From 30b0351039850d01c382b745a1f40b81b4be2a93 Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Sun, 20 Feb 2022 21:09:29 -0300 Subject: openssl: configure engine packages during install This enables an engine during its package's installation, by adding it to the engines list in /etc/ssl/engines.cnf.d/engines.cnf. The engine build system was reworked, with the addition of an engine.mk file that groups some of the engine packages' definitions, and could be used by out of tree engines as well. Signed-off-by: Eneas U de Queiroz --- package/libs/openssl/Makefile | 58 ++++++++++++++++--------------------------- 1 file changed, 22 insertions(+), 36 deletions(-) (limited to 'package/libs/openssl/Makefile') diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile index 737123930c..3a0666ff8e 100644 --- a/package/libs/openssl/Makefile +++ b/package/libs/openssl/Makefile @@ -11,9 +11,8 @@ PKG_NAME:=openssl PKG_BASE:=1.1.1 PKG_BUGFIX:=m PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX) -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_USE_MIPS16:=0 -ENGINES_DIR=engines-1.1 PKG_BUILD_PARALLEL:=1 @@ -65,6 +64,7 @@ PKG_CONFIG_DEPENDS:= \ CONFIG_OPENSSL_WITH_WHIRLPOOL include $(INCLUDE_DIR)/package.mk +include engine.mk ifneq ($(CONFIG_CCACHE),) HOSTCC=$(HOSTCC_NOCACHE) @@ -128,6 +128,9 @@ endef define Package/libopenssl-conf/conffiles /etc/ssl/openssl.cnf +/etc/ssl/engines.cnf.d/engines.cnf +$(if CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO,/etc/ssl/engines.cnf.d/devcrypto.cnf) +$(if CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK,/etc/ssl/engines.cnf.d/padlock.cnf) endef define Package/libopenssl-conf/description @@ -135,52 +138,50 @@ $(call Package/openssl/Default/description) This package installs the OpenSSL configuration file /etc/ssl/openssl.cnf. endef +$(eval $(call Package/openssl/add-engine,afalg)) define Package/libopenssl-afalg $(call Package/openssl/Default) - SUBMENU:=SSL + $(call Package/openssl/engine/Default) TITLE:=AFALG hardware acceleration engine - DEPENDS:=libopenssl @OPENSSL_ENGINE @KERNEL_AIO \ - +PACKAGE_libopenssl-afalg:kmod-crypto-user +libopenssl-conf @!OPENSSL_ENGINE_BUILTIN + DEPENDS += @KERNEL_AIO +PACKAGE_libopenssl-afalg:kmod-crypto-user \ + @!OPENSSL_ENGINE_BUILTIN endef define Package/libopenssl-afalg/description This package adds an engine that enables hardware acceleration through the AF_ALG kernel interface. -To use it, you need to enable the engine in /etc/ssl/engines.cnf.d/engines.cnf. See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators The engine_id is "afalg" endef +$(eval $(call Package/openssl/add-engine,devcrypto)) define Package/libopenssl-devcrypto $(call Package/openssl/Default) - SUBMENU:=SSL + $(call Package/openssl/engine/Default) TITLE:=/dev/crypto hardware acceleration engine - DEPENDS:=libopenssl @OPENSSL_ENGINE +PACKAGE_libopenssl-devcrypto:kmod-cryptodev +libopenssl-conf \ - @!OPENSSL_ENGINE_BUILTIN + DEPENDS += +PACKAGE_libopenssl-devcrypto:kmod-cryptodev @!OPENSSL_ENGINE_BUILTIN endef define Package/libopenssl-devcrypto/description This package adds an engine that enables hardware acceleration through the /dev/crypto kernel interface. -To use it, you need to enable the engine in /etc/ssl/engines.cnf.d/engines.cnf. You may -configure the engine by editing /etc/ssl/engines.cnf.d/devcrypto.cnf. See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators The engine_id is "devcrypto" endef +$(eval $(call Package/openssl/add-engine,padlock)) define Package/libopenssl-padlock $(call Package/openssl/Default) - SUBMENU:=SSL + $(call Package/openssl/engine/Default) TITLE:=VIA Padlock hardware acceleration engine - DEPENDS:=libopenssl @OPENSSL_ENGINE @TARGET_x86 +PACKAGE_libopenssl-padlock:kmod-crypto-hw-padlock \ - +libopenssl-conf @!OPENSSL_ENGINE_BUILTIN + DEPENDS += @TARGET_x86 +PACKAGE_libopenssl-padlock:kmod-crypto-hw-padlock \ + @!OPENSSL_ENGINE_BUILTIN endef define Package/libopenssl-padlock/description This package adds an engine that enables VIA Padlock hardware acceleration. -To use it, you need to enable the engine in /etc/ssl/engines.cnf.d/engines.cnf. See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators The engine_id is "padlock" @@ -380,6 +381,12 @@ define Package/libopenssl-conf/install $(INSTALL_DIR) $(1)/etc/ssl/engines.cnf.d $(CP) $(PKG_INSTALL_DIR)/etc/ssl/openssl.cnf $(1)/etc/ssl/ $(CP) ./files/engines.cnf $(1)/etc/ssl/engines.cnf.d/ + $(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO), + $(CP) ./files/devcrypto.cnf $(1)/etc/ssl/engines.cnf.d/ + echo devcrypto=devcrypto >> $(1)/etc/ssl/engines.cnf.d/engines.cnf) + $(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK), + $(CP) ./files/padlock.cnf $(1)/etc/ssl/engines.cnf.d/ + echo padlock=padlock >> $(1)/etc/ssl/engines.cnf.d/engines.cnf) endef define Package/openssl-util/install @@ -387,27 +394,6 @@ define Package/openssl-util/install $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/openssl $(1)/usr/bin/ endef -define Package/libopenssl-afalg/install - $(INSTALL_DIR) $(1)/etc/ssl/engines.cnf.d \ - $(1)/usr/lib/$(ENGINES_DIR) - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/afalg.so $(1)/usr/lib/$(ENGINES_DIR) - $(INSTALL_DATA) ./files/afalg.cnf $(1)/etc/ssl/engines.cnf.d/ -endef - -define Package/libopenssl-devcrypto/install - $(INSTALL_DIR) $(1)/etc/ssl/engines.cnf.d \ - $(1)/usr/lib/$(ENGINES_DIR) - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/devcrypto.so $(1)/usr/lib/$(ENGINES_DIR) - $(INSTALL_DATA) ./files/devcrypto.cnf $(1)/etc/ssl/engines.cnf.d/ -endef - -define Package/libopenssl-padlock/install - $(INSTALL_DIR) $(1)/etc/ssl/engines.cnf.d \ - $(1)/usr/lib/$(ENGINES_DIR) - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/*padlock.so $(1)/usr/lib/$(ENGINES_DIR) - $(INSTALL_DATA) ./files/padlock.cnf $(1)/etc/ssl/engines.cnf.d/ -endef - $(eval $(call BuildPackage,libopenssl)) $(eval $(call BuildPackage,libopenssl-conf)) $(eval $(call BuildPackage,libopenssl-afalg)) -- cgit v1.2.3