Richard Levitte - VMS Whacker wrote:
>
> From: Ben Laurie <[EMAIL PROTECTED]>
>
> ben> > It does mean exactly that. If we want to constify the API, what
> ben> > choice do we have? Also, note that in the problematic sections,
> ben> > there's a check to see that the BIGNUM data isn't flagged as static.
> ben>
> ben> It is absolutely unacceptable to take a const argument and then modify
> ben> it! I can see no reason why you'd want to, either.
>
> The 15% performance decrease that was mentioned?
>
> ben> > This *is* a conflict between the wish to constify and efficiency. If
> ben> > you have some elegant solution, please tell us.
> ben>
> ben> If efficiency prevents you from constifying, then that's just the way it
> ben> is. We need efficiency more than we need memory to not be written.
>
> The consequence of this is that we then can't constify anything that
> uses the BN functions, directly or indirectly.
>
> What went on when I experimented was that I started of trying to
> constify the RSA API, and it rippled down all the way down to
> BN_mul().
>
> At the same time, we have experienced problems with the lack of
> constness (I recall Geoff mumbling about it a number of times, and
> I've run into it a couple times).
>
> This feels very much like a lose-lose situation. We lose one of (a)
> efficiency, (b) elegance in API constness and (c) strictness around
> constness.
>
> Also, the problem at hand does not really change the BIGNUM data. It
> extendes the space the data and fills in with 0 after the actual
> number, everything so two BIGNUMs get the exact same length of data.
> It's also a rather special case, where the difference in the size of
> the numbers is one word. I personally thought that special case would
> happen so seldom that the memory allocation overhead would be
> discardable. I was apparently wrong on that point.
This is why I said what we have is really a mutable, but you can't say
that in C (its a C++ concept). But the central point is that having
"const" in an API is a promise not to modify the parameter - its
completely pointless to make that promise and then break it!
Furthermore, doing so will (potentially) result in incorrect code being
generated by the compiler. I simply don't see why it is elegant to claim
that something is const when it is not!!
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
