1PEM_BYTES_READ_BIO(3) OpenSSL PEM_BYTES_READ_BIO(3)
2
6 PEM_bytes_read_bio, PEM_bytes_read_bio_secmem - read a PEM-encoded data
7 structure from a BIO
8
10 #include <openssl/pem.h>
11 int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
13 const char *name, BIO *bp, pem_password_cb *cb,
14 void *u);
15 int PEM_bytes_read_bio_secmem(unsigned char **pdata, long *plen, char **pnm,
16 const char *name, BIO *bp, pem_password_cb *cb,
17 void *u);
18
20 PEM_bytes_read_bio() reads PEM-formatted (IETF RFC 1421 and IETF RFC
21 7468) data from the BIO bp for the data type given in name (RSA PRIVATE
22 KEY, CERTIFICATE, etc.). If multiple PEM-encoded data structures are
23 present in the same stream, PEM_bytes_read_bio() will skip non-matching
24 data types and continue reading. Non-PEM data present in the stream
25 may cause an error.
26 The PEM header may indicate that the following data is encrypted; if
28 so, the data will be decrypted, waiting on user input to supply a
29 passphrase if needed. The password callback cb and rock u are used to
30 obtain the decryption passphrase, if applicable.
31 Some data types have compatibility aliases, such as a file containing
33 X509 CERTIFICATE matching a request for the deprecated type
34 CERTIFICATE. The actual type indicated by the file is returned in *pnm
35 if pnm is non-NULL. The caller must free the storage pointed to by
36 *pnm.
37 The returned data is the DER-encoded form of the requested type, in
39 *pdata with length *plen. The caller must free the storage pointed to
40 by *pdata.
41 PEM_bytes_read_bio_secmem() is similar to PEM_bytes_read_bio(), but
43 uses memory from the secure heap for its temporary buffers and the
44 storage returned in *pdata and *pnm. Accordingly, the caller must use
45 OPENSSL_secure_free() to free that storage.
46
48 PEM_bytes_read_bio_secmem() only enforces that the secure heap is used
49 for storage allocated within the PEM processing stack. The BIO stack
50 from which input is read may also use temporary buffers, which are not
51 necessarily allocated from the secure heap. In cases where it is
52 desirable to ensure that the contents of the PEM file only appears in
53 memory from the secure heap, care is needed in generating the BIO
54 passed as bp. In particular, the use of BIO_s_file() indicates the use
55 of the operating system stdio functionality, which includes buffering
56 as a feature; BIO_s_fd() is likely to be more appropriate in such
57 cases.
58 These functions make no assumption regarding the pass phrase received
60 from the password callback. It will simply be treated as a byte
61 sequence.
62
64 PEM_bytes_read_bio() and PEM_bytes_read_bio_secmem() return 1 for
65 success or 0 for failure.
66
68 PEM_read_bio_ex(3), passphrase-encoding(7)
69
71 PEM_bytes_read_bio_secmem() was introduced in OpenSSL 1.1.1
72
74 Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
75 Licensed under the OpenSSL license (the "License"). You may not use
77 this file except in compliance with the License. You can obtain a copy
78 in the file LICENSE in the source distribution or at
79 <https://www.openssl.org/source/license.html>.
801.1.1q 2023-07-20 PEM_BYTES_READ_BIO(3)