This commit was manufactured by cvs2git to create tag 'tb_20210818'.tb_20210818

1 files changed, 0 insertions, 1385 deletions

diff --git a/src/lib/libcrypto/man/EVP_EncryptInit.3 b/src/lib/libcrypto/man/EVP_EncryptInit.3
deleted file mode 100644
index bcfe236038..0000000000
--- a/src/lib/libcrypto/man/EVP_EncryptInit.3
+++ /dev/null
@@ -1,1385 +0,0 @@
-.\" $OpenBSD: EVP_EncryptInit.3,v 1.41 2021/01/05 06:51:31 jmc Exp $
-.\" full merge up to: OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800
-.\"   EVP_bf_cbc.pod EVP_cast5_cbc.pod EVP_idea_cbc.pod EVP_rc2_cbc.pod
-.\"   7c6d372a Nov 20 13:20:01 2018 +0000
-.\" selective merge up to: OpenSSL 16cfc2c9 Mar 8 22:30:28 2018 +0100
-.\"   EVP_chacha20.pod 8fa4d95e Oct 21 11:59:09 2017 +0900
-.\"
-.\" This file is a derived work.
-.\" The changes are covered by the following Copyright and license:
-.\"
-.\" Copyright (c) 2019 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>
-.\" and Richard Levitte <levitte@openssl.org>.
-.\" Copyright (c) 2000-2002, 2005, 2012-2016 The OpenSSL Project.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: January 5 2021 $
-.Dt EVP_ENCRYPTINIT 3
-.Os
-.Sh NAME
-.Nm EVP_CIPHER_CTX_new ,
-.Nm EVP_CIPHER_CTX_reset ,
-.Nm EVP_CIPHER_CTX_cleanup ,
-.Nm EVP_CIPHER_CTX_init ,
-.Nm EVP_CIPHER_CTX_free ,
-.Nm EVP_EncryptInit_ex ,
-.Nm EVP_EncryptUpdate ,
-.Nm EVP_EncryptFinal_ex ,
-.Nm EVP_DecryptInit_ex ,
-.Nm EVP_DecryptUpdate ,
-.Nm EVP_DecryptFinal_ex ,
-.Nm EVP_CipherInit_ex ,
-.Nm EVP_CipherUpdate ,
-.Nm EVP_CipherFinal_ex ,
-.Nm EVP_EncryptInit ,
-.Nm EVP_EncryptFinal ,
-.Nm EVP_DecryptInit ,
-.Nm EVP_DecryptFinal ,
-.Nm EVP_CipherInit ,
-.Nm EVP_CipherFinal ,
-.Nm EVP_Cipher ,
-.Nm EVP_CIPHER_CTX_set_flags ,
-.Nm EVP_CIPHER_CTX_clear_flags ,
-.Nm EVP_CIPHER_CTX_test_flags ,
-.Nm EVP_CIPHER_CTX_set_padding ,
-.Nm EVP_CIPHER_CTX_set_key_length ,
-.Nm EVP_CIPHER_CTX_ctrl ,
-.Nm EVP_CIPHER_CTX_rand_key ,
-.Nm EVP_get_cipherbyname ,
-.Nm EVP_get_cipherbynid ,
-.Nm EVP_get_cipherbyobj ,
-.Nm EVP_CIPHER_nid ,
-.Nm EVP_CIPHER_block_size ,
-.Nm EVP_CIPHER_key_length ,
-.Nm EVP_CIPHER_iv_length ,
-.Nm EVP_CIPHER_flags ,
-.Nm EVP_CIPHER_mode ,
-.Nm EVP_CIPHER_type ,
-.Nm EVP_CIPHER_CTX_cipher ,
-.Nm EVP_CIPHER_CTX_nid ,
-.Nm EVP_CIPHER_CTX_block_size ,
-.Nm EVP_CIPHER_CTX_key_length ,
-.Nm EVP_CIPHER_CTX_iv_length ,
-.Nm EVP_CIPHER_CTX_get_iv ,
-.Nm EVP_CIPHER_CTX_set_iv ,
-.Nm EVP_CIPHER_CTX_get_app_data ,
-.Nm EVP_CIPHER_CTX_set_app_data ,
-.Nm EVP_CIPHER_CTX_type ,
-.Nm EVP_CIPHER_CTX_flags ,
-.Nm EVP_CIPHER_CTX_mode ,
-.Nm EVP_CIPHER_param_to_asn1 ,
-.Nm EVP_CIPHER_asn1_to_param ,
-.Nm EVP_enc_null ,
-.Nm EVP_idea_cbc ,
-.Nm EVP_idea_ecb ,
-.Nm EVP_idea_cfb64 ,
-.Nm EVP_idea_cfb ,
-.Nm EVP_idea_ofb ,
-.Nm EVP_rc2_cbc ,
-.Nm EVP_rc2_ecb ,
-.Nm EVP_rc2_cfb64 ,
-.Nm EVP_rc2_cfb ,
-.Nm EVP_rc2_ofb ,
-.Nm EVP_rc2_40_cbc ,
-.Nm EVP_rc2_64_cbc ,
-.Nm EVP_bf_cbc ,
-.Nm EVP_bf_ecb ,
-.Nm EVP_bf_cfb64 ,
-.Nm EVP_bf_cfb ,
-.Nm EVP_bf_ofb ,
-.Nm EVP_cast5_cbc ,
-.Nm EVP_cast5_ecb ,
-.Nm EVP_cast5_cfb64 ,
-.Nm EVP_cast5_cfb ,
-.Nm EVP_cast5_ofb ,
-.Nm EVP_chacha20
-.Nd EVP cipher routines
-.Sh SYNOPSIS
-.In openssl/evp.h
-.Ft EVP_CIPHER_CTX *
-.Fn EVP_CIPHER_CTX_new void
-.Ft int
-.Fo EVP_CIPHER_CTX_reset
-.Fa "EVP_CIPHER_CTX *ctx"
-.Fc
-.Ft int
-.Fo EVP_CIPHER_CTX_cleanup
-.Fa "EVP_CIPHER_CTX *ctx"
-.Fc
-.Ft void
-.Fo EVP_CIPHER_CTX_init
-.Fa "EVP_CIPHER_CTX *ctx"
-.Fc
-.Ft void
-.Fo EVP_CIPHER_CTX_free
-.Fa "EVP_CIPHER_CTX *ctx"
-.Fc
-.Ft int
-.Fo EVP_EncryptInit_ex
-.Fa "EVP_CIPHER_CTX *ctx"
-.Fa "const EVP_CIPHER *type"
-.Fa "ENGINE *impl"
-.Fa "const unsigned char *key"
-.Fa "const unsigned char *iv"
-.Fc
-.Ft int
-.Fo EVP_EncryptUpdate
-.Fa "EVP_CIPHER_CTX *ctx"
