CyaSSL Yocto Recipe

CyaSSL Yocto Recipe

[Chris Conlon]

[-- Attachment #1: Type: text/plain, Size: 303 bytes --]

Hi,

As per discussions with a few of the Yocto members, we have put together a Yocto Project recipe for the CyaSSL embedded SSL library.  I have attached the recipe here for review and comments.

Thanks,

Chris Conlon
www.yassl.com
chris@yassl.com
Skype: chris_conlon_07
+1 406 209 0601



[-- Attachment #2: cyassl_2.3.0.bb --]
[-- Type: application/octet-stream, Size: 931 bytes --]

SUMMARY = "CyaSSL Embedded SSL Library"
DESCRIPTION = "CyaSSL is a lightweight SSL library written in C and \
               optimized for embedded and RTOS environments. It can be \
               Up to 20 times smaller than OpenSSL while still supporting \
               a full TLS 1.2 client and server."
HOMEPAGE = "http://www.yassl.com/yaSSL/Products-cyassl.html"
BUGTRACKER = "http://github.com/cyassl/cyassl/issues"
SECTION = "libs/network"
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"

PR = "r0"

SRC_URI = "http://www.yassl.com/cyassl-${PV}.zip"

SRC_URI[md5sum] = "e73b50c95eae06a2fb4a7eb0183b21ab"
SRC_URI[sha256sum] = "b597f1c55d3bc4556d9c37e98ca56da2a529e111164d97c650fb097ef0a0d461"

inherit autotools siteinfo

# Detect and build with correct endianness
CFLAGS += "${@base_conditional('SITEINFO_ENDIANNESS', 'le', '', '-DBIG_ENDIAN_ORDER', d)}"

Re: CyaSSL Yocto Recipe

[Kamble, Nitin A]

[-- Attachment #1: Type: text/plain, Size: 1259 bytes --]

And here is bit of information about CyaSSL from their website. http://www.yassl.com/yaSSL/Products-cyassl.html

The CyaSSL embedded SSL library is a lightweight SSL library written in ANSI C and targeted for embedded and RTOS environments - primarily because of its small size, speed, and feature set.  It is commonly used in standard operating environments as well because of its royalty-free pricing and excellent cross platform support.  CyaSSL supports industry standards up to the current TLS 1.2 level, is up to 20 times smaller than OpenSSL, and offers progressive ciphers such as HC-128, RABBIT, and NTRU.  User benchmarking and feedback reports dramatically better performance when using CyaSSL over OpenSSL.

Thanks,
Nitin

From: Chris Conlon [mailto:chris@yassl.com]
Sent: Thursday, September 06, 2012 9:07 AM
To: yocto@yoctoproject.org
Cc: Kamble, Nitin A
Subject: CyaSSL Yocto Recipe

Hi,

As per discussions with a few of the Yocto members, we have put together a Yocto Project recipe for the CyaSSL embedded SSL library.  I have attached the recipe here for review and comments.

Thanks,

Chris Conlon
www.yassl.com<http://www.yassl.com>
chris@yassl.com<mailto:chris@yassl.com>
Skype: chris_conlon_07
+1 406 209 0601


[-- Attachment #2: Type: text/html, Size: 4844 bytes --]

Re: CyaSSL Yocto Recipe

[Chris Conlon]

[-- Attachment #1: Type: text/plain, Size: 1461 bytes --]

Adding a direct link to the CyaSSL recipe file for review:

www.yassl.com/files/yocto/cyassl_2.3.0.bb

Best Regards,
Chris

On Sep 6, 2012, at 10:32 AM, Kamble, Nitin A wrote:

> And here is bit of information about CyaSSL from their website. http://www.yassl.com/yaSSL/Products-cyassl.html
>  
> The CyaSSL embedded SSL library is a lightweight SSL library written in ANSI C and targeted for embedded and RTOS environments - primarily because of its small size, speed, and feature set.  It is commonly used in standard operating environments as well because of its royalty-free pricing and excellent cross platform support.  CyaSSL supports industry standards up to the current TLS 1.2 level, is up to 20 times smaller than OpenSSL, and offers progressive ciphers such as HC-128, RABBIT, and NTRU.  User benchmarking and feedback reports dramatically better performance when using CyaSSL over OpenSSL.
>  
> Thanks,
> Nitin
>  
> From: Chris Conlon [mailto:chris@yassl.com] 
> Sent: Thursday, September 06, 2012 9:07 AM
> To: yocto@yoctoproject.org
> Cc: Kamble, Nitin A
> Subject: CyaSSL Yocto Recipe
>  
> Hi,
> 
> As per discussions with a few of the Yocto members, we have put together a Yocto Project recipe for the CyaSSL embedded SSL library.  I have attached the recipe here for review and comments.
> 
> Thanks,
> 
> Chris Conlon
> www.yassl.com
> chris@yassl.com
> Skype: chris_conlon_07
> +1 406 209 0601
> 
>  


