xref: /openbsd-src/lib/libcrypto/man/PEM_read_bio_PrivateKey.3 (revision 99fd087599a8791921855f21bd7e36130f39aadc) 
1.\" $OpenBSD: PEM_read_bio_PrivateKey.3,v 1.16 2019/11/02 15:25:34 schwarze Exp $
2.\" full merge up to:
3.\" OpenSSL man3/PEM_read_bio_PrivateKey.pod 18bad535 Apr 9 15:13:55 2019 +0100
4.\" OpenSSL man3/PEM_read_CMS.pod 83cf7abf May 29 13:07:08 2018 +0100
5.\"
6.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
7.\" Copyright (c) 2001-2004, 2009, 2013-2016 The OpenSSL Project.
8.\" All rights reserved.
9.\"
10.\" Redistribution and use in source and binary forms, with or without
11.\" modification, are permitted provided that the following conditions
12.\" are met:
13.\"
14.\" 1. Redistributions of source code must retain the above copyright
15.\"    notice, this list of conditions and the following disclaimer.
16.\"
17.\" 2. Redistributions in binary form must reproduce the above copyright
18.\"    notice, this list of conditions and the following disclaimer in
19.\"    the documentation and/or other materials provided with the
20.\"    distribution.
21.\"
22.\" 3. All advertising materials mentioning features or use of this
23.\"    software must display the following acknowledgment:
24.\"    "This product includes software developed by the OpenSSL Project
25.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
26.\"
27.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
28.\"    endorse or promote products derived from this software without
29.\"    prior written permission. For written permission, please contact
30.\"    openssl-core@openssl.org.
31.\"
32.\" 5. Products derived from this software may not be called "OpenSSL"
33.\"    nor may "OpenSSL" appear in their names without prior written
34.\"    permission of the OpenSSL Project.
35.\"
36.\" 6. Redistributions of any form whatsoever must retain the following
37.\"    acknowledgment:
38.\"    "This product includes software developed by the OpenSSL Project
39.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
40.\"
41.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
42.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
44.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
45.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
46.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
47.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
48.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
49.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
50.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
51.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
52.\" OF THE POSSIBILITY OF SUCH DAMAGE.
53.\"
54.Dd $Mdocdate: November 2 2019 $
55.Dt PEM_READ_BIO_PRIVATEKEY 3
56.Os
57.Sh NAME
58.Nm pem_password_cb ,
59.Nm PEM_read_bio_PrivateKey ,
60.Nm PEM_read_PrivateKey ,
61.Nm PEM_write_bio_PrivateKey ,
62.Nm PEM_write_PrivateKey ,
63.Nm PEM_write_bio_PKCS8PrivateKey ,
64.Nm PEM_write_PKCS8PrivateKey ,
65.Nm PEM_write_bio_PKCS8PrivateKey_nid ,
66.Nm PEM_write_PKCS8PrivateKey_nid ,
67.Nm PEM_read_bio_PKCS8 ,
68.Nm PEM_read_PKCS8 ,
69.Nm PEM_write_bio_PKCS8 ,
70.Nm PEM_write_PKCS8 ,
71.Nm PEM_read_bio_PKCS8_PRIV_KEY_INFO ,
72.Nm PEM_read_PKCS8_PRIV_KEY_INFO ,
73.Nm PEM_write_bio_PKCS8_PRIV_KEY_INFO ,
74.Nm PEM_write_PKCS8_PRIV_KEY_INFO ,
75.Nm PEM_read_bio_PUBKEY ,
76.Nm PEM_read_PUBKEY ,
77.Nm PEM_write_bio_PUBKEY ,
78.Nm PEM_write_PUBKEY ,
79.Nm PEM_read_bio_RSAPrivateKey ,
80.Nm PEM_read_RSAPrivateKey ,
81.Nm PEM_write_bio_RSAPrivateKey ,
82.Nm PEM_write_RSAPrivateKey ,
83.Nm PEM_read_bio_RSAPublicKey ,
84.Nm PEM_read_RSAPublicKey ,
85.Nm PEM_write_bio_RSAPublicKey ,
86.Nm PEM_write_RSAPublicKey ,
87.Nm PEM_read_bio_RSA_PUBKEY ,
88.Nm PEM_read_RSA_PUBKEY ,
89.Nm PEM_write_bio_RSA_PUBKEY ,
90.Nm PEM_write_RSA_PUBKEY ,
91.Nm PEM_read_bio_DSAPrivateKey ,
92.Nm PEM_read_DSAPrivateKey ,
93.Nm PEM_write_bio_DSAPrivateKey ,
94.Nm PEM_write_DSAPrivateKey ,
95.Nm PEM_read_bio_DSA_PUBKEY ,
96.Nm PEM_read_DSA_PUBKEY ,
97.Nm PEM_write_bio_DSA_PUBKEY ,
98.Nm PEM_write_DSA_PUBKEY ,
