[openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

Jayalakshmi bhat bhat.jayalakshmi at gmail.com
Fri Dec 4 06:53:00 UTC 2015

Hi All,

Recently we have ported OpenSSL 1.0.2d. Everything works perfect except the
below explained issue.

When we enable only TLS 1.0 protocol and select CBC ciphers, TLS handshake
fails with the error "bad record mac".

Error is in function static int ssl3_get_record(SSL *s). Error happens at

if (i < 0 || mac == NULL

           || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0).

CRYPTO_memcmp is failing. I debugged further.

I replaced constant_time_eq_8 usage in s3_cbc.c with the implementation
available in OpenSSL 1.0.1e. Things worked fine.

OpenSSL 1.0.2d has this implementation in constant_time_locl.h. OpenSSL
1.0.1e has this implementation local to s3_cbc.c

Now my question is whatever I did is it correct? Or Do need to replace
complete s3_cbc.c with OpenSSL 1.0.1e?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151204/47109be7/attachment.html>

More information about the openssl-users mailing list