[openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Tue Apr 26 13:44:15 UTC 2016
IMO, go ahead.
Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.
Original Message
From: Richard Levitte
Sent: Tuesday, April 26, 2016 07:46
To: openssl-dev at openssl.org
Reply To: openssl-dev at openssl.org
Subject: Re: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems
In message <571F2941.4040004 at openssl.org> on Tue, 26 Apr 2016 09:39:29 +0100, Matt Caswell <matt at openssl.org> said:
matt>
matt>
matt> On 26/04/16 08:26, Richard Levitte wrote:
matt> > [temporarly taking this thread away from RT]
matt> >
matt> > Basically, I can see two solutions:
matt> >
matt> > - Allow calls like RSA_set0_key(rsa, NULL, NULL, d);
matt> >
matt> > That's what's implemented in GH#995, except it doesn't check if the
matt> > input parameters are NULL before setting the corresponding fields,
matt> > so that call ends up clearing n and e.
matt> >
matt> > GH#995 could be changed so that any input parameter can be NULL, and
matt> > that the corresponding RSA structure fields are left untouched. The
matt> > consequence is that can never be made NULL. I can live with that,
matt> > as I can't imagine a reason to reset the fields to NULL.
matt>
matt> IMO this is the way to go. As long as we can't set private key values
matt> without first having set the public key, i.e. we should not be able to
matt> get into an inconsistent state.
I've seen no other opinion, so I went with it. Would you mind having
a look at GH#995? I did a bit of change in the docs, but could need
some help expressing it in a better manner.
Also, I'd like to hear from Douglas and Tomas if these changes found
in said pull request would fit your bill better... basically, it
allows (or should allow, unless I've goofed something up) a call set
like this:
RSA_set0_key(rsa, n, e, NULL);
/* other stuff done, such as calculatig d */
RSA_set0_key(rsa, NULL, NULL, d);
Cheers,
Richard
--
Richard Levitte levitte at openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4350 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160426/594589eb/attachment.bin>
More information about the openssl-dev
mailing list