1 files changed, 0 insertions, 498 deletions
diff --git a/src/lib/libcrypto/doc/PEM_read_bio_PrivateKey.pod b/src/lib/libcrypto/doc/PEM_read_bio_PrivateKey.pod
deleted file mode 100644
index 6d87079a84..0000000000
--- a/src/lib/libcrypto/doc/PEM_read_bio_PrivateKey.pod
+++ /dev/null
@@ -1,498 +0,0 @@
-=pod
-=head1 NAME
-PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey,
-PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey,
-PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid,
-PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY,
-PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey,
-PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey,
-PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey,
-PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY,
-PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey,
-PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey,
-PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY,
-PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams,
-PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams,
-PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams,
-PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509,
-PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX,
-PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ,
-PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW,
-PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL,
-PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7,
-PEM_write_bio_PKCS7, PEM_write_PKCS7, PEM_read_bio_NETSCAPE_CERT_SEQUENCE,
-PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE,
-PEM_write_NETSCAPE_CERT_SEQUENCE - PEM routines
-=head1 SYNOPSIS
- #include <openssl/pem.h>
- EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x,
-                                        pem_password_cb *cb, void *u);
- EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x,
-                                        pem_password_cb *cb, void *u);
- int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
-                                        unsigned char *kstr, int klen,
-                                        pem_password_cb *cb, void *u);
- int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
-                                        unsigned char *kstr, int klen,
-                                        pem_password_cb *cb, void *u);
- int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
-                                        char *kstr, int klen,
-                                        pem_password_cb *cb, void *u);
- int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
-                                        char *kstr, int klen,
-                                        pem_password_cb *cb, void *u);
- int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
-                                        char *kstr, int klen,
-                                        pem_password_cb *cb, void *u);
- int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
-                                        char *kstr, int klen,
-                                        pem_password_cb *cb, void *u);
- EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x,
-                                        pem_password_cb *cb, void *u);
- EVP_PKEY *PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x,
-                                        pem_password_cb *cb, void *u);
- int PEM_write_bio_PUBKEY(BIO *bp, EVP_PKEY *x);
- int PEM_write_PUBKEY(FILE *fp, EVP_PKEY *x);
- RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **x,
-                                        pem_password_cb *cb, void *u);
- RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **x,
-                                        pem_password_cb *cb, void *u);
- int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
-                                        unsigned char *kstr, int klen,
-                                        pem_password_cb *cb, void *u);
- int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
-                                        unsigned char *kstr, int klen,
-                                        pem_password_cb *cb, void *u);
- RSA *PEM_read_bio_RSAPublicKey(BIO *bp, RSA **x,
-                                        pem_password_cb *cb, void *u);
- RSA *PEM_read_RSAPublicKey(FILE *fp, RSA **x,
-                                        pem_password_cb *cb, void *u);
- int PEM_write_bio_RSAPublicKey(BIO *bp, RSA *x);
- int PEM_write_RSAPublicKey(FILE *fp, RSA *x);
- RSA *PEM_read_bio_RSA_PUBKEY(BIO *bp, RSA **x,
-                                        pem_password_cb *cb, void *u);
- RSA *PEM_read_RSA_PUBKEY(FILE *fp, RSA **x,
-                                        pem_password_cb *cb, void *u);
- int PEM_write_bio_RSA_PUBKEY(BIO *bp, RSA *x);
- int PEM_write_RSA_PUBKEY(FILE *fp, RSA *x);
- DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **x,
-                                        pem_password_cb *cb, void *u);
- DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **x,
-                                        pem_password_cb *cb, void *u);
- int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
-                                        unsigned char *kstr, int klen,
