[openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

Jakob Bohm jb-openssl at wisemo.com
Thu Dec 10 17:38:44 UTC 2015


On 10/12/2015 17:53, Matt Caswell wrote:
> On 10/12/15 11:55, Jayalakshmi bhat wrote:
>> Hi Matt,
>>
>> Thanks for the patch. Unfortunately patch did not work. I continued
>> debugging and found that issue was in constant_time_msb.
>>
>> static inline unsigned int constant_time_msb(unsigned int a) {
>> -    *return 0 - (a >> (sizeof(a) * 8 - 1));*
>> + return (((unsigned)((int)(a) >> (sizeof(int) * 8 - 1))));
>> }
> Thanks. Have you analysed why the original version failed? Both versions
> look reasonable to me (ignoring the hardcoded 8 - implying a char is 8
> bits). I'd really like to understand that before replacing it with
> something else which apparently does the same thing. Perhaps you could
> post some sample values for "a" and the return value, before and after
> your change.
Looking at the provided disassembly, it looks like the
1.0.2 version triggers a compiler bug which (at least)
forgets to mask the result down to 8 bits after inlining
in test_is_zero_8().   The missing mask with FF occurs
in multiple functions in the disassembly.



Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151210/8c567e41/attachment.html>


More information about the openssl-users mailing list