import PEM_bytes_read_bio(3) from OpenSSL,

dropping the secmem stuff that we don't want

4 files changed, 124 insertions, 7 deletions

diff --git a/lib/libcrypto/man/Makefile b/lib/libcrypto/man/Makefile
index 733e6730aba..66144c8231e 100644
--- a/lib/libcrypto/man/Makefile
+++ b/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.122 2017/08/20 19:21:20 schwarze Exp $
+# $OpenBSD: Makefile,v 1.123 2017/08/20 20:15:13 schwarze Exp $
 
 .include <bsd.own.mk>
 
@@ -151,6 +151,7 @@ MAN=	\
 	OPENSSL_load_builtin_modules.3 \
 	OPENSSL_malloc.3 \
 	OpenSSL_add_all_algorithms.3 \
+	PEM_bytes_read_bio.3 \
 	PEM_read.3 \
 	PEM_read_bio_PrivateKey.3 \
 	PEM_write_bio_PKCS7_stream.3 \
diff --git a/lib/libcrypto/man/PEM_bytes_read_bio.3 b/lib/libcrypto/man/PEM_bytes_read_bio.3
new file mode 100644
index 00000000000..d706a8ad8ee
--- /dev/null
+++ b/lib/libcrypto/man/PEM_bytes_read_bio.3
@@ -0,0 +1,112 @@
+.\"	$OpenBSD: PEM_bytes_read_bio.3,v 1.1 2017/08/20 20:15:13 schwarze Exp $
+.\"	OpenSSL PEM_bytes_read_bio.pod 7671342e Feb 29 15:47:12 2016 -0600
+.\"
+.\" This file was written by Benjamin Kaduk <bkaduk at akamai dot com>.
+.\" Copyright (c) 2017 The OpenSSL Project.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in
+.\"    the documentation and/or other materials provided with the
+.\"    distribution.
+.\"
+.\" 3. All advertising materials mentioning features or use of this
+.\"    software must display the following acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+.\"
+.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+.\"    endorse or promote products derived from this software without
+.\"    prior written permission. For written permission, please contact
+.\"    openssl-core@openssl.org.
+.\"
+.\" 5. Products derived from this software may not be called "OpenSSL"
+.\"    nor may "OpenSSL" appear in their names without prior written
+.\"    permission of the OpenSSL Project.
+.\"
+.\" 6. Redistributions of any form whatsoever must retain the following
+.\"    acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+.\" OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: August 20 2017 $
+.Dt PEM_BYTES_READ_BIO 3
+.Os
+.Sh NAME
+.Nm PEM_bytes_read_bio
+.Nd read a PEM-encoded data structure from a BIO
+.Sh SYNOPSIS
+.In openssl/pem.h
+.Ft int
+.Fo PEM_bytes_read_bio
+.Fa "unsigned char **pdata"
+.Fa "long *plen"
+.Fa "char **pnm"
+.Fa "const char *name"
+.Fa "BIO *bp"
+.Fa "pem_password_cb *cb"
+.Fa "void *u"
+.Fc
+.Sh DESCRIPTION
+.Fn PEM_bytes_read_bio
+reads PEM-formatted (RFC 1421) data from the BIO
+.Fa bp
+for the data type given in
+.Fa name
+(RSA PRIVATE KEY, CERTIFICATE, etc.).
+If multiple PEM-encoded data structures are present in the same stream,
+.Fn PEM_bytes_read_bio
+will skip non-matching data types and continue reading.
+Non-PEM data present in the stream may cause an error.
+.Pp
+The PEM header may indicate that the following data is encrypted; if so,
+the data will be decrypted, waiting on user input to supply a passphrase
+if needed.
+The password callback
+.Fa cb
+and rock
+.Fa u
+are used to obtain the decryption passphrase, if applicable.
+.Pp
+Some data types have compatibility aliases, such as a file containing
+X509 CERTIFICATE matching a request for the deprecated type CERTIFICATE.
+The actual type indicated by the file is returned in
+.Em *pnm
+if
+.Fa pnm
+is
+.Pf non- Dv NULL .
+The caller must free the storage pointed to by
+.Em *pnm .
+.Pp
+The returned data is the DER-encoded form of the requested type, in
+.Em *pdata
+with length
+.Em *plen .
+The caller must free the storage pointed to by
+.Em *pdata .
+.Sh RETURN VALUES
+.Fn PEM_bytes_read_bio
+returns 1 for success or 0 for failure.
+.Sh SEE ALSO
+.Xr PEM_read 3 ,
+.Xr PEM_read_bio_PrivateKey 3
diff --git a/lib/libcrypto/man/PEM_read.3 b/lib/libcrypto/man/PEM_read.3
index 50bce044ff4..6fe41bd7f1b 100644
--- a/lib/libcrypto/man/PEM_read.3
+++ b/lib/libcrypto/man/PEM_read.3
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: PEM_read.3,v 1.2 2016/11/29 07:29:52 jmc Exp $
+.\"	$OpenBSD: PEM_read.3,v 1.3 2017/08/20 20:15:13 schwarze Exp $
 .\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" This file was written by Viktor Dukhovni
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: November 29 2016 $
+.Dd $Mdocdate: August 20 2017 $
 .Dt PEM_READ 3
 .Os
 .Sh NAME
@@ -279,4 +279,6 @@ is likely meaningless if these functions fail.
 .Sh SEE ALSO
 .Xr d2i_PKCS8PrivateKey_bio 3 ,
 .Xr ERR_GET_LIB 3 ,
-.Xr ERR_peek_last_error 3
+.Xr ERR_peek_last_error 3 ,
+.Xr PEM_bytes_read_bio 3 ,
+.Xr PEM_read_bio_PrivateKey 3
diff --git a/lib/libcrypto/man/PEM_read_bio_PrivateKey.3 b/lib/libcrypto/man/PEM_read_bio_PrivateKey.3
index 5d0852be25c..ec8f81c47fa 100644
--- a/lib/libcrypto/man/PEM_read_bio_PrivateKey.3
+++ b/lib/libcrypto/man/PEM_read_bio_PrivateKey.3
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: PEM_read_bio_PrivateKey.3,v 1.7 2016/12/25 22:15:10 schwarze Exp $
+.\"	$OpenBSD: PEM_read_bio_PrivateKey.3,v 1.8 2017/08/20 20:15:13 schwarze Exp $
 .\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 25 2016 $
+.Dd $Mdocdate: August 20 2017 $
 .Dt PEM_READ_BIO_PRIVATEKEY 3
 .Os
 .Sh NAME
@@ -1213,7 +1213,9 @@ pass_cb(char *buf, int size, int rwflag, void *u)
 }
 .Ed
 .Sh SEE ALSO
-.Xr BIO_new 3
+.Xr BIO_new 3 ,
+.Xr PEM_bytes_read_bio 3 ,
+.Xr PEM_read 3
 .Sh CAVEATS
 A frequent cause of problems is attempting to use the PEM routines like
 this: