On 17/02/18 22:59, Jeffrey Walton wrote:
On Sat, Feb 17, 2018 at 4:35 AM, Niels Möller wrote:
...
@@ -80,7 +80,7 @@ openssl_evp_set_encrypt_key(void *p, const uint8_t *key, { struct openssl_cipher_ctx *ctx = p; ctx->evp = EVP_CIPHER_CTX_new();
- assert(EVP_EncryptInit_ex(ctx->evp, cipher, NULL, key, NULL) == 1);
- assert(EVP_CipherInit_ex(ctx->evp, cipher, NULL, key, NULL, 1) == 1); EVP_CIPHER_CTX_set_padding(ctx->evp, 0);
}
It's not right to use assert on expressions with side-effects. Since will break builds with ./configure CFLAGS='-DNDEBUG'.
No asserts, period. They should not get through an audit.
This is the QA code for testing. Asserting that it works correctly and aborting to fail the test ASAP is the whole purpose of these.
The -DNDEBUG has to be accounted for even in test code because additional compiler optimization may introduce issues for production builds that do not show up when debug info clutters the binary.
No production systems should ever be running the test code on sensitive data. Test data maybe, but not real PII.
AYJ