On Wed, Oct 27, 1999 at 05:04:25PM +0100, Dr Stephen Henson wrote:
> While developing some chain verify code (yes it'll get there
> eventually!) and always on the lookout for problems with shared
> libraries something nasty has become apparent.
>
> Its been decided that OpenSSL should be made more "shared library
> friendly" so that software designed to work with older versions of
> OpenSSL can still work with newer version by just upgrading OpenSSL
> shared libs and not recompiling the sofware.
[...]
> X509_STORE_CTX ctx;
>
> X509_STORE_CTX_init(&ctx,...);
>
> This isn't the only place where this construction occurs digest and
> cipher code and several other areas have this general construction:
>
> SOME_STRUCTURE x;
> SOME_STRUCTURE_init(&x,...);
>
> This is a problem because the size of 'x' is determined at compile time.
> If a new version of the library increases the size of the structure the
> functions could end up walking over memory they shouldn't.
Can't we just add SOME_STRUCTURE_new and SOME_STRUCTURE_free functions
for programs that want to be portable across versions? I don't think
that we have to break programs that currently use the above construct.
Where it is used in the library itself there is no problem, except
that the SSL library ought to check that it is running with a matching
version of the crypto library.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
