On 02/26/2017 07:26 AM, Kurt Roeckx wrote: > It's normal that you might see some symbols removed if you compare > something like 1.0.1t against 1.0.2, but it shouldn't when compared > to 1.0.2k.
I agree, and figured this out at some point after I sent the initial query. Given the low interest leve the thread had at the time, I didn't see a need to send a follow-up clarifying. > CRYPTO_memcmp was added in 1.0.1d. > > ASN1_STRING_clear_free was added in 1.0.1m and 1.0.2a > > In 1.0.1s and 1.0.2g the following were added (for CVE-2016-0798): > SRP_VBASE_get1_by_user; > SRP_user_pwd_free; > > ENGINE_load_rsax seems to have been removed because it didn't > compile? That looks like the only symbol that has been removed, > and it probably shouldn't have. > Someone(TM) should probably make a pull request to put back a stub function, then. (Maybe something for tomorrow's code health exercies...) I wonder if the ABI laboratory has a way to compare specific versions that are not direct successors, so that the tip of 1.0.1 could be compared to the tip of 1.0.2 (which is what would make the most sense to compare, to me). (I couldn't find such a thing with my random clicking around.) -Ben
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev