OpenSSL

IRIX/Nekoware development, porting and related topics.
Forum rules
Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.
armanox
Posts: 206
Joined: Sun Feb 23, 2014 9:31 pm
Location: Baltimore, MD, USA

OpenSSL

Unread postby armanox » Tue Mar 17, 2015 9:14 pm

Anyone using newer versions of OpenSSL with IRIX? Like say...a 1.x build? And have it work pretty correctly? I can get 1.0.1 to build, but make test fails all over the place. I'm now using mbedTLS (used to be PolarSSL) with curl so that I can download stuff via https with out hassle, since everyone has disabled SSL2 and 3 at this point it seems....
"Apollo was astonished, Dionysus thought me mad."
:Octane: :Octane: :O2:

User avatar
foetz
Moderator
Moderator
Posts: 6542
Joined: Mon Apr 14, 2003 4:34 am
Contact:

Re: OpenSSL

Unread postby foetz » Tue Mar 17, 2015 10:29 pm

armanox wrote:I'm now using mbedTLS (used to be PolarSSL) with curl

and that causes problems?

armanox
Posts: 206
Joined: Sun Feb 23, 2014 9:31 pm
Location: Baltimore, MD, USA

Re: OpenSSL

Unread postby armanox » Wed Mar 18, 2015 9:32 am

foetz wrote:
armanox wrote:I'm now using mbedTLS (used to be PolarSSL) with curl

and that causes problems?


No, in fact, I was quite pleased when it built with only one modification (I'm going to send it back to them so they can support us!). The issue is the amount of software that does depend on OpenSSL or GNUTLS.
"Apollo was astonished, Dionysus thought me mad."
:Octane: :Octane: :O2:

User avatar
Raion-Fox
Donor
Donor
Posts: 1331
Joined: Thu Jan 30, 2014 5:01 pm
Location: near King George, Virginia
Contact:

Re: OpenSSL

Unread postby Raion-Fox » Wed Mar 18, 2015 9:45 am

Someone got LibreSSL working, honestly that is what I would push for.
:O3x02L: R16000 700MHz 8GB RAM kanna
:Octane: R12000 300MHz SI 896MB RAM yuuka
:Octane2: R12000A 400MHz V6 2.5GB RAM
:Indy: (Acclaim) R4600 133MHz XL Graphics 32MB RAM
:Indy: (Challenge S) R4600 133MHz (MIPS III Build Server)
Thinkpad W530 i7 3940XM 3GHz, 32GB, K1000M Windows 8.1 Embedded rin
Thinkpad R40 Pentium M 1.5GHz 2GB RAM kasha

armanox
Posts: 206
Joined: Sun Feb 23, 2014 9:31 pm
Location: Baltimore, MD, USA

Re: OpenSSL

Unread postby armanox » Wed Mar 18, 2015 11:23 am

TeamBlackFox wrote:Someone got LibreSSL working, honestly that is what I would push for.


I had said I got it to build, not that it all worked. The SGI compatibility stuff in there (and I might add, the AIX stuff) was all me, but it requires some pieces that I don't have the time to try to port or develop.
"Apollo was astonished, Dionysus thought me mad."
:Octane: :Octane: :O2:

User avatar
foetz
Moderator
Moderator
Posts: 6542
Joined: Mon Apr 14, 2003 4:34 am
Contact:

Re: OpenSSL

Unread postby foetz » Wed Mar 18, 2015 4:02 pm

well one step at a time. do certain programs only work right with openssl 1.x?
if so does openssl 1.x fail to build? and if yes is it something that is irix specific and cannot be fixed?

armanox
Posts: 206
Joined: Sun Feb 23, 2014 9:31 pm
Location: Baltimore, MD, USA

Re: OpenSSL

Unread postby armanox » Wed Mar 18, 2015 4:12 pm

foetz wrote:well one step at a time. do certain programs only work right with openssl 1.x?
if so does openssl 1.x fail to build? and if yes is it something that is irix specific and cannot be fixed?


OpenSSL 1.0.1 will build, but fails miserably when you run "make test" on calculating SHA1, and I remember it failing to work correctly when I attempted to use it (things just...didn't work).
OpenSSL 0.9.8 is too old to be useful for a lot of things (since everyone has disabled SSL2 and SSL3), but is the last version that is packaged by nekoware for IRIX.
"Apollo was astonished, Dionysus thought me mad."
:Octane: :Octane: :O2:

User avatar
foetz
Moderator
Moderator
Posts: 6542
Joined: Mon Apr 14, 2003 4:34 am
Contact:

Re: OpenSSL

Unread postby foetz » Wed Mar 18, 2015 4:23 pm

armanox wrote:OpenSSL 0.9.8 is too old to be useful for a lot of things

could you give a few examples?

