[openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems
Richard Levitte via RT
rt at openssl.org
Mon Apr 25 14:08:09 UTC 2016
In message <rt-4.0.19-32231-1461593067-1967.4518-6-0 at openssl.org> on Mon, 25 Apr 2016 14:04:27 +0000, Tomas Mraz via RT <rt at openssl.org> said:
rt> On Po, 2016-04-25 at 13:39 +0000, Richard Levitte via RT wrote:
rt> > In message <rt-4.0.19-29510-1461590378-1354.4518-6-0 at openssl.org> on
rt> > Mon, 25 Apr 2016 13:19:38 +0000, "Salz, Rich via RT" <rt at openssl.org>
rt> > said:
rt> >
rt> > rt> No, he means setting the same value twice. For example, making
rt> > this change:
rt> > rt> If (r=->n != n) BN_free(r->n);
rt> > rt> If(r->e != e) BN_free(r->e);
rt> > rt> If (r->d != d) BN_free(r->d);
rt> > rt>
rt> > rt> I agree it shouldn't happen, but do we want to protect against
rt> > that? I could be convinced either way.
rt> >
rt> > Ah ok... sorry, I misread the intention.
rt> >
rt> > Agreed that we could make sure not to free the pointers in that case.
rt>
rt> In that case this should be properly documented so the users of the API
rt> can depend on it.
I'm not sure how I'd change the following:
Calling this function transfers the memory management of the values to the
RSA object, and therefore the values that have been passed in should not
be freed by the caller after this function has been called.
That in itself hasn't changed, all that's being done is to correct a
bug in the memory management. But if you have a good suggestion for a
change in that sentence, I'm all ears.
Cheers,
Richard
--
Richard Levitte levitte at openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4518
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list