> as far as I understand, the problem is rather severe.
> - the problem is still present in 0.9.6beta2.
> - the issue with blowfish will be present for little endian machines
> (like i386). the source of the problem is the (mis)use lf
> n2l()/l2n() in bf_cbc.c. the functions fetch/put cleartext/
> ciphertext in wrong endian.
> - a similar problem seem to be present in des-cbc code, for big endian
> machines, due to (mis) use of c2l()/l2c().
>
> i would like to hear a comment, about how endianness should be handled
> in openssl tree, especially when block cipher functions take a pointer
> to non-char (like BF_LONG = 32bit). if I were to update crypto/*
> functions, i make all the block cipher functions to take
> unsigned char *, not something like BF_LONG *.
cbc test vector on
http://www.counterpane.com/vectors.txt
was generated with the above setting (little-endian machine, ssleay
code) and looks incorrect to me.
itojun
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
