Re: LibreSSL OPENSSL_malloc... removal
On Tue, Apr 22, 2014 at 13:17, Vadim Lebedev wrote: > I was alarmed by this: > > http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/src/ssl/s3_clnt.c.diff? > r1=1.34;r2=1.35;f=h > > Maybe i do misread something else but it seems like calls > to OPENSSL_malloc/free routines are being replaced by malloc/free etc.. > > Would you mind to explain what i've been missing? You are correct. The interface remains for applications that use it, but it's no longer possible to change its behavior. We believe overriding these functions to allow sharing memory like you're describing is an inherently insecure construction, and we won't allow it.
Re: LibreSSL OPENSSL_malloc... removal
Hi, Vadim Lebedev wrote on Tue, Apr 22, 2014 at 01:17:16PM +: > Theo de Raadt cvs.openbsd.org> writes: >> Vadim Lebedev wrote: >>> The removal of OPENSSL_malloc/OPENSSL_free ... >>> etc will cause a LOT of pain >> Which is why they are not removed. > I was alarmed by this: > > http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/src/ssl/ > s3_clnt.c.diff?r1=1.34;r2=1.35;f=h > > Maybe i do misread something else but it seems like calls > to OPENSSL_malloc/free routines are being replaced by malloc/free etc.. That is true. > Would you mind to explain what i've been missing? To stop using functions internally, inside the same library, is not the same as deleting them from the library interface for external use. By the way, this discussion would fit better on misc@ than on tech@, it isn't about technical suggestions, but about basic understanding, so consider moving it there if you think you still must reply. Yours, Ingo
Re: LibreSSL OPENSSL_malloc... removal
Theo de Raadt cvs.openbsd.org> writes: > > > The removal of OPENSSL_malloc/OPENSSL_free ... > > etc will cause a LOT of pain > > Which is why they are not removed. > > > There is non négligeable number of > > applications which are strongly depending on this functionality, > > they use it for example to allocate SSL data structures in memory shared > > between multiple forked instances... > > One example of such application is Kamailio (sip server). > > > > Would you mind to reconsider removal of these routines? > > They are not removed. Pay attention.y thios > > I was alarmed by this: http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/src/ssl/s3_clnt.c.diff? r1=1.34;r2=1.35;f=h Maybe i do misread something else but it seems like calls to OPENSSL_malloc/free routines are being replaced by malloc/free etc.. Would you mind to explain what i've been missing? Thanks Vadim
Re: LibreSSL OPENSSL_malloc... removal
> The removal of OPENSSL_malloc/OPENSSL_free ... > etc will cause a LOT of pain Which is why they are not removed. > There is non négligeable number of > applications which are strongly depending on this functionality, > they use it for example to allocate SSL data structures in memory shared > between multiple forked instances... > One example of such application is Kamailio (sip server). > > Would you mind to reconsider removal of these routines? They are not removed. Pay attention.
Re: LibreSSL OPENSSL_malloc... removal
On 22 April 2014 08:49, Vadim Lebedev wrote: > Hello folks, > > The removal of OPENSSL_malloc/OPENSSL_free ... > etc will cause a LOT of pain There is non négligeable number of > applications which are strongly depending on this functionality, > they use it for example to allocate SSL data structures in memory shared > between multiple forked instances... > One example of such application is Kamailio (sip server). > > Would you mind to reconsider removal of these routines? > > > Yes we would mind. Ken
LibreSSL OPENSSL_malloc... removal
Hello folks, The removal of OPENSSL_malloc/OPENSSL_free ... etc will cause a LOT of pain There is non négligeable number of applications which are strongly depending on this functionality, they use it for example to allocate SSL data structures in memory shared between multiple forked instances... One example of such application is Kamailio (sip server). Would you mind to reconsider removal of these routines?
