[openssl-dev] [openssl.org #1979] Add uClibc support

[Matt Caswell via RT]

Reclosing this.

Matt

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=1979
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #1979] Add uClibc support

[Short, Todd via RT]

OpenSSL is generally able to compile with the musl C library (same idea as 
uClibc):

OpenSSL 1.0.2f:
./config
make depend
CC=/usr/local/bin/musl-gcc ./config
make

./config is run twice, because "make depend" fails since domd can’t find the 
makedepend command after CC is set to musl-gcc. However, after running ./config 
a second time (to update the CC), the make succeeds. openssl loads and run. If 
musl is configured with --disable-shared, then it does not require any dynamic 
executables.

master:
CC=/usr/local/bin/musl-gcc ./config
make depend
make
"make depend" succeeds in master, even after CC is set to musl-gcc. But linking 
fails due to setcontext, getcontext and makecontext being undefined. They 
appear to be used by the async code; there doesn’t seem to be a way to turn off 
async (or force NULL async). I looked in the musl library, and there are 
declarations of these functions()s, but no definitions.

A maintainer of the musl library has indicated that these are deprecated Posix 
APIs. Might there be a way to disable the use of these APIs, and permit only 
async_none so that these other libraries (uClibc and musl) could be used 
instead?

--
-Todd Short
// tsh...@akamai.com
// "One if by land, two if by sea, three if by the Internet."

On Feb 3, 2016, at 9:00 PM, Salz, Rich via RT 
> wrote:

This might be interesting to support, but unfortunately nobody looked at the
bug in years and the build process has changed a great deal. If you could
re-integrate this against what's in master, we'd look at it. If that's too much
work, I understand. We don't have/use this particular run-time environment.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev



-
http://rt.openssl.org/Ticket/Display.html?id=1979

Please log in as guest with password guest if prompted

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #1979] Add uClibc support

[Short, Todd via RT]

FYI: The rational for why these APIs are deprecated.
http://pubs.opengroup.org/onlinepubs/009695399/functions/makecontext.html#tag_03_356_08

--
-Todd Short
// tsh...@akamai.com
// "One if by land, two if by sea, three if by the Internet."



-
http://rt.openssl.org/Ticket/Display.html?id=1979

Please log in as guest with password guest if prompted

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #1979] Add uClibc support

[Jeremy Farrell via RT]

On 04/02/2016 16:45, Short, Todd via RT wrote:
> FYI: The rational for why these APIs are deprecated.
> http://pubs.opengroup.org/onlinepubs/009695399/functions/makecontext.html#tag_03_356_08

That's the superseded POSIX.1-2001 standard, where these functions were 
made obsolescent. They're no longer part of POSIX at all, having been 
removed in POSIX.1-2008. See 
http://pubs.opengroup.org/onlinepubs/9699919799/xrat/V4_xsh_chap01.html#tag_22_01_01_05

Regards,
  jjf

-- 
J. J. Farrell
w: +44 161 493 4838



-
http://rt.openssl.org/Ticket/Display.html?id=1979

Please log in as guest with password guest if prompted

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #1979] Add uClibc support

[Rich Salz via RT]

This might be interesting to support, but unfortunately nobody looked at the
bug in years and the build process has changed a great deal. If you could
re-integrate this against what's in master, we'd look at it. If that's too much
work, I understand. We don't have/use this particular run-time environment.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl.org #1979] Add uClibc support

[Mike Frysinger]

On Tue 01 Jul 2014 08:53:56 Tim Hudson wrote:
 On 30/06/2014 10:23 PM, Salz, Rich wrote:
  On Tue, Jul 01, 2014 at 12:25:00AM +0200, Rich Salz via RT wrote:
  Unsupported platform.
  
  Not having read the ticket, uClibc and newlib might be useful to support
  if
  possible since they're popular for embedded devices.
 
