[openssl-users] Authentication over ECDHE
Richard Levitte
levitte at openssl.org
Sat Dec 29 21:33:53 UTC 2018
In message <20181229.170846.804158981742723988.levitte at openssl.org> on Sat, 29 Dec 2018 17:08:46 +0100 (CET), Richard Levitte <levitte at openssl.org> said:
> In message <38b97114-0c66-40ed-f631-58aa20940a3a at gmx.de> on Sat, 29 Dec 2018 14:19:47 +0100, "C.Wehrmeyer" <c.wehrmeyer at gmx.de> said:
>
...
> > What's wrong with that, you ask? Let me show you how I'd have done
> > that:
> >
> > > static const unsigned char ssl3_pad_1[] =
> > > {
> > > "66666666"
> > > "66666666"
> > > "66666666"
> > > "66666666"
> > > "66666666"
> > > "66666666"
> > > };
> > >
> > > static const unsigned char*ssl3_pad_2[] =
> > > {
> > > "\\\\\\\\\\\\\\\\"
> > > "\\\\\\\\\\\\\\\\"
> > > "\\\\\\\\\\\\\\\\"
> > > "\\\\\\\\\\\\\\\\"
> > > "\\\\\\\\\\\\\\\\"
> > > "\\\\\\\\\\\\\\\\"
> > > };
> >
> > So, no. I don't trust anyone. Especially not this mess of a code.
>
> You do know that your string insert NUL bytes, right? If you have a
> look at how they're used, you might see why those stray NUL bytes
> aren't a good thing.
Never mind this remark... For some reason, my brain added commas
after each partial string. Meh...
--
Richard Levitte levitte at openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
More information about the openssl-users
mailing list