On Wed Aug 17 18:16:41 2016, bmor...@mortoninsights.com wrote:
> That doesn't sound like an ideal case for a bugfix. Any other creative
> ideas on how to fix this one? Some suggestions I read previously included
> adding support for streaming decode to avoid such a large memory
> allocation. This may not easily be feasible because of needing to verify
> signatures on the message.
>

A streaming decode is one option but this is far from a trivial undertaking,
Verifying signatures would be handled on the fly but you'll only know the
signature is valid after all content has been processed of course.

> If not, I'll try out the size_t change.
>

This is a significant job too. There is a major knock on effect with several
APIs so it's not just a case of changing a few structures or we'd have done it
already. It is planned for a future release though.

As RIch mentioned one of the key structures has a dependency on int which is
often 32 bits even on 64 bit systems.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4651
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to