Re: [openssl-dev] Is X509_free(NULL) ok?
Yes you can do so. It is documented in most of the manpages, and in 1.1.0 and later it should be in all of them. On 1/1/18, 11:19 AM, "Ray Satiro via openssl-dev" wrote: I'm trying to figure out whether it's supported to call X509_free(NULL) in 1.0.2 and beyond. It's not documented what action occurs when the pointer is null. Also generally speaking is it supported to call openssl free functions with null pointers? -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Is X509_free(NULL) ok?
➢So it's guaranteed for 1.1, mostly guaranteed for recent 1.0.2, but not guaranteed for older 1.0.2. yes. ➢ I also think it would be good to backport all to 1.0.2 Yes. I believe I did that, but I am not absolutely 100% positive. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Is X509_free(NULL) ok?
On 12/22/2017 9:59 AM, Salz, Rich via openssl-dev wrote: I think we fixed all such cases in 1.1.0, all *_free() functions should handle NULL. I don't think we backported to changes to 1.0.2. Yes, and we fixed the documentation. I backported all/most of them to 1.0.2 to make cherry-picking easier. I don’t know if I changed the docs. So it's guaranteed for 1.1, mostly guaranteed for recent 1.0.2, but not guaranteed for older 1.0.2. If that's the case, I suspect it's just as easy to leave the if (ptr != NULL) in the code, as to code an ifdef for version < 1.1. ~~ I also think it would be good to backport all to 1.0.2. If the documentation says it's OK in 1.1, and the coder uses the 1.1 API, the end user may get crashes if they compile against 1.0.2. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Is X509_free(NULL) ok?
➢ I think we fixed all such cases in 1.1.0, all *_free() functions should handle NULL. I don't think we backported to changes to 1.0.2. Yes, and we fixed the documentation. I backported all/most of them to 1.0.2 to make cherry-picking easier. I don’t know if I changed the docs. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Is X509_free(NULL) ok?
On Fri, Dec 22, 2017 at 09:30:19AM -0500, Ken Goldman wrote: > On 12/22/2017 9:24 AM, Salz, Rich via openssl-users wrote: > > > if (ptr!= NULL) free(ptr); > > That shouldn’t be necessary for OpenSSL. If you find places where it is, > > please open an issue. > > OK. I'll mention a few, but it's a global issue. > > The code may handle NULL. However, conservative users won't go by what the > code happens to do today. We have to go by the API documentation, which is > the contract between the library and the user. If the API is silent, we > cautiously assume it's not guaranteed, and can change in the future. So feel free to document it as being able to handle NULL. Kurt -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Is X509_free(NULL) ok?
On Fri, Dec 22, 2017 at 01:06:20PM +, Salz, Rich via openssl-dev wrote: > Our intent is that all FREE functions can handle NULL. If you find things > missing or undocumented, please open an issue on GitHub. Thanks! I think we fixed all such cases in 1.1.0, all *_free() functions should handle NULL. I don't think we backported to changes to 1.0.2. Kurt -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Is X509_free(NULL) ok?
On 12/22/2017 9:24 AM, Salz, Rich via openssl-users wrote: if (ptr!= NULL) free(ptr); That shouldn’t be necessary for OpenSSL. If you find places where it is, please open an issue. OK. I'll mention a few, but it's a global issue. The code may handle NULL. However, conservative users won't go by what the code happens to do today. We have to go by the API documentation, which is the contract between the library and the user. If the API is silent, we cautiously assume it's not guaranteed, and can change in the future. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Is X509_free(NULL) ok?
Our intent is that all FREE functions can handle NULL. If you find things missing or undocumented, please open an issue on GitHub. Thanks! -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Is X509_free(NULL) ok?
Hi, I think it should be documented, but currently the two supported branches are ok with NULL: - following from IMPLEMENT_ASN1_FUNCTIONS(X509), for both openssl-1.0.2n and 1.1.0g: - 1.0.2n ends up in asn1_item_combine_free() - 1.1.0g ends up in asn1_item_embed_free() - in both cases an explicit check is done for NULL. See https://github.com/openssl/openssl/blob/OpenSSL_1_1_0g/crypto/asn1/tasn_fre.c#L36 and https://github.com/openssl/openssl/blob/OpenSSL_1_0_2n/crypto/asn1/tasn_fre.c#L86 Mischa On Thu, Dec 21, 2017 at 12:58 AM, Viktor Dukhovni wrote: > > >> On Dec 20, 2017, at 5:50 PM, Ray Satiro via openssl-dev >> wrote: >> >> 'm trying to figure out whether it's supported to call X509_free(NULL) >> in 1.0.2 and beyond. It's not documented what action occurs when the >> pointer is null. Also generally speaking is it supported to call openssl >> free functions with null pointers? > > > All ASN.1 objects (such as X509 *) that are implemented via > IMPLEMENT_ASN1_FUNCTIONS(typename) are freed by ASN1_item_free(), > which I believe handles NULL inputs. > > If you don't see immediate crashes on trying it, you can use it > on NULL inputs with confidence that this is intentional and not > going to change. > > -- > -- > Viktor. > > -- > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Is X509_free(NULL) ok?
> On Dec 20, 2017, at 5:50 PM, Ray Satiro via openssl-dev > wrote: > > 'm trying to figure out whether it's supported to call X509_free(NULL) > in 1.0.2 and beyond. It's not documented what action occurs when the > pointer is null. Also generally speaking is it supported to call openssl > free functions with null pointers? All ASN.1 objects (such as X509 *) that are implemented via IMPLEMENT_ASN1_FUNCTIONS(typename) are freed by ASN1_item_free(), which I believe handles NULL inputs. If you don't see immediate crashes on trying it, you can use it on NULL inputs with confidence that this is intentional and not going to change. -- -- Viktor. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] Is X509_free(NULL) ok?
I'm trying to figure out whether it's supported to call X509_free(NULL) in 1.0.2 and beyond. It's not documented what action occurs when the pointer is null. Also generally speaking is it supported to call openssl free functions with null pointers? -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev