3

I am looking at the feasibility of developing an embedded bluetooth application with openSSL-FIPS support on STM32F407 microcontroller(which is ARM Cortex M4 based). The application doesn't run on generic OS like Linux, Windows or andriod but it runs on CMSIS-RTX RTOS. I am using Keil in Windows as the developing environment with the built in armc compiler (armcc) for compilation.

During my analysis I found the OpenSSL wiki which explains how to build and install openSSL library: Compilation and Installation. In the page although there is a section for compilation for ARM platform, there is no description on how to do it.

I have also gone through some of the discussions in stackoverflow regarding cross compiling openSSL in ARM. But all theses discussions are based on ARM+Linux and none of them are on RTOS.

I have also gone through the following link on compiling with ARM

But the compiler specified here is GCC.

  1. Is there a library available which can used in the mentioned platform ?

  2. Is it possible to port openSSL to ARM Cortex M4 platform with an RTOS?. To be more specific is it possible to port it to STM32F407 with CMSIS RTX ?

  3. If it is possible, where should I start and how much complex is it?.

  4. If I compile the openSSL library in GCC compiler and use it in a armc compiled application will it work ? (I have a feeling that it won't)

  5. Which other SSL libraries can I use with the embedded software ? ( I heard WolfSSL might be a choice )

Community
  • 1
  • 1
Jinu
  • 69
  • 1
  • 6
  • There are patches on the web for Keil. Unfortunately, its for an antique version of OpenSSL 0.9.8 (yuk!). The last time I looked, the can be used as a starting point for a new project. – jww Sep 16 '16 at 12:03
  • Complete OpenSSL library is quite big. What's the problem you're trying to solve? Is NaCl (and tweetnacl) complete enough for you? – domen Sep 16 '16 at 16:42
  • @domen I am trying to make the Bluetooth connection more secure and the requirements are specific to use OpenSSL (or any of its variants). – Jinu Sep 19 '16 at 04:25
  • I think you need to clarify with requirements people, as making so specific (and broad on the other hand) technical decision is weird. If they want decent asymmetric crypto they should tell that; saying OpenSSL doesn't mean much, considering you could choose eNULL cipher which doesn't do anything. – domen Sep 19 '16 at 08:43
  • @Jinu wolfSSL maintains an OpenSSL compatibility layer so the API can remain as OpenSSL API but use wolfSSL underneath. This is in leu of your comment "requirements are specific to use OpenSSL (or any of its variants)" see: https://www.wolfssl.com/wolfSSL/Docs-wolfssl-manual-13-openssl-compatibility.html Does that help any? – Kaleb Oct 17 '16 at 16:22
  • Update on this topic, see comment on answer. – Kaleb Jan 19 '17 at 23:42

1 Answers1

7

  1. Yes there is a library available

  2. It is possible to port openSSL to ARM cortex m4 if the device has enough flash to fit the compiled binary

    • OpenSSL is a very large library openssl-too-big 800K in release mode. That typically will not fit on any STM32F4 much less leave room for your own application. STM32F-datasheet

  3. You would start by compiling OpenSSL in Windows and checking the footprint size. It should not be complex to perform this step and verify it will not fit in the available flash memory on your device.

  4. It likely will not work as it will not fit on the device. Again comes down to a size issue, not a "will it work", but "will it fit".

  5. Other SSL libraries:

Community
  • 1
  • 1
Kaleb
  • 591
  • 4
  • 17
  • UPDATE: wolfSSL added support for the CubeMX Hardware Abstraction Layer (HAL). For those of you developing on STM32(F0, F1, F2, F3, F4, F7, L0, L1, or L4) if you are using the CubeMX code generator to produce your standard peripheral libraries then you could take advantage of the Harware Crypto support added in wolfSSLv3.10.0 release! See the defines in /wolfssl/wolfcrypt/settings.h ```WOLFSSL_STM32F2``` and ```WOLFSSL_STM32F4``` as a model if working on any of the other micros. Testing was done on the F2 and F4 so those are the only default options available right now. – Kaleb Jan 19 '17 at 23:44