EVP_aes_256_wrap implements AES-256 in Key Wrap mode. OpenSSL 1.1.1 required EVP_CIPHER_CTX_FLAG_WRAP_ALLOW to be set with EVP_CIPHER_CTX_set_flags, in order for EVP_aes_256_wrap to work. This is not required in AWS-LC and they are no-op flags maintained for compatibility.

EVP_enc_null returns a 'cipher' that passes plaintext through as ciphertext.

EVP_rc2_cbc returns a cipher that implements 128-bit RC2 in CBC mode.

EVP_rc2_40_cbc returns a cipher that implements 40-bit RC2 in CBC mode. This is obviously very, very weak and is included only in order to read PKCS#12 files, which often encrypt the certificate chain using this cipher. It is deliberately not exported.

EVP_chacha20_poly1305 returns a cipher that implements chacha20-poly1305 as described in RFC 8439. This cipher implementation is added for compatibility. Consumers should use EVP_aead_chacha20_poly1305 instead. Callers are advised that the maximum amount of data that can be encrypted using chacha20-poly1305 is 256GB.

EVP_get_cipherbynid returns the cipher corresponding to the given NID, or NULL if no such cipher is known. Note using this function links almost every cipher implemented by BoringSSL into the binary, whether the caller uses them or not. Size-conscious callers, such as client software, should not use this function.

EVP_CIPHER_CTX_init initialises an, already allocated, EVP_CIPHER_CTX.

EVP_CIPHER_CTX_new allocates a fresh EVP_CIPHER_CTX, calls EVP_CIPHER_CTX_init and returns it, or NULL on allocation failure.

EVP_CIPHER_CTX_cleanup frees any memory referenced by ctx. It returns one.

EVP_CIPHER_CTX_free calls EVP_CIPHER_CTX_cleanup on ctx and then frees ctx itself.

EVP_CIPHER_CTX_copy sets out to be a duplicate of the current state of in. The out argument must have been previously initialised.

EVP_CIPHER_CTX_reset calls EVP_CIPHER_CTX_cleanup followed by EVP_CIPHER_CTX_init and returns one.

EVP_CipherInit_ex configures ctx for a fresh encryption (or decryption, if enc is zero) operation using cipher. If ctx has been previously configured with a cipher then cipher, key and iv may be NULL and enc may be -1 to reuse the previous values. The operation will use key as the key and iv as the IV (if any). These should have the correct lengths given by EVP_CIPHER_key_length and EVP_CIPHER_iv_length. It returns one on success and zero on error.

EVP_EncryptInit_ex calls EVP_CipherInit_ex with enc equal to one.

EVP_DecryptInit_ex calls EVP_CipherInit_ex with enc equal to zero.

EVP_EncryptUpdate encrypts in_len bytes from in to out. The number of output bytes may be up to in_len plus the block length minus one and out must have sufficient space. The number of bytes actually output is written to *out_len. It returns one on success and zero otherwise.

If ctx is an AEAD cipher, e.g. EVP_aes_128_gcm, and out is NULL, this function instead adds in_len bytes from in to the AAD and sets *out_len to in_len. The AAD must be fully specified in this way before this function is used to encrypt plaintext.

EVP_EncryptFinal_ex writes at most a block of ciphertext to out and sets *out_len to the number of bytes written. If padding is enabled (the default) then standard padding is applied to create the final block. If padding is disabled (with EVP_CIPHER_CTX_set_padding) then any partial block remaining will cause an error. The function returns one on success and zero otherwise.

EVP_DecryptUpdate decrypts in_len bytes from in to out. The number of output bytes may be up to in_len plus the block length minus one and out must have sufficient space. The number of bytes actually output is written to *out_len. It returns one on success and zero otherwise.

If ctx is an AEAD cipher, e.g. EVP_aes_128_gcm, and out is NULL, this function instead adds in_len bytes from in to the AAD and sets *out_len to in_len. The AAD must be fully specified in this way before this function is used to decrypt ciphertext.

EVP_DecryptFinal_ex writes at most a block of ciphertext to out and sets *out_len to the number of bytes written. If padding is enabled (the default) then padding is removed from the final block.

WARNING: it is unsafe to call this function with unauthenticated ciphertext if padding is enabled.

EVP_CipherUpdate calls either EVP_EncryptUpdate or EVP_DecryptUpdate depending on how ctx has been setup.

EVP_CipherFinal_ex calls either EVP_EncryptFinal_ex or EVP_DecryptFinal_ex depending on how ctx has been setup.

EVP_CIPHER_CTX_cipher returns the EVP_CIPHER underlying ctx, or NULL if none has been set.

