[openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems

deengert@gmail.com via RT rt at openssl.org
Mon Apr 25 13:31:11 UTC 2016 

Freeing of the values by the caller is not the issue.
The issue is RSA_set0_key requires n and e to be none NULL.
It the caller use RSA_get0_key to find the n and e then calculates a new d,
than calls RSA_set0_key with the the same n and e pointers and the new d.
RSA_set0_key will free n and e, and replace the pointer with the same pointer which just got freed.

An untested patch for rsa_lib.c is attached
DSA has the same problems. Are there other new modules that may have the same issue?

On 4/25/2016 8:08 AM, Richard Levitte via RT wrote:
> In message <6b097acbe9d94724ac545f2529e45939 at usma1ex-dag1mb1.msg.corp.akamai.com> on Mon, 25 Apr 2016 11:38:47 +0000, "Salz, Rich" <rsalz at akamai.com> said:
>
> rsalz> > If nothing else, all the RSA_set0 routines should test if the same pointer
> rsalz> > value is being replaced if so do not free it.
> rsalz> >
> rsalz> > The same logic need to be done for all the RSA_set0_* functions as well as
> rsalz> > the DSA_set0_* functions.
> rsalz>
> rsalz> That seems like a bug we should fix.
>
> No, it's by design:
>
>      : ; perldoc doc/crypto/RSA_get0_key.pod
>      ...
>          The n, e and d parameter values can be set by calling RSA_set0_key() and
>          passing the new values for n, e and d as parameters to the function.
>          Calling this function transfers the memory management of the values to the
>          RSA object, and therefore the values that have been passed in should not
>          be freed by the caller after this function has been called.
>      ...
>      : ; perldoc doc/crypto/DSA_get0_pqg.pod
>      ...
>          The p, q and g values can be set by calling DSA_set0_pqg() and passing the
>          new values for p, q and g as parameters to the function. Calling this
>          function transfers the memory management of the values to the DSA object,
>          and therefore the values that have been passed in should not be freed
>          directly after this function has been called.
>      ...
>
> Cheers,
> Richard
>

-- 

  Douglas E. Engert  <DEEngert at gmail.com>


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4518
Please log in as guest with password guest if prompted

-------------- next part --------------
A non-text attachment was scrubbed...
Name: rsa_lib.c.4518.diff
Type: text/x-patch
Size: 1259 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160425/85157acb/attachment.bin>

More information about the openssl-dev mailing list