99.Nm PEM_read_bio_DSAparams ,
100.Nm PEM_read_DSAparams ,
101.Nm PEM_write_bio_DSAparams ,
102.Nm PEM_write_DSAparams ,
103.Nm PEM_read_bio_DHparams ,
104.Nm PEM_read_DHparams ,
105.Nm PEM_write_bio_DHparams ,
106.Nm PEM_write_DHparams ,
107.Nm PEM_read_bio_ECPKParameters ,
108.Nm PEM_read_ECPKParameters ,
109.Nm PEM_write_bio_ECPKParameters ,
110.Nm PEM_write_ECPKParameters ,
111.Nm PEM_read_bio_ECPrivateKey ,
112.Nm PEM_read_ECPrivateKey ,
113.Nm PEM_write_bio_ECPrivateKey ,
114.Nm PEM_write_ECPrivateKey ,
115.Nm PEM_read_bio_EC_PUBKEY ,
116.Nm PEM_read_EC_PUBKEY ,
117.Nm PEM_write_bio_EC_PUBKEY ,
118.Nm PEM_write_EC_PUBKEY ,
119.Nm PEM_read_bio_X509 ,
120.Nm PEM_read_X509 ,
121.Nm PEM_write_bio_X509 ,
122.Nm PEM_write_X509 ,
123.Nm PEM_read_bio_X509_AUX ,
124.Nm PEM_read_X509_AUX ,
125.Nm PEM_write_bio_X509_AUX ,
126.Nm PEM_write_X509_AUX ,
127.Nm PEM_read_bio_X509_REQ ,
128.Nm PEM_read_X509_REQ ,
129.Nm PEM_write_bio_X509_REQ ,
130.Nm PEM_write_X509_REQ ,
131.Nm PEM_write_bio_X509_REQ_NEW ,
132.Nm PEM_write_X509_REQ_NEW ,
133.Nm PEM_read_bio_X509_CRL ,
134.Nm PEM_read_X509_CRL ,
135.Nm PEM_write_bio_X509_CRL ,
136.Nm PEM_write_X509_CRL ,
137.Nm PEM_read_bio_PKCS7 ,
138.Nm PEM_read_PKCS7 ,
139.Nm PEM_write_bio_PKCS7 ,
140.Nm PEM_write_PKCS7 ,
141.Nm PEM_read_bio_NETSCAPE_CERT_SEQUENCE ,
142.Nm PEM_read_NETSCAPE_CERT_SEQUENCE ,
143.Nm PEM_write_bio_NETSCAPE_CERT_SEQUENCE ,
144.Nm PEM_write_NETSCAPE_CERT_SEQUENCE ,
145.Nm PEM_read_CMS ,
146.Nm PEM_read_bio_CMS ,
147.Nm PEM_write_CMS ,
148.Nm PEM_write_bio_CMS
149.Nd PEM routines
150.Sh SYNOPSIS
151.In openssl/pem.h
152.Ft typedef int
153.Fo pem_password_cb
154.Fa "char *buf"
155.Fa "int size"
156.Fa "int rwflag"
157.Fa "void *u"
158.Fc
159.Ft EVP_PKEY *
160.Fo PEM_read_bio_PrivateKey
161.Fa "BIO *bp"
162.Fa "EVP_PKEY **x"
163.Fa "pem_password_cb *cb"
164.Fa "void *u"
165.Fc
166.Ft EVP_PKEY *
167.Fo PEM_read_PrivateKey
168.Fa "FILE *fp"
169.Fa "EVP_PKEY **x"
170.Fa "pem_password_cb *cb"
171.Fa "void *u"
172.Fc
173.Ft int
174.Fo PEM_write_bio_PrivateKey
175.Fa "BIO *bp"
176.Fa "EVP_PKEY *x"
177.Fa "const EVP_CIPHER *enc"
178.Fa "unsigned char *kstr"
179.Fa "int klen"
180.Fa "pem_password_cb *cb"
181.Fa "void *u"
182.Fc
183.Ft int
184.Fo PEM_write_PrivateKey
185.Fa "FILE *fp"
186.Fa "EVP_PKEY *x"
187.Fa "const EVP_CIPHER *enc"
188.Fa "unsigned char *kstr"
189.Fa "int klen"
190.Fa "pem_password_cb *cb"
191.Fa "void *u"
192.Fc
193.Ft int
194.Fo PEM_write_bio_PKCS8PrivateKey
195.Fa "BIO *bp"
196.Fa "EVP_PKEY *x"
197.Fa "const EVP_CIPHER *enc"
198.Fa "char *kstr"
199.Fa "int klen"
200.Fa "pem_password_cb *cb"
201.Fa "void *u"
202.Fc
203.Ft int
204.Fo PEM_write_PKCS8PrivateKey
205.Fa "FILE *fp"
206.Fa "EVP_PKEY *x"
207.Fa "const EVP_CIPHER *enc"
208.Fa "char *kstr"
209.Fa "int klen"
210.Fa "pem_password_cb *cb"
211.Fa "void *u"
212.Fc
213.Ft int
214.Fo PEM_write_bio_PKCS8PrivateKey_nid
215.Fa "BIO *bp"
216.Fa "EVP_PKEY *x"
217.Fa "int nid"
218.Fa "char *kstr"
219.Fa "int klen"
220.Fa "pem_password_cb *cb"
221.Fa "void *u"
222.Fc
223.Ft int
224.Fo PEM_write_PKCS8PrivateKey_nid
225.Fa "FILE *fp"
226.Fa "EVP_PKEY *x"
227.Fa "int nid"
228.Fa "char *kstr"
229.Fa "int klen"
230.Fa "pem_password_cb *cb"
231.Fa "void *u"
232.Fc
233.Ft X509_SIG *
234.Fo PEM_read_bio_PKCS8
235.Fa "BIO *bp"
236.Fa "X509_SIG **x"
237.Fa "pem_password_cb *cb"
238.Fa "void *u"
239.Fc
240.Ft X509_SIG *
241.Fo PEM_read_PKCS8
242.Fa "FILE *fp"
243.Fa "X509_SIG **x"
244.Fa "pem_password_cb *cb"
245.Fa "void *u"
246.Fc
247.Ft int
248.Fo PEM_write_bio_PKCS8
249.Fa "BIO *bp"
250.Fa "X509_SIG *x"
251.Fc
252.Ft int
253.Fo PEM_write_PKCS8
254.Fa "FILE *fp"
255.Fa "X509_SIG *x"
256.Fc
257.Ft PKCS8_PRIV_KEY_INFO *
258.Fo PEM_read_bio_PKCS8_PRIV_KEY_INFO
259.Fa "BIO *bp"
260.Fa "PKCS8_PRIV_KEY_INFO **x"
261.Fa "pem_password_cb *cb"
262.Fa "void *u"
263.Fc
264.Ft PKCS8_PRIV_KEY_INFO *
265.Fo PEM_read_PKCS8_PRIV_KEY_INFO
266.Fa "FILE *fp"
267.Fa "PKCS8_PRIV_KEY_INFO **x"
268.Fa "pem_password_cb *cb"
269.Fa "void *u"
270.Fc
271.Ft int
272.Fo PEM_write_bio_PKCS8_PRIV_KEY_INFO
