Re: [yocto] CyaSSL Yocto Recipe
On Tue, 2012-10-09 at 14:26 -0600, Chris Conlon wrote: On Sep 6, 2012, at 4:53 PM, Richard Purdie wrote: This looks like an interesting piece of software and a quick read through your webpages suggests there may be some interesting applications of this within OE which I'd love to explore. We are however quite careful about what goes into OE-Core and you've picked about the worst possible point of the cycle to have this discussion (just after feature freeze which was six days ago). So I certainly think this could make OE-Core but probably not in the 1.3 release timeframe. I would also want to see some kind of demo that we could replace some of our openssl/gnutls usage with this too which so far I've not seen. There is discussion in the OE-Core archives about making the SSL/TLS provider selectable though so there is certainly interest. So I think this is a good idea, a layer is a great place to start experimenting and if its shown to be successful it would make the core. We've got to be realistic about the development process and this isn't going to happen overnight though (a layer is much easier/faster to start with). As suggested, we have created a yaSSL layer (meta-yassl) which includes a recipe for the CyaSSL embedded SSL library. The layer can be found on GitHub, here: https://github.com/cconlon/meta-yassl Any comments or suggestions on improving the layer would be greatly appreciated. Going forward from here, what would make the most sense as a next step? I did finally get around to looking at this, sorry about the delay. The release and some travel commitments all combined against me time wise. I must admit I thought the layer was going to do a little more than it does. The layer in itself is fine and I was able to build it successfully. I did notice the library is a little larger than your 30-100kb quoted on the website. I also noticed it builds with the default configuration with lot of pieces disabled. I think as this stands its interesting but you might not get many people using it. What would get people much more interested is if you could build a system where openssl/gnutls was replaced with cyassl. Initially, I think a proof of concept using .bbappend files to reconfigure recipes to use cyassl would be a good place to start. Once proved to work, we could then incorporate generic ssl providers code into the project core, allowing people to select the ssl provider at will. Is this a direction you'd be willing/able to take the layer? Cheers, Richard ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] CyaSSL Yocto Recipe
On Sep 6, 2012, at 4:53 PM, Richard Purdie wrote: This looks like an interesting piece of software and a quick read through your webpages suggests there may be some interesting applications of this within OE which I'd love to explore. We are however quite careful about what goes into OE-Core and you've picked about the worst possible point of the cycle to have this discussion (just after feature freeze which was six days ago). So I certainly think this could make OE-Core but probably not in the 1.3 release timeframe. I would also want to see some kind of demo that we could replace some of our openssl/gnutls usage with this too which so far I've not seen. There is discussion in the OE-Core archives about making the SSL/TLS provider selectable though so there is certainly interest. So I think this is a good idea, a layer is a great place to start experimenting and if its shown to be successful it would make the core. We've got to be realistic about the development process and this isn't going to happen overnight though (a layer is much easier/faster to start with). As suggested, we have created a yaSSL layer (meta-yassl) which includes a recipe for the CyaSSL embedded SSL library. The layer can be found on GitHub, here: https://github.com/cconlon/meta-yassl Any comments or suggestions on improving the layer would be greatly appreciated. Going forward from here, what would make the most sense as a next step? Thanks, Chris Conlon www.yassl.com ch...@yassl.com Skype: chris_conlon_07 +1 406 209 0601 ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] CyaSSL Yocto Recipe
Hi Richard, On Sep 6, 2012, at 4:53 PM, Richard Purdie wrote: This looks like an interesting piece of software and a quick read through your webpages suggests there may be some interesting applications of this within OE which I'd love to explore. We are however quite careful about what goes into OE-Core and you've picked about the worst possible point of the cycle to have this discussion (just after feature freeze which was six days ago). So I certainly think this could make OE-Core but probably not in the 1.3 release timeframe. I would also want to see some kind of demo that we could replace some of our openssl/gnutls usage with this too which so far I've not seen. There is discussion in the OE-Core archives about making the SSL/TLS provider selectable though so there is certainly interest. So I think this is a good idea, a layer is a great place to start experimenting and if its shown to be successful it would make the core. We've got to be realistic about the development process and this isn't going to happen overnight though (a layer is much easier/faster to start with). Thanks for the notification about your feature freeze. I do understand that it may take some time to get CyaSSL rolled into OE-Core, and I think you and Saul's suggestion of starting with a layer on GitHub is a good first step. From there, maybe we can explore some of the interesting applications you have in mind. Best Regards, Chris ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] CyaSSL Yocto Recipe
