]> git.ipfire.org Git - thirdparty/openssl.git/blame - doc/crypto/PEM_read_bio_PrivateKey.pod
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
More doc cleanup
[thirdparty/openssl.git] / doc / crypto / PEM_read_bio_PrivateKey.pod
CommitLineData
a29d78e9
DSH		 1=pod
2
3=head1 NAME
4
c952780c 5PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey,
05dba815
DSH		 6PEM_write_bio_PrivateKey_traditional, PEM_write_PrivateKey,
7PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey,
f097f81c
DSH		 8PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid,
9PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY,
10PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey,
11PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey,
12PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey,
13PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY,
14PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey,
15PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey,
16PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY,
17PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams,
18PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams,
19PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams,
20PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509,
21PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX,
22PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ,
23PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW,
24PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL,
25PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7,
a0474357 26PEM_write_bio_PKCS7, PEM_write_PKCS7 - PEM routines
a29d78e9
DSH		 27
28=head1 SYNOPSIS
29
30 #include <openssl/pem.h>
31
32 EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x,
a0474357 33 pem_password_cb *cb, void *u);
a29d78e9 34 EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x,
a0474357 35 pem_password_cb *cb, void *u);
a29d78e9 36 int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
a0474357
RS		 37 unsigned char *kstr, int klen,
38 pem_password_cb *cb, void *u);
05dba815
DSH		 39 int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x,
40 const EVP_CIPHER *enc,
41 unsigned char *kstr, int klen,
42 pem_password_cb *cb, void *u);
a29d78e9 43 int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
a0474357
RS		 44 unsigned char *kstr, int klen,
45 pem_password_cb *cb, void *u);
a29d78e9
DSH		 46
47 int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
a0474357
RS		 48 char *kstr, int klen,
49 pem_password_cb *cb, void *u);
a29d78e9 50 int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
a0474357
RS		 51 char *kstr, int klen,
52 pem_password_cb *cb, void *u);
a29d78e9 53 int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
a0474357
RS		 54 char *kstr, int klen,
55 pem_password_cb *cb, void *u);
a29d78e9 56 int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
a0474357
RS		 57 char *kstr, int klen,
58 pem_password_cb *cb, void *u);
a29d78e9
DSH		 59
60 EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x,
a0474357 61 pem_password_cb *cb, void *u);
a29d78e9 62 EVP_PKEY *PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x,
a0474357 63 pem_password_cb *cb, void *u);
a29d78e9
DSH		 64 int PEM_write_bio_PUBKEY(BIO *bp, EVP_PKEY *x);
65 int PEM_write_PUBKEY(FILE *fp, EVP_PKEY *x);
66
67 RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **x,
a0474357 68 pem_password_cb *cb, void *u);
a29d78e9 69 RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **x,
a0474357 70 pem_password_cb *cb, void *u);
a29d78e9 71 int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
a0474357
RS		 72 unsigned char *kstr, int klen,
73 pem_password_cb *cb, void *u);
a29d78e9 74 int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
a0474357
RS		 75 unsigned char *kstr, int klen,
76 pem_password_cb *cb, void *u);
a29d78e9
DSH		 77
78 RSA *PEM_read_bio_RSAPublicKey(BIO *bp, RSA **x,
a0474357 79 pem_password_cb *cb, void *u);
a29d78e9 80 RSA *PEM_read_RSAPublicKey(FILE *fp, RSA **x,
a0474357 81 pem_password_cb *cb, void *u);
a29d78e9 82 int PEM_write_bio_RSAPublicKey(BIO *bp, RSA *x);
a29d78e9
DSH		 83 int PEM_write_RSAPublicKey(FILE *fp, RSA *x);
84
85 RSA *PEM_read_bio_RSA_PUBKEY(BIO *bp, RSA **x,
a0474357 86 pem_password_cb *cb, void *u);
a29d78e9 87 RSA *PEM_read_RSA_PUBKEY(FILE *fp, RSA **x,
a0474357 88 pem_password_cb *cb, void *u);
a29d78e9 89 int PEM_write_bio_RSA_PUBKEY(BIO *bp, RSA *x);
a29d78e9
DSH		 90 int PEM_write_RSA_PUBKEY(FILE *fp, RSA *x);
91
92 DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **x,
a0474357 93 pem_password_cb *cb, void *u);
a29d78e9 94 DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **x,
a0474357 95 pem_password_cb *cb, void *u);
a29d78e9 96 int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
a0474357
RS		 97 unsigned char *kstr, int klen,
98 pem_password_cb *cb, void *u);
a29d78e9 99 int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
a0474357
RS		 100 unsigned char *kstr, int klen,
101 pem_password_cb *cb, void *u);
a29d78e9
DSH		 102
103 DSA *PEM_read_bio_DSA_PUBKEY(BIO *bp, DSA **x,
a0474357 104 pem_password_cb *cb, void *u);
a29d78e9 105 DSA *PEM_read_DSA_PUBKEY(FILE *fp, DSA **x,
a0474357 106 pem_password_cb *cb, void *u);
a29d78e9 107 int PEM_write_bio_DSA_PUBKEY(BIO *bp, DSA *x);
a29d78e9
DSH		 108 int PEM_write_DSA_PUBKEY(FILE *fp, DSA *x);
109
110 DSA *PEM_read_bio_DSAparams(BIO *bp, DSA **x, pem_password_cb *cb, void *u);
a29d78e9 111 DSA *PEM_read_DSAparams(FILE *fp, DSA **x, pem_password_cb *cb, void *u);
a29d78e9 112 int PEM_write_bio_DSAparams(BIO *bp, DSA *x);
a29d78e9
DSH		 113 int PEM_write_DSAparams(FILE *fp, DSA *x);
114
115 DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u);
a29d78e9 116 DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u);
a29d78e9 117 int PEM_write_bio_DHparams(BIO *bp, DH *x);
a29d78e9
DSH		 118 int PEM_write_DHparams(FILE *fp, DH *x);
119
120 X509 *PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
a29d78e9 121 X509 *PEM_read_X509(FILE *fp, X509 **x, pem_password_cb *cb, void *u);
a29d78e9 122 int PEM_write_bio_X509(BIO *bp, X509 *x);
a29d78e9
DSH		 123 int PEM_write_X509(FILE *fp, X509 *x);
124
125 X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
a29d78e9 126 X509 *PEM_read_X509_AUX(FILE *fp, X509 **x, pem_password_cb *cb, void *u);
a29d78e9 127 int PEM_write_bio_X509_AUX(BIO *bp, X509 *x);
a29d78e9
DSH		 128 int PEM_write_X509_AUX(FILE *fp, X509 *x);
129
130 X509_REQ *PEM_read_bio_X509_REQ(BIO *bp, X509_REQ **x,
a0474357 131 pem_password_cb *cb, void *u);
a29d78e9 132 X509_REQ *PEM_read_X509_REQ(FILE *fp, X509_REQ **x,
a0474357 133 pem_password_cb *cb, void *u);
a29d78e9 134 int PEM_write_bio_X509_REQ(BIO *bp, X509_REQ *x);
a29d78e9 135 int PEM_write_X509_REQ(FILE *fp, X509_REQ *x);
a29d78e9 136 int PEM_write_bio_X509_REQ_NEW(BIO *bp, X509_REQ *x);
a29d78e9
DSH		 137 int PEM_write_X509_REQ_NEW(FILE *fp, X509_REQ *x);
138
139 X509_CRL *PEM_read_bio_X509_CRL(BIO *bp, X509_CRL **x,
a0474357 140 pem_password_cb *cb, void *u);
a29d78e9 141 X509_CRL *PEM_read_X509_CRL(FILE *fp, X509_CRL **x,
a0474357 142 pem_password_cb *cb, void *u);
a29d78e9
DSH		 143 int PEM_write_bio_X509_CRL(BIO *bp, X509_CRL *x);
144 int PEM_write_X509_CRL(FILE *fp, X509_CRL *x);
145
146 PKCS7 *PEM_read_bio_PKCS7(BIO *bp, PKCS7 **x, pem_password_cb *cb, void *u);
a29d78e9 147 PKCS7 *PEM_read_PKCS7(FILE *fp, PKCS7 **x, pem_password_cb *cb, void *u);
a29d78e9 148 int PEM_write_bio_PKCS7(BIO *bp, PKCS7 *x);
a29d78e9
DSH		 149 int PEM_write_PKCS7(FILE *fp, PKCS7 *x);
150
a29d78e9
DSH		 151=head1 DESCRIPTION
152
153The PEM functions read or write structures in PEM format. In
154this sense PEM format is simply base64 encoded data surrounded
155by header lines.
156
157For more details about the meaning of arguments see the
158B<PEM FUNCTION ARGUMENTS> section.
159
160Each operation has four functions associated with it. For
161clarity the term "B<foobar> functions" will be used to collectively
162refer to the PEM_read_bio_foobar(), PEM_read_foobar(),
163PEM_write_bio_foobar() and PEM_write_foobar() functions.
