[openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

Jeffrey Walton noloader at gmail.com
Thu Dec 10 16:58:30 UTC 2015

On Thu, Dec 10, 2015 at 6:55 AM, Jayalakshmi bhat
<bhat.jayalakshmi at gmail.com> wrote:
> Hi Matt,
> Thanks for the patch. Unfortunately patch did not work. I continued
> debugging and found that issue was in constant_time_msb.
> static inline unsigned int constant_time_msb(unsigned int a) {
> -    return 0 - (a >> (sizeof(a) * 8 - 1));
> + return (((unsigned)((int)(a) >> (sizeof(int) * 8 - 1))));
> }

Forgive me for commenting... That looks questionable to me. C has some
non-intuitive rules, and usually one casts to an unsigned type during
shifts to avoid undefined behavior.

I would definitely build out a test case for it. Ensure the test cases
include a value with and without the high bit set on a 2's compliment
machine. Then, run it under GCC or Clang's Undefined Behavior
sanitizer. For GCC you need 4.9 or above. For Clang, you need 3.2 or

I *think* Ben or Richard has a test build configuration that applies
the sanitizers.


More information about the openssl-users mailing list