Re: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_, RSA_set0_, DSA_set0_* and DSA_get0_* problems

Douglas E Engert Tue, 26 Apr 2016 12:49:47 -0700


On 4/26/2016 1:20 PM, Salz, Rich wrote:

Look. If Doug noticed this, programmers less intimate with this API are much
more likely to get stung by it. The protection against such a misunderstanding
is cheap.



Is it?  And what is that protection?  Without introducing memory leaks.


In RSA_set0_key:
After any type of NULL test:

  if (e != rsa->e) {
        BN_free(rsa->e);
        rsa->e = e;
  }


--

 Douglas E. Engert  <deeng...@gmail.com>

--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_*, RSA_set0_*, DSA_set0_* and DSA_get0_* problems

Reply via email to

Re: [openssl-dev] [openssl.org #4518] OpenSSL-1.1.0-pre5 RSA_set0_key and related RSA_get0_, RSA_set0_, DSA_set0_* and DSA_get0_* problems