[Cryptography] LibreSSL unaffected by DROWN
Georgi Guninski
guninski at guninski.com
Wed Mar 2 22:10:44 PST 2016
On Wed, Mar 02, 2016 at 10:27:44PM -0500, grarpamp wrote:
> > Theo is an avid marketer, the reality is a bit more complex.
>
> So then where is the link to an independant website which
> stays current and puts say Libre 2.2.[x] and Open 1.0.2[x]
> side by side in a feature / protocol / api review table?
Both share usage of a lot of if(0) {label:}, what C experts say
about this?
in libressl 2.3.2 (latest as of now) and openssl 1.0.1p
(and probably later) in ssl/s3_clnt.c
984: if (CBS_len(&cert_list) < 3)
goto truncated;
1657: if (0) {
truncated:
SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
SSL_R_BAD_PACKET_LENGTH);
}
Some more info on my blog:
https://j.ludost.net/blog/archives/2016/03/02/literate_programming_in_c_if0/index.html
More information about the cypherpunks
mailing list