PolarSSL -> mbed TLS

classic Classic list List threaded Threaded
14 messages Options
Reply | Threaded
Open this post in threaded view
|

PolarSSL -> mbed TLS

goldsimon@gmx.de
I just wondered: now that PolarSSL has been bought by ARM and the
successor, mbed TLS is available under a non-GPL license again (Apache):
would it be worth moving to a newer version of the sources we use in
PPP? Or are there no changes at all (or no changes worth making the
change in our code)?

Simon

_______________________________________________
lwip-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-devel
Reply | Threaded
Open this post in threaded view
|

Re: PolarSSL -> mbed TLS

Sergio R. Caprile
Any plans to add SSL/TLS to the SMTP client ?



_______________________________________________
lwip-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-devel
Reply | Threaded
Open this post in threaded view
|

Re: PolarSSL -> mbed TLS

goldsimon@gmx.de
Sergio R. Caprile wrote:
> Any plans to add SSL/TLS to the SMTP client ?

I'm not against that, but I probably won't find the time to do it. So:
no, probably not.

Simon

_______________________________________________
lwip-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-devel
Reply | Threaded
Open this post in threaded view
|

connect tap device to the Internet

TamGiang Tam
Hello lwip fellows,

I am wondering if a tap device (like running lwip with tap interface) could reach the Internet? 
Well the question is about to route tap0 and eth0/wlan0, but I cannot find way to achieve this. Could you please show me the way to do this routing?

Many thanks.

Tam.

_______________________________________________
lwip-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-devel
Reply | Threaded
Open this post in threaded view
|

Re: connect tap device to the Internet

Sergio R. Caprile
Your issue is more a routing/OS question than an lwIP issue, it belongs
to your OSs forums; you can try the user's group. (lwip-users@)



_______________________________________________
lwip-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-devel
Reply | Threaded
Open this post in threaded view
|

Re: connect tap device to the Internet

TamGiang Tam
Thank Sergio.

Vào Th 7, 27 thg 2, 2016 vào lúc 02:07 Sergio R. Caprile <[hidden email]> đã viết:
Your issue is more a routing/OS question than an lwIP issue, it belongs
to your OSs forums; you can try the user's group. (lwip-users@)



_______________________________________________
lwip-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-devel

_______________________________________________
lwip-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-devel
Reply | Threaded
Open this post in threaded view
|

Re: PolarSSL -> mbed TLS

Sylvain Rochet
In reply to this post by goldsimon@gmx.de
Hi Simon,

On Wed, Feb 24, 2016 at 09:43:26PM +0100, [hidden email] wrote:
> I just wondered: now that PolarSSL has been bought by ARM and the successor,
> mbed TLS is available under a non-GPL license again (Apache): would it be
> worth moving to a newer version of the sources we use in PPP? Or are there
> no changes at all (or no changes worth making the change in our code)?

Last time I checked, the only change was const modifier added on input
data buffer. We are only using MD4, MD5, SHA1 hash functions and DES,
RC4 "cryptographic" functions, those things never changed for about 20
if not 30 years. I will check again, it does not hurt.

We can probably allow using ASL in lwIP, it reaches my limit at
understanding slight differences between licenses, from my opinion it's
as free as BSD.

Sylvain

_______________________________________________
lwip-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-devel

signature.asc (188 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: PolarSSL -> mbed TLS

Jonathan Larmour
Hi,

Long time no post (for me)...

On 07/03/16 22:54, Sylvain Rochet wrote:
>
> On Wed, Feb 24, 2016 at 09:43:26PM +0100, [hidden email] wrote:
>> I just wondered: now that PolarSSL has been bought by ARM and the
>> successor, mbed TLS is available under a non-GPL license again
>> (Apache): [snip]
> We can probably allow using ASL in lwIP, it reaches my limit at
> understanding slight differences between licenses, from my opinion
> it's as free as BSD.

According to the FSF, it's not compatible with the GPLv2 [1], only
GPLv3. That is why mbed TLS is dual licensed with GPLv2:
https://tls.mbed.org/how-to-get

Some care would be needed in how it is incorporated into lwIP, or
perhaps, incorporating would be the wrong approach and it should just be
a case of the user linking against an mbed TLS they've built themselves.

