aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEneas U de Queiroz <cotequeiroz@gmail.com>2021-02-17 21:50:08 -0300
committerHauke Mehrtens <hauke@hauke-m.de>2021-02-23 21:10:56 +0100
commit12a80e44b914a00fa39daae5474b3964f246ddc3 (patch)
treef1ae3d3d3252432d684b39e8b1b905e72b7d5718
parent06356f00200639c48d95330e633965957b0347ab (diff)
downloadupstream-12a80e44b914a00fa39daae5474b3964f246ddc3.tar.gz
upstream-12a80e44b914a00fa39daae5474b3964f246ddc3.tar.bz2
upstream-12a80e44b914a00fa39daae5474b3964f246ddc3.zip
openssl: always build with GOST engine support
The packages feed has a proposed package for a GOST engine, which needs support from the main openssl library. It is a default option in OpenSSL. All that needs to be done here is to not disable it. Package increases by a net 1-byte, so it is not really really worth keeping this optional. This commit also includes a commented-out example engine configuration in openssl.cnf, as it is done for other available engines. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
-rw-r--r--package/libs/openssl/Config.in11
-rw-r--r--package/libs/openssl/Makefile7
-rw-r--r--package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch19
3 files changed, 19 insertions, 18 deletions
diff --git a/package/libs/openssl/Config.in b/package/libs/openssl/Config.in
index d1281ec6fa..bc2f0584b6 100644
--- a/package/libs/openssl/Config.in
+++ b/package/libs/openssl/Config.in
@@ -293,15 +293,4 @@ config OPENSSL_WITH_ASYNC
initiate crypto operations asynchronously. In order to work
this will require the presence of an async capable engine.
-config OPENSSL_WITH_GOST
- bool
- prompt "Prepare library for GOST engine"
- depends on OPENSSL_ENGINE
- help
- This option prepares the library to accept engine support
- for Russian GOST crypto algorithms.
- The gost engine is not included in standard openwrt feeds.
- To build such engine yourself, see:
- https://github.com/gost-engine/engine
-
endif
diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index 7dbbd65026..436abfd94c 100644
--- a/package/libs/openssl/Makefile
+++ b/package/libs/openssl/Makefile
@@ -11,7 +11,7 @@ PKG_NAME:=openssl
PKG_BASE:=1.1.1
PKG_BUGFIX:=j
PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_USE_MIPS16:=0
ENGINES_DIR=engines-1.1
@@ -52,7 +52,6 @@ PKG_CONFIG_DEPENDS:= \
CONFIG_OPENSSL_WITH_DTLS \
CONFIG_OPENSSL_WITH_EC2M \
CONFIG_OPENSSL_WITH_ERROR_MESSAGES \
- CONFIG_OPENSSL_WITH_GOST \
CONFIG_OPENSSL_WITH_IDEA \
CONFIG_OPENSSL_WITH_MDC2 \
CONFIG_OPENSSL_WITH_NPN \
@@ -289,10 +288,6 @@ else
OPENSSL_OPTIONS += no-engine
endif
-ifndef CONFIG_OPENSSL_WITH_GOST
- OPENSSL_OPTIONS += no-gost
-endif
-
ifndef CONFIG_OPENSSL_WITH_DTLS
OPENSSL_OPTIONS += no-dtls
endif
diff --git a/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch b/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch
index 81d41963c6..c90fce2442 100644
--- a/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch
+++ b/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch
@@ -1,6 +1,6 @@
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
-@@ -22,6 +22,82 @@ oid_section = new_oids
+@@ -22,6 +22,99 @@ oid_section = new_oids
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
@@ -14,6 +14,7 @@
+#devcrypto=devcrypto
+#afalg=afalg
+#padlock=padlock
++##gost=gost
+
+[afalg]
+# Leave this alone and configure algorithms with CIPERS/DIGESTS below
@@ -80,6 +81,22 @@
+[padlock]
+default_algorithms = ALL
+
++[gost]
++default_algorithms = ALL
++# CRYPT_PARAMS: OID of default GOST 28147-89 parameters It allows the
++# user to choose between different parameter sets of symmetric cipher
++# algorithm. RFC 4357 specifies several parameters for the
++# GOST 28147-89 algorithm, but OpenSSL doesn't provide user interface
++# to choose one when encrypting. So use engine configuration parameter
++# instead.
++# Value of this parameter can be either short name, defined in OpenSSL
++# obj_dat.h header file or numeric representation of OID, defined in
++# RFC 4357. Defaults to id-tc26-gost-28147-param-Z
++#CRYPT_PARAMS = id-tc26-gost-28147-param-Z
++
++# PBE_PARAMS: Shortname of default digest alg for PBE
++#PBE_PARAMS =
++
[ new_oids ]
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.