273.Fa "BIO *bp"
274.Fa "PKCS8_PRIV_KEY_INFO *x"
275.Fc
276.Ft int
277.Fo PEM_write_PKCS8_PRIV_KEY_INFO
278.Fa "FILE *fp"
279.Fa "PKCS8_PRIV_KEY_INFO *x"
280.Fc
281.Ft EVP_PKEY *
282.Fo PEM_read_bio_PUBKEY
283.Fa "BIO *bp"
284.Fa "EVP_PKEY **x"
285.Fa "pem_password_cb *cb"
286.Fa "void *u"
287.Fc
288.Ft EVP_PKEY *
289.Fo PEM_read_PUBKEY
290.Fa "FILE *fp"
291.Fa "EVP_PKEY **x"
292.Fa "pem_password_cb *cb"
293.Fa "void *u"
294.Fc
295.Ft int
296.Fo PEM_write_bio_PUBKEY
297.Fa "BIO *bp"
298.Fa "EVP_PKEY *x"
299.Fc
300.Ft int
301.Fo PEM_write_PUBKEY
302.Fa "FILE *fp"
303.Fa "EVP_PKEY *x"
304.Fc
305.Ft RSA *
306.Fo PEM_read_bio_RSAPrivateKey
307.Fa "BIO *bp"
308.Fa "RSA **x"
309.Fa "pem_password_cb *cb"
310.Fa "void *u"
311.Fc
312.Ft RSA *
313.Fo PEM_read_RSAPrivateKey
314.Fa "FILE *fp"
315.Fa "RSA **x"
316.Fa "pem_password_cb *cb"
317.Fa "void *u"
318.Fc
319.Ft int
320.Fo PEM_write_bio_RSAPrivateKey
321.Fa "BIO *bp"
322.Fa "RSA *x"
323.Fa "const EVP_CIPHER *enc"
324.Fa "unsigned char *kstr"
325.Fa "int klen"
326.Fa "pem_password_cb *cb"
327.Fa "void *u"
328.Fc
329.Ft int
330.Fo PEM_write_RSAPrivateKey
331.Fa "FILE *fp"
332.Fa "RSA *x"
333.Fa "const EVP_CIPHER *enc"
334.Fa "unsigned char *kstr"
335.Fa "int klen"
336.Fa "pem_password_cb *cb"
337.Fa "void *u"
338.Fc
339.Ft RSA *
340.Fo PEM_read_bio_RSAPublicKey
341.Fa "BIO *bp"
342.Fa "RSA **x"
343.Fa "pem_password_cb *cb"
344.Fa "void *u"
345.Fc
346.Ft RSA *
347.Fo PEM_read_RSAPublicKey
348.Fa "FILE *fp"
349.Fa "RSA **x"
350.Fa "pem_password_cb *cb"
351.Fa "void *u"
352.Fc
353.Ft int
354.Fo PEM_write_bio_RSAPublicKey
355.Fa "BIO *bp"
356.Fa "RSA *x"
357.Fc
358.Ft int
359.Fo PEM_write_RSAPublicKey
360.Fa "FILE *fp"
361.Fa "RSA *x"
362.Fc
363.Ft RSA *
364.Fo PEM_read_bio_RSA_PUBKEY
365.Fa "BIO *bp"
366.Fa "RSA **x"
367.Fa "pem_password_cb *cb"
368.Fa "void *u"
369.Fc
370.Ft RSA *
371.Fo PEM_read_RSA_PUBKEY
372.Fa "FILE *fp"
373.Fa "RSA **x"
374.Fa "pem_password_cb *cb"
375.Fa "void *u"
376.Fc
377.Ft int
378.Fo PEM_write_bio_RSA_PUBKEY
379.Fa "BIO *bp"
380.Fa "RSA *x"
381.Fc
382.Ft int
383.Fo PEM_write_RSA_PUBKEY
384.Fa "FILE *fp"
385.Fa "RSA *x"
386.Fc
387.Ft DSA *
388.Fo PEM_read_bio_DSAPrivateKey
389.Fa "BIO *bp"
390.Fa "DSA **x"
391.Fa "pem_password_cb *cb"
392.Fa "void *u"
393.Fc
394.Ft DSA *
395.Fo PEM_read_DSAPrivateKey
396.Fa "FILE *fp"
397.Fa "DSA **x"
398.Fa "pem_password_cb *cb"
399.Fa "void *u"
400.Fc
401.Ft int
402.Fo PEM_write_bio_DSAPrivateKey
403.Fa "BIO *bp"
404.Fa "DSA *x"
405.Fa "const EVP_CIPHER *enc"
406.Fa "unsigned char *kstr"
407.Fa "int klen"
408.Fa "pem_password_cb *cb"
409.Fa "void *u"
410.Fc
411.Ft int
412.Fo PEM_write_DSAPrivateKey
413.Fa "FILE *fp"
414.Fa "DSA *x"
415.Fa "const EVP_CIPHER *enc"
416.Fa "unsigned char *kstr"
417.Fa "int klen"
418.Fa "pem_password_cb *cb"
419.Fa "void *u"
420.Fc
421.Ft DSA *
422.Fo PEM_read_bio_DSA_PUBKEY
423.Fa "BIO *bp"
424.Fa "DSA **x"
425.Fa "pem_password_cb *cb"
426.Fa "void *u"
427.Fc
428.Ft DSA *
429.Fo PEM_read_DSA_PUBKEY
430.Fa "FILE *fp"
431.Fa "DSA **x"
432.Fa "pem_password_cb *cb"
433.Fa "void *u"
434.Fc
435.Ft int
436.Fo PEM_write_bio_DSA_PUBKEY
437.Fa "BIO *bp"
438.Fa "DSA *x"
439.Fc
440.Ft int
441.Fo PEM_write_DSA_PUBKEY
442.Fa "FILE *fp"
443.Fa "DSA *x"
444.Fc
445.Ft DSA *
446.Fo PEM_read_bio_DSAparams
447.Fa "BIO *bp"
448.Fa "DSA **x"
449.Fa "pem_password_cb *cb"
450.Fa "void *u"
451.Fc
452.Ft DSA *
453.Fo PEM_read_DSAparams
454.Fa "FILE *fp"
455.Fa "DSA **x"
456.Fa "pem_password_cb *cb"
457.Fa "void *u"
458.Fc
459.Ft int
460.Fo PEM_write_bio_DSAparams
461.Fa "BIO *bp"
462.Fa "DSA *x"
463.Fc
464.Ft int
465.Fo PEM_write_DSAparams
466.Fa "FILE *fp"
467.Fa "DSA *x"
468.Fc
469.Ft DH *
470.Fo PEM_read_bio_DHparams
471.Fa "BIO *bp"
472.Fa "DH **x"
473.Fa "pem_password_cb *cb"
474.Fa "void *u"
475.Fc
476.Ft DH *
477.Fo PEM_read_DHparams
478.Fa "FILE *fp"
479.Fa "DH **x"
480.Fa "pem_password_cb *cb"
481.Fa "void *u"
482.Fc
483.Ft int
484.Fo PEM_write_bio_DHparams
485.Fa "BIO *bp"
486.Fa "DH *x"
487.Fc
488.Ft int
489.Fo PEM_write_DHparams
490.Fa "FILE *fp"
491.Fa "DH *x"
