|  | =pod | 
|  |  | 
|  | =head1 NAME | 
|  |  | 
|  | PEM_write, PEM_write_bio, | 
|  | PEM_read, PEM_read_bio, PEM_do_header, PEM_get_EVP_CIPHER_INFO | 
|  | - PEM encoding routines | 
|  |  | 
|  | =head1 SYNOPSIS | 
|  |  | 
|  | #include <openssl/pem.h> | 
|  |  | 
|  | int PEM_write(FILE *fp, const char *name, const char *header, | 
|  | const unsigned char *data, long len); | 
|  | int PEM_write_bio(BIO *bp, const char *name, const char *header, | 
|  | const unsigned char *data, long len); | 
|  |  | 
|  | int PEM_read(FILE *fp, char **name, char **header, | 
|  | unsigned char **data, long *len); | 
|  | int PEM_read_bio(BIO *bp, char **name, char **header, | 
|  | unsigned char **data, long *len); | 
|  |  | 
|  | int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cinfo); | 
|  | int PEM_do_header(EVP_CIPHER_INFO *cinfo, unsigned char *data, long *len, | 
|  | pem_password_cb *cb, void *u); | 
|  |  | 
|  | =head1 DESCRIPTION | 
|  |  | 
|  | These functions read and write PEM-encoded objects, using the PEM | 
|  | type B<name>, any additional B<header> information, and the raw | 
|  | B<data> of length B<len>. | 
|  |  | 
|  | PEM is the term used for binary content encoding first defined in IETF | 
|  | RFC 1421.  The content is a series of base64-encoded lines, surrounded | 
|  | by begin/end markers each on their own line.  For example: | 
|  |  | 
|  | -----BEGIN PRIVATE KEY----- | 
|  | MIICdg.... | 
|  | ... bhTQ== | 
|  | -----END PRIVATE KEY----- | 
|  |  | 
|  | Optional header line(s) may appear after the begin line, and their | 
|  | existence depends on the type of object being written or read. | 
|  |  | 
|  | PEM_write() writes to the file B<fp>, while PEM_write_bio() writes to | 
|  | the BIO B<bp>.  The B<name> is the name to use in the marker, the | 
|  | B<header> is the header value or NULL, and B<data> and B<len> specify | 
|  | the data and its length. | 
|  |  | 
|  | The final B<data> buffer is typically an ASN.1 object which can be decoded with | 
|  | the B<d2i> function appropriate to the type B<name>; see L<d2i_X509(3)> | 
|  | for examples. | 
|  |  | 
|  | PEM_read() reads from the file B<fp>, while PEM_read_bio() reads | 
|  | from the BIO B<bp>. | 
|  | Both skip any non-PEM data that precedes the start of the next PEM object. | 
|  | When an object is successfully retrieved, the type name from the "----BEGIN | 
|  | <type>-----" is returned via the B<name> argument, any encapsulation headers | 
|  | are returned in B<header> and the base64-decoded content and its length are | 
|  | returned via B<data> and B<len> respectively. | 
|  | The B<name>, B<header> and B<data> pointers are allocated via OPENSSL_malloc() | 
|  | and should be freed by the caller via OPENSSL_free() when no longer needed. | 
|  |  | 
|  | PEM_get_EVP_CIPHER_INFO() can be used to determine the B<data> returned by | 
|  | PEM_read() or PEM_read_bio() is encrypted and to retrieve the associated cipher | 
|  | and IV. | 
|  | The caller passes a pointer to structure of type B<EVP_CIPHER_INFO> via the | 
|  | B<cinfo> argument and the B<header> returned via PEM_read() or PEM_read_bio(). | 
|  | If the call is successful 1 is returned and the cipher and IV are stored at the | 
|  | address pointed to by B<cinfo>. | 
|  | When the header is malformed, or not supported or when the cipher is unknown | 
|  | or some internal error happens 0 is returned. | 
|  | This function is deprecated, see B<NOTES> below. | 
|  |  | 
|  | PEM_do_header() can then be used to decrypt the data if the header | 
|  | indicates encryption. | 
|  | The B<cinfo> argument is a pointer to the structure initialized by the previous | 
|  | call to PEM_get_EVP_CIPHER_INFO(). | 
|  | The B<data> and B<len> arguments are those returned by the previous call to | 
|  | PEM_read() or PEM_read_bio(). | 
|  | The B<cb> and B<u> arguments make it possible to override the default password | 
|  | prompt function as described in L<PEM_read_PrivateKey(3)>. | 
|  | On successful completion the B<data> is decrypted in place, and B<len> is | 
|  | updated to indicate the plaintext length. | 
|  | This function is deprecated, see B<NOTES> below. | 
|  |  | 
|  | If the data is a priori known to not be encrypted, then neither PEM_do_header() | 
|  | nor PEM_get_EVP_CIPHER_INFO() need be called. | 
|  |  | 
|  | =head1 RETURN VALUES | 
|  |  | 
|  | PEM_read() and PEM_read_bio() return 1 on success and 0 on failure, the latter | 
|  | includes the case when no more PEM objects remain in the input file. | 
|  | To distinguish end of file from more serious errors the caller must peek at the | 
|  | error stack and check for B<PEM_R_NO_START_LINE>, which indicates that no more | 
|  | PEM objects were found.  See L<ERR_peek_last_error(3)>, L<ERR_GET_REASON(3)>. | 
|  |  | 
|  | PEM_get_EVP_CIPHER_INFO() and PEM_do_header() return 1 on success, and 0 on | 
|  | failure. | 
|  | The B<data> is likely meaningless if these functions fail. | 
|  |  | 
|  | =head1 NOTES | 
|  |  | 
|  | The PEM_get_EVP_CIPHER_INFO() and PEM_do_header() functions are deprecated. | 
|  | This is because the underlying PEM encryption format is obsolete, and should | 
|  | be avoided. | 
|  | It uses an encryption format with an OpenSSL-specific key-derivation function, | 
|  | which employs MD5 with an iteration count of 1! | 
|  | Instead, private keys should be stored in PKCS#8 form, with a strong PKCS#5 | 
|  | v2.0 PBE. | 
|  | See L<PEM_write_PrivateKey(3)> and L<d2i_PKCS8PrivateKey_bio(3)>. | 
|  |  | 
|  | PEM_do_header() makes no assumption regarding the pass phrase received from the | 
|  | password callback. | 
|  | It will simply be treated as a byte sequence. | 
|  |  | 
|  | =head1 SEE ALSO | 
|  |  | 
|  | L<ERR_peek_last_error(3)>, L<ERR_GET_LIB(3)>, | 
|  | L<d2i_PKCS8PrivateKey_bio(3)>, | 
|  | L<passphrase-encoding(7)> | 
|  |  | 
|  | =head1 COPYRIGHT | 
|  |  | 
|  | Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved. | 
|  |  | 
|  | Licensed under the Apache License 2.0 (the "License").  You may not use | 
|  | this file except in compliance with the License.  You can obtain a copy | 
|  | in the file LICENSE in the source distribution or at | 
|  | L<https://www.openssl.org/source/license.html>. | 
|  |  | 
|  | =cut |