Freeing of the values by the caller is not the issue.
The issue is RSA_set0_key requires n and e to be none NULL.
It the caller use RSA_get0_key to find the n and e then calculates a new d,
than calls RSA_set0_key with the the same n and e pointers and the new d.
RSA_set0_key will free n and e, and
The new routines in OpenSSL-1.1.0-pre5 RSA_get0_key and RSA_set0_key with their
multiple
arguments are not very user friendly requiring much more code being replaced
and may lead to freeing
an active pointers.
Would not a set of routines like:
BIGNUM* RSA_get0_key_n(RSA *rsa);
int RSA_set0_key_n
Any chance these changes to req.c and cms.c will make into 1.1-pre3?
They fix a regression in functionality. req and cms worked in previous versions.
req and cms are not usable in 1.1 with an engine for a smart card.
The "See 4226" should be #4246
On 1/22/2016 7:29 PM, deeng...@gma
The inkey parameter of the cms command does not does not accept parameters for
an engine to sign the message.
P.S. Also attached are the changes for req.c. to use the key to hold engine
parameters. See #4226
--
Douglas E. Engert
diff --git a/apps/cms.c b/apps/cms.c
index 8cf99de..b
Yes, #458 is similar but for the pkeyutl.c
I would have changed:
{"keyform", OPT_KEYFORM, 'F', "Private key format - default PEM"},
to
{"keyform", OPT_KEYFORM, 'f', "Private key format - default PEM"},
The patch also adds an additional parameter,
{"engine_impl", OPT_ENGINE_IMPL, '-', "Also use
req.c (and many of the other apps) appear to have lost the ability to use an
engine.
The attached diff is against the github.com verison using Tag OpenSSL_1_1-pre2
In the req_options[] table:
OPT_KEY is set to "S" so pre- checking of the parameters does not drop the
string passed to the engine.
Thanks, Roumen's patches looks good and also include EC_KEY_set_method to
replace the working ECDSA_set_method and ECDH_set_method in 1.0.2.
Any idea when these will be in github?
On 1/8/2016 11:30 AM, Salz, Rich via RT wrote:
> There is a fix for this that is in the internal code-review phas
OpenSSL 1.1 (from github.com) Now combined ECDSA_METHOD and ECDH_METHOD into
one method EC_KEY_METHOD.
in 1.0.2 there were ECDSA_get_ex_new_index, ECDSA_set_ex_data and
ECDSA_get_ex_data with the EC_KEY and an idx as parameters
And there where ECDH versions to: ECDH_get_ex_new_index, ECDH_se