[openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d
Matt Caswell
matt at openssl.org
Thu Dec 10 09:41:07 UTC 2015
On 10/12/15 04:47, Viktor Dukhovni wrote:
> On Wed, Dec 09, 2015 at 11:04:35PM +0000, Matt Caswell wrote:
>
>> unsigned char c = op(a, b);
>> if (is_true && c != CONSTTIME_TRUE_8) {
>> printf( "Test failed for %s(%du, %du): expected %u "
>> "(TRUE), got %u at line %d\n", op_name, a, b,
>> CONSTTIME_TRUE_8, c,__LINE__);
>
> It is best to not leave "c" to the vagaries of stdarg argument
> handling. Rather, it would better to explicitly convert it to an
> unsigned long, and print that.
>
>> Test failed for constant_time_eq_8(0u, 0u): expected 255 (TRUE), got
>> 4294967295 at line 85
>
>> That big number in the output is actually 0x7FFFFFFF in hex.
>
> Actually it is 0xffffffff, that is a 32-bit "-1".
Doh! Thanks. Looks like a bug in the online converter I was using:
http://www.binaryhexconverter.com/decimal-to-hex-converter
Matt
More information about the openssl-users
mailing list