OpenSSL 0.9.8 with AIX 5.2

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

OpenSSL 0.9.8 with AIX 5.2

Tom Spence
Hello,
 
I have very small problem but it won't running...  Please help me...  Here is what I got:
 
# ./Configure aix-gcc
.... (no problem)
# make
....
gcc -I.. -I../.. -I../../include -DOPENSSL_THREADS -D_THREAD_SAFE -DDSO_DLFCN -DHAVE_DLFCN_H -O -DB_ENDIAN -c  -o aix_ppc32.o aix_ppc32.s
(It stops right there for forever)
 
Any idea???  I appreciate your help.  Thanks.


(__[TomCigar]___{{{{~~~
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL 0.9.8 with AIX 5.2

Stewart Dean-2
why not take the binary IBM supplies and supports?

Tom Spence wrote:

> Hello,
>  
> I have very small problem but it won't running...  Please help me...  
> Here is what I got:
>  
> # ./Configure aix-gcc
> .... (no problem)
> # make
> ....
> gcc -I.. -I../.. -I../../include -DOPENSSL_THREADS -D_THREAD_SAFE
> -DDSO_DLFCN -DHAVE_DLFCN_H -O -DB_ENDIAN -c  -o aix_ppc32.o aix_ppc32.s
> (It stops right there for forever)
>  
> Any idea???  I appreciate your help.  Thanks.
>
>
> (__[TomCigar]___{{{{~~~

--
====
Stewart Dean, Unix System Admin, Henderson Computer Resources
Center of Bard College, Annandale-on-Hudson, New York  12504
[hidden email]  voice: 845-758-7475, fax: 845-758-7035

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL 0.9.8 with AIX 5.2

Tom Spence
Good idea and where can I find?  BULL GROUP Website?

Stewart Dean <[hidden email]> wrote:
why not take the binary IBM supplies and supports?

Tom Spence wrote:

> Hello,
>
> I have very small problem but it won't running... Please help me...
> Here is what I got:
>
> # ./Configure aix-gcc
> .... (no problem)
> # make
> ....
> gcc -I.. -I../.. -I../../include -DOPENSSL_THREADS -D_THREAD_SAFE
> -DDSO_DLFCN -DHAVE_DLFCN_H -O -DB_ENDIAN -c -o aix_ppc32.o aix_ppc32.s
> (It stops right there for forever)
>
> Any idea??? I appreciate your help. Thanks.
>
>
> (__[TomCigar]___{{{{~~~

--
====
Stewart Dean, Unix System Admin, Henderson Computer Resources
Center of Bard College, Annandale-on-Hudson, New York 12504
[hidden email] voice: 845-758-7475, fax: 845-758-7035

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [hidden email]
Automated List Manager [hidden email]


(__[TomCigar]___{{{{~~~
Reply | Threaded
Open this post in threaded view
|

IBM's OpenSSL binaries

Stewart Dean-2
This is free, although:
1) you have to register
2) the latest copy is 9.7d
Note that:
1) it is in RPM format
2) OPen SSH is available from the same page, though in installp format
(use smitty)
3) both may have their libraries in funny places (typically IBM, they
know better), so if you compile other stuff that is looking for
libraries, etc., you 'll have to figure out where to point them.  for
ssh, look in the .toc after you download the installables and run:
inutoc .
for ssl, use the rpm I forget the command that tells you where the stuff is.

https://www6.software.ibm.com/dl/aixtbx/aixtbx-i?S_PKG=dlaixww&S_TACT=&S_CMP=

Tom Spence wrote:

> Good idea and where can I find?  BULL GROUP Website?
>
> */Stewart Dean <[hidden email]>/* wrote:
>
>     why not take the binary IBM supplies and supports?
>
>     Tom Spence wrote:
>      > Hello,
>      >
>      > I have very small problem but it won't running... Please help me...
>      > Here is what I got:
>      >
>      > # ./Configure aix-gcc
>      > .... (no problem)
>      > # make
>      > ....
>      > gcc -I.. -I../.. -I../../include -DOPENSSL_THREADS -D_THREAD_SAFE
>      > -DDSO_DLFCN -DHAVE_DLFCN_H -O -DB_ENDIAN -c -o aix_ppc32.o
>     aix_ppc32.s
>      > (It stops right there for forever)
>      >
>      > Any idea??? I appreciate your help. Thanks.
>      >
>      >
>      > (__[TomCigar]___{{{{~~~
>
>     --
>     ====
>     Stewart Dean, Unix System Admin, Henderson Computer Resources
>     Center of Bard College, Annandale-on-Hudson, New York 12504
>     [hidden email] voice: 845-758-7475, fax: 845-758-7035
>
>     ______________________________________________________________________
>     OpenSSL Project http://www.openssl.org
>     User Support Mailing List [hidden email]
>     Automated List Manager [hidden email]
>
>
>
> (__[TomCigar]___{{{{~~~

