On 02/26/2017 07:26 AM, Kurt Roeckx wrote:
> It's normal that you might see some symbols removed if you compare
> something like 1.0.1t against 1.0.2, but it shouldn't when compared
> to 1.0.2k.

I agree, and figured this out at some point after I sent the initial
query.  Given the low interest leve the thread had at the time, I didn't
see a need to send a follow-up clarifying.

> CRYPTO_memcmp was added in 1.0.1d.
> ASN1_STRING_clear_free was added in 1.0.1m and 1.0.2a
> In 1.0.1s and 1.0.2g the following were added (for CVE-2016-0798):
> SRP_VBASE_get1_by_user;
> SRP_user_pwd_free;
> ENGINE_load_rsax seems to have been removed because it didn't
> compile? That looks like the only symbol that has been removed,
> and it probably shouldn't have.

Someone(TM) should probably make a pull request to put back a stub
function, then.  (Maybe something for tomorrow's code health exercies...)

I wonder if the ABI laboratory has a way to compare specific versions
that are not direct successors, so that the tip of 1.0.1 could be
compared to the tip of 1.0.2 (which is what would make the most sense to
compare, to me).  (I couldn't find such a thing with my random clicking

openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to