tech-security: openssl (libcrypto) repaired for non-32bit arch

Subject: openssl (libcrypto) repaired for non-32bit arch
To: None <tech-security@netbsd.org>
From: Jun-ichiro itojun Hagino <itojun@iijlab.net>
List: tech-security
Date: 09/30/2000 09:50:28
  by mail.netbsd.org with SMTP; 30 Sep 2000 00:52:21 -0000
	by  starfruit.itojun.org (8.11.0/8.11.0) with ESMTP id e8U0oSP08375
	for <tech-security@netbsd.org>; Sat, 30 Sep 2000 09:50:28 +0900 (JST)
Message-Id: <200009300050.e8U0oSP08375@ starfruit.itojun.org>
To: tech-security@netbsd.org
Subject: openssl (libcrypto) repaired for non-32bit arch
From: Jun-ichiro itojun Hagino <itojun@iijlab.net>
Date: Sat, 30 Sep 2000 09:50:28 +0900

	openssl (libcrypto) has been broken for non-32bit architecture,
	like Alpha.  i've committed a fix to main trunc (netbsd-current).

	it was confirmed to be working fine on Alpha and i386, but i need your
	help to make sure it works on all the architectures.
	if you could, please run some of the test programs ships with openssl,
	and test those.  for example, to test big number arithmetic, the
	following should do:
	% cd src/crypto/dist/openssl/crypto/bn
	% cc bntest.c -lcrypto
	% ./a.out
	please send me (or the list) happy or sad results.
	note that shlib major/minor is not cranked.  if it is necessary, i will.
	(after discussion thorpej/cgd convinced me that it is not necessary)


	also, i've changed the way patented crypto algorithm is handled
	(namely, RC5 and IDEA).  from our policy we cannot ship those by
	default, and you need to check their terms and conditions before
	using them (RFC2451 gives a good summary).  libcrypto.a is shipped
	with dummy function, and if you reach any of the dummy functions,
	the function will emit warning to stderr and exit.  also, on linkage
	time you will get warning from the linker.

	to use RC5 and/or IDEA, you need the following steps:
	- build library under src/lib/libcrypto_{idea,rc5}.
	  if you define "MKCRYPTO_IDEA" to "yes" and rebuild the whole tree,
	  that should do the same thing.
	- on your application, link libcrypto_idea before other libcrypto.
	to make the situation a little bit easier, shared library will not be
	built for libcrypto_{idea,rc5}.

	for example, try the following.

itojun


% cd src/crypto/dist/openssl/crypto/idea
% cc ideatest.c -lcrypto
/tmp/cc8mecDE.o: In function `main':
/tmp/cc8mecDE.o(.text+0x1d): IDEA is a patented algorithm; use libcrypto_idea.a
/tmp/cc8mecDE.o(.text+0x113): IDEA is a patented algorithm; use libcrypto_idea.a
/tmp/cc8mecDE.o(.text+0x255): IDEA is a patented algorithm; use libcrypto_idea.a
% ./a.out
IDEA is a patented algorithm; use libcrypto_idea.a
% cc ideatest.c -L/home/itojun/NetBSD/src/lib/libcrypto_idea/obj -lcrypto_idea -lcrypto
% ./a.out
ecb idea ok
cbc idea ok
cfb64 idea ok