Oops, you are correct. I was under the mistaken impression that ossl_assert compiled to nothing outside of debug mode.
Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 29 Nov 2019, at 7:22 pm, Matt Caswell <m...@openssl.org> wrote: > > > > On 29/11/2019 08:38, Dr Paul Dale wrote: >> I’d prefer option 1 or the middle ground. I’ve lost count of the >> number of times I’ve seen programs crashing in the crypto library >> which required mammoth debugging efforts to irrefutably demonstrate >> that the caller is at fault rather than the crypto library :( >> >> Option 1 would be preferable from this point of view but it can cause >> a performance hit — most of the time it wouldn’t matter but when it >> does it would be a big deal. The middle ground doesn’t entail any >> performance loss in production code (it does in debug but that >> shouldn’t be relevant). > > > I think you misunderstand the middle ground option: > > if (!ossl_assert(ptr != NULL)) { > ERR_raise(ERR_LIB_WHATEVER, ERR_R_PASSED_NULL_PARAMETER); > return 0; > } > > In debug code this will crash if ptr is NULL. In production code this > acts exactly like option 1 - so has exactly the same performance hit. > > For the record my preference is the middle ground option as being the > norm for new code and where we make a significant refactor of old code. > If something truly is performance critical then we can choose not to do > it in those cases. > > Matt >