Jifl

[1] http://www.gnu.org/licenses/license-list.en.html#apache2

--
eCosCentric Limited      http://www.eCosCentric.com/     The eCos experts
Barnwell House, Barnwell Drive, Cambridge, UK.       Tel: +44 1223 245571
Registered in England and Wales: Reg No 4422071.
------["Si fractum non sit, noli id reficere"]------       Opinions==mine

_______________________________________________
lwip-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-devel
Reply | Threaded
Open this post in threaded view
|

Re: PolarSSL -> mbed TLS

Sylvain Rochet
Hi Jonathan,

On Tue, Mar 08, 2016 at 06:42:19PM +0000, Jonathan Larmour wrote:

> On 07/03/16 22:54, Sylvain Rochet wrote:
> > On Wed, Feb 24, 2016 at 09:43:26PM +0100, [hidden email] wrote:
> > > I just wondered: now that PolarSSL has been bought by ARM and the
> > > successor, mbed TLS is available under a non-GPL license again
> > > (Apache): [snip]
> >
> > We can probably allow using ASL in lwIP, it reaches my limit at
> > understanding slight differences between licenses, from my opinion
> > it's as free as BSD.
>
> According to the FSF, it's not compatible with the GPLv2 [1], only
> GPLv3. That is why mbed TLS is dual licensed with GPLv2:
> https://tls.mbed.org/how-to-get
>
> Some care would be needed in how it is incorporated into lwIP, or
> perhaps, incorporating would be the wrong approach and it should just be
> a case of the user linking against an mbed TLS they've built themselves.
You are right, I didn't thought of that although I already known that
the main difference between ASL and BSD is that files under ASL can't be
relicensed under another license. Since mbed TLS is dual licensed with
GPLv2 that doesn't stop it to be included. If it were not dual licensed
it would have prevented lwIP to be used in a GPLv2 project and it would
then have been blocking for inclusion in lwIP. Correct me if I am wrong :-)

Sylvain

_______________________________________________
lwip-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-devel

signature.asc (188 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: PolarSSL -> mbed TLS

goldsimon@gmx.de
Hey Jonathan, you're alive ;-) nice to hear from you!

Thank you for the hint on the licenses. I wouldn't want to include the mbed
sources, only provide a way of somehow using them so that the actual work
of combining them is done by the user (or a distributor). We wouldn't want
to keep a copy of these files updated in our repository...

We do have the old polarssl files because they are harder to get (and given
the license break, they don't change), but getting an up-to-date copy mbed
TLS should not be too hard.

Ideally our sources should compile with both versions.

Simon


Gesendet mit AquaMail für Android
http://www.aqua-mail.com


Am 8. März 2016 20:12:40 schrieb Sylvain Rochet <[hidden email]>:

> Hi Jonathan,
>
> On Tue, Mar 08, 2016 at 06:42:19PM +0000, Jonathan Larmour wrote:
>> On 07/03/16 22:54, Sylvain Rochet wrote:
>> > On Wed, Feb 24, 2016 at 09:43:26PM +0100, [hidden email] wrote:
>> > > I just wondered: now that PolarSSL has been bought by ARM and the
>> > > successor, mbed TLS is available under a non-GPL license again
>> > > (Apache): [snip]
>> >
>> > We can probably allow using ASL in lwIP, it reaches my limit at
>> > understanding slight differences between licenses, from my opinion
>> > it's as free as BSD.
>>
>> According to the FSF, it's not compatible with the GPLv2 [1], only
>> GPLv3. That is why mbed TLS is dual licensed with GPLv2:
>> https://tls.mbed.org/how-to-get
>>
>> Some care would be needed in how it is incorporated into lwIP, or
>> perhaps, incorporating would be the wrong approach and it should just be
>> a case of the user linking against an mbed TLS they've built themselves.
>
> You are right, I didn't thought of that although I already known that
> the main difference between ASL and BSD is that files under ASL can't be
> relicensed under another license. Since mbed TLS is dual licensed with
> GPLv2 that doesn't stop it to be included. If it were not dual licensed
> it would have prevented lwIP to be used in a GPLv2 project and it would
> then have been blocking for inclusion in lwIP. Correct me if I am wrong :-)
>
> Sylvain
>
>
>
> ----------
> _______________________________________________
> lwip-devel mailing list
> [hidden email]
> https://lists.nongnu.org/mailman/listinfo/lwip-devel
>



_______________________________________________
lwip-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-devel
Reply | Threaded
Open this post in threaded view
|

Re: PolarSSL -> mbed TLS

Elias Önal
I have used LibTomCrypt on bare metal targets before and can highly
recommend it. Given that it's public domain there wouldn't be any
license issues. It's a bit more complex than mbedTLS, yet especially the
documentation is much better from my experience.

