Hi to everybody,
First of all: I'm new to SSL and this list and I have a very bad english so ... sorry for all ... Then: I'm developing (or at least trying to develop...) a custom way to store and retrieve RSA keys by using BN_bn2mpi() and BN_mpi2bn() functions. Obviously, the private storing use encryption ... Everything's fine and I'm able to generate a key, store the public part in clear, store the private key encrypted, retrieve them and inject the BNs into an RSA object initialized with RSA_new(), and succesfully use the retrieved key. The problem is: When a wrong password is given to decrypt the stored private key, the resulting key is obviously invalid. Using RSA_check_key() in that cases sometimes gives an error (right !) but sometimes leads to an endless loop. Does anybody knows if there's a workaround for this ? To reproduce the situation I've attached a tgz with: - cry.c (the source test program) - pino.priv (generated by cry.c: encrypted private key) - pino.pub (generated by cry.c: encrypted private key) - b (text encrypted by cry.c using pino.pub) The first can be compiled with: $ gcc -g -I<path to openssl includes> -lcrypto -o cry cry.c Then by issueing the command: $ cry -d b c pino and giving the (wrong) password 'strozino' the program will (should ?) hang in RSA_check_key() ... By giving (instead) the right password 'pallino' the program should create a file called 'c' containing only the string 'messaggio'. Thankyou for your help. PS I'm using OpenSSL 0.9.6e on a Slackware 8.0 Linux ... PPS Anyone that finds something useful/interesting/amusing/funny in the source is free to do what he wants with it ... except blame me ;)
cry.tgz
Description: GNU Zip compressed data
