[openssl-users] ECDSA_SIG_new and ECDSA_SIG_free details
Viktor Dukhovni
openssl-users at dukhovni.org
Tue Jan 3 20:26:56 UTC 2017
> On Jan 3, 2017, at 2:55 PM, Ken Goldman <kgoldman at us.ibm.com> wrote:
>
> 1 - Is this a bit of a bug?
>
> ECDSA_SIG_free() frees the r and s BIGNUMs before is frees the structure itself. However, ECDSA_SIG_new() doesn't set r and s to
> NULL. It calls zalloc, which sets them to 0x00 bytes.
>
> OK, in most platforms, the NULL pointer is an all 0x00 bytes value, but it's not guaranteed by the C standard.
>
> E.g., http://c-faq.com/null/confusion4.html
OpenSSL does not support platforms where the memory representation of the
NULL pointer contains non-zero bytes. IIRC there are even tests for this.
> 2 - It would be nice if the man page advised that ECDSA_SIG_free() frees the two r and s BIGNUMs before is frees the structure itself.
Presumably the structure "owns" its R and S values. If this needs
to be documented, that documentation should be in the "setter"
functions that take control of the values.
--
Viktor.
More information about the openssl-users
mailing list