[openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems
Viktor Dukhovni
openssl-users at dukhovni.org
Mon Apr 25 17:43:23 UTC 2016
On Mon, Apr 25, 2016 at 07:21:56PM +0200, Richard Levitte wrote:
> openssl-users> Perhaps the documentation can be made more clear. If users really
> openssl-users> need an interface for modifying a subset of the components of an
> openssl-users> already initialized key, then (if we don't already) we should
> openssl-users> support NULL values as "do not change", provided these are already
> openssl-users> set.
>
> Doesn't this turn them into individual parameter calls, in practice?
> I.e. the exact thing we chose not to make?
No. We still won't support incomplete initialization, but can
support after the fact partial modification.
> There isn't much difference between this:
>
> RSA_set0_key(rsa, n, NULL, NULL);
> RSA_set0_key(rsa, NULL, e, NULL);
> RSA_set0_key(rsa, NULL, NULL, d);
>
> and something like this:
>
> RSA_set0_n(rsa, n);
> RSA_set0_e(rsa, e);
> RSA_set0_d(rsa, d);
There is, if the NULL calls fail when the key is not already
initialized.
> The only difference is that with the former, you get two-in-one, as it
> also works as a function to set all three numbers in one go.
The 3-slot function is I think cleaner.
I'll leave the decision of whether and when to support NULL parameters
to the folks working on that code, but it is pretty clear that one
must not pass an object one does not "own", such as one returned
from a "get0" function, to a function that expects to take ownership
of the indicated object.
--
Viktor.
More information about the openssl-dev
mailing list