OpenSSL

IRIX/Nekoware development, porting and related topics.
Forum rules
Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.
armanox
Posts: 206
Joined: Sun Feb 23, 2014 9:31 pm
Location: Baltimore, MD, USA

Re: OpenSSL

Unread postby armanox » Wed Mar 18, 2015 7:49 pm

foetz wrote:
armanox wrote:Oh, and the fact that IRIX does not support mapping anonymous pages doesn't help either.

that's an easy fix. i did that for my last postgresql builds. i can dig out the details if you're interested


Yes please, because if I should go back to it (which I may since I still have an interest) it would prove very useful.
"Apollo was astonished, Dionysus thought me mad."
:Octane: :Octane: :O2:

User avatar
foetz
Moderator
Moderator
Posts: 6590
Joined: Mon Apr 14, 2003 4:34 am
Contact:

Re: OpenSSL

Unread postby foetz » Wed Mar 18, 2015 8:30 pm

armanox wrote:Yes please, because if I should go back to it (which I may since I still have an interest) it would prove very useful.

no prob. just open /dev/zero and map that fd shared. it was based on this: http://man7.org/tlpi/code/online/dist/m ... map.c.html
in my case adopted to postgresql of course but you can use it for anything else

armanox
Posts: 206
Joined: Sun Feb 23, 2014 9:31 pm
Location: Baltimore, MD, USA

Re: OpenSSL

Unread postby armanox » Wed Mar 18, 2015 9:32 pm

foetz wrote:
armanox wrote:Yes please, because if I should go back to it (which I may since I still have an interest) it would prove very useful.

no prob. just open /dev/zero and map that fd shared. it was based on this: http://man7.org/tlpi/code/online/dist/m ... map.c.html
in my case adopted to postgresql of course but you can use it for anything else


Well, that solved one problem anyway. I'll start to attack the "getentrophy" section next. (I have a libressl-2.1.2 that compiles, but is totally useless).
"Apollo was astonished, Dionysus thought me mad."
:Octane: :Octane: :O2:

User avatar
foetz
Moderator
Moderator
Posts: 6590
Joined: Mon Apr 14, 2003 4:34 am
Contact:

Re: OpenSSL

Unread postby foetz » Wed Mar 18, 2015 10:02 pm

i didn't have problems with 0.9.8 so far but the thread here made me curious so i built openssl 1.0.2 and ran a few tests. in particular what you mentioned:

Code: Select all

openssl s_client -connect google.com:443 -tls1_2
...
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 377D63936E31C49711BA2193BFE34113C136F9D25C7B753C36B47432D59D67EA
    Session-ID-ctx:
    Master-Key: E8D9D45EE9F7CF260481744A36E660E0F30CCDF3DCDAC649D95350023AC584DEA05E5D95887D55028ED60E58AE97E079

openssl dgst -sha1 curl_7410.tardist
SHA1(curl_7410.tardist)= ed4f05342ffab45dafc79419244e848416206c5b


also built a new curl and openssh based on 1.0.2 and they worked, too. maybe i missed something but the things i usually do worked all fine. in case you wanna grab them: viewtopic.php?f=7&t=16728266&p=7377731#p7377731

armanox
Posts: 206
Joined: Sun Feb 23, 2014 9:31 pm
Location: Baltimore, MD, USA

Re: OpenSSL

Unread postby armanox » Fri Mar 20, 2015 11:55 am

Interestingly enough 1.0.2a built where 1.0.2 failed for me. Running 'make test' now to see how it does.

Running 'make test' appears successful. They must have fixed something between .1 and .2 because it used to fail miserably. Now I'm going to have to rebuild wget...lol
Last edited by foetz on Fri Mar 20, 2015 6:26 pm, edited 1 time in total.
Reason: merged
"Apollo was astonished, Dionysus thought me mad."
:Octane: :Octane: :O2:

Axatax_
Posts: 92
Joined: Wed Jan 21, 2015 3:08 pm

Re: OpenSSL

Unread postby Axatax_ » Fri Mar 20, 2015 6:12 pm

You guys are really brave messing with this pile. Good luck.

armanox
Posts: 206
Joined: Sun Feb 23, 2014 9:31 pm
Location: Baltimore, MD, USA

Re: OpenSSL

Unread postby armanox » Mon Mar 23, 2015 9:43 am

Axatax_ wrote:You guys are really brave messing with this pile. Good luck.


