On 05/04/21 22:07, Boris Shpoungin via openssl-users wrote:
Thank you for response.
Could you suggest best approach for porting application from 1.0.2 to
1.1.1?
So far I've found good manual which describes required modifications:
https://wiki.tizen.org/Security/Tizen_5.X_Migration_from_OpenSSL_1.0.2_to_OpenSSL_1.1.1_guide
The question is whether it describes ALL required modification?
I'd say you're better off asking this question on a Tizen mailing list;
the list looks pretty exhaustive but does it list everything? only one
way to find out: recompile your application using openssl 1.1.1 and see
if/where it breaks.
If you are worried about the combination of Linux 3.0.8 plus the switch
from openssl 1.0.2 -> 1.1.1 then I'd suggest a three step process
1) build openssl 1.1.1 on your old kernel and run 'make test' if that
passes, then openssl is functional ; if it does not pass these tests,
then figure out what's wrong before proceeding
2) get yourself a Linux vm with a newer kernel and with a known-to-work
openssl 1.1.1 (Fedora 33 & Ubuntu 20, CentOS 8 would work) then rebuild
and relink your application on THAT platform, recording all required changes
3) finally, rebuild your ported application on the older Linux kernel
HTH,
JJK
On Monday, April 5, 2021, 03:57:36 PM EDT, Viktor Dukhovni
<openssl-us...@dukhovni.org> wrote:
> On Apr 5, 2021, at 11:16 AM, Boris Shpoungin via openssl-users
<openssl-users@openssl.org <mailto:openssl-users@openssl.org>> wrote:
>
> Is there minimal requirements for Linux kernel for usage of openssl
library version 1.1.1?
>
> I have old application based on Linux kernel 3.0.8 which uses
openssl version 1.0.2. My question is whether it is possible to port
this application to use openssl version 1.1.1 in Linux 3.0.8 environment?
The version of the Linux kernel is almost certainly irrelevant. OpenSSL
makes minimal demands of the operating system. Only random number
generation
is plausibly something you need to think about. The getrandom(2)
kernel API
was added in Linux 3.17, so you'll need to use /dev/urandom instead.
Otherwise, sockets, threads, ... are all present in Linux even before 3.0.
--
Viktor.