[openssl-users] Cleanup and changing the malloc routines

Jakob Bohm jb-openssl at wisemo.com
Thu Sep 3 14:54:35 UTC 2015 

On 03/09/2015 04:38, Salz, Rich wrote:
>
> We are considering a big cleanup to the memory-allocation API’s in the 
> next release.
>
> Please take a look at the attached documentation, which describes 
> **ALL** of the public functions, and let us know if it will cause a 
> problem.
>
A few practical notes:

1. I trust that functions to allocate specific data
   types (such as bignums) are not changed by this.

2. Macros that take zero arguments (such as
   "OPENSSL_malloc_init()") are not accepted by all
   compilers.  In my own API designs this has forced
   me to give such macros a dummy argument (which is
   never used, it just pleases the preprocessor).

3. When compiling without compile-time debug flags,
   the various debug arguments should not be passed
   (or otherwise referenced) by the macros, avoiding
   a bunch of "foo.c" and line number values from
   filling up the compiled binary.  Something like

#ifdef SOME_DEBUG_DEFINE
#define OPENSSL_malloc(num) (CRYPTO_malloc(num, __FILE__, __LINE__))
...
#else
#define OPENSSL_malloc(num) (CRYPTO_malloc(num, NULL, 0))
// OR
#define OPENSSL_malloc(num) (CRYPTO_malloc_nodbg(num))
...
#endif

4. For the basic functions (not the callbacks), there
   seems to be no reason not to change to size_t now.

5. Given the huge number of backward incompatibilities
   in OpenSSL 1.1.x, this seems a good time to change to
   size_t in the callbacks too.

6. Maybe there should be an alternate get/set_mem_functions
   with non-linenumber callbacks (behind the scenes, either
   would set the the other callbacks to stubs that add/remove
   the extra args, the initial defaults would be direct for
   speed and to support the "defer to default implementation"
   scenarios).

7. Maybe the get/set_mem_functions should (in their debug
   variant) should also be able to change the backend for
   debug_push/_pop.

8. For readability, defines with omitted (opaque)
   definitions should be documented with elided args such
   as #define OPENSSL_malloc(num) ... and
   #define CRYPTO_MEM_CHECK_ON 0x... to indicate that they
   do not (typically) expand to nothing/typically do expand
   to a numeric constant

9. Typo: "pointers for with the current functions"

10. It would be helpful to clarify which older functions are
   getting removed.  It's a bit like reading a patch without
   the removed lines.  Kind of impossible to tell what you
   propose to remove.



Enjoy (NOT A CONTRIBUTION)

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150903/74e413b7/attachment-0001.html>

More information about the openssl-users mailing list