[openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d
Jakob Bohm
jb-openssl at wisemo.com
Thu Dec 10 17:45:01 UTC 2015
On 10/12/2015 18:33, Viktor Dukhovni wrote:
> On Thu, Dec 10, 2015 at 04:55:29AM -0700, Jayalakshmi bhat wrote:
>
>> static inline unsigned int constant_time_msb(unsigned int a) {
>> - return 0 - (a >> (sizeof(a) * 8 - 1));
>> + return (((unsigned)((int)(a) >> (sizeof(int) * 8 - 1))));
>> }
> The replacement is not right. This function is supposed to return
> 0xfffffff for inputs with the high bit set, and 0x0000000 for inputs
> with the high bit not set. Could you try:
>
> static inline unsigned int constant_time_msb(unsigned int a) {
> return 0 - (a >> ((int)(sizeof(a) * 8 - 1)));
> }
>
> Just in case the compiler is promoting "a" to the (larger?) size
> of sizeof(a), which would cause an unsigned "a" to get a zero MSB,
> while a signed "a" would be promoted "correctly".
Look again, he is casting a to signed, then doing an
arithmetic right shift to extend the msb (sign bit)
to the rest of the word. This works on 3 conditions:
1. The platform is actually using twos complement.
2. The signed right shift function invoked by the C
compiler is a sign-preserving ("arithmetic") shift.
3. The compiler wasn't written by a fanatic who put
the "right shift of negative signed values is
undefined" rule above common sense.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151210/6f9aa448/attachment.html>
More information about the openssl-users
mailing list