CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 07/12/15 05:18, Jayalakshmi bhat wrote:
> Hi All,
> 
> Is there inputs or suggestions.

Have you run the tests on this platform? i.e. "make test"

I'm particular interested to know if the constant_time_test passed.

Matt


> 
> Thanks and Regards
> Jaya
> 
> On Fri, Dec 4, 2015 at 11:37 AM, Jayalakshmi bhat
> <bhat.jayalakshmi at gmail.com <mailto:bhat.jayalakshmi at gmail.com>> wrote:
> 
>     Hi Matt,
> 
>     s3_cbc.c uses the function constant_time_eq_8. I pulled only this
>     function definition from OpenSSL 1.0.1e into OpenSSL 1.0.2d. I
>     renamed this function as constant_time_eq_8_local and used it in
>     s3_cbc.c instead of constant_time_eq_8. This renaming was just to
>     avoid multiple definitions. 
> 
>     OpenSSL 1.0.1e has the function constant_time_eq_8 defined as below: 
>     *
>     *
>     *
>     #define DUPLICATE_MSB_TO_ALL(x) ( (unsigned)( (int)(x) >>
>     (sizeof(int)*8-1) ) )
>     #define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned
>     char)(DUPLICATE_MSB_TO_ALL(x)))
>     *
>     *
>     *
>     *static unsigned char constant_time_eq_8(unsigned a, unsigned b)*
>     *{*
>     *unsigned c = a ^ b;*
>     *c--;*
>     *return DUPLICATE_MSB_TO_ALL_8(c);*
>     *}*
> 
>     OpenSSL 1.0.2d has the function constant_time_eq_8 defined as below.
> 
>     static inline unsigned int constant_time_msb(unsigned int a)
>     {
>         return 0 - (a >> (sizeof(a) * 8 - 1));
>     }
> 
>     static inline unsigned int constant_time_is_zero(unsigned int a)
>     {
>         return constant_time_msb(~a & (a - 1));
>     }
> 
>     static inline unsigned int constant_time_eq(unsigned int a, unsigned
>     int b)
>     {
>         return constant_time_is_zero(a ^ b);
>     }
> 
>     static inline unsigned char constant_time_eq_8(unsigned int a,
>     unsigned int b)
>     {
>         return (unsigned char)(constant_time_eq(a, b));
>     }
> 
> 
>     Regards
>     Jaya
> 
>     On Fri, Dec 4, 2015 at 7:04 PM, Matt Caswell <matt at openssl.org
>     <mailto:matt at openssl.org>> wrote:
> 
> 
> 
>         On 04/12/15 11:31, Jayalakshmi bhat wrote:
>         > Hi Matt,
>         >
>         > Thanks a lot for the response.
>         >
>         > Is your application a client or a server? Are both ends using
>         > OpenSSL 1.0.2d? If not, what is the other end using?
>         >>>Our device has both TLS client,server apps. As client, device communicates with radius server, LDAP server etc.As
>         > server device is accessed using various web browsers.
>         > Hence both the end will not be OpenSSL 1.0.2d.
>         >
>         > How exactly are you doing that? Which specific cipher are you seeing fail?
>         >>> We have provided user option to select TLS protocol versions similar to the browsers. Depending upon the user configurations we set the protocol flags (SSL_OP_NO_TLSv1,SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2) in the SSL context using SSL_CTX_clear_options/SSL_CTX_set_options.
>         >>> We have provided user option to chose ciphers as well.
>         > All these are in the application space,no changes have been done and
>         > they have been working good with OpenSSL 1.0.1c. Only the library is
>         > upgraded to OpenSSL 1.0.2d.I have used AES256-CBC and AES128 CBC ciphers
>         > and with both the ciphers issue is seen.
>         >
>         > Are you able to provide a packet capture?
>         >>> Please find the attached traces for server mode.
>         > What O/S is this on?
>         >>>This is built for WinCE and Vxworks
> 
>         Thanks. Please could you also send the exact patch that you
>         applied that
>         resolved the issue?
> 
>         Matt
>         _______________________________________________
>         openssl-users mailing list
>         To unsubscribe:
>         https://mta.openssl.org/mailman/listinfo/openssl-users
> 
> 
> 
> 
> 
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> 


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux