aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEneas U de Queiroz <cotequeiroz@gmail.com>2019-10-01 10:50:34 -0300
committerChristian Lamparter <chunkeey@gmail.com>2019-10-20 13:01:43 +0200
commitcebf024c4d9fd761e55383a582f7e29ac7cc921c (patch)
tree5a9ef31c13be025f453005b9733025964922c96f
parent9ba5cd86b89f5f51cbad536c051dca61a9bfe8e5 (diff)
downloadupstream-cebf024c4d9fd761e55383a582f7e29ac7cc921c.tar.gz
upstream-cebf024c4d9fd761e55383a582f7e29ac7cc921c.tar.bz2
upstream-cebf024c4d9fd761e55383a582f7e29ac7cc921c.zip
openssl: Add engine configuration to openssl.cnf
This adds engine configuration sections to openssl.cnf, with a commented list of engines. To enable an engine, all you have to do is uncomment the engine line. It also adds some useful comments to the devcrypto engine configuration section. Other engines currently don't have configuration commands. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
-rw-r--r--package/libs/openssl/Makefile2
-rw-r--r--package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch56
2 files changed, 57 insertions, 1 deletions
diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index 28625bad05..eb267f31f0 100644
--- a/package/libs/openssl/Makefile
+++ b/package/libs/openssl/Makefile
@@ -11,7 +11,7 @@ PKG_NAME:=openssl
PKG_BASE:=1.1.1
PKG_BUGFIX:=d
PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_USE_MIPS16:=0
ENGINES_DIR=engines-1.1
diff --git a/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch b/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch
new file mode 100644
index 0000000000..6c7143dd7e
--- /dev/null
+++ b/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch
@@ -0,0 +1,56 @@
+--- a/apps/openssl.cnf
++++ b/apps/openssl.cnf
+@@ -22,6 +22,53 @@ oid_section = new_oids
+ # (Alternatively, use a configuration file that has only
+ # X.509v3 extensions in its main [= default] section.)
+
++openssl_conf=openssl_conf
++
++[openssl_conf]
++engines=engines
++
++[engines]
++# To enable an engine, install the package, and uncomment it here:
++#devcrypto=devcrypto
++#afalg=afalg
++#padlock=padlock
++
++[afalg]
++default_algorithms = ALL
++
++[devcrypto]
++# Leave this alone and configure algorithms with CIPERS/DIGESTS below
++default_algorithms = ALL
++
++# Configuration commands:
++# Run 'openssl engine -t -c -vv -pre DUMP_INFO devcrypto' to see a
++# list of supported algorithms, along with their driver, whether they
++# are hw accelerated or not, and the engine's configuration commands.
++
++# USE_SOFTDRIVERS: specifies whether to use software (not accelerated)
++# drivers (0=use only accelerated drivers, 1=allow all drivers, 2=use
++# if acceleration can't be determined) [default=2]
++#USE_SOFTDRIVERS = 2
++
++# CIPHERS: either ALL, NONE, or a comma-separated list of ciphers to
++# enable [default=ALL]
++# It is recommended to disable the ECB ciphers; in most cases, it will
++# only be used for PRNG, in small blocks, where performance is poor,
++# and there may be problems with apps forking with open crypto
++# contexts, leading to failures. The CBC ciphers work well:
++#CIPHERS=DES-CBC, DES-EDE3-CBC, AES-128-CBC, AES-192-CBC, AES-256-CBC
++
++# DIGESTS: either ALL, NONE, or a comma-separated list of digests to
++# enable [default=NONE]
++# It is strongly recommended not to enable digests; their performance
++# is poor, and there are many cases in which they will not work,
++# especially when calling fork with open crypto contexts. Openssh,
++# for example, does this, and you may not be able to login.
++#DIGESTS = NONE
++
++[padlock]
++default_algorithms = ALL
++
+ [ new_oids ]
+
+ # We can add new OIDs in here for use by 'ca', 'req' and 'ts'.