[-- Attachment #2: Type: text/html, Size: 6717 bytes --]

Re: CyaSSL Yocto Recipe

[Saul Wold]

On 09/06/2012 02:59 PM, Chris Conlon wrote:
> Adding a direct link to the CyaSSL recipe file for review:
>
> www.yassl.com/files/yocto/cyassl_2.3.0.bb
> <http://www.yassl.com/files/yocto/cyassl_2.3.0.bb>
>
Chris,

On initial inspection of this recipe it looks OK, what package/libraries 
does it provide?  Are they the same as the openssl package?

You may need RCONFLICTS_${PN} and/or RPROVIDES_${PN}, where the ${PN} 
may need to be the package names in openssl, I need to check that.

I would suggest that initially you make this available as a standard
layer, possibly called meta-cyassl, it could be hosted on GitHub. You 
can add it to the OpenEmbedded Layer Index. See 
http://www.openembedded.org/wiki/LayerIndex

Distributions that want to use this instead of OpenSSL can then use your 
layer and select your recipe, if it's setup correctly it will provide 
what they need.

I hope this is helpful in moving things forward for you.

Sau!
Yocto Project Component Wrangler
aka Yocto Project User Space Architect

> Best Regards,
> Chris
>
> On Sep 6, 2012, at 10:32 AM, Kamble, Nitin A wrote:
>
>> And here is bit of information about CyaSSL from their
>> website.http://www.yassl.com/yaSSL/Products-cyassl.html
>> The CyaSSL embedded SSL library is a lightweight SSL library written
>> in ANSI C and targeted for embedded and RTOS environments - primarily
>> because of its small size, speed, and feature set.  It is commonly
>> used in standard operating environments as well because of its
>> royalty-free pricing and excellent cross platform support.  CyaSSL
>> supports industry standards up to the current TLS 1.2 level, is up
>> to20 times smaller than OpenSSL, and offers progressive ciphers such
>> as HC-128, RABBIT, and NTRU.  User benchmarking and feedback reports
>> dramatically better performance when using CyaSSL over OpenSSL.
>> Thanks,
>> Nitin
>> *From:*Chris Conlon [mailto:chris@yassl.com]
>> *Sent:*Thursday, September 06, 2012 9:07 AM
>> *To:*yocto@yoctoproject.org <mailto:yocto@yoctoproject.org>
>> *Cc:*Kamble, Nitin A
>> *Subject:*CyaSSL Yocto Recipe
>>
>> Hi,
>>
>> As per discussions with a few of the Yocto members, we have put
>> together a Yocto Project recipe for the CyaSSL embedded SSL library.
>> I have attached the recipe here for review and comments.
>>
>> Thanks,
>>
>> Chris Conlon
>> www.yassl.com <http://www.yassl.com>
>> chris@yassl.com <mailto:chris@yassl.com>
>> Skype: chris_conlon_07
>> +1 406 209 0601
>>
>
>
>
> _______________________________________________
> yocto mailing list
> yocto@yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto
>

Re: CyaSSL Yocto Recipe

[Chris Conlon]

Hi Saul,

On Sep 6, 2012, at 4:14 PM, Saul Wold wrote:

> On 09/06/2012 02:59 PM, Chris Conlon wrote:
>> Adding a direct link to the CyaSSL recipe file for review:
>> 
>> www.yassl.com/files/yocto/cyassl_2.3.0.bb
>> <http://www.yassl.com/files/yocto/cyassl_2.3.0.bb>
>> 
> Chris,
> 
> On initial inspection of this recipe it looks OK, what package/libraries does it provide?  Are they the same as the openssl package?

It provides the CyaSSL embedded SSL library, specifically called "libcyassl".  Although it offers similar functionality as the openssl package (SSL and crypto support), it shouldn't conflict naming wise.  OpenSSL's library names are "libssl" and "libcrypto".

