On Mon, Apr 25, 2016 at 07:21:56PM +0200, Richard Levitte wrote:
> openssl-users> Perhaps the documentation can be made more clear. If users
> really
> openssl-users> need an interface for modifying a subset of the components of
> an
> openssl-users> already initialized key, then (if we don't already) we should
> openssl-users> support NULL values as "do not change", provided these are
> already
> openssl-users> set.
>
> Doesn't this turn them into individual parameter calls, in practice?
> I.e. the exact thing we chose not to make?
No. We still won't support incomplete initialization, but can
support after the fact partial modification.
> There isn't much difference between this:
>
> RSA_set0_key(rsa, n, NULL, NULL);
> RSA_set0_key(rsa, NULL, e, NULL);
> RSA_set0_key(rsa, NULL, NULL, d);
>
> and something like this:
>
> RSA_set0_n(rsa, n);
> RSA_set0_e(rsa, e);
> RSA_set0_d(rsa, d);
There is, if the NULL calls fail when the key is not already
initialized.
> The only difference is that with the former, you get two-in-one, as it
> also works as a function to set all three numbers in one go.
The 3-slot function is I think cleaner.
I'll leave the decision of whether and when to support NULL parameters
to the folks working on that code, but it is pretty clear that one
must not pass an object one does not "own", such as one returned
from a "get0" function, to a function that expects to take ownership
of the indicated object.
--
Viktor.
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