Not messing with it too much since the OpenSSL team tries to support ALL the platforms. Just seeing if it still builds and works correctly. The libreSSL stuff is a bit harder, since the team tossed all the compatibility stuff in favor of making the code manageable and more 'secure' - with portability as an afterthought. For a short while there I had it building (and partially running) on IRIX and AIX, but they quickly moved to requiring getentrophy and/or arc4random, which are lacking on IRIX and AIX (http://www.openbsd.org/build/mirrors/openntpd-portable.html.head).
"Apollo was astonished, Dionysus thought me mad."
:Octane: :Octane: :O2:

User avatar
ClassicHasClass
Donor
Donor
Posts: 2106
Joined: Wed Jul 25, 2012 7:12 pm
Location: Sunny So Cal
Contact:

Re: OpenSSL

Unread postby ClassicHasClass » Mon Mar 23, 2015 10:08 pm

libreSSL -- libre of everything we don't like so there
smit happens.

:Fuel: bigred, 900MHz R16K, 4GB RAM, V12 DCD, 6.5.30
:Indy: indy, 150MHz R4400SC, 256MB RAM, XL24, 6.5.10
:Indigo2IMP: purplehaze, 175MHz R10000, Solid IMPACT
probably posted from Image bruce, Quad 2.5GHz PowerPC 970MP, 16GB RAM, Mac OS X 10.4.11
plus IBM POWER6 p520 * Apple Network Server 500 * RDI PrecisionBook * BeBox * Solbourne S3000 * Commodore 128 * many more...

User avatar
Nuke
Posts: 157
Joined: Tue Jan 10, 2012 6:30 am
Contact:

Re: OpenSSL

Unread postby Nuke » Tue Mar 24, 2015 7:55 am

vishnu wrote:
foetz wrote:
vishnu wrote:One thing's for sure, the LibreSSL guys didn't think too highly of the state of the OpenSSL code when they forked it.

they should've kept the build system tho. libressl comes with a bunch of crap such as hardcoded, gcc specific cflags and such

Well that's retarded. But apparently not as retarded as the OpenSSL codebase:

http://www.openbsd.org/papers/bsdcan14-libressl/mgp00001.html

Even if only a tiny fraction of what he's saying is accurate, wowwwwww... :shock: :roll:

http://www.openbsd.org/papers/bsdcan14- ... 00011.html
http://www.openbsd.org/papers/bsdcan14- ... 00012.html
Well, I can understand not re-implementing libc?

The drop-in replacement part, though...not supporting everything the original supports, just "what people will probably use"? This sounds tolerable for me given I probably won't ever need any of the things they've removed but I still don't like the idea of intentionally not supporting things and then saying "drop-in replacement".

armanox
Posts: 206
Joined: Sun Feb 23, 2014 9:31 pm
Location: Baltimore, MD, USA

Re: OpenSSL

Unread postby armanox » Tue Mar 24, 2015 8:35 am

Nuke wrote:
vishnu wrote:
foetz wrote:
vishnu wrote:One thing's for sure, the LibreSSL guys didn't think too highly of the state of the OpenSSL code when they forked it.

they should've kept the build system tho. libressl comes with a bunch of crap such as hardcoded, gcc specific cflags and such

Well that's retarded. But apparently not as retarded as the OpenSSL codebase:

http://www.openbsd.org/papers/bsdcan14-libressl/mgp00001.html

Even if only a tiny fraction of what he's saying is accurate, wowwwwww... :shock: :roll:

http://www.openbsd.org/papers/bsdcan14- ... 00011.html
http://www.openbsd.org/papers/bsdcan14- ... 00012.html
Well, I can understand not re-implementing libc?

The drop-in replacement part, though...not supporting everything the original supports, just "what people will probably use"? This sounds tolerable for me given I probably won't ever need any of the things they've removed but I still don't like the idea of intentionally not supporting things and then saying "drop-in replacement".

It is far from a drop in replacement when they only support a couple of platforms. I can build OpenSSL on many platforms that are still alive but not common, say OpenVMS, that I doubt libreSSL will ever support. And then you have things like IRIX and AIX that don't work because the OpenBSD team never implemented arc4random and such, instead saying complain to SGI and IBM that the OS doesn't do things the way the OpenBSD team feels they should be done.
"Apollo was astonished, Dionysus thought me mad."
:Octane: :Octane: :O2:


Return to “SGI: Development”

Who is online

Users browsing this forum: linkdex [Bot] and 1 guest