[openssl-project] Style question

Matt Caswell matt at openssl.org
Mon Feb 12 16:07:38 UTC 2018



On 12/02/18 16:05, Short, Todd wrote:
> My 2cents (since I can’t reply to the list), is that other functions
> (e.g. most SSL and SSL_CTX functions) require a non-NULL object. I’m not
> sure this is any different.

Good point. Although that then changes the question slightly to be can
we assume that this function will never return an error (even though it
has in the past)?


(BTW you can reply to the list - its just moderated so you have to wait
for someone to approve it.)

Matt

> 
> --
> -Todd Short
> // tshort at akamai.com <mailto:tshort at akamai.com>
> // "One if by land, two if by sea, three if by the Internet."
> 
>> On Feb 12, 2018, at 11:02 AM, Matt Caswell <matt at openssl.org
>> <mailto:matt at openssl.org>> wrote:
>>
>> I've been looking at our use of EVP_MD_size() (prompted by Coverity).
>>
>> That function can return a -1 on error:
>>
>> int EVP_MD_size(const EVP_MD *md)
>> {
>>    if (!md) {
>>        EVPerr(EVP_F_EVP_MD_SIZE, EVP_R_MESSAGE_DIGEST_IS_NULL);
>>        return -1;
>>    }
>>    return md->md_size;
>> }
>>
>>
>> The only (current) possible error is that the passed digest is NULL.
>> Otherwise it returns the size of the digest as you would expect.
>>
>> In some places we do things like this:
>>
>>        const EVP_MD *md = ssl_md(s->session->cipher->algorithm2);
>>
>>        if (md != NULL) {
>>            /*
>>             * Add the fixed PSK overhead, the identity length and the
>> binder
>>             * length.
>>             */
>>            hlen +=  PSK_PRE_BINDER_OVERHEAD + s->session->ext.ticklen
>>                     + EVP_MD_size(md);
>>        }
>>
>> So we have an explicit NULL check of the md before we call the function.
>> Therefore there is no possible way that EVP_MD_size() can return
>> anything except a success response.
>>
>> Are we entitled to assume that? Or should we always check the return
>> value regardless? My instinct says we should in case we ever wanted to
>> change the function in the future to return an error in some other
>> circumstances.
>>
>> Just to make it more interesting our documentation does not mention the
>> possibility of an error return at all.
>>
>> Matt
>> _______________________________________________
>> openssl-project mailing list
>> openssl-project at openssl.org <mailto:openssl-project at openssl.org>
>> https://mta.openssl.org/mailman/listinfo/openssl-project
> 


More information about the openssl-project mailing list