Re: Getting in touch
The way to get attention around here is show diffs :) On Tue, Feb 10, 2015 at 12:51 AM, aixtools aixto...@gmail.com wrote: L.S., Trying for a bit over a week to gt a response re: libressl. 1) If you have a established mailing-list for libressl - I did not find it. That of course says something about me - and maybe you are trying to keep people who cannot seek well enough away. I can only hope that you take this as intended - a hint you are hard to find. 2) I have some patches/ideas that could be a step forward to having libressl-portable be buildable/packageable for AIX 5.3 TL7 and up. Looking forward to your reply, regards, Michael Felt (aka @rootvgnet, http://www.rootvg.net)
Re: Getting in touch
On 2015-02-10 9:55 AM, Bob Beck wrote: The way to get attention around here is show diffs :) On Tue, Feb 10, 2015 at 12:51 AM, aixtoolsaixto...@gmail.com wrote: L.S., Trying for a bit over a week to gt a response re: libressl. 1) If you have a established mailing-list for libressl - I did not find it. That of course says something about me - and maybe you are trying to keep people who cannot seek well enough away. I can only hope that you take this as intended - a hint you are hard to find. 2) I have some patches/ideas that could be a step forward to having libressl-portable be buildable/packageable for AIX 5.3 TL7 and up. Looking forward to your reply, regards, Michael Felt (aka @rootvgnet, http://www.rootvg.net) Then first the simple diff's :) diff -ur libressl-2.1.3/configure libressl-2.1.3.save/configure --- libressl-2.1.3/configure2015-01-21 14:42:11 + +++ libressl-2.1.3.save/configure 2015-02-08 14:25:22 + @@ -3049,7 +3049,16 @@ PLATFORM_LDADD='-lnsl -lsocket' ;; - *) ;; + *aix*) + HOST_OS=aix + CFLAGS= + PLATFORM_LDADD='-lpthread' + + ;; + *) + echo $host_os not found + exit + ;; esac case $host_cpu in diff -ur libressl-2.1.3/crypto/compat/arc4random.h libressl-2.1.3.save/crypto/compat/arc4random.h --- libressl-2.1.3/crypto/compat/arc4random.h 2015-01-21 14:04:57 + +++ libressl-2.1.3.save/crypto/compat/arc4random.h 2015-02-08 15:16:01 + @@ -6,6 +6,9 @@ #if defined(__FreeBSD__) #include arc4random_freebsd.h +#elif defined(_AIX) +#include arc4random_aix.h + #elif defined(__hpux) #include arc4random_hpux.h For arc4random_aix.h I was lazy and just copied arc4random_hpux.h root@x064:[/data/prj/openbsd/libressl/libressl-2.1.3.save/crypto/compat]diff arc4random_hpux.h arc4random_aix.h root@x064:[/data/prj/openbsd/libressl/libressl-2.1.3.save/crypto/compat]ls -l arc4random_hpux.h arc4random_aix.h -rw-r--r-- 1 michael felt 2193 Feb 8 15:13 arc4random_aix.h -rw-r--r-- 1 rootsystem 2193 Jan 21 11:46 arc4random_hpux.h And the attachments: root@x064:[/data/prj/openbsd/libressl/libressl-2.1.3.save/crypto/compat]ls -l *aix.c -rw-r--r-- 1 michael felt 13110 Feb 9 17:19 getentropy_aix.c -rw-r--r-- 1 michael felt 2401 Feb 9 17:19 issetugid_aix.c As I do not understand, in detail, what the pseudo entrophy routines are doing I am guessing I made an error, i.e., may be introducing some non-randomness by using the mod (%) operator on the PURR register counters that run in nanoseconds. I may have left the size at sizeof(u_long_long_t) while the 'random' part is smaller (so high 0 bits not random). To link on AIX - to support errlog() -lrts is needed (both non-root/root can write to errpt for this event). Whether you want to use the syslog_r addition - especially the part looking up the process name (depends on /proc, so also potentially affected by a chroot() environment). Basically, ideas. I have not change the makefile in compat to add the *aix.o files into the archive. Comments welcome! Michael p.s. compiling on AIX 5.3 TL7 - 5300-07-10-0943, using IBM C compiler V11, on a Power6 /* $OpenBSD: $ */ /* * Copyright (c) 2015 Michael Felt aixto...@gmail.com * Copyright (c) 2014 Theo de Raadt dera...@openbsd.org * Copyright (c) 2014 Bob Beck b...@obtuse.com * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED AS IS AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Intended to Emulate getentropy(2) as documented at: * http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2 */ /* * -lperfstat is needed for the psuedo entropy data * -lrst is needed for errlog * also, cc_r, or equivelent is needed for syslog_r (multi-thread safe libraries) */ #include sys/mman.h #include sys/resource.h #include sys/socket.h #include sys/stat.h #include sys/statvfs.h #include sys/timers.h #include stdio.h #include fcntl.h #include signal.h #include termios.h #include errno.h #include openssl/sha.h #include libperfstat.h #define REPEAT 5 #define min(a, b) (((a) (b)) ? (a) : (b)) #define HX(a, b) \ do { \ if ((a)) \ HD(errno); \ else \ HD(b); \ } while (0)
Re: Getting in touch
Well.. there are issues with that both if you require libraries, and are not certain how the other stuff works. In short, we have to be a lot more careful than this and we can't depend on external libraries. Ideally, for us to deal with this we'd need an decent AIX running machine with OS and compilers, preferably in Austin Texas - It's something we'd need to spend a little time with to fix up. Is that anything you could assist us with? On Tue, Feb 10, 2015 at 3:00 AM, aixtools aixto...@gmail.com wrote: On 2015-02-10 9:55 AM, Bob Beck wrote: The way to get attention around here is show diffs :) On Tue, Feb 10, 2015 at 12:51 AM, aixtoolsaixto...@gmail.com wrote: L.S., Trying for a bit over a week to gt a response re: libressl. 1) If you have a established mailing-list for libressl - I did not find it. That of course says something about me - and maybe you are trying to keep people who cannot seek well enough away. I can only hope that you take this as intended - a hint you are hard to find. 2) I have some patches/ideas that could be a step forward to having libressl-portable be buildable/packageable for AIX 5.3 TL7 and up. Looking forward to your reply, regards, Michael Felt (aka @rootvgnet, http://www.rootvg.net) Then first the simple diff's :) diff -ur libressl-2.1.3/configure libressl-2.1.3.save/configure --- libressl-2.1.3/configure2015-01-21 14:42:11 + +++ libressl-2.1.3.save/configure 2015-02-08 14:25:22 + @@ -3049,7 +3049,16 @@ PLATFORM_LDADD='-lnsl -lsocket' ;; - *) ;; + *aix*) + HOST_OS=aix + CFLAGS= + PLATFORM_LDADD='-lpthread' + + ;; + *) + echo $host_os not found + exit + ;; esac case $host_cpu in diff -ur libressl-2.1.3/crypto/compat/arc4random.h libressl-2.1.3.save/crypto/compat/arc4random.h --- libressl-2.1.3/crypto/compat/arc4random.h 2015-01-21 14:04:57 + +++ libressl-2.1.3.save/crypto/compat/arc4random.h 2015-02-08 15:16:01 + @@ -6,6 +6,9 @@ #if defined(__FreeBSD__) #include arc4random_freebsd.h +#elif defined(_AIX) +#include arc4random_aix.h + #elif defined(__hpux) #include arc4random_hpux.h For arc4random_aix.h I was lazy and just copied arc4random_hpux.h root@x064:[/data/prj/openbsd/libressl/libressl-2.1.3.save/crypto/compat]diff arc4random_hpux.h arc4random_aix.h root@x064:[/data/prj/openbsd/libressl/libressl-2.1.3.save/crypto/compat]ls -l arc4random_hpux.h arc4random_aix.h -rw-r--r-- 1 michael felt 2193 Feb 8 15:13 arc4random_aix.h -rw-r--r-- 1 rootsystem 2193 Jan 21 11:46 arc4random_hpux.h And the attachments: root@x064:[/data/prj/openbsd/libressl/libressl-2.1.3.save/crypto/compat]ls -l *aix.c -rw-r--r-- 1 michael felt 13110 Feb 9 17:19 getentropy_aix.c -rw-r--r-- 1 michael felt 2401 Feb 9 17:19 issetugid_aix.c As I do not understand, in detail, what the pseudo entrophy routines are doing I am guessing I made an error, i.e., may be introducing some non-randomness by using the mod (%) operator on the PURR register counters that run in nanoseconds. I may have left the size at sizeof(u_long_long_t) while the 'random' part is smaller (so high 0 bits not random). To link on AIX - to support errlog() -lrts is needed (both non-root/root can write to errpt for this event). Whether you want to use the syslog_r addition - especially the part looking up the process name (depends on /proc, so also potentially affected by a chroot() environment). Basically, ideas. I have not change the makefile in compat to add the *aix.o files into the archive. Comments welcome! Michael p.s. compiling on AIX 5.3 TL7 - 5300-07-10-0943, using IBM C compiler V11, on a Power6
Getting in touch
L.S., Trying for a bit over a week to gt a response re: libressl. 1) If you have a established mailing-list for libressl - I did not find it. That of course says something about me - and maybe you are trying to keep people who cannot seek well enough away. I can only hope that you take this as intended - a hint you are hard to find. 2) I have some patches/ideas that could be a step forward to having libressl-portable be buildable/packageable for AIX 5.3 TL7 and up. Looking forward to your reply, regards, Michael Felt (aka @rootvgnet, http://www.rootvg.net)