Dear Richard,
Thank you for your quick answer.
I did nothing after RSA_private_decrypt() error(-1) with a wrong private
key and called ERR_get_error() right after BIO_new_mem_buf() returned NULL
as follows.
iRet = RSA_private_decrypt(); // provide wrong private key
if( iRet == -1 ){
// Do nothing
}
bioPtr = BIO_new_mem_buf();
if( bioPtr == NULL ){
ERR_get_error();
:
}
As you've mentioned, it got _not_ BIO_new_mem_buf() error but
RSA_private_decrypt()
error instead. I don't know why it didn't get BIO_new_mem_buf() error
although it failed (returned NULL).
By the way, I've also found if I call ERR_clear_error() between
RSA_private_decrypt()
and BIO_new_mem_buf(), BIO_new_mem_buf() doesn't fail as follows.
iRet = RSA_private_decrypt(); // provide wrong private key
if( iRet == -1 ){
// Do nothing
}
ERR_clear_error();
bioPtr = BIO_new_mem_buf();
if( bioPtr == NULL ){
ERR_get_error();
:
}
It seems I need to clear error queue after private decryption error, but does
the status of error queue actually affect to the behaviour of following apis ?
Best regards,
Tatsuya Tsurukawa
Richard Levitte - VMS Whacker wrote:
>In message <[EMAIL PROTECTED]> on Tue, 20 Jun 2006 21:16:49 +0900,
Tatsuya Tsurukawa <[EMAIL PROTECTED]> said:
>
>Tsurukawa.Tatsuya> bioPtr = BIO_new_mem_buf( InputPEMstring, -1 );
>Tsurukawa.Tatsuya> :
>Tsurukawa.Tatsuya> prvkey = PEM_read_bio_RSAPrivateKey( bioPtr, NULL, NULL,
>NULL );
>Tsurukawa.Tatsuya> :
>Tsurukawa.Tatsuya> RSA_private_decrypt( ..., prvkey, RSA_PKCS1_OAEP_PADDING );
> /* We use OAEP */
>Tsurukawa.Tatsuya>
>Tsurukawa.Tatsuya> It does work well as long as providing appropriate
>Tsurukawa.Tatsuya> private keys. Buf if I provide wrong private key,
>Tsurukawa.Tatsuya> RSA_private_decrypt() fails of course, and then
>Tsurukawa.Tatsuya> next BIO_new_mem_buf() also fails with the error
>Tsurukawa.Tatsuya> code 0x407A079 by ERR_get_error().
>
>Exactly how do you check for errors? You see, the error codes are
>stored in a queue until you either print it (ERR_print_errors()) or
>clear it (ERR_clear_error()).
>(yeah, of course, there are other ERR_* functions that you can use as
>well to manipulate the queue, but those I mention are probably the
>more useful most of the times)
>
>To check *if* a specific function returned with an error, you have to
>check the returned value, and *if* it returned with a value indicating
>an error, *then* you check the error code. Same thing as you do with
>errno, basically.
>
>Since BIO_new_mem_buf() returns a pointer, it's quite natural to check
>if returns NULL to see if there was an error at all with it.
>
>For RSA_private_decrypt(), the manual says the following about the
>returned value:
>
> RSA_public_encrypt() returns the size of the encrypted data (i.e.,
> RSA_size(rsa)). RSA_private_decrypt() returns the size of the recovered
> plaintext.
>
> On error, -1 is returned; the error codes can be obtained by
> ERR_get_error(3).
>
>The code 0x407A079 is easily decoded, btw:
>
> : ; openssl errstr 407A079
> error:0407A079:rsa routines:RSA_padding_check_PKCS1_OAEP:oaep decoding error
>
>Cheers,
>Richard
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
