Add wolfSSL and use it with VDE 2, fixing VDE 2's dependency on obsolete OpenSSL 1.0

  • Done
  • quality assurance status badge
Details
2 participants
  • Diego Nicola Barbato
  • Leo Famulari
Owner
unassigned
Submitted by
Leo Famulari
Severity
normal
L
L
Leo Famulari wrote on 14 Jul 2021 00:59
(address . guix-patches@gnu.org)
YO4a7haky1hyY/VD@jasmine.lan
These patches add wolfSSL and replace VDE 2's dependency on the obsolete
OpenSSL 1.0 with wolfSSL.
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAmDuGuoACgkQJkb6MLrK
fwismBAA15nSKBO0Yvg1jjfwYENynZjeEdY1PtJkxZI28mVQc0JyKPrKhhElcFvx
R3+4FB2JcJV5nmddvWEPTxJHQbuBky8snKh9LSCTy/SKa8qsu0FhFAJm+RNxwAM3
ccvbIFMcILL5AHEro3E3dvrcgGVvg1wRKSApeQw5fH3hSDs0bD7Ty6QdZZT2PEgV
CyYijWgaF7HmDBEMCin+bn4nG5mztt4uCAdpN6DmPzWmb1rAUd5+JRuwcw8+z0Jm
2A+4trwdPCbrxO+0+/64Z0N1DoovSsBCLfTcIc8tFA7ZI2zz5A2GgzarxDTaQcAg
cbG2UghKchy3u036SHlrs8b19a1hpdA9+luqIsJ1oBgjK52fMXJjzcTc68oYpV7m
LY5QSTbwXDa3dSo58W1pAbQ+CQf6MLHbst61N2tbSRdNNzVT+b3pzHWhWOpIfHa2
P6izVOEPzW7Z+JxmtloFNrMZKnuwBM2cGDyIo0p8/X5kNqbyVYGcYf2LMSnD7Bgm
pQ1U09dprlwLEPy9GT2Ym7jzS7LCqFGd8EfcQSgj2gqhh6NHwAoClEkUG9VrDPPE
TNct06i0hruPXZPrEixQyHturr9myWNicYC0CjoJlMV8QPfZmAs1aaymuATaIYV4
LhgoLg6Ldy5+/KFM06ONy3/QAR1jv1kheZtP3vdnz1ibkojrnVo=
=CwUS
-----END PGP SIGNATURE-----


L
L
Leo Famulari wrote on 14 Jul 2021 01:01
(no subject)
(address . control@debbugs.gnu.org)
YO4bTGp4MyCGHChs@jasmine.lan
block 46602 with 49556
L
L
Leo Famulari wrote on 14 Jul 2021 01:01
[PATCH 2/2] gnu: VDE 2: Update to 2.3.2-0.8599321.
(address . 49556@debbugs.gnu.org)
1a3710d2a7891dfb069d6d8dfadeca998954bc1e.1626217314.git.leo@famulari.name
Updating to this unreleased revision allows us to package VDE 2 with
wolfSSL instead of the obsolete OpenSSL 1.0:


* gnu/packages/networking.scm (vde2): Update to 2.3.2-0.8599321.
[source]: Use git-fetch.
[native-inputs]: Add autoconf, automake, and libtool
[inputs]: Replace openssl-1.0 with wolfssl.
---
gnu/packages/networking.scm | 23 ++++++++++++++++-------
1 file changed, 16 insertions(+), 7 deletions(-)

Toggle diff (61 lines)
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 19b58501e9..d99af3035c 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -13,7 +13,7 @@
;;; Copyright © 2016 Benz Schenk <benz.schenk@uzh.ch>
;;; Copyright © 2016, 2017 Pjotr Prins <pjotr.guix@thebird.nl>
;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
-;;; Copyright © 2017, 2020 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2017, 2020, 2021 Leo Famulari <leo@famulari.name>
;;; Copyright © 2017, 2018, 2019, 2020 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2017, 2018, 2019 Rutger Helling <rhelling@mykolab.com>
;;; Copyright © 2017, 2019 Gábor Boskovits <boskovits@gmail.com>
@@ -3789,22 +3789,31 @@ network. This must be enabled on the target host, usually in the BIOS.")
(license license:gpl2)))
(define-public vde2
+ (let ((commit "8599321526d0a31925fe55cabbe132b752cb268a")
+ (revision "0"))
(package
(name "vde2")
- (version "2.3.2")
+ (version (git-version "2.3.2" revision commit))
(source
(origin
- (method url-fetch)
- (uri "mirror://sourceforge/vde/vde2/2.3.2/vde2-2.3.2.tar.gz")
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/virtualsquare/vde-2")
+ (commit commit)))
+ (file-name (git-file-name name version))
(sha256
- (base32 "14xga0ib6p1wrv3hkl4sa89yzjxv7f1vfqaxsch87j6scdm59pr2"))))
+ (base32 "1dirkcbjh7c5kz7d065g1yq7vg8jl93hql3brfxd84k8hc8nqjb2"))))
(build-system gnu-build-system)
(arguments
`(#:parallel-build? #f)) ; Build fails if #t.
+ (native-inputs
+ `(("autoconf" ,autoconf)
+ ("automake" ,automake)
+ ("libtool" ,libtool)))
(inputs
`(("python" ,python)
("libpcap" ,libpcap)
- ("openssl" ,openssl-1.0))) ; Build fails with 1.1.
+ ("wolfssl" ,wolfssl)))
(home-page "https://github.com/virtualsquare/vde-2")
(synopsis "Virtual Distributed Ethernet")
(description "VDE is a set of programs to provide virtual software-defined
@@ -3816,7 +3825,7 @@ cables.")
license:lgpl2.1 ; libvdeplug
(license:non-copyleft ; slirpvde
"file://COPYING.slirpvde"
- "See COPYING.slirpvde in the distribution.")))))
+ "See COPYING.slirpvde in the distribution."))))))
(define-public haproxy
(package
--
2.32.0
L
L
Leo Famulari wrote on 14 Jul 2021 01:01
[PATCH 1/2] gnu: Add wolfSSL.
(address . 49556@debbugs.gnu.org)
3541a7f3fc7d42c6d501180100f81b357ce2d36c.1626217314.git.leo@famulari.name
* gnu/packages/tls.scm (wolfssl): New variable.
---
gnu/packages/tls.scm | 34 +++++++++++++++++++++++++++++++++-
1 file changed, 33 insertions(+), 1 deletion(-)

Toggle diff (58 lines)
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index c1e8b46a84..ef32170f76 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -4,7 +4,7 @@
;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2015 David Thompson <davet@gnu.org>
-;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020, 2021 Leo Famulari <leo@famulari.name>
;;; Copyright © 2016, 2017, 2019 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016, 2017, 2018 Nikita <nikita@n0.is>
;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
@@ -48,6 +48,7 @@
#:use-module (guix build-system trivial)
#:use-module (gnu packages compression)
#:use-module (gnu packages)
+ #:use-module (gnu packages autotools)
#:use-module (gnu packages bash)
#:use-module (gnu packages check)
#:use-module (gnu packages curl)
@@ -1150,3 +1151,34 @@ default set of preferences. Remaining on a specific version for backwards
compatibility is also supported.")
(home-page "https://github.com/awslabs/s2n")
(license license:asl2.0)))
+
+(define-public wolfssl
+ (package
+ (name "wolfssl")
+ (version "4.8.0")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/wolfSSL/wolfssl")
+ (commit (string-append "v" version "-stable"))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1w9gs9cq2yhj5s3diz3x1l15pgrc1pbm00jccizvcjyibmwyyf2h"))))
+ (build-system gnu-build-system)
+ (arguments
+ '(#:configure-flags
+ '("--enable-reproducible-build")))
+ (native-inputs
+ `(("autoconf" ,autoconf)
+ ("automake" ,automake)
+ ("libtool" ,libtool)))
+ (synopsis "SSL/TLS implementation")
+ (description "The wolfSSL embedded SSL library (formerly CyaSSL) is an
+SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and
+resource-constrained environments - primarily because of its small size, speed,
+and feature set. wolfSSL supports industry standards up to the current TLS 1.3
+and DTLS 1.2, is up to 20 times smaller than OpenSSL, and offers progressive
+ciphers such as ChaCha20, Curve25519, NTRU, and Blake2b.")
+ (home-page "https://www.wolfssl.com/")
+ (license license:gpl2+))) ; Audit
--
2.32.0
D
D
Diego Nicola Barbato wrote on 3 Aug 2021 20:01
Re: [bug#49556] [PATCH 2/2] gnu: VDE 2: Update to 2.3.2-0.8599321.
(name . Leo Famulari)(address . leo@famulari.name)(address . 49556@debbugs.gnu.org)
87eebaz9tu.fsf@GlaDOS.home
Hi Leo,

Leo Famulari <leo@famulari.name> writes:

Toggle quote (10 lines)
> Updating to this unreleased revision allows us to package VDE 2 with
> wolfSSL instead of the obsolete OpenSSL 1.0:
>
> https://github.com/virtualsquare/vde-2/issues/2
>
> * gnu/packages/networking.scm (vde2): Update to 2.3.2-0.8599321.
> [source]: Use git-fetch.
> [native-inputs]: Add autoconf, automake, and libtool
> [inputs]: Replace openssl-1.0 with wolfssl.

[...]

I've tried building this and it looks like the configure script fails to
detect wolfSSL (the build still succeeds, but "VDE CryptCab" is
disabled):

Toggle snippet (18 lines)
Configure results:

- VDE CryptCab............ disabled
+ VDE Router.............. enabled
+ VDE VXLAN............... enabled
+ Python Libraries........ enabled
+ TAP support............. enabled
+ pcap support............ enabled
- Experimental features... disabled
- Profiling options....... disabled
- Kernel switch........... disabled


configure: WARNING: VDE CryptCab support has been disabled because wolfSSL is
not installed on your system, or because wolfssl/wolfcrypt/chacha.h could not be found.
Please install libwolfssl if you want CryptCab to be compiled and installed.

I suspect the following lines in configure.ac are the culprit:

Toggle snippet (5 lines)
AC_CHECK_LIB([crypto], [EVP_EncryptInit],
[add_cryptcab_support=yes],
[add_cryptcab_support=no ; warn_cryptcab=yes])

This might've been overlooked when switching from OpenSSL to wolfSSL,
since libcrypto is provided by the former, but not the latter. They
should probably be changed to something like this instead:

Toggle snippet (5 lines)
AC_CHECK_LIB([wolfssl], [wc_Chacha_Process],
[add_cryptcab_support=yes],
[add_cryptcab_support=no ; warn_cryptcab=yes])

I'll report this issue upstream.

Regards,

Diego
L
L
Leo Famulari wrote on 4 Aug 2021 00:04
(name . Diego Nicola Barbato)(address . dnbarbato@posteo.de)(address . 49556@debbugs.gnu.org)
YQm9ZqLMB4g8b+2o@jasmine.lan
On Tue, Aug 03, 2021 at 06:01:33PM +0000, Diego Nicola Barbato wrote:
Toggle quote (8 lines)
> I suspect the following lines in configure.ac are the culprit:
>
> --8<---------------cut here---------------start------------->8---
> AC_CHECK_LIB([crypto], [EVP_EncryptInit],
> [add_cryptcab_support=yes],
> [add_cryptcab_support=no ; warn_cryptcab=yes])
> --8<---------------cut here---------------end--------------->8---

Thanks for catching that!

Toggle quote (2 lines)
> I'll report this issue upstream.

Okay, please share the link to your report once you have made it.
L
L
Leo Famulari wrote on 4 Aug 2021 01:56
[PATCH v2 0/2] wolfSSL / VDE-2
(address . 49556@debbugs.gnu.org)
cover.1628034994.git.leo@famulari.name
I made the changes to VDE-2's configure.ac that Diego suggested, and
VDE-2 does register the presence of wolfSSL and configure the build to
use it for cryptcab.

Please refer to the following v2 patch series.

Leo Famulari (2):
gnu: Add wolfSSL.
gnu: VDE 2: Update to 2.3.2-0.8599321.

gnu/packages/networking.scm | 35 +++++++++++++++++++++++++++--------
gnu/packages/tls.scm | 34 +++++++++++++++++++++++++++++++++-
2 files changed, 60 insertions(+), 9 deletions(-)

--
2.32.0
L
L
Leo Famulari wrote on 4 Aug 2021 01:56
[PATCH v2 1/2] gnu: Add wolfSSL.
(address . 49556@debbugs.gnu.org)
189a8545bba9412c7237d51337ae584dfab26a97.1628034994.git.leo@famulari.name
* gnu/packages/tls.scm (wolfssl): New variable.
---
gnu/packages/tls.scm | 34 +++++++++++++++++++++++++++++++++-
1 file changed, 33 insertions(+), 1 deletion(-)

