[openssl-dev] [openssl.org #4590] accessors without const return arguments

10 views
Skip to first unread message

Roumen Petrov via RT

unread,
Jun 25, 2016, 6:10:22 PM6/25/16
to
Hello,

Recently declaration of a number of get0 methods was changed to return
constant values (BIGNUM).

Lets me quote description of an allocator "/ECDSA_SIG_new()/ allocates a
new *ECDSA_SIG* structure (note: this function also allocates the
BIGNUMs) and initialize it."

Now lets try to write deserialization of a ECDSA signature. With set
method allocated and never user ECDSA members r and s has to be freed
and replaced by new one. As result extra allocation of big numbers
impact performance and increase memory usage.

Above is reason the request to remove const from return argument of get0
methods.

The issue is not only for ECDSA but also for DSA_SIG and RSA, DSA, DH
keys where situation is similar.


Regards,
Roumen Petrov



--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4590
Please log in as guest with password guest if prompted

--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Stephen Henson via RT

unread,
Jul 22, 2016, 10:09:31 AM7/22/16
to
On Sat Jun 25 22:09:59 2016, ope...@roumenpetrov.info wrote:
>
> Above is reason the request to remove const from return argument of get0
> methods.
>

We had a discussion about this and the preference was to have get methods
retain const for various reasons.

Instead the DSA_SIG/ECDSA_SIG structures now no longer pre-allocate r/s so they
aren't immediately freed when you set them.

> The issue is not only for ECDSA but also for DSA_SIG and RSA, DSA, DH
> keys where situation is similar.
>

Do you have some examples of how this affects other structures? For RSA/DSA/DH
keys the fields are NULL initially unless I've missed something.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

Richard Levitte via RT

unread,
Aug 1, 2016, 2:08:10 AM8/1/16
to
On Fri Jul 22 14:09:12 2016, steve wrote:
> On Sat Jun 25 22:09:59 2016, ope...@roumenpetrov.info wrote:
> >
> > Above is reason the request to remove const from return argument of
> > get0
> > methods.
> >
>
> We had a discussion about this and the preference was to have get
> methods
> retain const for various reasons.
>
> Instead the DSA_SIG/ECDSA_SIG structures now no longer pre-allocate
> r/s so they
> aren't immediately freed when you set them.
>
> > The issue is not only for ECDSA but also for DSA_SIG and RSA, DSA, DH
> > keys where situation is similar.
> >
>
> Do you have some examples of how this affects other structures? For
> RSA/DSA/DH
> keys the fields are NULL initially unless I've missed something.

Can this ticket be closed?

--
Richard Levitte
lev...@openssl.org

Stephen Henson via RT

unread,
Aug 1, 2016, 1:31:59 PM8/1/16
to
This has addressed the original issue. If there are any cases for DH/DSA/RSA
you feel need addressing please give details in a new ticket.

Steve.;
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

Roumen Petrov via RT

unread,
Aug 3, 2016, 5:13:41 PM8/3/16
to
Stephen Henson via RT wrote:
> On Sat Jun 25 22:09:59 2016, ope...@roumenpetrov.info wrote:
>> Above is reason the request to remove const from return argument of get0
>> methods.
> We had a discussion about this and the preference was to have get methods
> retain const for various reasons.
>
> Instead the DSA_SIG/ECDSA_SIG structures now no longer pre-allocate r/s so they
> aren't immediately freed when you set them.

Please update documentation (status of 3.8.2016):
1) DSA_SIG_new.pod
DSA_SIG_new() allocates and initializes a B<DSA_SIG> structure.

So now function only allocates signature.


2) ECDSA_SIG_new.pod
ECDSA_SIG_new() allocates a new B<ECDSA_SIG> structure (note: this
function also allocates the BIGNUMs) and initializes it.

Same here, but please indicate that this is changed in 1.1.


>> The issue is not only for ECDSA but also for DSA_SIG and RSA, DSA, DH
>> keys where situation is similar.
> Do you have some examples of how this affects other structures? For RSA/DSA/DH
> keys the fields are NULL initially unless I've missed something.
Impact is over other software where more or less situation is the same -
code allocates and initialize(!) keys.
In deserialization process just updates allocated key material.

It seemt to me now is more easy just to perform "const cast hack"
instead to rewrite totally code.

Roumen
Reply all
Reply to author
Forward
0 new messages