-.Fa "unsigned char *out"
-.Fa "int *outl"
-.Fa "const unsigned char *in"
-.Fa "int inl"
-.Fc
-.Ft int
-.Fo EVP_EncryptFinal_ex
-.Fa "EVP_CIPHER_CTX *ctx"
-.Fa "unsigned char *out"
-.Fa "int *outl"
-.Fc
-.Ft int
-.Fo EVP_DecryptInit_ex
-.Fa "EVP_CIPHER_CTX *ctx"
-.Fa "const EVP_CIPHER *type"
-.Fa "ENGINE *impl"
-.Fa "const unsigned char *key"
-.Fa "const unsigned char *iv"
-.Fc
-.Ft int
-.Fo EVP_DecryptUpdate
-.Fa "EVP_CIPHER_CTX *ctx"
-.Fa "unsigned char *out"
-.Fa "int *outl"
-.Fa "const unsigned char *in"
-.Fa "int inl"
-.Fc
-.Ft int
-.Fo EVP_DecryptFinal_ex
-.Fa "EVP_CIPHER_CTX *ctx"
-.Fa "unsigned char *outm"
-.Fa "int *outl"
-.Fc
-.Ft int
-.Fo EVP_CipherInit_ex
-.Fa "EVP_CIPHER_CTX *ctx"
-.Fa "const EVP_CIPHER *type"
-.Fa "ENGINE *impl"
-.Fa "const unsigned char *key"
-.Fa "const unsigned char *iv"
-.Fa "int enc"
-.Fc
-.Ft int
-.Fo EVP_CipherUpdate
-.Fa "EVP_CIPHER_CTX *ctx"
-.Fa "unsigned char *out"
-.Fa "int *outl"
-.Fa "const unsigned char *in"
-.Fa "int inl"
-.Fc
-.Ft int
-.Fo EVP_CipherFinal_ex
-.Fa "EVP_CIPHER_CTX *ctx"
-.Fa "unsigned char *outm"
-.Fa "int *outl"
-.Fc
-.Ft int
-.Fo EVP_EncryptInit
-.Fa "EVP_CIPHER_CTX *ctx"
-.Fa "const EVP_CIPHER *type"
-.Fa "const unsigned char *key"
-.Fa "const unsigned char *iv"
-.Fc
-.Ft int
-.Fo EVP_EncryptFinal
-.Fa "EVP_CIPHER_CTX *ctx"
-.Fa "unsigned char *out"
-.Fa "int *outl"
-.Fc
-.Ft int
-.Fo EVP_DecryptInit
-.Fa "EVP_CIPHER_CTX *ctx"
-.Fa "const EVP_CIPHER *type"
-.Fa "const unsigned char *key"
-.Fa "const unsigned char *iv"
-.Fc
-.Ft int
-.Fo EVP_DecryptFinal
-.Fa "EVP_CIPHER_CTX *ctx"
-.Fa "unsigned char *outm"
-.Fa "int *outl"
-.Fc
-.Ft int
-.Fo EVP_CipherInit
-.Fa "EVP_CIPHER_CTX *ctx"
-.Fa "const EVP_CIPHER *type"
-.Fa "const unsigned char *key"
-.Fa "const unsigned char *iv"
-.Fa "int enc"
-.Fc
-.Ft int
-.Fo EVP_CipherFinal
-.Fa "EVP_CIPHER_CTX *ctx"
-.Fa "unsigned char *outm"
-.Fa "int *outl"
-.Fc
-.Ft int
-.Fo EVP_Cipher
-.Fa "EVP_CIPHER_CTX *ctx"
-.Fa "unsigned char *out"
-.Fa "const unsigned char *in"
-.Fa "unsigned int inl"
-.Fc
-.Ft void
-.Fo EVP_CIPHER_CTX_set_flags
-.Fa "EVP_CIPHER_CTX *ctx"
-.Fa "int flags"
-.Fc
-.Ft void
-.Fo EVP_CIPHER_CTX_clear_flags
-.Fa "EVP_CIPHER_CTX *ctx"
-.Fa "int flags"
-.Fc
-.Ft int
-.Fo EVP_CIPHER_CTX_test_flags
-.Fa "EVP_CIPHER_CTX *ctx"
-.Fa "int flags"
-.Fc
-.Ft int
-.Fo EVP_CIPHER_CTX_set_padding
-.Fa "EVP_CIPHER_CTX *x"
-.Fa "int padding"
-.Fc
-.Ft int
-.Fo EVP_CIPHER_CTX_set_key_length
-.Fa "EVP_CIPHER_CTX *x"
-.Fa "int keylen"
-.Fc
-.Ft int
-.Fo EVP_CIPHER_CTX_ctrl
-.Fa "EVP_CIPHER_CTX *ctx"
-.Fa "int type"
-.Fa "int arg"
-.Fa "void *ptr"
-.Fc
-.Ft int
-.Fo EVP_CIPHER_CTX_rand_key
-.Fa "EVP_CIPHER_CTX *ctx"
-.Fa "unsigned char *key"
-.Fc
-.Ft const EVP_CIPHER *
-.Fo EVP_get_cipherbyname
-.Fa "const char *name"
-.Fc
-.Ft const EVP_CIPHER *
-.Fo EVP_get_cipherbynid
-.Fa "int nid"
-.Fc
-.Ft const EVP_CIPHER *
-.Fo EVP_get_cipherbyobj
-.Fa "const ASN1_OBJECT *a"
-.Fc
-.Ft int
-.Fo EVP_CIPHER_nid
-.Fa "const EVP_CIPHER *e"
-.Fc
-.Ft int
-.Fo EVP_CIPHER_block_size
-.Fa "const EVP_CIPHER *e"
-.Fc
-.Ft int
-.Fo EVP_CIPHER_key_length
-.Fa "const EVP_CIPHER *e"
-.Fc
-.Ft int
-.Fo EVP_CIPHER_iv_length
-.Fa "const EVP_CIPHER *e"
-.Fc
-.Ft unsigned long
-.Fo EVP_CIPHER_flags
-.Fa "const EVP_CIPHER *e"
-.Fc
-.Ft unsigned long
-.Fo EVP_CIPHER_mode
-.Fa "const EVP_CIPHER *e"
-.Fc
-.Ft int
-.Fo EVP_CIPHER_type
-.Fa "const EVP_CIPHER *ctx"
-.Fc
-.Ft const EVP_CIPHER *
-.Fo EVP_CIPHER_CTX_cipher
-.Fa "const EVP_CIPHER_CTX *ctx"
-.Fc
-.Ft int
-.Fo EVP_CIPHER_CTX_nid
-.Fa "const EVP_CIPHER_CTX *ctx"
-.Fc
-.Ft int
-.Fo EVP_CIPHER_CTX_block_size
-.Fa "const EVP_CIPHER_CTX *ctx"
-.Fc
-.Ft int
-.Fo EVP_CIPHER_CTX_key_length
-.Fa "const EVP_CIPHER_CTX *ctx"
-.Fc
-.Ft int
