[openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems

[Douglas E Engert]

You can call it a documentation problem. The problem only showed up with trying to update d
in an existing rsa key. RSA_set0_key requires  n, e, and d == NULL  OR  n, e, and d to all be set at the same time.

(In the case I found, one routine created the key with only n and e, then d was added in a different routine.)
Show how to set d by itself with whatever solution you come up with and I will be happy.



On 4/27/2016 4:30 AM, Tomas Mraz wrote:
> On Út, 2016-04-26 at 18:25 +0000, Blumenthal, Uri - 0553 - MITLL wrote:
>> On 4/26/16, 14:20 , "openssl-dev on behalf of Salz, Rich"
>> <openssl-dev-bounces at openssl.org on behalf of rsalz at akamai.com>
>> wrote:
>>
>>>
>>>>
>>>> Look. If Doug noticed this, programmers less intimate with this
>>>> API are
>>>> much
>>>> more likely to get stung by it. The protection against such a
>>>> misunderstanding
>>>> is cheap.
>>> Is it?
>> I think it is. See Doug’s post.
>>
>>
>>>
>>> And what is that protection?
>> Checking whether (n, e) passed are pointing at rsa’s own, and not
>> freeing
>> them if they do. See Doug’s posting for the details.
>
> No, that gives only false sense of correctness. And in another instance
> you can try to get n, e from another RSA object and set it to a
> different one and boom, you have doublefree or use-after-free in your
> code.
>
> I agree that this sequence - get + set should be more precisely
> documented as forbidden but that's it.
>
> --
> Tomas Mraz
> No matter how far down the wrong road you've gone, turn back.
>                                                Turkish proverb
> (You'll never know whether the road is wrong though.)
>
>
>

-- 

  Douglas E. Engert  <DEEngert at gmail.com>