GNU bug report logs - #49556
Add wolfSSL and use it with VDE 2, fixing VDE 2's dependency on obsolete OpenSSL 1.0

Previous Next

Package: guix-patches;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Tue, 13 Jul 2021 23:01:01 UTC

Severity: normal

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

Message #16 received at 49556 <at> debbugs.gnu.org (full text, mbox):

From: Diego Nicola Barbato <dnbarbato <at> posteo.de>
To: Leo Famulari <leo <at> famulari.name>
Cc: 49556 <at> debbugs.gnu.org
Subject: Re: [bug#49556] [PATCH 2/2] gnu: VDE 2: Update to 2.3.2-0.8599321.
Date: Tue, 03 Aug 2021 18:01:33 +0000

Hi Leo,

Leo Famulari <leo <at> famulari.name> writes:

> Updating to this unreleased revision allows us to package VDE 2 with
> wolfSSL instead of the obsolete OpenSSL 1.0:
>
> https://github.com/virtualsquare/vde-2/issues/2
>
> * gnu/packages/networking.scm (vde2): Update to 2.3.2-0.8599321.
> [source]: Use git-fetch.
> [native-inputs]: Add autoconf, automake, and libtool
> [inputs]: Replace openssl-1.0 with wolfssl.

[...]

I've tried building this and it looks like the configure script fails to
detect wolfSSL (the build still succeeds, but "VDE CryptCab" is
disabled):

--8<---------------cut here---------------start------------->8---
Configure results:

 - VDE CryptCab............ disabled
 + VDE Router.............. enabled
 + VDE VXLAN............... enabled
 + Python Libraries........ enabled
 + TAP support............. enabled
 + pcap support............ enabled
 - Experimental features... disabled
 - Profiling options....... disabled
 - Kernel switch........... disabled


configure: WARNING: VDE CryptCab support has been disabled because wolfSSL is
not installed on your system, or because wolfssl/wolfcrypt/chacha.h could not be found.
Please install libwolfssl if you want CryptCab to be compiled and installed.
--8<---------------cut here---------------end--------------->8---

I suspect the following lines in configure.ac are the culprit:

--8<---------------cut here---------------start------------->8---
AC_CHECK_LIB([crypto], [EVP_EncryptInit],
  [add_cryptcab_support=yes],
  [add_cryptcab_support=no ; warn_cryptcab=yes])
--8<---------------cut here---------------end--------------->8---

This might've been overlooked when switching from OpenSSL to wolfSSL,
since libcrypto is provided by the former, but not the latter.  They
should probably be changed to something like this instead:

--8<---------------cut here---------------start------------->8---
AC_CHECK_LIB([wolfssl], [wc_Chacha_Process],
  [add_cryptcab_support=yes],
  [add_cryptcab_support=no ; warn_cryptcab=yes])
--8<---------------cut here---------------end--------------->8---

I'll report this issue upstream.

Regards,

Diego
This bug report was last modified 3 years and 339 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.