Hello Gilles thanks for your support, yes finally I could compile the library in the architecture that I used, I forced the compilation to entry in the "if _unix_" conditional compilation, but I assume that exist another way to do this. Do you have a example for enable that conditional compilation flags?
regarding to my dev/urandom, yes my platform has this feature, the library runs very well, but I just have the point related to "force" the compilation because the library doesn't recognize the unix architecture.
Thanks and we keep in touch!
Regards from Mexico!
BTW If I want to professional training, Do you offered this service?
On Mon, May 25, 2020 at 11:07 AM Gilles Peskine via mbed-tls < mbed-tls@lists.trustedfirmware.org> wrote:
Hi Palomo,
You seem to be compiling for a system with a Linux kernel, but with only a partial Unix userland. The “Unix” code in the entropy_poll module might work on your system, but it is only enabled if __unix__ or __unix (or a few others) is defined.
Can you please try the attached patch? Does your runtime environment have /dev/urandom ?
Regarding the knowledge base article, you need to remove the "." character at the end of the URL: https://tls.mbed.org/kb/how-to/add-a-random-generator--
Gilles Peskine Mbed TLS developer
On 19/05/2020 21:43, Jesus Gualberto Palomo Garcia via mbed-tls wrote:
Hello Hanno, Thanks for your thanks for you quickly replay.
I have an error compilation, I'm using nios2-linux-uclibc for my cross compilation and uclinux architecture, the linux kernel is 2.60 but I have this error when I try to compile the library, I want to use the library as a simple client using TLS1.2
$ make static CC aes.c CC aesni.c CC arc4.c CC aria.c CC asn1parse.c CC asn1write.c CC base64.c CC bignum.c CC blowfish.c CC camellia.c CC ccm.c CC chacha20.c CC chachapoly.c CC cipher.c CC cipher_wrap.c CC cmac.c CC ctr_drbg.c CC des.c CC dhm.c CC ecdh.c CC ecdsa.c CC ecjpake.c CC ecp.c CC ecp_curves.c CC entropy.c CC entropy_poll.c entropy_poll.c:56:2: #error "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in config.h" Makefile:285: recipe for target 'entropy_poll.o' failed make: *** [entropy_poll.o] Error 1
BTW the article is not found https://tls.mbed.org/kb/how-to/add-a-random-generator. https://tls.mbed.org/kb/how-to/add-a-random-generator.
Many thanks!!
On Tue, May 19, 2020 at 9:01 AM Hanno Becker <Hanno.Becker@arm.com mailto:Hanno.Becker@arm.com> wrote:
Hi Palomo, Please take a look at the recent threadhttps://lists.trustedfirmware.org/pipermail/mbed-tls/2020-April/000069.html
which should give you a better understanding of how Mbed TLS manages and uses entropy from the underlying system. Regards, Hanno
*From:* mbed-tls <mbed-tls-bounces@lists.trustedfirmware.org <mailto:mbed-tls-bounces@lists.trustedfirmware.org>> on behalf of Jesus Gualberto Palomo Garcia via mbed-tls <mbed-tls@lists.trustedfirmware.org <mailto:mbed-tls@lists.trustedfirmware.org>> *Sent:* Tuesday, May 19, 2020 2:56 PM *To:* mbed-tls@lists.trustedfirmware.org <mailto:mbed-tls@lists.trustedfirmware.org> <mbed-tls@lists.trustedfirmware.org <mailto:mbed-tls@lists.trustedfirmware.org>> *Subject:* [mbed-tls] support mbedTLS no entropy source Hi all! I'm Palomo and I've been working with your library a few weeks ago, I'm using Linux kernel 2.60 but my embedded system has a limit entropy source, i now that this is a critical point, but How can I use your library if I want to use a other entropy source? Thanks and waiting for you! -- *¡Saludos! Best wishes!* * * * /*Jesus** Palomo*/ México, D.F. *-- *¡Saludos! Best wishes!*
/*Jesus** Palomo*/
México, D.F.
-- mbed-tls mailing list mbed-tls@lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls
Hi Palomo,
I don't think there's any other way at the moment. The patch in my email is one possible solution, but I'm not sure if it's right, because not all platforms with a Linux kernel have /dev/urandom.
I think the best solution would be to make the existence of /dev/urandom a platform configuration option. But platform options are a little messy already, between the MBEDTLS_HAVE_xxx options, the MBEDTLS_PLATFORM_STD_xxx options, the MBEDTLS_PLATFORM_xxx_MACRO options, the MBEDTLS_PLATFORM_xxx_ALT options. And this new option wouldn't behave like any of the existing ones since it should have three settings: guess (the default, identical to the current behavior of observing preprocessor symbols like __unix__), off and on. We should figure out what to do about platform options in 3.0 before making this even more complex.
me.todo.add("collect my thoughts on simplifying platform customization and post them to the list")
Regarding trainings, my team doesn't normally do that, but there are other teams in Arm that do. What topic are you interested in?
Hi Gilles.
Thanks for follow my questions and attend it, regarding trainings, I want to understand how the encryption works, how the algorithms works inside the library, I can read the code and google the concepts but I want to accelerate the knowledge transfer, maybe for implement some optimization, I don't if that is possible, at the moment my PoC using uClinux works perfectly and the TLS 1.2 ir running over 80Mhz, so that is pretty awesome, but I want to learn more about encryption, maybe if you can share me some literature regarding this point?
Thank you very much and regards from Mexico!
On Tue, Jun 2, 2020 at 6:21 PM Gilles Peskine gilles.peskine@arm.com wrote:
Hi Palomo,
I don't think there's any other way at the moment. The patch in my email is one possible solution, but I'm not sure if it's right, because not all platforms with a Linux kernel have /dev/urandom.
I think the best solution would be to make the existence of /dev/urandom a platform configuration option. But platform options are a little messy already, between the MBEDTLS_HAVE_xxx options, the MBEDTLS_PLATFORM_STD_xxx options, the MBEDTLS_PLATFORM_xxx_MACRO options, the MBEDTLS_PLATFORM_xxx_ALT options. And this new option wouldn't behave like any of the existing ones since it should have three settings: guess (the default, identical to the current behavior of observing preprocessor symbols like __unix__), off and on. We should figure out what to do about platform options in 3.0 before making this even more complex.
me.todo.add("collect my thoughts on simplifying platform customization and post them to the list")
Regarding trainings, my team doesn't normally do that, but there are other teams in Arm that do. What topic are you interested in?
-- Gilles Peskine Mbed TLS developer
On 31/05/2020 20:06, Jesus Gualberto Palomo Garcia wrote:
Hello Gilles thanks for your support, yes finally I could compile the library in the architecture that I used, I forced the compilation to entry in the "if _unix_" conditional compilation, but I assume that exist another way to do this. Do you have a example for enable that conditional compilation flags?
regarding to my dev/urandom, yes my platform has this feature, the library runs very well, but I just have the point related to "force" the compilation because the library doesn't recognize the unix architecture.
Thanks and we keep in touch!
Regards from Mexico!
BTW If I want to professional training, Do you offered this service?