EVP_CIPHER_CTX_nid returns a NID identifying the EVP_CIPHER underlying ctx (e.g. NID_aes_128_gcm). It will crash if no cipher has been configured.

EVP_CIPHER_CTX_encrypting returns one if ctx is configured for encryption and zero otherwise.

EVP_CIPHER_CTX_block_size returns the block size, in bytes, of the cipher underlying ctx, or one if the cipher is a stream cipher. It will crash if no cipher has been configured.

EVP_CIPHER_CTX_key_length returns the key size, in bytes, of the cipher underlying ctx or zero if no cipher has been configured.

EVP_CIPHER_CTX_iv_length returns the IV size, in bytes, of the cipher underlying ctx. It will crash if no cipher has been configured.

EVP_CIPHER_CTX_get_app_data returns the opaque, application data pointer for ctx, or NULL if none has been set.

EVP_CIPHER_CTX_set_app_data sets the opaque, application data pointer for ctx to data.

EVP_CIPHER_CTX_flags returns a value which is the OR of zero or more EVP_CIPH_* flags. It will crash if no cipher has been configured.

EVP_CIPHER_CTX_mode returns one of the EVP_CIPH_* cipher mode values enumerated below. It will crash if no cipher has been configured.

EVP_CIPHER_CTX_ctrl is an ioctl like function. The command argument should be one of the EVP_CTRL_* values. The arg and ptr arguments are specific to the command in question.

EVP_CIPHER_CTX_set_padding sets whether padding is enabled for ctx and returns one. Pass a non-zero pad to enable padding (the default) or zero to disable.

EVP_CIPHER_CTX_set_key_length sets the key length for ctx. This is only valid for ciphers that can take a variable length key. It returns one on success and zero on error.

EVP_CIPHER_nid returns a NID identifying cipher. (For example, NID_aes_128_gcm.)

EVP_CIPHER_name returns the short name of cipher.

EVP_CIPHER_block_size returns the block size, in bytes, for cipher, or one if cipher is a stream cipher.

EVP_CIPHER_key_length returns the key size, in bytes, for cipher. If cipher can take a variable key length then this function returns the default key length and EVP_CIPHER_flags will return a value with EVP_CIPH_VARIABLE_LENGTH set.

EVP_CIPHER_iv_length returns the IV size, in bytes, of cipher, or zero if cipher doesn't take an IV.

EVP_CIPHER_flags returns a value which is the OR of zero or more EVP_CIPH_* flags.

EVP_CIPHER_mode returns one of the cipher mode values enumerated below.

EVP_BytesToKey generates a key and IV for the cipher type by iterating md count times using data and salt. On entry, the key and iv buffers must have enough space to hold a key and IV for type. It returns the length of the key on success or zero on error.

EVP_CIPH_FLAG_LENGTH_BITS buffers length in bits not bytes: CFB1 mode only.

The following values are never returned from EVP_CIPHER_mode and are included only to make it easier to compile code with BoringSSL.

EVP_CIPH_VARIABLE_LENGTH indicates that the cipher takes a variable length key.

EVP_CIPH_ALWAYS_CALL_INIT indicates that the init function for the cipher should always be called when initialising a new operation, even if the key is NULL to indicate that the same key is being used.

EVP_CIPH_CUSTOM_IV indicates that the cipher manages the IV itself rather than keeping it in the iv member of EVP_CIPHER_CTX.

EVP_CIPH_CTRL_INIT indicates that EVP_CTRL_INIT should be used when initialising an EVP_CIPHER_CTX.

EVP_CIPH_FLAG_CUSTOM_CIPHER indicates that the cipher manages blocking itself. This causes EVP_(En|De)crypt_ex to be simple wrapper functions.

EVP_CIPH_FLAG_AEAD_CIPHER specifies that the cipher is an AEAD. This is an older version of the proper AEAD interface. See aead.h for the current one.

EVP_CIPH_CUSTOM_COPY indicates that the ctrl callback should be called with EVP_CTRL_COPY at the end of normal EVP_CIPHER_CTX_copy processing.

EVP_CIPH_FLAG_NON_FIPS_ALLOW is meaningless. In OpenSSL it permits non-FIPS algorithms in FIPS mode. But BoringSSL FIPS mode doesn't prohibit algorithms (it's up the the caller to use the FIPS module in a fashion compliant with their needs). Thus this exists only to allow code to compile.

EVP_aes_128/256_cbc_hmac_sha1/256 return EVP_CIPHER objects that implement the named cipher algorithm. They are imported from OpenSSL to provide AES CBC HMAC SHA stitch implementation. These methods are TLS specific.