--
====
Stewart Dean, Unix System Admin, Henderson Computer Resources
Center of Bard College, Annandale-on-Hudson, New York  12504
[hidden email]  voice: 845-758-7475, fax: 845-758-7035

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL 0.9.8 with AIX 5.2

Jacques Lebastard
In reply to this post by Tom Spence
Tom Spence a écrit :

> Hello,
>  
> I have very small problem but it won't running...  Please help me...  
> Here is what I got:
>  
> # ./Configure aix-gcc
> .... (no problem)
> # make
> ....
> gcc -I.. -I../.. -I../../include -DOPENSSL_THREADS -D_THREAD_SAFE
> -DDSO_DLFCN -DHAVE_DLFCN_H -O -DB_ENDIAN -c  -o aix_ppc32.o aix_ppc32.s
> (It stops right there for forever)
>  
> Any idea???  I appreciate your help.  Thanks.

I could not find a way to successfully build OpenSSL (at least from
version 0.9.7g) without using IBM's C/C++ compiler :-(

--
Mr. Jacques LEBASTARD            mailto:[hidden email]
EVIDIAN S.A.                     www.evidian.com
Rue Jean Jaurès                  Tel: +33 1 30 80 77 86
F-78340 LES CLAYES SOUS BOIS     Fax: +33 1 30 80 77 99

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL 0.9.8 with AIX 5.2

Franz, Paul
In reply to this post by Tom Spence
I have but, it has been awhile. I was able to do it under AIX 5.1 and I ran "configure" using custom options. They are:

./config no-idea no-threads -fPIC

The original system that was running 5.1 is now upgraded to 5.3 and have to switch to the IBM C/C++ compiler due to no gcc compiler being available last time I checked 4 months ago.

Paul Franz

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Jacques Lebastard
Sent: Monday, July 18, 2005 3:07 AM
To: [hidden email]
Subject: [Glog_SPAM]Re: OpenSSL 0.9.8 with AIX 5.2

Tom Spence a écrit :

> Hello,
>  
> I have very small problem but it won't running...  Please help me...  
> Here is what I got:
>  
> # ./Configure aix-gcc
> .... (no problem)
> # make
> ....
> gcc -I.. -I../.. -I../../include -DOPENSSL_THREADS -D_THREAD_SAFE
> -DDSO_DLFCN -DHAVE_DLFCN_H -O -DB_ENDIAN -c  -o aix_ppc32.o aix_ppc32.s
> (It stops right there for forever)
>  
> Any idea???  I appreciate your help.  Thanks.

I could not find a way to successfully build OpenSSL (at least from
version 0.9.7g) without using IBM's C/C++ compiler :-(

--
Mr. Jacques LEBASTARD            mailto:[hidden email]
EVIDIAN S.A.                     www.evidian.com
Rue Jean Jaurès                  Tel: +33 1 30 80 77 86
F-78340 LES CLAYES SOUS BOIS     Fax: +33 1 30 80 77 99

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL 0.9.8 with AIX 5.2

Tom Spence
In reply to this post by Jacques Lebastard
Excatly!!!  That's why, I can't use OpenSSL 0.9.8 so I have to stay with 0.9.7g for now.
 
But I don't understand this one...  I have 21 servers...  Only one server (AIX 5.2 with GCC) accepted with OpenSSL 0.9.8 but 20 servers can't...  Isn't strange?  :-(
 
Tom

Jacques Lebastard <[hidden email]> wrote:
Tom Spence a écrit :

> Hello,
>
> I have very small problem but it won't running... Please help me...
> Here is what I got:
>
> # ./Configure aix-gcc
> .... (no problem)
> # make
> ....
> gcc -I.. -I../.. -I../../include -DOPENSSL_THREADS -D_THREAD_SAFE
> -DDSO_DLFCN -DHAVE_DLFCN_H -O -DB_ENDIAN -c -o aix_ppc32.o aix_ppc32.s
> (It stops right there for forever)
>
> Any idea??? I appreciate your help. Thanks.

