"Hellan,Kim KHE" wrote:
>
> >>
> >> Well... actually there is no RSA_dup() either :-)...... but the following
> >> should works as well:
> >> ....
> >> EVP_PKEY* pDupKey = EVP_PKEY_new();
> >> RSA* pRSA = EVP_PKEY_get1_RSA(pKey);
> >> EVP_PKEY_set1_RSA(pDupKey, pRSA);
> >> RSA_free(pRSA);
> >> return(pDupKey);
> >>
>
> >Well that will just end up with two distinct EVP_PKEY structures
> >referencing the same 'rsa' structure with an upped reference count. If
> >you're going to do that then you might as well just up the reference
> >count of the EVP_PKEY structure.
>
> >Now I've looked at it RSA_dup() is a non trivial problem when it deals
> >with things like hardware keys.
>
> Sorry....
> You're right, of course.
> I have no idea why this works though, since I end up with freeing the RSA
> part of the EVP_PKEY??
Because they up the reference count of the RSA portion.
> But anyway.....
> Do you have any suggestions, how to properly implement the RSA_dup()
> function you suggested earlier, assuming that we are only talking software
> keys?
>
Well it depends on what you want to actually do. If you have an EVP_PKEY
structure and you want to be able to pass it to two separate functions
which will each individually call EVP_PKEY_free() the upping the
reference count of the EVP_PKEY structure will work fine.
There are two functions RSAPublicKey_dup() and RSAPrivateKey_dup() which
will just dup the relevant parts of the RSA structure. Which you use
depends on whether its a public or private key.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