-.Fo EVP_CIPHER_CTX_iv_length
-.Fa "const EVP_CIPHER_CTX *ctx"
-.Fc
-.Ft int
-.Fo EVP_CIPHER_CTX_get_iv
-.Fa "const EVP_CIPHER_CTX *ctx"
-.Fa "u_char *iv"
-.Fa "size_t len"
-.Fc
-.Ft int
-.Fo EVP_CIPHER_CTX_set_iv
-.Fa "EVP_CIPHER_CTX *ctx"
-.Fa "const u_char *iv"
-.Fa "size_t len"
-.Fc
-.Ft void *
-.Fo EVP_CIPHER_CTX_get_app_data
-.Fa "const EVP_CIPHER_CTX *ctx"
-.Fc
-.Ft void
-.Fo EVP_CIPHER_CTX_set_app_data
-.Fa "const EVP_CIPHER_CTX *ctx"
-.Fa "void *data"
-.Fc
-.Ft int
-.Fo EVP_CIPHER_CTX_type
-.Fa "const EVP_CIPHER_CTX *ctx"
-.Fc
-.Ft unsigned long
-.Fo EVP_CIPHER_CTX_flags
-.Fa "const EVP_CIPHER_CTX *ctx"
-.Fc
-.Ft unsigned long
-.Fo EVP_CIPHER_CTX_mode
-.Fa "const EVP_CIPHER_CTX *ctx"
-.Fc
-.Ft int
-.Fo EVP_CIPHER_param_to_asn1
-.Fa "EVP_CIPHER_CTX *c"
-.Fa "ASN1_TYPE *type"
-.Fc
-.Ft int
-.Fo EVP_CIPHER_asn1_to_param
-.Fa "EVP_CIPHER_CTX *c"
-.Fa "ASN1_TYPE *type"
-.Fc
-.Sh DESCRIPTION
-The EVP cipher routines are a high level interface to certain symmetric
-ciphers.
-.Pp
-.Fn EVP_CIPHER_CTX_new
-creates a new, empty cipher context.
-.Pp
-.Fn EVP_CIPHER_CTX_reset
-clears all information from
-.Fa ctx
-and frees all allocated memory associated with it, except the
-.Fa ctx
-object itself, such that it can be reused for another series of calls to
-.Fn EVP_CipherInit ,
-.Fn EVP_CipherUpdate ,
-and
-.Fn EVP_CipherFinal .
-It is also suitable for cipher contexts on the stack that were used
-and are no longer needed.
-.Fn EVP_CIPHER_CTX_cleanup
-is a deprecated alias for
-.Fn EVP_CIPHER_CTX_reset .
-.Pp
-.Fn EVP_CIPHER_CTX_init
-is a deprecated function to clear a cipher context on the stack
-before use.
-Do not use it on a cipher context returned from
-.Fn EVP_CIPHER_CTX_new
-or one that was already used.
-.Pp
-.Fn EVP_CIPHER_CTX_free
-clears all information from
-.Fa ctx
-and frees all allocated memory associated with it, including
-.Fa ctx
-itself.
-This function should be called after all operations using a cipher
-are complete, so sensitive information does not remain in memory.
-If
-.Fa ctx
-is a
-.Dv NULL
-pointer, no action occurs.
-.Pp
-.Fn EVP_EncryptInit_ex
-sets up the cipher context
-.Fa ctx
-for encryption with cipher
-.Fa type
-from
-.Vt ENGINE
-.Fa impl .
-If
-.Fa ctx
-points to an unused object on the stack, it must be initialized with
-.Fn EVP_MD_CTX_init
-before calling this function.
-.Fa type
-is normally supplied by a function such as
-.Xr EVP_aes_256_cbc 3 .
-If
-.Fa impl
-is
-.Dv NULL ,
-then the default implementation is used.
-.Fa key
-is the symmetric key to use and
-.Fa iv
-is the IV to use (if necessary).
-The actual number of bytes used for the
-key and IV depends on the cipher.
-It is possible to set all parameters to
-.Dv NULL
-except
-.Fa type
-in an initial call and supply the remaining parameters in subsequent
-calls, all of which have
-.Fa type
-set to
-.Dv NULL .
-This is done when the default cipher parameters are not appropriate.
-.Pp
-.Fn EVP_EncryptUpdate
-encrypts
-.Fa inl
-bytes from the buffer
-.Fa in
-and writes the encrypted version to
-.Fa out .
-This function can be called multiple times to encrypt successive blocks
-of data.
-The amount of data written depends on the block alignment of the
-encrypted data: as a result the amount of data written may be anything
-from zero bytes to (inl + cipher_block_size - 1) so
-.Fa out
-should contain sufficient room.
-The actual number of bytes written is placed in
-.Fa outl .
-.Pp
-If padding is enabled (the default) then
-.Fn EVP_EncryptFinal_ex
-encrypts the "final" data, that is any data that remains in a partial
-block.
-It uses NOTES (aka PKCS padding).
-The encrypted final data is written to
-.Fa out
-which should have sufficient space for one cipher block.
