xref: /freebsd/crypto/openssl/doc/man3/BIO_f_cipher.pod (revision f6a3b357e9be4c6423c85eff9a847163a0d307c8)
1=pod
2
3=head1 NAME
4
5BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx - cipher BIO filter
6
7=head1 SYNOPSIS
8
9=for comment multiple includes
10
11 #include <openssl/bio.h>
12 #include <openssl/evp.h>
13
14 const BIO_METHOD *BIO_f_cipher(void);
15 void BIO_set_cipher(BIO *b, const EVP_CIPHER *cipher,
16                     unsigned char *key, unsigned char *iv, int enc);
17 int BIO_get_cipher_status(BIO *b)
18 int BIO_get_cipher_ctx(BIO *b, EVP_CIPHER_CTX **pctx)
19
20=head1 DESCRIPTION
21
22BIO_f_cipher() returns the cipher BIO method. This is a filter
23BIO that encrypts any data written through it, and decrypts any data
24read from it. It is a BIO wrapper for the cipher routines
25EVP_CipherInit(), EVP_CipherUpdate() and EVP_CipherFinal().
26
27Cipher BIOs do not support BIO_gets() or BIO_puts().
28
29BIO_flush() on an encryption BIO that is being written through is
30used to signal that no more data is to be encrypted: this is used
31to flush and possibly pad the final block through the BIO.
32
33BIO_set_cipher() sets the cipher of BIO B<b> to B<cipher> using key B<key>
34and IV B<iv>. B<enc> should be set to 1 for encryption and zero for
35decryption.
36
37When reading from an encryption BIO the final block is automatically
38decrypted and checked when EOF is detected. BIO_get_cipher_status()
39is a BIO_ctrl() macro which can be called to determine whether the
40decryption operation was successful.
41
42BIO_get_cipher_ctx() is a BIO_ctrl() macro which retrieves the internal
43BIO cipher context. The retrieved context can be used in conjunction
44with the standard cipher routines to set it up. This is useful when
45BIO_set_cipher() is not flexible enough for the applications needs.
46
47=head1 NOTES
48
49When encrypting BIO_flush() B<must> be called to flush the final block
50through the BIO. If it is not then the final block will fail a subsequent
51decrypt.
52
53When decrypting an error on the final block is signaled by a zero
54return value from the read operation. A successful decrypt followed
55by EOF will also return zero for the final read. BIO_get_cipher_status()
56should be called to determine if the decrypt was successful.
57
58As always, if BIO_gets() or BIO_puts() support is needed then it can
59be achieved by preceding the cipher BIO with a buffering BIO.
60
61=head1 RETURN VALUES
62
63BIO_f_cipher() returns the cipher BIO method.
64
65BIO_set_cipher() does not return a value.
66
67BIO_get_cipher_status() returns 1 for a successful decrypt and 0
68for failure.
69
70BIO_get_cipher_ctx() currently always returns 1.
71
72=head1 COPYRIGHT
73
74Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
75
76Licensed under the OpenSSL license (the "License").  You may not use
77this file except in compliance with the License.  You can obtain a copy
78in the file LICENSE in the source distribution or at
79L<https://www.openssl.org/source/license.html>.
80
81=cut
82