xref: /freebsd/crypto/openssl/doc/man3/PEM_bytes_read_bio.pod (revision d65cd7a57bf0600b722afc770838a5d0c1c3a8e1)
1=pod
2
3=head1 NAME
4
5PEM_bytes_read_bio, PEM_bytes_read_bio_secmem - read a PEM-encoded data structure from a BIO
6
7=head1 SYNOPSIS
8
9 #include <openssl/pem.h>
10
11 int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
12                        const char *name, BIO *bp, pem_password_cb *cb,
13                        void *u);
14 int PEM_bytes_read_bio_secmem(unsigned char **pdata, long *plen, char **pnm,
15                               const char *name, BIO *bp, pem_password_cb *cb,
16                               void *u);
17
18=head1 DESCRIPTION
19
20PEM_bytes_read_bio() reads PEM-formatted (IETF RFC 1421 and IETF RFC 7468)
21data from the BIO
22I<bp> for the data type given in I<name> (RSA PRIVATE KEY, CERTIFICATE,
23etc.).  If multiple PEM-encoded data structures are present in the same
24stream, PEM_bytes_read_bio() will skip non-matching data types and
25continue reading.  Non-PEM data present in the stream may cause an
26error.
27
28The PEM header may indicate that the following data is encrypted; if so,
29the data will be decrypted, waiting on user input to supply a passphrase
30if needed.  The password callback I<cb> and rock I<u> are used to obtain
31the decryption passphrase, if applicable.
32
33Some data types have compatibility aliases, such as a file containing
34X509 CERTIFICATE matching a request for the deprecated type CERTIFICATE.
35The actual type indicated by the file is returned in I<*pnm> if I<pnm> is
36non-NULL.  The caller must free the storage pointed to by I<*pnm>.
37
38The returned data is the DER-encoded form of the requested type, in
39I<*pdata> with length I<*plen>.  The caller must free the storage pointed
40to by I<*pdata>.
41
42PEM_bytes_read_bio_secmem() is similar to PEM_bytes_read_bio(), but uses
43memory from the secure heap for its temporary buffers and the storage
44returned in I<*pdata> and I<*pnm>.  Accordingly, the caller must use
45OPENSSL_secure_free() to free that storage.
46
47=head1 NOTES
48
49PEM_bytes_read_bio_secmem() only enforces that the secure heap is used for
50storage allocated within the PEM processing stack.  The BIO stack from
51which input is read may also use temporary buffers, which are not necessarily
52allocated from the secure heap.  In cases where it is desirable to ensure
53that the contents of the PEM file only appears in memory from the secure heap,
54care is needed in generating the BIO passed as I<bp>.  In particular, the
55use of BIO_s_file() indicates the use of the operating system stdio
56functionality, which includes buffering as a feature; BIO_s_fd() is likely
57to be more appropriate in such cases.
58
59These functions make no assumption regarding the pass phrase received from the
60password callback.
61It will simply be treated as a byte sequence.
62
63=head1 RETURN VALUES
64
65PEM_bytes_read_bio() and PEM_bytes_read_bio_secmem() return 1 for success or
660 for failure.
67
68=head1 SEE ALSO
69
70L<PEM_read_bio_ex(3)>,
71L<passphrase-encoding(7)>
72
73=head1 HISTORY
74
75PEM_bytes_read_bio_secmem() was introduced in OpenSSL 1.1.1
76
77=head1 COPYRIGHT
78
79Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
80
81Licensed under the OpenSSL license (the "License").  You may not use
82this file except in compliance with the License.  You can obtain a copy
83in the file LICENSE in the source distribution or at
84L<https://www.openssl.org/source/license.html>.
85
86=cut
87