aboutsummaryrefslogtreecommitdiffstats
path: root/package/libs/openssl/files
diff options
context:
space:
mode:
authorEneas U de Queiroz <cotequeiroz@gmail.com>2022-02-20 21:09:28 -0300
committerPetr Štetiar <ynezz@true.cz>2022-02-22 16:37:23 +0100
commit17a6ca12d3dfbb8808ca6d8a5300ff2a9121ba36 (patch)
tree7ca70a3aa1f9499b2496b48ec4cb60dc0a3f0c42 /package/libs/openssl/files
parentaae7af4219e56c2787f675109d9dd1a44a5dcba4 (diff)
downloadupstream-17a6ca12d3dfbb8808ca6d8a5300ff2a9121ba36.tar.gz
upstream-17a6ca12d3dfbb8808ca6d8a5300ff2a9121ba36.tar.bz2
upstream-17a6ca12d3dfbb8808ca6d8a5300ff2a9121ba36.zip
openssl: config engines in /etc/ssl/engines.cnf.d
This changes the configuration of engines from the global openssl.cnf to files in the /etc/ssl/engines.cnf.d directory. The engines.cnf file has the list of enabled engines, while each engine has its own configuration file installed under /etc/ssl/engines.cnf.d. Patches were refreshed with --zero-commit. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Diffstat (limited to 'package/libs/openssl/files')
-rw-r--r--package/libs/openssl/files/afalg.cnf3
-rw-r--r--package/libs/openssl/files/devcrypto.cnf31
-rw-r--r--package/libs/openssl/files/engines.cnf7
-rw-r--r--package/libs/openssl/files/padlock.cnf3
4 files changed, 44 insertions, 0 deletions
diff --git a/package/libs/openssl/files/afalg.cnf b/package/libs/openssl/files/afalg.cnf
new file mode 100644
index 0000000000..4f573d757c
--- /dev/null
+++ b/package/libs/openssl/files/afalg.cnf
@@ -0,0 +1,3 @@
+[afalg]
+default_algorithms = ALL
+
diff --git a/package/libs/openssl/files/devcrypto.cnf b/package/libs/openssl/files/devcrypto.cnf
new file mode 100644
index 0000000000..549275600d
--- /dev/null
+++ b/package/libs/openssl/files/devcrypto.cnf
@@ -0,0 +1,31 @@
+[devcrypto]
+# Leave this alone and configure algorithms with CIPERS/DIGESTS below
+default_algorithms = ALL
+
+# Configuration commands:
+# Run 'openssl engine -t -c -vv -pre DUMP_INFO devcrypto' to see a
+# list of supported algorithms, along with their driver, whether they
+# are hw accelerated or not, and the engine's configuration commands.
+
+# USE_SOFTDRIVERS: specifies whether to use software (not accelerated)
+# drivers (0=use only accelerated drivers, 1=allow all drivers, 2=use
+# if acceleration can't be determined) [default=2]
+#USE_SOFTDRIVERS = 2
+
+# CIPHERS: either ALL, NONE, or a comma-separated list of ciphers to
+# enable [default=ALL]
+# It is recommended to disable the ECB ciphers; in most cases, it will
+# only be used for PRNG, in small blocks, where performance is poor,
+# and there may be problems with apps forking with open crypto
+# contexts, leading to failures. The CBC ciphers work well:
+#CIPHERS=DES-CBC, DES-EDE3-CBC, AES-128-CBC, AES-192-CBC, AES-256-CBC
+
+# DIGESTS: either ALL, NONE, or a comma-separated list of digests to
+# enable [default=NONE]
+# It is strongly recommended not to enable digests; their performance
+# is poor, and there are many cases in which they will not work,
+# especially when calling fork with open crypto contexts. Openssh,
+# for example, does this, and you may not be able to login.
+#DIGESTS = NONE
+
+
diff --git a/package/libs/openssl/files/engines.cnf b/package/libs/openssl/files/engines.cnf
new file mode 100644
index 0000000000..d034ab5a30
--- /dev/null
+++ b/package/libs/openssl/files/engines.cnf
@@ -0,0 +1,7 @@
+[engines]
+# To enable an engine, install the package, and uncomment it here:
+#devcrypto=devcrypto
+#afalg=afalg
+#padlock=padlock
+#gost=gost
+
diff --git a/package/libs/openssl/files/padlock.cnf b/package/libs/openssl/files/padlock.cnf
new file mode 100644
index 0000000000..ef91079e5d
--- /dev/null
+++ b/package/libs/openssl/files/padlock.cnf
@@ -0,0 +1,3 @@
+[padlock]
+default_algorithms = ALL
+