I could not find a way to successfully build OpenSSL (at least from
version 0.9.7g) without using IBM's C/C++ compiler :-(

--
Mr. Jacques LEBASTARD mailto:[hidden email]
EVIDIAN S.A. www.evidian.com
Rue Jean Jaurès Tel: +33 1 30 80 77 86
F-78340 LES CLAYES SOUS BOIS Fax: +33 1 30 80 77 99

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [hidden email]
Automated List Manager [hidden email]


(__[TomCigar]___{{{{~~~
Reply | Threaded
Open this post in threaded view
|

RE: OpenSSL 0.9.8 with AIX 5.2

Franz, Paul
In reply to this post by Tom Spence
BTW, that was for compiling 0.9.7e

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Franz, Paul
Sent: Monday, July 18, 2005 6:16 AM
To: [hidden email]
Subject: Re: OpenSSL 0.9.8 with AIX 5.2

I have but, it has been awhile. I was able to do it under AIX 5.1 and I ran "configure" using custom options. They are:

./config no-idea no-threads -fPIC

The original system that was running 5.1 is now upgraded to 5.3 and have to switch to the IBM C/C++ compiler due to no gcc compiler being available last time I checked 4 months ago.

Paul Franz

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Jacques Lebastard
Sent: Monday, July 18, 2005 3:07 AM
To: [hidden email]
Subject: [Glog_SPAM]Re: OpenSSL 0.9.8 with AIX 5.2

Tom Spence a écrit :

> Hello,
>  
> I have very small problem but it won't running...  Please help me...  
> Here is what I got:
>  
> # ./Configure aix-gcc
> .... (no problem)
> # make
> ....
> gcc -I.. -I../.. -I../../include -DOPENSSL_THREADS -D_THREAD_SAFE
> -DDSO_DLFCN -DHAVE_DLFCN_H -O -DB_ENDIAN -c  -o aix_ppc32.o aix_ppc32.s
> (It stops right there for forever)
>  
> Any idea???  I appreciate your help.  Thanks.

I could not find a way to successfully build OpenSSL (at least from
version 0.9.7g) without using IBM's C/C++ compiler :-(

--
Mr. Jacques LEBASTARD            mailto:[hidden email]
EVIDIAN S.A.                     www.evidian.com
Rue Jean Jaurès                  Tel: +33 1 30 80 77 86
F-78340 LES CLAYES SOUS BOIS     Fax: +33 1 30 80 77 99

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL 0.9.8 with AIX 5.2

Tom Spence
In reply to this post by Tom Spence
I kept researched why it stopped at aix_ppc32.o aix_ppc32.s...
 
Now I found the problem...
 
My AIX 5.1 doesn't have /dev/random and /dev/urandom!!!  So where can I get /dev/random and /dev/urandom?  Or How can I install them?
 
I appreciate your help.  Thanks.
 
Tom

Tom Spence <[hidden email]> wrote:
Excatly!!!  That's why, I can't use OpenSSL 0.9.8 so I have to stay with 0.9.7g for now.
 
But I don't understand this one...  I have 21 servers...  Only one server (AIX 5.2 with GCC) accepted with OpenSSL 0.9.8 but 20 servers can't...  Isn't strange?  :-(
 
Tom

Jacques Lebastard <[hidden email]> wrote:
Tom Spence a écrit :

> Hello,
>
> I have very small problem but it won't running... Please help me...
> Here is what I got:
>
> # ./Configure aix-gcc
> .... (no problem)
> # make
> ....
> gcc -I.. -I../.. -I../../include -DOPENSSL_THREADS -D_THREAD_SAFE
> -DDSO_DLFCN -DHAVE_DLFCN_H -O -DB_ENDIAN -c -o aix_ppc32.o aix_ppc32.s
> (It stops right there for forever)
>
> Any idea??? I appreciate your help. Thanks.

