[openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d
Matt Caswell
matt at openssl.org
Thu Dec 10 16:53:50 UTC 2015
On 10/12/15 11:55, Jayalakshmi bhat wrote:
> Hi Matt,
>
> Thanks for the patch. Unfortunately patch did not work. I continued
> debugging and found that issue was in constant_time_msb.
>
> static inline unsigned int constant_time_msb(unsigned int a) {
> - *return 0 - (a >> (sizeof(a) * 8 - 1));*
> + return (((unsigned)((int)(a) >> (sizeof(int) * 8 - 1))));
> }
Thanks. Have you analysed why the original version failed? Both versions
look reasonable to me (ignoring the hardcoded 8 - implying a char is 8
bits). I'd really like to understand that before replacing it with
something else which apparently does the same thing. Perhaps you could
post some sample values for "a" and the return value, before and after
your change.
Thanks
Matt
More information about the openssl-users
mailing list