Porting to version 1.1.1 with old Linux kernel 3.0.8
Jan Just Keijser
janjust at nikhef.nl
Tue Apr 6 07:15:33 UTC 2021
On 05/04/21 22:07, Boris Shpoungin via openssl-users wrote:
> Thank you for response.
>
> Could you suggest best approach for porting application from 1.0.2 to
> 1.1.1?
> So far I've found good manual which describes required modifications:
> https://wiki.tizen.org/Security/Tizen_5.X_Migration_from_OpenSSL_1.0.2_to_OpenSSL_1.1.1_guide
>
> The question is whether it describes ALL required modification?
>
I'd say you're better off asking this question on a Tizen mailing list;
the list looks pretty exhaustive but does it list everything? only one
way to find out: recompile your application using openssl 1.1.1 and see
if/where it breaks.
If you are worried about the combination of Linux 3.0.8 plus the switch
from openssl 1.0.2 -> 1.1.1 then I'd suggest a three step process
1) build openssl 1.1.1 on your old kernel and run 'make test' if that
passes, then openssl is functional ; if it does not pass these tests,
then figure out what's wrong before proceeding
2) get yourself a Linux vm with a newer kernel and with a known-to-work
openssl 1.1.1 (Fedora 33 & Ubuntu 20, CentOS 8 would work) then rebuild
and relink your application on THAT platform, recording all required changes
3) finally, rebuild your ported application on the older Linux kernel
HTH,
JJK
> On Monday, April 5, 2021, 03:57:36 PM EDT, Viktor Dukhovni
> <openssl-users at dukhovni.org> wrote:
>
>
>
> > On Apr 5, 2021, at 11:16 AM, Boris Shpoungin via openssl-users
> <openssl-users at openssl.org <mailto:openssl-users at openssl.org>> wrote:
> >
> > Is there minimal requirements for Linux kernel for usage of openssl
> library version 1.1.1?
> >
> > I have old application based on Linux kernel 3.0.8 which uses
> openssl version 1.0.2. My question is whether it is possible to port
> this application to use openssl version 1.1.1 in Linux 3.0.8 environment?
>
>
> The version of the Linux kernel is almost certainly irrelevant. OpenSSL
> makes minimal demands of the operating system. Only random number
> generation
> is plausibly something you need to think about. The getrandom(2)
> kernel API
> was added in Linux 3.17, so you'll need to use /dev/urandom instead.
>
> Otherwise, sockets, threads, ... are all present in Linux even before 3.0.
>
> --
> Viktor.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210406/bc97c970/attachment.html>
More information about the openssl-users
mailing list