-                                        pem_password_cb *cb, void *u);
- int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
-                                        unsigned char *kstr, int klen,
-                                        pem_password_cb *cb, void *u);
- DSA *PEM_read_bio_DSA_PUBKEY(BIO *bp, DSA **x,
-                                        pem_password_cb *cb, void *u);
- DSA *PEM_read_DSA_PUBKEY(FILE *fp, DSA **x,
-                                        pem_password_cb *cb, void *u);
- int PEM_write_bio_DSA_PUBKEY(BIO *bp, DSA *x);
- int PEM_write_DSA_PUBKEY(FILE *fp, DSA *x);
- DSA *PEM_read_bio_DSAparams(BIO *bp, DSA **x, pem_password_cb *cb, void *u);
- DSA *PEM_read_DSAparams(FILE *fp, DSA **x, pem_password_cb *cb, void *u);
- int PEM_write_bio_DSAparams(BIO *bp, DSA *x);
- int PEM_write_DSAparams(FILE *fp, DSA *x);
- DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u);
- DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u);
- int PEM_write_bio_DHparams(BIO *bp, DH *x);
- int PEM_write_DHparams(FILE *fp, DH *x);
- X509 *PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
- X509 *PEM_read_X509(FILE *fp, X509 **x, pem_password_cb *cb, void *u);
- int PEM_write_bio_X509(BIO *bp, X509 *x);
- int PEM_write_X509(FILE *fp, X509 *x);
- X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
- X509 *PEM_read_X509_AUX(FILE *fp, X509 **x, pem_password_cb *cb, void *u);
- int PEM_write_bio_X509_AUX(BIO *bp, X509 *x);
- int PEM_write_X509_AUX(FILE *fp, X509 *x);
- X509_REQ *PEM_read_bio_X509_REQ(BIO *bp, X509_REQ **x,
-                                        pem_password_cb *cb, void *u);
- X509_REQ *PEM_read_X509_REQ(FILE *fp, X509_REQ **x,
-                                        pem_password_cb *cb, void *u);
- int PEM_write_bio_X509_REQ(BIO *bp, X509_REQ *x);
- int PEM_write_X509_REQ(FILE *fp, X509_REQ *x);
- int PEM_write_bio_X509_REQ_NEW(BIO *bp, X509_REQ *x);
- int PEM_write_X509_REQ_NEW(FILE *fp, X509_REQ *x);
- X509_CRL *PEM_read_bio_X509_CRL(BIO *bp, X509_CRL **x,
-                                        pem_password_cb *cb, void *u);
- X509_CRL *PEM_read_X509_CRL(FILE *fp, X509_CRL **x,
-                                        pem_password_cb *cb, void *u);
- int PEM_write_bio_X509_CRL(BIO *bp, X509_CRL *x);
- int PEM_write_X509_CRL(FILE *fp, X509_CRL *x);
- PKCS7 *PEM_read_bio_PKCS7(BIO *bp, PKCS7 **x, pem_password_cb *cb, void *u);
- PKCS7 *PEM_read_PKCS7(FILE *fp, PKCS7 **x, pem_password_cb *cb, void *u);
- int PEM_write_bio_PKCS7(BIO *bp, PKCS7 *x);
- int PEM_write_PKCS7(FILE *fp, PKCS7 *x);
- NETSCAPE_CERT_SEQUENCE *PEM_read_bio_NETSCAPE_CERT_SEQUENCE(BIO *bp,
-                                                NETSCAPE_CERT_SEQUENCE **x,
-                                                pem_password_cb *cb, void *u);
- NETSCAPE_CERT_SEQUENCE *PEM_read_NETSCAPE_CERT_SEQUENCE(FILE *fp,
-                                                NETSCAPE_CERT_SEQUENCE **x,
-                                                pem_password_cb *cb, void *u);
- int PEM_write_bio_NETSCAPE_CERT_SEQUENCE(BIO *bp, NETSCAPE_CERT_SEQUENCE *x);
- int PEM_write_NETSCAPE_CERT_SEQUENCE(FILE *fp, NETSCAPE_CERT_SEQUENCE *x);
-=head1 DESCRIPTION
-The PEM functions read or write structures in PEM format. In
-this sense PEM format is simply base64 encoded data surrounded
-by header lines.
-For more details about the meaning of arguments see the
-B<PEM FUNCTION ARGUMENTS> section.
-Each operation has four functions associated with it. For
-clarity the term "B<foobar> functions" will be used to collectively
-refer to the PEM_read_bio_foobar(), PEM_read_foobar(),
-PEM_write_bio_foobar() and PEM_write_foobar() functions.
-The B<PrivateKey> functions read or write a private key in
-PEM format using an EVP_PKEY structure. The write routines use
-"traditional" private key format and can handle both RSA and DSA
-private keys. The read functions can additionally transparently
-handle PKCS#8 format encrypted and unencrypted keys too.
-PEM_write_bio_PKCS8PrivateKey() and PEM_write_PKCS8PrivateKey()
-write a private key in an EVP_PKEY structure in PKCS#8
-EncryptedPrivateKeyInfo format using PKCS#5 v2.0 password based encryption
-algorithms. The B<cipher> argument specifies the encryption algorithm to
-use: unlike all other PEM routines the encryption is applied at the
-PKCS#8 level and not in the PEM headers. If B<cipher> is NULL then no
-encryption is used and a PKCS#8 PrivateKeyInfo structure is used instead.
-PEM_write_bio_PKCS8PrivateKey_nid() and PEM_write_PKCS8PrivateKey_nid()
-also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however
-it uses PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. The algorithm
-to use is specified in the B<nid> parameter and should be the NID of the
-corresponding OBJECT IDENTIFIER (see NOTES section).
-The B<PUBKEY> functions process a public key using an EVP_PKEY
-structure. The public key is encoded as a SubjectPublicKeyInfo
-structure.
-The B<RSAPrivateKey> functions process an RSA private key using an
-RSA structure. It handles the same formats as the B<PrivateKey>
-functions but an error occurs if the private key is not RSA.
-The B<RSAPublicKey> functions process an RSA public key using an
-RSA structure. The public key is encoded using a PKCS#1 RSAPublicKey
-structure.
