DragonFly On-Line Manual Pages

Search: Section:  

PEM_READ(3)	      DragonFly Library Functions Manual	   PEM_READ(3)


NAME

     PEM_write, PEM_write_bio, PEM_read, PEM_read_bio, PEM_do_header,
     PEM_get_EVP_CIPHER_INFO -- PEM encoding routines


SYNOPSIS

     #include <openssl/pem.h>

     int
     PEM_write(FILE *fp, const char *name, const char *header,
	 const unsigned char *data, long len);

     int
     PEM_write_bio(BIO *bp, const char *name, const char *header,
	 ocnst unsigned char *data, long len);

     int
     PEM_read(FILE *fp, char **name, char **header, unsigned char **data,
	 long *len);

     int
     PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
	 long *len);

     int
     PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cinfo);

     int
     PEM_do_header(EVP_CIPHER_INFO *cinfo, unsigned char *data, long *len,
	 pem_password_cb *cb, void *u);


DESCRIPTION

     These functions read and write PEM-encoded objects, using the PEM type
     name, any additional header information, and the raw data of length len.

     PEM is the binary content encoding first defined in IETF RFC 1421.  The
     content is a series of base64-encoded lines, surrounded by begin/end
     markers each on their own line.  For example:

	   -----BEGIN PRIVATE KEY-----
	   MIICdg....
	   ... bhTQ==
	   -----END PRIVATE KEY-----

     Optional header line(s) may appear after the begin line, and their exis-
     tence depends on the type of object being written or read.

     PEM_write() writes to the file fp, while PEM_write_bio() writes to the
     BIO bp.  The name is the name to use in the marker, the header is the
     header value or NULL, and data and len specify the data and its length.

     The final data buffer is typically an ASN.1 object which can be decoded
     with the d2i_*() function appropriate to the type name; see d2i_X509(3)
     for examples.

     PEM_read() reads from the file fp, while PEM_read_bio() reads from the
     BIO bp.  Both skip any non-PEM data that precedes the start of the next
     PEM object.  When an object is successfully retrieved, the type name from
     the "----BEGIN <type>-----" is returned via the name argument, any encap-
     sulation headers are returned in header, and the base64-decoded content
     and its length are returned via data and len, respectively.  The name,
     header, and data pointers should be freed by the caller when no longer
     needed.

     The remaining functions are deprecated because the underlying PEM encryp-
     tion format is obsolete and should be avoided.  It uses an encryption
     format with an OpenSSL-specific key-derivation function, which employs
     MD5 with an iteration count of 1.	Instead, private keys should be stored
     in PKCS#8 form, with a strong PKCS#5 v2.0 PBE; see
     PEM_write_PrivateKey(3) and d2i_PKCS8PrivateKey_bio(3).

     PEM_get_EVP_CIPHER_INFO() can be used to determine the data returned by
     PEM_read() or PEM_read_bio() is encrypted and to retrieve the associated
     cipher and IV.  The caller passes a pointer to a structure of type
     EVP_CIPHER_INFO via the cinfo argument and the header returned via
     PEM_read() or PEM_read_bio().  If the call is successful, 1 is returned
     and the cipher and IV are stored at the address pointed to by cinfo.
     When the header is malformed or not supported or when the cipher is
     unknown or some internal error happens, 0 is returned.

     PEM_do_header() can then be used to decrypt the data if the header indi-
     cates encryption.	The cinfo argument is a pointer to the structure ini-
     tialized by the previous call to PEM_get_EVP_CIPHER_INFO().  The data and
     len arguments are those returned by the previous call to PEM_read() or
     PEM_read_bio().  The cb and u arguments make it possible to override the
     default password prompt function as described in PEM_read_PrivateKey(3).
     On successful completion, the data is decrypted in place, and len is
     updated to indicate the plaintext length.

     If the data is a priori known to not be encrypted, then neither
     PEM_do_header() nor PEM_get_EVP_CIPHER_INFO() need to be called.


RETURN VALUES

     PEM_read() and PEM_read_bio() return 1 on success or 0 on failure.  The
     latter includes the case when no more PEM objects remain in the input
     file.  To distinguish end of file from more serious errors, the caller
     must peek at the error stack and check for PEM_R_NO_START_LINE, which
     indicates that no more PEM objects were found.  See
     ERR_peek_last_error(3) and ERR_GET_REASON(3).

     PEM_get_EVP_CIPHER_INFO() and PEM_do_header() return 1 on success or 0 on
     failure.  The data is likely meaningless if these functions fail.


SEE ALSO

     d2i_PKCS8PrivateKey_bio(3), ERR_GET_LIB(3), ERR_peek_last_error(3),
     PEM_bytes_read_bio(3), PEM_read_bio_PrivateKey(3)


HISTORY

     PEM_write(), PEM_read(), and PEM_do_header() appeared in SSLeay 0.4 or
     earlier.  PEM_get_EVP_CIPHER_INFO() first appeared in SSLeay 0.5.1.
     PEM_write_bio() and PEM_read_bio() first appeared in SSLeay 0.6.0.  These
     functions have been available since OpenBSD 2.4.

DragonFly 5.5			 May 13, 2018			 DragonFly 5.5

Search: Section: