diff options
| author | Richard Levitte <levitte@openssl.org> | 2021-02-12 20:30:40 +0100 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2021-02-18 16:58:17 +0100 |
| commit | 247a1786e25dbf77548168572e383d57aa743af4 (patch) | |
| tree | 3bec7d6f6f3f8e008af68b39e47146264d6f620e /doc/man7 | |
| parent | c1be4d617cf9435e8326ebba643aa4d7cbcb3645 (diff) | |
OSSL_PARAM: Correct the assumptions on the UTF8 string length
When the string "ABCDEFGH" is passed, what's considered its data, this?
{ 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H' }
or this?
{ 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', '\0' }
If it's passed as a pass phrase, should the terminating NUL byte be
considered part of the pass phrase, or not?
Our treatment of OSSL_PARAMs with the data type OSSL_PARAM_UTF8_STRING
set the length of the string to include the terminating NUL byte,
which is quite confusing. What should the recipient of such a string
believe?
Instead of perpetuating this confusion, we change the assumption to
set the OSSL_PARAM to the length of the string, not including the
terminating NUL byte, thereby giving it the same value as a strlen()
call would give.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14168)
Diffstat (limited to 'doc/man7')
| -rw-r--r-- | doc/man7/EVP_KDF-SSHKDF.pod | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/doc/man7/EVP_KDF-SSHKDF.pod b/doc/man7/EVP_KDF-SSHKDF.pod index f0e113c6c8..a2ff902cce 100644 --- a/doc/man7/EVP_KDF-SSHKDF.pod +++ b/doc/man7/EVP_KDF-SSHKDF.pod @@ -124,7 +124,7 @@ This example derives an 8 byte IV using SHA-256 with a 1K "key" and appropriate *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, session_id, (size_t)32); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE, - type, sizeof(type)); + type, sizeof(type) - 1); *p = OSSL_PARAM_construct_end(); if (EVP_KDF_CTX_set_params(kctx, params) <= 0) /* Error */ |