aboutsummaryrefslogtreecommitdiffstats
path: root/package/libs/openssl/patches
diff options
context:
space:
mode:
Diffstat (limited to 'package/libs/openssl/patches')
-rw-r--r--package/libs/openssl/patches/100-Configure-afalg-support.patch3
-rw-r--r--package/libs/openssl/patches/110-openwrt_targets.patch3
-rw-r--r--package/libs/openssl/patches/120-strip-cflags-from-binary.patch3
-rw-r--r--package/libs/openssl/patches/130-dont-build-tests-fuzz.patch3
-rw-r--r--package/libs/openssl/patches/140-allow-prefer-chacha20.patch4
-rw-r--r--package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch101
-rw-r--r--package/libs/openssl/patches/400-eng_devcrypto-save-ioctl-if-EVP_MD_.FLAG_ONESHOT.patch3
-rw-r--r--package/libs/openssl/patches/420-eng_devcrypto-add-command-to-dump-driver-info.patch3
-rw-r--r--package/libs/openssl/patches/430-e_devcrypto-make-the-dev-crypto-engine-dynamic.patch4
-rw-r--r--package/libs/openssl/patches/500-e_devcrypto-default-to-not-use-digests-in-engine.patch1
-rw-r--r--package/libs/openssl/patches/510-e_devcrypto-ignore-error-when-closing-session.patch1
11 files changed, 20 insertions, 109 deletions
diff --git a/package/libs/openssl/patches/100-Configure-afalg-support.patch b/package/libs/openssl/patches/100-Configure-afalg-support.patch
index d8789f4b45..3125e37a94 100644
--- a/package/libs/openssl/patches/100-Configure-afalg-support.patch
+++ b/package/libs/openssl/patches/100-Configure-afalg-support.patch
@@ -1,4 +1,4 @@
-From 559fbff13af9ce2fbc0b9bc5727a7323e1db6217 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Eneas U de Queiroz <cote2004-github@yahoo.com>
Date: Thu, 27 Sep 2018 08:29:21 -0300
Subject: Do not use host kernel version to disable AFALG
@@ -9,7 +9,6 @@ version to disable building the AFALG engine on openwrt targets.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
diff --git a/Configure b/Configure
-index 5a699836f3..74d057c219 100755
--- a/Configure
+++ b/Configure
@@ -1548,7 +1548,9 @@ unless ($disabled{"crypto-mdebug-backtrace"})
diff --git a/package/libs/openssl/patches/110-openwrt_targets.patch b/package/libs/openssl/patches/110-openwrt_targets.patch
index 828c14d21d..9d5db6cfd1 100644
--- a/package/libs/openssl/patches/110-openwrt_targets.patch
+++ b/package/libs/openssl/patches/110-openwrt_targets.patch
@@ -1,4 +1,4 @@
-From 3d43acc6068f00dbfc0c9a06355e2c8f7d302d0f Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Eneas U de Queiroz <cote2004-github@yahoo.com>
Date: Thu, 27 Sep 2018 08:30:24 -0300
Subject: Add openwrt targets
@@ -9,7 +9,6 @@ Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
diff --git a/Configurations/25-openwrt.conf b/Configurations/25-openwrt.conf
new file mode 100644
-index 0000000000..86a86d31e4
--- /dev/null
+++ b/Configurations/25-openwrt.conf
@@ -0,0 +1,52 @@
diff --git a/package/libs/openssl/patches/120-strip-cflags-from-binary.patch b/package/libs/openssl/patches/120-strip-cflags-from-binary.patch
index 7faec9ab88..20fe21f2ac 100644
--- a/package/libs/openssl/patches/120-strip-cflags-from-binary.patch
+++ b/package/libs/openssl/patches/120-strip-cflags-from-binary.patch
@@ -1,4 +1,4 @@
-From 4ad8f2fe6bf3b91df7904fcbe960e5fdfca36336 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Eneas U de Queiroz <cote2004-github@yahoo.com>
Date: Thu, 27 Sep 2018 08:31:38 -0300
Subject: Avoid exposing build directories
@@ -9,7 +9,6 @@ OpenSSL_version(OPENSSL_CFLAGS), or running openssl version -a
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
diff --git a/crypto/build.info b/crypto/build.info
-index 2c619c62e8..893128345a 100644
--- a/crypto/build.info
+++ b/crypto/build.info
@@ -10,7 +10,7 @@ EXTRA= ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \
diff --git a/package/libs/openssl/patches/130-dont-build-tests-fuzz.patch b/package/libs/openssl/patches/130-dont-build-tests-fuzz.patch
index 7f33cb9dae..4707554d2d 100644
--- a/package/libs/openssl/patches/130-dont-build-tests-fuzz.patch
+++ b/package/libs/openssl/patches/130-dont-build-tests-fuzz.patch
@@ -1,4 +1,4 @@
-From ba2fe646f2d9104a18b066e43582154049e9ffcb Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Eneas U de Queiroz <cote2004-github@yahoo.com>
