xref: /openbsd-src/lib/libcrypto/man/PEM_read_bio_PrivateKey.3 (revision 1a8dbaac879b9f3335ad7fb25429ce63ac1d6bac) 
1.\" $OpenBSD: PEM_read_bio_PrivateKey.3,v 1.19 2020/07/23 17:34:53 schwarze Exp $
2.\" full merge up to:
3.\" OpenSSL man3/PEM_read_bio_PrivateKey.pod 18bad535 Apr 9 15:13:55 2019 +0100
4.\" OpenSSL man3/PEM_read_CMS.pod 83cf7abf May 29 13:07:08 2018 +0100
5.\"
6.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
7.\" Copyright (c) 2001-2004, 2009, 2013-2016 The OpenSSL Project.
8.\" All rights reserved.
9.\"
10.\" Redistribution and use in source and binary forms, with or without
11.\" modification, are permitted provided that the following conditions
12.\" are met:
13.\"
14.\" 1. Redistributions of source code must retain the above copyright
15.\"    notice, this list of conditions and the following disclaimer.
16.\"
17.\" 2. Redistributions in binary form must reproduce the above copyright
18.\"    notice, this list of conditions and the following disclaimer in
19.\"    the documentation and/or other materials provided with the
20.\"    distribution.
21.\"
22.\" 3. All advertising materials mentioning features or use of this
23.\"    software must display the following acknowledgment:
24.\"    "This product includes software developed by the OpenSSL Project
25.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
26.\"
27.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
28.\"    endorse or promote products derived from this software without
29.\"    prior written permission. For written permission, please contact
30.\"    openssl-core@openssl.org.
31.\"
32.\" 5. Products derived from this software may not be called "OpenSSL"
33.\"    nor may "OpenSSL" appear in their names without prior written
34.\"    permission of the OpenSSL Project.
35.\"
36.\" 6. Redistributions of any form whatsoever must retain the following
37.\"    acknowledgment:
38.\"    "This product includes software developed by the OpenSSL Project
39.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
40.\"
41.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
42.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
44.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
45.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
46.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
47.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
48.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
49.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
50.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
51.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
52.\" OF THE POSSIBILITY OF SUCH DAMAGE.
53.\"
54.Dd $Mdocdate: July 23 2020 $
55.Dt PEM_READ_BIO_PRIVATEKEY 3
56.Os
57.Sh NAME
58.Nm PEM_read_bio_PrivateKey ,
59.Nm PEM_read_PrivateKey ,
60.Nm PEM_write_bio_PrivateKey ,
61.Nm PEM_write_PrivateKey ,
62.Nm PEM_write_bio_PKCS8PrivateKey ,
63.Nm PEM_write_PKCS8PrivateKey ,
64.Nm PEM_write_bio_PKCS8PrivateKey_nid ,
65.Nm PEM_write_PKCS8PrivateKey_nid ,
66.Nm PEM_read_bio_PKCS8 ,
67.Nm PEM_read_PKCS8 ,
68.Nm PEM_write_bio_PKCS8 ,
69.Nm PEM_write_PKCS8 ,
70.Nm PEM_read_bio_PKCS8_PRIV_KEY_INFO ,
71.Nm PEM_read_PKCS8_PRIV_KEY_INFO ,
72.Nm PEM_write_bio_PKCS8_PRIV_KEY_INFO ,
73.Nm PEM_write_PKCS8_PRIV_KEY_INFO ,
74.Nm PEM_read_bio_PUBKEY ,
75.Nm PEM_read_PUBKEY ,
76.Nm PEM_write_bio_PUBKEY ,
77.Nm PEM_write_PUBKEY ,
78.Nm PEM_read_bio_RSAPrivateKey ,
79.Nm PEM_read_RSAPrivateKey ,
80.Nm PEM_write_bio_RSAPrivateKey ,
81.Nm PEM_write_RSAPrivateKey ,
82.Nm PEM_read_bio_RSAPublicKey ,
83.Nm PEM_read_RSAPublicKey ,
84.Nm PEM_write_bio_RSAPublicKey ,
85.Nm PEM_write_RSAPublicKey ,
86.Nm PEM_read_bio_RSA_PUBKEY ,
87.Nm PEM_read_RSA_PUBKEY ,
88.Nm PEM_write_bio_RSA_PUBKEY ,
89.Nm PEM_write_RSA_PUBKEY ,
90.Nm PEM_read_bio_DSAPrivateKey ,
91.Nm PEM_read_DSAPrivateKey ,
92.Nm PEM_write_bio_DSAPrivateKey ,
93.Nm PEM_write_DSAPrivateKey ,
