> Is it possible that PEM_read_bio_RSA_PUBKEY uses BIO_gets internally Sometimes the best answer to that sort of question -- sadly, perhaps, but true nonetheless -- is to look at the source code. Not so hard to read as I had at first supposed.
Charles -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Carolin Latze Sent: Tuesday, September 04, 2012 5:03 AM To: openssl-users@openssl.org Subject: RE: PEM_read_bio_RSA_PUBKEY Hi, I went on reading about this error and figured out that the socket bio does not support the BIO_gets method. Is it possible that PEM_read_bio_RSA_PUBKEY uses BIO_gets internally and is therefore not really compatible with a socket bio? In order to verify that I created a buffer BIO (BIO_f_buffer()) on top of the socket bio for the read function. And this just works. Is this the desired way to do this? I can live with it, but since it was not documented (or maybe I just missed it), I did not expect it. best regards and thanks a lot again for the help Carolin > Hi Dave > > thanks a lot for the explanation. That makes a lot clearer to me. I added > some code to read out possible errors and there is none on the write method. However there is a strange one on read: > > error code pubkey: 537297017 in bio_lib.c line 297. > error data: > error string: error:20068079:BIO routines:BIO_gets:unsupported method error code pubkey: 151441516 in pem_lib.c line 696. > error data: > error string: error:0906D06C:PEM routines:PEM_read_bio:no start line > > For me that sounds as if it does not fine the "----- BEGIN PUBKEY ----" line. So I checked with wireshark and it is there. The PEM string is distributed over 3 packets but it is continuous data (there is no other data in those packets). So where does this error come from? Any ideas? I cannot do anything about the method here, right? > > BTW I checked that this error is really triggered by the read function and > not by any BIO function before that function. > > best regards > Carolin > >>> From: owner-openssl-us...@openssl.org On Behalf Of Carolin Latze Sent: > Monday, 03 September, 2012 13:39 >>> I try to send an RSA public from one entity to another using socket > BIOs. I use PEM_write_bio_RSA_PUBKEY and PEM_read_bio_RSA_PUBKEY to do that. I also tried with PEM_{write|read}_bio_RSAPublicKey. Both have the >>> same behaviour in my case. The write function seems to work just fine. > I >>> am able to see the public key on the wire (using wireshark). However, > the read function just crashes. It looks as if it reads an endless amount of data and I have no idea why. Are those function >>> actually meant >>> to send data over a socket bio? >> The PEM routines are meant to send or store over practically any > channel. The DER routines are meant to send/store over any 8-bit clean channel, which many socket protocols also do. (TCP/IP itself and a plain socket does, but some protocols built on top of TCP/IP like SMTP and HTTP don't, while some like FTP do.) >> Either pair should work, but mixing them should not. The RSAPublicKey > routines use the "raw" PKCS#1 format, and the RSA_PUBKEY routines use the generic X.509 PublicKeyInfo format which *contains* the PKCS#1. Although semantically equivalent, these are not the same thing. >> But if you get this (or pretty much anything else) wrong, the read > routine shouldn't crash. It should return null with error information stored in the error queue; this is not the same as either crashing or reading endlessly. In fact reading endlessly wouldn't crash either by my definition so I can't guess what you mean actually happens. >>> This is how I call them: >>> on party A: >>> RSA rsa; >>> <init rsa, generate keys> >>> PEM_write_bio_RSA_PUBKEY(sockbio,rsa); >>> on party B: >>> rsa = RSA_new(); >>> PEM_read_bio_RSAPublicKey(sockbio,&rsa,0,0); >>> Something wrong with the way I call the functions? >> If you are mismatching RSA_PUBKEY to RSAPublicKey see above. >> Even if not, you definitely should check for error on the read >> routine and at least display something. The write routine is >> much less likely to fail, but even so as general good practice >> you should check it too. >> Nit: personally in C I would write NULL rather than 0 >> for a null pointer -- just so it's visible to humans, >> although it makes no difference to the compiler. >> Unfortunately C++ doesn't support this until recently. >> ______________________________________________________________________ > OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org > > > > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
