diff options
author | Eneas U de Queiroz <cotequeiroz@gmail.com> | 2021-02-17 21:50:08 -0300 |
---|---|---|
committer | Hauke Mehrtens <hauke@hauke-m.de> | 2021-02-23 21:10:56 +0100 |
commit | 12a80e44b914a00fa39daae5474b3964f246ddc3 (patch) | |
tree | f1ae3d3d3252432d684b39e8b1b905e72b7d5718 /package | |
parent | 06356f00200639c48d95330e633965957b0347ab (diff) | |
download | upstream-12a80e44b914a00fa39daae5474b3964f246ddc3.tar.gz upstream-12a80e44b914a00fa39daae5474b3964f246ddc3.tar.bz2 upstream-12a80e44b914a00fa39daae5474b3964f246ddc3.zip |
openssl: always build with GOST engine support
The packages feed has a proposed package for a GOST engine, which needs
support from the main openssl library. It is a default option in
OpenSSL. All that needs to be done here is to not disable it.
Package increases by a net 1-byte, so it is not really really worth
keeping this optional.
This commit also includes a commented-out example engine configuration
in openssl.cnf, as it is done for other available engines.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Diffstat (limited to 'package')
-rw-r--r-- | package/libs/openssl/Config.in | 11 | ||||
-rw-r--r-- | package/libs/openssl/Makefile | 7 | ||||
-rw-r--r-- | package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch | 19 |
3 files changed, 19 insertions, 18 deletions
diff --git a/package/libs/openssl/Config.in b/package/libs/openssl/Config.in index d1281ec6fa..bc2f0584b6 100644 --- a/package/libs/openssl/Config.in +++ b/package/libs/openssl/Config.in @@ -293,15 +293,4 @@ config OPENSSL_WITH_ASYNC initiate crypto operations asynchronously. In order to work this will require the presence of an async capable engine. -config OPENSSL_WITH_GOST - bool - prompt "Prepare library for GOST engine" - depends on OPENSSL_ENGINE - help - This option prepares the library to accept engine support - for Russian GOST crypto algorithms. - The gost engine is not included in standard openwrt feeds. - To build such engine yourself, see: - https://github.com/gost-engine/engine - endif diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile index 7dbbd65026..436abfd94c 100644 --- a/package/libs/openssl/Makefile +++ b/package/libs/openssl/Makefile @@ -11,7 +11,7 @@ PKG_NAME:=openssl PKG_BASE:=1.1.1 PKG_BUGFIX:=j PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX) -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_USE_MIPS16:=0 ENGINES_DIR=engines-1.1 @@ -52,7 +52,6 @@ PKG_CONFIG_DEPENDS:= \ CONFIG_OPENSSL_WITH_DTLS \ CONFIG_OPENSSL_WITH_EC2M \ CONFIG_OPENSSL_WITH_ERROR_MESSAGES \ - CONFIG_OPENSSL_WITH_GOST \ CONFIG_OPENSSL_WITH_IDEA \ CONFIG_OPENSSL_WITH_MDC2 \ CONFIG_OPENSSL_WITH_NPN \ @@ -289,10 +288,6 @@ else OPENSSL_OPTIONS += no-engine endif -ifndef CONFIG_OPENSSL_WITH_GOST - OPENSSL_OPTIONS += no-gost -endif - ifndef CONFIG_OPENSSL_WITH_DTLS OPENSSL_OPTIONS += no-dtls endif diff --git a/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch b/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch index 81d41963c6..c90fce2442 100644 --- a/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch +++ b/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch @@ -1,6 +1,6 @@ --- a/apps/openssl.cnf +++ b/apps/openssl.cnf -@@ -22,6 +22,82 @@ oid_section = new_oids +@@ -22,6 +22,99 @@ oid_section = new_oids # (Alternatively, use a configuration file that has only # X.509v3 extensions in its main [= default] section.) @@ -14,6 +14,7 @@ +#devcrypto=devcrypto +#afalg=afalg +#padlock=padlock ++##gost=gost + +[afalg] +# Leave this alone and configure algorithms with CIPERS/DIGESTS below @@ -80,6 +81,22 @@ +[padlock] +default_algorithms = ALL + ++[gost] ++default_algorithms = ALL ++# CRYPT_PARAMS: OID of default GOST 28147-89 parameters It allows the ++# user to choose between different parameter sets of symmetric cipher ++# algorithm. RFC 4357 specifies several parameters for the ++# GOST 28147-89 algorithm, but OpenSSL doesn't provide user interface ++# to choose one when encrypting. So use engine configuration parameter ++# instead. ++# Value of this parameter can be either short name, defined in OpenSSL ++# obj_dat.h header file or numeric representation of OID, defined in ++# RFC 4357. Defaults to id-tc26-gost-28147-param-Z ++#CRYPT_PARAMS = id-tc26-gost-28147-param-Z ++ ++# PBE_PARAMS: Shortname of default digest alg for PBE ++#PBE_PARAMS = ++ [ new_oids ] # We can add new OIDs in here for use by 'ca', 'req' and 'ts'. |