Replacement for AES_encrypt

Richard Levitte levitte at openssl.org
Fri Jan 6 07:19:33 UTC 2023


EVP_aes_128_cbc() is still usable to get the appropriate EVP_CIPHER
reference, but is regarded legacy.

With OpenSSL 3.0 and providers, the new method to get the algorithm
you want is by fetching, in this case using EVP_CIPHER_fetch().

In https://www.openssl.org/docs/man3.0/man7/crypto.html#FETCHING-EXAMPLES,
there is an example that demonstrates fetching exactly the algorithm
your asking for, "AES-128-CBC".

If you want to know exactly what algorithms are available to you (by name),
'openssl list' is your friend.  For example, this command shows all
the default cipher algorithms:

    openssl list -cipher-algorithms

You will notice that the output is divided into two sections,
"Legacy:" and "Provided:".  The latter is more future proof set of
names.

Cheers,
Richard

On Thu, 05 Jan 2023 13:12:57 +0100,
Samiya Khanum via openssl-users wrote:
> 
> Hi All,
> 
> We are upgrading our code to openSSL 3.0.
> 
> I have replaced  AES_set_encrypt_key  and AES_encrypt with EVP_CipherInit_ex, EVP_CipherUpdate
> and EVP_CipherFinal_ex.
> In the below function what should be the cipher parameter(second argument). Because in AES_encryt
> api, we don't mention any block cipher. 
> Is it EVP_aes_128_cbc() algorithm that we should use?
> 
> int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
>                                  const EVP_CIPHER *cipher, ENGINE *impl,
>                                  const unsigned char *key,
>                                  const unsigned char *iv, int enc);
>  
> Thanks & Regards,
> Samiya khanum
> 
> This electronic communication and the information and any files transmitted with it, or attached
> to it, are confidential and are intended solely for the use of the individual or entity to whom it
> is addressed and may contain information that is confidential, legally privileged, protected by
> privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended
> recipient or the person responsible for delivering the e-mail to the intended recipient, you are
> hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or
> copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return
> the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.
> 
> [2 S/MIME Cryptographic Signature <application/pkcs7-signature (base64)>]
> Good signature from 1E45BABBADAD646C644FE256D55EFC9561AABBFF /CN=Samiya Khanum/O=Broadcom Inc./L=Bangalore/ST=Karnataka/C=IN/EMail=samiya.khanum at broadcom.com (trust full)
-- 
Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/


More information about the openssl-users mailing list