Toggle diff (58 lines)
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index d98a724b5f..7a0a9bd9a9 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -4,7 +4,7 @@
;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2015 David Thompson <davet@gnu.org>
-;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020, 2021 Leo Famulari <leo@famulari.name>
;;; Copyright © 2016, 2017, 2019 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016, 2017, 2018 Nikita <nikita@n0.is>
;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
@@ -48,6 +48,7 @@
#:use-module (guix build-system trivial)
#:use-module (gnu packages compression)
#:use-module (gnu packages)
+ #:use-module (gnu packages autotools)
#:use-module (gnu packages bash)
#:use-module (gnu packages check)
#:use-module (gnu packages curl)
@@ -1158,3 +1159,34 @@ default set of preferences. Remaining on a specific version for backwards
compatibility is also supported.")
(home-page "https://github.com/awslabs/s2n")
(license license:asl2.0)))
+
+(define-public wolfssl
+ (package
+ (name "wolfssl")
+ (version "4.8.0")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/wolfSSL/wolfssl")
+ (commit (string-append "v" version "-stable"))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1w9gs9cq2yhj5s3diz3x1l15pgrc1pbm00jccizvcjyibmwyyf2h"))))
+ (build-system gnu-build-system)
+ (arguments
+ '(#:configure-flags
+ '("--enable-reproducible-build")))
+ (native-inputs
+ `(("autoconf" ,autoconf)
+ ("automake" ,automake)
+ ("libtool" ,libtool)))
+ (synopsis "SSL/TLS implementation")
+ (description "The wolfSSL embedded SSL library (formerly CyaSSL) is an
+SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and
+resource-constrained environments - primarily because of its small size, speed,
+and feature set. wolfSSL supports industry standards up to the current TLS 1.3
+and DTLS 1.2, is up to 20 times smaller than OpenSSL, and offers progressive
+ciphers such as ChaCha20, Curve25519, NTRU, and Blake2b.")
+ (home-page "https://www.wolfssl.com/")
+ (license license:gpl2+))) ; Audit
--
2.32.0
L
L
Leo Famulari wrote on 4 Aug 2021 01:56
[PATCH v2 2/2] gnu: VDE 2: Update to 2.3.2-0.8599321.
(address . 49556@debbugs.gnu.org)
4bd1f59c75dd59d9d68a642040ddf0147bc4f7d1.1628034994.git.leo@famulari.name
Updating to this unreleased revision allows us to package VDE 2 with
wolfSSL instead of the obsolete OpenSSL 1.0:


* gnu/packages/networking.scm (vde2): Update to 2.3.2-0.8599321.
[source]: Use git-fetch.
[native-inputs]: Add autoconf, automake, and libtool
[inputs]: Replace openssl-1.0 with wolfssl.
[arguments]: Add a 'fix-configure' phase.
---
gnu/packages/networking.scm | 35 +++++++++++++++++++++++++++--------
1 file changed, 27 insertions(+), 8 deletions(-)

Toggle diff (72 lines)
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 05fd092b23..2263d26c41 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -13,7 +13,7 @@
;;; Copyright © 2016 Benz Schenk <benz.schenk@uzh.ch>
;;; Copyright © 2016, 2017 Pjotr Prins <pjotr.guix@thebird.nl>
;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
-;;; Copyright © 2017, 2020 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2017, 2020, 2021 Leo Famulari <leo@famulari.name>
;;; Copyright © 2017, 2018, 2019, 2020 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2017, 2018, 2019 Rutger Helling <rhelling@mykolab.com>
;;; Copyright © 2017, 2019 Gábor Boskovits <boskovits@gmail.com>
@@ -3833,22 +3833,41 @@ some traces for unprivileged users.")
license:lgpl2.1+)))) ;for the libsupp subdirectory
(define-public vde2
+ (let ((commit "8599321526d0a31925fe55cabbe132b752cb268a")
+ (revision "0"))
(package
(name "vde2")
- (version "2.3.2")
+ (version (git-version "2.3.2" revision commit))
(source
(origin
- (method url-fetch)
- (uri "mirror://sourceforge/vde/vde2/2.3.2/vde2-2.3.2.tar.gz")
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/virtualsquare/vde-2")
+ (commit commit)))
+ (file-name (git-file-name name version))
(sha256
- (base32 "14xga0ib6p1wrv3hkl4sa89yzjxv7f1vfqaxsch87j6scdm59pr2"))))
+ (base32 "1dirkcbjh7c5kz7d065g1yq7vg8jl93hql3brfxd84k8hc8nqjb2"))))
(build-system gnu-build-system)
(arguments
- `(#:parallel-build? #f)) ; Build fails if #t.
+ `(#:parallel-build? #f ; Build fails if #t.
+ #:phases
+ (modify-phases %standard-phases
+ ;; Although VDE-2 has been updated upstream to use wolfSSL
+ ;; instead of OpenSSL, the configure script was not updated to
+ ;; check for wolfSSL instead of OpenSSL.
+ (add-after 'unpack 'fix-wolfssl-configuration
+ (lambda _
+ (substitute* "configure.ac"
+ (("crypto") "wolfssl")
+ (("EVP_EncryptInit") "wc_Chacha_Process")))))))
+ (native-inputs
+ `(("autoconf" ,autoconf)
+ ("automake" ,automake)
+ ("libtool" ,libtool)))
(inputs
`(("python" ,python)
("libpcap" ,libpcap)
- ("openssl" ,openssl-1.0))) ; Build fails with 1.1.
+ ("wolfssl" ,wolfssl)))
(home-page "https://github.com/virtualsquare/vde-2")
(synopsis "Virtual Distributed Ethernet")
(description "VDE is a set of programs to provide virtual software-defined
@@ -3860,7 +3879,7 @@ cables.")
license:lgpl2.1 ; libvdeplug
(license:non-copyleft ; slirpvde
"file://COPYING.slirpvde"
- "See COPYING.slirpvde in the distribution.")))))
+ "See COPYING.slirpvde in the distribution."))))))
(define-public haproxy
(package
--
2.32.0
D
D
Diego Nicola Barbato wrote on 5 Aug 2021 17:37
Re: [bug#49556] [PATCH 2/2] gnu: VDE 2: Update to 2.3.2-0.8599321.
(name . Leo Famulari)(address . leo@famulari.name)(address . 49556@debbugs.gnu.org)
87a6lvzyus.fsf@GlaDOS.home
Hi Leo,

Leo Famulari <leo@famulari.name> writes:

Toggle quote (15 lines)
> On Tue, Aug 03, 2021 at 06:01:33PM +0000, Diego Nicola Barbato wrote:
>> I suspect the following lines in configure.ac are the culprit:
>>
>> --8<---------------cut here---------------start------------->8---
>> AC_CHECK_LIB([crypto], [EVP_EncryptInit],
>> [add_cryptcab_support=yes],
>> [add_cryptcab_support=no ; warn_cryptcab=yes])
>> --8<---------------cut here---------------end--------------->8---
>
> Thanks for catching that!
>
>> I'll report this issue upstream.
>
> Okay, please share the link to your report once you have made it.

I've submitted a pull request:

Regards,

Diego
L
L
Leo Famulari wrote on 11 Aug 2021 21:47
(name . Diego Nicola Barbato)(address . dnbarbato@posteo.de)(address . 49556-done@debbugs.gnu.org)
YRQpPVsYtVKD80/i@jasmine.lan
On Thu, Aug 05, 2021 at 03:37:47PM +0000, Diego Nicola Barbato wrote:
Toggle quote (22 lines)
> Hi Leo,
>
> Leo Famulari <leo@famulari.name> writes:
>
> > On Tue, Aug 03, 2021 at 06:01:33PM +0000, Diego Nicola Barbato wrote:
> >> I suspect the following lines in configure.ac are the culprit:
> >>
> >> --8<---------------cut here---------------start------------->8---
> >> AC_CHECK_LIB([crypto], [EVP_EncryptInit],
> >> [add_cryptcab_support=yes],
> >> [add_cryptcab_support=no ; warn_cryptcab=yes])
> >> --8<---------------cut here---------------end--------------->8---
> >
> > Thanks for catching that!
> >
> >> I'll report this issue upstream.
> >
> > Okay, please share the link to your report once you have made it.
>
> I've submitted a pull request:
> https://github.com/virtualsquare/vde-2/pull/27

They accepted your patch.

I've added the wolfSSL package and updated VDE-2 to include your fix,
with commit e6388b48f3df21b792cd61f93fddc7274238bac6
Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 49556@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 49556
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch