[Bug 1991] openssl version checking needs updating

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Mar 30 19:09:45 EST 2012


https://bugzilla.mindrot.org/show_bug.cgi?id=1991

--- Comment #10 from Darren Tucker <dtucker at zip.com.au> 2012-03-30 19:09:45 EST ---
(In reply to comment #9)
> Note that beta versions on the same fix release (1.0.z should be ABI
> compatible. Only when the major or minor release changes there should
> be ABI breakers (that is when x or y in x.y.z changes).

You'd hope so, however from the CHANGES file in openssl 1.0.1 under
"Changes between 1.0.0h and 1.0.1" (a "fix" release, in openssl's
parlance) shows, amongst other things:

  *) Functions FIPS_mode_set() and FIPS_mode() which call the
underlying
     FIPS modules versions.
     [Steve Henson]

  *) [...] This enables the following EC_METHODs:
         EC_GFp_nistp224_method()
         EC_GFp_nistp256_method()
         EC_GFp_nistp521_method()

so, new functions introduced in "fix" releases.  Given this, we are yet
to be convinced that "fix" releases both are forward and backward ABI
compatible.

> Also as the patch level (the letter after version) changes there should
> be strictly only bugfixes, these should be even forward-backwards
> compatible.

Patch level is covered by the 0xff0 mask in both cases.

> So for the after 1.0 versions I'd suggest the version_mask to be
> ~0xfffffL

That'd allow development and release versions to mix too.  For now
we're only considering release versions.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list