1.\" $OpenBSD: PEM_bytes_read_bio.3,v 1.6 2020/07/23 17:34:53 schwarze Exp $
2.\" selective merge up to:
3.\" OpenSSL PEM_bytes_read_bio.pod 7671342e Feb 29 15:47:12 2016 -0600
4.\"
5.\" This file is a derived work.
6.\" The changes are covered by the following Copyright and license:
7.\" Copyright (c) 2020 Ingo Schwarze <schwarze@openbsd.org>
8.\"
9.\" Permission to use, copy, modify, and distribute this software for any
10.\" purpose with or without fee is hereby granted, provided that the above
11.\" copyright notice and this permission notice appear in all copies.
12.\"
13.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
14.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
16.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20.\"
21.\" The original file was written by Benjamin Kaduk <bkaduk at akamai dot com>.
22.\" Copyright (c) 2017 The OpenSSL Project.  All rights reserved.
23.\"
24.\" Redistribution and use in source and binary forms, with or without
25.\" modification, are permitted provided that the following conditions
26.\" are met:
27.\"
28.\" 1. Redistributions of source code must retain the above copyright
29.\"    notice, this list of conditions and the following disclaimer.
30.\"
31.\" 2. Redistributions in binary form must reproduce the above copyright
32.\"    notice, this list of conditions and the following disclaimer in
33.\"    the documentation and/or other materials provided with the
34.\"    distribution.
35.\"
36.\" 3. All advertising materials mentioning features or use of this
37.\"    software must display the following acknowledgment:
38.\"    "This product includes software developed by the OpenSSL Project
39.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
40.\"
41.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
42.\"    endorse or promote products derived from this software without
43.\"    prior written permission. For written permission, please contact
44.\"    openssl-core@openssl.org.
45.\"
46.\" 5. Products derived from this software may not be called "OpenSSL"
47.\"    nor may "OpenSSL" appear in their names without prior written
48.\"    permission of the OpenSSL Project.
49.\"
50.\" 6. Redistributions of any form whatsoever must retain the following
51.\"    acknowledgment:
52.\"    "This product includes software developed by the OpenSSL Project
53.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
54.\"
55.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
56.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
57.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
58.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
59.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
60.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
61.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
62.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
63.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
64.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
65.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
66.\" OF THE POSSIBILITY OF SUCH DAMAGE.
67.\"
68.Dd $Mdocdate: July 23 2020 $
69.Dt PEM_BYTES_READ_BIO 3
70.Os
71.Sh NAME
72.Nm PEM_bytes_read_bio
73.Nd read a PEM-encoded data structure from a BIO
74.Sh SYNOPSIS
75.In openssl/pem.h
76.Ft int
77.Fo PEM_bytes_read_bio
78.Fa "unsigned char **pdata"
79.Fa "long *plen"
80.Fa "char **pnm"
81.Fa "const char *name"
82.Fa "BIO *in_bp"
83.Fa "pem_password_cb *cb"
84.Fa "void *u"
85.Fc
86.Sh DESCRIPTION
87.Fn PEM_bytes_read_bio
88reads and PEM decodes the first object of type
89.Fa name
90.Pq e.g. RSA PRIVATE KEY, CERTIFICATE, etc.\&
91from
92.Fa in_bp .
93If multiple PEM-encoded data structures are present in the same stream,
94it skips non-matching data types and continues reading.
95Before reading each PEM object, lines not starting with
96.Qq "-----BEGIN "
97are also skipped; see
98.Xr PEM_read_bio 3
99for details of PEM parsing.
100.Pp
101The PEM header may indicate that the following data is encrypted; if so,
102the data is decrypted, optionally using
103.Fa cb
104and
105.Fa u ,
106as described in
107.Xr pem_password_cb 3 .
108.Pp
109Some data types have compatibility aliases, such as a file containing
110X509 CERTIFICATE matching a request for the deprecated type CERTIFICATE.
111The actual type indicated by the file is returned in
112.Em *pnm
113if
114.Fa pnm
115is
116.Pf non- Dv NULL .
117The caller must free the storage pointed to by
118.Em *pnm .
119.Pp
120The returned data is the DER-encoded form of the requested type, in
121.Em *pdata
122with length
123.Em *plen .
124The caller must free the storage pointed to by
125.Em *pdata .
126.Sh RETURN VALUES
127.Fn PEM_bytes_read_bio
128returns 1 for success or 0 for failure.
129.Sh ERRORS
130Diagnostics that can be retrieved with
131.Xr ERR_get_error 3 ,
132.Xr ERR_GET_REASON 3 ,
133and
134.Xr ERR_reason_error_string 3
135include:
136.Bl -tag -width Ds
137.It Dv PEM_R_NO_START_LINE Qq no start line
138No more PEM objects were found in the input.
139This can happen when the input contains no PEM objects at all,
140or only objects that do not match the type
141.Fa name .
142.It Dv PEM_R_NOT_PROC_TYPE Qq not proc type
143The first PEM header does not start with
144.Qq "Proc-Type: " .
145.It Dv PEM_R_NOT_ENCRYPTED Qq not encrypted
146The Proc-Type header differs from
147.Qq 4,ENCRYPTED .
148.It Dv PEM_R_SHORT_HEADER Qq short header
149The Proc-Type header is the last header line.
150.It Dv PEM_R_NOT_DEK_INFO Qq not dek info
151The second PEM header does not start with
152.Qq "DEK-Info: " .
153.It Dv PEM_R_UNSUPPORTED_ENCRYPTION Qq unsupported encryption
154The cipher name given in the DEK-Info header is unknown to
155.Xr EVP_get_cipherbyname 3 .
156.It Dv PEM_R_BAD_IV_CHARS Qq "bad iv chars"
157The word following the cipher name in the DEK-Info header
158contains bytes that are not hexadecimal digits.
159This also happens when the initialization vector is missing or too short.
160.It Dv PEM_R_BAD_PASSWORD_READ Qq bad password read
161.Fa cb
162reported failure.
163This may for example happen when the user mistypes the password.
164.It Dv PEM_R_BAD_DECRYPT Qq bad decrypt
165.Xr EVP_DecryptInit_ex 3 ,
166.Xr EVP_DecryptUpdate 3 ,
167or
168.Xr EVP_DecryptFinal_ex 3
169failed.
170.El
171.Pp
172Additional types of errors can result from
173.Xr PEM_read_bio 3 .
174.Sh SEE ALSO
175.Xr PEM_ASN1_read 3 ,
176.Xr PEM_read 3 ,
177.Xr PEM_read_bio_PrivateKey 3 ,
178.Xr PEM_X509_INFO_read 3
179.Sh STANDARDS
180RFC 1421: Privacy Enhancement for Internet Electronic Mail (PEM), Part I
181.Sh HISTORY
182.Fn PEM_bytes_read_bio
183first appeared in OpenSSL 0.9.7 and has been available since
184.Ox 3.2 .
185