94.Nm PEM_read_bio_DSA_PUBKEY ,
95.Nm PEM_read_DSA_PUBKEY ,
96.Nm PEM_write_bio_DSA_PUBKEY ,
97.Nm PEM_write_DSA_PUBKEY ,
98.Nm PEM_read_bio_DSAparams ,
99.Nm PEM_read_DSAparams ,
100.Nm PEM_write_bio_DSAparams ,
101.Nm PEM_write_DSAparams ,
102.Nm PEM_read_bio_DHparams ,
103.Nm PEM_read_DHparams ,
104.Nm PEM_write_bio_DHparams ,
105.Nm PEM_write_DHparams ,
106.Nm PEM_read_bio_ECPKParameters ,
107.Nm PEM_read_ECPKParameters ,
108.Nm PEM_write_bio_ECPKParameters ,
109.Nm PEM_write_ECPKParameters ,
110.Nm PEM_read_bio_ECPrivateKey ,
111.Nm PEM_read_ECPrivateKey ,
112.Nm PEM_write_bio_ECPrivateKey ,
113.Nm PEM_write_ECPrivateKey ,
114.Nm PEM_read_bio_EC_PUBKEY ,
115.Nm PEM_read_EC_PUBKEY ,
116.Nm PEM_write_bio_EC_PUBKEY ,
117.Nm PEM_write_EC_PUBKEY ,
118.Nm PEM_read_bio_X509 ,
119.Nm PEM_read_X509 ,
120.Nm PEM_write_bio_X509 ,
121.Nm PEM_write_X509 ,
122.Nm PEM_read_bio_X509_AUX ,
123.Nm PEM_read_X509_AUX ,
124.Nm PEM_write_bio_X509_AUX ,
125.Nm PEM_write_X509_AUX ,
126.Nm PEM_read_bio_X509_REQ ,
127.Nm PEM_read_X509_REQ ,
128.Nm PEM_write_bio_X509_REQ ,
129.Nm PEM_write_X509_REQ ,
130.Nm PEM_write_bio_X509_REQ_NEW ,
131.Nm PEM_write_X509_REQ_NEW ,
132.Nm PEM_read_bio_X509_CRL ,
133.Nm PEM_read_X509_CRL ,
134.Nm PEM_write_bio_X509_CRL ,
135.Nm PEM_write_X509_CRL ,
136.Nm PEM_read_bio_PKCS7 ,
137.Nm PEM_read_PKCS7 ,
138.Nm PEM_write_bio_PKCS7 ,
139.Nm PEM_write_PKCS7 ,
140.Nm PEM_read_bio_NETSCAPE_CERT_SEQUENCE ,
141.Nm PEM_read_NETSCAPE_CERT_SEQUENCE ,
142.Nm PEM_write_bio_NETSCAPE_CERT_SEQUENCE ,
143.Nm PEM_write_NETSCAPE_CERT_SEQUENCE ,
144.Nm PEM_read_CMS ,
145.Nm PEM_read_bio_CMS ,
146.Nm PEM_write_CMS ,
147.Nm PEM_write_bio_CMS
148.Nd PEM routines
149.Sh SYNOPSIS
150.In openssl/pem.h
151.Ft EVP_PKEY *
152.Fo PEM_read_bio_PrivateKey
153.Fa "BIO *bp"
154.Fa "EVP_PKEY **x"
155.Fa "pem_password_cb *cb"
156.Fa "void *u"
157.Fc
158.Ft EVP_PKEY *
159.Fo PEM_read_PrivateKey
160.Fa "FILE *fp"
161.Fa "EVP_PKEY **x"
162.Fa "pem_password_cb *cb"
163.Fa "void *u"
164.Fc
165.Ft int
166.Fo PEM_write_bio_PrivateKey
167.Fa "BIO *bp"
168.Fa "EVP_PKEY *x"
169.Fa "const EVP_CIPHER *enc"
170.Fa "unsigned char *kstr"
171.Fa "int klen"
172.Fa "pem_password_cb *cb"
173.Fa "void *u"
174.Fc
175.Ft int
176.Fo PEM_write_PrivateKey
177.Fa "FILE *fp"
178.Fa "EVP_PKEY *x"
179.Fa "const EVP_CIPHER *enc"
180.Fa "unsigned char *kstr"
181.Fa "int klen"
182.Fa "pem_password_cb *cb"
183.Fa "void *u"
184.Fc
185.Ft int
186.Fo PEM_write_bio_PKCS8PrivateKey
187.Fa "BIO *bp"
188.Fa "EVP_PKEY *x"
189.Fa "const EVP_CIPHER *enc"
190.Fa "char *kstr"
191.Fa "int klen"
192.Fa "pem_password_cb *cb"
193.Fa "void *u"
194.Fc
195.Ft int
196.Fo PEM_write_PKCS8PrivateKey
197.Fa "FILE *fp"
198.Fa "EVP_PKEY *x"
199.Fa "const EVP_CIPHER *enc"
200.Fa "char *kstr"
201.Fa "int klen"
202.Fa "pem_password_cb *cb"
203.Fa "void *u"
204.Fc
205.Ft int
206.Fo PEM_write_bio_PKCS8PrivateKey_nid
207.Fa "BIO *bp"
208.Fa "EVP_PKEY *x"
209.Fa "int nid"
210.Fa "char *kstr"
211.Fa "int klen"
212.Fa "pem_password_cb *cb"
213.Fa "void *u"
214.Fc
215.Ft int
216.Fo PEM_write_PKCS8PrivateKey_nid
217.Fa "FILE *fp"
218.Fa "EVP_PKEY *x"
219.Fa "int nid"
220.Fa "char *kstr"
221.Fa "int klen"
222.Fa "pem_password_cb *cb"
223.Fa "void *u"
224.Fc
225.Ft X509_SIG *
226.Fo PEM_read_bio_PKCS8
227.Fa "BIO *bp"
228.Fa "X509_SIG **x"
229.Fa "pem_password_cb *cb"
230.Fa "void *u"
231.Fc
232.Ft X509_SIG *
233.Fo PEM_read_PKCS8
234.Fa "FILE *fp"
235.Fa "X509_SIG **x"
236.Fa "pem_password_cb *cb"
237.Fa "void *u"
238.Fc
239.Ft int
240.Fo PEM_write_bio_PKCS8
241.Fa "BIO *bp"
242.Fa "X509_SIG *x"
243.Fc
244.Ft int
245.Fo PEM_write_PKCS8
246.Fa "FILE *fp"
247.Fa "X509_SIG *x"
248.Fc
249.Ft PKCS8_PRIV_KEY_INFO *
250.Fo PEM_read_bio_PKCS8_PRIV_KEY_INFO
251.Fa "BIO *bp"
252.Fa "PKCS8_PRIV_KEY_INFO **x"
253.Fa "pem_password_cb *cb"
254.Fa "void *u"
255.Fc
256.Ft PKCS8_PRIV_KEY_INFO *
257.Fo PEM_read_PKCS8_PRIV_KEY_INFO
258.Fa "FILE *fp"
259.Fa "PKCS8_PRIV_KEY_INFO **x"
260.Fa "pem_password_cb *cb"
261.Fa "void *u"
262.Fc
263.Ft int
264.Fo PEM_write_bio_PKCS8_PRIV_KEY_INFO
265.Fa "BIO *bp"
266.Fa "PKCS8_PRIV_KEY_INFO *x"
267.Fc
268.Ft int
269.Fo PEM_write_PKCS8_PRIV_KEY_INFO
270.Fa "FILE *fp"
271.Fa "PKCS8_PRIV_KEY_INFO *x"
272.Fc
273.Ft EVP_PKEY *
274.Fo PEM_read_bio_PUBKEY
275.Fa "BIO *bp"
276.Fa "EVP_PKEY **x"
277.Fa "pem_password_cb *cb"
278.Fa "void *u"
279.Fc
280.Ft EVP_PKEY *
281.Fo PEM_read_PUBKEY
282.Fa "FILE *fp"
283.Fa "EVP_PKEY **x"
284.Fa "pem_password_cb *cb"
285.Fa "void *u"
286.Fc
287.Ft int
288.Fo PEM_write_bio_PUBKEY
289.Fa "BIO *bp"
290.Fa "EVP_PKEY *x"
291.Fc
292.Ft int
293.Fo PEM_write_PUBKEY
294.Fa "FILE *fp"
295.Fa "EVP_PKEY *x"
296.Fc
297.Ft RSA *
298.Fo PEM_read_bio_RSAPrivateKey
299.Fa "BIO *bp"
300.Fa "RSA **x"
301.Fa "pem_password_cb *cb"
302.Fa "void *u"
303.Fc
304.Ft RSA *
305.Fo PEM_read_RSAPrivateKey
306.Fa "FILE *fp"
307.Fa "RSA **x"
308.Fa "pem_password_cb *cb"
309.Fa "void *u"
310.Fc
311.Ft int
312.Fo PEM_write_bio_RSAPrivateKey
313.Fa "BIO *bp"
314.Fa "RSA *x"
315.Fa "const EVP_CIPHER *enc"
316.Fa "unsigned char *kstr"
317.Fa "int klen"
318.Fa "pem_password_cb *cb"
319.Fa "void *u"
320.Fc
321.Ft int
322.Fo PEM_write_RSAPrivateKey
323.Fa "FILE *fp"
324.Fa "RSA *x"
325.Fa "const EVP_CIPHER *enc"
326.Fa "unsigned char *kstr"
327.Fa "int klen"
328.Fa "pem_password_cb *cb"
329.Fa "void *u"
330.Fc
331.Ft RSA *
332.Fo PEM_read_bio_RSAPublicKey
333.Fa "BIO *bp"
334.Fa "RSA **x"
335.Fa "pem_password_cb *cb"
336.Fa "void *u"
337.Fc
338.Ft RSA *
339.Fo PEM_read_RSAPublicKey
340.Fa "FILE *fp"
341.Fa "RSA **x"
342.Fa "pem_password_cb *cb"
343.Fa "void *u"
344.Fc
345.Ft int
346.Fo PEM_write_bio_RSAPublicKey
347.Fa "BIO *bp"
348.Fa "RSA *x"
349.Fc
350.Ft int
351.Fo PEM_write_RSAPublicKey
352.Fa "FILE *fp"
353.Fa "RSA *x"
354.Fc
355.Ft RSA *
356.Fo PEM_read_bio_RSA_PUBKEY
357.Fa "BIO *bp"
358.Fa "RSA **x"
359.Fa "pem_password_cb *cb"
360.Fa "void *u"
361.Fc
362.Ft RSA *
363.Fo PEM_read_RSA_PUBKEY
364.Fa "FILE *fp"
365.Fa "RSA **x"
366.Fa "pem_password_cb *cb"
367.Fa "void *u"
368.Fc
369.Ft int
370.Fo PEM_write_bio_RSA_PUBKEY
371.Fa "BIO *bp"
372.Fa "RSA *x"
373.Fc
374.Ft int
375.Fo PEM_write_RSA_PUBKEY
376.Fa "FILE *fp"
377.Fa "RSA *x"
378.Fc
379.Ft DSA *
380.Fo PEM_read_bio_DSAPrivateKey
381.Fa "BIO *bp"
382.Fa "DSA **x"
383.Fa "pem_password_cb *cb"
384.Fa "void *u"
385.Fc
386.Ft DSA *
387.Fo PEM_read_DSAPrivateKey
388.Fa "FILE *fp"
389.Fa "DSA **x"
390.Fa "pem_password_cb *cb"
391.Fa "void *u"
392.Fc
393.Ft int
394.Fo PEM_write_bio_DSAPrivateKey
395.Fa "BIO *bp"
396.Fa "DSA *x"
397.Fa "const EVP_CIPHER *enc"
398.Fa "unsigned char *kstr"
399.Fa "int klen"
400.Fa "pem_password_cb *cb"
401.Fa "void *u"
402.Fc
403.Ft int
404.Fo PEM_write_DSAPrivateKey
405.Fa "FILE *fp"
406.Fa "DSA *x"
407.Fa "const EVP_CIPHER *enc"
408.Fa "unsigned char *kstr"
409.Fa "int klen"
410.Fa "pem_password_cb *cb"
411.Fa "void *u"
412.Fc
413.Ft DSA *
414.Fo PEM_read_bio_DSA_PUBKEY
415.Fa "BIO *bp"
416.Fa "DSA **x"
417.Fa "pem_password_cb *cb"
418.Fa "void *u"
419.Fc
420.Ft DSA *
421.Fo PEM_read_DSA_PUBKEY
422.Fa "FILE *fp"
423.Fa "DSA **x"
424.Fa "pem_password_cb *cb"
425.Fa "void *u"
426.Fc
427.Ft int
428.Fo PEM_write_bio_DSA_PUBKEY
429.Fa "BIO *bp"
430.Fa "DSA *x"
431.Fc
432.Ft int
433.Fo PEM_write_DSA_PUBKEY
434.Fa "FILE *fp"
435.Fa "DSA *x"
436.Fc
437.Ft DSA *
438.Fo PEM_read_bio_DSAparams
439.Fa "BIO *bp"
440.Fa "DSA **x"
441.Fa "pem_password_cb *cb"
442.Fa "void *u"
443.Fc
444.Ft DSA *
445.Fo PEM_read_DSAparams
446.Fa "FILE *fp"
447.Fa "DSA **x"
448.Fa "pem_password_cb *cb"
449.Fa "void *u"
450.Fc
451.Ft int
452.Fo PEM_write_bio_DSAparams
453.Fa "BIO *bp"
454.Fa "DSA *x"
455.Fc
456.Ft int
457.Fo PEM_write_DSAparams
458.Fa "FILE *fp"
459.Fa "DSA *x"
460.Fc
461.Ft DH *
462.Fo PEM_read_bio_DHparams
463.Fa "BIO *bp"
464.Fa "DH **x"
