Add wolfSSL and use it with VDE 2, fixing VDE 2's dependency on obsolete OpenSSL 1.0

DoneSubmitted by Leo Famulari.
Details
2 participants
  • Diego Nicola Barbato
  • Leo Famulari
Owner
unassigned
Severity
normal
L
L
Leo Famulari wrote on 14 Jul 00:59 +0200
(address . guix-patches@gnu.org)
YO4a7haky1hyY/VD@jasmine.lan
These patches add wolfSSL and replace VDE 2's dependency on the obsoleteOpenSSL 1.0 with wolfSSL.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAmDuGuoACgkQJkb6MLrKfwismBAA15nSKBO0Yvg1jjfwYENynZjeEdY1PtJkxZI28mVQc0JyKPrKhhElcFvxR3+4FB2JcJV5nmddvWEPTxJHQbuBky8snKh9LSCTy/SKa8qsu0FhFAJm+RNxwAM3ccvbIFMcILL5AHEro3E3dvrcgGVvg1wRKSApeQw5fH3hSDs0bD7Ty6QdZZT2PEgVCyYijWgaF7HmDBEMCin+bn4nG5mztt4uCAdpN6DmPzWmb1rAUd5+JRuwcw8+z0Jm2A+4trwdPCbrxO+0+/64Z0N1DoovSsBCLfTcIc8tFA7ZI2zz5A2GgzarxDTaQcAgcbG2UghKchy3u036SHlrs8b19a1hpdA9+luqIsJ1oBgjK52fMXJjzcTc68oYpV7mLY5QSTbwXDa3dSo58W1pAbQ+CQf6MLHbst61N2tbSRdNNzVT+b3pzHWhWOpIfHa2P6izVOEPzW7Z+JxmtloFNrMZKnuwBM2cGDyIo0p8/X5kNqbyVYGcYf2LMSnD7BgmpQ1U09dprlwLEPy9GT2Ym7jzS7LCqFGd8EfcQSgj2gqhh6NHwAoClEkUG9VrDPPETNct06i0hruPXZPrEixQyHturr9myWNicYC0CjoJlMV8QPfZmAs1aaymuATaIYV4LhgoLg6Ldy5+/KFM06ONy3/QAR1jv1kheZtP3vdnz1ibkojrnVo==CwUS-----END PGP SIGNATURE-----

L
L
Leo Famulari wrote on 14 Jul 01:01 +0200
(no subject)
(address . control@debbugs.gnu.org)
YO4bTGp4MyCGHChs@jasmine.lan
block 46602 with 49556
L
L
Leo Famulari wrote on 14 Jul 01:01 +0200
[PATCH 2/2] gnu: VDE 2: Update to 2.3.2-0.8599321.
(address . 49556@debbugs.gnu.org)
1a3710d2a7891dfb069d6d8dfadeca998954bc1e.1626217314.git.leo@famulari.name
Updating to this unreleased revision allows us to package VDE 2 withwolfSSL instead of the obsolete OpenSSL 1.0:
https://github.com/virtualsquare/vde-2/issues/2
* gnu/packages/networking.scm (vde2): Update to 2.3.2-0.8599321.[source]: Use git-fetch.[native-inputs]: Add autoconf, automake, and libtool[inputs]: Replace openssl-1.0 with wolfssl.--- gnu/packages/networking.scm | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-)
Toggle diff (61 lines)diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scmindex 19b58501e9..d99af3035c 100644--- a/gnu/packages/networking.scm+++ b/gnu/packages/networking.scm@@ -13,7 +13,7 @@ ;;; Copyright © 2016 Benz Schenk <benz.schenk@uzh.ch> ;;; Copyright © 2016, 2017 Pjotr Prins <pjotr.guix@thebird.nl> ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>-;;; Copyright © 2017, 2020 Leo Famulari <leo@famulari.name>+;;; Copyright © 2017, 2020, 2021 Leo Famulari <leo@famulari.name> ;;; Copyright © 2017, 2018, 2019, 2020 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2017, 2018, 2019 Rutger Helling <rhelling@mykolab.com> ;;; Copyright © 2017, 2019 Gábor Boskovits <boskovits@gmail.com>@@ -3789,22 +3789,31 @@ network. This must be enabled on the target host, usually in the BIOS.") (license license:gpl2))) (define-public vde2+ (let ((commit "8599321526d0a31925fe55cabbe132b752cb268a")+ (revision "0")) (package (name "vde2")- (version "2.3.2")+ (version (git-version "2.3.2" revision commit)) (source (origin- (method url-fetch)- (uri "mirror://sourceforge/vde/vde2/2.3.2/vde2-2.3.2.tar.gz")+ (method git-fetch)+ (uri (git-reference+ (url "https://github.com/virtualsquare/vde-2")+ (commit commit)))+ (file-name (git-file-name name version)) (sha256- (base32 "14xga0ib6p1wrv3hkl4sa89yzjxv7f1vfqaxsch87j6scdm59pr2"))))+ (base32 "1dirkcbjh7c5kz7d065g1yq7vg8jl93hql3brfxd84k8hc8nqjb2")))) (build-system gnu-build-system) (arguments `(#:parallel-build? #f)) ; Build fails if #t.+ (native-inputs+ `(("autoconf" ,autoconf)+ ("automake" ,automake)+ ("libtool" ,libtool))) (inputs `(("python" ,python) ("libpcap" ,libpcap)- ("openssl" ,openssl-1.0))) ; Build fails with 1.1.+ ("wolfssl" ,wolfssl))) (home-page "https://github.com/virtualsquare/vde-2") (synopsis "Virtual Distributed Ethernet") (description "VDE is a set of programs to provide virtual software-defined@@ -3816,7 +3825,7 @@ cables.") license:lgpl2.1 ; libvdeplug (license:non-copyleft ; slirpvde "file://COPYING.slirpvde"- "See COPYING.slirpvde in the distribution.")))))+ "See COPYING.slirpvde in the distribution.")))))) (define-public haproxy (package-- 2.32.0
L
L
Leo Famulari wrote on 14 Jul 01:01 +0200
[PATCH 1/2] gnu: Add wolfSSL.
(address . 49556@debbugs.gnu.org)
3541a7f3fc7d42c6d501180100f81b357ce2d36c.1626217314.git.leo@famulari.name
* gnu/packages/tls.scm (wolfssl): New variable.--- gnu/packages/tls.scm | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-)
Toggle diff (58 lines)diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scmindex c1e8b46a84..ef32170f76 100644--- a/gnu/packages/tls.scm+++ b/gnu/packages/tls.scm@@ -4,7 +4,7 @@ ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net> ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr> ;;; Copyright © 2015 David Thompson <davet@gnu.org>-;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020 Leo Famulari <leo@famulari.name>+;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020, 2021 Leo Famulari <leo@famulari.name> ;;; Copyright © 2016, 2017, 2019 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2016, 2017, 2018 Nikita <nikita@n0.is> ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>@@ -48,6 +48,7 @@ #:use-module (guix build-system trivial) #:use-module (gnu packages compression) #:use-module (gnu packages)+ #:use-module (gnu packages autotools) #:use-module (gnu packages bash) #:use-module (gnu packages check) #:use-module (gnu packages curl)@@ -1150,3 +1151,34 @@ default set of preferences. Remaining on a specific version for backwards compatibility is also supported.") (home-page "https://github.com/awslabs/s2n") (license license:asl2.0)))++(define-public wolfssl+ (package+ (name "wolfssl")+ (version "4.8.0")+ (source (origin+ (method git-fetch)+ (uri (git-reference+ (url "https://github.com/wolfSSL/wolfssl")+ (commit (string-append "v" version "-stable"))))+ (file-name (git-file-name name version))+ (sha256+ (base32+ "1w9gs9cq2yhj5s3diz3x1l15pgrc1pbm00jccizvcjyibmwyyf2h"))))+ (build-system gnu-build-system)+ (arguments+ '(#:configure-flags+ '("--enable-reproducible-build")))+ (native-inputs+ `(("autoconf" ,autoconf)+ ("automake" ,automake)+ ("libtool" ,libtool)))+ (synopsis "SSL/TLS implementation")+ (description "The wolfSSL embedded SSL library (formerly CyaSSL) is an+SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and+resource-constrained environments - primarily because of its small size, speed,+and feature set. wolfSSL supports industry standards up to the current TLS 1.3+and DTLS 1.2, is up to 20 times smaller than OpenSSL, and offers progressive+ciphers such as ChaCha20, Curve25519, NTRU, and Blake2b.")+ (home-page "https://www.wolfssl.com/")+ (license license:gpl2+))) ; Audit-- 2.32.0
D
D
Diego Nicola Barbato wrote on 3 Aug 20:01 +0200
Re: [bug#49556] [PATCH 2/2] gnu: VDE 2: Update to 2.3.2-0.8599321.
