NAME

BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx — cipher BIO filter

SYNOPSIS

#include <openssl/bio.h>
#include <openssl/evp.h> const BIO_METHOD *
BIO_f_cipher(void); int
BIO_set_cipher(BIO *b, const EVP_CIPHER *cipher, unsigned char *key, unsigned char *iv, int enc); int
BIO_get_cipher_status(BIO *b); int
BIO_get_cipher_ctx(BIO *b, EVP_CIPHER_CTX **pctx);

DESCRIPTION

BIO_f_cipher() returns the cipher BIO method. This is a filter BIO that encrypts any data written through it, and decrypts any data read from it. It is a BIO wrapper for the cipher routines EVP_CipherInit(3), EVP_CipherUpdate(3), and EVP_CipherFinal(3). Cipher BIOs do not support BIO_gets(3) or BIO_puts(3). BIO_flush(3) on an encryption BIO that is being written through is used to signal that no more data is to be encrypted: this is used to flush and possibly pad the final block through the BIO. BIO_set_cipher() sets the cipher of BIO b to cipher using key key and IV iv. enc should be set to 1 for encryption and zero for decryption. When reading from an encryption BIO, the final block is automatically decrypted and checked when EOF is detected. BIO_get_cipher_status() is a BIO_ctrl(3) macro which can be called to determine whether the decryption operation was successful. BIO_get_cipher_ctx() is a BIO_ctrl(3) macro which retrieves the internal BIO cipher context. The retrieved context can be used in conjunction with the standard cipher routines to set it up. This is useful when BIO_set_cipher() is not flexible enough for the applications needs. When encrypting, BIO_flush(3) must be called to flush the final block through the BIO. If it is not, then the final block will fail a subsequent decrypt. When decrypting, an error on the final block is signalled by a zero return value from the read operation. A successful decrypt followed by EOF will also return zero for the final read. BIO_get_cipher_status() should be called to determine if the decrypt was successful. As always, if BIO_gets(3) or BIO_puts(3) support is needed, then it can be achieved by preceding the cipher BIO with a buffering BIO.

RETURN VALUES

BIO_f_cipher() returns the cipher BIO method. BIO_set_cipher() returns 1 on success and 0 on error. BIO_get_cipher_status() returns 1 for a successful decrypt and 0 for failure. BIO_get_cipher_ctx() currently always returns 1.

SEE ALSO

BIO_new(3), EVP_EncryptInit(3)

HISTORY

BIO_f_cipher(), BIO_set_cipher(), and BIO_get_cipher_status() first appeared in SSLeay 0.6.5 and have been available since OpenBSD 2.4. BIO_get_cipher_ctx() first appeared in SSLeay 0.9.1 and has been available since OpenBSD 2.6.