465.Fa "pem_password_cb *cb"
466.Fa "void *u"
467.Fc
468.Ft DH *
469.Fo PEM_read_DHparams
470.Fa "FILE *fp"
471.Fa "DH **x"
472.Fa "pem_password_cb *cb"
473.Fa "void *u"
474.Fc
475.Ft int
476.Fo PEM_write_bio_DHparams
477.Fa "BIO *bp"
478.Fa "DH *x"
479.Fc
480.Ft int
481.Fo PEM_write_DHparams
482.Fa "FILE *fp"
483.Fa "DH *x"
484.Fc
485.Ft EC_GROUP *
486.Fo PEM_read_bio_ECPKParameters
487.Fa "BIO *bp"
488.Fa "EC_GROUP **x"
489.Fa "pem_password_cb *cb"
490.Fa "void *u"
491.Fc
492.Ft EC_GROUP *
493.Fo PEM_read_ECPKParameters
494.Fa "FILE *fp"
495.Fa "EC_GROUP **x"
496.Fa "pem_password_cb *cb"
497.Fa "void *u"
498.Fc
499.Ft int
500.Fo PEM_write_bio_ECPKParameters
501.Fa "BIO *bp"
502.Fa "const EC_GROUP *x"
503.Fc
504.Ft int
505.Fo PEM_write_ECPKParameters
506.Fa "FILE *fp"
507.Fa "const EC_GROUP *x"
508.Fc
509.Ft EC_KEY *
510.Fo PEM_read_bio_ECPrivateKey
511.Fa "BIO *bp"
512.Fa "EC_KEY **key"
513.Fa "pem_password_cb *cb"
514.Fa "void *u"
515.Fc
516.Ft EC_KEY *
517.Fo PEM_read_ECPrivateKey
518.Fa "FILE *fp"
519.Fa "EC_KEY **eckey"
520.Fa "pem_password_cb *cb"
521.Fa "void *u"
522.Fc
523.Ft int
524.Fo PEM_write_bio_ECPrivateKey
525.Fa "BIO *bp"
526.Fa "EC_KEY *x"
527.Fa "const EVP_CIPHER *enc"
528.Fa "unsigned char *kstr"
529.Fa "int klen"
530.Fa "pem_password_cb *cb"
531.Fa "void *u"
532.Fc
533.Ft int
534.Fo PEM_write_ECPrivateKey
535.Fa "FILE *fp"
536.Fa "EC_KEY *x"
537.Fa "const EVP_CIPHER *enc"
538.Fa "unsigned char *kstr"
539.Fa "int klen"
540.Fa "pem_password_cb *cb"
541.Fa "void *u"
542.Fc
543.Ft EC_KEY *
544.Fo PEM_read_bio_EC_PUBKEY
545.Fa "BIO *bp"
546.Fa "EC_KEY **x"
547.Fa "pem_password_cb *cb"
548.Fa "void *u"
549.Fc
550.Ft EC_KEY *
551.Fo PEM_read_EC_PUBKEY
552.Fa "FILE *fp"
553.Fa "EC_KEY **x"
554.Fa "pem_password_cb *cb"
555.Fa "void *u"
556.Fc
557.Ft int
558.Fo PEM_write_bio_EC_PUBKEY
559.Fa "BIO *bp"
560.Fa "EC_KEY *x"
561.Fc
562.Ft int
563.Fo PEM_write_EC_PUBKEY
564.Fa "FILE *fp"
565.Fa "EC_KEY *x"
566.Fc
567.Ft X509 *
568.Fo PEM_read_bio_X509
569.Fa "BIO *bp"
570.Fa "X509 **x"
571.Fa "pem_password_cb *cb"
572.Fa "void *u"
573.Fc
574.Ft X509 *
575.Fo PEM_read_X509
576.Fa "FILE *fp"
577.Fa "X509 **x"
578.Fa "pem_password_cb *cb"
579.Fa "void *u"
580.Fc
581.Ft int
582.Fo PEM_write_bio_X509
583.Fa "BIO *bp"
584.Fa "X509 *x"
585.Fc
586.Ft int
587.Fo PEM_write_X509
588.Fa "FILE *fp"
589.Fa "X509 *x"
590.Fc
591.Ft X509 *
592.Fo PEM_read_bio_X509_AUX
593.Fa "BIO *bp"
594.Fa "X509 **x"
595.Fa "pem_password_cb *cb"
596.Fa "void *u"
597.Fc
598.Ft X509 *
599.Fo PEM_read_X509_AUX
600.Fa "FILE *fp"
601.Fa "X509 **x"
602.Fa "pem_password_cb *cb"
603.Fa "void *u"
604.Fc
605.Ft int
606.Fo PEM_write_bio_X509_AUX
607.Fa "BIO *bp"
608.Fa "X509 *x"
609.Fc
610.Ft int
611.Fo PEM_write_X509_AUX
612.Fa "FILE *fp"
613.Fa "X509 *x"
614.Fc
615.Ft X509_REQ *
616.Fo PEM_read_bio_X509_REQ
617.Fa "BIO *bp"
618.Fa "X509_REQ **x"
619.Fa "pem_password_cb *cb"
620.Fa "void *u"
621.Fc
622.Ft X509_REQ *
623.Fo PEM_read_X509_REQ
624.Fa "FILE *fp"
625.Fa "X509_REQ **x"
626.Fa "pem_password_cb *cb"
627.Fa "void *u"
628.Fc
629.Ft int
630.Fo PEM_write_bio_X509_REQ
631.Fa "BIO *bp"
632.Fa "X509_REQ *x"
633.Fc
634.Ft int
635.Fo PEM_write_X509_REQ
636.Fa "FILE *fp"
637.Fa "X509_REQ *x"
638.Fc
639.Ft int
640.Fo PEM_write_bio_X509_REQ_NEW
641.Fa "BIO *bp"
642.Fa "X509_REQ *x"
643.Fc
644.Ft int
645.Fo PEM_write_X509_REQ_NEW
646.Fa "FILE *fp"
647.Fa "X509_REQ *x"
648.Fc
649.Ft X509_CRL *
650.Fo PEM_read_bio_X509_CRL
651.Fa "BIO *bp"
652.Fa "X509_CRL **x"
653.Fa "pem_password_cb *cb"
654.Fa "void *u"
655.Fc
656.Ft X509_CRL *
657.Fo PEM_read_X509_CRL
658.Fa "FILE *fp"
659.Fa "X509_CRL **x"
660.Fa "pem_password_cb *cb"
661.Fa "void *u"
662.Fc
663.Ft int
664.Fo PEM_write_bio_X509_CRL
665.Fa "BIO *bp"
666.Fa "X509_CRL *x"
667.Fc
668.Ft int
669.Fo PEM_write_X509_CRL
670.Fa "FILE *fp"
671.Fa "X509_CRL *x"
672.Fc
673.Ft PKCS7 *
674.Fo PEM_read_bio_PKCS7
675.Fa "BIO *bp"