164
05dba815
DSH		 165The B<PrivateKey> functions read or write a private key in PEM format using an
166EVP_PKEY structure. The write routines use PKCS#8 private key format and are
167equivalent to PEM_write_bio_PKCS8PrivateKey().The read functions transparently
168handle traditional and PKCS#8 format encrypted and unencrypted keys.
a29d78e9 169
05dba815
DSH		 170PEM_write_bio_PrivateKey_traditional() writes out a private key in legacy
171"traditional" format.
172
173PEM_write_bio_PKCS8PrivateKey() and PEM_write_PKCS8PrivateKey() write a private
174key in an EVP_PKEY structure in PKCS#8 EncryptedPrivateKeyInfo format using
175PKCS#5 v2.0 password based encryption algorithms. The B<cipher> argument
176specifies the encryption algorithm to use: unlike some other PEM routines the
177encryption is applied at the PKCS#8 level and not in the PEM headers. If
178B<cipher> is NULL then no encryption is used and a PKCS#8 PrivateKeyInfo
179structure is used instead.
a29d78e9
DSH		 180
181PEM_write_bio_PKCS8PrivateKey_nid() and PEM_write_PKCS8PrivateKey_nid()
182also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however
183it uses PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. The algorithm
184to use is specified in the B<nid> parameter and should be the NID of the
185corresponding OBJECT IDENTIFIER (see NOTES section).
186
187The B<PUBKEY> functions process a public key using an EVP_PKEY
188structure. The public key is encoded as a SubjectPublicKeyInfo
189structure.
190
191The B<RSAPrivateKey> functions process an RSA private key using an
05dba815
DSH		 192RSA structure. The write routines uses traditional format. The read
193routines handles the same formats as the B<PrivateKey>
a29d78e9
DSH		 194functions but an error occurs if the private key is not RSA.
195
196The B<RSAPublicKey> functions process an RSA public key using an
197RSA structure. The public key is encoded using a PKCS#1 RSAPublicKey
198structure.
199
200The B<RSA_PUBKEY> functions also process an RSA public key using
201an RSA structure. However the public key is encoded using a
202SubjectPublicKeyInfo structure and an error occurs if the public
203key is not RSA.
204
205The B<DSAPrivateKey> functions process a DSA private key using a
05dba815
DSH		 206DSA structure. The write routines uses traditional format. The read
207routines handles the same formats as the B<PrivateKey>
a29d78e9
DSH		 208functions but an error occurs if the private key is not DSA.
209
210The B<DSA_PUBKEY> functions process a DSA public key using
211a DSA structure. The public key is encoded using a
212SubjectPublicKeyInfo structure and an error occurs if the public
213key is not DSA.
214
215The B<DSAparams> functions process DSA parameters using a DSA
f097f81c
DSH		 216structure. The parameters are encoded using a Dss-Parms structure
217as defined in RFC2459.
a29d78e9
DSH		 218
219The B<DHparams> functions process DH parameters using a DH
220structure. The parameters are encoded using a PKCS#3 DHparameter
221structure.
222
223The B<X509> functions process an X509 certificate using an X509
224structure. They will also process a trusted X509 certificate but
225any trust settings are discarded.
226
227The B<X509_AUX> functions process a trusted X509 certificate using
1bc74519 228an X509 structure.
a29d78e9
DSH		 229
230The B<X509_REQ> and B<X509_REQ_NEW> functions process a PKCS#10
231certificate request using an X509_REQ structure. The B<X509_REQ>
232write functions use B<CERTIFICATE REQUEST> in the header whereas
233the B<X509_REQ_NEW> functions use B<NEW CERTIFICATE REQUEST>
234(as required by some CAs). The B<X509_REQ> read functions will
235handle either form so there are no B<X509_REQ_NEW> read functions.
236
237The B<X509_CRL> functions process an X509 CRL using an X509_CRL
238structure.
239
240The B<PKCS7> functions process a PKCS#7 ContentInfo using a PKCS7
241structure.
242
a29d78e9
DSH		 243=head1 PEM FUNCTION ARGUMENTS
244
245The PEM functions have many common arguments.
246
247The B<bp> BIO parameter (if present) specifies the BIO to read from
248or write to.
249
250The B<fp> FILE parameter (if present) specifies the FILE pointer to
251read from or write to.
