Hi Dave thanks a lot for the explanation. That makes a lot clearer to me. I added some code to read out possible errors and there is none on the write method. However there is a strange one on read:
error code pubkey: 537297017 in bio_lib.c line 297. error data: error string: error:20068079:BIO routines:BIO_gets:unsupported method error code pubkey: 151441516 in pem_lib.c line 696. error data: error string: error:0906D06C:PEM routines:PEM_read_bio:no start line For me that sounds as if it does not fine the "----- BEGIN PUBKEY ----" line. So I checked with wireshark and it is there. The PEM string is distributed over 3 packets but it is continuous data (there is no other data in those packets). So where does this error come from? Any ideas? I cannot do anything about the method here, right? BTW I checked that this error is really triggered by the read function and not by any BIO function before that function. best regards Carolin >> From: owner-openssl-us...@openssl.org On Behalf Of Carolin Latze Sent: Monday, 03 September, 2012 13:39 > >> I try to send an RSA public from one entity to another using socket BIOs. I use PEM_write_bio_RSA_PUBKEY and PEM_read_bio_RSA_PUBKEY to do that. I also tried with PEM_{write|read}_bio_RSAPublicKey. Both have the >> same behaviour in my case. The write function seems to work just fine. I >> am able to see the public key on the wire (using wireshark). However, the read function just crashes. It looks as if it reads an endless amount of data and I have no idea why. Are those function >> actually meant >> to send data over a socket bio? > The PEM routines are meant to send or store over practically any channel. The DER routines are meant to send/store over any 8-bit clean channel, which many socket protocols also do. (TCP/IP itself and a plain socket does, but some protocols built on top of TCP/IP like SMTP and HTTP don't, while some like FTP do.) > > Either pair should work, but mixing them should not. The RSAPublicKey routines use the "raw" PKCS#1 format, and the RSA_PUBKEY routines use the generic X.509 PublicKeyInfo format which *contains* the PKCS#1. Although semantically equivalent, these are not the same thing. > > But if you get this (or pretty much anything else) wrong, the read routine shouldn't crash. It should return null with error information stored in the error queue; this is not the same as either crashing or reading endlessly. In fact reading endlessly wouldn't crash either by my definition so I can't guess what you mean actually happens. > >> This is how I call them: >> on party A: >> RSA rsa; >> <init rsa, generate keys> >> PEM_write_bio_RSA_PUBKEY(sockbio,rsa); >> on party B: >> rsa = RSA_new(); >> PEM_read_bio_RSAPublicKey(sockbio,&rsa,0,0); >> Something wrong with the way I call the functions? > If you are mismatching RSA_PUBKEY to RSAPublicKey see above. > > Even if not, you definitely should check for error on the read > routine and at least display something. The write routine is > much less likely to fail, but even so as general good practice > you should check it too. > > Nit: personally in C I would write NULL rather than 0 > for a null pointer -- just so it's visible to humans, > although it makes no difference to the compiler. > Unfortunately C++ doesn't support this until recently. > > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org