SSL: Mbed TLS (polarSSL)

...
  • Guidelines on how to create the COFF file:
    1) convert all ELF to COFF using objcopy
    2) link all COFF files to one using LD
    3) take menuetlibc.a, unpack it and link it to one COFF file too
    4) link SSL.o to libc.o
    5) add Kolibrish export table for polarSSL functions in some other COFF-file
    5.5) link that file to MEGA.o
    6) PROFIT!
    "Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius -- and a lot of courage -- to move in the opposite direction." Albert Einstein
  • I really don't sure if this will work or not, but I sure it's at least possible to link all *.o files to Kolibri COFF library - like I did with iconv and truetype_stb.
  • I have looked at the code for PolarSSL and noticed that the sockets code in net.c is full of stubs, written to work with the old network stack.
    It seems that new socket functions are not implemented yet in libc, is this true? If so, where should they be, in src\libc\net\socket.c ?
    "Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius -- and a lot of courage -- to move in the opposite direction." Albert Einstein
  • I want to help with PolarSSL. Is someone working on it?
  • esevece wrote:I want to help with PolarSSL. Is someone working on it?
    I'm not working on it. Do you know what to do?
    "Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius -- and a lot of courage -- to move in the opposite direction." Albert Einstein
  • I remember (from last year) that was necessary to write some network functions. But I don't know how much is necessary to write now.
    Yogev have brought to my attention this topic: viewtopic.php?f=40&t=2460, so I will use that topic if you prefer.
    I can start to work using as base the work done by SoUrcerer.

    I want to be focused in the security stuff, so I can start by working on PolarSSL.
  • Hello Everyone!
    I am interested in this idea
    http://wiki.kolibrios.org/wiki/Google_S ... t_PolarSSL
    and I want to do some contribution to this project, therefore I want to know what is current status of project and where should I start from!?
    Thanks and Regards,
    Jagmeet Singh
  • Hi,

    As far as I know, no developments have been made since the source code was posted here in this thread.
    Best would be to try to compile it, and see what is wrong with it :-)

    Good luck.
    "Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius -- and a lot of courage -- to move in the opposite direction." Albert Einstein
  • Polar SSL has been superseded by mbed TLS.

    https://tls.mbed.org/

    We should try to port mbed TLS with newlib to KolibriOS.
    ---
    Check out the Netsurf Web Browser for KolibriOS.
    Read the wiki and happy hacking with KolibriOS!
  • Hello ! It seems like i ve ported mbedTLS, but I have one problem - it does not work :D . I ve modifed (e.g see library/net_sockets.c) mbedtls so that i could build it to static library. Also i ve built ssl_client1 (it is a program on which i test mbedtls) and linked it with mbedtls port, as you can see at the screenshot below it gives error:
    Spoiler:
    e-nCwR8HfZI.jpg
    e-nCwR8HfZI.jpg (128.17 KiB)
    Viewed 9336 times
    Also, unlike the previous port, my port uses new network stack (sysfn75 and network.obj) via wrapper library kosnet.
    P.S maybe current error caused by enabling MBEDTLS_NO_PLATFORM_ENTROPY in config.h (otherwise it won't compile for now)
    P.P.S it would be cool if someone here fix this and maybe other errors and improve the port
    P.P.P.S here is all the code in zip below
    Attachments
    Downloaded 205 times
    The best way to predict the future is to create it.
  • You could try to uncomment

    Code: Select all

    //#define MBEDTLS_TEST_NULL_ENTROPY
    in config.h
    Better yet would be to implement some entropy sources.
    "Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius -- and a lot of courage -- to move in the opposite direction." Albert Einstein
  • hidnplayr wrote:You could try to uncomment

    Code: Select all

    //#define MBEDTLS_TEST_NULL_ENTROPY
    in config.h
    Better yet would be to implement some entropy sources.
    I tried this, its a big progress ! Now it fails when performing handshake:
    Spoiler:
    mbedtls_screen2.png
    mbedtls_screen2.png (54.05 KiB)
    Viewed 9265 times
    Also, I made the repository public, now it is available at https://github.com/rgimad/kos_mbedtls
    The best way to predict the future is to create it.
  • I think its quite normal that you get EOF on your client.
    Try changing the port to 443 instead of 80 in your test program.

    BR,
    "Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius -- and a lot of courage -- to move in the opposite direction." Albert Einstein
  • hidnplayr wrote:I think its quite normal that you get EOF on your client.
    Try changing the port to 443 instead of 80 in your test program.

    BR,
    Thanks! I did this and it started work! It reads html contents of sites main pages as you can see:
    Spoiler:yandex:
    success_yandex.png
    success_yandex.png (69.49 KiB)
    Viewed 9171 times
    acmp.ru:
    succes_acmp.ru.png
    succes_acmp.ru.png (58.59 KiB)
    Viewed 9171 times
    upd: also works on real hardware, photos:
    Spoiler:
    rFYr9_qJ3xM.jpg
    rFYr9_qJ3xM.jpg (1.25 MiB)
    Viewed 9164 times
    XEBD8G53ivc.jpg
    XEBD8G53ivc.jpg (838.13 KiB)
    Viewed 9164 times
    The best way to predict the future is to create it.
  • Who is online

    Users browsing this forum: No registered users and 4 guests