[openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems
Salz, Rich via RT
rt at openssl.org
Tue Apr 26 15:21:25 UTC 2016
> I can live with it.
> The only solution without some type of change was :
>
> RSA_set0_key(rsa, n, e, NULL);
> /* other stuff done, such as calculating d */
> n_new = BN_dup(n);
> e_new = BN_dup(e);
> RSA_set0_key(rsa, n_new, e_new, d);
>
> It is really gross, and is not intuitive.
Do the dup calls before the RSA_set0_key call. Once that function returns, you have lost all rights to use n and e :) Or perhaps do this:
RSA_set0_key(rsa, BN_dup(n), BN_dup(e), NULL);
> Since you all appear to not want to support individual calls to set0 and get0
> for each BIGNUM, a developer of other code is faced with a major rewrite of
> existing code just to work with OpenSSL-1.1.0-pre5.
I understand your frustration about having to change code. But I think major rewrite is a bit of an overstatement.
> [S]o to maintain a code base that can be compiled with OpenSSL version
> 0.9.7 through 1.1.0 with only a few #if OPENSSL_VERSION_NUMBER we are
> taking an approach to convert the code to the 1.1.0 API and create defines
> and macros for the older versions of OpenSSL in a header file The
> introduction of these *_get0_* *_set0_* have complicated the process even
> more, requiring us to inline versions of them for the older versions of
> OpenSSL.
We would love to see such a compatibility "get ready for 1.1" facility, and if there were a git repo we could point to, we would gladly do so.
"Our code builds with every version of OpenSSL for the past 20 years" is kind of a neat thing to say, but outside of bragging rights, I'm not sure it's worth the effort. But it's your code, not ours, so do what you want :)
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4518
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list