A couple of questions about OpenSSH codebase

PRIVET SUNSET privetsunsetq at gmail.com
Fri Feb 2 08:05:01 AEDT 2024


Hello!
I'm sorry in advance if I'm asking stupid questions, this is my first time
dealing with a development list, so please excuse me if something is wrong
with this message...

I'm pretty interested in the OpenSSH codebase, and a couple of questions
arose while I was investigating it, and I guess this is the place where I
can find answers.
1. There are a lot of allocations, even for short lived objects like
sshbufs and sshkeys. Creating an sshbuf always requires at least one
allocation, two allocations if it is created with sshbuf_new(). There are a
lot of times when they are allocated and freed within the same function.
Same thing with bitmaps. What is the reason behind not allocating them on
the stack?
2. A lot of stuff in sshbuf's functions is checked against max_size. What
is the reason behind setting the max_size in the first place? If
sshbuf instance is not read-only and doesn't have children, why it cannot
allocate more memory than it's max_size?
3. There are a lot of very defensive checks in sshbuf code. A lot (if not
all) of sshbuf_* functions that take a pointer to another sshbuf first
check it with sshbuf_check_sanity(). As far as i understand, sshbuf object
cannot become insane since all its functions preserve all invariants. It
also cannot become insane through client code, since its members are hidden.
4. What is the reason behind not implementing sshkey as a tagged union? I
mean encapsulating all key-type-specific mutual exclusive members in a
union type, which will be embedded in struct sshkey, and accessed with
checks against key type.

Again sorry if those are noob questions. I would be grateful if someone
would give me any insight.


More information about the openssh-unix-dev mailing list