[openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems
Douglas E Engert
deengert at gmail.com
Tue Apr 26 17:56:12 UTC 2016
OK there was an error in my example. The get needed 2 "&":
RSA_get0_key(rsa, &my_n, &my_e, NULL); /* note this is a GET0 */
/* my_n now points to the BIGNUM as does rsa->n */
/* my_e now points to the BIGNUM as does rsa->e */
/* other stuff done, such as calculating d */
RSA_set0_key(rsa, my_n, my_e, d);
/* RSA_set0_key does not check if my_n == rsa->n
It frees rsa->n and replaces it with my_n which is is pointing at the freed location */
>>
On 4/26/2016 10:37 AM, Blumenthal, Uri - 0553 - MITLL wrote:
> On 4/26/16, 11:21 , "openssl-dev on behalf of Salz, Rich via RT"
> <openssl-dev-bounces at openssl.org on behalf of rt at openssl.org> wrote:
>
>>> RSA_get0_key(rsa, n, e, NULL); /* note this is a GET0 */
>>> /* other stuff done, such as calculating d */
>>> RSA_set0_key(rsa, n, e, d);
>>>
>>> rsa is left with n and e pointing to unallocated storage.
>>
>> That code is incorrect.
>
> Would you mind giving more explanation please?
>
>
>
--
Douglas E. Engert <DEEngert at gmail.com>
More information about the openssl-dev
mailing list