> From: owner-openssl-us...@openssl.org On Behalf Of Carolin Latze
> Sent: Monday, 03 September, 2012 13:39
> I try to send an RSA public from one entity to another using socket
> BIOs. I use PEM_write_bio_RSA_PUBKEY and PEM_read_bio_RSA_PUBKEY to do
> that. I also tried with PEM_{write|read}_bio_RSAPublicKey. Both have the
> same behaviour in my case. The write function seems to work just fine. I
> am able to see the public key on the wire (using wireshark). However,
> the read function just crashes. It looks as if it reads an endless
> amount of data and I have no idea why. Are those function
> actually meant
> to send data over a socket bio?
>
The PEM routines are meant to send or store over practically any
channel. The DER routines are meant to send/store over any 8-bit
clean channel, which many socket protocols also do. (TCP/IP itself
and a plain socket does, but some protocols built on top of TCP/IP
like SMTP and HTTP don't, while some like FTP do.)
Either pair should work, but mixing them should not. The RSAPublicKey
routines use the "raw" PKCS#1 format, and the RSA_PUBKEY routines use
the generic X.509 PublicKeyInfo format which *contains* the PKCS#1.
Although semantically equivalent, these are not the same thing.
But if you get this (or pretty much anything else) wrong, the read
routine shouldn't crash. It should return null with error information
stored in the error queue; this is not the same as either crashing
or reading endlessly. In fact reading endlessly wouldn't crash either
by my definition so I can't guess what you mean actually happens.
> This is how I call them:
>
> on party A:
>
> RSA rsa;
> <init rsa, generate keys>
> PEM_write_bio_RSA_PUBKEY(sockbio,rsa);
>
> on party B:
>
> rsa = RSA_new();
> PEM_read_bio_RSAPublicKey(sockbio,&rsa,0,0);
>
> Something wrong with the way I call the functions?
>
If you are mismatching RSA_PUBKEY to RSAPublicKey see above.
Even if not, you definitely should check for error on the read
routine and at least display something. The write routine is
much less likely to fail, but even so as general good practice
you should check it too.
Nit: personally in C I would write NULL rather than 0
for a null pointer -- just so it's visible to humans,
although it makes no difference to the compiler.
Unfortunately C++ doesn't support this until recently.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
