1*380eceddSschwarze.\" $OpenBSD: EVP_CIPHER_CTX_ctrl.3,v 1.3 2024/12/08 17:41:23 schwarze Exp $ 2d1527b6eSschwarze.\" full merge up to: OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800 3d1527b6eSschwarze.\" 4d1527b6eSschwarze.\" This file is a derived work. 5d1527b6eSschwarze.\" The changes are covered by the following Copyright and license: 6d1527b6eSschwarze.\" 7d1527b6eSschwarze.\" Copyright (c) 2018, 2023 Ingo Schwarze <schwarze@openbsd.org> 8d1527b6eSschwarze.\" Copyright (c) 2018 Damien Miller <djm@openbsd.org> 9d1527b6eSschwarze.\" 10d1527b6eSschwarze.\" Permission to use, copy, modify, and distribute this software for any 11d1527b6eSschwarze.\" purpose with or without fee is hereby granted, provided that the above 12d1527b6eSschwarze.\" copyright notice and this permission notice appear in all copies. 13d1527b6eSschwarze.\" 14d1527b6eSschwarze.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 15d1527b6eSschwarze.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 16d1527b6eSschwarze.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 17d1527b6eSschwarze.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 18d1527b6eSschwarze.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 19d1527b6eSschwarze.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 20d1527b6eSschwarze.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 21d1527b6eSschwarze.\" 22d1527b6eSschwarze.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>. 23d1527b6eSschwarze.\" Copyright (c) 2000, 2001, 2016 The OpenSSL Project. 24d1527b6eSschwarze.\" All rights reserved. 25d1527b6eSschwarze.\" 26d1527b6eSschwarze.\" Redistribution and use in source and binary forms, with or without 27d1527b6eSschwarze.\" modification, are permitted provided that the following conditions 28d1527b6eSschwarze.\" are met: 29d1527b6eSschwarze.\" 30d1527b6eSschwarze.\" 1. Redistributions of source code must retain the above copyright 31d1527b6eSschwarze.\" notice, this list of conditions and the following disclaimer. 32d1527b6eSschwarze.\" 33d1527b6eSschwarze.\" 2. Redistributions in binary form must reproduce the above copyright 34d1527b6eSschwarze.\" notice, this list of conditions and the following disclaimer in 35d1527b6eSschwarze.\" the documentation and/or other materials provided with the 36d1527b6eSschwarze.\" distribution. 37d1527b6eSschwarze.\" 38d1527b6eSschwarze.\" 3. All advertising materials mentioning features or use of this 39d1527b6eSschwarze.\" software must display the following acknowledgment: 40d1527b6eSschwarze.\" "This product includes software developed by the OpenSSL Project 41d1527b6eSschwarze.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 42d1527b6eSschwarze.\" 43d1527b6eSschwarze.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 44d1527b6eSschwarze.\" endorse or promote products derived from this software without 45d1527b6eSschwarze.\" prior written permission. For written permission, please contact 46d1527b6eSschwarze.\" openssl-core@openssl.org. 47d1527b6eSschwarze.\" 48d1527b6eSschwarze.\" 5. Products derived from this software may not be called "OpenSSL" 49d1527b6eSschwarze.\" nor may "OpenSSL" appear in their names without prior written 50d1527b6eSschwarze.\" permission of the OpenSSL Project. 51d1527b6eSschwarze.