Just finnished a compilation of openssl (snap 0301) for a RTOS on
powerpc with DIAB compiler. Got some comments/findings:
#1 crypto/x509v3/v3_alt.c uses sscanf. Unfortunately sscanf
pulls in all kinda of crap from the compiler c lib.
dld: warning: Undefined symbol __write in file stdfn.o(libi.a)
dld: warning: Undefined symbol __errno_fn in file
ldexp.o(/usr/diab/4.1a3/PPCES/libcfp.a)
dld: warning: Undefined symbol __close in file fclose.o(libi.a)
dld: warning: Undefined symbol __isatty in file stdfn.o(libi.a)
dld: warning: Undefined symbol __read in file stdfn.o(libi.a)
The write/read/errno I use are special embedded versions
and the above should be avoided at all costs (errno not
process specific etc).
My patch to avoid this one use of sscanf is below:
#if 1
unsigned long ipaddr_n;
if((ipaddr_n = inet_addr(value)) == (unsigned long)-1)
{
X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_IP_ADDRESS);
ERR_add_error_data(2, "value=", value);
goto err;
}
memcpy(ip, &ipaddr_n, 4);
#else
if((sscanf(value, "%d.%d.%d.%d",&i1,&i2,&i3,&i4) != 4) ||
(i1 < 0) || (i1 > 255) || (i2 < 0) || (i2 > 255) ||
(i3 < 0) || (i3 > 255) || (i4 < 0) || (i4 > 255) ) {
X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_IP_ADDRESS);
ERR_add_error_data(2, "value=", value);
goto err;
}
ip[0] = i1; ip[1] = i2 ; ip[2] = i3 ; ip[3] = i4;
#endif
Since inet_addr may not be available for non-socket system
openssl should include a local version of it (plenty around).
openssl would be easier to run embedded if sscanf was avoided
in the future.
#2 rand/md_rand.c. The '#ifdef DEVRANDOM' is commented out.
Why is this? What if no DEVRANDOM exists? Also, the lack of
ifdef is not consistent with the DEVRANDOM ifdef in the top of
the function. Also, how is the random code coping with the
lack of extra seed?
#3 Possible lack of syslog. The syslog BIO module 'bss_log.c'
wants syslog but the OS may not have that functionality.
Not sure how openssl group want to handle stuff like this
so I have no suggestion here. I simply removed bss_log
from the Makefile in crypto/bio to continue.
#4 Whats the purpose of crypto/tmdiff.c? I find no references
to it from the other C files. IS it going to be part of
the API? Why is this file compiled at all. I had to remove
it since my target did have struct tms or timeb.
#5 Could des/read_pwd be changed to not have any code if
none of TERMIOS, TERMIO, SGTTY exists. The RTOS I use
have none of them and I leave it to the user to write
des_read_pw_string and des_read_pw.
#6 ctx_size in crypto/pem. I have CC to my DIAB cross
compiler but ctz_size is part of the build and needs
to be built with a host compiler. ctz_size is also
built with CC though :( Suggestions/changes plz.
#7 (cosmetical). The MS_STATIC can be good for RTOS
targets as well. The name gives me the chill though.
Can it be changed to something more explanatory as
well as nicer sounding, e.g. PRESERVE_STACK_STATIC.
I dont know.
#8 Each subdirectory should have one C file that includes
the 'modules' other C files (much like the crypto.c/ssl.c)
but for each directory. I failed to compile crypto.c,
was too large :(. There could be a few advantages to
have one C file per module instead of the 400+ C files
today. One would be less name space pollution and another
would be performance. Having a macro (e.g. GLOBAL) in
front of each function in a module that is only used by
any of the other modules files is one way to do it. GLOBAL
would be defined to nothing for the multi-file mode but
when used with the 'one C file per module' it should be
static. This will lead to performance increase as well
as less namespace pollution. (my linker file is huge
when I run the s_Server example on target :( ) The way
I see it, the main reason to have so many C files per
module is to save code if a certain function is not used.
But if that is not the case, then it is only spammy. As a
side note, I got an 8% performance increase when I did
the above to an embedded TCP/IP stack that I wrote.
All for now :)
Cheers,
Lennart Bang
TCP/IP knudel.
[EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
