> But it gets cast back to the correct type before it is called. These
> casts are done the way they are to get type-safety. Removing that option
> strikes me as a bad thing.


It does not. Look closely at how these functions work:

char *PEM_ASN1_read_bio(char *(*d2i)(), const char *name, BIO *bp, char **x,
pem_password_cb *cb, void *u)
{
unsigned char *p=NULL,*data=NULL;
long len;
char *ret=NULL;

if (!PEM_bytes_read_bio(&data, &len, NULL, name, bp, cb, u))
return NULL;
p = data;
ret=d2i(x,&p,len);
if (ret == NULL)
PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB);
OPENSSL_free(data);
return(ret);
}

Please tell me how the compiler knows what type 'x' should be passed as. If
you pass a pointer to a function as 'd2i' whose first type is not defined as
a 'char **', you get undefined behavior -- how can the compiler possibly use
the correct type's passing rules when it thinks the function takes a 'char
**' and it actuall takes an 'X509 **'.

OpenSSL does *not* cast the function back to the correct (exact) type
before it calls it. Neither does it cast the function's parameters to the
right type. As a result, the code only works by luck. In the case of
'PEM_read_X509', it works if 'char **' and 'X509 **' happen to have the same
function parameter rules. Nothing requires this to be the case.

There is now way the compiler can know how to properly pass 'x' to 'd2i'. A
function cannot call another function whose parameter types it does not know
and can vary.

DS


__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org