Subject: Re: openssl build on 64bit arch
To: matthew green <mrg@eterna.com.au>
From: None <itojun@iijlab.net>
List: tech-security
Date: 09/06/2000 08:27:20
by mail.netbsd.org with SMTP; 5 Sep 2000 23:27:26 -0000
by coconut.itojun.org (8.9.3+3.2W/3.7W) with ESMTP id IAA24775;
Wed, 6 Sep 2000 08:27:20 +0900 (JST)
To: matthew green <mrg@eterna.com.au>
cc: thorpej@netbsd.org, tech-security@netbsd.org
In-reply-to: mrg's message of Wed, 06 Sep 2000 10:11:21 +1100.
<25398.968195481@eterna.com.au>
Subject: Re: openssl build on 64bit arch
From: itojun@iijlab.net
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----- =_aaaaaaaaaa0"
Content-ID: <24763.968196384.0@coconut.itojun.org>
Date: Wed, 06 Sep 2000 08:27:20 +0900
Message-ID: <24773.968196440@coconut.itojun.org>
------- =_aaaaaaaaaa0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <24763.968196384.1@coconut.itojun.org>
Content-Transfer-Encoding: 7bit
>i suggest you contact the openssl people ASAP and find out
>their input before deciding what to do.
I see, I did.
itojun
------- =_aaaaaaaaaa0
Content-Type: message/rfc822
To: openssl-dev@openssl.org
Subject: behavior on top of LP64
From: itojun@iijlab.net
Date: Wed, 06 Sep 2000 08:25:23 +0900
Message-ID: <24732.968196323@coconut.itojun.org>
I'd like to know about the intended behavior on 64bit architecture
machines.
in many places, it seems to me that "unsigned long" is assumed to be
32bit. For example, in des.h and blowfish.h, it seems that the code
assume that unsigned long is 32bit. otherwise, we can't pass a pointer
to bytestream into bf_encrypt and encrypt/decrypt functions become less
useful (NOTE: I understand alignment constraint difference in pointer
cast - please put that aside for now).
/* this one does not work if we have 64bit unsigned long */
char *p = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
char q[8];
BF_KEY k;
des_encrypt((BF_LONG *)p, (BF_LONG *)q, &k);
it is also true for internal source code level. it is assumed that
unsigned long is 32bit. I had troubles making openssl work on
alpha and possibly sparc64 (on top of NetBSD).
also, it bothers me that include files has many #ifdefs. if some third
party application defines a symbol which is used in openssl headers,
the API openssl headers present will get different from the real
API in the compiled binary.
I'm trying to go through all of these and rewrite as much as possible,
including:
- nuke all visible #ifdef in headers in include/openssl, to get
stable behavior. #ifdef is in local headers (des_locl.h) or
Makefiles.
- use types like uint32_t or u_int32_t, when we want a type with
fixed size. if these types are not available, find them at
configuration time.
it may involve some updates into build framework (like Configure and
Makefile.ssl).
is it worth a effort, or do I misunderstand something?
itojun
------- =_aaaaaaaaaa0--