[openssl-users] ECDSA_SIG_new and ECDSA_SIG_free details

Viktor Dukhovni openssl-users at dukhovni.org
Wed Jan 11 17:36:59 UTC 2017

On Wed, Jan 11, 2017 at 05:27:47PM +0000, Michael Wojcik wrote:

> Unfortunately writing proper C is a rare skill - relatively few C
> programmers have ever even read the language specification - and much C
> code is saddled with lots of ancient technical debt. Also, of course, it
> often doesn't make economic sense to accommodate rare implementations.

In the case of OpenSSL, the issue was well understood, and upon
consideration a decision was made to not support platforms where
the memory representation of NULL is not zero.  A test was written
to make sure that non-conformant platforms are detected.

By way of contrast, the Postfix project supports non-zero NULLs,
and explicitly initializes pointer-valued member fields in structures.

Neither project simply ignores the issue.


More information about the openssl-users mailing list