252
253The PEM read functions all take an argument B<TYPE **x> and return
254a B<TYPE *> pointer. Where B<TYPE> is whatever structure the function
255uses. If B<x> is NULL then the parameter is ignored. If B<x> is not
256NULL but B<*x> is NULL then the structure returned will be written
257to B<*x>. If neither B<x> nor B<*x> is NULL then an attempt is made
258to reuse the structure at B<*x> (but see BUGS and EXAMPLES sections).
259Irrespective of the value of B<x> a pointer to the structure is always
260returned (or NULL if an error occurred).
261
262The PEM functions which write private keys take an B<enc> parameter
263which specifies the encryption algorithm to use, encryption is done
264at the PEM level. If this parameter is set to NULL then the private
265key is written in unencrypted form.
266
267The B<cb> argument is the callback to use when querying for the pass
268phrase used for encrypted PEM structures (normally only private keys).
269
270For the PEM write routines if the B<kstr> parameter is not NULL then
271B<klen> bytes at B<kstr> are used as the passphrase and B<cb> is
272ignored.
273
274If the B<cb> parameters is set to NULL and the B<u> parameter is not
275NULL then the B<u> parameter is interpreted as a null terminated string
276to use as the passphrase. If both B<cb> and B<u> are NULL then the
277default callback routine is used which will typically prompt for the
278passphrase on the current terminal with echoing turned off.
279
280The default passphrase callback is sometimes inappropriate (for example
281in a GUI application) so an alternative can be supplied. The callback
282routine has the following form:
283
284 int cb(char *buf, int size, int rwflag, void *u);
285
286B<buf> is the buffer to write the passphrase to. B<size> is the maximum
287length of the passphrase (i.e. the size of buf). B<rwflag> is a flag
288which is set to 0 when reading and 1 when writing. A typical routine
289will ask the user to verify the passphrase (for example by prompting
290for it twice) if B<rwflag> is 1. The B<u> parameter has the same
291value as the B<u> parameter passed to the PEM routine. It allows
292arbitrary data to be passed to the callback by the application
293(for example a window handle in a GUI application). The callback
294B<must> return the number of characters in the passphrase or 0 if
295an error occurred.
296
297=head1 EXAMPLES
298
299Although the PEM routines take several arguments in almost all applications
300most of them are set to 0 or NULL.
301
302Read a certificate in PEM format from a BIO:
303
304 X509 *x;
e88c5777 305 x = PEM_read_bio_X509(bp, NULL, 0, NULL);
a0474357
RS		 306 if (x == NULL) {
307 /* Error */
308 }
a29d78e9
DSH		 309
310Alternative method:
311
312 X509 *x = NULL;
a0474357
RS		 313 if (!PEM_read_bio_X509(bp, &x, 0, NULL)) {
314 /* Error */
315 }
a29d78e9
DSH		 316
317Write a certificate to a BIO:
318
a0474357
RS		 319 if (!PEM_write_bio_X509(bp, x)) {
320 /* Error */
321 }
a29d78e9
DSH		 322
323Write a private key (using traditional format) to a BIO using
324triple DES encryption, the pass phrase is prompted for:
325
a0474357
RS		 326 if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL)) {
327 /* Error */
328 }
a29d78e9
DSH		 329
330Write a private key (using PKCS#8 format) to a BIO using triple
331DES encryption, using the pass phrase "hello":
332
a0474357
RS		 333 if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, "hello")) {
334 /* Error */
335 }
a29d78e9
DSH		 336
337Read a private key from a BIO using a pass phrase callback:
338
339 key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key");
a0474357
RS		 340 if (key == NULL) {
341 /* Error */
342 }
a29d78e9
DSH		 343
344Skeleton pass phrase callback:
345
a0474357
RS		 346 int pass_cb(char *buf, int size, int rwflag, void *u)
347 {
348 int len;
349 char *tmp;
350
351 /* We'd probably do something else if 'rwflag' is 1 */
1bc74519 352 printf("Enter pass phrase for \"%s\"\n", (char *)u);
a29d78e9 353
a0474357
RS		 354 /* get pass phrase, length 'len' into 'tmp' */
355 tmp = "hello";
356 len = strlen(tmp);
357 if (len <= 0)
358 return 0;
a29d78e9 359
a0474357
RS		 360 if (len > size)
361 len = size;
362 memcpy(buf, tmp, len);
363 return len;
364 }
06623ff0 365
a29d78e9
DSH		 366=head1 NOTES
367
368The old B<PrivateKey> write routines are retained for compatibility.
369New applications should write private keys using the
370PEM_write_bio_PKCS8PrivateKey() or PEM_write_PKCS8PrivateKey() routines
371because they are more secure (they use an iteration count of 2048 whereas
372the traditional routines use a count of 1) unless compatibility with older
373versions of OpenSSL is important.
