Sortix cross-nightly manual
This manual documents Sortix cross-nightly. You can instead view this document in the latest official manual.
NAME
EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX_free, EVP_CIPHER_CTX_copy, EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex, EVP_DecryptInit_ex, EVP_DecryptUpdate, EVP_DecryptFinal_ex, EVP_CipherInit_ex, EVP_CipherUpdate, EVP_CipherFinal_ex, EVP_EncryptInit, EVP_EncryptFinal, EVP_DecryptInit, EVP_DecryptFinal, EVP_CipherInit, EVP_CipherFinal, EVP_CIPHER_CTX_encrypting, EVP_get_cipherbyname, EVP_get_cipherbynid, EVP_get_cipherbyobj, EVP_CIPHER_CTX_cipher, EVP_enc_null, EVP_idea_cbc, EVP_idea_ecb, EVP_idea_cfb64, EVP_idea_cfb, EVP_idea_ofb, EVP_rc2_cbc, EVP_rc2_ecb, EVP_rc2_cfb64, EVP_rc2_cfb, EVP_rc2_ofb, EVP_rc2_40_cbc, EVP_rc2_64_cbc, EVP_bf_cbc, EVP_bf_ecb, EVP_bf_cfb64, EVP_bf_cfb, EVP_bf_ofb, EVP_cast5_cbc, EVP_cast5_ecb, EVP_cast5_cfb64, EVP_cast5_cfb, EVP_cast5_ofb — EVP cipher routinesSYNOPSIS
#include <openssl/evp.h>EVP_CIPHER_CTX_new(void);
EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx);
EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx);
EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in);
EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, ENGINE *impl, const unsigned char *key, const unsigned char *iv);
EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len, const unsigned char *in, int in_len);
EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len);
EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, ENGINE *impl, const unsigned char *key, const unsigned char *iv);
EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len, const unsigned char *in, int in_len);
EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len);
EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc);
EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len, const unsigned char *in, int in_len);
EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len);
EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, const unsigned char *key, const unsigned char *iv);
EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len);
EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, const unsigned char *key, const unsigned char *iv);
EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len);
EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, const unsigned char *key, const unsigned char *iv, int enc);
EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len);
EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx);
EVP_get_cipherbyname(const char *name);
EVP_get_cipherbynid(int nid);
EVP_get_cipherbyobj(const ASN1_OBJECT *a);
EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
DESCRIPTION
The EVP cipher routines are a high level interface to certain symmetric ciphers.0
, and out such that the cipher implementation can perform further algorithm- and implementation-specific initializations after the algorithm- and implementation-specific cipher data has been copied. Among the cipher algorithms built into the library, EVP_CIPH_CUSTOM_COPY and EVP_CTRL_COPY are used by some of the ciphers documented in the EVP_aes_256_gcm(3) manual page.+ cipher_block_size - 1
) so out should contain sufficient room. The actual number of bytes written is placed in *out_len.+ cipher_block_size
) bytes unless the cipher block size is 1 in which case in_len bytes is sufficient.RETURN VALUES
EVP_CIPHER_CTX_new() returns a pointer to a newly created EVP_CIPHER_CTX for success or NULL for failure.CIPHER LISTING
All algorithms have a fixed key length unless otherwise stated.- EVP_enc_null()
- Null cipher: does nothing.
- EVP_idea_cbc(), EVP_idea_ecb(), EVP_idea_cfb64(), EVP_idea_ofb()
- IDEA encryption algorithm in CBC, ECB, CFB and OFB modes respectively. EVP_idea_cfb() is an alias for EVP_idea_cfb64(), implemented as a macro.
- EVP_rc2_cbc(), EVP_rc2_ecb(), EVP_rc2_cfb64(), EVP_rc2_ofb()
- RC2 encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key length cipher with an additional parameter called "effective key bits" or "effective key length". By default both are set to 128 bits. EVP_rc2_cfb() is an alias for EVP_rc2_cfb64(), implemented as a macro.
- EVP_rc2_40_cbc(), EVP_rc2_64_cbc()
- RC2 algorithm in CBC mode with a default key length and effective key length of 40 and 64 bits. These are obsolete and new code should use EVP_rc2_cbc(), EVP_CIPHER_CTX_set_key_length(3), and EVP_CIPHER_CTX_ctrl(3) to set the key length and effective key length.
- EVP_bf_cbc(), EVP_bf_ecb(), EVP_bf_cfb64(), EVP_bf_ofb()
- Blowfish encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key length cipher. EVP_bf_cfb() is an alias for EVP_bf_cfb64(), implemented as a macro.
- EVP_cast5_cbc(), EVP_cast5_ecb(), EVP_cast5_cfb64(), EVP_cast5_ofb()
- CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key length cipher. EVP_cast5_cfb() is an alias for EVP_cast5_cfb64(), implemented as a macro.
GCM mode
For GCM mode ciphers, the behaviour of the EVP interface is subtly altered and several additional ctrl operations are supported.- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, NULL)
- Sets the IV length: this call can only be made before specifying an IV. If not called, a default IV length is used. For GCM AES the default is 12, i.e. 96 bits.
- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, taglen, tag)
- Writes taglen bytes of the tag value to the buffer indicated by tag. This call can only be made when encrypting data and after all data has been processed, e.g. after an EVP_EncryptFinal() or EVP_EncryptFinal_ex() call.
- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, taglen, tag)
- Sets the expected tag to taglen bytes from tag. This call is only legal when decrypting data and must be made before any data is processed, e.g. before any EVP_DecryptUpdate call.
CCM mode
The behaviour of CCM mode ciphers is similar to GCM mode, but with a few additional requirements and different ctrl values.and
out) set to NULL and the length passed in the in_len parameter.- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, taglen, tag)
- This call is made to set the expected CCM tag value when decrypting or the length of the tag (with the tag parameter set to NULL) when encrypting. The tag length is often referred to as M. If not set, a default value is used (12 for AES).
- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_L, ivlen, NULL)
- Sets the CCM L value. If not set, a default is used (8 for AES).
- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, ivlen, NULL)
- Sets the CCM nonce (IV) length: this call can only be made before specifying a nonce value. The nonce length is given by 15 - L so it is 7 by default for AES.
EXAMPLES
Encrypt a string using blowfish:int do_crypt(char *out_filename) { unsigned char out_buf[1024]; int out_len, tmp_len; /* * Bogus key and IV: we'd normally set these from * another source. */ unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}; unsigned char iv[] = {1,2,3,4,5,6,7,8}; const char in_text[] = "Some Crypto Text"; EVP_CIPHER_CTX *ctx; FILE *out_fileptr; ctx = EVP_CIPHER_CTX_new(); EVP_EncryptInit_ex(ctx, EVP_bf_cbc(), NULL, key, iv); if (!EVP_EncryptUpdate(ctx, out_buf, &out_len, in_text, strlen(in_text))) { /* Error */ EVP_CIPHER_CTX_free(ctx); return 0; } /* * Buffer passed to EVP_EncryptFinal() must be after data just * encrypted to avoid overwriting it. */ if (!EVP_EncryptFinal_ex(ctx, out_buf + out_len, &tmp_len)) { /* Error */ EVP_CIPHER_CTX_free(ctx); return 0; } out_len += tmp_len; EVP_CIPHER_CTX_free(ctx); /* * Need binary mode for fopen because encrypted data is * binary data. Also cannot use strlen() on it because * it won't be NUL terminated and may contain embedded * NULs. */ out_fileptr = fopen(out_filename, "wb"); if (out_fileptr == NULL) { /* Error */ return 0; } fwrite(out_buf, 1, out_len, out_fileptr); fclose(out_fileptr); return 1; }
openssl bf -in cipher.bin -K 000102030405060708090A0B0C0D0E0F \ -iv 0102030405060708 -d
int do_crypt(FILE *in_fileptr, FILE *out_fileptr, int do_encrypt) { /* Allow enough space in output buffer for additional block */ unsigned char in_buf[1024], out_buf[1024 + EVP_MAX_BLOCK_LENGTH]; int in_len, out_len; EVP_CIPHER_CTX *ctx; /* * Bogus key and IV: we'd normally set these from * another source. */ unsigned char key[] = "0123456789abcdeF"; unsigned char iv[] = "1234567887654321"; ctx = EVP_CIPHER_CTX_new(); EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, NULL, NULL, do_encrypt); EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, do_encrypt); for (;;) { in_len = fread(in_buf, 1, 1024, in_fileptr); if (in_len <= 0) break; if (!EVP_CipherUpdate(ctx, out_buf, &out_len, in_buf, in_len)) { /* Error */ EVP_CIPHER_CTX_free(ctx); return 0; } fwrite(out_buf, 1, out_len, out_fileptr); } if (!EVP_CipherFinal_ex(ctx, out_buf, &out_len)) { /* Error */ EVP_CIPHER_CTX_free(ctx); return 0; } fwrite(out_buf, 1, out_len, out_fileptr); EVP_CIPHER_CTX_free(ctx); return 1; }