On 29/12/2018 22:33, Richard Levitte wrote:
In message <20181229.170846.804158981742723988.levitte@xxxxxxxxxxx> on Sat, 29 Dec 2018 17:08:46 +0100 (CET), Richard Levitte <levitte@xxxxxxxxxxx> said:
In message <38b97114-0c66-40ed-f631-58aa20940a3a@xxxxxx> on Sat, 29 Dec 2018 14:19:47 +0100, "C.Wehrmeyer" <c.wehrmeyer@xxxxxx> said:
...
What's wrong with that, you ask? Let me show you how I'd have done
that:
static const unsigned char ssl3_pad_1[] =
{
"66666666"
"66666666"
"66666666"
"66666666"
"66666666"
"66666666"
};
static const unsigned char*ssl3_pad_2[] =
{
"\\\\\\\\\\\\\\\\"
"\\\\\\\\\\\\\\\\"
"\\\\\\\\\\\\\\\\"
"\\\\\\\\\\\\\\\\"
"\\\\\\\\\\\\\\\\"
"\\\\\\\\\\\\\\\\"
};
So, no. I don't trust anyone. Especially not this mess of a code.
You do know that your string insert NUL bytes, right? If you have a
look at how they're used, you might see why those stray NUL bytes
aren't a good thing.
Never mind this remark... For some reason, my brain added commas
after each partial string. Meh...
It still inserts NUL bytes at the end of each array, changing
sizeof(array) as well as cache access patterns (and thus side
channel effects).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users