[openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems
Richard Levitte via RT
rt at openssl.org
Mon Apr 25 13:08:06 UTC 2016
In message <6b097acbe9d94724ac545f2529e45939 at usma1ex-dag1mb1.msg.corp.akamai.com> on Mon, 25 Apr 2016 11:38:47 +0000, "Salz, Rich" <rsalz at akamai.com> said:
rsalz> > If nothing else, all the RSA_set0 routines should test if the same pointer
rsalz> > value is being replaced if so do not free it.
rsalz> >
rsalz> > The same logic need to be done for all the RSA_set0_* functions as well as
rsalz> > the DSA_set0_* functions.
rsalz>
rsalz> That seems like a bug we should fix.
No, it's by design:
: ; perldoc doc/crypto/RSA_get0_key.pod
...
The n, e and d parameter values can be set by calling RSA_set0_key() and
passing the new values for n, e and d as parameters to the function.
Calling this function transfers the memory management of the values to the
RSA object, and therefore the values that have been passed in should not
be freed by the caller after this function has been called.
...
: ; perldoc doc/crypto/DSA_get0_pqg.pod
...
The p, q and g values can be set by calling DSA_set0_pqg() and passing the
new values for p, q and g as parameters to the function. Calling this
function transfers the memory management of the values to the DSA object,
and therefore the values that have been passed in should not be freed
directly after this function has been called.
...
Cheers,
Richard
--
Richard Levitte levitte at openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4518
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list