Hello Steve, all, Thus wrote Stephen Henson via RT ([email protected]):
> OpenSSL doesn't claim binary compatibility across major version changes: > in general recompiling source against different major versions is > recommended. > Accessing structures directly should be avoided in applications if at > all possible for the reasons you mention above. If an application > instead of (say) accessing pkey->pkey.rsa used the function > EVP_PKEY_get1_RSA() it would still be compatible. what about a scenario like this where I get an rsa pubkey from a certificate and add the private components myself: X509 *x; EVP_PKEY *e; e = X509_get_pubkey(x); e->pkey.rsa->d = BN_bin2bn(mySecretD, LEN_OF_MY_D, NULL); ... (add other components and do some calculations using e) EVP_PKEY_free(e); My understanding is that EVP_PKEY_get1_RSA() increases the reference count of the RSA object. I guess that RSA *r = EVP_PKEY_get1_RSA(e); r->d = BN_bin2bn(mySecretD, LEN_OF_MY_D, NULL); would not work. EVP_PKEY_free(e) would not free e->pkey.rsa since its reference count is 2. Should I explicitly RSA_free(r) or is there a cleaner and portable way of doing this instead of directly accessing the structure? Thanks, Martin ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