Hi, As per discussions with a few of the Yocto members, we have put together a Yocto Project recipe for the CyaSSL embedded SSL library. I have attached the recipe here for review and comments. Thanks, Chris Conlon www.yassl.com ch...@yassl.com Skype: chris_conlon_07 +1 406 209 0601 cyassl_2.3.0.bb Description: Binary data ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] CyaSSL Yocto Recipe
And here is bit of information about CyaSSL from their website. http://www.yassl.com/yaSSL/Products-cyassl.html The CyaSSL embedded SSL library is a lightweight SSL library written in ANSI C and targeted for embedded and RTOS environments - primarily because of its small size, speed, and feature set. It is commonly used in standard operating environments as well because of its royalty-free pricing and excellent cross platform support. CyaSSL supports industry standards up to the current TLS 1.2 level, is up to 20 times smaller than OpenSSL, and offers progressive ciphers such as HC-128, RABBIT, and NTRU. User benchmarking and feedback reports dramatically better performance when using CyaSSL over OpenSSL. Thanks, Nitin From: Chris Conlon [mailto:ch...@yassl.com] Sent: Thursday, September 06, 2012 9:07 AM To: yocto@yoctoproject.org Cc: Kamble, Nitin A Subject: CyaSSL Yocto Recipe Hi, As per discussions with a few of the Yocto members, we have put together a Yocto Project recipe for the CyaSSL embedded SSL library. I have attached the recipe here for review and comments. Thanks, Chris Conlon www.yassl.comhttp://www.yassl.com ch...@yassl.commailto:ch...@yassl.com Skype: chris_conlon_07 +1 406 209 0601 ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] CyaSSL Yocto Recipe
Adding a direct link to the CyaSSL recipe file for review: www.yassl.com/files/yocto/cyassl_2.3.0.bb Best Regards, Chris On Sep 6, 2012, at 10:32 AM, Kamble, Nitin A wrote: And here is bit of information about CyaSSL from their website. http://www.yassl.com/yaSSL/Products-cyassl.html The CyaSSL embedded SSL library is a lightweight SSL library written in ANSI C and targeted for embedded and RTOS environments - primarily because of its small size, speed, and feature set. It is commonly used in standard operating environments as well because of its royalty-free pricing and excellent cross platform support. CyaSSL supports industry standards up to the current TLS 1.2 level, is up to 20 times smaller than OpenSSL, and offers progressive ciphers such as HC-128, RABBIT, and NTRU. User benchmarking and feedback reports dramatically better performance when using CyaSSL over OpenSSL. Thanks, Nitin From: Chris Conlon [mailto:ch...@yassl.com] Sent: Thursday, September 06, 2012 9:07 AM To: yocto@yoctoproject.org Cc: Kamble, Nitin A Subject: CyaSSL Yocto Recipe Hi, As per discussions with a few of the Yocto members, we have put together a Yocto Project recipe for the CyaSSL embedded SSL library. I have attached the recipe here for review and comments. Thanks, Chris Conlon www.yassl.com ch...@yassl.com Skype: chris_conlon_07 +1 406 209 0601 ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] CyaSSL Yocto Recipe
On 09/06/2012 02:59 PM, Chris Conlon wrote: Adding a direct link to the CyaSSL recipe file for review: www.yassl.com/files/yocto/cyassl_2.3.0.bb http://www.yassl.com/files/yocto/cyassl_2.3.0.bb Chris, On initial inspection of this recipe it looks OK, what package/libraries does it provide? Are they the same as the openssl package? You may need RCONFLICTS_${PN} and/or RPROVIDES_${PN}, where the ${PN} may need to be the package names in openssl, I need to check that. I would suggest that initially you make this available as a standard layer, possibly called meta-cyassl, it could be hosted on GitHub. You can add it to the OpenEmbedded Layer Index. See http://www.openembedded.org/wiki/LayerIndex Distributions that want to use this instead of OpenSSL can then use your layer and select your recipe, if it's setup correctly it will provide what they need. I hope this is helpful in moving things forward for you. Sau! Yocto Project Component Wrangler aka Yocto Project User Space Architect Best Regards, Chris On Sep 6, 2012, at 10:32 AM, Kamble, Nitin A wrote: And here is bit of information about CyaSSL from their website.http://www.yassl.com/yaSSL/Products-cyassl.html The CyaSSL embedded SSL library is a lightweight SSL library written in ANSI C and targeted for embedded and RTOS environments - primarily because of its small size, speed, and feature set. It is commonly used in standard operating environments as well because of its royalty-free pricing and excellent cross platform support. CyaSSL supports industry standards up to the current TLS 1.2 level, is up to20 times smaller than OpenSSL, and offers progressive ciphers such as HC-128, RABBIT, and NTRU. User benchmarking and feedback reports dramatically better performance when using CyaSSL over OpenSSL. Thanks, Nitin *From:*Chris Conlon [mailto:ch...