492.Fc
493.Ft EC_GROUP *
494.Fo PEM_read_bio_ECPKParameters
495.Fa "BIO *bp"
496.Fa "EC_GROUP **x"
497.Fa "pem_password_cb *cb"
498.Fa "void *u"
499.Fc
500.Ft EC_GROUP *
501.Fo PEM_read_ECPKParameters
502.Fa "FILE *fp"
503.Fa "EC_GROUP **x"
504.Fa "pem_password_cb *cb"
505.Fa "void *u"
506.Fc
507.Ft int
508.Fo PEM_write_bio_ECPKParameters
509.Fa "BIO *bp"
510.Fa "const EC_GROUP *x"
511.Fc
512.Ft int
513.Fo PEM_write_ECPKParameters
514.Fa "FILE *fp"
515.Fa "const EC_GROUP *x"
516.Fc
517.Ft EC_KEY *
518.Fo PEM_read_bio_ECPrivateKey
519.Fa "BIO *bp"
520.Fa "EC_KEY **key"
521.Fa "pem_password_cb *cb"
522.Fa "void *u"
523.Fc
524.Ft EC_KEY *
525.Fo PEM_read_ECPrivateKey
526.Fa "FILE *fp"
527.Fa "EC_KEY **eckey"
528.Fa "pem_password_cb *cb"
529.Fa "void *u"
530.Fc
531.Ft int
532.Fo PEM_write_bio_ECPrivateKey
533.Fa "BIO *bp"
534.Fa "EC_KEY *x"
535.Fa "const EVP_CIPHER *enc"
536.Fa "unsigned char *kstr"
537.Fa "int klen"
538.Fa "pem_password_cb *cb"
539.Fa "void *u"
540.Fc
541.Ft int
542.Fo PEM_write_ECPrivateKey
543.Fa "FILE *fp"
544.Fa "EC_KEY *x"
545.Fa "const EVP_CIPHER *enc"
546.Fa "unsigned char *kstr"
547.Fa "int klen"
548.Fa "pem_password_cb *cb"
549.Fa "void *u"
550.Fc
551.Ft EC_KEY *
552.Fo PEM_read_bio_EC_PUBKEY
553.Fa "BIO *bp"
554.Fa "EC_KEY **x"
555.Fa "pem_password_cb *cb"
556.Fa "void *u"
557.Fc
558.Ft EC_KEY *
559.Fo PEM_read_EC_PUBKEY
560.Fa "FILE *fp"
561.Fa "EC_KEY **x"
562.Fa "pem_password_cb *cb"
563.Fa "void *u"
564.Fc
565.Ft int
566.Fo PEM_write_bio_EC_PUBKEY
567.Fa "BIO *bp"
568.Fa "EC_KEY *x"
569.Fc
570.Ft int
571.Fo PEM_write_EC_PUBKEY
572.Fa "FILE *fp"
573.Fa "EC_KEY *x"
574.Fc
575.Ft X509 *
576.Fo PEM_read_bio_X509
577.Fa "BIO *bp"
578.Fa "X509 **x"
579.Fa "pem_password_cb *cb"
580.Fa "void *u"
581.Fc
582.Ft X509 *
583.Fo PEM_read_X509
584.Fa "FILE *fp"
585.Fa "X509 **x"
586.Fa "pem_password_cb *cb"
587.Fa "void *u"
588.Fc
589.Ft int
590.Fo PEM_write_bio_X509
591.Fa "BIO *bp"
592.Fa "X509 *x"
593.Fc
594.Ft int
595.Fo PEM_write_X509
596.Fa "FILE *fp"
597.Fa "X509 *x"
598.Fc
599.Ft X509 *
600.Fo PEM_read_bio_X509_AUX
601.Fa "BIO *bp"
602.Fa "X509 **x"
603.Fa "pem_password_cb *cb"
604.Fa "void *u"
605.Fc
606.Ft X509 *
607.Fo PEM_read_X509_AUX
608.Fa "FILE *fp"
609.Fa "X509 **x"
610.Fa "pem_password_cb *cb"
611.Fa "void *u"
612.Fc
613.Ft int
614.Fo PEM_write_bio_X509_AUX
615.Fa "BIO *bp"
616.Fa "X509 *x"
617.Fc
618.Ft int
619.Fo PEM_write_X509_AUX
620.Fa "FILE *fp"
621.Fa "X509 *x"
622.Fc
623.Ft X509_REQ *
624.Fo PEM_read_bio_X509_REQ
625.Fa "BIO *bp"
626.Fa "X509_REQ **x"
627.Fa "pem_password_cb *cb"
628.Fa "void *u"
629.Fc
630.Ft X509_REQ *
631.Fo PEM_read_X509_REQ
632.Fa "FILE *fp"
633.Fa "X509_REQ **x"
634.Fa "pem_password_cb *cb"
635.Fa "void *u"
636.Fc
637.Ft int
638.Fo PEM_write_bio_X509_REQ
639.Fa "BIO *bp"
640.Fa "X509_REQ *x"
641.Fc
642.Ft int
643.Fo PEM_write_X509_REQ
644.Fa "FILE *fp"
645.Fa "X509_REQ *x"
646.Fc
647.Ft int
648.Fo PEM_write_bio_X509_REQ_NEW
649.Fa "BIO *bp"
650.Fa "X509_REQ *x"
651.Fc
652.Ft int
653.Fo PEM_write_X509_REQ_NEW
654.Fa "FILE *fp"
655.Fa "X509_REQ *x"
656.Fc
657.Ft X509_CRL *
658.Fo PEM_read_bio_X509_CRL
659.Fa "BIO *bp"
660.Fa "X509_CRL **x"
661.Fa "pem_password_cb *cb"
662.Fa "void *u"
663.Fc
664.Ft X509_CRL *
665.Fo PEM_read_X509_CRL
666.Fa "FILE *fp"
667.Fa "X509_CRL **x"
668.Fa "pem_password_cb *cb"
669.Fa "void *u"
670.Fc
671.Ft int
672.Fo PEM_write_bio_X509_CRL
673.Fa "BIO *bp"
674.Fa "X509_CRL *x"
675.Fc
676.Ft int
677.Fo PEM_write_X509_CRL
678.Fa "FILE *fp"
679.Fa "X509_CRL *x"
680.Fc
681.Ft PKCS7 *
682.Fo PEM_read_bio_PKCS7
683.Fa "BIO *bp"
684.Fa "PKCS7 **x"
685.Fa "pem_password_cb *cb"
686.Fa "void *u"
687.Fc
688.Ft PKCS7 *
689.Fo PEM_read_PKCS7
690.Fa "FILE *fp"
691.Fa "PKCS7 **x"
692.Fa "pem_password_cb *cb"
693.Fa "void *u"
694.Fc
695.Ft int
696.Fo PEM_write_bio_PKCS7
697.Fa "BIO *bp"
698.Fa "PKCS7 *x"
699.Fc
700.Ft int
701.Fo PEM_write_PKCS7
702.Fa "FILE *fp"
703.Fa "PKCS7 *x"
704.Fc
705.Ft NETSCAPE_CERT_SEQUENCE *
706.Fo PEM_read_bio_NETSCAPE_CERT_SEQUENCE
707.Fa "BIO *bp"
708.Fa "NETSCAPE_CERT_SEQUENCE **x"
