Thread
Where are all the programmers?
PolarSSL ported to CW Pro 1 is up here: https://github.com/leitec/polarssl. It's not well-tested but I figure others might be interested.
Disclaimer: basic SSL client connections work fine as far as I can tell but I don't know if it's actually secure. PolarSSL supports platforms that don't have an OS PRNG (and that code is enabled), so I'm guessing it's OK. Still, I provide no guarantees at all. I'm especially suspicious about 68k, since PowerPC at least is using the processor tick register that PolarSSL's HAVEGE PRNG uses. 68k is using OS ticks (Microseconds()) instead.
Disclaimer: basic SSL client connections work fine as far as I can tell but I don't know if it's actually secure. PolarSSL supports platforms that don't have an OS PRNG (and that code is enabled), so I'm guessing it's OK. Still, I provide no guarantees at all. I'm especially suspicious about 68k, since PowerPC at least is using the processor tick register that PolarSSL's HAVEGE PRNG uses. 68k is using OS ticks (Microseconds()) instead.
Well done, leitec. That's a good basic tool for further developments.
Thanks, feef. I'll fix the link in the other thread.
For what it's worth re SSL, I believe OpenSSL 1.0.0 will compile on Mac OS 9 at least, possibly for older Mac OS as well - I'd have to ask the guy who pulled that off for more specifics.
While OpenSSL isn't necessarily a light library, it is arguably the best-audited of the SSL implementations and thus is probably the best choice for security-critical application.
While OpenSSL isn't necessarily a light library, it is arguably the best-audited of the SSL implementations and thus is probably the best choice for security-critical application.
Yup, I got an older version (0.9.6) to compile OK with CW Pro 7.1 and GUSI (POSIX compatibility library). Although there is a port that is totally "native" (i.e. not using GUSI) it is completely unmaintained. I managed to get a newer version built later, but I had to manually sync the file list from the Makefile to the CW project file. So it was a bit of a pain, and I wanted something I could build with an older version of CW.
PolarSSL is not as widespread, but it is actively maintained and used widely enough in embedded systems that I feel comfortable using it. Plus, it being small and more manageable/readable is a huge plus. Once I rewrote the PPC asm stuff to work with CW the performance became quite good, too. Surprisingly there is also 68020 assembly code upstream, but I haven't ventured into porting it just yet.
The biggest issue for my port is that of entropy and RNG, but that is also a problem for OpenSSL. PolarSSL might actually have an advantage here because of its use on limited embedded systems without OS or hardware entropy sources. I am not at all an expert in this field, so I have to trust the result that I got from the entropy analyzer "ent," which showed good-enough results on both PPC and 68k.
On a more general note, I've also been writing an OAuth library in C that works with PolarSSL on CodeWarrior. It can successfully authenticate against Twitter over SSL on my Mac. I am cleaning it up by decoupling the HTTP/network code from the OAuth signature stuff, so when that's done I'll put it up on Github.
PolarSSL is not as widespread, but it is actively maintained and used widely enough in embedded systems that I feel comfortable using it. Plus, it being small and more manageable/readable is a huge plus. Once I rewrote the PPC asm stuff to work with CW the performance became quite good, too. Surprisingly there is also 68020 assembly code upstream, but I haven't ventured into porting it just yet.
The biggest issue for my port is that of entropy and RNG, but that is also a problem for OpenSSL. PolarSSL might actually have an advantage here because of its use on limited embedded systems without OS or hardware entropy sources. I am not at all an expert in this field, so I have to trust the result that I got from the entropy analyzer "ent," which showed good-enough results on both PPC and 68k.
On a more general note, I've also been writing an OAuth library in C that works with PolarSSL on CodeWarrior. It can successfully authenticate against Twitter over SSL on my Mac. I am cleaning it up by decoupling the HTTP/network code from the OAuth signature stuff, so when that's done I'll put it up on Github.
Hi leitec,
Well done! I see you are going forward.
I haven't been able to find some time to code lately. My job and my family are just taking all my time. I hope things are going to evolve soon and I will be back helping you!
Sorry about that.
Well done! I see you are going forward.
I haven't been able to find some time to code lately. My job and my family are just taking all my time. I hope things are going to evolve soon and I will be back helping you!
Sorry about that.
No worries feeef -- I'm working at a snail's pace on this stuff.