I have to do some testing tomorrow and I'll post my results and a packet capture .. N ________________________________ From: openssl-users [openssl-users-bounces@xxxxxxxxxxx] on behalf of Jayalakshmi bhat [bhat.jayalakshmi@xxxxxxxxx] Sent: December 6, 2015 9:18 PM To: openssl-users at openssl.org Subject: Re: CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d Hi All, Is there inputs or suggestions. Thanks and Regards Jaya On Fri, Dec 4, 2015 at 11:37 AM, Jayalakshmi bhat <bhat.jayalakshmi at gmail.com<mailto:bhat.jayalakshmi at gmail.com>> wrote: Hi Matt, s3_cbc.c uses the function constant_time_eq_8. I pulled only this function definition from OpenSSL 1.0.1e into OpenSSL 1.0.2d. I renamed this function as constant_time_eq_8_local and used it in s3_cbc.c instead of constant_time_eq_8. This renaming was just to avoid multiple definitions. OpenSSL 1.0.1e has the function constant_time_eq_8 defined as below: #define DUPLICATE_MSB_TO_ALL(x) ( (unsigned)( (int)(x) >> (sizeof(int)*8-1) ) ) #define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned char)(DUPLICATE_MSB_TO_ALL(x))) static unsigned char constant_time_eq_8(unsigned a, unsigned b) { unsigned c = a ^ b; c--; return DUPLICATE_MSB_TO_ALL_8(c); } OpenSSL 1.0.2d has the function constant_time_eq_8 defined as below. static inline unsigned int constant_time_msb(unsigned int a) { return 0 - (a >> (sizeof(a) * 8 - 1)); } static inline unsigned int constant_time_is_zero(unsigned int a) { return constant_time_msb(~a & (a - 1)); } static inline unsigned int constant_time_eq(unsigned int a, unsigned int b) { return constant_time_is_zero(a ^ b); } static inline unsigned char constant_time_eq_8(unsigned int a, unsigned int b) { return (unsigned char)(constant_time_eq(a, b)); } Regards Jaya On Fri, Dec 4, 2015 at 7:04 PM, Matt Caswell <matt at openssl.org<mailto:matt at openssl.org>> wrote: On 04/12/15 11:31, Jayalakshmi bhat wrote: > Hi Matt, > > Thanks a lot for the response. > > Is your application a client or a server? Are both ends using > OpenSSL 1.0.2d? If not, what is the other end using? >>>Our device has both TLS client,server apps. As client, device communicates with radius server, LDAP server etc.As > server device is accessed using various web browsers. > Hence both the end will not be OpenSSL 1.0.2d. > > How exactly are you doing that? Which specific cipher are you seeing fail? >>> We have provided user option to select TLS protocol versions similar to the browsers. Depending upon the user configurations we set the protocol flags (SSL_OP_NO_TLSv1,SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2) in the SSL context using SSL_CTX_clear_options/SSL_CTX_set_options. >>> We have provided user option to chose ciphers as well. > All these are in the application space,no changes have been done and > they have been working good with OpenSSL 1.0.1c. Only the library is > upgraded to OpenSSL 1.0.2d.I have used AES256-CBC and AES128 CBC ciphers > and with both the ciphers issue is seen. > > Are you able to provide a packet capture? >>> Please find the attached traces for server mode. > What O/S is this on? >>>This is built for WinCE and Vxworks Thanks. Please could you also send the exact patch that you applied that resolved the issue? Matt _______________________________________________ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151207/9b1985af/attachment.html>
