From 12a80e44b914a00fa39daae5474b3964f246ddc3 Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Wed, 17 Feb 2021 21:50:08 -0300 Subject: openssl: always build with GOST engine support The packages feed has a proposed package for a GOST engine, which needs support from the main openssl library. It is a default option in OpenSSL. All that needs to be done here is to not disable it. Package increases by a net 1-byte, so it is not really really worth keeping this optional. This commit also includes a commented-out example engine configuration in openssl.cnf, as it is done for other available engines. Signed-off-by: Eneas U de Queiroz --- .../patches/150-openssl.cnf-add-engines-conf.patch | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) (limited to 'package/libs/openssl/patches') diff --git a/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch b/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch index 81d41963c6..c90fce2442 100644 --- a/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch +++ b/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch @@ -1,6 +1,6 @@ --- a/apps/openssl.cnf +++ b/apps/openssl.cnf -@@ -22,6 +22,82 @@ oid_section = new_oids +@@ -22,6 +22,99 @@ oid_section = new_oids # (Alternatively, use a configuration file that has only # X.509v3 extensions in its main [= default] section.) @@ -14,6 +14,7 @@ +#devcrypto=devcrypto +#afalg=afalg +#padlock=padlock ++##gost=gost + +[afalg] +# Leave this alone and configure algorithms with CIPERS/DIGESTS below @@ -79,6 +80,22 @@ + +[padlock] +default_algorithms = ALL ++ ++[gost] ++default_algorithms = ALL ++# CRYPT_PARAMS: OID of default GOST 28147-89 parameters It allows the ++# user to choose between different parameter sets of symmetric cipher ++# algorithm. RFC 4357 specifies several parameters for the ++# GOST 28147-89 algorithm, but OpenSSL doesn't provide user interface ++# to choose one when encrypting. So use engine configuration parameter ++# instead. ++# Value of this parameter can be either short name, defined in OpenSSL ++# obj_dat.h header file or numeric representation of OID, defined in ++# RFC 4357. Defaults to id-tc26-gost-28147-param-Z ++#CRYPT_PARAMS = id-tc26-gost-28147-param-Z ++ ++# PBE_PARAMS: Shortname of default digest alg for PBE ++#PBE_PARAMS = + [ new_oids ] -- cgit v1.2.3