-The B<RSA_PUBKEY> functions also process an RSA public key using
-an RSA structure. However the public key is encoded using a
-SubjectPublicKeyInfo structure and an error occurs if the public
-key is not RSA.
-The B<DSAPrivateKey> functions process a DSA private key using a
-DSA structure. It handles the same formats as the B<PrivateKey>
-functions but an error occurs if the private key is not DSA.
-The B<DSA_PUBKEY> functions process a DSA public key using
-a DSA structure. The public key is encoded using a
-SubjectPublicKeyInfo structure and an error occurs if the public
-key is not DSA.
-The B<DSAparams> functions process DSA parameters using a DSA
-structure. The parameters are encoded using a foobar structure.
-The B<DHparams> functions process DH parameters using a DH
-structure. The parameters are encoded using a PKCS#3 DHparameter
-structure.
-The B<X509> functions process an X509 certificate using an X509
-structure. They will also process a trusted X509 certificate but
-any trust settings are discarded.
-The B<X509_AUX> functions process a trusted X509 certificate using
-an X509 structure.
-The B<X509_REQ> and B<X509_REQ_NEW> functions process a PKCS#10
-certificate request using an X509_REQ structure. The B<X509_REQ>
-write functions use B<CERTIFICATE REQUEST> in the header whereas
-the B<X509_REQ_NEW> functions use B<NEW CERTIFICATE REQUEST>
-(as required by some CAs). The B<X509_REQ> read functions will
-handle either form so there are no B<X509_REQ_NEW> read functions.
-The B<X509_CRL> functions process an X509 CRL using an X509_CRL
-structure.
-The B<PKCS7> functions process a PKCS#7 ContentInfo using a PKCS7
-structure.
-The B<NETSCAPE_CERT_SEQUENCE> functions process a Netscape Certificate
-Sequence using a NETSCAPE_CERT_SEQUENCE structure.
-=head1 PEM FUNCTION ARGUMENTS
-The PEM functions have many common arguments.
-The B<bp> BIO parameter (if present) specifies the BIO to read from
-or write to.
-The B<fp> FILE parameter (if present) specifies the FILE pointer to
-read from or write to.
-The PEM read functions all take an argument B<TYPE **x> and return
-a B<TYPE *> pointer. Where B<TYPE> is whatever structure the function
-uses. If B<x> is NULL then the parameter is ignored. If B<x> is not
-NULL but B<*x> is NULL then the structure returned will be written
-to B<*x>. If neither B<x> nor B<*x> is NULL then an attempt is made
-to reuse the structure at B<*x> (but see BUGS and EXAMPLES sections).
-Irrespective of the value of B<x> a pointer to the structure is always
-returned (or NULL if an error occurred).
-The PEM functions which write private keys take an B<enc> parameter
-which specifies the encryption algorithm to use, encryption is done
-at the PEM level. If this parameter is set to NULL then the private
-key is written in unencrypted form.
-The B<cb> argument is the callback to use when querying for the pass
-phrase used for encrypted PEM structures (normally only private keys).
-For the PEM write routines if the B<kstr> parameter is not NULL then
-B<klen> bytes at B<kstr> are used as the passphrase and B<cb> is
-ignored.
-If the B<cb> parameters is set to NULL and the B<u> parameter is not
-NULL then the B<u> parameter is interpreted as a null terminated string
-to use as the passphrase. If both B<cb> and B<u> are NULL then the
-default callback routine is used which will typically prompt for the
-passphrase on the current terminal with echoing turned off.
-The default passphrase callback is sometimes inappropriate (for example
-in a GUI application) so an alternative can be supplied. The callback
-routine has the following form:
- int cb(char *buf, int size, int rwflag, void *u);
-B<buf> is the buffer to write the passphrase to. B<size> is the maximum
-length of the passphrase (i.e. the size of buf). B<rwflag> is a flag
-which is set to 0 when reading and 1 when writing. A typical routine
-will ask the user to verify the passphrase (for example by prompting
-for it twice) if B<rwflag> is 1. The B<u> parameter has the same
-value as the B<u> parameter passed to the PEM routine. It allows
-arbitrary data to be passed to the callback by the application
-(for example a window handle in a GUI application). The callback
-B<must> return the number of characters in the passphrase or 0 if
-an error occurred.
-=head1 EXAMPLES
-Although the PEM routines take several arguments in almost all applications
-most of them are set to 0 or NULL.
