X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=doc%2Fcrypto%2Fpem.pod;h=4f9a27df0cc4df9afea0a8ff1fa39864eef9cd4d;hb=706c5a4d353eeac4b3217138eeea6b737ff14681;hp=ce8f374252bbd3038924b0dc6c89134beafd1bfe;hpb=a29d78e90bea6e4a3de310bee5b993d70ccc4b6a;p=oweals%2Fopenssl.git diff --git a/doc/crypto/pem.pod b/doc/crypto/pem.pod index ce8f374252..4f9a27df0c 100644 --- a/doc/crypto/pem.pod +++ b/doc/crypto/pem.pod @@ -330,7 +330,7 @@ most of them are set to 0 or NULL. Read a certificate in PEM format from a BIO: X509 *x; - x = PEM_read_bio(bp, NULL, 0, NULL); + x = PEM_read_bio_X509(bp, NULL, 0, NULL); if (x == NULL) { /* Error */ @@ -409,7 +409,7 @@ Skeleton pass phrase callback: memcpy(buf, tmp, len); return len; } - + =head1 NOTES The old B write routines are retained for compatibility. @@ -431,23 +431,46 @@ this: this is a bug because an attempt will be made to reuse the data at B which is an uninitialised pointer. +=head1 PEM ENCRYPTION FORMAT + +This old B routines use a non standard technique for encryption. + +The private key (or other data) takes the following form: + + -----BEGIN RSA PRIVATE KEY----- + Proc-Type: 4,ENCRYPTED + DEK-Info: DES-EDE3-CBC,3F17F5316E2BAC89 + + ...base64 encoded data... + -----END RSA PRIVATE KEY----- + +The line beginning DEK-Info contains two comma separated pieces of information: +the encryption algorithm name as used by EVP_get_cipherbyname() and an 8 +byte B encoded as a set of hexadecimal digits. + +After this is the base64 encoded encrypted data. + +The encryption key is determined using EVP_bytestokey(), using B and an +iteration count of 1. The IV used is the value of B and *not* the IV +returned by EVP_bytestokey(). + =head1 BUGS The PEM read routines in some versions of OpenSSL will not correctly reuse an existing structure. Therefore the following: - PEM_read_bio(bp, &x, 0, NULL); + PEM_read_bio_X509(bp, &x, 0, NULL); where B already contains a valid certificate, may not work, whereas: X509_free(x); - x = PEM_read_bio(bp, NULL, 0, NULL); + x = PEM_read_bio_X509(bp, NULL, 0, NULL); is guaranteed to work. =head1 RETURN CODES The read routines return either a pointer to the structure read or NULL -is an error occurred. +if an error occurred. The write routines return 1 for success or 0 for failure.