374
375The B<PrivateKey> read routines can be used in all applications because
376they handle all formats transparently.
377
378A frequent cause of problems is attempting to use the PEM routines like
379this:
380
381 X509 *x;
382 PEM_read_bio_X509(bp, &x, 0, NULL);
383
384this is a bug because an attempt will be made to reuse the data at B<x>
385which is an uninitialised pointer.
386
06623ff0
DSH		 387=head1 PEM ENCRYPTION FORMAT
388
a0474357 389These old B<PrivateKey> routines use a non standard technique for encryption.
06623ff0 390
1bc74519 391The private key (or other data) takes the following form:
06623ff0
DSH		 392
393 -----BEGIN RSA PRIVATE KEY-----
394 Proc-Type: 4,ENCRYPTED
395 DEK-Info: DES-EDE3-CBC,3F17F5316E2BAC89
396
397 ...base64 encoded data...
398 -----END RSA PRIVATE KEY-----
399
a0474357
RS		 400The line beginning with I<Proc-Type> contains the version and the
401protection on the encapsulated data. The line beginning I<DEK-Info>
402contains two comma separated values: the encryption algorithm name as
403used by EVP_get_cipherbyname() and an initialization vector used by the
404cipher encoded as a set of hexadecimal digits. After those two lines is
405the base64-encoded encrypted data.
06623ff0 406
a0474357
RS		 407The encryption key is derived using EVP_BytesToKey(). The cipher's
408initialization vector is passed to EVP_BytesToKey() as the B<salt>
409parameter. Internally, B<PKCS5_SALT_LEN> bytes of the salt are used
410(regardless of the size of the initialization vector). The user's
b9b6a7e5 411password is passed to EVP_BytesToKey() using the B<data> and B<datal>
a0474357
RS		 412parameters. Finally, the library uses an iteration count of 1 for
413EVP_BytesToKey().
06623ff0 414
05dba815 415The B<key> derived by EVP_BytesToKey() along with the original initialization
a0474357
RS		 416vector is then used to decrypt the encrypted data. The B<iv> produced by
417EVP_BytesToKey() is not utilized or needed, and NULL should be passed to
418the function.
419
420The pseudo code to derive the key would look similar to:
421
422 EVP_CIPHER* cipher = EVP_des_ede3_cbc();
423 EVP_MD* md = EVP_md5();
424
425 unsigned int nkey = EVP_CIPHER_key_length(cipher);
426 unsigned int niv = EVP_CIPHER_iv_length(cipher);
427 unsigned char key[nkey];
428 unsigned char iv[niv];
429
430 memcpy(iv, HexToBin("3F17F5316E2BAC89"), niv);
431 rc = EVP_BytesToKey(cipher, md, iv /*salt*/, pword, plen, 1, key, NULL /*iv*/);
432 if (rc != nkey) {
433 /* Error */
434 }
435
436 /* On success, use key and iv to initialize the cipher */
06623ff0 437
a29d78e9
DSH		 438=head1 BUGS
439
440The PEM read routines in some versions of OpenSSL will not correctly reuse
441an existing structure. Therefore the following:
442
e88c5777 443 PEM_read_bio_X509(bp, &x, 0, NULL);
a29d78e9 444
1bc74519 445where B<x> already contains a valid certificate, may not work, whereas:
a29d78e9
DSH		 446
447 X509_free(x);
e88c5777 448 x = PEM_read_bio_X509(bp, NULL, 0, NULL);
a29d78e9
DSH		 449
450is guaranteed to work.
451
452=head1 RETURN CODES
453
454The read routines return either a pointer to the structure read or NULL
9449e385 455if an error occurred.
a29d78e9
DSH		 456
457The write routines return 1 for success or 0 for failure.
d48e78f0 458
a0474357
RS		 459=head1 HISTORY
460
461The old Netscape certificate sequences were no longer documented
462in OpenSSL 1.1; applications should use the PKCS7 standard instead
463as they will be formally deprecated in a future releases.
464
d48e78f0
JW		 465=head1 SEE ALSO
466
a0474357 467L<EVP_EncryptInit(3)>, L<EVP_BytesToKey(3)>
99ec4fdb 468
e2f92610
RS		 469=head1 COPYRIGHT
470
471Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
472
473Licensed under the OpenSSL license (the "License"). You may not use
474this file except in compliance with the License. You can obtain a copy
475in the file LICENSE in the source distribution or at
476L<https://www.openssl.org/source/license.html>.
477
478=cut
A mirror of the official openssl repository