-Read a certificate in PEM format from a BIO:
- X509 *x;
- x = PEM_read_bio_X509(bp, NULL, 0, NULL);
- if (x == NULL) {
-        /* Error */
- }
-Alternative method:
- X509 *x = NULL;
- if (!PEM_read_bio_X509(bp, &x, 0, NULL)) {
-        /* Error */
- }
-Write a certificate to a BIO:
- if (!PEM_write_bio_X509(bp, x)) {
-        /* Error */
- }
-Write an unencrypted private key to a FILE pointer:
- if (!PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL)) {
-        /* Error */
- }
-Write a private key (using traditional format) to a BIO using
-triple DES encryption, the pass phrase is prompted for:
- if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(),
-     NULL, 0, 0, NULL)) {
-        /* Error */
- }
-Write a private key (using PKCS#8 format) to a BIO using triple
-DES encryption, using the pass phrase "hello":
- if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(),
-     NULL, 0, 0, "hello")) {
-        /* Error */
- }
-Read a private key from a BIO using the pass phrase "hello":
- key = PEM_read_bio_PrivateKey(bp, NULL, 0, "hello");
- if (key == NULL) {
-        /* Error */
- }
-Read a private key from a BIO using a pass phrase callback:
- key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key");
- if (key == NULL) {
-        /* Error */
- }
-Skeleton pass phrase callback:
- int
- pass_cb(char *buf, int size, int rwflag, void *u)
- {
-        int len;
-        char *tmp;
-        /* We'd probably do something else if 'rwflag' is 1 */
-        printf("Enter pass phrase for \"%s\"\n", u);
-        /* get pass phrase, length 'len' into 'tmp' */
-        tmp = "hello";
-        len = strlen(tmp);
-        if (len == 0)
-                return 0;
-        /* if too long, truncate */
-        if (len > size)
-                len = size;
-        memcpy(buf, tmp, len);
-        return len;
- }
-=head1 NOTES
-The old B<PrivateKey> write routines are retained for compatibility.
-New applications should write private keys using the
-PEM_write_bio_PKCS8PrivateKey() or PEM_write_PKCS8PrivateKey() routines
-because they are more secure (they use an iteration count of 2048 whereas
-the traditional routines use a count of 1) unless compatibility with older
-versions of OpenSSL is important.
-The B<PrivateKey> read routines can be used in all applications because
-they handle all formats transparently.
-A frequent cause of problems is attempting to use the PEM routines like
-this:
- X509 *x;
- PEM_read_bio_X509(bp, &x, 0, NULL);
-this is a bug because an attempt will be made to reuse the data at B<x>
-which is an uninitialised pointer.
-=head1 PEM ENCRYPTION FORMAT
-This old B<PrivateKey> routines use a non standard technique for encryption.
-The private key (or other data) takes the following form:
- -----BEGIN RSA PRIVATE KEY-----
- Proc-Type: 4,ENCRYPTED
- DEK-Info: DES-EDE3-CBC,3F17F5316E2BAC89
- ...base64 encoded data...
- -----END RSA PRIVATE KEY-----
-The line beginning DEK-Info contains two comma separated pieces of information:
-the encryption algorithm name as used by EVP_get_cipherbyname() and an 8
-byte B<salt> encoded as a set of hexadecimal digits.
-After this is the base64 encoded encrypted data.
-The encryption key is determined using EVP_bytestokey(), using B<salt> and an
-iteration count of 1. The IV used is the value of B<salt> and *not* the IV
-returned by EVP_bytestokey().
-=head1 BUGS
-The PEM read routines in some versions of OpenSSL will not correctly reuse
-an existing structure. Therefore the following:
- PEM_read_bio_X509(bp, &x, 0, NULL);
-where B<x> already contains a valid certificate, may not work, whereas:
- X509_free(x);
- x = PEM_read_bio_X509(bp, NULL, 0, NULL);
-is guaranteed to work.
-=head1 RETURN CODES
-The read routines return either a pointer to the structure read or NULL
-if an error occurred.
-The write routines return 1 for success or 0 for failure.