@yassl.com] *Sent:*Thursday, September 06, 2012 9:07 AM *To:*yocto@yoctoproject.org mailto:yocto@yoctoproject.org *Cc:*Kamble, Nitin A *Subject:*CyaSSL Yocto Recipe Hi, As per discussions with a few of the Yocto members, we have put together a Yocto Project recipe for the CyaSSL embedded SSL library. I have attached the recipe here for review and comments. Thanks, Chris Conlon www.yassl.com http://www.yassl.com ch...@yassl.com mailto:ch...@yassl.com Skype: chris_conlon_07 +1 406 209 0601 ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] CyaSSL Yocto Recipe
Hi Saul, On Sep 6, 2012, at 4:14 PM, Saul Wold wrote: On 09/06/2012 02:59 PM, Chris Conlon wrote: Adding a direct link to the CyaSSL recipe file for review: www.yassl.com/files/yocto/cyassl_2.3.0.bb http://www.yassl.com/files/yocto/cyassl_2.3.0.bb Chris, On initial inspection of this recipe it looks OK, what package/libraries does it provide? Are they the same as the openssl package? It provides the CyaSSL embedded SSL library, specifically called libcyassl. Although it offers similar functionality as the openssl package (SSL and crypto support), it shouldn't conflict naming wise. OpenSSL's library names are libssl and libcrypto. You may need RCONFLICTS_${PN} and/or RPROVIDES_${PN}, where the ${PN} may need to be the package names in openssl, I need to check that. CyaSSL shouldn't conflict with OpenSSL, as it has a different library name and header location. Thanks for the suggestion about RPROVIDES. I'm new to writing recipe files, so your feedback is very appreciated. I would suggest that initially you make this available as a standard layer, possibly called meta-cyassl, it could be hosted on GitHub. You can add it to the OpenEmbedded Layer Index. See http://www.openembedded.org/wiki/LayerIndex Distributions that want to use this instead of OpenSSL can then use your layer and select your recipe, if it's setup correctly it will provide what they need. Ok, thanks for the pointer. Any chance of the recipe getting rolled into the OpenEmbedded/Yocto meta/recipes-connectivity layer? Thanks, Chris ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] CyaSSL Yocto Recipe
On Thu, 2012-09-06 at 16:38 -0600, Chris Conlon wrote: Hi Saul, On Sep 6, 2012, at 4:14 PM, Saul Wold wrote: On 09/06/2012 02:59 PM, Chris Conlon wrote: Adding a direct link to the CyaSSL recipe file for review: www.yassl.com/files/yocto/cyassl_2.3.0.bb http://www.yassl.com/files/yocto/cyassl_2.3.0.bb Chris, On initial inspection of this recipe it looks OK, what package/libraries does it provide? Are they the same as the openssl package? It provides the CyaSSL embedded SSL library, specifically called libcyassl. Although it offers similar functionality as the openssl package (SSL and crypto support), it shouldn't conflict naming wise. OpenSSL's library names are libssl and libcrypto. You may need RCONFLICTS_${PN} and/or RPROVIDES_${PN}, where the ${PN} may need to be the package names in openssl, I need to check that. CyaSSL shouldn't conflict with OpenSSL, as it has a different library name and header location. Thanks for the suggestion about RPROVIDES. I'm new to writing recipe files, so your feedback is very appreciated. I would suggest that initially you make this available as a standard layer, possibly called meta-cyassl, it could be hosted on GitHub. You can add it to the OpenEmbedded Layer Index. See http://www.openembedded.org/wiki/LayerIndex Distributions that want to use this instead of OpenSSL can then use your layer and select your recipe, if it's setup correctly it will provide what they need. Ok, thanks for the pointer. Any chance of the recipe getting rolled into the OpenEmbedded/Yocto meta/recipes-connectivity layer? This looks like an interesting piece of software and a quick read through your webpages suggests there may be some interesting applications of this within OE which I'd love to explore. We are however quite careful about what goes into OE-Core and you've picked about the worst possible point of the cycle to have this discussion (just after feature freeze which was six days ago). So I certainly think this could make OE-Core but probably not in the 1.3 release timeframe. I would also want to see some kind of demo that we could replace some of our openssl/gnutls usage with this too which so far I've not seen. There is discussion in the OE-Core archives about making the SSL/TLS provider selectable though so there is certainly interest. So I think this is a good idea, a layer is a great place to start experimenting and if its shown to be successful it would make the core. We've got to be realistic about the development process and this isn't going to happen overnight though (a layer is much easier/faster to start with). Cheers, Richard -- Yocto Project Architect Linux Foundation Fellow ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto