[openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_, RSA_set0_, DSA_set0_* and DSA_get0_* problems

Mon Apr 25 17:52:52 UTC 2016

On Mon, Apr 25, 2016 at 05:45:05PM +0000, Salz, Rich wrote:

> After a "set0" call, set your pointer to NULL, it's no longer yours :)

That half of the ruleset.  The other half is:

  You must "own" any object passed to a set0 call that takes
  ownership of its argument (we have a few that don't take ownership,
  perhaps they should be renamed to just "set").  In particular,
  objects obtained via "get0" calls MUST NOT then be used in "set0"
  calls that expect to take ownership of the argument.

Hdd OpenSSL been written in Rust we'd be able to make all this
explicit, and have the compiler enforce the rules.  That's of course
impractical, we provide a C API to other C applications and libraries.

-- 
	Viktor.

[openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems

[openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_, RSA_set0_, DSA_set0_* and DSA_get0_* problems