\" 52d1527b6eSschwarze.\" 6. Redistributions of any form whatsoever must retain the following 53d1527b6eSschwarze.\" acknowledgment: 54d1527b6eSschwarze.\" "This product includes software developed by the OpenSSL Project 55d1527b6eSschwarze.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" 56d1527b6eSschwarze.\" 57d1527b6eSschwarze.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 58d1527b6eSschwarze.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 59d1527b6eSschwarze.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 60d1527b6eSschwarze.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 61d1527b6eSschwarze.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 62d1527b6eSschwarze.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 63d1527b6eSschwarze.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 64d1527b6eSschwarze.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 65d1527b6eSschwarze.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 66d1527b6eSschwarze.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 67d1527b6eSschwarze.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 68d1527b6eSschwarze.\" OF THE POSSIBILITY OF SUCH DAMAGE. 69d1527b6eSschwarze.\" 70*380eceddSschwarze.Dd $Mdocdate: December 8 2024 $ 71d1527b6eSschwarze.Dt EVP_CIPHER_CTX_CTRL 3 72d1527b6eSschwarze.Os 73d1527b6eSschwarze.Sh NAME 74d1527b6eSschwarze.Nm EVP_CIPHER_CTX_ctrl , 75d1527b6eSschwarze.Nm EVP_CIPHER_CTX_set_padding , 76d1527b6eSschwarze.Nm EVP_CIPHER_CTX_set_key_length , 77d1527b6eSschwarze.Nm EVP_CIPHER_CTX_key_length , 78d1527b6eSschwarze.Nm EVP_CIPHER_key_length , 79d1527b6eSschwarze.Nm EVP_CIPHER_CTX_iv_length , 80d1527b6eSschwarze.Nm EVP_CIPHER_iv_length , 81d1527b6eSschwarze.Nm EVP_CIPHER_CTX_set_iv , 82d1527b6eSschwarze.Nm EVP_CIPHER_CTX_get_iv 83d1527b6eSschwarze.Nd configure EVP cipher contexts 84d1527b6eSschwarze.Sh SYNOPSIS 85d1527b6eSschwarze.In openssl/evp.h 86d1527b6eSschwarze.Ft int 87d1527b6eSschwarze.Fo EVP_CIPHER_CTX_ctrl 88d1527b6eSschwarze.Fa "EVP_CIPHER_CTX *ctx" 89d1527b6eSschwarze.Fa "int type" 90d1527b6eSschwarze.Fa "int arg" 91d1527b6eSschwarze.Fa "void *ptr" 92d1527b6eSschwarze.Fc 93d1527b6eSschwarze.Ft int 94d1527b6eSschwarze.Fo EVP_CIPHER_CTX_set_padding 95d1527b6eSschwarze.Fa "EVP_CIPHER_CTX *x" 96d1527b6eSschwarze.Fa "int padding" 97d1527b6eSschwarze.Fc 98d1527b6eSschwarze.Ft int 99d1527b6eSschwarze.Fo EVP_CIPHER_CTX_set_key_length 100d1527b6eSschwarze.Fa "EVP_CIPHER_CTX *x" 101d1527b6eSschwarze.Fa "int keylen" 102d1527b6eSschwarze.Fc 103d1527b6eSschwarze.Ft int 104d1527b6eSschwarze.Fo EVP_CIPHER_CTX_key_length 105d1527b6eSschwarze.Fa "const EVP_CIPHER_CTX *ctx" 106d1527b6eSschwarze.Fc 107d1527b6eSschwarze.Ft int 108d1527b6eSschwarze.Fo EVP_CIPHER_key_length 109d1527b6eSschwarze.Fa "const EVP_CIPHER *e" 110d1527b6eSschwarze.Fc 111d1527b6eSschwarze.Ft int 112d1527b6eSschwarze.Fo EVP_CIPHER_CTX_iv_length 113d1527b6eSschwarze.Fa "const EVP_CIPHER_CTX *ctx" 114d1527b6eSschwarze.Fc 115d1527b6eSschwarze.Ft int 116d1527b6eSschwarze.Fo EVP_CIPHER_iv_length 117d1527b6eSschwarze.Fa "const EVP_CIPHER *e" 118d1527b6eSschwarze.Fc 119d1527b6eSschwarze.Ft int 120d1527b6eSschwarze.Fo EVP_CIPHER_CTX_set_iv 121d1527b6eSschwarze.Fa "EVP_CIPHER_CTX *ctx" 122d1527b6eSschwarze.Fa "const unsigned char *iv" 123d1527b6eSschwarze.Fa "size_t len" 124d1527b6eSschwarze.Fc 125d1527b6eSschwarze.Ft int 126d1527b6eSschwarze.Fo EVP_CIPHER_CTX_get_iv 127d1527b6eSschwarze.Fa "const EVP_CIPHER_CTX *ctx" 128d1527b6eSschwarze.Fa "unsigned char *iv" 129d1527b6eSschwarze.Fa "size_t len" 130d1527b6eSschwarze.Fc 131d1527b6eSschwarze.Sh DESCRIPTION 132d1527b6eSschwarze.Fn EVP_CIPHER_CTX_ctrl 133d1527b6eSschwarzeallows various cipher specific parameters to be determined and set. 134*380eceddSschwarzeCurrently only the RC2 effective key length can be set; see 135*380eceddSschwarze.Xr EVP_rc2_cbc 3 136*380eceddSschwarzefor details. 137d1527b6eSschwarze.Pp 138d1527b6eSschwarze.Fn EVP_CIPHER_CTX_set_padding 139d1527b6eSschwarzeenables or disables padding. 140d1527b6eSschwarzeThis function should be called after the context is set up for 141d1527b6eSschwarzeencryption or decryption with 142d1527b6eSschwarze.Xr EVP_EncryptInit_ex 3 , 143d1527b6eSschwarze.Xr EVP_DecryptInit_ex 3 , 144d1527b6eSschwarzeor 145d1527b6eSschwarze.Xr EVP_CipherInit_ex 3 . 146d1527b6eSschwarzeBy default encryption operations are padded using standard block padding 147d1527b6eSschwarzeand the padding is checked and removed when decrypting. 148d1527b6eSschwarzeIf the 149d1527b6eSschwarze.Fa padding 150d1527b6eSschwarzeparameter is zero, then no padding is performed, the total amount of data 151d1527b6eSschwarzeencrypted or decrypted must then be a multiple of the block size or an 152d1527b6eSschwarzeerror will occur. 153d1527b6eSschwarze.Pp 154d1527b6eSschwarze.Fn EVP_CIPHER_CTX_set_key_length 155d1527b6eSschwarzesets the key length of the cipher ctx. 156d1527b6eSschwarzeIf the cipher is a fixed length cipher, then attempting to set the key 157d1527b6eSschwarzelength to any value other than the fixed value is an error. 158d1527b6eSschwarze.Pp 159d1527b6eSschwarze.Fn EVP_CIPHER_CTX_key_length 160d1527b6eSschwarzeand 161d1527b6eSschwarze.Fn EVP_CIPHER_key_length 162d1527b6eSschwarzereturn the key length of a cipher when passed an 163d1527b6eSschwarze.Vt EVP_CIPHER_CTX 164d1527b6eSschwarzeor 165d1527b6eSschwarze.Vt EVP_CIPHER 166d1527b6eSschwarzestructure. 167d1527b6eSschwarzeThe constant 168d1527b6eSschwarze.Dv EVP_MAX_KEY_LENGTH 169d1527b6eSschwarzeis the maximum key length for all ciphers. 170d1527b6eSschwarzeNote: although 171d1527b6eSschwarze.Fn EVP_CIPHER_key_length 172d1527b6eSschwarzeis fixed for a given cipher, the value of 173d1527b6eSschwarze.Fn EVP_CIPHER_CTX_key_length 174d1527b6eSschwarzemay be different for variable key length ciphers. 175d1527b6eSschwarze.Pp 176d1527b6eSschwarze.Fn EVP_CIPHER_CTX_iv_length 177d1527b6eSschwarzeand 178d1527b6eSschwarze.Fn EVP_CIPHER_iv_length 179d1527b6eSschwarzereturn the IV length of a cipher when passed an 180d1527b6eSschwarze.Vt EVP_CIPHER_CTX 181d1527b6eSschwarzeor 182d1527b6eSschwarze.Vt EVP_CIPHER . 183badcf8e9StbThey will return zero if the cipher does not use an IV. 184badcf8e9Stb.Fn EVP_CIPHER_CTX_iv_length 185badcf8e9Stbcan fail and return \-1. 186d1527b6eSschwarzeThe constant 187d1527b6eSschwarze.Dv EVP_MAX_IV_LENGTH 188d1527b6eSschwarzeis the maximum IV length for all ciphers. 189d1527b6eSschwarze.Pp 190d1527b6eSschwarze.Fn EVP_CIPHER_CTX_set_iv 191d1527b6eSschwarzeand 192d1527b6eSschwarze.Fn EVP_CIPHER_CTX_get_iv 193d1527b6eSschwarzeset and retrieve the IV for an 194d1527b6eSschwarze.Vt EVP_CIPHER_CTX , 195d1527b6eSschwarzerespectively. 