[openssl-project] Style guide updates

[Andy Polyakov]

>> - Use size_t for sizes of things
> 
> How do you feel about ssize_t?

One has to keep in mind that ssize_t is not part of C language
specification, but POSIX thing. C specification defines ptrdiff_t with
[presumably] desired properties. However, there is natural ambiguity
originating from fact that size_t customarily "covers" twice as much
space. So if you are to rely on positivity of signed value, object has
to be small enough. In other words you would have to perform sanity
checks before you do so. So it's not exactly walk on roses. I mean if
one assumes the premise that signed is "easier" to handle. Well, one can
make all kind of practical arguments about practicality of such
situation, i.e. what it takes to run into ptrdiff_t vs. size_t
ambiguity, and argue that it never happens. Well, while it would be case
on most systems, there are two cases, arguably not that impractical.
64-bit VMS, where we have sizeof(size_t)<sizeof(void *), and 32-bit
application running on 64-bit system. In both cases you would be
perfectly capable of allocating 2GB+1 bytes, and you would have trouble
using ptrdiff_t with such object.


[On related note one can wonder how is ambiguity resolved in say
read(2). I mean let's say you have 2GB+1 bytes file and attempt to read
it in one go in either of above cases. Well, I can't speak for VMS, but
Linux would return 2GB-4KB bytes counting on caller to make second call
to read the remaining data.]