CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi All,



Recently we have ported OpenSSL 1.0.2d. Everything works perfect except the
below explained issue.



When we enable only TLS 1.0 protocol and select CBC ciphers, TLS handshake
fails with the error "bad record mac".



Error is in function static int ssl3_get_record(SSL *s). Error happens at



if (i < 0 || mac == NULL

           || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0).





CRYPTO_memcmp is failing. I debugged further.



I replaced constant_time_eq_8 usage in s3_cbc.c with the implementation
available in OpenSSL 1.0.1e. Things worked fine.



OpenSSL 1.0.2d has this implementation in constant_time_locl.h. OpenSSL
1.0.1e has this implementation local to s3_cbc.c



Now my question is whatever I did is it correct? Or Do need to replace
complete s3_cbc.c with OpenSSL 1.0.1e?




Regards

Jaya
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151204/47109be7/attachment.html>


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux