xref: /freebsd/crypto/openssl/doc/man3/PEM_bytes_read_bio.pod (revision b077aed33b7b6aefca7b17ddb250cf521f938613) 
1e71b7053SJung-uk Kim=pod
2e71b7053SJung-uk Kim
3e71b7053SJung-uk Kim=head1 NAME
4e71b7053SJung-uk Kim
5e71b7053SJung-uk KimPEM_bytes_read_bio, PEM_bytes_read_bio_secmem - read a PEM-encoded data structure from a BIO
6e71b7053SJung-uk Kim
7e71b7053SJung-uk Kim=head1 SYNOPSIS
8e71b7053SJung-uk Kim
9e71b7053SJung-uk Kim #include <openssl/pem.h>
10e71b7053SJung-uk Kim
11e71b7053SJung-uk Kim int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
12e71b7053SJung-uk Kim                        const char *name, BIO *bp, pem_password_cb *cb,
13e71b7053SJung-uk Kim                        void *u);
14e71b7053SJung-uk Kim int PEM_bytes_read_bio_secmem(unsigned char **pdata, long *plen, char **pnm,
15e71b7053SJung-uk Kim                               const char *name, BIO *bp, pem_password_cb *cb,
16e71b7053SJung-uk Kim                               void *u);
17e71b7053SJung-uk Kim
18e71b7053SJung-uk Kim=head1 DESCRIPTION
19e71b7053SJung-uk Kim
2017f01e99SJung-uk KimPEM_bytes_read_bio() reads PEM-formatted (IETF RFC 1421 and IETF RFC 7468)
2117f01e99SJung-uk Kimdata from the BIO
22e71b7053SJung-uk KimI<bp> for the data type given in I<name> (RSA PRIVATE KEY, CERTIFICATE,
23e71b7053SJung-uk Kimetc.).  If multiple PEM-encoded data structures are present in the same
24e71b7053SJung-uk Kimstream, PEM_bytes_read_bio() will skip non-matching data types and
25e71b7053SJung-uk Kimcontinue reading.  Non-PEM data present in the stream may cause an
26e71b7053SJung-uk Kimerror.
27e71b7053SJung-uk Kim
28e71b7053SJung-uk KimThe PEM header may indicate that the following data is encrypted; if so,
29e71b7053SJung-uk Kimthe data will be decrypted, waiting on user input to supply a passphrase
30e71b7053SJung-uk Kimif needed.  The password callback I<cb> and rock I<u> are used to obtain
31e71b7053SJung-uk Kimthe decryption passphrase, if applicable.
32e71b7053SJung-uk Kim
33e71b7053SJung-uk KimSome data types have compatibility aliases, such as a file containing
34e71b7053SJung-uk KimX509 CERTIFICATE matching a request for the deprecated type CERTIFICATE.
35e71b7053SJung-uk KimThe actual type indicated by the file is returned in I<*pnm> if I<pnm> is
36e71b7053SJung-uk Kimnon-NULL.  The caller must free the storage pointed to by I<*pnm>.
37e71b7053SJung-uk Kim
38e71b7053SJung-uk KimThe returned data is the DER-encoded form of the requested type, in
39e71b7053SJung-uk KimI<*pdata> with length I<*plen>.  The caller must free the storage pointed
40e71b7053SJung-uk Kimto by I<*pdata>.
41e71b7053SJung-uk Kim
42e71b7053SJung-uk KimPEM_bytes_read_bio_secmem() is similar to PEM_bytes_read_bio(), but uses
43e71b7053SJung-uk Kimmemory from the secure heap for its temporary buffers and the storage
44e71b7053SJung-uk Kimreturned in I<*pdata> and I<*pnm>.  Accordingly, the caller must use
45e71b7053SJung-uk KimOPENSSL_secure_free() to free that storage.
46e71b7053SJung-uk Kim
47e71b7053SJung-uk Kim=head1 NOTES
48e71b7053SJung-uk Kim
49e71b7053SJung-uk KimPEM_bytes_read_bio_secmem() only enforces that the secure heap is used for
50e71b7053SJung-uk Kimstorage allocated within the PEM processing stack.  The BIO stack from
51e71b7053SJung-uk Kimwhich input is read may also use temporary buffers, which are not necessarily
52e71b7053SJung-uk Kimallocated from the secure heap.  In cases where it is desirable to ensure
53e71b7053SJung-uk Kimthat the contents of the PEM file only appears in memory from the secure heap,
54e71b7053SJung-uk Kimcare is needed in generating the BIO passed as I<bp>.  In particular, the
55e71b7053SJung-uk Kimuse of BIO_s_file() indicates the use of the operating system stdio
56e71b7053SJung-uk Kimfunctionality, which includes buffering as a feature; BIO_s_fd() is likely
57e71b7053SJung-uk Kimto be more appropriate in such cases.
58e71b7053SJung-uk Kim
59e71b7053SJung-uk KimThese functions make no assumption regarding the pass phrase received from the
60e71b7053SJung-uk Kimpassword callback.
61e71b7053SJung-uk KimIt will simply be treated as a byte sequence.
62e71b7053SJung-uk Kim
63e71b7053SJung-uk Kim=head1 RETURN VALUES
64e71b7053SJung-uk Kim
65e71b7053SJung-uk KimPEM_bytes_read_bio() and PEM_bytes_read_bio_secmem() return 1 for success or
66e71b7053SJung-uk Kim0 for failure.
67e71b7053SJung-uk Kim
68e71b7053SJung-uk Kim=head1 SEE ALSO
69e71b7053SJung-uk Kim
70e71b7053SJung-uk KimL<PEM_read_bio_ex(3)>,
71e71b7053SJung-uk KimL<passphrase-encoding(7)>
72e71b7053SJung-uk Kim
73e71b7053SJung-uk Kim=head1 HISTORY
74e71b7053SJung-uk Kim
75e71b7053SJung-uk KimPEM_bytes_read_bio_secmem() was introduced in OpenSSL 1.1.1
76e71b7053SJung-uk Kim
77e71b7053SJung-uk Kim=head1 COPYRIGHT
78e71b7053SJung-uk Kim
79e71b7053SJung-uk KimCopyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
80e71b7053SJung-uk Kim
81*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License").  You may not use
82e71b7053SJung-uk Kimthis file except in compliance with the License.  You can obtain a copy
83e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at
84e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>.
85e71b7053SJung-uk Kim
86e71b7053SJung-uk Kim=cut
87