Bodo Moeller wrote:
>
> On Mon, Jun 25, 2001 at 04:01:01AM +0100, Ben Laurie wrote:
>
> > Sorry, I'd managed to forget about opensslconf.h! It does also solve the
> > problem and I have no problem with it.
>
> However, it would be safer if data strutures in exported headers did
> not depend on disabled ciphers. In the OPENSSL_NO_... cases, there
> should be dummy pointers (void *) in this struct, for example:
>
> typedef struct evp_pkey_st
> {
> int type;
> int save_type;
> int references;
> union {
> char *ptr;
> #ifndef OPENSSL_NO_RSA
> struct rsa_st *rsa; /* RSA */
> #endif
> #ifndef OPENSSL_NO_DSA
> struct dsa_st *dsa; /* DSA */
> #endif
> #ifndef OPENSSL_NO_DH
> struct dh_st *dh; /* DH */
> #endif
> } pkey;
> int save_parameters;
> STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
> } EVP_PKEY;
This will go away shortly, when I extend my EVP patches to cover PKEY (I
have a set on my laptop that does MD and CIPHER with only a small amount
of leakage and no crashes - I'll commit them soon).
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
