On 26/04/16 16:16, Douglas E Engert wrote: > Let me update my response. > If I am reading GH#995 correctly it still has an issue if a user does: > > RSA_get0_key(rsa, n, e, NULL); /* note this is a GET0 */ > /* other stuff done, such as calculating d */ > RSA_set0_key(rsa, n, e, d); > > rsa is left with n and e pointing to unallocated storage.
You should not call it like that (programmer error). RSA_get0_key transfers ownership of the memory. You must only transfer ownership for memory that you own! By calling it again you are attempting to transfer ownership of memory that you don't own. Matt -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
