diff options
author | Damien Miller <djm@cvs.openbsd.org> | 2010-10-01 23:00:33 +0000 |
---|---|---|
committer | Damien Miller <djm@cvs.openbsd.org> | 2010-10-01 23:00:33 +0000 |
commit | ccdc0e94a35b40211ed9cda6c74f69cc296776d2 (patch) | |
tree | 0d61c0f65676aa8f0f40dc49c55247c6cb6adfe8 | |
parent | 6e886d91fda7de0b37b2d175e4b972c6c8f0f0cb (diff) |
add missing; yay for cvs!
-rw-r--r-- | lib/libssl/src/PROBLEMS | 197 | ||||
-rw-r--r-- | lib/libssl/src/crypto/Makefile | 199 | ||||
-rw-r--r-- | lib/libssl/src/crypto/buildinf.h | 6 |
3 files changed, 402 insertions, 0 deletions
diff --git a/lib/libssl/src/PROBLEMS b/lib/libssl/src/PROBLEMS new file mode 100644 index 00000000000..ed3c1745352 --- /dev/null +++ b/lib/libssl/src/PROBLEMS @@ -0,0 +1,197 @@ +* System libcrypto.dylib and libssl.dylib are used by system ld on MacOS X. + + + NOTE: The problem described here only applies when OpenSSL isn't built + with shared library support (i.e. without the "shared" configuration + option). If you build with shared library support, you will have no + problems as long as you set up DYLD_LIBRARY_PATH properly at all times. + + +This is really a misfeature in ld, which seems to look for .dylib libraries +along the whole library path before it bothers looking for .a libraries. This +means that -L switches won't matter unless OpenSSL is built with shared +library support. + +The workaround may be to change the following lines in apps/Makefile and +test/Makefile: + + LIBCRYPTO=-L.. -lcrypto + LIBSSL=-L.. -lssl + +to: + + LIBCRYPTO=../libcrypto.a + LIBSSL=../libssl.a + +It's possible that something similar is needed for shared library support +as well. That hasn't been well tested yet. + + +Another solution that many seem to recommend is to move the libraries +/usr/lib/libcrypto.0.9.dylib, /usr/lib/libssl.0.9.dylib to a different +directory, build and install OpenSSL and anything that depends on your +build, then move libcrypto.0.9.dylib and libssl.0.9.dylib back to their +original places. Note that the version numbers on those two libraries +may differ on your machine. + + +As long as Apple doesn't fix the problem with ld, this problem building +OpenSSL will remain as is. + + +* Parallell make leads to errors + +While running tests, running a parallell make is a bad idea. Many test +scripts use the same name for output and input files, which means different +will interfere with each other and lead to test failure. + +The solution is simple for now: don't run parallell make when testing. + + +* Bugs in gcc triggered + +- According to a problem report, there are bugs in gcc 3.0 that are + triggered by some of the code in OpenSSL, more specifically in + PEM_get_EVP_CIPHER_INFO(). The triggering code is the following: + + header+=11; + if (*header != '4') return(0); header++; + if (*header != ',') return(0); header++; + + What happens is that gcc might optimize a little too agressively, and + you end up with an extra incrementation when *header != '4'. + + We recommend that you upgrade gcc to as high a 3.x version as you can. + +- According to multiple problem reports, some of our message digest + implementations trigger bug[s] in code optimizer in gcc 3.3 for sparc64 + and gcc 2.96 for ppc. Former fails to complete RIPEMD160 test, while + latter - SHA one. + + The recomendation is to upgrade your compiler. This naturally applies to + other similar cases. + +- There is a subtle Solaris x86-specific gcc run-time environment bug, which + "falls between" OpenSSL [0.9.8 and later], Solaris ld and GCC. The bug + manifests itself as Segmentation Fault upon early application start-up. + The problem can be worked around by patching the environment according to + http://www.openssl.org/~appro/values.c. + +* solaris64-sparcv9-cc SHA-1 performance with WorkShop 6 compiler. + +As subject suggests SHA-1 might perform poorly (4 times slower) +if compiled with WorkShop 6 compiler and -xarch=v9. The cause for +this seems to be the fact that compiler emits multiplication to +perform shift operations:-( To work the problem around configure +with './Configure solaris64-sparcv9-cc -DMD32_REG_T=int'. + +* Problems with hp-parisc2-cc target when used with "no-asm" flag + +When using the hp-parisc2-cc target, wrong bignum code is generated. +This is due to the SIXTY_FOUR_BIT build being compiled with the +O3 +aggressive optimization. +The problem manifests itself by the BN_kronecker test hanging in an +endless loop. Reason: the BN_kronecker test calls BN_generate_prime() +which itself hangs. The reason could be tracked down to the bn_mul_comba8() +function in bn_asm.c. At some occasions the higher 32bit value of r[7] +is off by 1 (meaning: calculated=shouldbe+1). Further analysis failed, +as no debugger support possible at +O3 and additional fprintf()'s +introduced fixed the bug, therefore it is most likely a bug in the +optimizer. +The bug was found in the BN_kronecker test but may also lead to +failures in other parts of the code. +(See Ticket #426.) + +Workaround: modify the target to +O2 when building with no-asm. + +* Problems building shared libraries on SCO OpenServer Release 5.0.6 + with gcc 2.95.3 + +The symptoms appear when running the test suite, more specifically +test/ectest, with the following result: + +OSSL_LIBPATH="`cd ..; pwd`"; LD_LIBRARY_PATH="$OSSL_LIBPATH:$LD_LIBRARY_PATH"; DYLD_LIBRARY_PATH="$OSSL_LIBPATH:$DYLD_LIBRARY_PATH"; SHLIB_PATH="$OSSL_LIBPATH:$SHLIB_PATH"; LIBPATH="$OSSL_LIBPATH:$LIBPATH"; if [ "debug-sco5-gcc" = "Cygwin" ]; then PATH="${LIBPATH}:$PATH"; fi; export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; ./ectest +ectest.c:186: ABORT + +The cause of the problem seems to be that isxdigit(), called from +BN_hex2bn(), returns 0 on a perfectly legitimate hex digit. Further +investigation shows that any of the isxxx() macros return 0 on any +input. A direct look in the information array that the isxxx() use, +called __ctype, shows that it contains all zeroes... + +Taking a look at the newly created libcrypto.so with nm, one can see +that the variable __ctype is defined in libcrypto's .bss (which +explains why it is filled with zeroes): + +$ nm -Pg libcrypto.so | grep __ctype +__ctype B 0011659c +__ctype2 U + +Curiously, __ctype2 is undefined, in spite of being declared in +/usr/include/ctype.h in exactly the same way as __ctype. + +Any information helping to solve this issue would be deeply +appreciated. + +NOTE: building non-shared doesn't come with this problem. + +* ULTRIX build fails with shell errors, such as "bad substitution" + and "test: argument expected" + +The problem is caused by ULTRIX /bin/sh supporting only original +Bourne shell syntax/semantics, and the trouble is that the vast +majority is so accustomed to more modern syntax, that very few +people [if any] would recognize the ancient syntax even as valid. +This inevitably results in non-trivial scripts breaking on ULTRIX, +and OpenSSL isn't an exclusion. Fortunately there is workaround, +hire /bin/ksh to do the job /bin/sh fails to do. + +1. Trick make(1) to use /bin/ksh by setting up following environ- + ment variables *prior* you execute ./Configure and make: + + PROG_ENV=POSIX + MAKESHELL=/bin/ksh + export PROG_ENV MAKESHELL + + or if your shell is csh-compatible: + + setenv PROG_ENV POSIX + setenv MAKESHELL /bin/ksh + +2. Trick /bin/sh to use alternative expression evaluator. Create + following 'test' script for example in /tmp: + + #!/bin/ksh + ${0##*/} "$@" + + Then 'chmod a+x /tmp/test; ln /tmp/test /tmp/[' and *prepend* + your $PATH with chosen location, e.g. PATH=/tmp:$PATH. Alter- + natively just replace system /bin/test and /bin/[ with the + above script. + +* hpux64-ia64-cc fails blowfish test. + +Compiler bug, presumably at particular patch level. It should be noted +that same compiler generates correct 32-bit code, a.k.a. hpux-ia64-cc +target. Drop optimization level to +O2 when compiling 64-bit bf_skey.o. + +* no-engines generates errors. + +Unfortunately, the 'no-engines' configuration option currently doesn't +work properly. Use 'no-hw' and you'll will at least get no hardware +support. We'll see how we fix that on OpenSSL versions past 0.9.8. + +* 'make test' fails in BN_sqr [commonly with "error 139" denoting SIGSEGV] + if elder GNU binutils were deployed to link shared libcrypto.so. + +As subject suggests the failure is caused by a bug in elder binutils, +either as or ld, and was observed on FreeBSD and Linux. There are two +options. First is naturally to upgrade binutils, the second one - to +reconfigure with additional no-sse2 [or 386] option passed to ./config. + +* If configured with ./config no-dso, toolkit still gets linked with -ldl, + which most notably poses a problem when linking with dietlibc. + +We don't have framework to associate -ldl with no-dso, therefore the only +way is to edit Makefile right after ./config no-dso and remove -ldl from +EX_LIBS line. diff --git a/lib/libssl/src/crypto/Makefile b/lib/libssl/src/crypto/Makefile new file mode 100644 index 00000000000..c1033f6d776 --- /dev/null +++ b/lib/libssl/src/crypto/Makefile @@ -0,0 +1,199 @@ +# +# OpenSSL/crypto/Makefile +# + +DIR= crypto +TOP= .. +CC= cc +INCLUDE= -I. -I$(TOP) -I../include $(ZLIB_INCLUDE) +# INCLUDES targets sudbirs! +INCLUDES= -I.. -I../.. -I../asn1 -I../evp -I../../include $(ZLIB_INCLUDE) +CFLAG= -g +MAKEDEPPROG= makedepend +MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) +MAKEFILE= Makefile +RM= rm -f +AR= ar r + +RECURSIVE_MAKE= [ -n "$(SDIRS)" ] && for i in $(SDIRS) ; do \ + (cd $$i && echo "making $$target in $(DIR)/$$i..." && \ + $(MAKE) -e TOP=../.. DIR=$$i INCLUDES='$(INCLUDES)' $$target ) || exit 1; \ + done; + +PEX_LIBS= +EX_LIBS= + +CFLAGS= $(INCLUDE) $(CFLAG) +ASFLAGS= $(INCLUDE) $(ASFLAG) +AFLAGS=$(ASFLAGS) +CPUID_OBJ=mem_clr.o + +LIBS= + +GENERAL=Makefile README crypto-lib.com install.com + +LIB= $(TOP)/libcrypto.a +SHARED_LIB= libcrypto$(SHLIB_EXT) +LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c o_dir.c +LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o $(CPUID_OBJ) + +SRC= $(LIBSRC) + +EXHEADER= crypto.h opensslv.h opensslconf.h ebcdic.h symhacks.h \ + ossl_typ.h +HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + @(cd ..; $(MAKE) DIRS=$(DIR) all) + +all: shared + +buildinf.h: ../Makefile + ( echo "#ifndef MK1MF_BUILD"; \ + echo ' /* auto-generated by crypto/Makefile for crypto/cversion.c */'; \ + echo ' #define CFLAGS "$(CC) $(CFLAG)"'; \ + echo ' #define PLATFORM "$(PLATFORM)"'; \ + echo " #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \ + echo '#endif' ) >buildinf.h + +x86cpuid.s: x86cpuid.pl perlasm/x86asm.pl + $(PERL) x86cpuid.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ + +applink.o: $(TOP)/ms/applink.c + $(CC) $(CFLAGS) -c -o $@ $(TOP)/ms/applink.c + +uplink.o: $(TOP)/ms/uplink.c applink.o + $(CC) $(CFLAGS) -c -o $@ $(TOP)/ms/uplink.c + +uplink-cof.s: $(TOP)/ms/uplink.pl + $(PERL) $(TOP)/ms/uplink.pl coff > $@ + +x86_64cpuid.s: x86_64cpuid.pl + $(PERL) x86_64cpuid.pl $(PERLASM_SCHEME) > $@ +ia64cpuid.s: ia64cpuid.S + $(CC) $(CFLAGS) -E ia64cpuid.S > $@ +ppccpuid.s: ppccpuid.pl; $(PERL) ppccpuid.pl $(PERLASM_SCHEME) $@ + +testapps: + [ -z "$(THIS)" ] || ( if echo $(SDIRS) | fgrep ' des '; \ + then cd des && $(MAKE) -e des; fi ) + [ -z "$(THIS)" ] || ( cd pkcs7 && $(MAKE) -e testapps ); + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + +subdirs: + @target=all; $(RECURSIVE_MAKE) + +files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO + @target=files; $(RECURSIVE_MAKE) + +links: + @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl ../test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS) + @target=links; $(RECURSIVE_MAKE) + +# lib: $(LIB): are splitted to avoid end-less loop +lib: $(LIB) + @touch lib +$(LIB): $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) || echo Never mind. + +shared: buildinf.h lib subdirs + if [ -n "$(SHARED_LIBS)" ]; then \ + (cd ..; $(MAKE) $(SHARED_LIB)); \ + fi + +libs: + @target=lib; $(RECURSIVE_MAKE) + +install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ;\ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + @target=install; $(RECURSIVE_MAKE) + +lint: + @target=lint; $(RECURSIVE_MAKE) + +depend: + @[ -z "$(THIS)" -o -f buildinf.h ] || touch buildinf.h # fake buildinf.h if it does not exist + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC) + @[ -z "$(THIS)" -o -s buildinf.h ] || rm buildinf.h + @[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) ) + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + +clean: + rm -f buildinf.h *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + @target=clean; $(RECURSIVE_MAKE) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + rm -f opensslconf.h + @target=dclean; $(RECURSIVE_MAKE) + +# DO NOT DELETE THIS LINE -- make depend depends on it. + +cpt_err.o: ../include/openssl/bio.h ../include/openssl/crypto.h +cpt_err.o: ../include/openssl/e_os2.h ../include/openssl/err.h +cpt_err.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h +cpt_err.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +cpt_err.o: ../include/openssl/safestack.h ../include/openssl/stack.h +cpt_err.o: ../include/openssl/symhacks.h cpt_err.c +cryptlib.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h +cryptlib.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +cryptlib.o: ../include/openssl/err.h ../include/openssl/lhash.h +cryptlib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +cryptlib.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h +cryptlib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.c +cryptlib.o: cryptlib.h +cversion.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h +cversion.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +cversion.o: ../include/openssl/err.h ../include/openssl/lhash.h +cversion.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +cversion.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h +cversion.o: ../include/openssl/stack.h ../include/openssl/symhacks.h buildinf.h +cversion.o: cryptlib.h cversion.c +ebcdic.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h ebcdic.c +ex_data.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h +ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +ex_data.o: ../include/openssl/err.h ../include/openssl/lhash.h +ex_data.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ex_data.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h +ex_data.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h +ex_data.o: ex_data.c +mem.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h +mem.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +mem.o: ../include/openssl/err.h ../include/openssl/lhash.h +mem.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +mem.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h +mem.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h +mem.o: mem.c +mem_clr.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +mem_clr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +mem_clr.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h +mem_clr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h mem_clr.c +mem_dbg.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h +mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +mem_dbg.o: ../include/openssl/err.h ../include/openssl/lhash.h +mem_dbg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +mem_dbg.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h +mem_dbg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h +mem_dbg.o: mem_dbg.c +o_dir.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h +o_dir.o: LPdir_unix.c o_dir.c o_dir.h +o_str.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h +o_str.o: o_str.c o_str.h +o_time.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_time.c +o_time.o: o_time.h +uid.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +uid.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +uid.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h +uid.o: ../include/openssl/stack.h ../include/openssl/symhacks.h uid.c diff --git a/lib/libssl/src/crypto/buildinf.h b/lib/libssl/src/crypto/buildinf.h new file mode 100644 index 00000000000..957f09d5fdc --- /dev/null +++ b/lib/libssl/src/crypto/buildinf.h @@ -0,0 +1,6 @@ +#ifndef MK1MF_BUILD + /* auto-generated by crypto/Makefile for crypto/cversion.c */ + #define CFLAGS "cc -O" + #define PLATFORM "dist" + #define DATE "Sat Aug 21 10:52:09 EST 2010" +#endif |