> [[email protected] - Sat May 15 13:39:43 2010]: > > In the process of trying out 1.0.0, I found something that breaks > backward compatibility. > > In the file crypto/evp/evp.h at line 132, the following lines were > added to struct evp_pkey_st : > > const EVP_PKEY_ASN1_METHOD *ameth; > ENGINE *engine; > > I'm curious why these new items were added to the middle of the struct > definition, and not the end? > > The problem is with binaries that use OpenSSL that are compiled > against older versions, such as 0.9.8n and older (this change was > introduced in 1.0.0). At that place in the struct, they expect a > memory pointer from the union, such as struct rsa_st *rsa, not a > pointer to const EVP_PKEY_ASN1_METHOD *ameth. In my testing, this > causes a memory access violation. To work around this, I moved the > two lines above to the end of the struct definition, so it looks > like this instead: > > struct evp_pkey_st > { > int type; > int save_type; > int references; > union { > char *ptr; > #ifndef OPENSSL_NO_RSA > struct rsa_st *rsa; /* RSA > */ > #endif > #ifndef OPENSSL_NO_DSA > struct dsa_st *dsa; /* DSA */ > #endif > #ifndef OPENSSL_NO_DH > struct dh_st *dh; /* DH */ > #endif > #ifndef OPENSSL_NO_EC > struct ec_key_st *ec; /* ECC */ > #endif > } pkey; > int save_parameters; > STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ > const EVP_PKEY_ASN1_METHOD *ameth; > ENGINE *engine; > } /* EVP_PKEY */; > > This allows for backwards compatibility with 0.9.8n-dependent > binaries. Was there a reason why the ameth and engine pointers were > added to the middle of evp_pket_st instead of the end? >
OpenSSL doesn't claim binary compatibility across major version changes: in general recompiling source against different major versions is recommended. Accessing structures directly should be avoided in applications if at all possible for the reasons you mention above. If an application instead of (say) accessing pkey->pkey.rsa used the function EVP_PKEY_get1_RSA() it would still be compatible. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
