Porting to version 1.1.1 with old Linux kernel 3.0.8

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Porting to version 1.1.1 with old Linux kernel 3.0.8

OpenSSL - User mailing list
Hello,

Is there minimal requirements for Linux kernel for usage of openssl library version 1.1.1?

I have old application based on Linux kernel 3.0.8 which uses openssl version 1.0.2. My question is whether it is possible to port this application to use openssl version 1.1.1 in Linux 3.0.8 environment?

If yes, then any useful info about "how to" will be greatly appreciated.

Thanks
Robert
Reply | Threaded
Open this post in threaded view
|

Re: Porting to version 1.1.1 with old Linux kernel 3.0.8

Viktor Dukhovni

> On Apr 5, 2021, at 11:16 AM, Boris Shpoungin via openssl-users <[hidden email]> wrote:
>
> Is there minimal requirements for Linux kernel for usage of openssl library version 1.1.1?
>
> I have old application based on Linux kernel 3.0.8 which uses openssl version 1.0.2. My question is whether it is possible to port this application to use openssl version 1.1.1 in Linux 3.0.8 environment?

The version of the Linux kernel is almost certainly irrelevant.  OpenSSL
makes minimal demands of the operating system.  Only random number generation
is plausibly something you need to think about.  The getrandom(2) kernel API
was added in Linux 3.17, so you'll need to use /dev/urandom instead.

Otherwise, sockets, threads, ... are all present in Linux even before 3.0.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: Porting to version 1.1.1 with old Linux kernel 3.0.8

OpenSSL - User mailing list
Thank you for response.

Could you suggest best approach for porting application from 1.0.2 to 1.1.1?
So far I've found good manual which describes required modifications:
https://wiki.tizen.org/Security/Tizen_5.X_Migration_from_OpenSSL_1.0.2_to_OpenSSL_1.1.1_guide

The question is whether it describes ALL required modification?

On Monday, April 5, 2021, 03:57:36 PM EDT, Viktor Dukhovni <[hidden email]> wrote:



> On Apr 5, 2021, at 11:16 AM, Boris Shpoungin via openssl-users <[hidden email]> wrote:
>
> Is there minimal requirements for Linux kernel for usage of openssl library version 1.1.1?
>
> I have old application based on Linux kernel 3.0.8 which uses openssl version 1.0.2. My question is whether it is possible to port this application to use openssl version 1.1.1 in Linux 3.0.8 environment?


The version of the Linux kernel is almost certainly irrelevant.  OpenSSL
makes minimal demands of the operating system.  Only random number generation
is plausibly something you need to think about.  The getrandom(2) kernel API
was added in Linux 3.17, so you'll need to use /dev/urandom instead.

Otherwise, sockets, threads, ... are all present in Linux even before 3.0.

--
    Viktor.


Reply | Threaded
Open this post in threaded view
|

Re: Porting to version 1.1.1 with old Linux kernel 3.0.8

Jan Just Keijser-2
On 05/04/21 22:07, Boris Shpoungin via openssl-users wrote:
Thank you for response.

Could you suggest best approach for porting application from 1.0.2 to 1.1.1?
So far I've found good manual which describes required modifications:
https://wiki.tizen.org/Security/Tizen_5.X_Migration_from_OpenSSL_1.0.2_to_OpenSSL_1.1.1_guide

The question is whether it describes ALL required modification?

I'd say you're better off asking this question on a Tizen mailing list; the list looks pretty exhaustive but does it list everything?  only one way to find out: recompile your application using openssl 1.1.1 and see if/where it breaks.

If you are worried about the combination of Linux 3.0.8 plus the switch from openssl 1.0.2 -> 1.1.1 then I'd suggest a three step process
1) build openssl 1.1.1 on your old kernel and run 'make test' if that passes, then openssl is functional ; if it does not pass these tests, then figure out what's wrong before proceeding
2) get yourself a Linux vm with a newer kernel and with a known-to-work openssl 1.1.1 (Fedora 33 & Ubuntu 20, CentOS 8 would work) then rebuild and relink your application on THAT platform, recording all required changes
3) finally, rebuild your ported application on the older Linux kernel

HTH,

JJK



On Monday, April 5, 2021, 03:57:36 PM EDT, Viktor Dukhovni [hidden email] wrote:



> On Apr 5, 2021, at 11:16 AM, Boris Shpoungin via openssl-users <[hidden email]> wrote:
>
> Is there minimal requirements for Linux kernel for usage of openssl library version 1.1.1?
>
> I have old application based on Linux kernel 3.0.8 which uses openssl version 1.0.2. My question is whether it is possible to port this application to use openssl version 1.1.1 in Linux 3.0.8 environment?


The version of the Linux kernel is almost certainly irrelevant.  OpenSSL
makes minimal demands of the operating system.  Only random number generation
is plausibly something you need to think about.  The getrandom(2) kernel API
was added in Linux 3.17, so you'll need to use /dev/urandom instead.

Otherwise, sockets, threads, ... are all present in Linux even before 3.0.

--
    Viktor.



Reply | Threaded
Open this post in threaded view
|

Re: Porting to version 1.1.1 with old Linux kernel 3.0.8

Jan Just Keijser-2
In reply to this post by OpenSSL - User mailing list
On 05/04/21 17:16, Boris Shpoungin via openssl-users wrote:
Hello,

Is there minimal requirements for Linux kernel for usage of openssl library version 1.1.1?

I have old application based on Linux kernel 3.0.8 which uses openssl version 1.0.2. My question is whether it is possible to port this application to use openssl version 1.1.1 in Linux 3.0.8 environment?

If yes, then any useful info about "how to" will be greatly appreciated.

And FWIW:

I just built and tested openssl 1.1.1k successfully on a 32bit CentOS 6 vm with kernel 2.6.32 - so if *THAT* works then surely kernel 3.0.8 will also work:

All tests successful.
Files=158, Tests=2635, 121 wallclock secs ( 1.21 usr  0.15 sys + 98.81 cusr 10.06 csys = 110.23 CPU)
Result: PASS


HTH,

JJK

PS getting the tests to run on centos 6 was the biggest hurdle , not openssl itself