[Fwd: Re: [openssl.org #1998] [PATCH] SHA512 ROTR macro fix for PowerPC using LP32 model]

Sat, 12 Sep 2009 10:14:33 -0700 

Oops. Should have replied to r...@openssl.org. Sorry about duplicate. A.

-------- Original Message --------
Subject: Re: [openssl.org #1998] [PATCH] SHA512 ROTR macro fix for
PowerPC using LP32 model
Date: Sat, 12 Sep 2009 18:57:58 +0200
From: Andy Polyakov <ap...@fy.chalmers.se>
Reply-To: openssl-dev@openssl.org
To: openssl-dev@openssl.org
References: <rt-ticket-1...@openssl.org>
<b71dcb610d2a2f41b8d20b868c6ecead05313...@superfly.netflix.com>
<rt-3.4.5-14104-1249285995-1620.1998-2...@openssl.org>

> I just ran into a bug where SHA384/512 were not being calculated
> correctly on the Cell processor. I tracked it down to the definition of
> the ROTR macro, which is assuming a 64 bit long, but in this case the
> compiler is using the LP32 model so long is 32 bits and the values were
> being truncated. Here is the patch I did that fixes the problem:
> 
> --- sha512.c  2009-07-27 15:04:52.546574000 -0700
> +++ sha512.c  2009-07-27 15:08:07.373452100 -0700
> @@ -344,7 +344,7 @@
>                               ((SHA_LONG64)hi)<<32|lo;        })
>  #   endif
>  #  elif (defined(_ARCH_PPC) && defined(__64BIT__)) ||
> defined(_ARCH_PPC64)
> -#   define ROTR(a,n) ({ unsigned long ret;           \
> +#   define ROTR(a,n) ({ SHA_LONG64 ret;              \
>                               asm ("rotrdi %0,%1,%2"  \
>                               : "=r"(ret)             \
>                               : "r"(a),"K"(n)); ret;  })

Trouble with using rotrdi in ILP32 PPC application context is that there
are PPC OSes that wipe upper halves of registers upon signal delivery.
All PPC OSes do preserve full registers upon context switch, so that the
code works fine in e.g. openssl test suite, but it will eventually fail
in real-life application, one utilizing asynchronous signaling in some
way. The problem would appear sporadic and rare, because signal would
have to be delivered in very specific moments. The only way to safely
use 64-bit instructions in ILP32 process (on these PPC OSes) is to block
signals upon entry to such subroutine and unblock upon return. As for
"these PPC OSes." Both Linux and AIX are ill-behaved, but not MacOS X
(starting with one supporting 64-bit applications).

In other words correct solution for the problem is to make sure the
macro is *not* defined in ILP32 context. Meaning that we have to
reiterate #elif expression instead of fixing the macro. What's your
compiler version? Submit 'gcc -dumpspecs' output (I assume it's gcc). A.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to