On Mon, May 25, 2020 at 11:07 AM Gilles Peskine via mbed-tls <mbed-tls@lists.trustedfirmware.org mailto:mbed-tls@lists.trustedfirmware.org> wrote:
Hi Palomo, You seem to be compiling for a system with a Linux kernel, but with only a partial Unix userland. The “Unix” code in the entropy_poll module might work on your system, but it is only enabled if __unix__ or __unix (or a few others) is defined. Can you please try the attached patch? Does your runtime environment have /dev/urandom ? Regarding the knowledge base article, you need to remove the "." character at the end of the URL: https://tls.mbed.org/kb/how-to/add-a-random-generator-- Gilles Peskine Mbed TLS developer On 19/05/2020 21:43, Jesus Gualberto Palomo Garcia via mbed-tlswrote:
> Hello Hanno, Thanks for your thanks for you quickly replay. > > I have an error compilation, I'm using nios2-linux-uclibc for my cross > compilation and uclinux architecture, > the linux kernel is 2.60 but I have this error when I try tocompile
> the library, I want to use the library as a simple client using TLS1.2 > > $ make static > CC aes.c > CC aesni.c > CC arc4.c > CC aria.c > CC asn1parse.c > CC asn1write.c > CC base64.c > CC bignum.c > CC blowfish.c > CC camellia.c > CC ccm.c > CC chacha20.c > CC chachapoly.c > CC cipher.c > CC cipher_wrap.c > CC cmac.c > CC ctr_drbg.c > CC des.c > CC dhm.c > CC ecdh.c > CC ecdsa.c > CC ecjpake.c > CC ecp.c > CC ecp_curves.c > CC entropy.c > CC entropy_poll.c > entropy_poll.c:56:2: #error "Platform entropy sources only work on > Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in config.h" > Makefile:285: recipe for target 'entropy_poll.o' failed > make: *** [entropy_poll.o] Error 1 > > BTW the article is not > found https://tls.mbed.org/kb/how-to/add-a-random-generator. > <https://tls.mbed.org/kb/how-to/add-a-random-generator.> > > Many thanks!! > > > On Tue, May 19, 2020 at 9:01 AM Hanno Becker <Hanno.Becker@arm.com <mailto:Hanno.Becker@arm.com> > <mailto:Hanno.Becker@arm.com <mailto:Hanno.Becker@arm.com>>>wrote:
> > Hi Palomo, > > Please take a look at the recent > threadhttps://lists.trustedfirmware.org/pipermail/mbed-tls/2020-April/000069.html
> which should give you a better understanding of how Mbed TLS > manages and uses entropy from the underlying system. > > Regards, > Hanno >
> *From:* mbed-tls <mbed-tls-bounces@lists.trustedfirmware.org <mailto:mbed-tls-bounces@lists.trustedfirmware.org> > <mailto:mbed-tls-bounces@lists.trustedfirmware.org <mailto:mbed-tls-bounces@lists.trustedfirmware.org>>> on behalf of > Jesus Gualberto Palomo Garcia via mbed-tls > <mbed-tls@lists.trustedfirmware.org <mailto:mbed-tls@lists.trustedfirmware.org> > <mailto:mbed-tls@lists.trustedfirmware.org <mailto:mbed-tls@lists.trustedfirmware.org>>> > *Sent:* Tuesday, May 19, 2020 2:56 PM > *To:* mbed-tls@lists.trustedfirmware.org <mailto:mbed-tls@lists.trustedfirmware.org> > <mailto:mbed-tls@lists.trustedfirmware.org <mailto:mbed-tls@lists.trustedfirmware.org>> > <mbed-tls@lists.trustedfirmware.org <mailto:mbed-tls@lists.trustedfirmware.org> > <mailto:mbed-tls@lists.trustedfirmware.org <mailto:mbed-tls@lists.trustedfirmware.org>>> > *Subject:* [mbed-tls] support mbedTLS no entropy source > > Hi all! > > I'm Palomo and I've been working with your library a few weeks > ago, I'm using Linux kernel 2.60 but my embedded system has a > limit entropy source, i now that this is a critical point, but How > can I use your library if I want to use a other entropysource?
> > Thanks and waiting for you! > > -- > *¡Saludos! Best wishes!* > * > * > * > /*Jesus** Palomo*/ > > México, D.F. > > * > > > > -- > *¡Saludos! Best wishes!* > * > * > * > /*Jesus** Palomo*/ > > México, D.F. > > * > -- mbed-tls mailing list mbed-tls@lists.trustedfirmware.org <mailto:mbed-tls@lists.trustedfirmware.org> https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls-- *¡Saludos! Best wishes!*
/*Jesus** Palomo*/
México, D.F.
mbed-tls@lists.trustedfirmware.org
-
Gilles Peskine -
Jesus Gualberto Palomo Garcia