I could not find a way to successfully build OpenSSL (at least from
version 0.9.7g) without using IBM's C/C++ compiler :-(

--
Mr. Jacques LEBASTARD mailto:[hidden email]
EVIDIAN S.A. www.evidian.com
Rue Jean Jaurès Tel: +33 1 30 80 77 86
F-78340 LES CLAYES SOUS BOIS Fax: +33 1 30 80 77 99

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [hidden email]
Automated List Manager [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: OpenSSL 0.9.8 with AIX 5.2

Lamar.Saxon
In reply to this post by Tom Spence
Use EGD ( Entropy Gathering Daemon ) on AIX 5.1 and below...
 
 
HTH,
Lamar


From: [hidden email] [mailto:[hidden email]] On Behalf Of Tom Spence
Sent: Wednesday, July 20, 2005 10:42 AM
To: [hidden email]
Subject: Re: OpenSSL 0.9.8 with AIX 5.2

I kept researched why it stopped at aix_ppc32.o aix_ppc32.s...
 
Now I found the problem...
 
My AIX 5.1 doesn't have /dev/random and /dev/urandom!!!  So where can I get /dev/random and /dev/urandom?  Or How can I install them?
 
I appreciate your help.  Thanks.
 
Tom

Tom Spence <[hidden email]> wrote:
Excatly!!!  That's why, I can't use OpenSSL 0.9.8 so I have to stay with 0.9.7g for now.
 
But I don't understand this one...  I have 21 servers...  Only one server (AIX 5.2 with GCC) accepted with OpenSSL 0.9.8 but 20 servers can't...  Isn't strange?  :-(
 
Tom

Jacques Lebastard <[hidden email]> wrote:
Tom Spence a écrit :

> Hello,
>
> I have very small problem but it won't running... Please help me...
> Here is what I got:
>
> # ./Configure aix-gcc
> .... (no problem)
> # make
> ....
> gcc -I.. -I../.. -I../../include -DOPENSSL_THREADS -D_THREAD_SAFE
> -DDSO_DLFCN -DHAVE_DLFCN_H -O -DB_ENDIAN -c -o aix_ppc32.o aix_ppc32.s
> (It stops right there for forever)
>
> Any idea??? I appreciate your help. Thanks.

I could not find a way to successfully build OpenSSL (at least from
version 0.9.7g) without using IBM's C/C++ compiler :-(

--
Mr. Jacques LEBASTARD mailto:[hidden email]
EVIDIAN S.A. www.evidian.com
Rue Jean Jaurès Tel: +33 1 30 80 77 86
F-78340 LES CLAYES SOUS BOIS Fax: +33 1 30 80 77 99

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [hidden email]
Automated List Manager [hidden email]
Privileged and Confidential. This e-mail, and any attachments there to, is intended only for use by the addressee(s) named herein and may contain privileged or confidential information. If you have received this e-mail in error, please notify me immediately by a return e-mail and delete this e-mail. You are hereby notified that any dissemination, distribution or copying of this e-mail and/or any attachments thereto, is strictly prohibited.
Reply | Threaded
Open this post in threaded view
|

RE: OpenSSL 0.9.8 with AIX 5.2

Tom Spence
Yes you are right but in my office, they said "NO EGD"...  So they prefer to use /dev/random and /dev/urandom by IBM...  I have no idea how I get this one into AIX server...
 
Tom

[hidden email] wrote:
Use EGD ( Entropy Gathering Daemon ) on AIX 5.1 and below...
 
 
HTH,
Lamar


From: [hidden email] [mailto:[hidden email]] On Behalf Of Tom Spence
Sent: Wednesday, July 20, 2005 10:42 AM
To: [hidden email]
Subject: Re: OpenSSL 0.9.8 with AIX 5.2

I kept researched why it stopped at aix_ppc32.o aix_ppc32.s...
 
Now I found the problem...
 
My AIX 5.1 doesn't have /dev/random and /dev/urandom!!!  So where can I get /dev/random and /dev/urandom?  Or How can I install them?
 
I appreciate your help.  Thanks.
 
Tom

Tom Spence <[hidden email]> wrote:
Excatly!!!  That's why, I can't use OpenSSL 0.9.8 so I have to stay with 0.9.7g for now.
 
