Page 1 of 2

SSL: Mbed TLS (polarSSL)

Posted: Sun Oct 27, 2013 9:48 am
by SoUrcerer
В начале этого года портировал polarSSL, но так и не смог его допилить - соединение вроде открывает, но хендшейк не проходит. Думаю, что какая-то мелочь. Библиотека на Си. Гипотетически можно её слинковать в COFF.

This year I ported polarSSL, but port isn't finished - it can open network socket, and send some data, but can't make handshake. I think there are some minor bugs.

Я бы и не вспомнил об этом, если бы esevece не предложил polarSSL портировать сегодня.

Re: SSL: polarSSL

Posted: Mon Nov 11, 2013 10:47 pm
by hidnplayr
Guidelines on how to create the COFF file:
1) convert all ELF to COFF using objcopy
2) link all COFF files to one using LD
3) take menuetlibc.a, unpack it and link it to one COFF file too
4) link SSL.o to libc.o
5) add Kolibrish export table for polarSSL functions in some other COFF-file
5.5) link that file to MEGA.o
6) PROFIT!

Re: SSL: polarSSL

Posted: Mon Nov 11, 2013 11:35 pm
by SoUrcerer
I really don't sure if this will work or not, but I sure it's at least possible to link all *.o files to Kolibri COFF library - like I did with iconv and truetype_stb.

Re: SSL: polarSSL

Posted: Tue Nov 12, 2013 10:34 am
by hidnplayr
I have looked at the code for PolarSSL and noticed that the sockets code in net.c is full of stubs, written to work with the old network stack.
It seems that new socket functions are not implemented yet in libc, is this true? If so, where should they be, in src\libc\net\socket.c ?

Netsurf

Posted: Sun Sep 28, 2014 10:49 pm
by stefano
I want to help with PolarSSL. Is someone working on it?

Re: Netsurf

Posted: Sun Sep 28, 2014 11:06 pm
by hidnplayr
esevece wrote:I want to help with PolarSSL. Is someone working on it?
I'm not working on it. Do you know what to do?

Re: Netsurf

Posted: Mon Sep 29, 2014 5:20 am
by stefano
I remember (from last year) that was necessary to write some network functions. But I don't know how much is necessary to write now.
Yogev have brought to my attention this topic: viewtopic.php?f=40&t=2460, so I will use that topic if you prefer.
I can start to work using as base the work done by SoUrcerer.

I want to be focused in the security stuff, so I can start by working on PolarSSL.

Re: SSL: polarSSL

Posted: Sat Mar 12, 2016 8:09 pm
by jagmeet
Hello Everyone!
I am interested in this idea
http://wiki.kolibrios.org/wiki/Google_S ... t_PolarSSL
and I want to do some contribution to this project, therefore I want to know what is current status of project and where should I start from!?

Re: SSL: polarSSL

Posted: Sat Mar 12, 2016 9:42 pm
by hidnplayr
Hi,

As far as I know, no developments have been made since the source code was posted here in this thread.
Best would be to try to compile it, and see what is wrong with it :-)

Good luck.

Re: SSL: polarSSL

Posted: Sun Oct 29, 2017 10:21 am
by ashmew2
Polar SSL has been superseded by mbed TLS.

https://tls.mbed.org/

We should try to port mbed TLS with newlib to KolibriOS.

Re: SSL: polarSSL

Posted: Sun Dec 20, 2020 12:34 am
by rgimad
Hello ! It seems like i ve ported mbedTLS, but I have one problem - it does not work :D . I ve modifed (e.g see library/net_sockets.c) mbedtls so that i could build it to static library. Also i ve built ssl_client1 (it is a program on which i test mbedtls) and linked it with mbedtls port, as you can see at the screenshot below it gives error:
Spoiler:
e-nCwR8HfZI.jpg
e-nCwR8HfZI.jpg (128.17 KiB)
Viewed 9437 times
Also, unlike the previous port, my port uses new network stack (sysfn75 and network.obj) via wrapper library kosnet.
P.S maybe current error caused by enabling MBEDTLS_NO_PLATFORM_ENTROPY in config.h (otherwise it won't compile for now)
P.P.S it would be cool if someone here fix this and maybe other errors and improve the port
P.P.P.S here is all the code in zip below

Re: SSL: Mbed TLS (polarSSL)

Posted: Sun Dec 20, 2020 1:06 pm
by hidnplayr
You could try to uncomment

Code: Select all

//#define MBEDTLS_TEST_NULL_ENTROPY
in config.h
Better yet would be to implement some entropy sources.

Re: SSL: Mbed TLS (polarSSL)

Posted: Sun Dec 20, 2020 11:51 pm
by rgimad
hidnplayr wrote:You could try to uncomment

Code: Select all

//#define MBEDTLS_TEST_NULL_ENTROPY
in config.h
Better yet would be to implement some entropy sources.
I tried this, its a big progress ! Now it fails when performing handshake:
Spoiler:
mbedtls_screen2.png
mbedtls_screen2.png (54.05 KiB)
Viewed 9366 times
Also, I made the repository public, now it is available at https://github.com/rgimad/kos_mbedtls

Re: SSL: Mbed TLS (polarSSL)

Posted: Mon Dec 21, 2020 12:26 pm
by hidnplayr
I think its quite normal that you get EOF on your client.
Try changing the port to 443 instead of 80 in your test program.

BR,

Re: SSL: Mbed TLS (polarSSL)

Posted: Tue Dec 22, 2020 1:11 pm
by rgimad
hidnplayr wrote:I think its quite normal that you get EOF on your client.
Try changing the port to 443 instead of 80 in your test program.

BR,
Thanks! I did this and it started work! It reads html contents of sites main pages as you can see:
Spoiler:yandex:
success_yandex.png
success_yandex.png (69.49 KiB)
Viewed 9272 times
acmp.ru:
succes_acmp.ru.png
succes_acmp.ru.png (58.59 KiB)
Viewed 9272 times
upd: also works on real hardware, photos:
Spoiler:
rFYr9_qJ3xM.jpg
rFYr9_qJ3xM.jpg (1.25 MiB)
Viewed 9265 times
XEBD8G53ivc.jpg
XEBD8G53ivc.jpg (838.13 KiB)
Viewed 9265 times