|
Packit |
c4476c |
=pod
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 NAME
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
EVP_CIPHER_meth_new, EVP_CIPHER_meth_dup, EVP_CIPHER_meth_free,
|
|
Packit |
c4476c |
EVP_CIPHER_meth_set_iv_length, EVP_CIPHER_meth_set_flags,
|
|
Packit |
c4476c |
EVP_CIPHER_meth_set_impl_ctx_size, EVP_CIPHER_meth_set_init,
|
|
Packit |
c4476c |
EVP_CIPHER_meth_set_do_cipher, EVP_CIPHER_meth_set_cleanup,
|
|
Packit |
c4476c |
EVP_CIPHER_meth_set_set_asn1_params, EVP_CIPHER_meth_set_get_asn1_params,
|
|
Packit |
c4476c |
EVP_CIPHER_meth_set_ctrl, EVP_CIPHER_meth_get_init,
|
|
Packit |
c4476c |
EVP_CIPHER_meth_get_do_cipher, EVP_CIPHER_meth_get_cleanup,
|
|
Packit |
c4476c |
EVP_CIPHER_meth_get_set_asn1_params, EVP_CIPHER_meth_get_get_asn1_params,
|
|
Packit |
c4476c |
EVP_CIPHER_meth_get_ctrl - Routines to build up EVP_CIPHER methods
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 SYNOPSIS
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
#include <openssl/evp.h>
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
|
|
Packit |
c4476c |
EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher);
|
|
Packit |
c4476c |
void EVP_CIPHER_meth_free(EVP_CIPHER *cipher);
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len);
|
|
Packit |
c4476c |
int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags);
|
|
Packit |
c4476c |
int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size);
|
|
Packit |
c4476c |
int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher,
|
|
Packit |
c4476c |
int (*init)(EVP_CIPHER_CTX *ctx,
|
|
Packit |
c4476c |
const unsigned char *key,
|
|
Packit |
c4476c |
const unsigned char *iv,
|
|
Packit |
c4476c |
int enc));
|
|
Packit |
c4476c |
int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher,
|
|
Packit |
c4476c |
int (*do_cipher)(EVP_CIPHER_CTX *ctx,
|
|
Packit |
c4476c |
unsigned char *out,
|
|
Packit |
c4476c |
const unsigned char *in,
|
|
Packit |
c4476c |
size_t inl));
|
|
Packit |
c4476c |
int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher,
|
|
Packit |
c4476c |
int (*cleanup)(EVP_CIPHER_CTX *));
|
|
Packit |
c4476c |
int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher,
|
|
Packit |
c4476c |
int (*set_asn1_parameters)(EVP_CIPHER_CTX *,
|
|
Packit |
c4476c |
ASN1_TYPE *));
|
|
Packit |
c4476c |
int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher,
|
|
Packit |
c4476c |
int (*get_asn1_parameters)(EVP_CIPHER_CTX *,
|
|
Packit |
c4476c |
ASN1_TYPE *));
|
|
Packit |
c4476c |
int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher,
|
|
Packit |
c4476c |
int (*ctrl)(EVP_CIPHER_CTX *, int type,
|
|
Packit |
c4476c |
int arg, void *ptr));
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
|
|
Packit |
c4476c |
const unsigned char *key,
|
|
Packit |
c4476c |
const unsigned char *iv,
|
|
Packit |
c4476c |
int enc);
|
|
Packit |
c4476c |
int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
|
|
Packit |
c4476c |
unsigned char *out,
|
|
Packit |
c4476c |
const unsigned char *in,
|
|
Packit |
c4476c |
size_t inl);
|
|
Packit |
c4476c |
int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *);
|
|
Packit |
c4476c |
int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
|
|
Packit |
c4476c |
ASN1_TYPE *);
|
|
Packit |
c4476c |
int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
|
|
Packit |
c4476c |
ASN1_TYPE *);
|
|
Packit |
c4476c |
int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
|
|
Packit |
c4476c |
int type, int arg,
|
|
Packit |
c4476c |
void *ptr);
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 DESCRIPTION
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
The B<EVP_CIPHER> type is a structure for symmetric cipher method
|
|
Packit |
c4476c |
implementation.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
EVP_CIPHER_meth_new() creates a new B<EVP_CIPHER> structure.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
EVP_CIPHER_meth_dup() creates a copy of B<cipher>.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
EVP_CIPHER_meth_free() destroys a B<EVP_CIPHER> structure.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
EVP_CIPHER_meth_set_iv_length() sets the length of the IV.