709.Fa "pem_password_cb *cb"
710.Fa "void *u"
711.Fc
712.Ft NETSCAPE_CERT_SEQUENCE *
713.Fo PEM_read_NETSCAPE_CERT_SEQUENCE
714.Fa "FILE *fp"
715.Fa "NETSCAPE_CERT_SEQUENCE **x"
716.Fa "pem_password_cb *cb"
717.Fa "void *u"
718.Fc
719.Ft int
720.Fo PEM_write_bio_NETSCAPE_CERT_SEQUENCE
721.Fa "BIO *bp"
722.Fa "NETSCAPE_CERT_SEQUENCE *x"
723.Fc
724.Ft int
725.Fo PEM_write_NETSCAPE_CERT_SEQUENCE
726.Fa "FILE *fp"
727.Fa "NETSCAPE_CERT_SEQUENCE *x"
728.Fc
729.In openssl/cms.h
730.Ft CMS_ContentInfo *
731.Fo PEM_read_CMS
732.Fa "FILE *fp"
733.Fa "CMS_ContentInfo **x"
734.Fa "pem_password_cb *cb"
735.Fa "void *u"
736.Fc
737.Ft CMS_ContentInfo *
738.Fo PEM_read_bio_CMS
739.Fa "BIO *bp"
740.Fa "CMS_ContentInfo **x"
741.Fa "pem_password_cb *cb"
742.Fa "void *u"
743.Fc
744.Ft int
745.Fo PEM_write_CMS
746.Fa "FILE *fp"
747.Fa "const CMS_ContentInfo *x"
748.Fc
749.Ft int
750.Fo PEM_write_bio_CMS
751.Fa "BIO *bp"
752.Fa "const CMS_ContentInfo *x"
753.Fc
754.Sh DESCRIPTION
755The PEM functions read or write structures in PEM format.
756In this sense PEM format is simply base64-encoded data surrounded by
757header lines.
758.Pp
759For more details about the meaning of arguments see the
760.Sx PEM function arguments
761section.
762.Pp
763Each operation has four functions associated with it.
764For brevity the term
765.Dq Ar TYPE No functions
766will be used to collectively refer to the
767.Fn PEM_read_bio_TYPE ,
768.Fn PEM_read_TYPE ,
769.Fn PEM_write_bio_TYPE ,
770and
771.Fn PEM_write_TYPE
772functions.
773.Pp
774The
775.Sy PrivateKey
776functions read or write a private key in PEM format using an
777.Vt EVP_PKEY
778structure.
779The write routines use "traditional" private key format and can handle
780both RSA and DSA private keys.
781The read functions can additionally transparently handle PKCS#8 format
782encrypted and unencrypted keys too.
783.Pp
784.Fn PEM_write_bio_PKCS8PrivateKey
785and
786.Fn PEM_write_PKCS8PrivateKey
787write a private key in an
788.Vt EVP_PKEY
789structure in PKCS#8
790.Vt EncryptedPrivateKeyInfo
791format using PKCS#5 v2.0 password based encryption algorithms.
792The
793.Fa enc
794argument specifies the encryption algorithm to use: unlike all other PEM
795routines, the encryption is applied at the PKCS#8 level and not in the
796PEM headers.
797If
798.Fa enc
799is
800.Dv NULL ,
801then no encryption is used and a PKCS#8
802.Vt PrivateKeyInfo
803structure is used instead.
804.Pp
805.Fn PEM_write_bio_PKCS8PrivateKey_nid
806and
807.Fn PEM_write_PKCS8PrivateKey_nid
808also write out a private key as a PKCS#8
809.Vt EncryptedPrivateKeyInfo .
810However they use PKCS#5 v1.5 or PKCS#12 encryption algorithms instead.
811The algorithm to use is specified in the
812.Fa nid
813parameter and should be the NID of the corresponding OBJECT IDENTIFIER.
814.Pp
815The
816.Sy PKCS8
817functions process an encrypted private key using an
818.Vt X509_SIG
819structure and the
820.Xr d2i_X509_SIG 3
821function.
822.Pp
823The
824.Sy PKCS8_PRIV_KEY_INFO
825functions process a private key using a
826.Vt PKCS8_PRIV_KEY_INFO
827structure.
828.Pp
829The
830.Sy PUBKEY
831functions process a public key using an
832.Vt EVP_PKEY
833structure.
834The public key is encoded as an ASN.1
835.Vt SubjectPublicKeyInfo
836structure.
837.Pp
838The
839.Sy RSAPrivateKey
840functions process an RSA private key using an
841.Vt RSA
842structure.
843They handle the same formats as the
844.Sy PrivateKey
845functions, but an error occurs if the private key is not RSA.
846.Pp
847The
848.Sy RSAPublicKey
849functions process an RSA public key using an
850.Vt RSA
851structure.
852The public key is encoded using a PKCS#1
853.Vt RSAPublicKey
854structure.
855.Pp
856The
857.Sy RSA_PUBKEY
858functions also process an RSA public key using an
859.Vt RSA
860structure.
861However the public key is encoded using an ASN.1
862.Vt SubjectPublicKeyInfo
863structure and an error occurs if the public key is not RSA.
864.Pp
865The
866.Sy DSAPrivateKey
867functions process a DSA private key using a
868.Vt DSA
869structure.