-The number of bytes written is placed in
-.Fa outl .
-After this function is called the encryption operation is finished and
-no further calls to
-.Fn EVP_EncryptUpdate
-should be made.
-.Pp
-If padding is disabled then
-.Fn EVP_EncryptFinal_ex
-will not encrypt any more data and it will return an error if any data
-remains in a partial block: that is if the total data length is not a
-multiple of the block size.
-.Pp
-.Fn EVP_DecryptInit_ex ,
-.Fn EVP_DecryptUpdate ,
-and
-.Fn EVP_DecryptFinal_ex
-are the corresponding decryption operations.
-.Fn EVP_DecryptFinal
-will return an error code if padding is enabled and the final block is
-not correctly formatted.
-The parameters and restrictions are identical to the encryption
-operations except that if padding is enabled the decrypted data buffer
-.Fa out
-passed to
-.Fn EVP_DecryptUpdate
-should have sufficient room for (inl + cipher_block_size) bytes
-unless the cipher block size is 1 in which case
-.Fa inl
-bytes is sufficient.
-.Pp
-.Fn EVP_CipherInit_ex ,
-.Fn EVP_CipherUpdate ,
-and
-.Fn EVP_CipherFinal_ex
-are functions that can be used for decryption or encryption.
-The operation performed depends on the value of the
-.Fa enc
-parameter.
-It should be set to 1 for encryption, 0 for decryption and -1 to leave
-the value unchanged (the actual value of
-.Fa enc
-being supplied in a previous call).
-.Pp
-.Fn EVP_EncryptInit ,
-.Fn EVP_DecryptInit ,
-and
-.Fn EVP_CipherInit
-are deprecated functions behaving like
-.Fn EVP_EncryptInit_ex ,
-.Fn EVP_DecryptInit_ex ,
-and
-.Fn EVP_CipherInit_ex
-except that they always use the default cipher implementation
-and that they require
-.Fn EVP_CIPHER_CTX_reset
-before they can be used on a context that was already used.
-.Pp
-.Fn EVP_EncryptFinal ,
-.Fn EVP_DecryptFinal ,
-and
-.Fn EVP_CipherFinal
-are identical to
-.Fn EVP_EncryptFinal_ex ,
-.Fn EVP_DecryptFinal_ex ,
-and
-.Fn EVP_CipherFinal_ex .
-In previous releases of OpenSSL, they also used to clean up the
-.Fa ctx ,
-but this is no longer done and
-.Fn EVP_CIPHER_CTX_reset
-or
-.Fn EVP_CIPHER_CTX_free
-must be called to free any context resources.
-.Pp
-.Fn EVP_Cipher
-encrypts or decrypts aligned blocks of data
-whose lengths match the cipher block size.
-It requires that the previous encryption or decryption operation
-using the same
-.Fa ctx ,
-if there was any, ended exactly on a block boundary and that
-.Fa inl
-is an integer multiple of the cipher block size.
-If either of these conditions is violated,
-.Fn EVP_Cipher
-silently produces incorrect results.
-For that reason, using the function
-.Fn EVP_CipherUpdate
-instead is strongly recommended.
-The latter can safely handle partial blocks, and even if
-.Fa inl
-actually is a multiple of the cipher block size for all calls,
-the overhead incurred by using
-.Fn EVP_CipherUpdate
-is minimal.
-.Pp
-.Fn EVP_get_cipherbyname ,
-.Fn EVP_get_cipherbynid ,
-and
-.Fn EVP_get_cipherbyobj
-return an
-.Vt EVP_CIPHER
-structure when passed a cipher name, a NID or an
-.Vt ASN1_OBJECT
-structure.
-.Pp
-.Fn EVP_CIPHER_nid
-and
-.Fn EVP_CIPHER_CTX_nid
-return the NID of a cipher when passed an
-.Vt EVP_CIPHER
-or
-.Vt EVP_CIPHER_CTX
-structure.
-The actual NID value is an internal value which may not have a
-corresponding OBJECT IDENTIFIER.
-.Pp
-.Fn EVP_CIPHER_CTX_set_flags
-enables the given
-.Fa flags
-in
-.Fa ctx .
-.Fn EVP_CIPHER_CTX_clear_flags
-disables the given
-.Fa flags
-in
-.Fa ctx .
-.Fn EVP_CIPHER_CTX_test_flags
-checks whether any of the given
-.Fa flags
-are currently set in
-.Fa ctx ,
-returning the subset of the
-.Fa flags
-that are set, or 0 if none of them are set.
-Currently, the only supported cipher context flag is
-.Dv EVP_CIPHER_CTX_FLAG_WRAP_ALLOW ;
-see
-.Xr EVP_aes_128_wrap 3
-for details.
-.Pp
-.Fn EVP_CIPHER_CTX_set_padding
-enables or disables padding.
-This function should be called after the context is set up for
-encryption or decryption with
-.Fn EVP_EncryptInit_ex ,
-.Fn EVP_DecryptInit_ex ,
-or
-.Fn EVP_CipherInit_ex .
-By default encryption operations are padded using standard block padding
-and the padding is checked and removed when decrypting.
-If the
-.Fa padding
-parameter is zero, then no padding is performed, the total amount of data
-encrypted or decrypted must then be a multiple of the block size or an
-error will occur.
-.Pp
-.Fn EVP_CIPHER_key_length
-and
-.Fn EVP_CIPHER_CTX_key_length
-return the key length of a cipher when passed an
-.Vt EVP_CIPHER
-or
-.Vt EVP_CIPHER_CTX
-structure.
-The constant
-.Dv EVP_MAX_KEY_LENGTH
-is the maximum key length for all ciphers.
-Note: although
-.Fn EVP_CIPHER_key_length
-is fixed for a given cipher, the value of
-.Fn EVP_CIPHER_CTX_key_length
-may be different for variable key length ciphers.
-.Pp
-.Fn EVP_CIPHER_CTX_set_key_length
-sets the key length of the cipher ctx.
-If the cipher is a fixed length cipher, then attempting to set the key
-length to any value other than the fixed value is an error.
-.Pp
-.Fn EVP_CIPHER_iv_length
-and
-.Fn EVP_CIPHER_CTX_iv_length
-return the IV length of a cipher when passed an
-.Vt EVP_CIPHER
-or
-.Vt EVP_CIPHER_CTX .
-It will return zero if the cipher does not use an IV.
-The constant
-.Dv EVP_MAX_IV_LENGTH
-is the maximum IV length for all ciphers.
-.Pp
-.Fn EVP_CIPHER_CTX_get_iv
-and
-.Fn EVP_CIPHER_CTX_set_iv
-will respectively retrieve and set the IV for an
-.Vt EVP_CIPHER_CTX .
-In both cases, the specified IV length must exactly equal the expected
-IV length for the context as returned by
-.Fn EVP_CIPHER_CTX_iv_length .
-.Pp
-.Fn EVP_CIPHER_block_size
-and
-.Fn EVP_CIPHER_CTX_block_size
-return the block size of a cipher when passed an
-.Vt EVP_CIPHER
-or
-.Vt EVP_CIPHER_CTX
-structure.
-The constant
-.Dv EVP_MAX_BLOCK_LENGTH
-is also the maximum block length for all ciphers.
-.Pp
-.Fn EVP_CIPHER_type
-and
-.Fn EVP_CIPHER_CTX_type
-return the type of the passed cipher or context.
-This "type" is the actual NID of the cipher OBJECT IDENTIFIER as such it
-ignores the cipher parameters and 40-bit RC2 and 128-bit RC2 have the
-same NID.
-If the cipher does not have an object identifier or does not
-have ASN.1 support this function will return
-.Dv NID_undef .
-.Pp
-.Fn EVP_CIPHER_CTX_cipher
-returns the
-.Vt EVP_CIPHER
-structure when passed an
-.Vt EVP_CIPHER_CTX
-structure.
-.Pp
-.Fn EVP_CIPHER_mode
-and
-.Fn EVP_CIPHER_CTX_mode
-return the block cipher mode:
-.Dv EVP_CIPH_ECB_MODE ,
-.Dv EVP_CIPH_CBC_MODE ,
-.Dv EVP_CIPH_CFB_MODE ,
-.Dv EVP_CIPH_OFB_MODE ,
-.Dv EVP_CIPH_CTR_MODE ,
-or
-.Dv EVP_CIPH_XTS_MODE .
-If the cipher is a stream cipher then
-.Dv EVP_CIPH_STREAM_CIPHER
-is returned.
-.Pp
-.Fn EVP_CIPHER_param_to_asn1
-sets the ASN.1
-.Vt AlgorithmIdentifier
-parameter based on the passed cipher.
-This will typically include any parameters and an IV.
-The cipher IV (if any) must be set when this call is made.
-This call should be made before the cipher is actually "used" (before any
-.Fn EVP_EncryptUpdate
-or
-.Fn EVP_DecryptUpdate
-calls, for example).
-This function may fail if the cipher does not have any ASN.1 support.
-.Pp
-.Fn EVP_CIPHER_asn1_to_param
-sets the cipher parameters based on an ASN.1
-.Vt AlgorithmIdentifier
-parameter.
-The precise effect depends on the cipher.
-In the case of RC2, for example, it will set the IV and effective
-key length.
-This function should be called after the base cipher type is set but
-before the key is set.
-For example
-.Fn EVP_CipherInit
-will be called with the IV and key set to
-.Dv NULL ,
-.Fn EVP_CIPHER_asn1_to_param
-will be called and finally
-.Fn EVP_CipherInit
-again with all parameters except the key set to
-.Dv NULL .
-It is possible for this function to fail if the cipher does not
-have any ASN.1 support or the parameters cannot be set (for example
-the RC2 effective key length is not supported).
-.Pp
-.Fn EVP_CIPHER_CTX_ctrl
-allows various cipher specific parameters to be determined and set.
-Currently only the RC2 effective key length can be set.
-.Pp
-.Fn EVP_CIPHER_CTX_rand_key
-generates a random key of the appropriate length based on the cipher
-context.
-The
-.Vt EVP_CIPHER
-can provide its own random key generation routine to support keys
-of a specific form.
-The
-.Fa key
-argument must point to a buffer at least as big as the value returned by
-.Fn EVP_CIPHER_CTX_key_length .
-.Pp
-Where possible the EVP interface to symmetric ciphers should be
-used in preference to the low level interfaces.
-This is because the code then becomes transparent to the cipher used and
-much more flexible.
-.Pp
-PKCS padding works by adding n padding bytes of value n to make the
-total length of the encrypted data a multiple of the block size.
-Padding is always added so if the data is already a multiple of the
-block size n will equal the block size.
-For example if the block size is 8 and 11 bytes are to be encrypted then
-5 padding bytes of value 5 will be added.
-.Pp
-When decrypting the final block is checked to see if it has the correct
-form.
-.Pp
-Although the decryption operation can produce an error if padding is
-enabled, it is not a strong test that the input data or key is correct.
-A random block has better than 1 in 256 chance of being of the correct
-format and problems with the input data earlier on will not produce a
-final decrypt error.
-.Pp
-If padding is disabled then the decryption operation will always succeed
-if the total amount of data decrypted is a multiple of the block size.
-.Pp
-The functions
-.Fn EVP_EncryptInit ,
-.Fn EVP_EncryptFinal ,
-.Fn EVP_DecryptInit ,
-.Fn EVP_CipherInit ,
-and
-.Fn EVP_CipherFinal
-are obsolete but are retained for compatibility with existing code.
-New code should use
-.Fn EVP_EncryptInit_ex ,
-.Fn EVP_EncryptFinal_ex ,
-.Fn EVP_DecryptInit_ex ,
-.Fn EVP_DecryptFinal_ex ,
-.Fn EVP_CipherInit_ex ,
-and
-.Fn EVP_CipherFinal_ex
-because they can reuse an existing context without allocating and
-freeing it up on each call.
-.Pp
-.Fn EVP_get_cipherbynid
-and
-.Fn EVP_get_cipherbyobj
-are implemented as macros.
-.Sh RETURN VALUES
-.Fn EVP_CIPHER_CTX_new
-returns a pointer to a newly created
-.Vt EVP_CIPHER_CTX
-for success or
-.Dv NULL
-for failure.
