[openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

Michael Wojcik Michael.Wojcik at microfocus.com
Fri Dec 11 16:41:44 UTC 2015


> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf
> Of Andy Polyakov
> Sent: Friday, December 11, 2015 10:07
> To: openssl-users at openssl.org
> Subject: Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in
> OpenSSL 1.0.2d
> 
> >> static inline unsigned int constant_time_msb(unsigned int a) {
> >> -    *return 0 - (a >> (sizeof(a) * 8 - 1));*
> >> + return (((unsigned)((int)(a) >> (sizeof(int) * 8 - 1))));
> >> }
> >
> >
> > ... Both versions
> > look reasonable to me (ignoring the hardcoded 8 - implying a char is 8
> > bits).
> 
> Hardcoded 8 is not reference to char C type, but to units in which
> sizeof(variable) is measured. For example when we say ILP32 or LP64,
> what do we mean and what role does 8 play in the drama?

The distinction you're drawing is meaningless. The result of the sizeof operator is defined in terms of the C char type. Please refer to the C specification.

For example, referring to ISO 9899:1999 (because C11 is not widely used), please see 6.5.3.4, "The sizeof operator", items 2 and 3, and particularly the first sentence of #3: "When applied to an operand that has type char, unsigned char, or signed char, (or a qualified version thereof) the result is 1." sizeof(any-char-type) is ALWAYS 1, by definition.

Also note, from 6.5.3.4 #2: "The sizeof operator yields the size (in bytes) of its operand". In C, "byte" is a synonym for "char". It is NOT a synonym for "octet". The number of bits in a char (or byte) in C is specified by CHAR_BIT in <limits.h>. CHAR_BIT must be >= 8. (See 5.42.4.2.1, etc.)

Using a literal 8 here assumes CHAR_BIT == 8. It would be better, in terms of portability, to include <limits.h> and use CHAR_BIT here. However, my guess is that getting OpenSSL working on platforms where CHAR_BIT > 8 would require substantial effort and would likely be pointless; if no one's asking for it, no one's likely to use it. (Also, such platforms are generally DSPs which are not likely to be able to run OpenSSL anyway.)

All of these points have already been made in this thread, except for the C&V citations (and with occasional errors such as "the unit for sizeof is chars not bytes" - that's a contradictory statement, since "byte" is a term of art in the C specification and is identical to "char").

-- 
Michael Wojcik
Technology Specialist, Micro Focus



More information about the openssl-users mailing list