676.Fa "PKCS7 **x"
677.Fa "pem_password_cb *cb"
678.Fa "void *u"
679.Fc
680.Ft PKCS7 *
681.Fo PEM_read_PKCS7
682.Fa "FILE *fp"
683.Fa "PKCS7 **x"
684.Fa "pem_password_cb *cb"
685.Fa "void *u"
686.Fc
687.Ft int
688.Fo PEM_write_bio_PKCS7
689.Fa "BIO *bp"
690.Fa "PKCS7 *x"
691.Fc
692.Ft int
693.Fo PEM_write_PKCS7
694.Fa "FILE *fp"
695.Fa "PKCS7 *x"
696.Fc
697.Ft NETSCAPE_CERT_SEQUENCE *
698.Fo PEM_read_bio_NETSCAPE_CERT_SEQUENCE
699.Fa "BIO *bp"
700.Fa "NETSCAPE_CERT_SEQUENCE **x"
701.Fa "pem_password_cb *cb"
702.Fa "void *u"
703.Fc
704.Ft NETSCAPE_CERT_SEQUENCE *
705.Fo PEM_read_NETSCAPE_CERT_SEQUENCE
706.Fa "FILE *fp"
707.Fa "NETSCAPE_CERT_SEQUENCE **x"
708.Fa "pem_password_cb *cb"
709.Fa "void *u"
710.Fc
711.Ft int
712.Fo PEM_write_bio_NETSCAPE_CERT_SEQUENCE
713.Fa "BIO *bp"
714.Fa "NETSCAPE_CERT_SEQUENCE *x"
715.Fc
716.Ft int
717.Fo PEM_write_NETSCAPE_CERT_SEQUENCE
718.Fa "FILE *fp"
719.Fa "NETSCAPE_CERT_SEQUENCE *x"
720.Fc
721.In openssl/cms.h
722.Ft CMS_ContentInfo *
723.Fo PEM_read_CMS
724.Fa "FILE *fp"
725.Fa "CMS_ContentInfo **x"
726.Fa "pem_password_cb *cb"
727.Fa "void *u"
728.Fc
729.Ft CMS_ContentInfo *
730.Fo PEM_read_bio_CMS
731.Fa "BIO *bp"
732.Fa "CMS_ContentInfo **x"
733.Fa "pem_password_cb *cb"
734.Fa "void *u"
735.Fc
736.Ft int
737.Fo PEM_write_CMS
738.Fa "FILE *fp"
739.Fa "const CMS_ContentInfo *x"
740.Fc
741.Ft int
742.Fo PEM_write_bio_CMS
743.Fa "BIO *bp"
744.Fa "const CMS_ContentInfo *x"
745.Fc
746.Sh DESCRIPTION
747The PEM functions read or write structures in PEM format.
748In this sense PEM format is simply base64-encoded data surrounded by
749header lines; see
750.Xr PEM_read 3
751for more details.
752.Pp
753For more details about the meaning of arguments see the
754.Sx PEM function arguments
755section.
756.Pp
757Each operation has four functions associated with it.
758For brevity the term
759.Dq Ar TYPE No functions
760will be used to collectively refer to the
761.Fn PEM_read_bio_TYPE ,
762.Fn PEM_read_TYPE ,
763.Fn PEM_write_bio_TYPE ,
764and
765.Fn PEM_write_TYPE
766functions.
767If no set of specific functions exists for a given type,
768.Xr PEM_ASN1_read 3
769can be used instead.
770.Pp
771The
772.Sy PrivateKey
773functions read or write a private key in PEM format using an
774.Vt EVP_PKEY
775structure.
776The write routines use "traditional" private key format and can handle
777both RSA and DSA private keys.
778The read functions can additionally transparently handle PKCS#8 format
779encrypted and unencrypted keys too.
780.Pp
781.Fn PEM_write_bio_PKCS8PrivateKey
782and
783.Fn PEM_write_PKCS8PrivateKey
784write a private key in an
785.Vt EVP_PKEY
786structure in PKCS#8
787.Vt EncryptedPrivateKeyInfo
788format using PKCS#5 v2.0 password based encryption algorithms.
789The
790.Fa enc
791argument specifies the encryption algorithm to use: unlike all other PEM
792routines, the encryption is applied at the PKCS#8 level and not in the
793PEM headers.
794If
795.Fa enc
796is
797.Dv NULL ,
798then no encryption is used and a PKCS#8
799.Vt PrivateKeyInfo
800structure is used instead.
801.Pp
802.Fn PEM_write_bio_PKCS8PrivateKey_nid
803and
804.Fn PEM_write_PKCS8PrivateKey_nid
805also write out a private key as a PKCS#8
806.Vt EncryptedPrivateKeyInfo .
807However they use PKCS#5 v1.5 or PKCS#12 encryption algorithms instead.
808The algorithm to use is specified in the
809.Fa nid
810parameter and should be the NID of the corresponding OBJECT IDENTIFIER.
811.Pp
812The
813.Sy PKCS8
814functions process an encrypted private key using an
815.Vt X509_SIG
816structure and the
817.Xr d2i_X509_SIG 3
818function.
819.Pp
820The
821.Sy PKCS8_PRIV_KEY_INFO
822functions process a private key using a
823.Vt PKCS8_PRIV_KEY_INFO
824structure.
825.Pp
826The
827.Sy PUBKEY
828functions process a public key using an
829.Vt EVP_PKEY
830structure.
831The public key is encoded as an ASN.1
832.Vt SubjectPublicKeyInfo
833structure.
