[openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems

[Richard Levitte via RT]

In message <rt-4.0.19-32231-1461593067-1967.4518-6-0 at openssl.org> on Mon, 25 Apr 2016 14:04:27 +0000, Tomas Mraz via RT <rt at openssl.org> said:

rt> On Po, 2016-04-25 at 13:39 +0000, Richard Levitte via RT wrote:
rt> > In message <rt-4.0.19-29510-1461590378-1354.4518-6-0 at openssl.org> on
rt> > Mon, 25 Apr 2016 13:19:38 +0000, "Salz, Rich via RT" <rt at openssl.org>
rt> > said:
rt> > 
rt> > rt> No, he means setting the same value twice.  For example, making
rt> > this change:
rt> > rt>     If (r=->n != n) BN_free(r->n);
rt> > rt>     If(r->e != e) BN_free(r->e);
rt> > rt>     If (r->d != d) BN_free(r->d);
rt> > rt> 
rt> > rt> I agree it shouldn't happen, but do we want to protect against
rt> > that?  I could be convinced either way.
rt> > 
rt> > Ah ok...  sorry, I misread the intention.
rt> > 
rt> > Agreed that we could make sure not to free the pointers in that case.
rt> 
rt> In that case this should be properly documented so the users of the API
rt> can depend on it.

I'm not sure how I'd change the following:

    Calling this function transfers the memory management of the values to the
    RSA object, and therefore the values that have been passed in should not
    be freed by the caller after this function has been called.

That in itself hasn't changed, all that's being done is to correct a
bug in the memory management.  But if you have a good suggestion for a
change in that sentence, I'm all ears.

Cheers,
Richard

-- 
Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4518
Please log in as guest with password guest if prompted