 They are actively used - but with a case that old and known current
 usage (one of the FIPS140 validated platforms is indeed uClibc based) so
 closing the ticket in my view is the right approach.
 If there is a specific issue with current releases those impacted should
 raise a new issue ...
 
 The specific suggested Makefile included in the RT item is also somewhat
 rather specific to the snapgear distribution layout ...

yeah, that patch makes no sense to include.  Gentoo actively builds the latest 
openssl on uClibc, so it's not clear to me if any changes are needed at all.

i know hat openssl on nommu/Linux (which uses uClibc) has troubles with some 
apps because they use fork(), but that patch doesn't help there.
-mike

signature.asc
Description: This is a digitally signed message part.

Re: [openssl.org #1979] Add uClibc support

[Tim Hudson]

On 30/06/2014 10:23 PM, Salz, Rich wrote:
 Feel free to re-open :)

 --  
 Principal Security Engineer
 Akamai Technologies, Cambridge, MA
 IM: rs...@jabber.me; Twitter: RichSalz


 -Original Message-
 From: owner-openssl-...@openssl.org [mailto:owner-openssl-
 d...@openssl.org] On Behalf Of Kurt Roeckx via RT
 Sent: Monday, June 30, 2014 6:48 PM
 To: phil...@redfish-solutions.com
 Cc: openssl-dev@openssl.org
 Subject: Re: [openssl.org #1979] Add uClibc support

 On Tue, Jul 01, 2014 at 12:25:00AM +0200, Rich Salz via RT wrote:
 Unsupported platform.
 Not having read the ticket, uClibc and newlib might be useful to support if
 possible since they're popular for embedded devices.


They are actively used - but with a case that old and known current
usage (one of the FIPS140 validated platforms is indeed uClibc based) so
closing the ticket in my view is the right approach.
If there is a specific issue with current releases those impacted should
raise a new issue ...

The specific suggested Makefile included in the RT item is also somewhat
rather specific to the snapgear distribution layout ...

Tim.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

[openssl.org #1979] Add uClibc support

[Rich Salz via RT]

Unsupported platform.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: [openssl.org #1979] Add uClibc support

[Philip A. Prindeville via RT]

I’m confused: uClibc isn’t a platform, it’s a run-time environment (i.e. the C 
library).

On Jun 30, 2014, at 4:25 PM, Rich Salz via RT r...@openssl.org wrote:

 Unsupported platform.
 


__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: [openssl.org #1979] Add uClibc support

[Kurt Roeckx via RT]

On Tue, Jul 01, 2014 at 12:25:00AM +0200, Rich Salz via RT wrote:
 Unsupported platform.

Not having read the ticket, uClibc and newlib might be useful to
support if possible since they're popular for embedded devices.


Kurt


__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

RE: [openssl.org #1979] Add uClibc support

[Salz, Rich]

Platform in the h/w and s/w sense, not just hardware.

--  
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rs...@jabber.me; Twitter: RichSalz


 -Original Message-
 From: owner-openssl-...@openssl.org [mailto:owner-openssl-
 d...@openssl.org] On Behalf Of Philip A. Prindeville via RT
 Sent: Monday, June 30, 2014 6:34 PM
 Cc: openssl-dev@openssl.org
 Subject: Re: [openssl.org #1979] Add uClibc support
 
 I’m confused: uClibc isn’t a platform, it’s a run-time environment (i.e. the C
 library).
 
 On Jun 30, 2014, at 4:25 PM, Rich Salz via RT r...@openssl.org wrote:
 
  Unsupported platform.
 
 
 
 __
 
 OpenSSL Project http://www.openssl.org
 Development Mailing List   openssl-dev@openssl.org
 Automated List Manager   majord...@openssl.org

RE: [openssl.org #1979] Add uClibc support

[Salz, Rich]

Feel free to re-open :)

--  
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rs...@jabber.me; Twitter: RichSalz


 -Original Message-
 From: owner-openssl-...@openssl.org [mailto:owner-openssl-
 d...@openssl.org] On Behalf Of Kurt Roeckx via RT
 Sent: Monday, June 30, 2014 6:48 PM
 To: phil...@redfish-solutions.com
 Cc: openssl-dev@openssl.org
 Subject: Re: [openssl.org #1979] Add uClibc support
 
 On Tue, Jul 01, 2014 at 12:25:00AM +0200, Rich Salz via RT wrote:
  Unsupported platform.
 
