Hi, I'm currently working on a port of OpenSSL (0.9.6) to the AS/400. The first part of this project, getting the code to compile, has gone much better than I expected, largely due to IBM's GNU utilities which provide a more UNIX-like build environment than before.
I've only done a couple of quick manual tests (I only finished compiling yesterday), but it looks like the main problem that will arise will be ASCII/EBCDIC issues. I've a quite a bit of experience with these, but before I delve any deeper into the code, I'd like to ask what other developments have been done in this area. I note that the Configure script refers to "SIEMENS BS2000/OSD: an EBCDIC-based mainframe", and the use of the CHARSET_EBCDIC definition. From my quick test, it looks like this flag doesn't work in the way that I would expect. The main problem in my experience should be the same as dealing with ASCII socket protocols like HTTP, i.e. handling binary information like encrypted strings alongside text data like the "-----BEGIN CERTIFICATE-----" string at the start of a certificate. The native charset of the AS/400 would be EBCDIC, so reading a certificate file in binary mode, the text data is read as ASCII hex, whereas text strings defined in the code will be EBCDIC hex, so character and string comparisons will fail. If I build openssl with CHARSET_EBCDIC not defined, it fails to recognise a certificate, presumably because it fails to find the "-----BEGIN CERTIFICATE-----" string. With CHARSET_EBCDIC defined, I get a Base64 decode error, presumably because the encrypted data has been passed through an ASCII/EBCDIC filter as well. Before I look any deeper, can you confirm that this is the case (that CHARSET_EBCDIC just implements a crude ASCII/EBCDIC conversion filter), then I can think about what strategy I need to employ to work around this. It could be a lot more work than I had hoped ... unless I can get the compiler to handle strings as ASCII, which is in theory possible. It could be that this will more of a long-term project if that is the case. But assuming things go reasonably well, what would I do from there? I'm by no means an SSL or encryption expert, so the project would only get as far as producing a version of OpenSSL that passes the build tests and would work for us, and I couldn't necessarily promise to test future versions of OpenSSL. But I would guess that you would be interested in a contribution, assuming my managers don't object. No promises though, this is not a core development for us, so I'm just progressing it as a background task. Of course if you have any other golden words of porting advice, they are gratefully received. Regards, G. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