WARNING: these APIs usage can get wrong easily. Below functions include details. aesni_cbc_hmac_sha1_cipher and aesni_cbc_hmac_sha256_cipher.

EVP_CipherInit acts like EVP_CipherInit_ex except that EVP_CIPHER_CTX_init is called on cipher first, if cipher is not NULL.

EVP_EncryptInit calls EVP_CipherInit with enc equal to one.

EVP_DecryptInit calls EVP_CipherInit with enc equal to zero.

EVP_CipherFinal calls EVP_CipherFinal_ex.

EVP_EncryptFinal calls EVP_EncryptFinal_ex.

EVP_DecryptFinal calls EVP_DecryptFinal_ex.

EVP_Cipher historically exposed an internal implementation detail of ctx and should not be used. Use EVP_CipherUpdate and EVP_CipherFinal_ex instead.

If ctx's cipher does not have the EVP_CIPH_FLAG_CUSTOM_CIPHER flag, it encrypts or decrypts in_len bytes from in and writes the resulting in_len bytes to out. It returns one on success and zero on error. in_len must be a multiple of the cipher's block size, or the behavior is undefined.

TODO(davidben): Rather than being undefined (it'll often round the length up and likely read past the buffer), just fail the operation.

If ctx's cipher has the EVP_CIPH_FLAG_CUSTOM_CIPHER flag, it runs in one of two modes: If in is non-NULL, it behaves like EVP_CipherUpdate. If in is NULL, it behaves like EVP_CipherFinal_ex. In both cases, it returns *out_len on success and -1 on error.

WARNING: The two possible calling conventions of this function signal errors incompatibly. In the first, zero indicates an error. In the second, zero indicates success with zero bytes of output.

EVP_get_cipherbyname returns an EVP_CIPHER given a human readable name in name, or NULL if the name is unknown. Note using this function links almost every cipher implemented by BoringSSL into the binary, not just the ones the caller requests. Size-conscious callers, such as client software, should not use this function.

These AEADs are deprecated AES-GCM implementations that set EVP_CIPH_FLAG_CUSTOM_CIPHER. Use EVP_aead_aes_128_gcm and EVP_aead_aes_256_gcm instead.

WARNING: Although these APIs allow streaming an individual AES-GCM operation, this is not secure. Until calling EVP_DecryptFinal_ex, the tag has not yet been checked and output released by EVP_DecryptUpdate is unauthenticated and easily manipulated by attackers. Callers must buffer the output and may not act on it until the entire operation is complete.

These are deprecated, 192-bit version of AES.

EVP_des_ede3_ecb is an alias for EVP_des_ede3. Use the former instead.

EVP_aes_128_cfb128 is deprecated.

EVP_aes_128_cfb is an alias for EVP_aes_128_cfb128 and is deprecated.

EVP_aes_128_cfb1 is deprecated.

EVP_aes_128_cfb8 is deprecated.

EVP_aes_192_cfb128 is deprecated.

EVP_aes_192_cfb is an alias for EVP_aes_192_cfb128 and is deprecated.

EVP_aes_192_cfb1 is deprecated.

EVP_aes_192_cfb8 is deprecated.

EVP_aes_256_cfb128 is deprecated.

EVP_aes_256_cfb is an alias for EVP_aes_256_cfb128 and is deprecated.

EVP_aes_256_cfb1 is deprecated.

EVP_aes_256_cfb8 is deprecated.

EVP_bf_ecb is Blowfish in ECB mode and is deprecated.

EVP_bf_cbc is Blowfish in CBC mode and is deprecated.

EVP_bf_cfb is an alias for EVP_bf_cfb64 and is deprecated.

EVP_bf_cfb64 is Blowfish in 64-bit CFB mode and is deprecated.

EVP_bf_ofb is Blowfish in 64-bit OFB mode and is deprecated.

EVP_cast5_ecb is CAST5 in ECB mode and is deprecated.

EVP_cast5_cbc is CAST5 in CBC mode and is deprecated.

EVP_CIPHER_CTX_set_flags does nothing. We strongly discourage doing any additional configurations when consuming EVP_CIPHER_CTX.

The following flags are related to EVP_CIPHER_CTX_set_flags. They do nothing and are included only to make it easier to compile code with AWS-LC.

EVP_add_cipher_alias does nothing and returns one.

EVP_CTRL_AEAD_TLS1_AAD is a control command for EVP_CIPHER_CTX_ctrl to set the length of the TLS additional authenticated data

EVP_AEAD_TLS1_AAD_LEN is the length of the additional authenticated data from RFC 5246.