP_idea_cbc void , 891.Fn EVP_idea_cbc ,
733.Fn EVP_idea_ecb void , 892.Fn EVP_idea_ecb ,
734.Fn EVP_idea_cfb void , 893.Fn EVP_idea_cfb ,
735.Fn EVP_idea_ofb void 894.Fn EVP_idea_ofb
736.Xc 895.Xc
737IDEA encryption algorithm in CBC, ECB, CFB and OFB modes respectively. 896IDEA encryption algorithm in CBC, ECB, CFB and OFB modes respectively.
738.It Xo 897.It Xo
739.Fn EVP_rc2_cbc void , 898.Fn EVP_rc2_cbc ,
740.Fn EVP_rc2_ecb void , 899.Fn EVP_rc2_ecb ,
741.Fn EVP_rc2_cfb void , 900.Fn EVP_rc2_cfb ,
742.Fn EVP_rc2_ofb void 901.Fn EVP_rc2_ofb
743.Xc 902.Xc
744RC2 encryption algorithm in CBC, ECB, CFB and OFB modes respectively. 903RC2 encryption algorithm in CBC, ECB, CFB and OFB modes respectively.
745This is a variable key length cipher with an additional parameter called 904This is a variable key length cipher with an additional parameter called
746"effective key bits" or "effective key length". 905"effective key bits" or "effective key length".
747By default both are set to 128 bits. 906By default both are set to 128 bits.
748.It Xo 907.It Xo
749.Fn EVP_rc2_40_cbc void , 908.Fn EVP_rc2_40_cbc ,
750.Fn EVP_rc2_64_cbc void 909.Fn EVP_rc2_64_cbc
751.Xc 910.Xc
752RC2 algorithm in CBC mode with a default key length and effective key 911RC2 algorithm in CBC mode with a default key length and effective key
753length of 40 and 64 bits. 912length of 40 and 64 bits.
@@ -758,58 +917,146 @@ and
758.Fn EVP_CIPHER_CTX_ctrl 917.Fn EVP_CIPHER_CTX_ctrl
759to set the key length and effective key length. 918to set the key length and effective key length.
760.It Xo 919.It Xo
761.Fn EVP_bf_cbc void , 920.Fn EVP_bf_cbc ,
762.Fn EVP_bf_ecb void , 921.Fn EVP_bf_ecb ,
763.Fn EVP_bf_cfb void , 922.Fn EVP_bf_cfb ,
764.Fn EVP_bf_ofb void 923.Fn EVP_bf_ofb
765.Xc 924.Xc
766Blowfish encryption algorithm in CBC, ECB, CFB and OFB modes 925Blowfish encryption algorithm in CBC, ECB, CFB and OFB modes
767respectively. 926respectively.
768This is a variable key length cipher. 927This is a variable key length cipher.
769.It Xo 928.It Xo
770.Fn EVP_cast5_cbc void , 929.Fn EVP_cast5_cbc ,
771.Fn EVP_cast5_ecb void , 930.Fn EVP_cast5_ecb ,
772.Fn EVP_cast5_cfb void , 931.Fn EVP_cast5_cfb ,
773.Fn EVP_cast5_ofb void 932.Fn EVP_cast5_ofb
774.Xc 933.Xc
775CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively. 934CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively.
776This is a variable key length cipher. 935This is a variable key length cipher.
777.It Xo 936.It Xo
778.Fn EVP_rc5_32_12_16_cbc void , 937.Fn EVP_rc5_32_12_16_cbc ,
779.Fn EVP_rc5_32_12_16_ecb void , 938.Fn EVP_rc5_32_12_16_ecb ,
780.Fn EVP_rc5_32_12_16_cfb void , 939.Fn EVP_rc5_32_12_16_cfb ,
781.Fn EVP_rc5_32_12_16_ofb void 940.Fn EVP_rc5_32_12_16_ofb
782.Xc 941.Xc
783RC5 encryption algorithm in CBC, ECB, CFB and OFB modes respectively. 942RC5 encryption algorithm in CBC, ECB, CFB and OFB modes respectively.
784This is a variable key length cipher with an additional "number of 943This is a variable key length cipher with an additional "number of
785rounds" parameter. 944rounds" parameter.
786By default the key length is set to 128 bits and 12 rounds. 945By default the key length is set to 128 bits and 12 rounds.
946.It Xo
947.Fn EVP_aes_128_gcm ,
948.Fn EVP_aes_192_gcm ,
949.Fn EVP_aes_256_gcm
950.Xc
951AES Galois Counter Mode (GCM) for 128, 192 and 256 bit keys respectively.
952These ciphers require additional control operations to function
953correctly: see the GCM mode section below for details.
954.It Xo
955.Fn EVP_aes_128_ccm ,
956.Fn EVP_aes_192_ccm ,
957.Fn EVP_aes_256_ccm
958.Xc
959AES Counter with CBC-MAC Mode (CCM) for 128, 192 and 256 bit keys
960respectively.
961These ciphers require additional control operations to function
962correctly: see CCM mode section below for details.
963.It Fn EVP_chacha20
964The ChaCha20 stream cipher.
965The key length is 256 bits, the IV is 96 bits long.
787.El 966.El
788.Sh EXAMPLES 967.Ss GCM mode
789Get the number of rounds used in RC5: 968For GCM mode ciphers, the behaviour of the EVP interface
790.Bd -literal -offset indent 969is subtly altered and several additional ctrl operations are
791int nrounds; 970supported.
792EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &nrounds);
793.Ed
794.Pp 971.Pp
795Get the RC2 effective key length: 972To specify any additional authenticated data (AAD), a call to
796.Bd -literal -offset indent 973.Fn EVP_CipherUpdate ,
797int key_bits; 974.Fn EVP_EncryptUpdate ,
798EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC2_KEY_BITS, 0, &key_bits); 975or
799.Ed 976.Fn EVP_DecryptUpdate
977should be made with the output parameter out set to
978.Dv NULL .
800.Pp 979.Pp
801Set the number of rounds used in RC5: 980When decrypting, the return value of
802.Bd -literal -offset indent 981.Fn EVP_DecryptFinal
803int nrounds; 982or
804EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, nrounds, NULL); 983.Fn EVP_CipherFinal
805.Ed 984indicates if the operation was successful.
985If it does not indicate success, the authentication operation has
986failed and any output data MUST NOT be used as it is corrupted.
806.Pp 987.Pp
807Set the effective key length used in RC2: 988The following ctrls are supported in GCM mode:
808.Bd -literal -offset indent 989.Bl -tag -width Ds
809int key_bits; 990.It Fn EVP_CIPHER_CTX_ctrl ctx EVP_CTRL_GCM_SET_IVLEN ivlen NULL
810EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL); 991Sets the IV length: this call can only be made before specifying an IV.
811.Ed 992If not called, a default IV length is used.
993For GCM AES the default is 12, i.e. 96 bits.
994.It Fn EVP_CIPHER_CTX_ctrl ctx EVP_CTRL_GCM_GET_TAG taglen tag
995Writes
996.Fa taglen
997bytes of the tag value to the buffer indicated by
998.Fa tag .
999This call can only be made when encrypting data and after all data has
1000been processed, e.g. after an
1001.Fn EVP_EncryptFinal
1002call.
1003.It Fn EVP_CIPHER_CTX_ctrl ctx EVP_CTRL_GCM_SET_TAG taglen tag
1004Sets the expected tag to
1005.Fa taglen
1006bytes from
1007.Fa tag .
1008This call is only legal when decrypting data and must be made before
1009any data is processed, e.g. before any
1010.Fa EVP_DecryptUpdate
1011call.
1012.El
1013.Ss CCM mode
1014The behaviour of CCM mode ciphers is similar to GCM mode, but with
1015a few additional requirements and different ctrl values.
812.Pp 1016.Pp
1017Like GCM mode any additional authenticated data (AAD) is passed
1018by calling
1019.Fn EVP_CipherUpdate ,
1020.Fn EVP_EncryptUpdate ,
1021or
1022.Fn EVP_DecryptUpdate
1023with the output parameter out set to
1024.Dv NULL .
1025Additionally, the total
1026plaintext or ciphertext length MUST be passed to
1027.Fn EVP_CipherUpdate ,
1028.Fn EVP_EncryptUpdate ,
1029or
1030.Fn EVP_DecryptUpdate
1031with the output and input
1032parameters
1033.Pq Fa in No and Fa out
1034set to
1035.Dv NULL
1036and the length passed in the
1037.Fa inl
1038parameter.
1039.Pp
1040The following ctrls are supported in CCM mode:
1041.Bl -tag -width Ds
1042.It Fn EVP_CIPHER_CTX_ctrl ctx EVP_CTRL_CCM_SET_TAG taglen tag
1043This call is made to set the expected CCM tag value when decrypting or
1044the length of the tag (with the
1045.Fa tag
1046parameter set to
1047.Dv NULL )
1048when encrypting.
1049The tag length is often referred to as M.
1050If not set, a default value is used (12 for AES).
1051.It Fn EVP_CIPHER_CTX_ctrl ctx EVP_CTRL_CCM_SET_L ivlen NULL
1052Sets the CCM L value.
1053If not set, a default is used (8 for AES).
1054.It Fn EVP_CIPHER_CTX_ctrl ctx EVP_CTRL_CCM_SET_IVLEN ivlen NULL
1055Sets the CCM nonce (IV) length: this call can only be made before
1056specifying an nonce value.
1057The nonce length is given by 15 - L so it is 7 by default for AES.
1058.El
1059.Sh EXAMPLES
813Encrypt a string using blowfish: 1060Encrypt a string using blowfish:
814.Bd -literal -offset 3n 1061.Bd -literal -offset 3n
815int 1062int