Board.KolibriOS.org

Official KolibriOS board
It is currently Sun Apr 11, 2021 4:52 pm

All times are UTC+03:00




Post new topic  Reply to topic  [ 17 posts ]  Go to page 1 2 Next
Author Message
 Post subject: SSL: Mbed TLS (polarSSL)
PostPosted: Sun Oct 27, 2013 9:48 am 
Offline

Joined: Mon Sep 24, 2007 11:11 am
Posts: 2810
В начале этого года портировал polarSSL, но так и не смог его допилить - соединение вроде открывает, но хендшейк не проходит. Думаю, что какая-то мелочь. Библиотека на Си. Гипотетически можно её слинковать в COFF.

This year I ported polarSSL, but port isn't finished - it can open network socket, and send some data, but can't make handshake. I think there are some minor bugs.

Я бы и не вспомнил об этом, если бы esevece не предложил polarSSL портировать сегодня.


Attachments:
polar.7z [368.84 KiB]
Downloaded 321 times
Top
   
 Post subject: Re: SSL: polarSSL
PostPosted: Mon Nov 11, 2013 10:47 pm 
Offline
Mentor/Kernel Developer
User avatar

Joined: Fri Jun 30, 2006 9:01 am
Posts: 1279
Guidelines on how to create the COFF file:

Quote:
1) convert all ELF to COFF using objcopy
2) link all COFF files to one using LD
3) take menuetlibc.a, unpack it and link it to one COFF file too
4) link SSL.o to libc.o
5) add Kolibrish export table for polarSSL functions in some other COFF-file
5.5) link that file to MEGA.o
6) PROFIT!

_________________
"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius -- and a lot of courage -- to move in the opposite direction." Albert Einstein


Top
   
 Post subject: Re: SSL: polarSSL
PostPosted: Mon Nov 11, 2013 11:35 pm 
Offline

Joined: Mon Sep 24, 2007 11:11 am
Posts: 2810
I really don't sure if this will work or not, but I sure it's at least possible to link all *.o files to Kolibri COFF library - like I did with iconv and truetype_stb.


Top
   
 Post subject: Re: SSL: polarSSL
PostPosted: Tue Nov 12, 2013 10:34 am 
Offline
Mentor/Kernel Developer
User avatar

Joined: Fri Jun 30, 2006 9:01 am
Posts: 1279
I have looked at the code for PolarSSL and noticed that the sockets code in net.c is full of stubs, written to work with the old network stack.
It seems that new socket functions are not implemented yet in libc, is this true? If so, where should they be, in src\libc\net\socket.c ?

_________________
"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius -- and a lot of courage -- to move in the opposite direction." Albert Einstein


Top
   
 Post subject: Netsurf
PostPosted: Sun Sep 28, 2014 10:49 pm 
Offline

Joined: Tue Feb 12, 2013 9:48 pm
Posts: 166
I want to help with PolarSSL. Is someone working on it?


Top
   
 Post subject: Re: Netsurf
PostPosted: Sun Sep 28, 2014 11:06 pm 
Offline
Mentor/Kernel Developer
User avatar

Joined: Fri Jun 30, 2006 9:01 am
Posts: 1279
esevece wrote:
I want to help with PolarSSL. Is someone working on it?


I'm not working on it. Do you know what to do?

_________________
"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius -- and a lot of courage -- to move in the opposite direction." Albert Einstein


Top
   
 Post subject: Re: Netsurf
PostPosted: Mon Sep 29, 2014 5:20 am 
Offline

Joined: Tue Feb 12, 2013 9:48 pm
Posts: 166
I remember (from last year) that was necessary to write some network functions. But I don't know how much is necessary to write now.
Yogev have brought to my attention this topic: viewtopic.php?f=40&t=2460, so I will use that topic if you prefer.
I can start to work using as base the work done by SoUrcerer.

I want to be focused in the security stuff, so I can start by working on PolarSSL.


Top
   
 Post subject: Re: SSL: polarSSL
PostPosted: Sat Mar 12, 2016 8:09 pm 
Offline
KSoC/GSoC Student
User avatar

Joined: Sat Mar 12, 2016 1:05 pm
Posts: 2
Hello Everyone!
I am interested in this idea
http://wiki.kolibrios.org/wiki/Google_S ... t_PolarSSL
and I want to do some contribution to this project, therefore I want to know what is current status of project and where should I start from!?

_________________
Thanks and Regards,
Jagmeet Singh


Top
   
 Post subject: Re: SSL: polarSSL
PostPosted: Sat Mar 12, 2016 9:42 pm 
Offline
Mentor/Kernel Developer
User avatar

Joined: Fri Jun 30, 2006 9:01 am
Posts: 1279
Hi,

As far as I know, no developments have been made since the source code was posted here in this thread.
Best would be to try to compile it, and see what is wrong with it :-)

Good luck.