870They handle the same formats as the
871.Sy PrivateKey
872functions but an error occurs if the private key is not DSA.
873.Pp
874The
875.Sy DSA_PUBKEY
876functions process a DSA public key using a
877.Vt DSA
878structure.
879The public key is encoded using an ASN.1
880.Vt SubjectPublicKeyInfo
881structure and an error occurs if the public key is not DSA.
882.Pp
883The
884.Sy DSAparams
885functions process DSA parameters using a
886.Vt DSA
887structure.
888The parameters are encoded using a Dss-Parms structure as defined in RFC 2459.
889.Pp
890The
891.Sy DHparams
892functions process DH parameters using a
893.Vt DH
894structure.
895The parameters are encoded using a PKCS#3 DHparameter structure.
896.Pp
897The
898.Sy ECPKParameters
899functions process EC parameters using an
900.Vt EC_GROUP
901structure and the
902.Xr d2i_ECPKParameters 3
903function.
904.Pp
905The
906.Sy ECPrivateKey
907functions process an EC private key using an
908.Vt EC_KEY
909structure.
910.Pp
911The
912.Sy EC_PUBKEY
913functions process an EC public key using an
914.Vt EC_KEY
915structure.
916.Pp
917The
918.Sy X509
919functions process an X509 certificate using an
920.Vt X509
921structure.
922They will also process a trusted X509 certificate but any trust settings
923are discarded.
924.Pp
925The
926.Sy X509_AUX
927functions process a trusted X509 certificate using an
928.Vt X509
929structure.
930.Pp
931The
932.Sy X509_REQ
933and
934.Sy X509_REQ_NEW
935functions process a PKCS#10 certificate request using an
936.Vt X509_REQ
937structure.
938The
939.Sy X509_REQ
940write functions use CERTIFICATE REQUEST in the header whereas the
941.Sy X509_REQ_NEW
942functions use NEW CERTIFICATE REQUEST (as required by some CAs).
943The
944.Sy X509_REQ
945read functions will handle either form so there are no
946.Sy X509_REQ_NEW
947read functions.
948.Pp
949The
950.Sy X509_CRL
951functions process an X509 CRL using an
952.Vt X509_CRL
953structure.
954.Pp
955The
956.Sy PKCS7
957functions process a PKCS#7
958.Vt ContentInfo
959using a
960.Vt PKCS7
961structure.
962.Pp
963The
964.Sy NETSCAPE_CERT_SEQUENCE
965functions process a Netscape Certificate Sequence using a
966.Vt NETSCAPE_CERT_SEQUENCE
967structure.
968.Pp
969The
970.Sy CMS
971functions process a
972.Vt CMS_ContentInfo
973structure.
974.Pp
975The old
976.Sy PrivateKey
977write routines are retained for compatibility.
978New applications should write private keys using the
979.Fn PEM_write_bio_PKCS8PrivateKey
980or
981.Fn PEM_write_PKCS8PrivateKey
982routines because they are more secure (they use an iteration count of
9832048 whereas the traditional routines use a count of 1) unless
984compatibility with older versions of OpenSSL is important.
985.Pp
986The
987.Sy PrivateKey
988read routines can be used in all applications because they handle all
989formats transparently.
990.Ss PEM function arguments
991The PEM functions have many common arguments.
992.Pp
993The
994.Fa bp
995parameter specifies the
996.Vt BIO
997to read from or write to.
998.Pp
999The
1000.Fa fp
1001parameter specifies the
1002.Vt FILE
1003pointer to read from or write to.
1004.Pp
1005The PEM read functions all take a pointer to pointer argument
1006.Fa x
1007and return a pointer of the same type.
1008If
1009.Fa x
1010is
1011.Dv NULL ,
1012then the parameter is ignored.
1013If
1014.Fa x
1015is not
1016.Dv NULL
1017but
1018.Pf * Fa x
1019is
1020.Dv NULL ,
1021then the structure returned will be written to
1022.Pf * Fa x .
1023If neither
1024.Fa x
1025nor
1026.Pf * Fa x
1027are
1028.Dv NULL ,
1029then an attempt is made to reuse the structure at
1030.Pf * Fa x ,
1031but see the
1032.Sx BUGS
1033and
1034.Sx EXAMPLES
1035sections.
1036Irrespective of the value of
1037.Fa x ,
1038a pointer to the structure is always returned, or
1039.Dv NULL
1040if an error occurred.
1041.Pp
1042The PEM functions which write private keys take an
1043.Fa enc
1044parameter, which specifies the encryption algorithm to use.
1045Encryption is done at the PEM level.
1046If this parameter is set to
1047.Dv NULL ,
1048then the private key is written in unencrypted form.
1049.Pp
1050The
1051.Fa cb
1052argument is the callback to use when querying for the passphrase used
1053for encrypted PEM structures (normally only private keys).
1054.Pp
1055For the PEM write routines, if the
1056.Fa kstr
1057parameter is not
1058.Dv NULL ,
1059then
1060.Fa klen
1061bytes at
1062.Fa kstr
1063are used as the passphrase and
1064.Fa cb
1065is ignored.
1066.Pp
1067If the
1068.Fa cb
1069parameter is set to
1070.Dv NULL
1071and the
1072.Fa u
1073parameter is not
1074.Dv NULL ,
1075then the
1076.Fa u
1077parameter is interpreted as a null terminated string to use as the
1078passphrase.
1079If both
1080.Fa cb
1081and
1082.Fa u
1083are
1084.Dv NULL ,
1085then the default callback routine is used, which will typically
1086prompt for the passphrase on the current terminal with echoing
1087turned off.
1088.Pp
1089The default passphrase callback is sometimes inappropriate (for example
1090in a GUI application) so an alternative can be supplied.
1091The callback routine has the following form:
1092.Bd -filled -offset inset
1093.Ft int
1094.Fo cb
1095.Fa "char *buf"
1096.Fa "int size"
1097.Fa "int rwflag"
1098.Fa "void *u"
1099.Fc
1100.Ed
1101.Pp
1102.Fa buf
1103is the buffer to write the passphrase to.
1104.Fa size
1105is the maximum length of the passphrase, i.e. the size of
1106.Fa buf .
1107.Fa rwflag
1108is a flag which is set to 0 when reading and 1 when writing.
1109A typical routine will ask the user to verify the passphrase (for
1110example by prompting for it twice) if
1111.Fa rwflag
1112is 1.
