[openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

Jayalakshmi bhat bhat.jayalakshmi at gmail.com
Tue Dec 15 10:53:22 UTC 2015


Hi All,

1. With compiler optimization disabled, OpenSSL 1.0.2d function worked as
it is.
2. Looks like in the below functions, typecast to unsigned char to is not
going well when compiler optimization is enabled. Hence functions are
modified to assign the return value to a volatile unsigned char and then
return the volatile value. Things worked fine.

static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int
b)
static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int
b)
static inline unsigned char constant_time_is_zero_8(unsigned int a)
static inline unsigned char constant_time_eq_8(unsigned int a, unsigned int
b)
static inline unsigned char constant_time_eq_int_8(int a, int b)
static inline unsigned char constant_time_select_8(unsigned char mask,

Matt, Jakob, Andy your explanations were really useful to route cause the
issue to compiler specific. Thanks every one for the valuable time and
fruitful discussion.

Regards
Jaya






On Sun, Dec 13, 2015 at 11:13 AM, Jayalakshmi bhat <
bhat.jayalakshmi at gmail.com> wrote:

> Hi All,
>
>
>
> Thanks for all the responses. As mentioned by Matt in the discussion
> thread,constant_time_msb performs the copy the msb of the input to all of
> the other bits so the return value should either be one of 0x00000000 or
> 0xffffffff.
>
>
>
> I found another interesting thing,constant_time_msb worked as it is
> without any changes, after I added a printf in constant_time_is_zero_8 test
> routine to print the return value. I added the printf just before comparing
> the return value with the expected value.
>
>
>
> I have confirmed the failures by removing the printf and printing any
> thing else other than the returned value.
>
>
>
> Now based on the discussions here and print results I am thinking, after
> constant_time_msb operation probably overflow bit is set in case of
> 0xffffffff. And it is not cleared before comparing, hence compare fails.
> When I add a printf to print the return value probably overflow flag got
> cleared and things worked.
>
>
>
> I am planning to attach the debugger to check the flags. I will get back
> with debugger results.
>
>
>
> I have attached the test file.
>
>
>
> Regards
>
> Jaya
>
>
>
> On Fri, Dec 11, 2015 at 11:30 AM, Jeffrey Walton <noloader at gmail.com>
> wrote:
>
>> > 3. The compiler wasn't written by a fanatic who put
>> >   the "right shift of negative signed values is
>> >   undefined" rule above common sense.
>> >
>> > This is only implementation-defined behavior, not undefined behavior.
>> It is
>> > not permitted to crash the system or launch the missiles.  (n1256.pdf
>> 6.5.7
>> > paragraph 5.)
>>
>> The potential problem with implementation defined is its not
>> guaranteed to produce consistent results. Different compilers or
>> different versions of the same compiler may arrive at different
>> results.
>>
>> In this light, the crash might be welcomed to make it easy to find the
>> trouble spot :)
>> _______________________________________________
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151215/c648b83f/attachment-0001.html>


More information about the openssl-users mailing list