Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 10 Dec 2012 09:47:22 +0100
From: Simon Marechal <>
Subject: Re: fixing the valid() methods

On 10/12/2012 02:57, Solar Designer wrote:
> Can we afford a dependency on regcomp(3), regexec(3), regfree(3) in
> jumbo?  Apparently, these are in POSIX.1-2001.  Yet I am unlikely to
> introduce this change to core, so it'd be yet another jumbo thing.
> Personally, I don't feel much need to go for regexps - I find it easy
> enough to write robust valid() based on str(r)chr() and such - but I
> understand that others' preferences may be different.

Perhaps some kind of sscanf-like function, that accepts a specific
format ? Something that might look like:

validate("$X$%b8$%h128", ciphertext)

That would return true if ciphertext is made of (exactly) "$X$" followed
by 8 chars forming a valid base 64 value, followed by 128 chars forming
a valid hex-encoded value.

It might even work as sscanf for use in binary, and would be used like
this in valid:

validate(ciphertext, "$X$%b8$%h128", NULL, NULL)

in binary :

validate(ciphertext, "$X$%b8$%h128", NULL, &bin)

in salt :

validate(ciphertext, "$X$%b8$%h128", &salt, NULL)

This doesn't seem to be too much work, and has the following advantages:
* centralized and hopefuly bug-free code for converting ascii to binary
in various ways (hex, base64, endianness, ...)
* reuse the same format and functions in validate, binary and salt
* makes the expected ciphertext format obvious

Another approach would be having a set of functions working with a
parsing context. This might be easier to add features this way, but
seems less easy to use :

ctx = start_parse(ciphertext);
if(!parse_string(ctx, "$X$"))
	return 0;
if(!parse_base64(ctx, 8))
	return 0;
	return 0;
if(!parse_hex(ctx, 128))
	return 0;
	return 0;

What do you guys think ?

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.