834.Pp
835The
836.Sy RSAPrivateKey
837functions process an RSA private key using an
838.Vt RSA
839structure.
840They handle the same formats as the
841.Sy PrivateKey
842functions, but an error occurs if the private key is not RSA.
843.Pp
844The
845.Sy RSAPublicKey
846functions process an RSA public key using an
847.Vt RSA
848structure.
849The public key is encoded using a PKCS#1
850.Vt RSAPublicKey
851structure.
852.Pp
853The
854.Sy RSA_PUBKEY
855functions also process an RSA public key using an
856.Vt RSA
857structure.
858However the public key is encoded using an ASN.1
859.Vt SubjectPublicKeyInfo
860structure and an error occurs if the public key is not RSA.
861.Pp
862The
863.Sy DSAPrivateKey
864functions process a DSA private key using a
865.Vt DSA
866structure.
867They handle the same formats as the
868.Sy PrivateKey
869functions but an error occurs if the private key is not DSA.
870.Pp
871The
872.Sy DSA_PUBKEY
873functions process a DSA public key using a
874.Vt DSA
875structure.
876The public key is encoded using an ASN.1
877.Vt SubjectPublicKeyInfo
878structure and an error occurs if the public key is not DSA.
879.Pp
880The
881.Sy DSAparams
882functions process DSA parameters using a
883.Vt DSA
884structure.
885The parameters are encoded using a Dss-Parms structure as defined in RFC 2459.
886.Pp
887The
888.Sy DHparams
889functions process DH parameters using a
890.Vt DH
891structure.
892The parameters are encoded using a PKCS#3 DHparameter structure.
893.Pp
894The
895.Sy ECPKParameters
896functions process EC parameters using an
897.Vt EC_GROUP
898structure and the
899.Xr d2i_ECPKParameters 3
900function.
901.Pp
902The
903.Sy ECPrivateKey
904functions process an EC private key using an
905.Vt EC_KEY
906structure.
907.Pp
908The
909.Sy EC_PUBKEY
910functions process an EC public key using an
911.Vt EC_KEY
912structure.
913.Pp
914The
915.Sy X509
916functions process an X509 certificate using an
917.Vt X509
918structure.
919They will also process a trusted X509 certificate but any trust settings
920are discarded.
921.Pp
922The
923.Sy X509_AUX
924functions process a trusted X509 certificate using an
925.Vt X509
926structure.
927.Pp
928The
929.Sy X509_REQ
930and
931.Sy X509_REQ_NEW
932functions process a PKCS#10 certificate request using an
933.Vt X509_REQ
934structure.
935The
936.Sy X509_REQ
937write functions use CERTIFICATE REQUEST in the header whereas the
938.Sy X509_REQ_NEW
939functions use NEW CERTIFICATE REQUEST (as required by some CAs).
940The
941.Sy X509_REQ
942read functions will handle either form so there are no
943.Sy X509_REQ_NEW
944read functions.
945.Pp
946The
947.Sy X509_CRL
948functions process an X509 CRL using an
949.Vt X509_CRL
950structure.
951.Pp
952The
953.Sy PKCS7
954functions process a PKCS#7
955.Vt ContentInfo
956using a
957.Vt PKCS7
958structure.
959.Pp
960The
961.Sy NETSCAPE_CERT_SEQUENCE
962functions process a Netscape Certificate Sequence using a
963.Vt NETSCAPE_CERT_SEQUENCE
964structure.
965.Pp
966The
967.Sy CMS
968functions process a
969.Vt CMS_ContentInfo
970structure.
971.Pp
972The old
973.Sy PrivateKey
974write routines are retained for compatibility.
975New applications should write private keys using the
976.Fn PEM_write_bio_PKCS8PrivateKey
977or
978.Fn PEM_write_PKCS8PrivateKey
979routines because they are more secure (they use an iteration count of
9802048 whereas the traditional routines use a count of 1) unless
981compatibility with older versions of OpenSSL is important.
982.Pp
983The
984.Sy PrivateKey
985read routines can be used in all applications because they handle all
986formats transparently.
987.Ss PEM function arguments
988The PEM functions have many common arguments.
989.Pp
990The
991.Fa bp
992parameter specifies the
993.Vt BIO
994to read from or write to.
995.Pp
996The
997.Fa fp
998parameter specifies the
999.Vt FILE
1000pointer to read from or write to.
1001.Pp
1002The PEM read functions all take a pointer to pointer argument
1003.Fa x
1004and return a pointer of the same type.
1005If
1006.Fa x
1007is
1008.Dv NULL ,
1009then the parameter is ignored.
1010If
1011.Fa x
1012is not
1013.Dv NULL
1014but
1015.Pf * Fa x
1016is
1017.Dv NULL ,
1018then the structure returned will be written to
1019.Pf * Fa x .
1020If neither
1021.Fa x
1022nor
1023.Pf * Fa x
1024are
1025.Dv NULL ,
1026then an attempt is made to reuse the structure at
1027.Pf * Fa x ,
1028but see the
1029.Sx BUGS
1030and
1031.Sx EXAMPLES
1032sections.
1033Irrespective of the value of
1034.Fa x ,
1035a pointer to the structure is always returned, or
1036.Dv NULL
1037if an error occurred.
1038.Pp
1039The PEM functions which write private keys take an
1040.Fa enc
1041parameter, which specifies the encryption algorithm to use.
1042Encryption is done at the PEM level.
1043If this parameter is set to
1044.Dv NULL ,
1045then the private key is written in unencrypted form.
1046.Pp
1047The optional arguments
1048.Fa u
1049and
1050.Fa cb
1051are a passphrase used for encrypting a PEM structure
1052or a callback to obtain the passphrase; see
1053.Xr pem_password_cb 3
1054for details.
1055.Pp
1056For the PEM write routines, if the
1057.Fa kstr
1058parameter is not
1059.Dv NULL ,
1060then
1061.Fa klen
1062bytes at
1063.Fa kstr
1064are used as the passphrase and
1065.Fa cb
1066is ignored.
1067.Ss PEM encryption format
1068This old
1069.Sy PrivateKey
1070routines use a non-standard technique for encryption.