-.Pp
-.Fn EVP_CIPHER_CTX_reset ,
-.Fn EVP_CIPHER_CTX_cleanup ,
-.Fn EVP_CIPHER_CTX_get_iv ,
-.Fn EVP_CIPHER_CTX_set_iv ,
-.Fn EVP_EncryptInit_ex ,
-.Fn EVP_EncryptUpdate ,
-.Fn EVP_EncryptFinal_ex ,
-.Fn EVP_DecryptInit_ex ,
-.Fn EVP_DecryptUpdate ,
-.Fn EVP_DecryptFinal_ex ,
-.Fn EVP_CipherInit_ex ,
-.Fn EVP_CipherUpdate ,
-.Fn EVP_CipherFinal_ex ,
-.Fn EVP_EncryptInit ,
-.Fn EVP_EncryptFinal ,
-.Fn EVP_DecryptInit ,
-.Fn EVP_DecryptFinal ,
-.Fn EVP_CipherInit ,
-.Fn EVP_CipherFinal ,
-.Fn EVP_Cipher ,
-.Fn EVP_CIPHER_CTX_set_key_length ,
-and
-.Fn EVP_CIPHER_CTX_rand_key
-return 1 for success or 0 for failure.
-.Pp
-.Fn EVP_CIPHER_CTX_set_padding
-always returns 1.
-.Pp
-.Fn EVP_get_cipherbyname ,
-.Fn EVP_get_cipherbynid ,
-and
-.Fn EVP_get_cipherbyobj
-return an
-.Vt EVP_CIPHER
-structure or
-.Dv NULL
-on error.
-.Pp
-.Fn EVP_CIPHER_nid
-and
-.Fn EVP_CIPHER_CTX_nid
-return a NID.
-.Pp
-.Fn EVP_CIPHER_block_size
-and
-.Fn EVP_CIPHER_CTX_block_size
-return the block size.
-.Pp
-.Fn EVP_CIPHER_key_length
-and
-.Fn EVP_CIPHER_CTX_key_length
-return the key length.
-.Pp
-.Fn EVP_CIPHER_iv_length
-and
-.Fn EVP_CIPHER_CTX_iv_length
-return the IV length or zero if the cipher does not use an IV.
-.Pp
-.Fn EVP_CIPHER_type
-and
-.Fn EVP_CIPHER_CTX_type
-return the NID of the cipher's OBJECT IDENTIFIER or
-.Dv NID_undef
-if it has no defined OBJECT IDENTIFIER.
-.Pp
-.Fn EVP_CIPHER_CTX_cipher
-returns an
-.Vt EVP_CIPHER
-structure.
-.Pp
-.Fn EVP_CIPHER_param_to_asn1
-and
-.Fn EVP_CIPHER_asn1_to_param
-return greater than zero for success and zero or a negative number
-for failure.
-.Sh CIPHER LISTING
-All algorithms have a fixed key length unless otherwise stated.
-.Bl -tag -width Ds
-.It Fn EVP_enc_null
-Null cipher: does nothing.
-.It Xo
-.Fn EVP_idea_cbc ,
-.Fn EVP_idea_ecb ,
-.Fn EVP_idea_cfb64 ,
-.Fn EVP_idea_ofb
-.Xc
-IDEA encryption algorithm in CBC, ECB, CFB and OFB modes respectively.
-.Fn EVP_idea_cfb
-is an alias for
-.Fn EVP_idea_cfb64 ,
-implemented as a macro.
-.It Xo
-.Fn EVP_rc2_cbc ,
-.Fn EVP_rc2_ecb ,
-.Fn EVP_rc2_cfb64 ,
-.Fn EVP_rc2_ofb
-.Xc
-RC2 encryption algorithm in CBC, ECB, CFB and OFB modes respectively.
-This is a variable key length cipher with an additional parameter called
-"effective key bits" or "effective key length".
-By default both are set to 128 bits.
-.Fn EVP_rc2_cfb
-is an alias for
-.Fn EVP_rc2_cfb64 ,
-implemented as a macro.
-.It Xo
-.Fn EVP_rc2_40_cbc ,
-.Fn EVP_rc2_64_cbc
-.Xc
-RC2 algorithm in CBC mode with a default key length and effective key
-length of 40 and 64 bits.
-These are obsolete and new code should use
-.Fn EVP_rc2_cbc ,
-.Fn EVP_CIPHER_CTX_set_key_length ,
-and
-.Fn EVP_CIPHER_CTX_ctrl
-to set the key length and effective key length.
-.It Xo
-.Fn EVP_bf_cbc ,
-.Fn EVP_bf_ecb ,
-.Fn EVP_bf_cfb64 ,
-.Fn EVP_bf_ofb
-.Xc
-Blowfish encryption algorithm in CBC, ECB, CFB and OFB modes
-respectively.
-This is a variable key length cipher.
-.Fn EVP_bf_cfb
-is an alias for
-.Fn EVP_bf_cfb64 ,
-implemented as a macro.
-.It Xo
-.Fn EVP_cast5_cbc ,
-.Fn EVP_cast5_ecb ,
-.Fn EVP_cast5_cfb64 ,
-.Fn EVP_cast5_ofb
-.Xc
-CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively.
-This is a variable key length cipher.
-.Fn EVP_cast5_cfb
-is an alias for
-.Fn EVP_cast5_cfb64 ,
-implemented as a macro.
-.It Fn EVP_chacha20
-The ChaCha20 stream cipher.
-The key length is 256 bits.
-The first 32 bits of the 128-bit IV are used as a counter,
-and the remaining 96 bits as a nonce.
-.El
-.Pp
-See also
-.Xr EVP_aes_128_cbc 3 ,
-.Xr EVP_camellia_128_cbc 3 ,
-.Xr EVP_des_cbc 3 ,
-.Xr EVP_rc4 3 ,
-and
-.Xr EVP_sm4_cbc 3 .
-.Ss GCM mode
-For GCM mode ciphers, the behaviour of the EVP interface
-is subtly altered and several additional ctrl operations are
-supported.
-.Pp
-To specify any additional authenticated data (AAD), a call to
-.Fn EVP_CipherUpdate ,
-.Fn EVP_EncryptUpdate ,
-or
-.Fn EVP_DecryptUpdate
-should be made with the output parameter out set to
-.Dv NULL .
-.Pp
-When decrypting, the return value of
-.Fn EVP_DecryptFinal
-or
-.Fn EVP_CipherFinal
-indicates if the operation was successful.