1113The
1114.Fa u
1115parameter has the same value as the
1116.Fa u
1117parameter passed to the PEM routine.
1118It allows arbitrary data to be passed to the callback by the application
1119(for example a window handle in a GUI application).
1120The callback must return the number of characters in the passphrase
1121or -1 if an error occurred.
1122.Ss PEM encryption format
1123This old
1124.Sy PrivateKey
1125routines use a non-standard technique for encryption.
1126.Pp
1127The private key (or other data) takes the following form:
1128.Bd -literal -offset indent
1129-----BEGIN RSA PRIVATE KEY-----
1130Proc-Type: 4,ENCRYPTED
1131DEK-Info: DES-EDE3-CBC,3F17F5316E2BAC89
1132
1133\&...base64 encoded data...
1134-----END RSA PRIVATE KEY-----
1135.Ed
1136.Pp
1137The line beginning with
1138.Dq DEK-Info
1139contains two comma separated pieces of information:
1140the encryption algorithm name as used by
1141.Xr EVP_get_cipherbyname 3
1142and an 8-byte salt encoded as a set of hexadecimal digits.
1143.Pp
1144After this is the base64-encoded encrypted data.
1145.Pp
1146The encryption key is determined using
1147.Xr EVP_BytesToKey 3 ,
1148using the salt and an iteration count of 1.
1149The IV used is the value of the salt and *not* the IV returned by
1150.Xr EVP_BytesToKey 3 .
1151.Sh RETURN VALUES
1152The read routines return either a pointer to the structure read or
1153.Dv NULL
1154if an error occurred.
1155.Pp
1156The write routines return 1 for success or 0 for failure.
1157.Sh EXAMPLES
1158Although the PEM routines take several arguments, in almost all
1159applications most of them are set to 0 or
1160.Dv NULL .
1161.Pp
1162Read a certificate in PEM format from a
1163.Vt BIO :
1164.Bd -literal -offset indent
1165X509 *x;
1166x = PEM_read_bio_X509(bp, NULL, 0, NULL);
1167if (x == NULL) {
1168	/* Error */
1169}
1170.Ed
1171.Pp
1172Alternative method:
1173.Bd -literal -offset indent
1174X509 *x = NULL;
1175if (!PEM_read_bio_X509(bp, &x, 0, NULL)) {
1176	/* Error */
1177}
1178.Ed
1179.Pp
1180Write a certificate to a
1181.Vt BIO :
1182.Bd -literal -offset indent
1183if (!PEM_write_bio_X509(bp, x)) {
1184	/* Error */
1185}
1186.Ed
1187.Pp
1188Write an unencrypted private key to a
1189.Vt FILE :
1190.Bd -literal -offset indent
1191if (!PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL)) {
1192	/* Error */
1193}
1194.Ed
1195.Pp
1196Write a private key (using traditional format) to a
1197.Vt BIO
1198using triple DES encryption; the pass phrase is prompted for:
1199.Bd -literal -offset indent
1200if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(),
1201    NULL, 0, 0, NULL)) {
1202	/* Error */
1203}
1204.Ed
1205.Pp
1206Write a private key (using PKCS#8 format) to a
1207.Vt BIO
1208using triple DES encryption, using the pass phrase "hello":
1209.Bd -literal -offset indent
1210if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(),
1211    NULL, 0, 0, "hello")) {
1212	/* Error */
1213}
1214.Ed
1215.Pp
1216Read a private key from a
1217.Vt BIO
1218using the pass phrase "hello":
1219.Bd -literal -offset indent
1220key = PEM_read_bio_PrivateKey(bp, NULL, 0, "hello");
1221if (key == NULL) {
1222	/* Error */
1223}
1224.Ed
1225.Pp
1226Read a private key from a
1227.Vt BIO
1228using a pass phrase callback:
1229.Bd -literal -offset indent
1230key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key");
1231if (key == NULL) {
1232	/* Error */
1233}
1234.Ed
1235.Pp
1236Skeleton pass phrase callback:
1237.Bd -literal -offset indent
1238int
1239pass_cb(char *buf, int size, int rwflag, void *u)
1240{
1241	char	*tmp;
1242	size_t	 len;
1243
1244	/* We'd probably do something else if 'rwflag' is 1 */
1245	printf("Enter pass phrase for \e"%s\e"\en", u);
1246
1247	/*
1248	 * Instead of the following line, get the passphrase
1249	 * from the user in some way.
1250	 */
1251	tmp = "hello";
1252	if (tmp == NULL) /* An error occurred. */
1253		return -1;
1254
1255	len = strlen(tmp);
1256	if (len == 0) /* Treat an empty passphrase as an error, too. */
1257		return -1;
1258
1259	/* if too long, truncate */
1260	if (len > size)
1261		len = size;
1262	memcpy(buf, tmp, len);
1263	return len;
1264}
1265.Ed
1266.Sh SEE ALSO
1267.Xr BIO_new 3 ,
1268.Xr DSA_new 3 ,
1269.Xr PEM_bytes_read_bio 3 ,
1270.Xr PEM_read 3 ,
1271.Xr PEM_write_bio_PKCS7_stream 3 ,
1272.Xr RSA_new 3 ,
1273.Xr X509_CRL_new 3 ,
1274.Xr X509_REQ_new 3 ,
1275.Xr X509_SIG_new 3
1276.Sh HISTORY
1277.Fn PEM_read_X509
1278and
1279.Fn PEM_write_X509
1280appeared in SSLeay 0.4 or earlier.
1281.Fn PEM_read_X509_REQ ,
1282.Fn PEM_write_X509_REQ ,
1283.Fn PEM_read_X509_CRL ,
1284and
1285.Fn PEM_write_X509_CRL
1286first appeared in SSLeay 0.4.4.
1287.Fn PEM_read_RSAPrivateKey ,
1288.Fn PEM_write_RSAPrivateKey ,
1289.Fn PEM_read_DHparams ,
1290.Fn PEM_write_DHparams ,
1291.Fn PEM_read_PKCS7 ,
1292and
1293.Fn PEM_write_PKCS7
1294first appeared in SSLeay 0.5.1.