-=cut

diff --git a/src/lib/libcrypto/doc/PEM_read_bio_PrivateKey.pod b/src/lib/libcrypto/doc/PEM_read_bio_PrivateKey.pod deleted file mode 100644 index 6d87079a84..0000000000 --- a/src/lib/libcrypto/doc/PEM_read_bio_PrivateKey.pod +++ /dev/null
@@ -1,498 +0,0 @@
1	=pod
2
3	=head1 NAME
4
5	PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey,
6	PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey,
7	PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid,
8	PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY,
9	PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey,
10	PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey,
11	PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey,
12	PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY,
13	PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey,
14	PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey,
15	PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY,
16	PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams,
17	PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams,
18	PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams,
19	PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509,
20	PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX,
21	PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ,
22	PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW,
23	PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL,
24	PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7,
25	PEM_write_bio_PKCS7, PEM_write_PKCS7, PEM_read_bio_NETSCAPE_CERT_SEQUENCE,
26	PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE,
27	PEM_write_NETSCAPE_CERT_SEQUENCE - PEM routines
28
29	=head1 SYNOPSIS
30
31	#include <openssl/pem.h>
32
33	EVP_PKEY PEM_read_bio_PrivateKey(BIO bp, EVP_PKEY **x,
34	pem_password_cb cb, void u);
35
36	EVP_PKEY PEM_read_PrivateKey(FILE fp, EVP_PKEY **x,
37	pem_password_cb cb, void u);
38
39	int PEM_write_bio_PrivateKey(BIO bp, EVP_PKEY x, const EVP_CIPHER *enc,
40	unsigned char *kstr, int klen,
41	pem_password_cb cb, void u);
42
43	int PEM_write_PrivateKey(FILE fp, EVP_PKEY x, const EVP_CIPHER *enc,
44	unsigned char *kstr, int klen,
45	pem_password_cb cb, void u);
46
47	int PEM_write_bio_PKCS8PrivateKey(BIO bp, EVP_PKEY x, const EVP_CIPHER *enc,
48	char *kstr, int klen,
49	pem_password_cb cb, void u);
50
51	int PEM_write_PKCS8PrivateKey(FILE fp, EVP_PKEY x, const EVP_CIPHER *enc,
52	char *kstr, int klen,
53	pem_password_cb cb, void u);
54
55	int PEM_write_bio_PKCS8PrivateKey_nid(BIO bp, EVP_PKEY x, int nid,
56	char *kstr, int klen,
57	pem_password_cb cb, void u);
58
59	int PEM_write_PKCS8PrivateKey_nid(FILE fp, EVP_PKEY x, int nid,
60	char *kstr, int klen,
61	pem_password_cb cb, void u);
62
63	EVP_PKEY PEM_read_bio_PUBKEY(BIO bp, EVP_PKEY **x,
64	pem_password_cb cb, void u);
65
66	EVP_PKEY PEM_read_PUBKEY(FILE fp, EVP_PKEY **x,
67	pem_password_cb cb, void u);
68
69	int PEM_write_bio_PUBKEY(BIO bp, EVP_PKEY x);
70	int PEM_write_PUBKEY(FILE fp, EVP_PKEY x);
71
72	RSA PEM_read_bio_RSAPrivateKey(BIO bp, RSA **x,
73	pem_password_cb cb, void u);
74
75	RSA PEM_read_RSAPrivateKey(FILE fp, RSA **x,
76	pem_password_cb cb, void u);
77
78	int PEM_write_bio_RSAPrivateKey(BIO bp, RSA x, const EVP_CIPHER *enc,
79	unsigned char *kstr, int klen,
80	pem_password_cb cb, void u);
81
82	int PEM_write_RSAPrivateKey(FILE fp, RSA x, const EVP_CIPHER *enc,
83	unsigned char *kstr, int klen,
84	pem_password_cb cb, void u);
85
86	RSA PEM_read_bio_RSAPublicKey(BIO bp, RSA **x,
87	pem_password_cb cb, void u);
88
89	RSA PEM_read_RSAPublicKey(FILE fp, RSA **x,
90	pem_password_cb cb, void u);
91
92	int PEM_write_bio_RSAPublicKey(BIO bp, RSA x);
93
94	int PEM_write_RSAPublicKey(FILE fp, RSA x);
95
96	RSA PEM_read_bio_RSA_PUBKEY(BIO bp, RSA **x,
97	pem_password_cb cb, void u);
98
99	RSA PEM_read_RSA_PUBKEY(FILE fp, RSA **x,
100	pem_password_cb cb, void u);
101
102	int PEM_write_bio_RSA_PUBKEY(BIO bp, RSA x);
103
104	int PEM_write_RSA_PUBKEY(FILE fp, RSA x);
105
106	DSA PEM_read_bio_DSAPrivateKey(BIO bp, DSA **x,
107	pem_password_cb cb, void u);
108
109	DSA PEM_read_DSAPrivateKey(FILE fp, DSA **x,
110	pem_password_cb cb, void u);
111
112	int PEM_write_bio_DSAPrivateKey(BIO bp, DSA x, const EVP_CIPHER *enc,