User avatar
vishnu
Donor
Donor
Posts: 3174
Joined: Sun Mar 18, 2007 3:25 pm
Location: Minneapolis, Minnesota USA

Re: OpenSSL

Unread postby vishnu » Wed Mar 18, 2015 5:12 pm

One thing's for sure, the LibreSSL guys didn't think too highly of the state of the OpenSSL code when they forked it.
Project:
Temporarily lost at sea...
Plan:
World domination! Or something...

:Tezro: :Octane2:

armanox
Posts: 206
Joined: Sun Feb 23, 2014 9:31 pm
Location: Baltimore, MD, USA

Re: OpenSSL

Unread postby armanox » Wed Mar 18, 2015 5:15 pm

foetz wrote:
armanox wrote:OpenSSL 0.9.8 is too old to be useful for a lot of things

could you give a few examples?


It doesn't support TLS 1.1 and 1.2, for example.
"Apollo was astonished, Dionysus thought me mad."
:Octane: :Octane: :O2:

User avatar
Raion-Fox
Donor
Donor
Posts: 1331
Joined: Thu Jan 30, 2014 5:01 pm
Location: near King George, Virginia
Contact:

Re: OpenSSL

Unread postby Raion-Fox » Wed Mar 18, 2015 5:16 pm

Well then, what are our options? Use an old OpenSSL library, somehow debug the newer version, or port libressl - in both latter cases the task is likely to be monumental, but I would imagine the clean codebase of LibreSSL would be marginally easier
:O3x02L: R16000 700MHz 8GB RAM kanna
:Octane: R12000 300MHz SI 896MB RAM yuuka
:Octane2: R12000A 400MHz V6 2.5GB RAM
:Indy: (Acclaim) R4600 133MHz XL Graphics 32MB RAM
:Indy: (Challenge S) R4600 133MHz (MIPS III Build Server)
Thinkpad W530 i7 3940XM 3GHz, 32GB, K1000M Windows 8.1 Embedded rin
Thinkpad R40 Pentium M 1.5GHz 2GB RAM kasha

User avatar
foetz
Moderator
Moderator
Posts: 6542
Joined: Mon Apr 14, 2003 4:34 am
Contact:

Re: OpenSSL

Unread postby foetz » Wed Mar 18, 2015 5:26 pm

vishnu wrote:One thing's for sure, the LibreSSL guys didn't think too highly of the state of the OpenSSL code when they forked it.

they should've kept the build system tho. libressl comes with a bunch of crap such as hardcoded, gcc specific cflags and such

User avatar
vishnu
Donor
Donor
Posts: 3174
Joined: Sun Mar 18, 2007 3:25 pm
Location: Minneapolis, Minnesota USA

Re: OpenSSL

Unread postby vishnu » Wed Mar 18, 2015 5:41 pm

foetz wrote:
vishnu wrote:One thing's for sure, the LibreSSL guys didn't think too highly of the state of the OpenSSL code when they forked it.

they should've kept the build system tho. libressl comes with a bunch of crap such as hardcoded, gcc specific cflags and such

Well that's retarded. But apparently not as retarded as the OpenSSL codebase:

http://www.openbsd.org/papers/bsdcan14-libressl/mgp00001.html

Even if only a tiny fraction of what he's saying is accurate, wowwwwww... :shock: :roll:
Project:
Temporarily lost at sea...
Plan:
World domination! Or something...

:Tezro: :Octane2:

armanox
Posts: 206
Joined: Sun Feb 23, 2014 9:31 pm
Location: Baltimore, MD, USA

Re: OpenSSL

Unread postby armanox » Wed Mar 18, 2015 5:56 pm

In case you're curious, my efforts for IRIX (and AIX) ended due to issues with arc4random and getentrophy. If I have a sudden explosion of free time I might start hacking away at it again, but my port is pretty dead for the moment (plus I'm a few versions behind now too).

Oh, and the fact that IRIX does not support mapping anonymous pages doesn't help either.
"Apollo was astonished, Dionysus thought me mad."
:Octane: :Octane: :O2:

User avatar
foetz
Moderator
Moderator
Posts: 6542
Joined: Mon Apr 14, 2003 4:34 am
Contact:

Re: OpenSSL

Unread postby foetz » Wed Mar 18, 2015 6:03 pm


funny to read "- Do portability right. " in there. at that they not only completely failed so far but actully made it much worse.
"- Preserve API/ABI compatibility with OpenSSL - We want to be essentially a drop in replacement." which failed as well. e.g. they simply dropped egd stuff completely without leaving any kind of warning, replacement dummy or whatsoever in place.

that aside i'm curious about why the presentation looks like from a 5th grader :P

armanox wrote:Oh, and the fact that IRIX does not support mapping anonymous pages doesn't help either.

that's an easy fix. i did that for my last postgresql builds. i can dig out the details if you're interested


Return to “SGI: Development”

Who is online

Users browsing this forum: No registered users and 1 guest