(name . Leo Famulari)(address . leo@famulari.name)(address . 49556@debbugs.gnu.org)
87eebaz9tu.fsf@GlaDOS.home
Hi Leo,
Leo Famulari <leo@famulari.name> writes:
Toggle quote (10 lines)> Updating to this unreleased revision allows us to package VDE 2 with> wolfSSL instead of the obsolete OpenSSL 1.0:>> https://github.com/virtualsquare/vde-2/issues/2>> * gnu/packages/networking.scm (vde2): Update to 2.3.2-0.8599321.> [source]: Use git-fetch.> [native-inputs]: Add autoconf, automake, and libtool> [inputs]: Replace openssl-1.0 with wolfssl.
[...]
I've tried building this and it looks like the configure script fails todetect wolfSSL (the build still succeeds, but "VDE CryptCab" isdisabled):
Toggle snippet (18 lines)Configure results:
- VDE CryptCab............ disabled + VDE Router.............. enabled + VDE VXLAN............... enabled + Python Libraries........ enabled + TAP support............. enabled + pcap support............ enabled - Experimental features... disabled - Profiling options....... disabled - Kernel switch........... disabled

configure: WARNING: VDE CryptCab support has been disabled because wolfSSL isnot installed on your system, or because wolfssl/wolfcrypt/chacha.h could not be found.Please install libwolfssl if you want CryptCab to be compiled and installed.
I suspect the following lines in configure.ac are the culprit:
Toggle snippet (5 lines)AC_CHECK_LIB([crypto], [EVP_EncryptInit], [add_cryptcab_support=yes], [add_cryptcab_support=no ; warn_cryptcab=yes])
This might've been overlooked when switching from OpenSSL to wolfSSL,since libcrypto is provided by the former, but not the latter. Theyshould probably be changed to something like this instead:
Toggle snippet (5 lines)AC_CHECK_LIB([wolfssl], [wc_Chacha_Process], [add_cryptcab_support=yes], [add_cryptcab_support=no ; warn_cryptcab=yes])
I'll report this issue upstream.
Regards,
Diego
L
L
Leo Famulari wrote on 4 Aug 00:04 +0200
(name . Diego Nicola Barbato)(address . dnbarbato@posteo.de)(address . 49556@debbugs.gnu.org)
YQm9ZqLMB4g8b+2o@jasmine.lan
On Tue, Aug 03, 2021 at 06:01:33PM +0000, Diego Nicola Barbato wrote:
Toggle quote (8 lines)> I suspect the following lines in configure.ac are the culprit:> > --8<---------------cut here---------------start------------->8---> AC_CHECK_LIB([crypto], [EVP_EncryptInit],> [add_cryptcab_support=yes],> [add_cryptcab_support=no ; warn_cryptcab=yes])> --8<---------------cut here---------------end--------------->8---
Thanks for catching that!
Toggle quote (2 lines)> I'll report this issue upstream.
Okay, please share the link to your report once you have made it.
L
L
Leo Famulari wrote on 4 Aug 01:56 +0200
[PATCH v2 0/2] wolfSSL / VDE-2
(address . 49556@debbugs.gnu.org)
cover.1628034994.git.leo@famulari.name
I made the changes to VDE-2's configure.ac that Diego suggested, andVDE-2 does register the presence of wolfSSL and configure the build touse it for cryptcab.
Please refer to the following v2 patch series.
Leo Famulari (2): gnu: Add wolfSSL. gnu: VDE 2: Update to 2.3.2-0.8599321.
gnu/packages/networking.scm | 35 +++++++++++++++++++++++++++-------- gnu/packages/tls.scm | 34 +++++++++++++++++++++++++++++++++- 2 files changed, 60 insertions(+), 9 deletions(-)
-- 2.32.0
L
L
Leo Famulari wrote on 4 Aug 01:56 +0200
[PATCH v2 1/2] gnu: Add wolfSSL.
(address . 49556@debbugs.gnu.org)
189a8545bba9412c7237d51337ae584dfab26a97.1628034994.git.leo@famulari.name
* gnu/packages/tls.scm (wolfssl): New variable.--- gnu/packages/tls.scm | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-)
Toggle diff (58 lines)diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scmindex d98a724b5f..7a0a9bd9a9 100644--- a/gnu/packages/tls.scm+++ b/gnu/packages/tls.scm@@ -4,7 +4,7 @@ ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net> ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr> ;;; Copyright © 2015 David Thompson <davet@gnu.org>-;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020 Leo Famulari <leo@famulari.name>+;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020, 2021 Leo Famulari <leo@famulari.name> ;;; Copyright © 2016, 2017, 2019 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2016, 2017, 2018 Nikita <nikita@n0.is> ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>@@ -48,6 +48,7 @@ #:use-module (guix build-system trivial) #:use-module (gnu packages compression) #:use-module (gnu packages)+ #:use-module (gnu packages autotools) #:use-module (gnu packages bash) #:use-module (gnu packages check) #:use-module (gnu packages curl)@@ -1158,3 +1159,34 @@ default set of preferences. Remaining on a specific version for backwards compatibility is also supported.") (home-page "https://github.com/awslabs/s2n") (license license:asl2.0)))++(define-public wolfssl+ (package+ (name "wolfssl")+ (version "4.8.0")+ (source (origin+ (method git-fetch)+ (uri (git-reference+ (url "https://github.com/wolfSSL/wolfssl")+ (commit (string-append "v" version "-stable"))))+ (file-name (git-file-name name version))+ (sha256+ (base32+ "1w9gs9cq2yhj5s3diz3x1l15pgrc1pbm00jccizvcjyibmwyyf2h"))))+ (build-system gnu-build-system)+ (arguments+ '(#:configure-flags+ '("--enable-reproducible-build")))+ (native-inputs+ `(("autoconf" ,autoconf)+ ("automake" ,automake)+ ("libtool" ,libtool)))+ (synopsis "SSL/TLS implementation")+ (description "The wolfSSL embedded SSL library (formerly CyaSSL) is an+SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and+resource-constrained environments - primarily because of its small size, speed,+and feature set. wolfSSL supports industry standards up to the current TLS 1.3+and DTLS 1.2, is up to 20 times smaller than OpenSSL, and offers progressive+ciphers such as ChaCha20, Curve25519, NTRU, and Blake2b.")+ (home-page "https://www.wolfssl.com/")+ (license license:gpl2+))) ; Audit-- 2.32.0
L
L
Leo Famulari wrote on 4 Aug 01:56 +0200
[PATCH v2 2/2] gnu: VDE 2: Update to 2.3.2-0.8599321.
(address . 49556@debbugs.gnu.org)
4bd1f59c75dd59d9d68a642040ddf0147bc4f7d1.1628034994.git.leo@famulari.name
Updating to this unreleased revision allows us to package VDE 2 withwolfSSL instead of the obsolete OpenSSL 1.0:
https://github.com/virtualsquare/vde-2/issues/2
* gnu/packages/networking.scm (vde2): Update to 2.3.2-0.8599321.[source]: Use git-fetch.[native-inputs]: Add autoconf, automake, and libtool[inputs]: Replace openssl-1.0 with wolfssl.[arguments]: Add a 'fix-configure' phase.--- gnu/packages/networking.scm | 35 +++++++++++++++++++++++++++-------- 1 file changed, 27 insertions(+), 8 deletions(-)
Toggle diff (72 lines)diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scmindex 05fd092b23..2263d26c41 100644--- a/gnu/packages/networking.scm+++ b/gnu/packages/networking.scm@@ -13,7 +13,7 @@ ;;; Copyright © 2016 Benz Schenk <benz.schenk@uzh.ch> ;;; Copyright © 2016, 2017 Pjotr Prins <pjotr.guix@thebird.nl> ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>-;;; Copyright © 2017, 2020 Leo Famulari <leo@famulari.name>+;;; Copyright © 2017, 2020, 2021 Leo Famulari <leo@famulari.name> ;;; Copyright © 2017, 2018, 2019, 2020 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2017, 2018, 2019 Rutger Helling <rhelling@mykolab.com> ;;; Copyright © 2017, 2019 Gábor Boskovits <boskovits@gmail.com>@@ -3833,22 +3833,41 @@ some traces for unprivileged users.") license:lgpl2.1+)))) ;for the libsupp subdirectory (define-public vde2+ (let ((commit "8599321526d0a31925fe55cabbe132b752cb268a")+ (revision "0")) (package (name "vde2")- (version "2.3.2")+ (version (git-version "2.3.2" revision commit)) (source (origin- (method url-fetch)- (uri "mirror://sourceforge/vde/vde2/2.3.2/vde2-2.3.2.tar.gz")+ (method git-fetch)+ (uri (git-reference+ (url "https://github.com/virtualsquare/vde-2")+ (commit commit)))+ (file-name (git-file-name name version)) (sha256- (base32 "14xga0ib6p1wrv3hkl4sa89yzjxv7f1vfqaxsch87j6scdm59pr2"))))+ (base32 "1dirkcbjh7c5kz7d065g1yq7vg8jl93hql3brfxd84k8hc8nqjb2")))) (build-system gnu-build-system) (arguments- `(#:parallel-build? #f)) ; Build fails if #t.+ `(#:parallel-build? #f ; Build fails if #t.+ #:phases+ (modify-phases %standard-phases+ ;; Although VDE-2 has been updated upstream to use wolfSSL+ ;; instead of OpenSSL, the configure script was not updated to+ ;; check for wolfSSL instead of OpenSSL.+ (add-after 'unpack 'fix-wolfssl-configuration+ (lambda _+ (substitute* "configure.ac"+ (("crypto") "wolfssl")+ (("EVP_EncryptInit") "wc_Chacha_Process")))))))+ (native-inputs+ `(("autoconf" ,autoconf)+ ("automake" ,automake)+ ("libtool" ,libtool))) (inputs `(("python" ,python) ("libpcap" ,libpcap)- ("openssl" ,openssl-1.0))) ; Build fails with 1.1.+ ("wolfssl" ,wolfssl))) (home-page "https://github.com/virtualsquare/vde-2") (synopsis "Virtual Distributed Ethernet") (description "VDE is a set of programs to provide virtual software-defined@@ -3860,7 +3879,7 @@ cables.") license:lgpl2.1 ; libvdeplug (license:non-copyleft ; slirpvde "file://COPYING.slirpvde"- "See COPYING.slirpvde in the distribution.")))))+ "See COPYING.slirpvde in the distribution.")))))) (define-public haproxy (package-- 2.32.0
D
D
Diego Nicola Barbato wrote on 5 Aug 17:37 +0200
Re: [bug#49556] [PATCH 2/2] gnu: VDE 2: Update to 2.3.2-0.8599321.
(name . Leo Famulari)(address . leo@famulari.name)(address . 49556@debbugs.gnu.org)
87a6lvzyus.fsf@GlaDOS.home
Hi Leo,
Leo Famulari <leo@famulari.name> writes:
Toggle quote (15 lines)> On Tue, Aug 03, 2021 at 06:01:33PM +0000, Diego Nicola Barbato wrote:>> I suspect the following lines in configure.ac are the culprit:>> >> --8<---------------cut here---------------start------------->8--->> AC_CHECK_LIB([crypto], [EVP_EncryptInit],>> [add_cryptcab_support=yes],>> [add_cryptcab_support=no ; warn_cryptcab=yes])>> --8<---------------cut here---------------end--------------->8--->> Thanks for catching that!>>> I'll report this issue upstream.>> Okay, please share the link to your report once you have made it.
I've submitted a pull request:https://github.com/virtualsquare/vde-2/pull/27
Regards,
Diego
L
L
Leo Famulari wrote on 11 Aug 21:47 +0200
(name . Diego Nicola Barbato)(address . dnbarbato@posteo.de)(address . 49556-done@debbugs.gnu.org)
YRQpPVsYtVKD80/i@jasmine.lan
On Thu, Aug 05, 2021 at 03:37:47PM +0000, Diego Nicola Barbato wrote:
Toggle quote (22 lines)> Hi Leo,> > Leo Famulari <leo@famulari.name> writes:> > > On Tue, Aug 03, 2021 at 06:01:33PM +0000, Diego Nicola Barbato wrote:> >> I suspect the following lines in configure.ac are the culprit:> >> > >> --8<---------------cut here---------------start------------->8---> >> AC_CHECK_LIB([crypto], [EVP_EncryptInit],> >> [add_cryptcab_support=yes],> >> [add_cryptcab_support=no ; warn_cryptcab=yes])> >> --8<---------------cut here---------------end--------------->8---> >> > Thanks for catching that!> >> >> I'll report this issue upstream.> >> > Okay, please share the link to your report once you have made it.> > I've submitted a pull request:> https://github.com/virtualsquare/vde-2/pull/27
They accepted your patch.
I've added the wolfSSL package and updated VDE-2 to include your fix,with commit e6388b48f3df21b792cd61f93fddc7274238bac6
Closed
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send email to 49556@debbugs.gnu.org