[openssl-project] Removal of NULL checks

Richard Levitte levitte at openssl.org
Thu Aug 9 16:40:14 UTC 2018

In message <20180809162245.GD14409 at straasha.imrryr.org> on Thu, 9 Aug 2018 12:22:45 -0400, Viktor Dukhovni <openssl-users at dukhovni.org> said:

openssl-users> It needs to be possible to recompile and run without auditing code.
openssl-users> The worst kind of incompatibilities are those that are not reported
openssl-users> by the compiler, and are only found at runtime, possibly under unusual
openssl-users> conditions.

So in this particular case, such as unchecked calls of sk_ functions,
including sk_TYPE_new(), just to discover later that "oops, the
elements we thought we inserted aren't there"?  ;-)

Either way, sk == NULL will not be reported by the compiler, will only
be found at runtime, possibly under unusual conditions.  The only
difference is exactly how the user gets to find out in runtime; 1)
mysterious failures because the stack that should contain n elements
is really empty and unfillable, or 2) an immediate crash.

Either way, the application authors will have to learn to check their
stack pointers.  The real difference is how much they will have to
scratch their heads to figure out what went wrong.


Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/

More information about the openssl-project mailing list