Hi Dave
thanks a lot for the explanation. That makes a lot clearer to me. I added
some code to read out possible errors and there is none on the write
method. However there is a strange one on read:
error code pubkey: 537297017 in bio_lib.c line 297.
error data:
error string: error:20068079:BIO routines:BIO_gets:unsupported method
error code pubkey: 151441516 in pem_lib.c line 696.
error data:
error string: error:0906D06C:PEM routines:PEM_read_bio:no start line
For me that sounds as if it does not fine the "----- BEGIN PUBKEY ----"
line. So I checked with wireshark and it is there. The PEM string is
distributed over 3 packets but it is continuous data (there is no other
data in those packets). So where does this error come from? Any ideas? I
cannot do anything about the method here, right?
BTW I checked that this error is really triggered by the read function and
not by any BIO function before that function.
best regards
Carolin
>> From: owner-openssl-us...@openssl.org On Behalf Of Carolin Latze Sent:
Monday, 03 September, 2012 13:39
>
>> I try to send an RSA public from one entity to another using socket
BIOs. I use PEM_write_bio_RSA_PUBKEY and PEM_read_bio_RSA_PUBKEY to do
that. I also tried with PEM_{write|read}_bio_RSAPublicKey. Both have
the
>> same behaviour in my case. The write function seems to work just fine.
I
>> am able to see the public key on the wire (using wireshark). However,
the read function just crashes. It looks as if it reads an endless
amount of data and I have no idea why. Are those function
>> actually meant
>> to send data over a socket bio?
> The PEM routines are meant to send or store over practically any
channel. The DER routines are meant to send/store over any 8-bit clean
channel, which many socket protocols also do. (TCP/IP itself and a plain
socket does, but some protocols built on top of TCP/IP like SMTP and
HTTP don't, while some like FTP do.)
>
> Either pair should work, but mixing them should not. The RSAPublicKey
routines use the "raw" PKCS#1 format, and the RSA_PUBKEY routines use
the generic X.509 PublicKeyInfo format which *contains* the PKCS#1.
Although semantically equivalent, these are not the same thing.
>
> But if you get this (or pretty much anything else) wrong, the read
routine shouldn't crash. It should return null with error information
stored in the error queue; this is not the same as either crashing or
reading endlessly. In fact reading endlessly wouldn't crash either by my
definition so I can't guess what you mean actually happens.
>
>> This is how I call them:
>> on party A:
>> RSA rsa;
>> <init rsa, generate keys>
>> PEM_write_bio_RSA_PUBKEY(sockbio,rsa);
>> on party B:
>> rsa = RSA_new();
>> PEM_read_bio_RSAPublicKey(sockbio,&rsa,0,0);
>> Something wrong with the way I call the functions?
> If you are mismatching RSA_PUBKEY to RSAPublicKey see above.
>
> Even if not, you definitely should check for error on the read
> routine and at least display something. The write routine is
> much less likely to fail, but even so as general good practice
> you should check it too.
>
> Nit: personally in C I would write NULL rather than 0
> for a null pointer -- just so it's visible to humans,
> although it makes no difference to the compiler.
> Unfortunately C++ doesn't support this until recently.
>
>
> ______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
