[openssl-users] Cleanup and changing the malloc routines

Jakob Bohm jb-openssl at wisemo.com
Thu Sep 3 14:54:35 UTC 2015

On 03/09/2015 04:38, Salz, Rich wrote:
> We are considering a big cleanup to the memory-allocation API’s in the 
> next release.
> Please take a look at the attached documentation, which describes 
> **ALL** of the public functions, and let us know if it will cause a 
> problem.
A few practical notes:

1. I trust that functions to allocate specific data
   types (such as bignums) are not changed by this.

2. Macros that take zero arguments (such as
   "OPENSSL_malloc_init()") are not accepted by all
   compilers.  In my own API designs this has forced
   me to give such macros a dummy argument (which is
   never used, it just pleases the preprocessor).

3. When compiling without compile-time debug flags,
   the various debug arguments should not be passed
   (or otherwise referenced) by the macros, avoiding
   a bunch of "foo.c" and line number values from
   filling up the compiled binary.  Something like

#define OPENSSL_malloc(num) (CRYPTO_malloc(num, __FILE__, __LINE__))
#define OPENSSL_malloc(num) (CRYPTO_malloc(num, NULL, 0))
// OR
#define OPENSSL_malloc(num) (CRYPTO_malloc_nodbg(num))

4. For the basic functions (not the callbacks), there
   seems to be no reason not to change to size_t now.

5. Given the huge number of backward incompatibilities
   in OpenSSL 1.1.x, this seems a good time to change to
   size_t in the callbacks too.

6. Maybe there should be an alternate get/set_mem_functions
   with non-linenumber callbacks (behind the scenes, either
   would set the the other callbacks to stubs that add/remove
   the extra args, the initial defaults would be direct for
   speed and to support the "defer to default implementation"

7. Maybe the get/set_mem_functions should (in their debug
   variant) should also be able to change the backend for

8. For readability, defines with omitted (opaque)
   definitions should be documented with elided args such
   as #define OPENSSL_malloc(num) ... and
   #define CRYPTO_MEM_CHECK_ON 0x... to indicate that they
   do not (typically) expand to nothing/typically do expand
   to a numeric constant

9. Typo: "pointers for with the current functions"

10. It would be helpful to clarify which older functions are
   getting removed.  It's a bit like reading a patch without
   the removed lines.  Kind of impossible to tell what you
   propose to remove.


Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150903/74e413b7/attachment-0001.html>

More information about the openssl-users mailing list