[openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems
Matt Caswell
matt at openssl.org
Tue Apr 26 15:25:25 UTC 2016
On 26/04/16 16:16, Douglas E Engert wrote:
> Let me update my response.
> If I am reading GH#995 correctly it still has an issue if a user does:
>
> RSA_get0_key(rsa, n, e, NULL); /* note this is a GET0 */
> /* other stuff done, such as calculating d */
> RSA_set0_key(rsa, n, e, d);
>
> rsa is left with n and e pointing to unallocated storage.
You should not call it like that (programmer error). RSA_get0_key
transfers ownership of the memory. You must only transfer ownership for
memory that you own! By calling it again you are attempting to transfer
ownership of memory that you don't own.
Matt
More information about the openssl-dev
mailing list