Porting to version 1.1.1 with old Linux kernel 3.0.8

Jan Just Keijser janjust at nikhef.nl
Tue Apr 6 07:15:33 UTC 2021 

On 05/04/21 22:07, Boris Shpoungin via openssl-users wrote:
> Thank you for response.
>
> Could you suggest best approach for porting application from 1.0.2 to 
> 1.1.1?
> So far I've found good manual which describes required modifications:
> https://wiki.tizen.org/Security/Tizen_5.X_Migration_from_OpenSSL_1.0.2_to_OpenSSL_1.1.1_guide
>
> The question is whether it describes ALL required modification?
>
I'd say you're better off asking this question on a Tizen mailing list; 
the list looks pretty exhaustive but does it list everything? only one 
way to find out: recompile your application using openssl 1.1.1 and see 
if/where it breaks.

If you are worried about the combination of Linux 3.0.8 plus the switch 
from openssl 1.0.2 -> 1.1.1 then I'd suggest a three step process
1) build openssl 1.1.1 on your old kernel and run 'make test' if that 
passes, then openssl is functional ; if it does not pass these tests, 
then figure out what's wrong before proceeding
2) get yourself a Linux vm with a newer kernel and with a known-to-work 
openssl 1.1.1 (Fedora 33 & Ubuntu 20, CentOS 8 would work) then rebuild 
and relink your application on THAT platform, recording all required changes
3) finally, rebuild your ported application on the older Linux kernel

HTH,

JJK



> On Monday, April 5, 2021, 03:57:36 PM EDT, Viktor Dukhovni 
> <openssl-users at dukhovni.org> wrote:
>
>
>
> > On Apr 5, 2021, at 11:16 AM, Boris Shpoungin via openssl-users 
> <openssl-users at openssl.org <mailto:openssl-users at openssl.org>> wrote:
> >
> > Is there minimal requirements for Linux kernel for usage of openssl 
> library version 1.1.1?
> >
> > I have old application based on Linux kernel 3.0.8 which uses 
> openssl version 1.0.2. My question is whether it is possible to port 
> this application to use openssl version 1.1.1 in Linux 3.0.8 environment?
>
>
> The version of the Linux kernel is almost certainly irrelevant.  OpenSSL
> makes minimal demands of the operating system.  Only random number 
> generation
> is plausibly something you need to think about.  The getrandom(2) 
> kernel API
> was added in Linux 3.17, so you'll need to use /dev/urandom instead.
>
> Otherwise, sockets, threads, ... are all present in Linux even before 3.0.
>
> -- 
>     Viktor.
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210406/bc97c970/attachment.html>

More information about the openssl-users mailing list