1295.Fn PEM_read_bio_PrivateKey ,
1296.Fn PEM_read_PrivateKey ,
1297.Fn PEM_read_bio_RSAPrivateKey ,
1298.Fn PEM_write_bio_RSAPrivateKey ,
1299.Fn PEM_read_bio_DSAPrivateKey ,
1300.Fn PEM_read_DSAPrivateKey ,
1301.Fn PEM_write_bio_DSAPrivateKey ,
1302.Fn PEM_write_DSAPrivateKey ,
1303.Fn PEM_read_bio_DHparams ,
1304.Fn PEM_write_bio_DHparams ,
1305.Fn PEM_read_bio_X509 ,
1306.Fn PEM_write_bio_X509 ,
1307.Fn PEM_read_bio_X509_REQ ,
1308.Fn PEM_write_bio_X509_REQ ,
1309.Fn PEM_read_bio_X509_CRL ,
1310.Fn PEM_write_bio_X509_CRL ,
1311.Fn PEM_read_bio_PKCS7 ,
1312and
1313.Fn PEM_write_bio_PKCS7
1314first appeared in SSLeay 0.6.0.
1315.Fn PEM_write_bio_PrivateKey ,
1316.Fn PEM_write_PrivateKey ,
1317.Fn PEM_read_bio_DSAparams ,
1318.Fn PEM_read_DSAparams ,
1319.Fn PEM_write_bio_DSAparams ,
1320and
1321.Fn PEM_write_DSAparams
1322first appeared in SSLeay 0.8.0.
1323.Fn PEM_read_bio_RSAPublicKey ,
1324.Fn PEM_read_RSAPublicKey ,
1325.Fn PEM_write_bio_RSAPublicKey ,
1326and
1327.Fn PEM_write_RSAPublicKey
1328first appeared in SSLeay 0.8.1.
1329All these functions have been available since
1330.Ox 2.4 .
1331.Pp
1332.Fn PEM_write_bio_PKCS8PrivateKey ,
1333.Fn PEM_write_PKCS8PrivateKey ,
1334.Fn PEM_read_bio_PKCS8 ,
1335.Fn PEM_read_PKCS8 ,
1336.Fn PEM_write_bio_PKCS8 ,
1337.Fn PEM_write_PKCS8 ,
1338.Fn PEM_read_bio_PKCS8_PRIV_KEY_INFO ,
1339.Fn PEM_read_PKCS8_PRIV_KEY_INFO ,
1340.Fn PEM_write_bio_PKCS8_PRIV_KEY_INFO ,
1341.Fn PEM_write_PKCS8_PRIV_KEY_INFO ,
1342.Fn PEM_read_bio_NETSCAPE_CERT_SEQUENCE ,
1343.Fn PEM_read_NETSCAPE_CERT_SEQUENCE ,
1344.Fn PEM_write_bio_NETSCAPE_CERT_SEQUENCE ,
1345and
1346.Fn PEM_write_NETSCAPE_CERT_SEQUENCE
1347first appeared in OpenSSL 0.9.4 and have been available since
1348.Ox 2.6 .
1349.Pp
1350.Fn PEM_write_bio_PKCS8PrivateKey_nid ,
1351.Fn PEM_write_PKCS8PrivateKey_nid ,
1352.Fn PEM_read_bio_PUBKEY ,
1353.Fn PEM_read_PUBKEY ,
1354.Fn PEM_write_bio_PUBKEY ,
1355.Fn PEM_write_PUBKEY ,
1356.Fn PEM_read_bio_RSA_PUBKEY ,
1357.Fn PEM_read_RSA_PUBKEY ,
1358.Fn PEM_write_bio_RSA_PUBKEY ,
1359.Fn PEM_write_RSA_PUBKEY ,
1360.Fn PEM_read_bio_DSA_PUBKEY ,
1361.Fn PEM_read_DSA_PUBKEY ,
1362.Fn PEM_write_bio_DSA_PUBKEY ,
1363.Fn PEM_write_DSA_PUBKEY ,
1364.Fn PEM_write_bio_X509_REQ_NEW ,
1365.Fn PEM_write_X509_REQ_NEW ,
1366.Fn PEM_read_bio_X509_AUX ,
1367.Fn PEM_read_X509_AUX ,
1368.Fn PEM_write_bio_X509_AUX ,
1369and
1370.Fn PEM_write_X509_AUX
1371first appeared in OpenSSL 0.9.5 and have been available since
1372.Ox 2.7 .
1373.Pp
1374.Fn PEM_read_bio_ECPKParameters ,
1375.Fn PEM_read_ECPKParameters ,
1376.Fn PEM_write_bio_ECPKParameters ,
1377.Fn PEM_write_ECPKParameters ,
1378.Fn PEM_read_bio_ECPrivateKey ,
1379.Fn PEM_read_ECPrivateKey ,
1380.Fn PEM_write_bio_ECPrivateKey ,
1381.Fn PEM_write_ECPrivateKey ,
1382.Fn PEM_read_bio_EC_PUBKEY ,
1383.Fn PEM_read_EC_PUBKEY ,
1384.Fn PEM_write_bio_EC_PUBKEY ,
1385and
1386.Fn PEM_write_EC_PUBKEY
1387first appeared in OpenSSL 0.9.8 and have been available since
1388.Ox 4.5 .
1389.Pp
1390.Fn PEM_read_CMS ,
1391.Fn PEM_read_bio_CMS ,
1392.Fn PEM_write_CMS ,
1393and
1394.Fn PEM_write_bio_CMS
1395first appeared in OpenSSL 0.9.8h and have been available since
1396.Ox 6.7 .
1397.Sh CAVEATS
1398A frequent cause of problems is attempting to use the PEM routines like
1399this:
1400.Bd -literal -offset indent
1401X509 *x;
1402PEM_read_bio_X509(bp, &x, 0, NULL);
1403.Ed
1404.Pp
1405This is a bug because an attempt will be made to reuse the data at
1406.Fa x ,
1407which is an uninitialised pointer.
1408.Pp
1409These functions make no assumption regarding the pass phrase received
1410from the password callback.
1411It will simply be treated as a byte sequence.
1412.Sh BUGS
1413The PEM read routines in some versions of OpenSSL will not correctly
1414reuse an existing structure.
1415Therefore
1416.Pp
1417.Dl PEM_read_bio_X509(bp, &x, 0, NULL);
1418.Pp
1419where
1420.Fa x
1421already contains a valid certificate may not work, whereas
1422.Bd -literal -offset indent
1423X509_free(x);
1424x = PEM_read_bio_X509(bp, NULL, 0, NULL);
1425.Ed
1426.Pp
1427is guaranteed to work.
1428