 Not having read the ticket, uClibc and newlib might be useful to support if
 possible since they're popular for embedded devices.
 
 
 Kurt
 
 
 __
 
 OpenSSL Project http://www.openssl.org
 Development Mailing List   openssl-dev@openssl.org
 Automated List Manager   majord...@openssl.org
:��IϮ��r�m
(Z+�7�zZ)���1���x��hW^��^��%����jם.+-1�ځ��j:+v���h�

[openssl.org #1979] Add uClibc support

[Philip A. Prindeville via RT]

We used the following to build when cross-compiling to the uClibc
run-time environment.

Please add support for linking against this C run-time on embedded
platforms.


Index: libssl/Configure
===
RCS file: libssl/Configure,v
retrieving revision 1.1.1.12
retrieving revision 1.21
diff -u -r1.1.1.12 -r1.21
--- libssl/Configure15 Sep 2008 23:36:40 -  1.1.1.12
+++ libssl/Configure15 Sep 2008 23:44:15 -  1.21
@@ -538,6 +540,9 @@
 # Compaq Non-Stop Kernel (Tandem)
 tandem-c89,c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 
-D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::,
 
+# uClinux
+uClinux-dist,$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) 
\$(LDLIBS):BN_LLONG\$(LIBSSL_dlfcn):linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'},
+
 );
 
 my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A
Index: libssl/config
===
RCS file: libssl/config,v
retrieving revision 1.1.1.10
retrieving revision 1.7
diff -u -r1.1.1.10 -r1.7
--- libssl/config   27 Nov 2007 04:49:10 -  1.1.1.10
+++ libssl/config   27 Nov 2007 04:58:19 -  1.7
@@ -48,10 +48,10 @@
 
 # First get uname entries that we use below
 
-MACHINE=`(uname -m) 2/dev/null` || MACHINE=unknown
-RELEASE=`(uname -r) 2/dev/null` || RELEASE=unknown
-SYSTEM=`(uname -s) 2/dev/null`  || SYSTEM=unknown
-VERSION=`(uname -v) 2/dev/null` || VERSION=unknown
+[ $MACHINE ] || MACHINE=`(uname -m) 2/dev/null` || MACHINE=unknown
+[ $RELEASE ] || RELEASE=`(uname -r) 2/dev/null` || RELEASE=unknown
+[ $SYSTEM ]  || SYSTEM=`(uname -s) 2/dev/null`  || SYSTEM=unknown
+[ $VERSION ] || VERSION=`(uname -v) 2/dev/null` || VERSION=unknown
 
