Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

[Jayalakshmi bhat]

Hi All,

1. With compiler optimization disabled, OpenSSL 1.0.2d function worked as
it is.
2. Looks like in the below functions, typecast to unsigned char to is not
going well when compiler optimization is enabled. Hence functions are
modified to assign the return value to a volatile unsigned char and then
return the volatile value. Things worked fine.

static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int
b)
static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int
b)
static inline unsigned char constant_time_is_zero_8(unsigned int a)
static inline unsigned char constant_time_eq_8(unsigned int a, unsigned int
b)
static inline unsigned char constant_time_eq_int_8(int a, int b)
static inline unsigned char constant_time_select_8(unsigned char mask,

Matt, Jakob, Andy your explanations were really useful to route cause the
issue to compiler specific. Thanks every one for the valuable time and
fruitful discussion.

Regards
Jaya






On Sun, Dec 13, 2015 at 11:13 AM, Jayalakshmi bhat <
bhat.jayalaks...@gmail.com> wrote:

> Hi All,
>
>
>
> Thanks for all the responses. As mentioned by Matt in the discussion
> thread,constant_time_msb performs the copy the msb of the input to all of
> the other bits so the return value should either be one of 0x or
> 0x.
>
>
>
> I found another interesting thing,constant_time_msb worked as it is
> without any changes, after I added a printf in constant_time_is_zero_8 test
> routine to print the return value. I added the printf just before comparing
> the return value with the expected value.
>
>
>
> I have confirmed the failures by removing the printf and printing any
> thing else other than the returned value.
>
>
>
> Now based on the discussions here and print results I am thinking, after
> constant_time_msb operation probably overflow bit is set in case of
> 0x. And it is not cleared before comparing, hence compare fails.
> When I add a printf to print the return value probably overflow flag got
> cleared and things worked.
>
>
>
> I am planning to attach the debugger to check the flags. I will get back
> with debugger results.
>
>
>
> I have attached the test file.
>
>
>
> Regards
>
> Jaya
>
>
>
> On Fri, Dec 11, 2015 at 11:30 AM, Jeffrey Walton 
> wrote:
>
>> > 3. The compiler wasn't written by a fanatic who put
>> >   the "right shift of negative signed values is
>> >   undefined" rule above common sense.
>> >
>> > This is only implementation-defined behavior, not undefined behavior.
>> It is
>> > not permitted to crash the system or launch the missiles.  (n1256.pdf
>> 6.5.7
>> > paragraph 5.)
>>
>> The potential problem with implementation defined is its not
>> guaranteed to produce consistent results. Different compilers or
>> different versions of the same compiler may arrive at different
>> results.
>>
>> In this light, the crash might be welcomed to make it easy to find the
>> trouble spot :)
>> ___
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
>
>
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Errors building 1.0.2e on Mac OS X 10.7.5

[James Brown]

I know the OS is a bit old, but thought I’d better upgrade OpenSSL on it in now.

To configure I used:

./Configure --prefix=/usr/local shared darwin64-x86_64-cc

Running make gives lots of errors like this:

cc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include  -fPIC 
-fno-common -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN 
-DHAVE_DLFCN_H -arch x86_64 -O3 -DL_ENDIAN -Wall -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM 
-DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -c  -o md5-x86_64.o md5-x86_64.s
ar  r ../../libcrypto.a md5_dgst.o md5_one.o md5-x86_64.o
/usr/bin/ranlib: file: ../../libcrypto.a(ebcdic.o) has no symbols
/usr/bin/ranlib: file: ../../libcrypto.a(fips_ers.o) has no symbols
/usr/bin/ranlib ../../libcrypto.a || echo Never mind.
/usr/bin/ranlib: file: ../../libcrypto.a(ebcdic.o) has no symbols
/usr/bin/ranlib: file: ../../libcrypto.a(fips_ers.o) has no symbols
making all in crypto/sha…

before ending:

x86_64-mont.s:957:2: error: invalid instruction mnemonic 'adoxq'
 adoxq %r15,%r10
 ^
x86_64-mont.s:959:2: error: invalid instruction mnemonic 'adcxq'
 adcxq %rax,%r10
 ^
x86_64-mont.s:960:2: error: invalid instruction mnemonic 'adoxq'
 adoxq %r15,%r11
 ^
x86_64-mont.s:962:2: error: invalid instruction mnemonic 'adcxq'
 adcxq %rax,%r11
 ^
x86_64-mont.s:963:2: error: invalid instruction mnemonic 'adoxq'
 adoxq %r15,%r12
 ^
x86_64-mont.s:966:2: error: invalid instruction mnemonic 'adcxq'
 adcxq %rax,%r12
 ^
x86_64-mont.s:967:2: error: invalid instruction mnemonic 'adoxq'
 adoxq %r15,%r13
 ^
x86_64-mont.s:972:2: error: invalid instruction mnemonic 'adcxq'
 adcxq %rax,%r13
 ^
x86_64-mont.s:973:2: error: invalid instruction mnemonic 'adoxq'
 adoxq %rbp,%r15
 ^
make[2]: *** [x86_64-mont.o] Error 1
make[1]: *** [subdirs] Error 1
make: *** [build_crypto] Error 1

This worked with 1.0.1 versions.

Any suggestions?

Thanks,

James.

smime.p7s
Description: S/MIME cryptographic signature
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

[Andy Polyakov]

> 1. With compiler optimization disabled, OpenSSL 1.0.2d function worked
> as it is.

Another indication in favour of compiler bug is that it worked when you
added printf. It's similar to quantum physics when by measuring you
force particle to specific state. But understand me correctly. I'm not
saying that quantum physics apply in this case, it's just a *fun* way to
look at it. As compiler doesn't know what printf does, it's forced to
normalize value for "measurement". Same essentially applies to
volatilization. I mean variables declared volatile are meant for
*external* consumption/"measurement".

___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Engines mess

[Dmitry Belyavsky]

Hello,

Could you explain the engine management in the openssl 1.0.2e?

I load an engine via openssl config specifying the path using the
dynamic_path directive and provide some engine-specific directives.

When I call the dgst command

dgst -sha1 -engine myengine -keyform engine -sign mykey -out signature

I see that the ENGINE_free function is not called after the setup_engine()
call from line 220 of dgst.c. It's the 4th call to the ENGINE_free
function, there was a call to ENGINE_free for my engine and 2 calls to
ENGINE_free to the dynamic engine.

Here I get the fields struct_ref = 4, funct_ref = 3, and it seems strange
to me.

It also seems to me that it should be a call to ENGINE_free at the end of
openssl app call to free the resources (e.g. engine error strings), but
there is no one.

Could you explain my mistakes?

Thank you!

-- 
SY, Dmitry Belyavsky
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users