113	unsigned char *kstr, int klen,
114	pem_password_cb cb, void u);
115
116	int PEM_write_DSAPrivateKey(FILE fp, DSA x, const EVP_CIPHER *enc,
117	unsigned char *kstr, int klen,
118	pem_password_cb cb, void u);
119
120	DSA PEM_read_bio_DSA_PUBKEY(BIO bp, DSA **x,
121	pem_password_cb cb, void u);
122
123	DSA PEM_read_DSA_PUBKEY(FILE fp, DSA **x,
124	pem_password_cb cb, void u);
125
126	int PEM_write_bio_DSA_PUBKEY(BIO bp, DSA x);
127
128	int PEM_write_DSA_PUBKEY(FILE fp, DSA x);
129
130	DSA PEM_read_bio_DSAparams(BIO bp, DSA *x, pem_password_cb cb, void *u);
131
132	DSA PEM_read_DSAparams(FILE fp, DSA *x, pem_password_cb cb, void *u);
133
134	int PEM_write_bio_DSAparams(BIO bp, DSA x);
135
136	int PEM_write_DSAparams(FILE fp, DSA x);
137
138	DH PEM_read_bio_DHparams(BIO bp, DH *x, pem_password_cb cb, void *u);
139
140	DH PEM_read_DHparams(FILE fp, DH *x, pem_password_cb cb, void *u);
141
142	int PEM_write_bio_DHparams(BIO bp, DH x);
143
144	int PEM_write_DHparams(FILE fp, DH x);
145
146	X509 PEM_read_bio_X509(BIO bp, X509 *x, pem_password_cb cb, void *u);
147
148	X509 PEM_read_X509(FILE fp, X509 *x, pem_password_cb cb, void *u);
149
150	int PEM_write_bio_X509(BIO bp, X509 x);
151
152	int PEM_write_X509(FILE fp, X509 x);
153
154	X509 PEM_read_bio_X509_AUX(BIO bp, X509 *x, pem_password_cb cb, void *u);
155
156	X509 PEM_read_X509_AUX(FILE fp, X509 *x, pem_password_cb cb, void *u);
157
158	int PEM_write_bio_X509_AUX(BIO bp, X509 x);
159
160	int PEM_write_X509_AUX(FILE fp, X509 x);
161
162	X509_REQ PEM_read_bio_X509_REQ(BIO bp, X509_REQ **x,
163	pem_password_cb cb, void u);
164
165	X509_REQ PEM_read_X509_REQ(FILE fp, X509_REQ **x,
166	pem_password_cb cb, void u);
167
168	int PEM_write_bio_X509_REQ(BIO bp, X509_REQ x);
169
170	int PEM_write_X509_REQ(FILE fp, X509_REQ x);
171
172	int PEM_write_bio_X509_REQ_NEW(BIO bp, X509_REQ x);
173
174	int PEM_write_X509_REQ_NEW(FILE fp, X509_REQ x);
175
176	X509_CRL PEM_read_bio_X509_CRL(BIO bp, X509_CRL **x,
177	pem_password_cb cb, void u);
178	X509_CRL PEM_read_X509_CRL(FILE fp, X509_CRL **x,
179	pem_password_cb cb, void u);
180	int PEM_write_bio_X509_CRL(BIO bp, X509_CRL x);
181	int PEM_write_X509_CRL(FILE fp, X509_CRL x);
182
183	PKCS7 PEM_read_bio_PKCS7(BIO bp, PKCS7 *x, pem_password_cb cb, void *u);
184
185	PKCS7 PEM_read_PKCS7(FILE fp, PKCS7 *x, pem_password_cb cb, void *u);
186
187	int PEM_write_bio_PKCS7(BIO bp, PKCS7 x);
188
189	int PEM_write_PKCS7(FILE fp, PKCS7 x);
190
191	NETSCAPE_CERT_SEQUENCE PEM_read_bio_NETSCAPE_CERT_SEQUENCE(BIO bp,
192	NETSCAPE_CERT_SEQUENCE **x,
193	pem_password_cb cb, void u);
194
195	NETSCAPE_CERT_SEQUENCE PEM_read_NETSCAPE_CERT_SEQUENCE(FILE fp,
196	NETSCAPE_CERT_SEQUENCE **x,
197	pem_password_cb cb, void u);
198
199	int PEM_write_bio_NETSCAPE_CERT_SEQUENCE(BIO bp, NETSCAPE_CERT_SEQUENCE x);
200
201	int PEM_write_NETSCAPE_CERT_SEQUENCE(FILE fp, NETSCAPE_CERT_SEQUENCE x);
202
203	=head1 DESCRIPTION
204
205	The PEM functions read or write structures in PEM format. In
206	this sense PEM format is simply base64 encoded data surrounded
207	by header lines.
208
209	For more details about the meaning of arguments see the
210	B<PEM FUNCTION ARGUMENTS> section.
211
212	Each operation has four functions associated with it. For
213	clarity the term "B<foobar> functions" will be used to collectively
214	refer to the PEM_read_bio_foobar(), PEM_read_foobar(),
215	PEM_write_bio_foobar() and PEM_write_foobar() functions.
216
217	The B<PrivateKey> functions read or write a private key in
218	PEM format using an EVP_PKEY structure. The write routines use
219	"traditional" private key format and can handle both RSA and DSA
220	private keys. The read functions can additionally transparently
221	handle PKCS#8 format encrypted and unencrypted keys too.
222
223	PEM_write_bio_PKCS8PrivateKey() and PEM_write_PKCS8PrivateKey()
224	write a private key in an EVP_PKEY structure in PKCS#8
225	EncryptedPrivateKeyInfo format using PKCS#5 v2.0 password based encryption
226	algorithms. The B<cipher> argument specifies the encryption algorithm to
227	use: unlike all other PEM routines the encryption is applied at the
228	PKCS#8 level and not in the PEM headers. If B<cipher> is NULL then no
229	encryption is used and a PKCS#8 PrivateKeyInfo structure is used instead.
