Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

On 12/10/2015 12:09 PM, openssl-us...@dukhovni.org wrote: >> On Dec 10, 2015, at 12:45 PM, Jakob Bohm wrote: >> >> On 10/12/2015 18:33, Viktor Dukhovni wrote: >>> On Thu, Dec 10, 2015 at 04:55:29AM -0700, Jayalakshmi bhat wrote: >>> >>> static inline unsigned int

Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

On 10/12/2015 18:33, Viktor Dukhovni wrote: On Thu, Dec 10, 2015 at 04:55:29AM -0700, Jayalakshmi bhat wrote: static inline unsigned int constant_time_msb(unsigned int a) { - return 0 - (a >> (sizeof(a) * 8 - 1)); + return (((unsigned)((int)(a) >> (sizeof(int) * 8 - 1; } The replacement

Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

> On Dec 10, 2015, at 12:45 PM, Jakob Bohm wrote: > > On 10/12/2015 18:33, Viktor Dukhovni wrote: >> On Thu, Dec 10, 2015 at 04:55:29AM -0700, Jayalakshmi bhat wrote: >> >> >>> static inline unsigned int constant_time_msb(unsigned int a) { >>> - return 0 - (a >>

Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

On 10/12/2015 19:13, Benjamin Kaduk wrote: On 12/10/2015 12:09 PM, openssl-us...@dukhovni.org wrote: On Dec 10, 2015, at 12:45 PM, Jakob Bohm wrote: On 10/12/2015 18:33, Viktor Dukhovni wrote: On Thu, Dec 10, 2015 at 04:55:29AM -0700, Jayalakshmi bhat wrote: static

Re: [openssl-users] OCSP service dependant on time valid CRLs

Bonsoir, The OCSP responder can respond « unknown » if it doesn’t know the status of the requested certificate. « Unknown » can generally not be used when the issuer is not known, because such a response is signed, and if the responder doesn’t know about the issuer, it can’t choose its own

Re: [openssl-users] OCSP service dependant on time valid CRLs

Thanks for chiming in Erwann. This OCSP service is CRL based. The software I am using has a "default signing certificate". I also have #X CA specific signing certificates for each CA in our lab PKI. It chooses to use the default signing certificate for all unknown issuers (like if someone

Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

On 12/10/2015 11:45 AM, Jakob Bohm wrote: > 3. The compiler wasn't written by a fanatic who put > the "right shift of negative signed values is > undefined" rule above common sense. This is only implementation-defined behavior, not undefined behavior. It is not permitted to crash the system

Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

On 09/12/15 23:13, Benjamin Kaduk wrote: > On 12/09/2015 05:04 PM, Matt Caswell wrote: >> >> On 09/12/15 11:44, Jayalakshmi bhat wrote: >>> Hi Matt, >>> >>> I could build and execute the constant_time_test. I have attached the .c >>> file and test results. 34 tests have failed. All failures are

Re: [openssl-users] OPENSSL_VERSION_NUMBER and TLSv1_1 & TLSv1_2 supports

Le 08/12/2015 18:16, Jakob Bohm a écrit : On 07/12/2015 11:52, zosrothko wrote: Hi Jacob I saw that in ssl.h, the 'NO' particule means no support of as for example /* Don't use RFC4507 ticket extension */ # define SSL_OP_NO_TICKET0x4000L What does mean the 'NO' in

Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

On 10/12/15 04:47, Viktor Dukhovni wrote: > On Wed, Dec 09, 2015 at 11:04:35PM +, Matt Caswell wrote: > >> unsigned char c = op(a, b); >> if (is_true && c != CONSTTIME_TRUE_8) { >> printf( "Test failed for %s(%du, %du): expected %u " >> "(TRUE), got %u at

Re: [openssl-users] force to use /dev/random for openssl fips module

xxiao, have you changed the code to also increase the timeout and not try to use other devices to get entropy? If /dev/random is blocking at the time, it may run into issues trying to look for other sources of entropy than giving up. On Tue, Dec 8, 2015 at 8:25 PM, xxiao8

Re: [openssl-users] Failed TLSv1.2 handshake

Update: after I disabled aes-gcm the server selected TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) and the connection succeeded (disabling aes-gcm also disabled the available ciphers with SHA384 so it's not clear whether that was the culprit or not). So things are working again but still not sure

Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

On Wed, Dec 09, 2015 at 05:13:32PM -0600, Benjamin Kaduk wrote: > C does not make such a guarantee, though recent-ish POSIX does. (This > system is a windows one, thought, right?) There are DSPs that only support 32 bit, they don't have a concept of 8 bit. But I think there is various code that

Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

On Thu, Dec 10, 2015 at 04:55:29AM -0700, Jayalakshmi bhat wrote: > Hi Matt, > > Thanks for the patch. Unfortunately patch did not work. I continued > debugging and found that issue was in constant_time_msb. > > static inline unsigned int constant_time_msb(unsigned int a) { > -*return 0 - (a

Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

Hi Matt, Thanks for the patch. Unfortunately patch did not work. I continued debugging and found that issue was in constant_time_msb. static inline unsigned int constant_time_msb(unsigned int a) { -*return 0 - (a >> (sizeof(a) * 8 - 1));* + return (((unsigned)((int)(a) >> (sizeof(int) * 8 -

Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

On 12/10/2015 05:55 AM, Jayalakshmi bhat wrote: > Hi Matt, > > Thanks for the patch. Unfortunately patch did not work. I continued > debugging and found that issue was in constant_time_msb. > > static inline unsigned int constant_time_msb(unsigned int a) { > -*return 0 - (a >> (sizeof(a) * 8 -

Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

On Thu, Dec 10, 2015 at 04:55:29AM -0700, Jayalakshmi bhat wrote: > static inline unsigned int constant_time_msb(unsigned int a) { > - return 0 - (a >> (sizeof(a) * 8 - 1)); > + return (((unsigned)((int)(a) >> (sizeof(int) * 8 - 1; > } The replacement is not right. This function is

Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

On Thu, Dec 10, 2015 at 6:55 AM, Jayalakshmi bhat wrote: > Hi Matt, > > Thanks for the patch. Unfortunately patch did not work. I continued > debugging and found that issue was in constant_time_msb. > > static inline unsigned int constant_time_msb(unsigned int a) { > -

Re: [openssl-users] OCSP service dependant on time valid CRLs

Hi Walter, I agree with your addition regarding the fact that it is not saying the cert is good, it's saying unknown. However, my understanding of the RFC is that unknown should be returned when the OCSP service does not know about the certificate issuer. I'm not sure that's the case. Regarding

Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

On 10/12/15 17:04, Benjamin Kaduk wrote: > On 12/10/2015 05:55 AM, Jayalakshmi bhat wrote: >> Hi Matt, >> >> Thanks for the patch. Unfortunately patch did not work. I continued >> debugging and found that issue was in constant_time_msb. >> >> static inline unsigned int constant_time_msb(unsigned

Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

On 11/12/2015 00:16, Kurt Roeckx wrote: On Wed, Dec 09, 2015 at 05:13:32PM -0600, Benjamin Kaduk wrote: C does not make such a guarantee, though recent-ish POSIX does. (This system is a windows one, thought, right?) There are DSPs that only support 32 bit, they don't have a concept of 8 bit.

Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

On 10/12/15 11:55, Jayalakshmi bhat wrote: > Hi Matt, > > Thanks for the patch. Unfortunately patch did not work. I continued > debugging and found that issue was in constant_time_msb. > > static inline unsigned int constant_time_msb(unsigned int a) { > -*return 0 - (a >> (sizeof(a) * 8 -

Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

On 10/12/2015 17:53, Matt Caswell wrote: On 10/12/15 11:55, Jayalakshmi bhat wrote: Hi Matt, Thanks for the patch. Unfortunately patch did not work. I continued debugging and found that issue was in constant_time_msb. static inline unsigned int constant_time_msb(unsigned int a) { -*return

[openssl-users] OpenSSL version 1.1.0 pre release 1 published

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.1.0 pre release 1 (alpha) === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ OpenSSL 1.1.0 is currently in alpha. OpenSSL 1.1.0 pre release 1 has now

[openssl-users] OCSP service dependant on time valid CRLs

Hello, I was researching how expired CRLs affect revocation checking via openssl. * TEST #1: *The first test was to find out what status is returned when i verify a certificate against the CRL: [dan@canttouchthis PKI]$ openssl verify -CAfile CAS/cabundle.pem -CRLfile CRLS/ABC-expired.crl

Re: [openssl-users] OCSP service dependant on time valid CRLs

Hi Dan, On 10.12.2015 16:27, daniel bryan wrote: *TEST #2: *Next test was using OCSP: [dan@canttouchthis PKI]$ openssl ocsp -CAfile CAS/cabundle.pem -VAfile VAS/def_ocsp.pem -issuer CAS/IC\ ABC\ CA3\ DEV.cer -cert CERTS/0x500c8bd-revoked.pem -url http://ocspresponder:8080 /Response verify