Re: Porting to version 1.1.1 with old Linux kernel 3.0.8

Jan Just Keijser <janjust@xxxxxxxxx> · Tue, 6 Apr 2021 09:15:33 +0200



    On 05/04/21 22:07, Boris Shpoungin via
      openssl-users wrote:

    
        Thank you for response.

          
          Could you suggest best approach for porting application from
          1.0.2 to 1.1.1?

          So far I've found good manual which describes required
          modifications:

          https://wiki.tizen.org/Security/Tizen_5.X_Migration_from_OpenSSL_1.0.2_to_OpenSSL_1.1.1_guide

          
          The question is whether it describes ALL required
          modification?
        

    I'd say you're better off asking this question on a Tizen mailing
    list; the list looks pretty exhaustive but does it list everything? 
    only one way to find out: recompile your application using openssl
    1.1.1 and see if/where it breaks.

    
    If you are worried about the combination of Linux 3.0.8 plus the
    switch from openssl 1.0.2 -> 1.1.1 then I'd suggest a three step
    process

    1) build openssl 1.1.1 on your old kernel and run 'make test' if
    that passes, then openssl is functional ; if it does not pass these
    tests, then figure out what's wrong before proceeding

    2) get yourself a Linux vm with a newer kernel and with a
    known-to-work openssl 1.1.1 (Fedora 33 & Ubuntu 20, CentOS 8
    would work) then rebuild and relink your application on THAT
    platform, recording all required changes

    3) finally, rebuild your ported application on the older Linux
    kernel

    
    HTH,

    
    JJK

    
           On Monday, April 5, 2021, 03:57:36 PM EDT, Viktor
            Dukhovni <openssl-users@xxxxxxxxxxxx> wrote: 
          

                > On Apr 5, 2021, at 11:16 AM, Boris Shpoungin via
                openssl-users <openssl-users@xxxxxxxxxxx>
                wrote:

                > 

                > Is there minimal requirements for Linux kernel for
                usage of openssl library version 1.1.1?

                > 

                > I have old application based on Linux kernel 3.0.8
                which uses openssl version 1.0.2. My question is whether
                it is possible to port this application to use openssl
                version 1.1.1 in Linux 3.0.8 environment?
              

              The version of the Linux kernel is almost certainly
              irrelevant.  OpenSSL

              makes minimal demands of the operating system.  Only
              random number generation

              is plausibly something you need to think about.  The
              getrandom(2) kernel API

              was added in Linux 3.17, so you'll need to use
              /dev/urandom instead.

              
              Otherwise, sockets, threads, ... are all present in Linux
              even before 3.0.

              
              -- 

                  Viktor.