I can live with it. The only solution without some type of change was :
RSA_set0_key(rsa, n, e, NULL); /* other stuff done, such as calculating d */ n_new = BN_dup(n); e_new = BN_dup(e); RSA_set0_key(rsa, n_new, e_new, d); It is really gross, and is not intuitive. Since you all appear to not want to support individual calls to set0 and get0 for each BIGNUM, a developer of other code is faced with a major rewrite of existing code just to work with OpenSSL-1.1.0-pre5. Using #if OPENSSL_VERSION_NUMBER everywhere leads to unreadable code. So to maintain a code base that can be compiled with OpenSSL version 0.9.7 through 1.1.0 with only a few #if OPENSSL_VERSION_NUMBER we are taking an approach to convert the code to the 1.1.0 API and create defines and macros for the older versions of OpenSSL in a header file The introduction of these *_get0_* *_set0_* have complicated the process even more, requiring us to inline versions of them for the older versions of OpenSSL. I suspect other developers are facing the same issues. On 4/26/2016 6:46 AM, Richard Levitte wrote:
In message <571f2941.4040...@openssl.org> on Tue, 26 Apr 2016 09:39:29 +0100, Matt Caswell <m...@openssl.org> said: matt> matt> matt> On 26/04/16 08:26, Richard Levitte wrote: matt> > [temporarly taking this thread away from RT] matt> > matt> > Basically, I can see two solutions: matt> > matt> > - Allow calls like RSA_set0_key(rsa, NULL, NULL, d); matt> > matt> > That's what's implemented in GH#995, except it doesn't check if the matt> > input parameters are NULL before setting the corresponding fields, matt> > so that call ends up clearing n and e. matt> > matt> > GH#995 could be changed so that any input parameter can be NULL, and matt> > that the corresponding RSA structure fields are left untouched. The matt> > consequence is that can never be made NULL. I can live with that, matt> > as I can't imagine a reason to reset the fields to NULL. matt> matt> IMO this is the way to go. As long as we can't set private key values matt> without first having set the public key, i.e. we should not be able to matt> get into an inconsistent state. I've seen no other opinion, so I went with it. Would you mind having a look at GH#995? I did a bit of change in the docs, but could need some help expressing it in a better manner. Also, I'd like to hear from Douglas and Tomas if these changes found in said pull request would fit your bill better... basically, it allows (or should allow, unless I've goofed something up) a call set like this: RSA_set0_key(rsa, n, e, NULL); /* other stuff done, such as calculatig d */ RSA_set0_key(rsa, NULL, NULL, d); Cheers, Richard
-- Douglas E. Engert <deeng...@gmail.com> -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev