[openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_, RSA_set0_, DSA_set0_* and DSA_get0_* problems

Mon Apr 25 14:14:10 UTC 2016

On Mon, Apr 25, 2016 at 01:39:09PM +0000, Richard Levitte via RT wrote:

> rt> I agree it shouldn't happen, but do we want to protect against that?  I could be convinced either way.
> 
> Ah ok...  sorry, I misread the intention.
> 
> Agreed that we could make sure not to free the pointers in that case.

No, once "n" or "e" has been passed to this "set0" function, the
caller no longer owns the storage, and in particular is not free
to pass these any set0 functions that similarly take ownership
of the storage.

Perhaps the documentation can be made more clear.  If users really
need an interface for modifying a subset of the components of an
already initialized key, then (if we don't already) we should
support NULL values as "do not change", provided these are already
set.

-- 
	Viktor.

[openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems

[openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_, RSA_set0_, DSA_set0_* and DSA_get0_* problems