On 11/01/2017 16:32, Stephan Mühlstrasser wrote:
Am 03.01.17 um 21:26 schrieb Viktor Dukhovni:
On Jan 3, 2017, at 2:55 PM, Ken Goldman <kgoldman@xxxxxxxxxx> wrote:
1 - Is this a bit of a bug?
ECDSA_SIG_free() frees the r and s BIGNUMs before is frees the
structure itself. However, ECDSA_SIG_new() doesn't set r and s to
NULL. It calls zalloc, which sets them to 0x00 bytes.
OK, in most platforms, the NULL pointer is an all 0x00 bytes value,
but it's not guaranteed by the C standard.
E.g., http://c-faq.com/null/confusion4.html
OpenSSL does not support platforms where the memory representation of
the
NULL pointer contains non-zero bytes. IIRC there are even tests for
this.
Could someone from the OpenSSL team please explain the rationale for
this decision? What is the problem with using assignments with 0 or
NULL to initialize pointers?
I am not from the OpenSSL team either, but the probable thinking is
like this:
The C (and C++) standard allows a number of things that are very rare
in practice, while providing very few guarantees about important
aspects of semantics. Therefore most major cross-platform projects
will usually take a number of common-sense aspects that are already
common among the desired platforms and elevate them into "project-
specific" requirements, foregoing the option to port the code to
platforms that differ in those aspects. This provides a more robust
and usable "dialect" of the C/C++ language, allowing code to not do
things that are clumsy, slow, error-prone or otherwise difficult.
For the specific requirement of NULL pointers being encoded as an
all-0 bit pattern (and the similar requirement for 0 integral values),
this allows the use of zero-initializing memory allocators/handlers to
forego the need to explicitly initialize NULL (and 0) field and array
element values.
Note that C++ has a similar, but weaker, requirements that the source
code literal 0 is a valid syntax for null pointer constants and that
many (but not all) uninitialized pointer and numeric fields should be
implicitly initialized to NULL / 0 by compiler generated code, which
doesn't cover the case of memory blocks that don't get to run the
(implicit) C++ constructor.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users