_________________
"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius -- and a lot of courage -- to move in the opposite direction." Albert Einstein


Top
   
 Post subject: Re: SSL: polarSSL
PostPosted: Sun Oct 29, 2017 10:21 am 
Offline
Mentor

Joined: Tue Mar 11, 2014 11:37 am
Posts: 184
Polar SSL has been superseded by mbed TLS.

https://tls.mbed.org/

We should try to port mbed TLS with newlib to KolibriOS.

_________________
---
Check out the Netsurf Web Browser for KolibriOS.
Read the wiki and happy hacking with KolibriOS!


Top
   
 Post subject: Re: SSL: polarSSL
PostPosted: Sun Dec 20, 2020 12:34 am 
Offline
User avatar

Joined: Mon Apr 06, 2020 1:09 pm
Posts: 85
Hello ! It seems like i ve ported mbedTLS, but I have one problem - it does not work :D . I ve modifed (e.g see library/net_sockets.c) mbedtls so that i could build it to static library. Also i ve built ssl_client1 (it is a program on which i test mbedtls) and linked it with mbedtls port, as you can see at the screenshot below it gives error:
Spoiler: Show
Attachment:
e-nCwR8HfZI.jpg
e-nCwR8HfZI.jpg [ 128.17 KiB | Viewed 1329 times ]

Also, unlike the previous port, my port uses new network stack (sysfn75 and network.obj) via wrapper library kosnet.
P.S maybe current error caused by enabling MBEDTLS_NO_PLATFORM_ENTROPY in config.h (otherwise it won't compile for now)
P.P.S it would be cool if someone here fix this and maybe other errors and improve the port
P.P.P.S here is all the code in zip below


Attachments:
kos_mbedtls-main(1).zip [3.48 MiB]
Downloaded 36 times

_________________
The best way to predict the future is to create it.
Top
   
PostPosted: Sun Dec 20, 2020 1:06 pm 
Offline
Mentor/Kernel Developer
User avatar

Joined: Fri Jun 30, 2006 9:01 am
Posts: 1279
You could try to uncomment
Code:
//#define MBEDTLS_TEST_NULL_ENTROPY
in config.h
Better yet would be to implement some entropy sources.

_________________
"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius -- and a lot of courage -- to move in the opposite direction." Albert Einstein


Top
   
PostPosted: Sun Dec 20, 2020 11:51 pm 
Offline
User avatar

Joined: Mon Apr 06, 2020 1:09 pm
Posts: 85
hidnplayr wrote:
You could try to uncomment
Code:
//#define MBEDTLS_TEST_NULL_ENTROPY
in config.h
Better yet would be to implement some entropy sources.

I tried this, its a big progress ! Now it fails when performing handshake:
Spoiler: Show
Attachment:
mbedtls_screen2.png
mbedtls_screen2.png [ 54.05 KiB | Viewed 1258 times ]

Also, I made the repository public, now it is available at https://github.com/rgimad/kos_mbedtls

_________________
The best way to predict the future is to create it.


Top
   
PostPosted: Mon Dec 21, 2020 12:26 pm 
Offline
Mentor/Kernel Developer
User avatar

Joined: Fri Jun 30, 2006 9:01 am
Posts: 1279
I think its quite normal that you get EOF on your client.
Try changing the port to 443 instead of 80 in your test program.

BR,

_________________
"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius -- and a lot of courage -- to move in the opposite direction." Albert Einstein


Top
   
PostPosted: Tue Dec 22, 2020 1:11 pm 
Offline
User avatar

Joined: Mon Apr 06, 2020 1:09 pm
Posts: 85
hidnplayr wrote:
I think its quite normal that you get EOF on your client.
Try changing the port to 443 instead of 80 in your test program.

BR,

Thanks! I did this and it started work! It reads html contents of sites main pages as you can see:
Spoiler: Show
yandex:
Attachment:
success_yandex.png
success_yandex.png [ 69.49 KiB | Viewed 1164 times ]

acmp.ru:
Attachment:
succes_acmp.ru.png
succes_acmp.ru.png [ 58.59 KiB | Viewed 1164 times ]

upd: also works on real hardware, photos:
Spoiler: Show
Attachment:
rFYr9_qJ3xM.jpg
rFYr9_qJ3xM.jpg [ 1.25 MiB | Viewed 1157 times ]

Attachment:
XEBD8G53ivc.jpg
XEBD8G53ivc.jpg [ 838.13 KiB | Viewed 1157 times ]

_________________
The best way to predict the future is to create it.


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 17 posts ]  Go to page 1 2 Next

All times are UTC+03:00


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Limited