But I don't understand this one...  I have 21 servers...  Only one server (AIX 5.2 with GCC) accepted with OpenSSL 0.9.8 but 20 servers can't...  Isn't strange?  :-(
 
Tom

Jacques Lebastard <[hidden email]> wrote:
Tom Spence a écrit :

> Hello,
>
> I have very small problem but it won't running... Please help me...
> Here is what I got:
>
> # ./Configure aix-gcc
> .... (no problem)
> # make
> ....
> gcc -I.. -I../.. -I../../include -DOPENSSL_THREADS -D_THREAD_SAFE
> -DDSO_DLFCN -DHAVE_DLFCN_H -O -DB_ENDIAN -c -o aix_ppc32.o aix_ppc32.s
> (It stops right there for forever)
>
> Any idea??? I appreciate your help. Thanks.

I could not find a way to successfully build OpenSSL (at least from
version 0.9.7g) without using IBM's C/C++ compiler :-(

--
Mr. Jacques LEBASTARD mailto:[hidden email]
EVIDIAN S.A. www.evidian.com
Rue Jean Jaurès Tel: +33 1 30 80 77 86
F-78340 LES CLAYES SOUS BOIS Fax: +33 1 30 80 77 99

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [hidden email]
Automated List Manager [hidden email]
Privileged and Confidential. This e-mail, and any attachments there to, is intended only for use by the addressee(s) named herein and may contain privileged or confidential information. If you have received this e-mail in error, please notify me immediately by a return e-mail and delete this e-mail. You are hereby notified that any dissemination, distribution or copying of this e-mail and/or any attachments thereto, is strictly prohibited.
Reply | Threaded
Open this post in threaded view
|

RE: OpenSSL 0.9.8 with AIX 5.2

Lamar.Saxon
In reply to this post by Tom Spence
/dev/random was not officially added to the OS until 5.2. 
 
See the following from the AIX 5.2 Differences Guide:
 
Lamar
 
Quoted...
 

9.20 Cryptographically secure pseudo-random numbers

AIX 5L Version 5.2 now supports a cryptographically secure pseudo-random number generator (PRNG). Random numbers are extremely important for any sort of cryptographic application. Random numbers are used to generate session keys, salts used for hashed passwords, and initializing public key certificates. If the generated random numbers are easily predictable, any application using those insecure numbers is also insecure. No algorithms or protocol can fix problems with random number generation.

The PRNG on Version 5.2 is based on the Yarrow engine and collects entropy from the running system and feeds an entropy pool to seed a PRNG. The entropy gathering process selects three hardware devices upon startup such as, SSA, Ethernet, and SCSI adapters. The entropy-gathering daemon detects hardware interrupts or network packets and determines the times between two events. These timings are then put into the entropy pool.

The API for accessing the PRNG is quite simple. An application just has to open the /dev/random or /dev/urandom file and read the required number of bytes of the special device. The /dev/random and /dev/urandom have different behaviors when the pool of entropy is exhausted or requires reseeding. The /dev/random device will have the reading application block until more entropy is gathered. The /dev/urandom device will behave the same as /dev/random, but when entropy is exhausted it will fall back and generate entropy using a software algorithm. The level of randomness of the numbers generated by the software algorithm is not as high as the entropy gathered from the running system.

The PRNG automatically keeps the entropy pools replenished and reseeds it occasionally. When the entropy pool is half empty, the entropy gatherer will intercept the hardware interrupts and network packets until the entropy is replenished. There is a slight performance penalty while entropy is being gathered. When the pools are full, the entropy-gathering process goes idle and no longer effects machine performance.

For more information on the Yarrow engine, refer to the Counterpane Labs home page at the following URL:

http://www.counterpane.com/yarrow.html
<SCRIPT language=JavaScript1.2 type=text/javascript> <!-- // Clear related topics // WWHClearRelatedTopics(); // --> </SCRIPT>


From: [hidden email] [mailto:[hidden email]] On Behalf Of Tom Spence
Sent: Wednesday, July 20, 2005 12:38 PM
To: [hidden email]
Subject: RE: OpenSSL 0.9.8 with AIX 5.2

Yes you are right but in my office, they said "NO EGD"...  So they prefer to use /dev/random and /dev/urandom by IBM...  I have no idea how I get this one into AIX server...
 
Tom

[hidden email] wrote:
Use EGD ( Entropy Gathering Daemon ) on AIX 5.1 and below...
 
 
HTH,
Lamar


From: [hidden email] [mailto:[hidden email]] On Behalf Of Tom Spence
Sent: Wednesday, July 20, 2005 10:42 AM
To: [hidden email]
Subject: Re: OpenSSL 0.9.8 with AIX 5.2

I kept researched why it stopped at aix_ppc32.o aix_ppc32.s...
 
Now I found the problem...
 
My AIX 5.1 doesn't have /dev/random and /dev/urandom!!!  So where can I get /dev/random and /dev/urandom?  Or How can I install them?
 
I appreciate your help.  Thanks.
 
Tom

Tom Spence <[hidden email]> wrote:
Excatly!!!  That's why, I can't use OpenSSL 0.9.8 so I have to stay with 0.9.7g for now.
 
But I don't understand this one...  I have 21 servers...  Only one server (AIX 5.2 with GCC) accepted with OpenSSL 0.9.8 but 20 servers can't...  Isn't strange?  :-(
 
Tom

Jacques Lebastard <[hidden email]> wrote:
Tom Spence a écrit :

> Hello,
>
> I have very small problem but it won't running... Please help me...
> Here is what I got:
>
> # ./Configure aix-gcc
> .... (no problem)
> # make
> ....
> gcc -I.. -I../.. -I../../include -DOPENSSL_THREADS -D_THREAD_SAFE
> -DDSO_DLFCN -DHAVE_DLFCN_H -O -DB_ENDIAN -c -o aix_ppc32.o aix_ppc32.s
> (It stops right there for forever)
>
> Any idea??? I appreciate your help. Thanks.

I could not find a way to successfully build OpenSSL (at least from
version 0.9.7g) without using IBM's C/C++ compiler :-(

--
Mr. Jacques LEBASTARD mailto:[hidden email]
EVIDIAN S.A. www.evidian.com
Rue Jean Jaurès Tel: +33 1 30 80 77 86
F-78340 LES CLAYES SOUS BOIS Fax: +33 1 30 80 77 99

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [hidden email]
Automated List Manager [hidden email]
Privileged and Confidential. This e-mail, and any attachments there to, is intended only for use by the addressee(s) named herein and may contain privileged or confidential information. If you have received this e-mail in error, please notify me immediately by a return e-mail and delete this e-mail. You are hereby notified that any dissemination, distribution or copying of this e-mail and/or any attachments thereto, is strictly prohibited.
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL 0.9.8 with AIX 5.2

Stewart Dean-2
I am going to put my /very/ unknowledgeable foot forward, to the effect
that with aix4.3.3 and the IBM supplied openssl binaries, IBM supplied a
PRNG in rpm format that you had to install first.  That may still be
around...I still have it as
prngd-0.9.23-3.aix4.3,ppc.rpm
would this help?

[hidden email] wrote:

> /dev/random was not officially added to the OS until 5.2.
>  
> See the following from the AIX 5.2 Differences Guide:
>  
> Lamar
>  
> Quoted...
>  
>
>
>     9.20 Cryptographically secure pseudo-random numbers
>
> AIX 5L Version 5.2 now supports a cryptographically secure pseudo-random
> number generator (PRNG). Random numbers are extremely important for any
> sort of cryptographic application. Random numbers are used to generate
> session keys, salts used for hashed passwords, and initializing public
> key certificates. If the generated random numbers are easily
> predictable, any application using those insecure numbers is also
> insecure. No algorithms or protocol can fix problems with random number
> generation.
>
> The PRNG on Version 5.2 is based on the Yarrow engine and collects
> entropy from the running system and feeds an entropy pool to seed a
> PRNG. The entropy gathering process selects three hardware devices upon
> startup such as, SSA, Ethernet, and SCSI adapters. The entropy-gathering
> daemon detects hardware interrupts or network packets and determines the
> times between two events. These timings are then put into the entropy pool.
>
> The API for accessing the PRNG is quite simple. An application just has
> to open the /dev/random or /dev/urandom file and read the required
> number of bytes of the special device. The /dev/random and /dev/urandom
> have different behaviors when the pool of entropy is exhausted or
> requires reseeding. The /dev/random device will have the reading
> application block until more entropy is gathered. The /dev/urandom
> device will behave the same as /dev/random, but when entropy is
> exhausted it will fall back and generate entropy using a software
> algorithm. The level of randomness of the numbers generated by the
> software algorithm is not as high as the entropy gathered from the
> running system.
>
> The PRNG automatically keeps the entropy pools replenished and reseeds
> it occasionally. When the entropy pool is half empty, the entropy
> gatherer will intercept the hardware interrupts and network packets
> until the entropy is replenished. There is a slight performance penalty
> while entropy is being gathered. When the pools are full, the
> entropy-gathering process goes idle and no longer effects machine
> performance.
>
> For more information on the Yarrow engine, refer to the Counterpane Labs
> home page at the following URL:
>
> http://www.counterpane.com/yarrow.html
>
>
> ------------------------------------------------------------------------
> *From:* [hidden email]
> [mailto:[hidden email]] *On Behalf Of *Tom Spence
> *Sent:* Wednesday, July 20, 2005 12:38 PM
> *To:* [hidden email]
> *Subject:* RE: OpenSSL 0.9.8 with AIX 5.2
>
> Yes you are right but in my office, they said "NO EGD"...  So they
> prefer to use /dev/random and /dev/urandom by IBM...  I have no idea how
> I get this one into AIX server...
>  
> Tom
>
> */[hidden email]/* wrote:
>
>     Use EGD ( Entropy Gathering Daemon ) on AIX 5.1 and below...
>      
>     http://egd.sourceforge.net/
>      
>     HTH,
>     Lamar
>
>     ------------------------------------------------------------------------
>     *From:* [hidden email]
>     [mailto:[hidden email]] *On Behalf Of *Tom Spence
>     *Sent:* Wednesday, July 20, 2005 10:42 AM
>     *To:* [hidden email]
>     *Subject:* Re: OpenSSL 0.9.8 with AIX 5.2
>
>     I kept researched why it stopped at aix_ppc32.o aix_ppc32.s...
>      
>     Now I found the problem...
>      
>     My AIX 5.1 doesn't have /dev/random and /dev/urandom!!!  So where
>     can I get /dev/random and /dev/urandom?  Or How can I install them?
>      
>     I appreciate your help.  Thanks.
>      
>     Tom
>
>     */Tom Spence <[hidden email]>/* wrote:
>
>         Excatly!!!  That's why, I can't use OpenSSL 0.9.8 so I have to
>         stay with 0.9.7g for now.
>          
>         But I don't understand this one...  I have 21 servers...  Only
>         one server (AIX 5.2 with GCC) accepted with OpenSSL 0.9.8 but 20
>         servers can't...  Isn't strange?  :-(
>          
>         Tom
>
>         */Jacques Lebastard <[hidden email]>/* wrote:
>
>             Tom Spence a écrit :
>              > Hello,
>              >
>              > I have very small problem but it won't running... Please
>             help me...
>              > Here is what I got:
>              >
>              > # ./Configure aix-gcc
>              > .... (no problem)
>              > # make
>              > ....
>              > gcc -I.. -I../.. -I../../include -DOPENSSL_THREADS
>             -D_THREAD_SAFE
>              > -DDSO_DLFCN -DHAVE_DLFCN_H -O -DB_ENDIAN -c -o
>             aix_ppc32.o aix_ppc32.s
>              > (It stops right there for forever)
>              >
>              > Any idea??? I appreciate your help. Thanks.
>
>             I could not find a way to successfully build OpenSSL (at
>             least from
>             version 0.9.7g) without using IBM's C/C++ compiler :-(
>
>             --
>             Mr. Jacques LEBASTARD mailto:[hidden email]
>             EVIDIAN S.A. www.evidian.com
>             Rue Jean Jaurès Tel: +33 1 30 80 77 86
>             F-78340 LES CLAYES SOUS BOIS Fax: +33 1 30 80 77 99
>
>             ______________________________________________________________________
>             OpenSSL Project http://www.openssl.org
>             User Support Mailing List [hidden email]
>             Automated List Manager [hidden email]
>
>     Privileged and Confidential. This e-mail, and any attachments there
>     to, is intended only for use by the addressee(s) named herein and
>     may contain privileged or confidential information. If you have
>     received this e-mail in error, please notify me immediately by a
>     return e-mail and delete this e-mail. You are hereby notified that
>     any dissemination, distribution or copying of this e-mail and/or any
>     attachments thereto, is strictly prohibited.
>

--
====
Stewart Dean, Unix System Admin, Henderson Computer Resources
Center of Bard College, Annandale-on-Hudson, New York  12504
[hidden email]  voice: 845-758-7475, fax: 845-758-7035

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]