[openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_, RSA_set0_, DSA_set0_* and DSA_get0_* problems

Tue Apr 26 18:25:44 UTC 2016

On 4/26/16, 14:20 , "openssl-dev on behalf of Salz, Rich"
<openssl-dev-bounces at openssl.org on behalf of rsalz at akamai.com> wrote:

>> Look. If Doug noticed this, programmers less intimate with this API are
>>much
>> more likely to get stung by it. The protection against such a
>>misunderstanding
>> is cheap.
>
>Is it?  

I think it is. See Doug’s post.

>And what is that protection?

Checking whether (n, e) passed are pointing at rsa’s own, and not freeing
them if they do. See Doug’s posting for the details.

> Without introducing memory leaks.

It certainly does not look like this check would introduce any memory
leaks, while on the other hand it would prevent a few crashes. If you
think otherwise - would you care to illustrate?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4324 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160426/86a19c41/attachment.bin>

[openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems

[openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_, RSA_set0_, DSA_set0_* and DSA_get0_* problems