On Thu, 19 Jun 2014 21:58:01 -0600 (MDT), Theo de Raadt wrote:
>It should use the mandoc blink tag.
Look at what beck@ started with the libressl web page!
8-)
*** NOTE *** Please DO NOT CC me. I subscribed to the list.
Mail to the sender address that does not originate at the list server is
ta
> If we use timingsafe_bcmp widely (safe as
> that may be), it's very hard to convey the idea that there are
> circumstances when it is not safe. Using timingsafe_memcmp raises its
> awareness and will make it other developers' default choice.
Exactly.
It is easier to develop a pattern/meme when
On Fri, Jun 20, 2014 at 13:53, Damien Miller wrote:
> On Thu, 19 Jun 2014, Ted Unangst wrote:
>
>> Always explicitly compare memcmp with 0. I find this adds clarity.
>
> If you don't care which way a different comparison points, then why
> not use bcmp?
There are a couple points here.
1. we hav
>> Always explicitly compare memcmp with 0. I find this adds clarity.
>
>If you don't care which way a different comparison points, then why
>not use bcmp?
Because knowledge of the difference in is scarce. Someone will screw it up.
It could be argued that the bcmp manual page does a poor job doc
On Thu, 19 Jun 2014, Ted Unangst wrote:
> Always explicitly compare memcmp with 0. I find this adds clarity.
If you don't care which way a different comparison points, then why
not use bcmp?
On 20 Jun 2014, at 7:35, Ted Unangst wrote:
> Always explicitly compare memcmp with 0. I find this adds clarity.
i agree.
ok by me if that has any value in this part of the tree.
>
> Index: s3_clnt.c
> ===
> RCS file: /cvs/src/l
Always explicitly compare memcmp with 0. I find this adds clarity.
Index: s3_clnt.c
===
RCS file: /cvs/src/lib/libssl/src/ssl/s3_clnt.c,v
retrieving revision 1.71
diff -u -p -r1.71 s3_clnt.c
--- s3_clnt.c 19 Jun 2014 21:29:51 -