[ECOS] On Porting OpenSSL v1.0.0c

[ECOS] On Porting OpenSSL v1.0.0c

[Michael Bergandi]

Hello all,

I would like to know if there is someone interested or already working on a port
of the latest OpenSSL library to eCos. If you are or know someone who
is, I would
love to know about it so that we are not duplicating efforts.

In doing some online research regarding OpenSSL on eCos, I came across
the old port of OpenSLL by Andrew Lunn that claims to be updated to the v0.9.6b
code base. However, that port is quite dated (going on 9 years old)
and the current
code base is much much different now.

I also came across a note from Andres in the archives in response to someone
else's inquiry about using the SSL portion of the library:

> Please not that i only used some of the encryption algorithms and
> diffie Hellman from it. I've not used SSL. So expect it to be broken
> and require some work. You may be luck and its works perfectly.
>
> If you do plan on update to a newer version of OpenSSL, please let me
> know, i have a few suggestions....
>
>    Andrew

Well, Andrew, if you are listening, I'm all ears...

The project I am working on will be using SSL to provide a secure web
interface for device configuration. In addition, we want to leverage
the encryption module on our processor (mx27) to get some hardware
acceleration for our other encryption needs. The ENGINE interface, in
particular, is the primary reason for our desire to go ahead and port
the latest OpenSSL to eCos.

So, again, if anyone wants to be a part of this effort or can be there to offer
guidance along the way, please let me know and we can collaborate.

Thanks for you interest and comments,

-- 
Michael Bergandi

-- 
Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos
and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss

Re: [ECOS] On Porting OpenSSL v1.0.0c

[Alex Schuilenburg]

Hi Michael,

On 2010-12-07 16:32, Michael Bergandi wrote:
> Hello all,
>
> I would like to know if there is someone interested or already working on a port
> of the latest OpenSSL library to eCos. If you are or know someone who
> is, I would
> love to know about it so that we are not duplicating efforts.
FWIW, eCosCentric already provide a port of the OpenSSL library to eCos:
http://www.ecoscentric.com/ecospro/doc.cgi/html/openssl-book/openssl-ecos-chapter.html

You may wish to contact us on info@ecoscentric.com for details, pricing
and support of the commercially supported OpenSSL  package.

Sincerely
-- 

Alex Schuilenburg

Managing Director/CEO                                eCosCentric Limited
Tel:  +44 1223 245571                     Barnwell House, Barnwell Drive
Fax:  +44 1223 248712                             Cambridge, CB5 8UU, UK
www.ecoscentric.com             Reg in England and Wales, Reg No 4422071



-- 
Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos
and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss

[ECOS] Re: On Porting OpenSSL v1.0.0c

[Michael Bergandi]

On Tue, Dec 7, 2010 at 11:32 AM, Michael Bergandi <mbergandi@gmail.com> wrote:
>
> Hello all,
>
> I would like to know if there is someone interested or already working on a port
> of the latest OpenSSL library to eCos. If you are or know someone who
> is, I would
> love to know about it so that we are not duplicating efforts.
>
> In doing some online research regarding OpenSSL on eCos, I came across
> the old port of OpenSLL by Andrew Lunn that claims to be updated to the v0.9.6b
> code base. However, that port is quite dated (going on 9 years old)
> and the current
> code base is much much different now.
>
> I also came across a note from Andres in the archives in response to someone
> else's inquiry about using the SSL portion of the library:
>
> > Please not that i only used some of the encryption algorithms and
> > diffie Hellman from it. I've not used SSL. So expect it to be broken
> > and require some work. You may be luck and its works perfectly.
> >
> > If you do plan on update to a newer version of OpenSSL, please let me
> > know, i have a few suggestions....
> >
> >    Andrew
>
> Well, Andrew, if you are listening, I'm all ears...
>
> The project I am working on will be using SSL to provide a secure web
> interface for device configuration. In addition, we want to leverage
> the encryption module on our processor (mx27) to get some hardware
> acceleration for our other encryption needs. The ENGINE interface, in
> particular, is the primary reason for our desire to go ahead and port
> the latest OpenSSL to eCos.
>
> So, again, if anyone wants to be a part of this effort or can be there to offer
> guidance along the way, please let me know and we can collaborate.
>
> Thanks for you interest and comments,
>
> --
> Michael Bergandi

Perhaps this inquiry is better suited for the ecos-devel mailing list?

