Re: BIO_new_mem_buf() doesn't work after RSA_private_decrypt() failure.

Tue, 20 Jun 2006 06:04:18 -0700 

In message <[EMAIL PROTECTED]> on Tue, 20 Jun 2006 21:16:49 +0900, Tatsuya 
Tsurukawa <[EMAIL PROTECTED]> said:

Tsurukawa.Tatsuya> bioPtr = BIO_new_mem_buf( InputPEMstring, -1 );
Tsurukawa.Tatsuya>   :
Tsurukawa.Tatsuya> prvkey = PEM_read_bio_RSAPrivateKey( bioPtr, NULL, NULL, 
NULL );
Tsurukawa.Tatsuya>   :
Tsurukawa.Tatsuya> RSA_private_decrypt( ..., prvkey, RSA_PKCS1_OAEP_PADDING );  
/* We use OAEP */
Tsurukawa.Tatsuya> 
Tsurukawa.Tatsuya> It does work well as long as providing appropriate
Tsurukawa.Tatsuya> private keys.  Buf if I provide wrong private key,
Tsurukawa.Tatsuya> RSA_private_decrypt() fails of course, and then
Tsurukawa.Tatsuya> next BIO_new_mem_buf() also fails with the error
Tsurukawa.Tatsuya> code 0x407A079 by ERR_get_error().

Exactly how do you check for errors?  You see, the error codes are
stored in a queue until you either print it (ERR_print_errors()) or
clear it (ERR_clear_error()).
(yeah, of course, there are other ERR_* functions that you can use as
well to manipulate the queue, but those I mention are probably the
more useful most of the times)

To check *if* a specific function returned with an error, you have to
check the returned value, and *if* it returned with a value indicating
an error, *then* you check the error code.  Same thing as you do with
errno, basically.

Since BIO_new_mem_buf() returns a pointer, it's quite natural to check
if returns NULL to see if there was an error at all with it.

For RSA_private_decrypt(), the manual says the following about the
returned value:

       RSA_public_encrypt() returns the size of the encrypted data (i.e.,
       RSA_size(rsa)). RSA_private_decrypt() returns the size of the recovered
       plaintext.

       On error, -1 is returned; the error codes can be obtained by
       ERR_get_error(3).

The code 0x407A079 is easily decoded, btw:

   : ; openssl errstr 407A079
   error:0407A079:rsa routines:RSA_padding_check_PKCS1_OAEP:oaep decoding error

Cheers,
Richard

-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.

-- 
Richard Levitte                         [EMAIL PROTECTED]
                                        http://richard.levitte.org/

"When I became a man I put away childish things, including
 the fear of childishness and the desire to be very grown up."
                                                -- C.S. Lewis
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to