 
 # Now test for ISC and SCO, since it is has a braindamaged uname.
@@ -482,6 +482,9 @@
 # script above so we end up with values in vars but that would take
 # more time that I want to waste at the moment
 case $GUESSOS in
+  uClinux*)
+OUT=uClinux-dist
+   ;;
   mips2-sgi-irix)
CPU=`(hinv -t cpu) 2/dev/null | head -1 | sed 
's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
CPU=${CPU:-0}
Index: libssl/makefile-uclinuxdist
===
RCS file: libssl/makefile-uclinuxdist
diff -N libssl/makefile-uclinuxdist
--- /dev/null   1 Jan 1970 00:00:00 -
+++ libssl/makefile-uclinuxdist 31 Aug 2007 03:46:25 -  1.20
@@ -0,0 +1,138 @@
+#
+# this makefile gets recursed through by various bits of the build
+# so we need to only setup some things when invoked from outside
+# this directory.
+#
+# dav...@snapgear.com
+#
+
+IN_LIBSSL := true
+export IN_LIBSSL
+
+CONFIG_OPTS  := --prefix=// --install_prefix=$(shell pwd)/build/install
+
+ifdef CONFIG_USER_FLATFSD_FLATFSD
+CONFIG_OPTS += --openssldir=/etc/config
+else
+CONFIG_OPTS += --openssldir=/etc
+endif
+ifdef DISABLE_SHARED_SSL
+CONFIG_OPTS += no-shared
+else
+CONFIG_OPTS += shared
+endif
+
+CONFIG_OPTS += no-rc2
+CONFIG_OPTS += no-krb5
+CONFIG_OPTS += no-rc5
+CONFIG_OPTS += no-md2
+CONFIG_OPTS += no-idea
+#CONFIG_OPTS += no-pem
+#CONFIG_OPTS += no-md5
+#CONFIG_OPTS += no-sha
+#CONFIG_OPTS += no-hmac
+#CONFIG_OPTS += no-des
+#CONFIG_OPTS += no-aes
+#CONFIG_OPTS += no-bn
+CONFIG_OPTS += no-ec
+#CONFIG_OPTS += no-rsa
+#CONFIG_OPTS += no-dsa
+CONFIG_OPTS += no-ecdsa
+#CONFIG_OPTS += no-dh
+CONFIG_OPTS += no-ecdh
+CONFIG_OPTS += no-dso
+#CONFIG_OPTS += no-engine
+#CONFIG_OPTS += no-buffer
+#CONFIG_OPTS += no-bio
+#CONFIG_OPTS += no-stack
+#CONFIG_OPTS += no-lhash
+#CONFIG_OPTS += no-rand
+CONFIG_OPTS += no-err
+#CONFIG_OPTS += no-evp
+#CONFIG_OPTS += no-asn1
+#CONFIG_OPTS += no-x509
+#CONFIG_OPTS += no-x509v3
+#CONFIG_OPTS += no-txt_db
+#CONFIG_OPTS += no-pkcs7
+#CONFIG_OPTS += no-pkcs12
+#CONFIG_OPTS += no-comp
+#CONFIG_OPTS += no-ocsp
+#CONFIG_OPTS += no-ui
+#CONFIG_OPTS += no-store
+CONFIG_OPTS += no-pqueue
+
+# REVISIT: It would be better to have OPENSSL config options
+# which turn on this support as needed
+ifeq ($(CONFIG_USER_NESSUS_NASL)$(CONFIG_USER_SSH_SSH),)
+CONFIG_OPTS += no-ripemd
+CONFIG_OPTS += no-cast
+CONFIG_OPTS += no-rc4
+endif
+
+ifeq 
($(CONFIG_USER_NESSUS_NASL)$(CONFIG_USER_SSH_SSH)$(CONFIG_PROP_SSCEP_SSCEP),)
+CONFIG_OPTS += no-bf
+endif
+
+ifeq ($(CONFIG_USER_OPENVPN_OPENVPN)$(CONFIG_USER_WGET),)
+CONFIG_OPTS += no-md4
+endif
+
+ifdef CONFIG_OCF_OCF
+CONFIG_OPTS += --with-cryptodev
+#CONFIG_OPTS += --with-cryptodev-digests
+endif
+
+#
+# if you want engines (they are dl loaded),  a few things
+# need to be setup,  you will also need to mod everything
+# to link against -ldl if it uses libcrypto.  By default we
+# disable it (cryptodev suport is still included).
+#
+ifdef YOU_WANT_DYNAMIC_HW_ENGINES_ENABLED
+LIBSSL_dlfcn = dlfcn
+else
+CONFIG_OPTS += no-hw
+LIBSSL_dlfcn =
+endif
+
+#
+# our libs aren't in the default location yet
+#
+LDFLAGS += -L$(ROOTDIR)/lib/libssl/build
+export LDFLAGS
+
+all: