summaryrefslogtreecommitdiffstats
path: root/openssl/PROBLEMS
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/PROBLEMS')
-rw-r--r--openssl/PROBLEMS213
1 files changed, 0 insertions, 213 deletions
diff --git a/openssl/PROBLEMS b/openssl/PROBLEMS
deleted file mode 100644
index 3eaab01..0000000
--- a/openssl/PROBLEMS
+++ /dev/null
@@ -1,213 +0,0 @@
-* System libcrypto.dylib and libssl.dylib are used by system ld on MacOS X.
-
-
- NOTE: The problem described here only applies when OpenSSL isn't built
- with shared library support (i.e. without the "shared" configuration
- option). If you build with shared library support, you will have no
- problems as long as you set up DYLD_LIBRARY_PATH properly at all times.
-
-
-This is really a misfeature in ld, which seems to look for .dylib libraries
-along the whole library path before it bothers looking for .a libraries. This
-means that -L switches won't matter unless OpenSSL is built with shared
-library support.
-
-The workaround may be to change the following lines in apps/Makefile and
-test/Makefile:
-
- LIBCRYPTO=-L.. -lcrypto
- LIBSSL=-L.. -lssl
-
-to:
-
- LIBCRYPTO=../libcrypto.a
- LIBSSL=../libssl.a
-
-It's possible that something similar is needed for shared library support
-as well. That hasn't been well tested yet.
-
-
-Another solution that many seem to recommend is to move the libraries
-/usr/lib/libcrypto.0.9.dylib, /usr/lib/libssl.0.9.dylib to a different
-directory, build and install OpenSSL and anything that depends on your
-build, then move libcrypto.0.9.dylib and libssl.0.9.dylib back to their
-original places. Note that the version numbers on those two libraries
-may differ on your machine.
-
-
-As long as Apple doesn't fix the problem with ld, this problem building
-OpenSSL will remain as is. Well, the problem was addressed in 0.9.8f by
-passing -Wl,-search_paths_first, but it's unknown if the flag was
-supported from the initial MacOS X release.
-
-
-* Parallell make leads to errors
-
-While running tests, running a parallell make is a bad idea. Many test
-scripts use the same name for output and input files, which means different
-will interfere with each other and lead to test failure.
-
-The solution is simple for now: don't run parallell make when testing.
-
-
-* Bugs in gcc triggered
-
-- According to a problem report, there are bugs in gcc 3.0 that are
- triggered by some of the code in OpenSSL, more specifically in
- PEM_get_EVP_CIPHER_INFO(). The triggering code is the following:
-
- header+=11;
- if (*header != '4') return(0); header++;
- if (*header != ',') return(0); header++;
-
- What happens is that gcc might optimize a little too agressively, and
- you end up with an extra incrementation when *header != '4'.
-
- We recommend that you upgrade gcc to as high a 3.x version as you can.
-
-- According to multiple problem reports, some of our message digest
- implementations trigger bug[s] in code optimizer in gcc 3.3 for sparc64
- and gcc 2.96 for ppc. Former fails to complete RIPEMD160 test, while
- latter - SHA one.
-
- The recomendation is to upgrade your compiler. This naturally applies to
- other similar cases.
-
-- There is a subtle Solaris x86-specific gcc run-time environment bug, which
- "falls between" OpenSSL [0.9.8 and later], Solaris ld and GCC. The bug
- manifests itself as Segmentation Fault upon early application start-up.
- The problem can be worked around by patching the environment according to
- http://www.openssl.org/~appro/values.c.
-
-* solaris64-sparcv9-cc SHA-1 performance with WorkShop 6 compiler.
-
-As subject suggests SHA-1 might perform poorly (4 times slower)
-if compiled with WorkShop 6 compiler and -xarch=v9. The cause for
-this seems to be the fact that compiler emits multiplication to
-perform shift operations:-( To work the problem around configure
-with './Configure solaris64-sparcv9-cc -DMD32_REG_T=int'.
-
-* Problems with hp-parisc2-cc target when used with "no-asm" flag
-
-When using the hp-parisc2-cc target, wrong bignum code is generated.
-This is due to the SIXTY_FOUR_BIT build being compiled with the +O3
-aggressive optimization.
-The problem manifests itself by the BN_kronecker test hanging in an
-endless loop. Reason: the BN_kronecker test calls BN_generate_prime()
-which itself hangs. The reason could be tracked down to the bn_mul_comba8()
-function in bn_asm.c. At some occasions the higher 32bit value of r[7]
-is off by 1 (meaning: calculated=shouldbe+1). Further analysis failed,
-as no debugger support possible at +O3 and additional fprintf()'s
-introduced fixed the bug, therefore it is most likely a bug in the
-optimizer.
-The bug was found in the BN_kronecker test but may also lead to
-failures in other parts of the code.
-(See Ticket #426.)
-
-Workaround: modify the target to +O2 when building with no-asm.
-
-* Problems building shared libraries on SCO OpenServer Release 5.0.6
- with gcc 2.95.3
-
-The symptoms appear when running the test suite, more specifically
-test/ectest, with the following result:
-
-OSSL_LIBPATH="`cd ..; pwd`"; LD_LIBRARY_PATH="$OSSL_LIBPATH:$LD_LIBRARY_PATH"; DYLD_LIBRARY_PATH="$OSSL_LIBPATH:$DYLD_LIBRARY_PATH"; SHLIB_PATH="$OSSL_LIBPATH:$SHLIB_PATH"; LIBPATH="$OSSL_LIBPATH:$LIBPATH"; if [ "debug-sco5-gcc" = "Cygwin" ]; then PATH="${LIBPATH}:$PATH"; fi; export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; ./ectest
-ectest.c:186: ABORT
-
-The cause of the problem seems to be that isxdigit(), called from
-BN_hex2bn(), returns 0 on a perfectly legitimate hex digit. Further
-investigation shows that any of the isxxx() macros return 0 on any
-input. A direct look in the information array that the isxxx() use,
-called __ctype, shows that it contains all zeroes...
-
-Taking a look at the newly created libcrypto.so with nm, one can see
-that the variable __ctype is defined in libcrypto's .bss (which
-explains why it is filled with zeroes):
-
-$ nm -Pg libcrypto.so | grep __ctype
-__ctype B 0011659c
-__ctype2 U
-
-Curiously, __ctype2 is undefined, in spite of being declared in
-/usr/include/ctype.h in exactly the same way as __ctype.
-
-Any information helping to solve this issue would be deeply
-appreciated.
-
-NOTE: building non-shared doesn't come with this problem.
-
-* ULTRIX build fails with shell errors, such as "bad substitution"
- and "test: argument expected"
-
-The problem is caused by ULTRIX /bin/sh supporting only original
-Bourne shell syntax/semantics, and the trouble is that the vast
-majority is so accustomed to more modern syntax, that very few
-people [if any] would recognize the ancient syntax even as valid.
-This inevitably results in non-trivial scripts breaking on ULTRIX,
-and OpenSSL isn't an exclusion. Fortunately there is workaround,
-hire /bin/ksh to do the job /bin/sh fails to do.
-
-1. Trick make(1) to use /bin/ksh by setting up following environ-
- ment variables *prior* you execute ./Configure and make:
-
- PROG_ENV=POSIX
- MAKESHELL=/bin/ksh
- export PROG_ENV MAKESHELL
-
- or if your shell is csh-compatible:
-
- setenv PROG_ENV POSIX
- setenv MAKESHELL /bin/ksh
-
-2. Trick /bin/sh to use alternative expression evaluator. Create
- following 'test' script for example in /tmp:
-
- #!/bin/ksh
- ${0##*/} "$@"
-
- Then 'chmod a+x /tmp/test; ln /tmp/test /tmp/[' and *prepend*
- your $PATH with chosen location, e.g. PATH=/tmp:$PATH. Alter-
- natively just replace system /bin/test and /bin/[ with the
- above script.
-
-* hpux64-ia64-cc fails blowfish test.
-
-Compiler bug, presumably at particular patch level. It should be noted
-that same compiler generates correct 32-bit code, a.k.a. hpux-ia64-cc
-target. Drop optimization level to +O2 when compiling 64-bit bf_skey.o.
-
-* no-engines generates errors.
-
-Unfortunately, the 'no-engines' configuration option currently doesn't
-work properly. Use 'no-hw' and you'll will at least get no hardware
-support. We'll see how we fix that on OpenSSL versions past 0.9.8.
-
-* 'make test' fails in BN_sqr [commonly with "error 139" denoting SIGSEGV]
- if elder GNU binutils were deployed to link shared libcrypto.so.
-
-As subject suggests the failure is caused by a bug in elder binutils,
-either as or ld, and was observed on FreeBSD and Linux. There are two
-options. First is naturally to upgrade binutils, the second one - to
-reconfigure with additional no-sse2 [or 386] option passed to ./config.
-
-* If configured with ./config no-dso, toolkit still gets linked with -ldl,
- which most notably poses a problem when linking with dietlibc.
-
-We don't have framework to associate -ldl with no-dso, therefore the only
-way is to edit Makefile right after ./config no-dso and remove -ldl from
-EX_LIBS line.
-
-* hpux-parisc2-cc no-asm build fails with SEGV in ECDSA/DH.
-
-Compiler bug, presumably at particular patch level. Remaining
-hpux*-parisc*-cc configurations can be affected too. Drop optimization
-level to +O2 when compiling bn_nist.o.
-
-* solaris64-sparcv9-cc link failure
-
-Solaris 8 ar can fail to maintain symbol table in .a, which results in
-link failures. Apply 109147-09 or later or modify Makefile generated
-by ./Configure solaris64-sparcv9-cc and replace RANLIB assignment with
-
- RANLIB= /usr/ccs/bin/ar rs