1071.Pp
1072The private key (or other data) takes the following form:
1073.Bd -literal -offset indent
1074-----BEGIN RSA PRIVATE KEY-----
1075Proc-Type: 4,ENCRYPTED
1076DEK-Info: DES-EDE3-CBC,3F17F5316E2BAC89
1077
1078\&...base64 encoded data...
1079-----END RSA PRIVATE KEY-----
1080.Ed
1081.Pp
1082The line beginning with
1083.Dq DEK-Info
1084contains two comma separated pieces of information:
1085the encryption algorithm name as used by
1086.Xr EVP_get_cipherbyname 3
1087and an 8-byte salt encoded as a set of hexadecimal digits.
1088.Pp
1089After this is the base64-encoded encrypted data.
1090.Pp
1091The encryption key is determined using
1092.Xr EVP_BytesToKey 3 ,
1093using the salt and an iteration count of 1.
1094The IV used is the value of the salt and *not* the IV returned by
1095.Xr EVP_BytesToKey 3 .
1096.Sh RETURN VALUES
1097The read routines return either a pointer to the structure read or
1098.Dv NULL
1099if an error occurred.
1100.Pp
1101The write routines return 1 for success or 0 for failure.
1102.Sh EXAMPLES
1103Although the PEM routines take several arguments, in almost all
1104applications most of them are set to 0 or
1105.Dv NULL .
1106.Pp
1107Read a certificate in PEM format from a
1108.Vt BIO :
1109.Bd -literal -offset indent
1110X509 *x;
1111x = PEM_read_bio_X509(bp, NULL, 0, NULL);
1112if (x == NULL) {
1113	/* Error */
1114}
1115.Ed
1116.Pp
1117Alternative method:
1118.Bd -literal -offset indent
1119X509 *x = NULL;
1120if (!PEM_read_bio_X509(bp, &x, 0, NULL)) {
1121	/* Error */
1122}
1123.Ed
1124.Pp
1125Write a certificate to a
1126.Vt BIO :
1127.Bd -literal -offset indent
1128if (!PEM_write_bio_X509(bp, x)) {
1129	/* Error */
1130}
1131.Ed
1132.Pp
1133Write an unencrypted private key to a
1134.Vt FILE :
1135.Bd -literal -offset indent
1136if (!PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL)) {
1137	/* Error */
1138}
1139.Ed
1140.Pp
1141Write a private key (using traditional format) to a
1142.Vt BIO
1143using triple DES encryption; the pass phrase is prompted for:
1144.Bd -literal -offset indent
1145if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(),
1146    NULL, 0, 0, NULL)) {
1147	/* Error */
1148}
1149.Ed
1150.Pp
1151Write a private key (using PKCS#8 format) to a
1152.Vt BIO
1153using triple DES encryption, using the pass phrase "hello":
1154.Bd -literal -offset indent
1155if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(),
1156    NULL, 0, 0, "hello")) {
1157	/* Error */
1158}
1159.Ed
1160.Pp
1161Read a private key from a
1162.Vt BIO
1163using the pass phrase "hello":
1164.Bd -literal -offset indent
1165key = PEM_read_bio_PrivateKey(bp, NULL, 0, "hello");
1166if (key == NULL) {
1167	/* Error */
1168}
1169.Ed
1170.Pp
1171Read a private key from a
1172.Vt BIO
1173using a pass phrase callback:
1174.Bd -literal -offset indent
1175key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key");
1176if (key == NULL) {
1177	/* Error */
1178}
1179.Ed
1180.Pp
1181Skeleton pass phrase callback:
1182.Bd -literal -offset indent
1183int
1184pass_cb(char *buf, int size, int rwflag, void *u)
1185{
1186	char	*tmp;
1187	size_t	 len;
1188
1189	/* We'd probably do something else if 'rwflag' is 1 */
1190	printf("Enter pass phrase for \e"%s\e"\en", u);
1191
1192	/*
1193	 * Instead of the following line, get the passphrase
1194	 * from the user in some way.
1195	 */
1196	tmp = "hello";
1197	if (tmp == NULL) /* An error occurred. */
1198		return -1;
1199
1200	len = strlen(tmp);
1201	if (len == 0) /* Treat an empty passphrase as an error, too. */
1202		return -1;
1203
1204	/* if too long, truncate */
1205	if (len > size)
1206		len = size;
1207	memcpy(buf, tmp, len);
1208	return len;
1209}
1210.Ed
1211.Sh SEE ALSO
1212.Xr BIO_new 3 ,
1213.Xr DSA_new 3 ,
1214.Xr PEM_ASN1_read 3 ,
1215.Xr PEM_bytes_read_bio 3 ,
1216.Xr PEM_read 3 ,
1217.Xr PEM_read_SSL_SESSION 3 ,
1218.Xr PEM_write_bio_CMS_stream 3 ,
1219.Xr PEM_write_bio_PKCS7_stream 3 ,
1220.Xr PEM_X509_INFO_read 3 ,
1221.Xr RSA_new 3 ,
1222.Xr X509_CRL_new 3 ,
1223.Xr X509_REQ_new 3 ,
1224.Xr X509_SIG_new 3
1225.Sh HISTORY
1226.Fn PEM_read_X509
1227and
1228.Fn PEM_write_X509
1229appeared in SSLeay 0.4 or earlier.
1230.Fn PEM_read_X509_REQ ,
1231.Fn PEM_write_X509_REQ ,
1232.Fn PEM_read_X509_CRL ,
1233and
1234.Fn PEM_write_X509_CRL
1235first appeared in SSLeay 0.4.4.
1236.Fn PEM_read_RSAPrivateKey ,
1237.Fn PEM_write_RSAPrivateKey ,
1238.Fn PEM_read_DHparams ,
1239.Fn PEM_write_DHparams ,
1240.Fn PEM_read_PKCS7 ,
1241and
1242.Fn PEM_write_PKCS7
1243first appeared in SSLeay 0.5.1.