|
|
Packit |
c4476c |
This is only needed when the implemented cipher mode requires it.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
EVP_CIPHER_meth_set_flags() sets the flags to describe optional
|
|
Packit |
c4476c |
behaviours in the particular B<cipher>.
|
|
Packit |
c4476c |
With the exception of cipher modes, of which only one may be present,
|
|
Packit |
c4476c |
several flags can be or'd together.
|
|
Packit |
c4476c |
The available flags are:
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=over 4
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=item EVP_CIPH_STREAM_CIPHER, EVP_CIPH_ECB_MODE EVP_CIPH_CBC_MODE,
|
|
Packit |
c4476c |
EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE,
|
|
Packit |
c4476c |
EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, EVP_CIPH_WRAP_MODE,
|
|
Packit |
c4476c |
EVP_CIPH_OCB_MODE
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
The cipher mode.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=item EVP_CIPH_VARIABLE_LENGTH
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
This cipher is of variable length.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=item EVP_CIPH_CUSTOM_IV
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Storing and initialising the IV is left entirely to the
|
|
Packit |
c4476c |
implementation.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=item EVP_CIPH_ALWAYS_CALL_INIT
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Set this if the implementation's init() function should be called even
|
|
Packit |
c4476c |
if B<key> is B<NULL>.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=item EVP_CIPH_CTRL_INIT
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Set this to have the implementation's ctrl() function called with
|
|
Packit |
c4476c |
command code B<EVP_CTRL_INIT> early in its setup.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=item EVP_CIPH_CUSTOM_KEY_LENGTH
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Checking and setting the key length after creating the B<EVP_CIPHER>
|
|
Packit |
c4476c |
is left to the implementation.
|
|
Packit |
c4476c |
Whenever someone uses EVP_CIPHER_CTX_set_key_length() on a
|
|
Packit |
c4476c |
B<EVP_CIPHER> with this flag set, the implementation's ctrl() function
|
|
Packit |
c4476c |
will be called with the control code B<EVP_CTRL_SET_KEY_LENGTH> and
|
|
Packit |
c4476c |
the key length in B<arg>.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=item EVP_CIPH_NO_PADDING
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Don't use standard block padding.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=item EVP_CIPH_RAND_KEY
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Making a key with random content is left to the implementation.
|
|
Packit |
c4476c |
This is done by calling the implementation's ctrl() function with the
|
|
Packit |
c4476c |
control code B<EVP_CTRL_RAND_KEY> and the pointer to the key memory
|
|
Packit |
c4476c |
storage in B<ptr>.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=item EVP_CIPH_CUSTOM_COPY
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Set this to have the implementation's ctrl() function called with
|
|
Packit |
c4476c |
command code B<EVP_CTRL_COPY> at the end of EVP_CIPHER_CTX_copy().
|
|
Packit |
c4476c |
The intended use is for further things to deal with after the
|
|
Packit |
c4476c |
implementation specific data block has been copied.
|
|
Packit |
c4476c |
The destination B<EVP_CIPHER_CTX> is passed to the control with the
|
|
Packit |
c4476c |
B<ptr> parameter.
|
|
Packit |
c4476c |
The implementation specific data block is reached with
|
|
Packit |
c4476c |
EVP_CIPHER_CTX_get_cipher_data().
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=item EVP_CIPH_FLAG_DEFAULT_ASN1
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Use the default EVP routines to pass IV to and from ASN.1.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=item EVP_CIPH_FLAG_LENGTH_BITS
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Signals that the length of the input buffer for encryption /
|
|
Packit |
c4476c |
decryption is to be understood as the number of bits instead of
|
|
Packit |
c4476c |
bytes for this implementation.
|
|
Packit |
c4476c |
This is only useful for CFB1 ciphers.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=begin comment
|
|
Packit |
c4476c |
The FIPS flags seem to be unused, so I'm hiding them until I get an
|
|
Packit |
c4476c |
explanation or they get removed. /RL
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=item EVP_CIPH_FLAG_FIPS
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=item EVP_CIPH_FLAG_NON_FIPS_ALLOW
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=end comment
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=item EVP_CIPH_FLAG_CUSTOM_CIPHER
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
This indicates that the implementation takes care of everything,
|
|
Packit |
c4476c |
including padding, buffering and finalization.
|
|
Packit |
c4476c |
The EVP routines will simply give them control and do nothing more.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=item EVP_CIPH_FLAG_AEAD_CIPHER
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
This indicates that this is an AEAD cipher implementation.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=item EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Allow interleaving of crypto blocks, a particular optimization only applicable
|
|
Packit |
c4476c |
to certain TLS ciphers.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=back
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
EVP_CIPHER_meth_set_impl_ctx_size() sets the size of the EVP_CIPHER's
|
|
Packit |
c4476c |
implementation context so that it can be automatically allocated.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
EVP_CIPHER_meth_set_init() sets the cipher init function for
|
|
Packit |
c4476c |
B<cipher>.
|
|
Packit |
c4476c |
The cipher init function is called by EVP_CipherInit(),
|
|
Packit |
c4476c |
EVP_CipherInit_ex(), EVP_EncryptInit(), EVP_EncryptInit_ex(),
|
|
Packit |
c4476c |
EVP_DecryptInit(), EVP_DecryptInit_ex().
