Yes, there was an error in my example, the first line should have read:
RSA_get0_key(rsa, &n, &e, NULL);
The rsa was created in a different routine, so n and e were already set.
I am not the one freeing it is your RSA_set0_key that is doing the free.
Adding the test "if (n != rsa->n)" before the BN_free in the RSA_set0_key
would catch this.
If the intent of all these new routines it to make sure the data is consistent,
please consider adding the above test.
Without some change, it is going to catch many others too as they try and
convert existing code.
On 4/26/2016 10:43 AM, Tomas Mraz wrote:
On Út, 2016-04-26 at 10:16 -0500, Douglas E Engert wrote:
Let me update my response.
If I am reading GH#995 correctly it still has an issue if a user
does:
RSA_get0_key(rsa, n, e, NULL); /* note this is a GET0 */
/* other stuff done, such as calculating d */
RSA_set0_key(rsa, n, e, d);
rsa is left with n and e pointing to unallocated storage.
This is programmer error in your code because the RSA_get0_key is
documented to just return internal data and must not be freed. Thus
you're not allowed to pass the returned values to RSA_set0_key().
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
(You'll never know whether the road is wrong though.)
--
Douglas E. Engert <deeng...@gmail.com>
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
