Re: cvs commit: openssl/crypto/bn bn.h bn_exp.c bn_exp2.cbn_gcd.cbn_lib.c bn_mont.c bn_mul.c bn_prime.c bn_recp.c bn_shift.cbn_sqr.cbntest.c

Wed, 08 Nov 2000 06:38:58 -0800 

> It does mean exactly that.  If we want to constify the API, what
> choice do we have?  Also, note that in the problematic sections,
> there's a check to see that the BIGNUM data isn't flagged as static.
> 
> This *is* a conflict between the wish to constify and efficiency.  If
> you have some elegant solution, please tell us.

Unfortunately, Ben's right.  You're trying to introduce "conceptual
const-ness", and C only supports bit-wise const-ness.

I assume you're talking about stuff like this in bn_mul.c, BN_mul(),
around line 680:
                if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA))
                        {
                        bn_wexpand(b,al);       // modifies b

                if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA))
                        {
                        BIGNUM *tmp_bn = free_b;
                        b = free_b = bn_dup_expand(b,al);

In C, a parameter declared as "const TYPE* p" doesn't mean "if I change
anything within *p I'll put it back".  It means "I won't change anything
within *p".

As I see it, you have a couple of choices.
1.  Leave the old code, as shown in the first fragment, but declared the
parameters const.  You can't do that, because the resultant code is not
standard-conforming.

2.  Declare the parameters const, but introduce new local variables that
cast away the const-ness. This might cause problems (most likely a
runtime fault) if (a) someone (including openssl) ever declares a
'static const TYPE xxx' instance in their code; and (b) the compiler
puts that into a read-only section.  The data structures are so complex,
and the lack of C++ constructors, make (a) exceedingly unlikely, in my
opinion.

3. Introduce "#define CCONST" and use that in the API declarations to
introduce such conceptually const parameters.  If you #define it to
empty, "/**/", then the current code stays as-is.  If you #define it to
"const" then you have to do #2, but this might help in debugging if the
problem described in #2 ever happens.  If you allow the user (or the
config script) to determine the value -- /**/ or const -- then of course
you have to do #2 anyway.

It's a tough call, and almost completely a matter of taste.
        /r$
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to