1244.Fn PEM_read_bio_PrivateKey ,
1245.Fn PEM_read_PrivateKey ,
1246.Fn PEM_read_bio_RSAPrivateKey ,
1247.Fn PEM_write_bio_RSAPrivateKey ,
1248.Fn PEM_read_bio_DSAPrivateKey ,
1249.Fn PEM_read_DSAPrivateKey ,
1250.Fn PEM_write_bio_DSAPrivateKey ,
1251.Fn PEM_write_DSAPrivateKey ,
1252.Fn PEM_read_bio_DHparams ,
1253.Fn PEM_write_bio_DHparams ,
1254.Fn PEM_read_bio_X509 ,
1255.Fn PEM_write_bio_X509 ,
1256.Fn PEM_read_bio_X509_REQ ,
1257.Fn PEM_write_bio_X509_REQ ,
1258.Fn PEM_read_bio_X509_CRL ,
1259.Fn PEM_write_bio_X509_CRL ,
1260.Fn PEM_read_bio_PKCS7 ,
1261and
1262.Fn PEM_write_bio_PKCS7
1263first appeared in SSLeay 0.6.0.
1264.Fn PEM_write_bio_PrivateKey ,
1265.Fn PEM_write_PrivateKey ,
1266.Fn PEM_read_bio_DSAparams ,
1267.Fn PEM_read_DSAparams ,
1268.Fn PEM_write_bio_DSAparams ,
1269and
1270.Fn PEM_write_DSAparams
1271first appeared in SSLeay 0.8.0.
1272.Fn PEM_read_bio_RSAPublicKey ,
1273.Fn PEM_read_RSAPublicKey ,
1274.Fn PEM_write_bio_RSAPublicKey ,
1275and
1276.Fn PEM_write_RSAPublicKey
1277first appeared in SSLeay 0.8.1.
1278All these functions have been available since
1279.Ox 2.4 .
1280.Pp
1281.Fn PEM_write_bio_PKCS8PrivateKey ,
1282.Fn PEM_write_PKCS8PrivateKey ,
1283.Fn PEM_read_bio_PKCS8 ,
1284.Fn PEM_read_PKCS8 ,
1285.Fn PEM_write_bio_PKCS8 ,
1286.Fn PEM_write_PKCS8 ,
1287.Fn PEM_read_bio_PKCS8_PRIV_KEY_INFO ,
1288.Fn PEM_read_PKCS8_PRIV_KEY_INFO ,
1289.Fn PEM_write_bio_PKCS8_PRIV_KEY_INFO ,
1290.Fn PEM_write_PKCS8_PRIV_KEY_INFO ,
1291.Fn PEM_read_bio_NETSCAPE_CERT_SEQUENCE ,
1292.Fn PEM_read_NETSCAPE_CERT_SEQUENCE ,
1293.Fn PEM_write_bio_NETSCAPE_CERT_SEQUENCE ,
1294and
1295.Fn PEM_write_NETSCAPE_CERT_SEQUENCE
1296first appeared in OpenSSL 0.9.4 and have been available since
1297.Ox 2.6 .
1298.Pp
1299.Fn PEM_write_bio_PKCS8PrivateKey_nid ,
1300.Fn PEM_write_PKCS8PrivateKey_nid ,
1301.Fn PEM_read_bio_PUBKEY ,
1302.Fn PEM_read_PUBKEY ,
1303.Fn PEM_write_bio_PUBKEY ,
1304.Fn PEM_write_PUBKEY ,
1305.Fn PEM_read_bio_RSA_PUBKEY ,
1306.Fn PEM_read_RSA_PUBKEY ,
1307.Fn PEM_write_bio_RSA_PUBKEY ,
1308.Fn PEM_write_RSA_PUBKEY ,
1309.Fn PEM_read_bio_DSA_PUBKEY ,
1310.Fn PEM_read_DSA_PUBKEY ,
1311.Fn PEM_write_bio_DSA_PUBKEY ,
1312.Fn PEM_write_DSA_PUBKEY ,
1313.Fn PEM_write_bio_X509_REQ_NEW ,
1314.Fn PEM_write_X509_REQ_NEW ,
1315.Fn PEM_read_bio_X509_AUX ,
1316.Fn PEM_read_X509_AUX ,
1317.Fn PEM_write_bio_X509_AUX ,
1318and
1319.Fn PEM_write_X509_AUX
1320first appeared in OpenSSL 0.9.5 and have been available since
1321.Ox 2.7 .
1322.Pp
1323.Fn PEM_read_bio_ECPKParameters ,
1324.Fn PEM_read_ECPKParameters ,
1325.Fn PEM_write_bio_ECPKParameters ,
1326.Fn PEM_write_ECPKParameters ,
1327.Fn PEM_read_bio_ECPrivateKey ,
1328.Fn PEM_read_ECPrivateKey ,
1329.Fn PEM_write_bio_ECPrivateKey ,
1330.Fn PEM_write_ECPrivateKey ,
1331.Fn PEM_read_bio_EC_PUBKEY ,
1332.Fn PEM_read_EC_PUBKEY ,
1333.Fn PEM_write_bio_EC_PUBKEY ,
1334and
1335.Fn PEM_write_EC_PUBKEY
1336first appeared in OpenSSL 0.9.8 and have been available since
1337.Ox 4.5 .
1338.Pp
1339.Fn PEM_read_CMS ,
1340.Fn PEM_read_bio_CMS ,
1341.Fn PEM_write_CMS ,
1342and
1343.Fn PEM_write_bio_CMS
1344first appeared in OpenSSL 0.9.8h and have been available since
1345.Ox 6.7 .
1346.Sh CAVEATS
1347A frequent cause of problems is attempting to use the PEM routines like
1348this:
1349.Bd -literal -offset indent
1350X509 *x;
1351PEM_read_bio_X509(bp, &x, 0, NULL);
1352.Ed
1353.Pp
1354This is a bug because an attempt will be made to reuse the data at
1355.Fa x ,
1356which is an uninitialised pointer.
1357.Pp
1358These functions make no assumption regarding the pass phrase received
1359from the password callback.
1360It will simply be treated as a byte sequence.
1361.Sh BUGS
1362The PEM read routines in some versions of OpenSSL will not correctly
1363reuse an existing structure.
1364Therefore
1365.Pp
1366.Dl PEM_read_bio_X509(bp, &x, 0, NULL);
1367.Pp
1368where
1369.Fa x
1370already contains a valid certificate may not work, whereas
1371.Bd -literal -offset indent
1372X509_free(x);
1373x = PEM_read_bio_X509(bp, NULL, 0, NULL);
1374.Ed
1375.Pp
1376is guaranteed to work.
1377