aboutsummaryrefslogtreecommitdiffstats
path: root/package/libs/openssl/patches
diff options
context:
space:
mode:
authorEneas U de Queiroz <cotequeiroz@gmail.com>2020-03-19 16:12:14 -0300
committerChristian Lamparter <chunkeey@gmail.com>2020-03-21 17:48:34 +0100
commitd9d689589b96bd80e57e5c603d84d6ee95049800 (patch)
tree6bee6acbd2421bbdfcbaed0d1fc337f3fae13a25 /package/libs/openssl/patches
parent19af00850f63e0b53c081f6a57b134275fb6cafb (diff)
downloadupstream-d9d689589b96bd80e57e5c603d84d6ee95049800.tar.gz
upstream-d9d689589b96bd80e57e5c603d84d6ee95049800.tar.bz2
upstream-d9d689589b96bd80e57e5c603d84d6ee95049800.zip
openssl: add configuration example for afalg-sync
This adds commented configuration help for the alternate, afalg-sync engine to /etc/ssl/openssl.cnf. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Diffstat (limited to 'package/libs/openssl/patches')
-rw-r--r--package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch31
1 files changed, 30 insertions, 1 deletions
diff --git a/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch b/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch
index 6c7143dd7e..81d41963c6 100644
--- a/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch
+++ b/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch
@@ -1,6 +1,6 @@
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
-@@ -22,6 +22,53 @@ oid_section = new_oids
+@@ -22,6 +22,82 @@ oid_section = new_oids
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
@@ -16,8 +16,37 @@
+#padlock=padlock
+
+[afalg]
++# Leave this alone and configure algorithms with CIPERS/DIGESTS below
+default_algorithms = ALL
+
++# The following commands are only available if using the alternative
++# (sync) AFALG engine
++# Configuration commands:
++# Run 'openssl engine -t -c -vv -pre DUMP_INFO devcrypto' to see a
++# list of supported algorithms, along with their driver, whether they
++# are hw accelerated or not, and the engine's configuration commands.
++
++# USE_SOFTDRIVERS: specifies whether to use software (not accelerated)
++# drivers (0=use only accelerated drivers, 1=allow all drivers, 2=use
++# if acceleration can't be determined) [default=2]
++#USE_SOFTDRIVERS = 2
++
++# CIPHERS: either ALL, NONE, NO_ECB (all except ECB-mode) or a
++# comma-separated list of ciphers to enable [default=NO_ECB]
++# Starting in 1.2.0, if you use a cipher list, each cipher may be
++# followed by a colon (:) and the minimum request length to use
++# AF_ALG drivers for that cipher; smaller requests are processed by
++# softare; a negative value will use the default for that cipher
++#CIPHERS=AES-128-CBC:1024, AES-256-CBC:768, DES-EDE3-CBC:0
++
++# DIGESTS: either ALL, NONE, or a comma-separated list of digests to
++# enable [default=NONE]
++# It is strongly recommended not to enable digests; their performance
++# is poor, and there are many cases in which they will not work,
++# especially when calling fork with open crypto contexts. Openssh,
++# for example, does this, and you may not be able to login.
++#DIGESTS = NONE
++
+[devcrypto]
+# Leave this alone and configure algorithms with CIPERS/DIGESTS below
+default_algorithms = ALL