[openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

Matt Caswell matt at openssl.org
Wed Dec 9 23:04:35 UTC 2015

On 09/12/15 11:44, Jayalakshmi bhat wrote:
> Hi Matt,
> I could build and execute the constant_time_test. I have attached the .c
> file and test results. 34 tests have failed. All failures are
> around constant_time_eq_8. This is the function I had mentioned in the
> earlier mails.

Not quite all. There is also a failure right at the beginning of your
log in constant_time_is_zero_8. Although it looks very similar to the
constant_time_eq_8 failure.

As to the failure it is very strange. This is the function doing the test:

 int test_binary_op_8(unsigned
                            char (*op) (unsigned int a, unsigned int b),
                            const char *op_name, unsigned int a,
                            unsigned int b, int is_true)
    unsigned char c = op(a, b);
    if (is_true && c != CONSTTIME_TRUE_8) {
        printf( "Test failed for %s(%du, %du): expected %u "
                "(TRUE), got %u at line %d\n", op_name, a, b,
        return 1;
    } else if (!is_true && c != CONSTTIME_FALSE_8) {
        printf( "Test failed for  %s(%du, %du): expected %u "
                "(FALSE), got %u at line %d\n", op_name, a, b,
        return 1;
	printf( "Test passed for %s(%du, %du): expected %u got %u at line %d
with %s\n", op_name, a, b, CONSTTIME_TRUE_8,
    return 0;

and the output we see in the log file is:

Test failed for constant_time_eq_8(0u, 0u): expected 255 (TRUE), got
4294967295 at line 85

That big number in the output is actually 0x7FFFFFFF in hex. The
variable that it is printing here is "c" which is declared as an
"unsigned char".

Please someone correct me if I'm wrong but doesn't the C spec guarantee
that a "char" is 8 bits? In which case how can the value of "c" be
greater than 255?????

Am I missing something?

BTW can we modify the code above to print the value of sizeof(c)?


More information about the openssl-users mailing list