Date: Thu, 27 Sep 2018 08:34:38 -0300
Subject: Do not build tests and fuzz directories
@@ -8,7 +8,6 @@ This shortens build time.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
diff --git a/Configure b/Configure
-index 74d057c219..5813e9f8fe 100755
--- a/Configure
+++ b/Configure
@@ -318,7 +318,7 @@ my $auto_threads=1; # enable threads automatically? true by default
diff --git a/package/libs/openssl/patches/140-allow-prefer-chacha20.patch b/package/libs/openssl/patches/140-allow-prefer-chacha20.patch
index b293db28f7..b2418006a9 100644
--- a/package/libs/openssl/patches/140-allow-prefer-chacha20.patch
+++ b/package/libs/openssl/patches/140-allow-prefer-chacha20.patch
@@ -1,4 +1,4 @@
-From 4f7ab2040bb71f03a8f8388911144559aa2a5b60 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Eneas U de Queiroz <cote2004-github@yahoo.com>
Date: Thu, 27 Sep 2018 08:44:39 -0300
Subject: Add OPENSSL_PREFER_CHACHA_OVER_GCM option
@@ -15,7 +15,6 @@ when the client has it on top of its ciphersuite preference.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
-index 6724ccf2d2..96d959427e 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -173,9 +173,15 @@ extern "C" {
@@ -38,7 +37,6 @@ index 6724ccf2d2..96d959427e 100644
# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
"TLS_AES_128_GCM_SHA256"
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
-index 27a1b2ec68..7039811323 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1467,11 +1467,29 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
diff --git a/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch b/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch
index c90fce2442..387c3ce11e 100644
--- a/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch
+++ b/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch
@@ -1,6 +1,17 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cotequeiroz@gmail.com>
+Date: Sat, 27 Mar 2021 17:43:25 -0300
+Subject: openssl.cnf: add engine configuration
+
+This adds configuration options for engines, loading all cnf files under
+/etc/ssl/engines.d/.
+
+Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
+
+diff --git a/apps/openssl.cnf b/apps/openssl.cnf
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
-@@ -22,6 +22,99 @@ oid_section = new_oids
+@@ -22,6 +22,13 @@ oid_section = new_oids
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
@@ -9,93 +20,7 @@
+[openssl_conf]
+engines=engines
+
-+[engines]
-+# To enable an engine, install the package, and uncomment it here:
-+#devcrypto=devcrypto
-+#afalg=afalg
-+#padlock=padlock
-+##gost=gost
-+
-+[afalg]
-+# Leave this alone and configure algorithms with CIPERS/DIGESTS below
-+default_algorithms = ALL
-+
-+# The following commands are only available if using the alternative
-+# (sync) AFALG engine
-+# Configuration commands:
-+# Run 'openssl engine -t -c -vv -pre DUMP_INFO devcrypto' to see a
-+# list of supported algorithms, along with their driver, whether they
-+# are hw accelerated or not, and the engine's configuration commands.
-+
-+# USE_SOFTDRIVERS: specifies whether to use software (not accelerated)
-+# drivers (0=use only accelerated drivers, 1=allow all drivers, 2=use
-+# if acceleration can't be determined) [default=2]
-+#USE_SOFTDRIVERS = 2
-+
-+# CIPHERS: either ALL, NONE, NO_ECB (all except ECB-mode) or a
-+# comma-separated list of ciphers to enable [default=NO_ECB]
-+# Starting in 1.2.0, if you use a cipher list, each cipher may be
-+# followed by a colon (:) and the minimum request length to use
-+# AF_ALG drivers for that cipher; smaller requests are processed by
-+# softare; a negative value will use the default for that cipher
-+#CIPHERS=AES-128-CBC:1024, AES-256-CBC:768, DES-EDE3-CBC:0
-+
-+# DIGESTS: either ALL, NONE, or a comma-separated list of digests to
-+# enable [default=NONE]
-+# It is strongly recommended not to enable digests; their performance
-+# is poor, and there are many cases in which they will not work,
-+# especially when calling fork with open crypto contexts. Openssh,
-+# for example, does this, and you may not be able to login.