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
EVP_CIPHER_meth_set_do_cipher() sets the cipher function for
|
|
Packit |
c4476c |
B<cipher>.
|
|
Packit |
c4476c |
The cipher function is called by EVP_CipherUpdate(),
|
|
Packit |
c4476c |
EVP_EncryptUpdate(), EVP_DecryptUpdate(), EVP_CipherFinal(),
|
|
Packit |
c4476c |
EVP_EncryptFinal(), EVP_EncryptFinal_ex(), EVP_DecryptFinal() and
|
|
Packit |
c4476c |
EVP_DecryptFinal_ex().
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
EVP_CIPHER_meth_set_cleanup() sets the function for B<cipher> to do
|
|
Packit |
c4476c |
extra cleanup before the method's private data structure is cleaned
|
|
Packit |
c4476c |
out and freed.
|
|
Packit |
c4476c |
Note that the cleanup function is passed a B<EVP_CIPHER_CTX *>, the
|
|
Packit |
c4476c |
private data structure is then available with
|
|
Packit |
c4476c |
EVP_CIPHER_CTX_get_cipher_data().
|
|
Packit |
c4476c |
This cleanup function is called by EVP_CIPHER_CTX_reset() and
|
|
Packit |
c4476c |
EVP_CIPHER_CTX_free().
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
EVP_CIPHER_meth_set_set_asn1_params() sets the function for B<cipher>
|
|
Packit |
c4476c |
to set the AlgorithmIdentifier "parameter" based on the passed cipher.
|
|
Packit |
c4476c |
This function is called by EVP_CIPHER_param_to_asn1().
|
|
Packit |
c4476c |
EVP_CIPHER_meth_set_get_asn1_params() sets the function for B<cipher>
|
|
Packit |
c4476c |
that sets the cipher parameters based on an ASN.1 AlgorithmIdentifier
|
|
Packit |
c4476c |
"parameter".
|
|
Packit |
c4476c |
Both these functions are needed when there is a need for custom data
|
|
Packit |
c4476c |
(more or other than the cipher IV).
|
|
Packit |
c4476c |
They are called by EVP_CIPHER_param_to_asn1() and
|
|
Packit |
c4476c |
EVP_CIPHER_asn1_to_param() respectively if defined.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
EVP_CIPHER_meth_set_ctrl() sets the control function for B<cipher>.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
EVP_CIPHER_meth_get_init(), EVP_CIPHER_meth_get_do_cipher(),
|
|
Packit |
c4476c |
EVP_CIPHER_meth_get_cleanup(), EVP_CIPHER_meth_get_set_asn1_params(),
|
|
Packit |
c4476c |
EVP_CIPHER_meth_get_get_asn1_params() and EVP_CIPHER_meth_get_ctrl()
|
|
Packit |
c4476c |
are all used to retrieve the method data given with the
|
|
Packit |
c4476c |
EVP_CIPHER_meth_set_*() functions above.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 RETURN VALUES
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
EVP_CIPHER_meth_new() and EVP_CIPHER_meth_dup() return a pointer to a
|
|
Packit |
c4476c |
newly created B<EVP_CIPHER>, or NULL on failure.
|
|
Packit |
c4476c |
All EVP_CIPHER_meth_set_*() functions return 1.
|
|
Packit |
c4476c |
All EVP_CIPHER_meth_get_*() functions return pointers to their
|
|
Packit |
c4476c |
respective B<cipher> function.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 SEE ALSO
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
L<EVP_EncryptInit>
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 HISTORY
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
The functions described here were added in OpenSSL 1.1.0.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 COPYRIGHT
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Licensed under the OpenSSL license (the "License"). You may not use
|
|
Packit |
c4476c |
this file except in compliance with the License. You can obtain a copy
|
|
Packit |
c4476c |
in the file LICENSE in the source distribution or at
|
|
Packit |
c4476c |
L<https://www.openssl.org/source/license.html>.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=cut
|