--
Michael Bergandi

--
Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos
and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss

Re: [ECOS] Re: On Porting OpenSSL v1.0.0c

[Sergei Gavrikov]

[-- Attachment #1: Type: TEXT/PLAIN, Size: 2632 bytes --]

On Thu, 9 Dec 2010, Michael Bergandi wrote:

> On Tue, Dec 7, 2010 at 11:32 AM, Michael Bergandi wrote:
> >
> > Hello all,
> >
> > I would like to know if there is someone interested or already
> > working on a port of the latest OpenSSL library to eCos. If you are
> > or know someone who is, I would love to know about it so that we are
> > not duplicating efforts.
> >
> > In doing some online research regarding OpenSSL on eCos, I came
> > across the old port of OpenSLL by Andrew Lunn that claims to be
> > updated to the v0.9.6b code base. However, that port is quite dated
> > (going on 9 years old) and the current code base is much much
> > different now.
> >
> > I also came across a note from Andres in the archives in response to
> > someone else's inquiry about using the SSL portion of the library:
> >
> > > Please not that i only used some of the encryption algorithms and
> > > diffie Hellman from it. I've not used SSL. So expect it to be
> > > broken and require some work. You may be luck and its works
> > > perfectly.
> > >
> > > If you do plan on update to a newer version of OpenSSL, please let
> > > me know, i have a few suggestions....
> > >
> > >    Andrew
> >
> > Well, Andrew, if you are listening, I'm all ears...
> >
> > The project I am working on will be using SSL to provide a secure
> > web interface for device configuration. In addition, we want to
> > leverage the encryption module on our processor (mx27) to get some
> > hardware acceleration for our other encryption needs. The ENGINE
> > interface, in particular, is the primary reason for our desire to go
> > ahead and port the latest OpenSSL to eCos.
> >
> > So, again, if anyone wants to be a part of this effort or can be
> > there to offer guidance along the way, please let me know and we can
> > collaborate.
> >
> > Thanks for you interest and comments,
> >

Hi,

My 2 cents:

I would look at PolarSSL
1) http://polarssl.org/features
2) http://polarssl.org/licensing

IMO, point #2 is valuable thing to port PolarSSL to eCos.

Yet another candidate with dual licensing also would be... yaSSL
http://www.yassl.com/yaSSL/License.html

However, IANAL.

But, both these SSL libraries were designed with a word "embedded" in a
mind.

Well, OpenSSL has much muscles, but, What's about thin SSL for embedded
World (=eCos)?

Thanks,
Sergei

> > --
> > Michael Bergandi
> 
> Perhaps this inquiry is better suited for the ecos-devel mailing list?
> 
> --
> Michael Bergandi
> 
> --
> Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos
> and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss
> 

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

-- 
Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos
and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss

Re: [ECOS] Re: On Porting OpenSSL v1.0.0c

[Michael Bergandi]

Sergei,

> My 2 cents:
>
> I would look at PolarSSL
> 1) http://polarssl.org/features
> 2) http://polarssl.org/licensing
>
> IMO, point #2 is valuable thing to port PolarSSL to eCos.

Looks Ok, but I see no mention of an interface to encryption hardware
accelerators.
That is a big sticking point for us.

>
> Yet another candidate with dual licensing also would be... yaSSL
> http://www.yassl.com/yaSSL/License.html

This project seems very young and doesn't seem to have a very big user or
developer base. Too high risk for a commercial product.

>
> However, IANAL.
>
> But, both these SSL libraries were designed with a word "embedded" in a
> mind.
>
> Well, OpenSSL has much muscles, but, What's about thin SSL for embedded
> World (=eCos)?

Yes, I know OpenSSL is overkill for most embedded security needs. However,
it is the most active, used, and tested tested of any SSL library. It has a long
history and doesn't seem to be going away anytime in the near future.

It also has some focus on using encryption hardware accelerators through their
ENGINE interface. Although, it currently has some limitations, but
it's a start in
the right direction.

Also, the OpenSSL code is pretty modular. I think I can slice and dice it and
make it configurable enough that the memory footprint would be reasonable
for the desired functionality.

For these reasons, I think an open port of OpenSSL to eCos would be worthwhile.

I would still like to hear if this is of interest to anyone else and
get some input from
the eCos maintainers.

I know those from eCosCentric probably aren't too happy to hear about the
possibilities of a completely open port of the latest OpenSSL library for eCos,
since this would be in direct opposition to their ecos-SecureSockets product
(which is a closed port of OpenSSL v1.0.0a).

>>
>> Perhaps this inquiry is better suited for the ecos-devel mailing list?

I would still like to know the answer to this, before I go off and upset someone
for cross posting.

-- 
Michael Bergandi

-- 
Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos
and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss

[ECOS] PolarSSL [Was: On Porting OpenSSL v1.0.0c]

[Sergei Gavrikov]

[Fork thread]

FYI: SSL for silly H/W

Michael Bergandi wrote:
> Sergei,
> 
> Sergei Gavrikov wrote:
> > My 2 cents:
> >
> > I would look at PolarSSL
> > 1) http://polarssl.org/features
> > 2) http://polarssl.org/licensing
> >
> > IMO, point #2 is valuable thing to port PolarSSL to eCos.
> 
> Looks Ok, but I see no mention of an interface to encryption hardware
> accelerators.  That is a big sticking point for us.

Michael, I get it. Excuse this fork, maybe it's interesting to know.

As an getting the 'libpolarssl.a' for eCos took only 10 minutes (project
follows great coding style) and library's size was <160K, I will stick
on it and I hope I will try to test it this weekend. However, this was
my first look.

At least I got 3 simple SSL (PolarSSL) execs for eCos (2 clients and 1
server) for testing.  It was just used eCos 'net' template to build the
library and tests. I hope they will work. If anyone is interested I have
small patch and draft makefile to build PolarSSL for eCos.

Sergei

-- 
Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos
and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss

[ECOS] Re: PolarSSL [Was: On Porting OpenSSL v1.0.0c]

[Sergei Gavrikov]

On Thu, 9 Dec 2010, Sergei Gavrikov wrote:

> [Fork thread]
> 
> FYI: SSL for silly H/W
> 
> Michael Bergandi wrote:
> > Sergei,
> > 
> > Sergei Gavrikov wrote:
> > > My 2 cents:
> > >
> > > I would look at PolarSSL
> > > 1) http://polarssl.org/features
> > > 2) http://polarssl.org/licensing
> > >
> > > IMO, point #2 is valuable thing to port PolarSSL to eCos.
> > 
> > Looks Ok, but I see no mention of an interface to encryption
> > hardware accelerators.  That is a big sticking point for us.
> 
> Michael, I get it. Excuse this fork, maybe it's interesting to know.
> 
> As an getting the 'libpolarssl.a' for eCos took only 10 minutes
> (project follows great coding style) and library's size was <160K, I
> will stick on it and I hope I will try to test it this weekend.
> However, this was my first look.
> 
> At least I got 3 simple SSL (PolarSSL) execs for eCos (2 clients and 1
> server) for testing.  It was just used eCos 'net' template to build
> the library and tests. I hope they will work. If anyone is interested
> I have small patch and draft makefile to build PolarSSL for eCos.

Hi,

Well, as I promised to test, short report is here. PolarSSL 'ssl_server'
quite works under eCos (tested on Linux synthetic target).

The encrypted connections with the server were established using Mozilla
Firefox 3.6, 4.0 beta; Google Chrome 8.0 beta; w3m/0.5.2. I'm sorry, I
have not IEs.

I would mention also that you can test PolarSSL executables are built
for your hosts (Lunux or Windows).

On my look port PolarSSL to eCos would be straightforward, but, now
I have some doubts about it's license (all sources point on GPL only).

Sergei

-- 
Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos
and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss

Re: [ECOS] PolarSSL [Was: On Porting OpenSSL v1.0.0c]

[Michael Bergandi]

Hey Sergei,

> At least I got 3 simple SSL (PolarSSL) execs for eCos (2 clients and 1
> server) for testing.  It was just used eCos 'net' template to build the
> library and tests. I hope they will work. If anyone is interested I have
> small patch and draft makefile to build PolarSSL for eCos.
>

I would still be interested in seeing what you did to get it going for eCos.
Could you send me what you have?

Thanks,

Mike

--
Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos
and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss