<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
The UTF8 type is a string and if its length is known, it doesn't
need to be '\0' terminated. So passing the address of a char works
(it's a char * after all).<br>
<br>
Thanks for the other fix.<br>
<br>
Pauli<br>
<br>
<div class="moz-cite-prefix">On 26/3/22 10:43 am, Kory Hamzeh wrote:<br>
</div>
<blockquote type="cite"
cite="mid:E6B4F3CF-5C9C-48FA-BB40-91479C4D8255@avatarci.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
Thanks, Paul. I noticed the type values matched the RFC, but
thought maybe it should be a string if that was the case.
<div class=""><br class="">
</div>
<div class="">I did find another issue:</div>
<div class=""><br class="">
</div>
<div class="">
<pre style="margin-top: 0px; margin-bottom: 2.1em; padding: 0.8em 1em; border: 1px solid rgb(5, 35, 43); font-variant-ligatures: normal; font-variant-numeric: inherit; font-variant-east-asian: inherit; font-stretch: inherit; line-height: 1.45em; font-family: Menlo, Monaco, "Andale Mono", "lucida console", "Courier New", monospace; font-size: 13px; vertical-align: baseline; box-shadow: rgba(0, 0, 0, 0.06) 0px 0px 10px; background-image: url("applewebdata://5CA01DD0-56C8-4391-BFFE-E1047FE43ED0/img/noise.png"); background-color: rgb(255, 255, 255); border-top-left-radius: 0.4em; border-top-right-radius: 0.4em; border-bottom-right-radius: 0.4em; border-bottom-left-radius: 0.4em; color: rgb(0, 255, 0); overflow: auto; orphans: 2; widows: 2; text-decoration-thickness: initial; background-position: left top;" class=""><code style="margin: 0px; padding: 0px; border: 0px; font-style: inherit; font-variant-ligatures: inherit; font-variant-position: inherit; font-variant-caps: inherit; font-variant-numeric: inherit; font-variant-alternates: inherit; font-variant-east-asian: inherit; font-stretch: inherit; line-height: inherit; font-family: Menlo, Monaco, "Andale Mono", "lucida console", "Courier New", monospace; vertical-align: baseline;" class=""> if (EVP_KDF_derive(kctx, out, &outlen, params) <= 0)
</code></pre>
<div class=""><code style="margin: 0px; padding: 0px; border:
0px; font-style: inherit; font-variant-ligatures: inherit;
font-variant-position: inherit; font-variant-caps: inherit;
font-variant-numeric: inherit; font-variant-alternates:
inherit; font-variant-east-asian: inherit; font-stretch:
inherit; line-height: inherit; font-family: Menlo, Monaco,
"Andale Mono", "lucida console",
"Courier New", monospace; vertical-align:
baseline;" class=""><br class="">
</code></div>
<div class=""><font class="" face="Menlo, Monaco, Andale Mono,
lucida console, Courier New, monospace">The actual value
of ‘outlen’ should be passed, not the address.</font></div>
<div class=""><font class="" face="Menlo, Monaco, Andale Mono,
lucida console, Courier New, monospace"><br class="">
</font></div>
<div class=""><font class="" face="Menlo, Monaco, Andale Mono,
lucida console, Courier New, monospace">Kory</font></div>
<div><br class="">
<blockquote type="cite" class="">
<div class="">On Mar 25, 2022, at 4:01 PM, <a
href="mailto:pauli@openssl.org"
class="moz-txt-link-freetext" moz-do-not-send="true">pauli@openssl.org</a>
wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<div class="">It is correct, the KDF is expecting the
characters 'A' through 'F' here. This is what is
specified in the RFC: <a
href="https://datatracker.ietf.org/doc/html/rfc4253#section-7.2"
class="moz-txt-link-freetext" moz-do-not-send="true">https://datatracker.ietf.org/doc/html/rfc4253#section-7.2</a><br
class="">
<br class="">
That line of code ought to have cast to (char *) or type
defined simply as char, but it is essentially correct.<br
class="">
<br class="">
<br class="">
Pauli<br class="">
<br class="">
On 26/3/22 5:11 am, Kory Hamzeh wrote:<br class="">
<blockquote type="cite" class="">Hi All,<br class="">
<br class="">
If you look at the example SSH KDF code here:<br
class="">
<br class="">
<a
href="https://www.openssl.org/docs/manmaster/man7/EVP_KDF-SSHKDF.html"
class="moz-txt-link-freetext" moz-do-not-send="true">https://www.openssl.org/docs/manmaster/man7/EVP_KDF-SSHKDF.html</a><br
class="">
<br class="">
Specifically, these lines:<br class="">
<br class="">
*p++ =
OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE,<br
class="">
&type,
sizeof(type));<br class="">
The variable ‘type’ is defined as a “const char”, so
an 8 bit integer. The compiler spits out a warning on
that line. Is the example code correct?<br class="">
<br class="">
I wonder if it should be calling
OSSL_PARAM_construct_int() and ‘type’ changed to
‘int’?<br class="">
<br class="">
Thanks,<br class="">
Kory<br class="">
<br class="">
</blockquote>
<br class="">
</div>
</div>
</blockquote>
</div>
<br class="">
</div>
</blockquote>
<br>
</body>
</html>