diff options
| author | Eneas U de Queiroz <cote2004-github@yahoo.com> | 2019-03-12 13:16:01 +0000 |
|---|---|---|
| committer | Hans Dedecker <dedeckeh@gmail.com> | 2019-03-12 18:26:59 +0100 |
| commit | 2407b1edccc2f2d426333bd7cc1743c8e4da8dbd (patch) | |
| tree | be00dce1b17d00abe03b423582c1a8d649dfad7f /package/libs/openssl/Makefile | |
| parent | 8c593804d078f62de981ee0ff05d666b0d1f4df0 (diff) | |
| download | upstream-2407b1edccc2f2d426333bd7cc1743c8e4da8dbd.tar.gz upstream-2407b1edccc2f2d426333bd7cc1743c8e4da8dbd.tar.bz2 upstream-2407b1edccc2f2d426333bd7cc1743c8e4da8dbd.zip | |
openssl: disable digests by default, misc fixes
Openssh uses digest contexts across forks, which is not supported by the
/dev/crypto engine. The speed of digests is usually not worth enabling
them anyway. This changes the default of the DIGESTS option to NONE, so
the user still has the option to enable them.
Added another patch related to the use of encryption contexts across
forks, that ignores a failure to close a previous open session when
reinitializing a context, instead of failing the reinitialization.
Added a link to the Cryptographic Hardware Accelerators document to the
engine pacakges description, to provide more detailed instructions to
configure the engines.
Revert the removal of the OPENSSL_ENGINE_CRYPTO symbol, currently used
by openssh. There is an open PR to update openssh; when merged, this
symbol can be safely removed.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [refresh patches]
Diffstat (limited to 'package/libs/openssl/Makefile')
| -rw-r--r-- | package/libs/openssl/Makefile | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile index a9dd16f3e7..56e95af793 100644 --- a/package/libs/openssl/Makefile +++ b/package/libs/openssl/Makefile @@ -11,7 +11,7 @@ PKG_NAME:=openssl PKG_BASE:=1.1.1 PKG_BUGFIX:=b PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX) -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_USE_MIPS16:=0 ENGINES_DIR=engines-1.1 @@ -147,6 +147,7 @@ This package adds an engine that enables hardware acceleration through the AF_ALG kernel interface. To use it, you need to configure the engine in /etc/ssl/openssl.cnf See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module +and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators The engine_id is "afalg" endef @@ -163,6 +164,7 @@ This package adds an engine that enables hardware acceleration through the /dev/crypto kernel interface. To use it, you need to configure the engine in /etc/ssl/openssl.cnf See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module +and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators The engine_id is "devcrypto" endef @@ -178,6 +180,7 @@ define Package/libopenssl-padlock/description This package adds an engine that enables VIA Padlock hardware acceleration. To use it, you need to configure it in /etc/ssl/openssl.cnf. See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module +and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators The engine_id is "padlock" endef |