196d1527b6eSschwarzeIn both cases, the specified IV length must exactly equal the expected 197d1527b6eSschwarzeIV length for the context as returned by 198d1527b6eSschwarze.Fn EVP_CIPHER_CTX_iv_length . 199d1527b6eSschwarze.Sh RETURN VALUES 200d1527b6eSschwarze.Fn EVP_CIPHER_CTX_ctrl 201d1527b6eSschwarzeusually returns 1 for success, 0 for failure, or \-1 if the 202d1527b6eSschwarze.Fa type 203d1527b6eSschwarzeis not supported by the 204d1527b6eSschwarze.Fa ctx , 205d1527b6eSschwarzebut there may be exceptions for some 206d1527b6eSschwarze.Fa type 207d1527b6eSschwarzearguments. 208d1527b6eSschwarze.Pp 209d1527b6eSschwarze.Fn EVP_CIPHER_CTX_set_padding 210d1527b6eSschwarzealways returns 1. 211d1527b6eSschwarze.Pp 212d1527b6eSschwarze.Fn EVP_CIPHER_CTX_set_key_length , 213d1527b6eSschwarze.Fn EVP_CIPHER_CTX_set_iv , 214d1527b6eSschwarzeand 215d1527b6eSschwarze.Fn EVP_CIPHER_CTX_get_iv 216d1527b6eSschwarzereturn 1 for success or 0 for failure. 217d1527b6eSschwarze.Pp 218d1527b6eSschwarze.Fn EVP_CIPHER_CTX_key_length 219d1527b6eSschwarzeand 220d1527b6eSschwarze.Fn EVP_CIPHER_key_length 221d1527b6eSschwarzereturn the key length. 222d1527b6eSschwarze.Pp 223d1527b6eSschwarze.Fn EVP_CIPHER_CTX_iv_length 224d1527b6eSschwarzeand 225d1527b6eSschwarze.Fn EVP_CIPHER_iv_length 226d1527b6eSschwarzereturn the IV length or zero if the cipher does not use an IV. 227badcf8e9Stb.Fn EVP_CIPHER_CTX_iv_length 228badcf8e9Stbcan fail and return \-1. 229d1527b6eSschwarze.Sh SEE ALSO 230d1527b6eSschwarze.Xr evp 3 , 231d1527b6eSschwarze.Xr EVP_CIPHER_nid 3 , 232d1527b6eSschwarze.Xr EVP_EncryptInit 3 233d1527b6eSschwarze.Sh HISTORY 234d1527b6eSschwarze.Fn EVP_CIPHER_CTX_key_length , 235d1527b6eSschwarze.Fn EVP_CIPHER_key_length , 236d1527b6eSschwarze.Fn EVP_CIPHER_CTX_iv_length , 237d1527b6eSschwarzeand 238d1527b6eSschwarze.Fn EVP_CIPHER_iv_length 239d1527b6eSschwarzefirst appeared in SSLeay 0.6.5 and have been available since 240d1527b6eSschwarze.Ox 2.4 . 241d1527b6eSschwarze.Pp 242d1527b6eSschwarze.Fn EVP_CIPHER_CTX_ctrl 243d1527b6eSschwarzeand 244d1527b6eSschwarze.Fn EVP_CIPHER_CTX_set_key_length 245d1527b6eSschwarzefirst appeared in OpenSSL 0.9.6 and have been available since 246d1527b6eSschwarze.Ox 2.9 . 247d1527b6eSschwarze.Pp 248d1527b6eSschwarze.Fn EVP_CIPHER_CTX_set_padding 249d1527b6eSschwarzefirst appeared in OpenSSL 0.9.7 and has been available since 250d1527b6eSschwarze.Ox 3.2 . 251d1527b6eSschwarze.Pp 252d1527b6eSschwarze.Fn EVP_CIPHER_CTX_set_iv 253d1527b6eSschwarzeand 254d1527b6eSschwarze.Fn EVP_CIPHER_CTX_get_iv 255d1527b6eSschwarzefirst appeared in LibreSSL 2.8.1 and have been available since 256d1527b6eSschwarze.Ox 6.4 . 257d1527b6eSschwarze.Sh BUGS 258d1527b6eSschwarze.Dv EVP_MAX_KEY_LENGTH 259d1527b6eSschwarzeand 260d1527b6eSschwarze.Dv EVP_MAX_IV_LENGTH 261d1527b6eSschwarzeonly refer to the internal ciphers with default key lengths. 262d1527b6eSschwarzeIf custom ciphers exceed these values, the results are unpredictable. 263d1527b6eSschwarzeThis is because it has become standard practice to define a generic key 264d1527b6eSschwarzeas a fixed unsigned char array containing 265d1527b6eSschwarze.Dv EVP_MAX_KEY_LENGTH 266d1527b6eSschwarzebytes. 267