-+#DIGESTS = NONE
-+
-+[devcrypto]
-+# Leave this alone and configure algorithms with CIPERS/DIGESTS below
-+default_algorithms = ALL
-+
-+# Configuration commands:
-+# Run 'openssl engine -t -c -vv -pre DUMP_INFO devcrypto' to see a
-+# list of supported algorithms, along with their driver, whether they
-+# are hw accelerated or not, and the engine's configuration commands.
-+
-+# USE_SOFTDRIVERS: specifies whether to use software (not accelerated)
-+# drivers (0=use only accelerated drivers, 1=allow all drivers, 2=use
-+# if acceleration can't be determined) [default=2]
-+#USE_SOFTDRIVERS = 2
-+
-+# CIPHERS: either ALL, NONE, or a comma-separated list of ciphers to
-+# enable [default=ALL]
-+# It is recommended to disable the ECB ciphers; in most cases, it will
-+# only be used for PRNG, in small blocks, where performance is poor,
-+# and there may be problems with apps forking with open crypto
-+# contexts, leading to failures. The CBC ciphers work well:
-+#CIPHERS=DES-CBC, DES-EDE3-CBC, AES-128-CBC, AES-192-CBC, AES-256-CBC
-+
-+# DIGESTS: either ALL, NONE, or a comma-separated list of digests to
-+# enable [default=NONE]
-+# It is strongly recommended not to enable digests; their performance
-+# is poor, and there are many cases in which they will not work,
-+# especially when calling fork with open crypto contexts. Openssh,
-+# for example, does this, and you may not be able to login.
-+#DIGESTS = NONE
-+
-+[padlock]
-+default_algorithms = ALL
-+
-+[gost]
-+default_algorithms = ALL
-+# CRYPT_PARAMS: OID of default GOST 28147-89 parameters It allows the
-+# user to choose between different parameter sets of symmetric cipher
-+# algorithm. RFC 4357 specifies several parameters for the
-+# GOST 28147-89 algorithm, but OpenSSL doesn't provide user interface
-+# to choose one when encrypting. So use engine configuration parameter
-+# instead.
-+# Value of this parameter can be either short name, defined in OpenSSL
-+# obj_dat.h header file or numeric representation of OID, defined in
-+# RFC 4357. Defaults to id-tc26-gost-28147-param-Z
-+#CRYPT_PARAMS = id-tc26-gost-28147-param-Z
-+
-+# PBE_PARAMS: Shortname of default digest alg for PBE
-+#PBE_PARAMS =
++.include /etc/ssl/engines.cnf.d
+
[ new_oids ]
diff --git a/package/libs/openssl/patches/400-eng_devcrypto-save-ioctl-if-EVP_MD_.FLAG_ONESHOT.patch b/package/libs/openssl/patches/400-eng_devcrypto-save-ioctl-if-EVP_MD_.FLAG_ONESHOT.patch
index 84c68b16a2..71c9fdd438 100644
--- a/package/libs/openssl/patches/400-eng_devcrypto-save-ioctl-if-EVP_MD_.FLAG_ONESHOT.patch
+++ b/package/libs/openssl/patches/400-eng_devcrypto-save-ioctl-if-EVP_MD_.FLAG_ONESHOT.patch
@@ -1,4 +1,4 @@
-From f14345422747a495a52f9237a43b8be189f21912 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Eneas U de Queiroz <cote2004-github@yahoo.com>
Date: Mon, 5 Nov 2018 15:54:17 -0200
Subject: eng_devcrypto: save ioctl if EVP_MD_..FLAG_ONESHOT
@@ -15,7 +15,6 @@ Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)
diff --git a/crypto/engine/eng_devcrypto.c b/crypto/engine/eng_devcrypto.c
-index a727c6f646..a2c9a966f7 100644
--- a/crypto/engine/eng_devcrypto.c
+++ b/crypto/engine/eng_devcrypto.c
@@ -461,6 +461,7 @@ struct digest_ctx {
diff --git a/package/libs/openssl/patches/420-eng_devcrypto-add-command-to-dump-driver-info.patch b/package/libs/openssl/patches/420-eng_devcrypto-add-command-to-dump-driver-info.patch
index ad83a51a10..83989a3625 100644
--- a/package/libs/openssl/patches/420-eng_devcrypto-add-command-to-dump-driver-info.patch
+++ b/package/libs/openssl/patches/420-eng_devcrypto-add-command-to-dump-driver-info.patch
@@ -1,4 +1,4 @@
-From 78e7b1cc7119622645bc5a8542c55b6c95dc7868 Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Eneas U de Queiroz <cote2004-github@yahoo.com>
Date: Tue, 6 Nov 2018 22:54:07 -0200
Subject: eng_devcrypto: add command to dump driver info
@@ -12,7 +12,6 @@ Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)
diff --git a/crypto/engine/eng_devcrypto.c b/crypto/engine/eng_devcrypto.c
-index 5ec38ca8f3..64dc6b891d 100644
--- a/crypto/engine/eng_devcrypto.c
+++ b/crypto/engine/eng_devcrypto.c
@@ -50,16 +50,20 @@ static int use_softdrivers = DEVCRYPTO_DEFAULT_USE_SOFDTRIVERS;
diff --git a/package/libs/openssl/patches/430-e_devcrypto-make-the-dev-crypto-engine-dynamic.patch b/package/libs/openssl/patches/430-e_devcrypto-make-the-dev-crypto-engine-dynamic.patch
index ea3f8fb8a7..1298efe546 100644
--- a/package/libs/openssl/patches/430-e_devcrypto-make-the-dev-crypto-engine-dynamic.patch
+++ b/package/libs/openssl/patches/430-e_devcrypto-make-the-dev-crypto-engine-dynamic.patch
@@ -9,7 +9,6 @@ engines/e_devcrypto.c.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
diff --git a/crypto/engine/build.info b/crypto/engine/build.info
-index e00802a3fd..47fe948966 100644
--- a/crypto/engine/build.info
+++ b/crypto/engine/build.info
@@ -6,6 +6,3 @@ SOURCE[../../libcrypto]=\
@@ -20,7 +19,6 @@ index e00802a3fd..47fe948966 100644
- SOURCE[../../libcrypto]=eng_devcrypto.c
-ENDIF
diff --git a/crypto/init.c b/crypto/init.c
-index 1b0d523bea..ee3e2eb075 100644
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -329,18 +329,6 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl)
@@ -86,7 +84,6 @@ index 1b0d523bea..ee3e2eb075 100644
if ((opts & OPENSSL_INIT_ENGINE_PADLOCK)
&& !RUN_ONCE(&engine_padlock, ossl_init_engine_padlock))
diff --git a/engines/build.info b/engines/build.info
-index 1db771971c..33a25d7004 100644
--- a/engines/build.info
+++ b/engines/build.info
@@ -11,6 +11,9 @@ IF[{- !$disabled{"engine"} -}]
@@ -116,7 +113,6 @@ diff --git a/crypto/engine/eng_devcrypto.c b/engines/e_devcrypto.c
similarity index 95%
rename from crypto/engine/eng_devcrypto.c
rename to engines/e_devcrypto.c
-index 2c1b52d572..eff1ed3a7d 100644
--- a/crypto/engine/eng_devcrypto.c
+++ b/engines/e_devcrypto.c
@@ -7,7 +7,7 @@
diff --git a/package/libs/openssl/patches/500-e_devcrypto-default-to-not-use-digests-in-engine.patch b/package/libs/openssl/patches/500-e_devcrypto-default-to-not-use-digests-in-engine.patch
index 1f1cd7a582..fd4701307e 100644
--- a/package/libs/openssl/patches/500-e_devcrypto-default-to-not-use-digests-in-engine.patch
+++ b/package/libs/openssl/patches/500-e_devcrypto-default-to-not-use-digests-in-engine.patch
@@ -20,7 +20,6 @@ turn them on if it is safe and fast enough.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
diff --git a/engines/e_devcrypto.c b/engines/e_devcrypto.c
-index 3fcd81de7a..d25230d366 100644
--- a/engines/e_devcrypto.c
+++ b/engines/e_devcrypto.c
@@ -852,7 +852,7 @@ static void prepare_digest_methods(void)
diff --git a/package/libs/openssl/patches/510-e_devcrypto-ignore-error-when-closing-session.patch b/package/libs/openssl/patches/510-e_devcrypto-ignore-error-when-closing-session.patch
index bc514b88c9..bf1c98b104 100644
--- a/package/libs/openssl/patches/510-e_devcrypto-ignore-error-when-closing-session.patch
+++ b/package/libs/openssl/patches/510-e_devcrypto-ignore-error-when-closing-session.patch
@@ -9,7 +9,6 @@ session. It may have been closed by another process after a fork.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
diff --git a/engines/e_devcrypto.c b/engines/e_devcrypto.c
-index d25230d366..f4570f1666 100644
--- a/engines/e_devcrypto.c
+++ b/engines/e_devcrypto.c
@@ -195,9 +195,8 @@ static int cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,