[openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d
Kurt Roeckx
kurt at roeckx.be
Thu Dec 10 23:28:04 UTC 2015
On Thu, Dec 10, 2015 at 04:55:29AM -0700, Jayalakshmi bhat wrote:
> Hi Matt,
>
> Thanks for the patch. Unfortunately patch did not work. I continued
> debugging and found that issue was in constant_time_msb.
>
> static inline unsigned int constant_time_msb(unsigned int a) {
> - *return 0 - (a >> (sizeof(a) * 8 - 1));*
> + return (((unsigned)((int)(a) >> (sizeof(int) * 8 - 1))));
> }
This looks a revert of commit
d2fa182988afa33d9e950358de406cc9fb36d000
It was changed because of the implementation defined behaviour,
and we would like to avoid that. See RT ticket #3558.
Kurt
More information about the openssl-users
mailing list