-Elias

On 09/03/16 03:28, Sg wrote:

> Hey Jonathan, you're alive ;-) nice to hear from you!
>
> Thank you for the hint on the licenses. I wouldn't want to include the
> mbed sources, only provide a way of somehow using them so that the
> actual work of combining them is done by the user (or a distributor).
> We wouldn't want to keep a copy of these files updated in our
> repository...
>
> We do have the old polarssl files because they are harder to get (and
> given the license break, they don't change), but getting an up-to-date
> copy mbed TLS should not be too hard.
>
> Ideally our sources should compile with both versions.
>
> Simon
>
>
> Gesendet mit AquaMail für Android
> http://www.aqua-mail.com
>
>
> Am 8. März 2016 20:12:40 schrieb Sylvain Rochet <[hidden email]>:
>
>> Hi Jonathan,
>>
>> On Tue, Mar 08, 2016 at 06:42:19PM +0000, Jonathan Larmour wrote:
>>> On 07/03/16 22:54, Sylvain Rochet wrote:
>>> > On Wed, Feb 24, 2016 at 09:43:26PM +0100, [hidden email] wrote:
>>> > > I just wondered: now that PolarSSL has been bought by ARM and the
>>> > > successor, mbed TLS is available under a non-GPL license again
>>> > > (Apache): [snip]
>>> >
>>> > We can probably allow using ASL in lwIP, it reaches my limit at
>>> > understanding slight differences between licenses, from my opinion
>>> > it's as free as BSD.
>>>
>>> According to the FSF, it's not compatible with the GPLv2 [1], only
>>> GPLv3. That is why mbed TLS is dual licensed with GPLv2:
>>> https://tls.mbed.org/how-to-get
>>>
>>> Some care would be needed in how it is incorporated into lwIP, or
>>> perhaps, incorporating would be the wrong approach and it should
>>> just be
>>> a case of the user linking against an mbed TLS they've built
>>> themselves.
>>
>> You are right, I didn't thought of that although I already known that
>> the main difference between ASL and BSD is that files under ASL can't be
>> relicensed under another license. Since mbed TLS is dual licensed with
>> GPLv2 that doesn't stop it to be included. If it were not dual licensed
>> it would have prevented lwIP to be used in a GPLv2 project and it would
>> then have been blocking for inclusion in lwIP. Correct me if I am
>> wrong :-)
>>
>> Sylvain
>>
>>
>>
>> ----------
>> _______________________________________________
>> lwip-devel mailing list
>> [hidden email]
>> https://lists.nongnu.org/mailman/listinfo/lwip-devel
>>
>
>
>
> _______________________________________________
> lwip-devel mailing list
> [hidden email]
> https://lists.nongnu.org/mailman/listinfo/lwip-devel
>


_______________________________________________
lwip-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-devel
Reply | Threaded
Open this post in threaded view
|

Re: PolarSSL -> mbed TLS

Sylvain Rochet
In reply to this post by goldsimon@gmx.de
Hi Simon,


On Tue, Mar 08, 2016 at 08:28:58PM +0100, Sg wrote:
>
> Thank you for the hint on the licenses. I wouldn't want to include the mbed
> sources, only provide a way of somehow using them so that the actual work of
> combining them is done by the user (or a distributor). We wouldn't want to
> keep a copy of these files updated in our repository...

I fully agree.


> We do have the old polarssl files because they are harder to get (and given
> the license break, they don't change), but getting an up-to-date copy mbed
> TLS should not be too hard.

True, but that's not the only reason, pppd is also shipped with embedded
copies of various hashes function, PolarSSL ones were just more suited
for embedded devices and this is why I used them ;-)


> Ideally our sources should compile with both versions.

Done. I highly doubt anyone is going to use the option and it will
probably bitrot over time, but it's there.


Sylvain

_______________________________________________
lwip-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-devel

signature.asc (188 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: PolarSSL -> mbed TLS

goldsimon@gmx.de
Sylvain Rochet wrote:
>> Ideally our sources should compile with both versions.
> Done. I highly doubt anyone is going to use the option and it will
> probably bitrot over time, but it's there.

Cool! Hopefully, it fits with the recent SNMPv3 efforst :-)

Simon

_______________________________________________
lwip-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-devel
Reply | Threaded
Open this post in threaded view
|

Re: PolarSSL -> mbed TLS

Sylvain Rochet
Hi Simon,

On Sun, May 08, 2016 at 10:41:53PM +0200, [hidden email] wrote:
> Sylvain Rochet wrote:
> > > Ideally our sources should compile with both versions.
> > Done. I highly doubt anyone is going to use the option and it will
> > probably bitrot over time, but it's there.
>
> Cool! Hopefully, it fits with the recent SNMPv3 efforst :-)

SNMPv3 is using mbed TLS API (md.c at least, from a quick look) that are
not available in PolarSSL 0.10.1-bsd. The library switch is only wise if
the code using it sticks to the common set of functions of all
alternatives. This is not even eternal, this is as long as PolarSSL
0.10.1-bsd vs mbed TLS does not diverge too much, for PPP we are only
using simple primitives API for hashes and ciphers, so we should be
safe.

Sylvain

_______________________________________________
lwip-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-devel

signature.asc (188 bytes) Download Attachment