Opened 6 years ago

Closed 3 years ago

Last modified 3 years ago

#4400 closed Enhancement (fixed)

add cyassl support

Reported by: ilm Owned by: mike.dld
Priority: Normal Milestone: 2.90
Component: libtransmission Version: 2.33
Severity: Normal Keywords: cyassl, patch-needed
Cc: nikoli@…

Description

For embedded systems space is an issue. It would be nice to allow transmission to work with cyassl which is much smaller (~60kb) than openssl (~400kb). And provides all the necessary functions.

Recently libcurl (a dependency of transmission) already added native cyassl support. But transmission still uses openssl directly in some places. Sometimes this doesnt matter as cyassl provides an (incomplete) openssl compatibility layer. Most notably there is no compatibility for the crypto library functions used in src/crypt.c (though also some other places).

As discussed on irc a while ago, to properly add cyassl support it is best to refactor the openssl specific bits of crypt.c into crypt_openssl.c and create crypt_cyassl.c for the cyassl support. So one interface (crypt.h) is exposed to the rest of the code.

This ticket is mostly a reminder to myself to get going on this. Though that will be a couple of months (busy now and on vacation in a couple weeks). If in the meantime someone else wants to get a shot at this, feel free (especially as I'm no expert in crypto/openssl stuff).

Attachments (2)

draft.patch (33.2 KB) - added by ilm 6 years ago.
cyassl support WIP (on Revision: 13205)
draft_v2.patch (32.6 KB) - added by ilm 6 years ago.
cyassl support WIP v2 (rev. 13230)

Download all attachments as: .zip

Change History (24)

comment:1 Changed 6 years ago by jordan

ilm, any news on this?

comment:2 Changed 6 years ago by ilm

Sorry, I haven't found the time yet. Unfortunately, I have too many interests that kept me occupied. + due the fact that I was able to free up some space, this has been less of a priority.

comment:3 Changed 6 years ago by jordan

ilm, do you have a rough timeline for when you're planning to work on this? Should the ticket be left open?

comment:4 Changed 6 years ago by ilm

No timeline, maybe I have more free time in January. But, can't you just keep it open for tracking purposes ?

comment:5 Changed 6 years ago by x190

  • Keywords patch needed added

comment:6 Changed 6 years ago by jordan

ilm, ping

comment:7 Changed 6 years ago by ilm

Thanks for the reminder. I reserved some days in February to finally take a look at it, I promise.

comment:8 Changed 6 years ago by ilm

small status update:

  • copied crypto.c to crypto_openssl.c
  • created cyassl impl. (crypto_cyassl.c)

I found three other places in libtransmission that depend on openssl and that needed changing

  • utils.c has some functions for some base64 encoding/decoding
  • inout.c + verify.c uses sha hashes

These have been changed easy enough using #ifdefs for the moment, but perhaps you want a cleaner solutions ? E.g., the sha hash is an 1-1 mapping with ctaocrypt, I could create a generic ShaInit?, ShaUpdate?, ShaFinal? functions in crypt.h and corresponding implementation in crypt.c if that's ok.

I did a quick grep through the other components/deps. of transmission:

  • libcurl uses openssl (but recent versions should have native cyassl impl.)
  • but libevent seems to use also openssl, is this an optional depdenency ?

Aside from these small problems, problems with the openssl compatibility layer may still popup of course, lets pray not.

Changed 6 years ago by ilm

cyassl support WIP (on Revision: 13205)

comment:9 Changed 6 years ago by ilm

apparently I've got it partially working now. At least it downloads the ubuntu image (and setting the encryption mode to required in the options). So I have attached my current work for initial comments. While it seems to work there is still quite some things todo, on top of my head:

  • had one segfault
  • new base64 code isnt executed in my small test, for what is it used ?
  • encryption works, but is it secure ? :-)
  • so review code and cleanup
  • make sure openssl is still working
  • autoconf stuff <- most time consuming part ;)

It seems that you use openssl only for the crypto functions, is this right ? As I only had to use the CTaoCrypt library (which is included/used by cyassl), hence, we can only depend only on ctaocrypt (instead of cyassl) which has an even smaller footprint. On the other hand, libcurl uses the full cyassl anyway I think.

Howto: ./configure --with-cyassl=/path/to/cyassl-2.0.6/ make

comment:10 Changed 6 years ago by ilm

attached version 2:

  • refactored some common code into crypto.c, though not as much as I hoped as some generic functions call static (=private) methods from the specialized crypto_foo.c unit
  • fixed base64 encode/decode for cyassl, works now (utils-test was quite handy). However, cyassl doesn't provide encoding without using newlines. I added a little hack to make the unit test work, but we probably need to filter out the newlines ourself
  • autoconf: both cyassl (static) and openssl can be compiled (and work), but, frankly, autoconf confuses the hell out of me so if you want me to do things in a certain way, let me know.

Known things:

  • for some reason compiling with -lcyassl doesnt work (complains about undefined refs.) and I have no idea why)
  • compiling with cyassl still links to libssl and libcrypto (and -lssl, -lcrypto isnt specified) :s so there may some code that uses openssl and that the linker resolves automatically (libevent ? or the recv() statements in libtransmission, no expert on linux sockets/openssl)
  • ...

comment:11 Changed 6 years ago by livings124

ilm: would you be able to re-attach your patch with a different name. Trac won't let me accept it with a duplicate name.

Changed 6 years ago by ilm

cyassl support WIP v2 (rev. 13230)

comment:12 Changed 6 years ago by ilm

Strange, since trac offered me the option to do so. :-)

attached draft_v2.patch

comment:13 Changed 6 years ago by jordan

  • Milestone changed from None Set to 2.60
  • Status changed from new to assigned

comment:14 Changed 5 years ago by livings124

  • Milestone changed from 2.60 to 2.70

comment:15 Changed 5 years ago by livings124

  • Milestone changed from 2.70 to Sometime

comment:16 Changed 4 years ago by Nikoli

  • Cc nikoli@… added

comment:17 Changed 4 years ago by mike.dld

  • Keywords patch-needed added; patch needed removed

comment:18 Changed 3 years ago by mike.dld

Gentoo has removed cyassl package from the tree (see bug #495848). Is it still popular enough to support in Transmission?

comment:19 Changed 3 years ago by jordan

It still seems to be under active development, so even though it's in the "someone would need to contribute a completed patch" category, I'd still consider it.

Certainly there's a valid interest in supporting "not openssl" :-)

comment:20 Changed 3 years ago by mike.dld

  • Owner changed from jordan to mike.dld
  • Status changed from assigned to new

comment:21 Changed 3 years ago by mike.dld

  • Status changed from new to assigned

comment:22 Changed 3 years ago by mike.dld

  • Milestone changed from Sometime to 2.90
  • Resolution set to fixed
  • Status changed from assigned to closed

Fixed in r14439.

Last edited 3 years ago by mike.dld (previous) (diff)
Note: See TracTickets for help on using tickets.