> 
> You may need RCONFLICTS_${PN} and/or RPROVIDES_${PN}, where the ${PN} may need to be the package names in openssl, I need to check that.

CyaSSL shouldn't conflict with OpenSSL, as it has a different library name and header location.  Thanks for the suggestion about RPROVIDES.  I'm new to writing recipe files, so your feedback is very appreciated.

> 
> I would suggest that initially you make this available as a standard
> layer, possibly called meta-cyassl, it could be hosted on GitHub. You can add it to the OpenEmbedded Layer Index. See http://www.openembedded.org/wiki/LayerIndex
> 
> Distributions that want to use this instead of OpenSSL can then use your layer and select your recipe, if it's setup correctly it will provide what they need.

Ok, thanks for the pointer.  Any chance of the recipe getting rolled into the OpenEmbedded/Yocto meta/recipes-connectivity layer?

Thanks,
Chris

Re: CyaSSL Yocto Recipe

[Richard Purdie]

On Thu, 2012-09-06 at 16:38 -0600, Chris Conlon wrote:
> Hi Saul,
> 
> On Sep 6, 2012, at 4:14 PM, Saul Wold wrote:
> 
> > On 09/06/2012 02:59 PM, Chris Conlon wrote:
> >> Adding a direct link to the CyaSSL recipe file for review:
> >> 
> >> www.yassl.com/files/yocto/cyassl_2.3.0.bb
> >> <http://www.yassl.com/files/yocto/cyassl_2.3.0.bb>
> >> 
> > Chris,
> > 
> > On initial inspection of this recipe it looks OK, what
> package/libraries does it provide?  Are they the same as the openssl
> package?
>
> It provides the CyaSSL embedded SSL library, specifically called
> "libcyassl".  Although it offers similar functionality as the openssl
> package (SSL and crypto support), it shouldn't conflict naming wise.
> OpenSSL's library names are "libssl" and "libcrypto".
>
> > 
> > You may need RCONFLICTS_${PN} and/or RPROVIDES_${PN}, where the
> ${PN} may need to be the package names in openssl, I need to check
> that.
>
> CyaSSL shouldn't conflict with OpenSSL, as it has a different library
> name and header location.  Thanks for the suggestion about RPROVIDES.
> I'm new to writing recipe files, so your feedback is very appreciated.
>
> > 
> > I would suggest that initially you make this available as a standard
> > layer, possibly called meta-cyassl, it could be hosted on GitHub.
> You can add it to the OpenEmbedded Layer Index. See
> http://www.openembedded.org/wiki/LayerIndex
> > 
> > Distributions that want to use this instead of OpenSSL can then use
> your layer and select your recipe, if it's setup correctly it will
> provide what they need.
>
> Ok, thanks for the pointer.  Any chance of the recipe getting rolled
> into the OpenEmbedded/Yocto meta/recipes-connectivity layer?

This looks like an interesting piece of software and a quick read
through your webpages suggests there may be some interesting
applications of this within OE which I'd love to explore.

We are however quite careful about what goes into OE-Core and you've
picked about the worst possible point of the cycle to have this
discussion (just after feature freeze which was six days ago).

So I certainly think this could make OE-Core but probably not in the 1.3
release timeframe. I would also want to see some kind of demo that we
could replace some of our openssl/gnutls usage with this too which so
far I've not seen. There is discussion in the OE-Core archives about
making the SSL/TLS provider selectable though so there is certainly
interest.

So I think this is a good idea, a layer is a great place to start
experimenting and if its shown to be successful it would make the core.
We've got to be realistic about the development process and this isn't
going to happen overnight though (a layer is much easier/faster to start
with).

Cheers,

Richard

-- 
Yocto Project Architect
Linux Foundation Fellow

Re: CyaSSL Yocto Recipe

[Chris Conlon]

Hi Richard,

On Sep 6, 2012, at 4:53 PM, Richard Purdie wrote:

> This looks like an interesting piece of software and a quick read
> through your webpages suggests there may be some interesting
> applications of this within OE which I'd love to explore.
> 
> We are however quite careful about what goes into OE-Core and you've
> picked about the worst possible point of the cycle to have this
> discussion (just after feature freeze which was six days ago).
> 
> So I certainly think this could make OE-Core but probably not in the 1.3
> release timeframe. I would also want to see some kind of demo that we
> could replace some of our openssl/gnutls usage with this too which so
> far I've not seen. There is discussion in the OE-Core archives about
> making the SSL/TLS provider selectable though so there is certainly
> interest.
> 
> So I think this is a good idea, a layer is a great place to start
> experimenting and if its shown to be successful it would make the core.
> We've got to be realistic about the development process and this isn't
> going to happen overnight though (a layer is much easier/faster to start
> with).

Thanks for the notification about your feature freeze.  I do understand that it may take some time to get CyaSSL rolled into OE-Core, and I think you and Saul's suggestion of starting with a layer on GitHub is a good first step.  From there, maybe we can explore some of the interesting applications you have in mind.

Best Regards,
Chris

Re: CyaSSL Yocto Recipe

[Chris Conlon]

On Sep 6, 2012, at 4:53 PM, Richard Purdie wrote:

> This looks like an interesting piece of software and a quick read
> through your webpages suggests there may be some interesting
> applications of this within OE which I'd love to explore.
> 
> We are however quite careful about what goes into OE-Core and you've
> picked about the worst possible point of the cycle to have this
> discussion (just after feature freeze which was six days ago).
> 
> So I certainly think this could make OE-Core but probably not in the 1.3
> release timeframe. I would also want to see some kind of demo that we
> could replace some of our openssl/gnutls usage with this too which so
> far I've not seen. There is discussion in the OE-Core archives about
> making the SSL/TLS provider selectable though so there is certainly
> interest.
> 
> So I think this is a good idea, a layer is a great place to start
> experimenting and if its shown to be successful it would make the core.
> We've got to be realistic about the development process and this isn't
> going to happen overnight though (a layer is much easier/faster to start
> with).

As suggested, we have created a yaSSL layer (meta-yassl) which includes a recipe for the CyaSSL embedded SSL library.  The layer can be found on GitHub, here:

https://github.com/cconlon/meta-yassl

Any comments or suggestions on improving the layer would be greatly appreciated.  Going forward from here, what would make the most sense as a next step?

Thanks,

Chris Conlon
www.yassl.com
chris@yassl.com
Skype: chris_conlon_07
+1 406 209 0601

Re: CyaSSL Yocto Recipe

[Richard Purdie]

On Tue, 2012-10-09 at 14:26 -0600, Chris Conlon wrote:
> On Sep 6, 2012, at 4:53 PM, Richard Purdie wrote:
> 
> > This looks like an interesting piece of software and a quick read
> > through your webpages suggests there may be some interesting
> > applications of this within OE which I'd love to explore.
> > 
> > We are however quite careful about what goes into OE-Core and you've
> > picked about the worst possible point of the cycle to have this
> > discussion (just after feature freeze which was six days ago).
> > 
> > So I certainly think this could make OE-Core but probably not in the 1.3
> > release timeframe. I would also want to see some kind of demo that we
> > could replace some of our openssl/gnutls usage with this too which so
> > far I've not seen. There is discussion in the OE-Core archives about
> > making the SSL/TLS provider selectable though so there is certainly
> > interest.
> > 
> > So I think this is a good idea, a layer is a great place to start
> > experimenting and if its shown to be successful it would make the core.
> > We've got to be realistic about the development process and this isn't
> > going to happen overnight though (a layer is much easier/faster to start
> > with).
> 
> As suggested, we have created a yaSSL layer (meta-yassl) which
> includes a recipe for the CyaSSL embedded SSL library.  The layer can
> be found on GitHub, here:
> 
> https://github.com/cconlon/meta-yassl
> 
> Any comments or suggestions on improving the layer would be greatly
> appreciated.  Going forward from here, what would make the most sense
> as a next step?

I did finally get around to looking at this, sorry about the delay. The
release and some travel commitments all combined against me time wise. I
must admit I thought the layer was going to do a little more than it
does. The layer in itself is fine and I was able to build it
successfully. I did notice the library is a little larger than your
30-100kb quoted on the website. I also noticed it builds with the
default configuration with lot of pieces disabled.

I think as this stands its interesting but you might not get many people
using it. What would get people much more interested is if you could
build a system where openssl/gnutls was replaced with cyassl.

Initially, I think a proof of concept using .bbappend files to
reconfigure recipes to use cyassl would be a good place to start. Once
proved to work, we could then incorporate generic ssl providers code
into the project core, allowing people to select the ssl provider at
will. Is this a direction you'd be willing/able to take the layer?

Cheers,

Richard