[openssl-users] Authentication over ECDHE

[Richard Levitte]

In message <38b97114-0c66-40ed-f631-58aa20940a3a at gmx.de> on Sat, 29 Dec 2018 14:19:47 +0100, "C.Wehrmeyer" <c.wehrmeyer at gmx.de> said:

> I've written highly scalable libraries in the past before, and one
> thing you always want to do there is to trim fat.

Sure, but:

> Now add to that the fact that OpenSSL has been moving towards making
> its structures opaque, thus falling into the same trap that Microsoft
> has with COM and DirectX,

...  I'm not sure about you, but I have a hard time seeing how one
would trim off fat from *public* structures that everyone and their
stray cat might be tinkering in.  Trimming off fat usually means
restructuring the structures, and unless they're opaque, the freedom
to do so is severily limited.

Mind you, though, that I agree we could do with some cleanup.

> And don't give me any "trust us, we're experienced programmers"
> bullshit. I've *seen* ssl/record/ssl3_record.c:
> 
> > static const unsigned char ssl3_pad_1[48] = {
> >     0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
> >     0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
> >     0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
> >     0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
> >     0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
> >     0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36
> > };
> > static const unsigned char ssl3_pad_2[48] = {
> >     0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
> >     0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
> >     0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
> >     0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
> >     0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
> >     0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c
> > };
> 
> What's wrong with that, you ask? Let me show you how I'd have done
> that:
> 
> > static const unsigned char ssl3_pad_1[] =
> > {
> >     "66666666"
> >     "66666666"
> >     "66666666"
> >     "66666666"
> >     "66666666"
> >     "66666666"
> > };
> >
> > static const unsigned char*ssl3_pad_2[] =
> > {
> >     "\\\\\\\\\\\\\\\\"
> >     "\\\\\\\\\\\\\\\\"
> >     "\\\\\\\\\\\\\\\\"
> >     "\\\\\\\\\\\\\\\\"
> >     "\\\\\\\\\\\\\\\\"
> >     "\\\\\\\\\\\\\\\\"
> > };
> 
> So, no. I don't trust anyone. Especially not this mess of a code.

You do know that your string insert NUL bytes, right?  If you have a
look at how they're used, you might see why those stray NUL bytes
aren't a good thing.

Cheers,
Richard

P.S. as a side note, your message triggered profanity filters.  I
don't really care, it's not our filters, but this is just to inform
you that your rant didn't quite reach everyone (those with profanity
filters in place)
/postmaster

-- 
Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/