As many of you are probably aware, I am one of the developers of wolfSSL. I specialise in porting to various platforms, everything from 16bit microcontrollers to big iron 64bit server processors. I decided to see if I could get wolfSSL running on a 30+ year old platform, specifically “Jops”, the Amiga 4000 I just finished restoring.
wolfSSL actually already has a 68000 based port, so some of the work is done for me. The most difficult part is generating entropy for the random number generator seeding. The typical ways of doing this are clocks (especially not synced to the CPU) and analogue ports.
At first, I wanted to try using the HSYNC counter as part of this, but unfortunately the Amiga Workbench scheduler syncs application time slices to this, so there is no real entropy here. Instead, I ended up using a combination of the ~7KHz E-clock counter, the counter for how many ticks the mouse has moved, and the analogue input on the joystick port. This is not perfect, but should be good enough for now.
For the developers out there, this is the core part of the code for this:
UBYTE amiga_rng(void)
{
struct EClockVal clockval;
UBYTE rng_out;
UWORD old_pot = potgo;
potgo = 0x0fff;
do {
ReadEClock(&clockval);
} while (clockval.ev_lo == last_time);
last_time = clockval.ev_lo;
rng_out = pot1dat ^ joy0dat ^ clockval.ev_lo;
potgo = old_pot;
return rng_out;
}
The potgo register turns on/off parts of the analogue input for the joystick and mouse ports, joy0dat is the counter for the mouse movement.
After this, it was just a matter of creating user_settings.h from wolfSSL’s canned templates and a Makefile. I set the compile settings to a 68030, and it may require a 68881/68882 FPU to work, but these settings are easy to tweak.
When running on a real Amiga, the stack size for the executable needs increasing to at least 16KB. The wolfSSL benchmark compiles into a 400KB executable and will likely need 1MB RAM available to run.
The source code can be found here.
At first, I tested this in FS-UAE on my laptop, using a configuration very similar to my Amiga 4000. I won’t bore you with the test output passing, but here is the benchmark output.
It is not going to break any records, but I’m actually quite impressed so far, some of the embedded platforms I develop for cannot get these speeds. But, will this translate to real hardware?
My Amiga 4000 has a 68060 CPU clocked at 50MHz and 388MB RAM. This specification would have been crazy expensive in the early 90s, when this machine was new. It wasn’t cheap to build it as it is today. It has also taken a lot of work to repair all the damage to the motherboard due to failing chips and battery leakage.
The machine was previously owned by Stoo Cambridge, the artist at Sensible Software behind games such as Cannon Fodder. It was used where he worked after Sensible.
I copied the executables to the Amiga and ran the benchmark. This is the output (alongside WhichAmiga’s output).
In general, the performance is about on-par with the emulator to start with. The performance of RSA and ECC was not so great, but this is a 50MHz chip, so I shouldn’t be surprised. Given the 90s hardware constraints I’m very happy with the results.
There are lots of options for the future with this. I may or may not work on them. These could be:
In particular, I want to try to make a wolfSSH port. It will be interesting to see if SSH can be used to communicate with my laptop, and upload/download files. It definitely won’t be as fast as FTP, but it will be a fun project.
You may remember my recent 486 PC build, I enjoyed doing it, but I had…
One of the projects I wanted to do with my new 486 PC was to…
Now that the motherboard work is finished, it is time to rebuild. Lots of 3D…
In my previous post in this series, I managed to diagnose and repair three very…
I finally got Jops to generate a good DiagROM serial output, but the video output…
View Comments
So with an already existing 68000 port, any hope for actual 68000 based Amiga systems?
With changing a few flags in the Makefile, it would work on a stock 68000 Amiga, but it wouldn't be very fast. RSA encryption would likely take minutes. But algorithms such as ChaCha20-Poly1305 will probably still work well, and SHA256 might be useful.
I suspect changing the CFLAGS section to this will work:
CFLAGS = -DWOLFSSL_USER_SETTINGS -DWC_16BIT_CPU
CFLAGS += -O2 -mcrt=nix13 -Wno-error=cpp -Wno-missing-braces -mcpu=68000 -lm -fomit-frame-pointer -flto
CFLAGS += -Iwolfssl -I.
You also might need to turn off SP maths, which can be done by editing user_settings.h and changing the line below "Wolf Single Precision Math" to:
#if 0
Small world, at work we use WolfSSL/WolfSSH on Amazon embedded (ARM A7) platform and at home I have an A2000 with a Emu68 PiStorm and a ZZ9000 GFX/Network card. So interested on multiple levels !
p.s from work experience the WolfSSL to OpenSSL compatible API header is "almost" there, but still needed quite a bit of work to allow WolfSSL to be a drop-in,.. I wonder if we could share some knowledge?
I find wolfSSL pops up in many strange places. I shouldn't really be that surprised given some of the porting I do for customers. Of course, we also pay the lead developer of Curl, and that pops up everywhere :)
Please do, I know we are adding more OpenSSL compatibility in wolfSSL 5.7.6, but anything missing that is required for AmiSSL, I'm sure I can get it in. If it is for another project, we can likely do that, but it would likely be more official. For wolfSSL related things, my email address is andrew at wolfssl.com.
Please don't make it straight AmiSSL compatible - one of the reasons AmiSSL uses so much memory is because of the ~6000 functions in the library to be compatible with OpenSSL through the years. This results in an way unnecessary large library.
One idea would be to offer a leaner wolfssl.library or similar and a AmiSSL compatibility wrapper for amisslmaster.library/amissl*.library that can be used in cases where applications don't provide direct support for wolfssl.library.
On topic of curl and TLS/SSL library: the libcurl middle layer TLS API called VTLS is a bit interesting - it abstracts the support for a large number of TLS/SSL implementations for whatever needs libcurl has. This should reasonably cover what most applications need. Would this API perhaps be a good model for a generic Amiga TLS/SSL library?
It wouldn't be something I develop soon, if at all. This just might be the first step for someone to develop it.
The VTLS API as a library is an interesting idea.