230
231	PEM_write_bio_PKCS8PrivateKey_nid() and PEM_write_PKCS8PrivateKey_nid()
232	also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however
233	it uses PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. The algorithm
234	to use is specified in the B<nid> parameter and should be the NID of the
235	corresponding OBJECT IDENTIFIER (see NOTES section).
236
237	The B<PUBKEY> functions process a public key using an EVP_PKEY
238	structure. The public key is encoded as a SubjectPublicKeyInfo
239	structure.
240
241	The B<RSAPrivateKey> functions process an RSA private key using an
242	RSA structure. It handles the same formats as the B<PrivateKey>
243	functions but an error occurs if the private key is not RSA.
244
245	The B<RSAPublicKey> functions process an RSA public key using an
246	RSA structure. The public key is encoded using a PKCS#1 RSAPublicKey
247	structure.
248
249	The B<RSA_PUBKEY> functions also process an RSA public key using
250	an RSA structure. However the public key is encoded using a
251	SubjectPublicKeyInfo structure and an error occurs if the public
252	key is not RSA.
253
254	The B<DSAPrivateKey> functions process a DSA private key using a
255	DSA structure. It handles the same formats as the B<PrivateKey>
256	functions but an error occurs if the private key is not DSA.
257
258	The B<DSA_PUBKEY> functions process a DSA public key using
259	a DSA structure. The public key is encoded using a
260	SubjectPublicKeyInfo structure and an error occurs if the public
261	key is not DSA.
262
263	The B<DSAparams> functions process DSA parameters using a DSA
264	structure. The parameters are encoded using a foobar structure.
265
266	The B<DHparams> functions process DH parameters using a DH
267	structure. The parameters are encoded using a PKCS#3 DHparameter
268	structure.
269
270	The B<X509> functions process an X509 certificate using an X509
271	structure. They will also process a trusted X509 certificate but
272	any trust settings are discarded.
273
274	The B<X509_AUX> functions process a trusted X509 certificate using
275	an X509 structure.
276
277	The B<X509_REQ> and B<X509_REQ_NEW> functions process a PKCS#10
278	certificate request using an X509_REQ structure. The B<X509_REQ>
279	write functions use B<CERTIFICATE REQUEST> in the header whereas
280	the B<X509_REQ_NEW> functions use B<NEW CERTIFICATE REQUEST>
281	(as required by some CAs). The B<X509_REQ> read functions will
282	handle either form so there are no B<X509_REQ_NEW> read functions.
283
284	The B<X509_CRL> functions process an X509 CRL using an X509_CRL
285	structure.
286
287	The B<PKCS7> functions process a PKCS#7 ContentInfo using a PKCS7
288	structure.
289
290	The B<NETSCAPE_CERT_SEQUENCE> functions process a Netscape Certificate
291	Sequence using a NETSCAPE_CERT_SEQUENCE structure.
292
293	=head1 PEM FUNCTION ARGUMENTS
294
295	The PEM functions have many common arguments.
296
297	The B<bp> BIO parameter (if present) specifies the BIO to read from
298	or write to.
299
300	The B<fp> FILE parameter (if present) specifies the FILE pointer to
301	read from or write to.
302
303	The PEM read functions all take an argument B<TYPE **x> and return
304	a B<TYPE *> pointer. Where B<TYPE> is whatever structure the function
305	uses. If B<x> is NULL then the parameter is ignored. If B<x> is not
306	NULL but B<*x> is NULL then the structure returned will be written
307	to B<x>. If neither B<x> nor B<x> is NULL then an attempt is made
308	to reuse the structure at B<*x> (but see BUGS and EXAMPLES sections).
309	Irrespective of the value of B<x> a pointer to the structure is always
310	returned (or NULL if an error occurred).
311
312	The PEM functions which write private keys take an B<enc> parameter
313	which specifies the encryption algorithm to use, encryption is done
314	at the PEM level. If this parameter is set to NULL then the private
315	key is written in unencrypted form.
316
317	The B<cb> argument is the callback to use when querying for the pass
318	phrase used for encrypted PEM structures (normally only private keys).
319
320	For the PEM write routines if the B<kstr> parameter is not NULL then
321	B<klen> bytes at B<kstr> are used as the passphrase and B<cb> is
322	ignored.
323
324	If the B<cb> parameters is set to NULL and the B<u> parameter is not
325	NULL then the B<u> parameter is interpreted as a null terminated string
326	to use as the passphrase. If both B<cb> and B<u> are NULL then the
327	default callback routine is used which will typically prompt for the
328	passphrase on the current terminal with echoing turned off.
329
330	The default passphrase callback is sometimes inappropriate (for example
331	in a GUI application) so an alternative can be supplied. The callback
332	routine has the following form:
333
334	int cb(char buf, int size, int rwflag, void u);
335
336	B<buf> is the buffer to write the passphrase to. B<size> is the maximum
337	length of the passphrase (i.e. the size of buf). B<rwflag> is a flag
338	which is set to 0 when reading and 1 when writing. A typical routine
339	will ask the user to verify the passphrase (for example by prompting
340	for it twice) if B<rwflag> is 1. The B<u> parameter has the same
341	value as the B<u> parameter passed to the PEM routine. It allows
342	arbitrary data to be passed to the callback by the application
343	(for example a window handle in a GUI application). The callback
344	B<must> return the number of characters in the passphrase or 0 if
345	an error occurred.
346
347	=head1 EXAMPLES
348
349	Although the PEM routines take several arguments in almost all applications
350	most of them are set to 0 or NULL.
351
352	Read a certificate in PEM format from a BIO:
353
354	X509 *x;
355	x = PEM_read_bio_X509(bp, NULL, 0, NULL);
356	if (x == NULL) {
357	/* Error */
358	}
359
360	Alternative method:
361
362	X509 *x = NULL;
363	if (!PEM_read_bio_X509(bp, &x, 0, NULL)) {
364	/* Error */
365	}
366
367	Write a certificate to a BIO:
368
369	if (!PEM_write_bio_X509(bp, x)) {
370	/* Error */
371	}
372
373	Write an unencrypted private key to a FILE pointer:
374
375	if (!PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL)) {
376	/* Error */
377	}
378
379	Write a private key (using traditional format) to a BIO using
380	triple DES encryption, the pass phrase is prompted for:
381
382	if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(),
383	NULL, 0, 0, NULL)) {
384	/* Error */
385	}
386
387	Write a private key (using PKCS#8 format) to a BIO using triple
388	DES encryption, using the pass phrase "hello":
389
390	if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(),
391	NULL, 0, 0, "hello")) {
392	/* Error */
393	}
394
395	Read a private key from a BIO using the pass phrase "hello":
396
397	key = PEM_read_bio_PrivateKey(bp, NULL, 0, "hello");
398	if (key == NULL) {
399	/* Error */
400	}
401
402	Read a private key from a BIO using a pass phrase callback:
403
404	key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key");
405	if (key == NULL) {
406	/* Error */
407	}
408
409	Skeleton pass phrase callback:
410
411	int
412	pass_cb(char buf, int size, int rwflag, void u)
413	{
414	int len;
415	char *tmp;
416
417	/* We'd probably do something else if 'rwflag' is 1 */
418	printf("Enter pass phrase for \"%s\"\n", u);
419
420	/* get pass phrase, length 'len' into 'tmp' */
421	tmp = "hello";
422	len = strlen(tmp);
423
424	if (len == 0)
425	return 0;
426	/* if too long, truncate */
427	if (len > size)
428	len = size;
429	memcpy(buf, tmp, len);
430	return len;
431	}
432
433	=head1 NOTES
434
435	The old B<PrivateKey> write routines are retained for compatibility.
436	New applications should write private keys using the
437	PEM_write_bio_PKCS8PrivateKey() or PEM_write_PKCS8PrivateKey() routines
438	because they are more secure (they use an iteration count of 2048 whereas
439	the traditional routines use a count of 1) unless compatibility with older
440	versions of OpenSSL is important.
441
442	The B<PrivateKey> read routines can be used in all applications because
443	they handle all formats transparently.
444
445	A frequent cause of problems is attempting to use the PEM routines like
446	this:
447
448	X509 *x;
449	PEM_read_bio_X509(bp, &x, 0, NULL);
450
451	this is a bug because an attempt will be made to reuse the data at B<x>
452	which is an uninitialised pointer.
453
454	=head1 PEM ENCRYPTION FORMAT
455
456	This old B<PrivateKey> routines use a non standard technique for encryption.
457
458	The private key (or other data) takes the following form:
459
460	-----BEGIN RSA PRIVATE KEY-----
461	Proc-Type: 4,ENCRYPTED
462	DEK-Info: DES-EDE3-CBC,3F17F5316E2BAC89
463
464	...base64 encoded data...
465	-----END RSA PRIVATE KEY-----
466
467	The line beginning DEK-Info contains two comma separated pieces of information:
468	the encryption algorithm name as used by EVP_get_cipherbyname() and an 8
469	byte B<salt> encoded as a set of hexadecimal digits.
470
471	After this is the base64 encoded encrypted data.
472
473	The encryption key is determined using EVP_bytestokey(), using B<salt> and an
474	iteration count of 1. The IV used is the value of B<salt> and not the IV
475	returned by EVP_bytestokey().
476
477	=head1 BUGS
478
479	The PEM read routines in some versions of OpenSSL will not correctly reuse
480	an existing structure. Therefore the following:
481
482	PEM_read_bio_X509(bp, &x, 0, NULL);
483
484	where B<x> already contains a valid certificate, may not work, whereas:
485
486	X509_free(x);
487	x = PEM_read_bio_X509(bp, NULL, 0, NULL);
488
489	is guaranteed to work.
490
491	=head1 RETURN CODES
492
493	The read routines return either a pointer to the structure read or NULL
494	if an error occurred.
495
496	The write routines return 1 for success or 0 for failure.
497
498	=cut