From: Valentijn S. <v.s...@op...> - 2005-08-25 12:56:14
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello list, I'm trying to cross compile the ipsec-tools (in fact, I'd like to compile only setkey) Now the ipsec-tools depend on openssl, but openssl is a rather large library, which is too big for the embedded system I'm working for. Being stubborn and without clue, I stil wanted to try to make something of setkey - - thinking that the openssl-dependencies for setkey couldn't be too big anyway. But now I'm stuck :-( I can't find out how this openssl dependency works and where it depends on. Static compiling doesn't work - or I don't know how to handle it. Can anyone point me in the right direction? Or is this a silly undertaking because setkey really needs the whole openssl and nothing but the openssl? Best regards, Valentijn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFDDb/oTRf3oaxjt6kRApHHAJ9eNjT65yM0YZ40CCh5I7RGuWLqUwCgikHa ZKWjmiGBv3PMhrMKl2v03pY= =hCiK -----END PGP SIGNATURE----- |
From: Matthias S. <mat...@ta...> - 2005-08-25 13:14:05
|
On Thu, Aug 25, 2005 at 02:56:09PM +0200, Valentijn Sessink wrote: > I can't find out how this openssl dependency works and where it depends on. From what I can see by examining the "setkey" object files with "nm" "setkey" itself doesn't depend on OpenSSL. So it seems that it is really "libipsec" which depends on OpenSSL. And "setkey" depends on "libipsec" of course. > Static compiling doesn't work - ... It works fine for me under NetBSD 3.0_BETA. It should work, too, if you really have all the necessary static libraries available. You'll need a static version of "libcrypto.a". > Can anyone point me in the right direction? Or is this a silly undertaking > because setkey really needs the whole openssl and nothing but the openssl? I guess that "setkey" or too me more precise the portions of "libipsec" which "setkey" uses only need a few functions from "libcrypto". So if you get static linking working you should be fine. Kind regards -- Matthias Scheler Phone: +44 1223 200 648 Senior Software Developer Fax: +44 1223 200 641 Tadpole Computer Ltd. |
From: Aidas K. <a.k...@gm...> - 2005-08-25 13:21:52
|
Valentijn Sessink wrote: > Hello list, > > I'm trying to cross compile the ipsec-tools (in fact, I'd like to compile > only setkey) > > Now the ipsec-tools depend on openssl, but openssl is a rather large > library, which is too big for the embedded system I'm working for. Being > stubborn and without clue, I stil wanted to try to make something of setkey > - thinking that the openssl-dependencies for setkey couldn't be too big > anyway. > > But now I'm stuck :-( > > I can't find out how this openssl dependency works and where it depends on. > Static compiling doesn't work - or I don't know how to handle it. > > Can anyone point me in the right direction? Or is this a silly undertaking > because setkey really needs the whole openssl and nothing but the openssl? setkey uses openssl to learn acceptable/default key sizes of various encryption and hash result sizes of hash algorithms. It needs these values when: - parses input and user sets SA's parameters manually; - dumps SAs (not sure, have not consulted source). So indeed, setkey's dependency on openssl is not a big one and with some effort it is possible to eliminate it. BUT, ant this is big but. In typical usage of setkey program, there should be ISAKMP daemon, which will need a lot of what crypto library provides. Most popular crypto library is openssl, so there are good chances that your box will need openssl anyway. And if you try to use setkey to setup firewalling, then IMHO you'd better use iptables/ipf/whatever is for your platform. Have I answered your question? -- Aidas Kasparas IT administrator GM Consult Group, UAB |