-If it does not indicate success, the authentication operation has
-failed and any output data MUST NOT be used as it is corrupted.
-.Pp
-The following ctrls are supported in GCM mode:
-.Bl -tag -width Ds
-.It Fn EVP_CIPHER_CTX_ctrl ctx EVP_CTRL_GCM_SET_IVLEN ivlen NULL
-Sets the IV length: this call can only be made before specifying an IV.
-If not called, a default IV length is used.
-For GCM AES the default is 12, i.e. 96 bits.
-.It Fn EVP_CIPHER_CTX_ctrl ctx EVP_CTRL_GCM_GET_TAG taglen tag
-Writes
-.Fa taglen
-bytes of the tag value to the buffer indicated by
-.Fa tag .
-This call can only be made when encrypting data and after all data has
-been processed, e.g. after an
-.Fn EVP_EncryptFinal
-call.
-.It Fn EVP_CIPHER_CTX_ctrl ctx EVP_CTRL_GCM_SET_TAG taglen tag
-Sets the expected tag to
-.Fa taglen
-bytes from
-.Fa tag .
-This call is only legal when decrypting data and must be made before
-any data is processed, e.g. before any
-.Fa EVP_DecryptUpdate
-call.
-.El
-.Ss CCM mode
-The behaviour of CCM mode ciphers is similar to GCM mode, but with
-a few additional requirements and different ctrl values.
-.Pp
-Like GCM mode any additional authenticated data (AAD) is passed
-by calling
-.Fn EVP_CipherUpdate ,
-.Fn EVP_EncryptUpdate ,
-or
-.Fn EVP_DecryptUpdate
-with the output parameter out set to
-.Dv NULL .
-Additionally, the total
-plaintext or ciphertext length MUST be passed to
-.Fn EVP_CipherUpdate ,
-.Fn EVP_EncryptUpdate ,
-or
-.Fn EVP_DecryptUpdate
-with the output and input
-parameters
-.Pq Fa in No and Fa out
-set to
-.Dv NULL
-and the length passed in the
-.Fa inl
-parameter.
-.Pp
-The following ctrls are supported in CCM mode:
-.Bl -tag -width Ds
-.It Fn EVP_CIPHER_CTX_ctrl ctx EVP_CTRL_CCM_SET_TAG taglen tag
-This call is made to set the expected CCM tag value when decrypting or
-the length of the tag (with the
-.Fa tag
-parameter set to
-.Dv NULL )
-when encrypting.
-The tag length is often referred to as M.
-If not set, a default value is used (12 for AES).
-.It Fn EVP_CIPHER_CTX_ctrl ctx EVP_CTRL_CCM_SET_L ivlen NULL
-Sets the CCM L value.
-If not set, a default is used (8 for AES).
-.It Fn EVP_CIPHER_CTX_ctrl ctx EVP_CTRL_CCM_SET_IVLEN ivlen NULL
-Sets the CCM nonce (IV) length: this call can only be made before
-specifying a nonce value.
-The nonce length is given by 15 - L so it is 7 by default for AES.
-.El
-.Sh EXAMPLES
-Encrypt a string using blowfish:
-.Bd -literal -offset 3n
-int
-do_crypt(char *outfile)
-{
-        unsigned char outbuf[1024];
-        int outlen, tmplen;
-        /*
-         * Bogus key and IV: we'd normally set these from
-         * another source.
-         */
-        unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
-        unsigned char iv[] = {1,2,3,4,5,6,7,8};
-        const char intext[] = "Some Crypto Text";
-        EVP_CIPHER_CTX *ctx;
-        FILE *out;
-
-        ctx = EVP_CIPHER_CTX_new();
-        EVP_EncryptInit_ex(ctx, EVP_bf_cbc(), NULL, key, iv);
-
-        if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, intext,
-            strlen(intext))) {
-                /* Error */
-                EVP_CIPHER_CTX_free(ctx);
-                return 0;
-        }
-        /*
-         * Buffer passed to EVP_EncryptFinal() must be after data just
-         * encrypted to avoid overwriting it.
-         */
-        if (!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen)) {
-                /* Error */
-                EVP_CIPHER_CTX_free(ctx);
-                return 0;
-        }
-        outlen += tmplen;
-        EVP_CIPHER_CTX_free(ctx);
-        /*
-         * Need binary mode for fopen because encrypted data is
-         * binary data. Also cannot use strlen() on it because
-         * it won't be NUL terminated and may contain embedded
-         * NULs.
-         */
-        out = fopen(outfile, "wb");
-        if (out == NULL) {
-                /* Error */
-                return 0;
-        }
-        fwrite(outbuf, 1, outlen, out);
-        fclose(out);
-        return 1;
-}
-.Ed
-.Pp
-The ciphertext from the above example can be decrypted using the
-.Xr openssl 1
-utility with the command line:
-.Bd -literal -offset indent
-openssl bf -in cipher.bin -K 000102030405060708090A0B0C0D0E0F \e
-           -iv 0102030405060708 -d
-.Ed
-.Pp
-General encryption, decryption function example using FILE I/O and AES128
-with a 128-bit key:
-.Bd -literal
-int
-do_crypt(FILE *in, FILE *out, int do_encrypt)
-{
-        /* Allow enough space in output buffer for additional block */
-        unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH];
-        int inlen, outlen;
-        EVP_CIPHER_CTX *ctx;
-
-        /*
-         * Bogus key and IV: we'd normally set these from
-         * another source.
-         */
-        unsigned char key[] = "0123456789abcdeF";
-        unsigned char iv[] = "1234567887654321";
-
-        ctx = EVP_CIPHER_CTX_new();
-        EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, NULL, NULL,
-            do_encrypt);
-        EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, do_encrypt);
-
-        for (;;) {
-                inlen = fread(inbuf, 1, 1024, in);
-                if (inlen <= 0)
-                        break;
-                if (!EVP_CipherUpdate(ctx, outbuf, &outlen, inbuf,
-                    inlen)) {
-                        /* Error */
-                        EVP_CIPHER_CTX_free(ctx);
-                        return 0;
-                }
-                fwrite(outbuf, 1, outlen, out);
-        }
-        if (!EVP_CipherFinal_ex(ctx, outbuf, &outlen)) {
-                /* Error */
-                EVP_CIPHER_CTX_free(ctx);
-                return 0;
-        }
-        fwrite(outbuf, 1, outlen, out);
-
-        EVP_CIPHER_CTX_free(ctx);
-        return 1;
-}
-.Ed
-.Sh SEE ALSO
-.Xr BIO_f_cipher 3 ,
-.Xr evp 3 ,
-.Xr EVP_AEAD_CTX_init 3 ,
-.Xr EVP_aes_128_cbc 3 ,
-.Xr EVP_camellia_128_cbc 3 ,
-.Xr EVP_des_cbc 3 ,
-.Xr EVP_OpenInit 3 ,
-.Xr EVP_rc4 3 ,
-.Xr EVP_SealInit 3 ,
-.Xr EVP_sm4_cbc 3
-.Sh HISTORY
-.Fn EVP_EncryptInit ,
-.Fn EVP_EncryptUpdate ,
-.Fn EVP_EncryptFinal ,
-.Fn EVP_DecryptInit ,
-.Fn EVP_DecryptUpdate ,
-.Fn EVP_DecryptFinal ,
-.Fn EVP_CipherInit ,
-.Fn EVP_CipherUpdate ,
-.Fn EVP_CipherFinal ,
-.Fn EVP_get_cipherbyname ,
-.Fn EVP_idea_cbc ,
-.Fn EVP_idea_ecb ,
-.Fn EVP_idea_cfb ,
-and
-.Fn EVP_idea_ofb
-first appeared in SSLeay 0.5.1.
-.Fn EVP_rc2_cbc ,
-.Fn EVP_rc2_ecb ,
-.Fn EVP_rc2_cfb ,
-and
-.Fn EVP_rc2_ofb
-first appeared in SSLeay 0.5.2.
-.Fn EVP_Cipher ,
-.Fn EVP_CIPHER_block_size ,
-.Fn EVP_CIPHER_key_length ,
-.Fn EVP_CIPHER_iv_length ,
-.Fn EVP_CIPHER_type ,
-.Fn EVP_CIPHER_CTX_block_size ,
-.Fn EVP_CIPHER_CTX_key_length ,
-.Fn EVP_CIPHER_CTX_iv_length ,
-and
-.Fn EVP_CIPHER_CTX_type
-first appeared in SSLeay 0.6.5.
-.Fn EVP_bf_cbc ,
-.Fn EVP_bf_ecb ,
-.Fn EVP_bf_cfb ,
-and
-.Fn EVP_bf_ofb
-first appeared in SSLeay 0.6.6.
-.Fn EVP_CIPHER_CTX_cleanup ,
-.Fn EVP_get_cipherbyobj ,
-.Fn EVP_CIPHER_nid ,
-.Fn EVP_CIPHER_CTX_cipher ,
-.Fn EVP_CIPHER_CTX_nid ,
-.Fn EVP_CIPHER_CTX_get_app_data ,
-.Fn EVP_CIPHER_CTX_set_app_data ,
-and
-.Fn EVP_enc_null
-first appeared in SSLeay 0.8.0.
-.Fn EVP_get_cipherbynid
-first appeared in SSLeay 0.8.1.
-.Fn EVP_CIPHER_CTX_init ,
-.Fn EVP_CIPHER_param_to_asn1 ,
-and
-.Fn EVP_CIPHER_asn1_to_param
-first appeared in SSLeay 0.9.0.
-All these functions have been available since
-.Ox 2.4 .
-.Pp
-.Fn EVP_rc2_40_cbc
-and
-.Fn EVP_rc2_64_cbc
-first appeared in SSL_eay 0.9.1.
-.Fn EVP_CIPHER_CTX_type
-first appeared in OpenSSL 0.9.3.
-These functions have been available since
-.Ox 2.6 .
-.Pp
-.Fn EVP_CIPHER_CTX_set_key_length ,
-.Fn EVP_CIPHER_CTX_ctrl ,
-.Fn EVP_CIPHER_flags ,
-.Fn EVP_CIPHER_mode ,
-.Fn EVP_CIPHER_CTX_flags ,
-and
-.Fn EVP_CIPHER_CTX_mode
-first appeared in OpenSSL 0.9.6 and have been available since
-.Ox 2.9 .
-.Pp
-.Fn EVP_EncryptInit_ex ,
-.Fn EVP_EncryptFinal_ex ,
-.Fn EVP_DecryptInit_ex ,
-.Fn EVP_DecryptFinal_ex ,
-.Fn EVP_CipherInit_ex ,
-.Fn EVP_CipherFinal_ex ,
-and
-.Fn EVP_CIPHER_CTX_set_padding
-first appeared in OpenSSL 0.9.7 and have been available since
-.Ox 3.2 .
-.Pp
-.Fn EVP_bf_cfb64 ,
-.Fn EVP_cast5_cfb64 ,
-.Fn EVP_idea_cfb64 ,
-and
-.Fn EVP_rc2_cfb64
-first appeared in OpenSSL 0.9.7e and have been available since
-.Ox 3.8 .
-.Pp
-.Fn EVP_CIPHER_CTX_rand_key
-first appeared in OpenSSL 0.9.8.
-.Fn EVP_CIPHER_CTX_new
-and
-.Fn EVP_CIPHER_CTX_free
-first appeared in OpenSSL 0.9.8b.
-These functions have been available since
-.Ox 4.5 .
-.Pp
-.Fn EVP_CIPHER_CTX_reset
-first appeared in OpenSSL 1.1.0 and has been available since
-.Ox 6.3 .
-.Pp
-.Fn EVP_CIPHER_CTX_get_iv
-and
-.Fn EVP_CIPHER_CTX_set_iv
-first appeared in LibreSSL 2.8.1 and has been available since
-.Ox 6.4 .
-.Sh BUGS
-.Dv EVP_MAX_KEY_LENGTH
-and
-.Dv EVP_MAX_IV_LENGTH
-only refer to the internal ciphers with default key lengths.
-If custom ciphers exceed these values the results are unpredictable.
-This is because it has become standard practice to define a generic key
-as a fixed unsigned char array containing
-.Dv EVP_MAX_KEY_LENGTH
-bytes.
-.Pp
-The ASN.1 code is incomplete (and sometimes inaccurate).
-It has only been tested for certain common S/MIME ciphers
-(RC2, DES, triple DES) in CBC mode.