diff options
| author | Eneas U de Queiroz <cotequeiroz@gmail.com> | 2022-02-20 21:09:28 -0300 |
|---|---|---|
| committer | Petr Štetiar <ynezz@true.cz> | 2022-02-22 16:37:23 +0100 |
| commit | 17a6ca12d3dfbb8808ca6d8a5300ff2a9121ba36 (patch) | |
| tree | 7ca70a3aa1f9499b2496b48ec4cb60dc0a3f0c42 /package/libs/openssl/files | |
| parent | aae7af4219e56c2787f675109d9dd1a44a5dcba4 (diff) | |
| download | upstream-17a6ca12d3dfbb8808ca6d8a5300ff2a9121ba36.tar.gz upstream-17a6ca12d3dfbb8808ca6d8a5300ff2a9121ba36.tar.bz2 upstream-17a6ca12d3dfbb8808ca6d8a5300ff2a9121ba36.zip | |
openssl: config engines in /etc/ssl/engines.cnf.d
This changes the configuration of engines from the global openssl.cnf to
files in the /etc/ssl/engines.cnf.d directory. The engines.cnf file has
the list of enabled engines, while each engine has its own configuration
file installed under /etc/ssl/engines.cnf.d.
Patches were refreshed with --zero-commit.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Diffstat (limited to 'package/libs/openssl/files')
| -rw-r--r-- | package/libs/openssl/files/afalg.cnf | 3 | ||||
| -rw-r--r-- | package/libs/openssl/files/devcrypto.cnf | 31 | ||||
| -rw-r--r-- | package/libs/openssl/files/engines.cnf | 7 | ||||
| -rw-r--r-- | package/libs/openssl/files/padlock.cnf | 3 |
4 files changed, 44 insertions, 0 deletions
diff --git a/package/libs/openssl/files/afalg.cnf b/package/libs/openssl/files/afalg.cnf new file mode 100644 index 0000000000..4f573d757c --- /dev/null +++ b/package/libs/openssl/files/afalg.cnf @@ -0,0 +1,3 @@ +[afalg] +default_algorithms = ALL + diff --git a/package/libs/openssl/files/devcrypto.cnf b/package/libs/openssl/files/devcrypto.cnf new file mode 100644 index 0000000000..549275600d --- /dev/null +++ b/package/libs/openssl/files/devcrypto.cnf @@ -0,0 +1,31 @@ +[devcrypto] +# Leave this alone and configure algorithms with CIPERS/DIGESTS below +default_algorithms = ALL + +# Configuration commands: +# Run 'openssl engine -t -c -vv -pre DUMP_INFO devcrypto' to see a +# list of supported algorithms, along with their driver, whether they +# are hw accelerated or not, and the engine's configuration commands. + +# USE_SOFTDRIVERS: specifies whether to use software (not accelerated) +# drivers (0=use only accelerated drivers, 1=allow all drivers, 2=use +# if acceleration can't be determined) [default=2] +#USE_SOFTDRIVERS = 2 + +# CIPHERS: either ALL, NONE, or a comma-separated list of ciphers to +# enable [default=ALL] +# It is recommended to disable the ECB ciphers; in most cases, it will +# only be used for PRNG, in small blocks, where performance is poor, +# and there may be problems with apps forking with open crypto +# contexts, leading to failures. The CBC ciphers work well: +#CIPHERS=DES-CBC, DES-EDE3-CBC, AES-128-CBC, AES-192-CBC, AES-256-CBC + +# DIGESTS: either ALL, NONE, or a comma-separated list of digests to +# enable [default=NONE] +# It is strongly recommended not to enable digests; their performance +# is poor, and there are many cases in which they will not work, +# especially when calling fork with open crypto contexts. Openssh, +# for example, does this, and you may not be able to login. +#DIGESTS = NONE + + diff --git a/package/libs/openssl/files/engines.cnf b/package/libs/openssl/files/engines.cnf new file mode 100644 index 0000000000..d034ab5a30 --- /dev/null +++ b/package/libs/openssl/files/engines.cnf @@ -0,0 +1,7 @@ +[engines] +# To enable an engine, install the package, and uncomment it here: +#devcrypto=devcrypto +#afalg=afalg +#padlock=padlock +#gost=gost + diff --git a/package/libs/openssl/files/padlock.cnf b/package/libs/openssl/files/padlock.cnf new file mode 100644 index 0000000000..ef91079e5d --- /dev/null +++ b/package/libs/openssl/files/padlock.cnf @@ -0,0 +1,3 @@ +[padlock] +default_algorithms = ALL + |