1

Getting this very annoying error. error:0906D06C:PEM routines:PEM_read_bio:no start

Code:

RSA* publickey = cWrapper.getPublicKey("C:/rsa-stuff/public.pem");
QByteArray plain = "The man in the black fled into the desert and the gunslinger followed...";
QByteArray encrypted = cWrapper.encryptRSA(publickey, plain);

In encryptRSA():

const char* publicKeyStr = data.constData();
qDebug() << publicKeyStr;
BIO* bio = BIO_new_mem_buf((void*)publicKeyStr, -1);
BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL);
RSA* rsaPubKey = PEM_read_bio_RSAPublicKey(bio, NULL, NULL, NULL);
if(!rsaPubKey) {
  qDebug() << "Could not load public key, " << ERR_error_string(ERR_get_error(), NULL); // error is here
}
BIO_free(bio);

This is how I read file:

QByteArray data;
QFile file(filename);

if(!file.open(QFile::ReadOnly))
{
    printf("Error reading file: %s\n", file.errorString());
    return data;
}

data = file.readAll();
file.close();
return data;

When I print out publicKeyStr, looks fine. This is notepad++ view with all characters enabled: public key in notepad++

Anyone know what I am doing wrong? Super annoying issue :(

First of all, it's not this problem because I don't get the trusted part. Anyhow, I did try all the "solutions" and none of them worked, same error.

  • Duplicate of https://stackoverflow.com/questions/20837161/openssl-pem-routinespem-read-biono-start-linepem-lib-c703expecting-truste – 273K Mar 17 '18 at 04:39
  • Possible duplicate of [OpenSSL: PEM routines:PEM\_read\_bio:no start line:pem\_lib.c:703:Expecting: TRUSTED CERTIFICATE](https://stackoverflow.com/questions/20837161/openssl-pem-routinespem-read-biono-start-linepem-lib-c703expecting-truste) – eyllanesc Mar 17 '18 at 04:41
  • @S.M. No, none of those solutions work, not even same error... –  Mar 17 '18 at 05:19
  • Does this answer your question? [how can i solve npm ERR! error:0909006C:PEM in Node.js?](https://stackoverflow.com/questions/55236936/how-can-i-solve-npm-err-error0909006cpem-in-node-js) – aris Aug 03 '20 at 21:56

2 Answers2

2

Your RSA public key is in SubjectPublicKeyInfo PEM format, but you are trying to read it using PEM_read_bio_RSAPublicKey which tries to read a PEM RSA key in PKCS#1 format. Try using PEM_read_bio_RSA_PUBKEY instead.

https://www.openssl.org/docs/man1.1.0/crypto/PEM_read_bio_RSAPublicKey.html

Matt Caswell
  • 8,167
  • 25
  • 28
2

I got that same error on an openSSL1.1.0f I ported. The error showed up in my logger when reading out the root certificate from an mqtt client connection, until I figured out that I had forwarded the ERR_put_error() directly to my logger, whereas in openssl - the "real" error handling is kept in an ERR_STATE error buffer, and so sometimes (like in this case), errors are "expected", and the ERR_STATE error buffer is cleared (before anyone should check it).

in crypto/pem/pem_info.c, line 65:

i = PEM_read_bio(bp, &name, &header, &data, &len);
    if (i == 0) {
        error = ERR_GET_REASON(ERR_peek_last_error());
        if (error == PEM_R_NO_START_LINE) {
            ERR_clear_error();
            break;
        }
        goto err;

meaning it runs througth the BIO_gets inside the PEM_read_bio until it returns zero, and if you get this PEM_R_NO_START_LINE, then thats just a way of saying its done.

By that time though, the error had already landed in my logger. So for anyone being confused by errors he or she is forwarding directly from ERR_put_error, use the ERR_print_errors_fp(stderr); in your errorhandling routine instead. In my case, as I dont have a stderr, I made a patched version of it, like:

    void errorhandling()
    {
        unsigned long l;
        char buf[256];
        const char *file, *data;
        int line, flags;

        while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0)
        {
            ERR_error_string_n(l, buf, sizeof buf);
            printf("%s:%s:%d:%s\n", buf, file, line, (flags & ERR_TXT_STRING) ? data : "");
        }
    }
Patric Thysell
  • 31
  • 4