[openssl-project] Removal of NULL checks

Matt Caswell matt at openssl.org
Wed Aug 8 10:08:14 UTC 2018


We've had a policy for a while of not requiring NULL checks in
functions. However there is a difference between not adding them for new
functions and actively removing them for old ones.

See https://github.com/openssl/openssl/pull/6893

In this case the removal of a NULL check in the stack code had the
unintended consequence of a crash in a no-comp build. Is it wise to be
actively removing existing NULL checks like this? It does have an impact
on the behaviour of a function (even if that behaviour is undocumented
and not encouraged). The concern I have is for our API/ABI compatibility
guarantee. If we make changes like this then 1.1.1 may no longer be a
drop in replacement for 1.1.0 for some apps.

Matt



More information about the openssl-project mailing list