openssl: always build with GOST engine support

The packages feed has a proposed package for a GOST engine, which needs support from the main openssl library. It is a default option in OpenSSL. All that needs to be done here is to not disable it. Package increases by a net 1-byte, so it is not really really worth keeping this optional. This commit also includes a commented-out example engine configuration in openssl.cnf, as it is done for other available engines. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2025-01-21 03:55:06 +00:00 · 2021-02-17 21:50:08 -03:00 · 2021-02-17 21:50:08 -03:00 · 12a80e44b9
commit 12a80e44b9
parent 06356f0020
3 changed files with 19 additions and 18 deletions
--- a/package/libs/openssl/Config.in
+++ b/package/libs/openssl/Config.in
@ -293,15 +293,4 @@ config OPENSSL_WITH_ASYNC
 		initiate crypto operations asynchronously. In order to work
 		this will require the presence of an async capable engine.
 config OPENSSL_WITH_GOST
 	bool
 	prompt "Prepare library for GOST engine"
 	depends on OPENSSL_ENGINE
 	help
 		This option prepares the library to accept engine support
 		for Russian GOST crypto algorithms.
 		The gost engine is not included in standard openwrt feeds.
 		To build such engine yourself, see:
 		https://github.com/gost-engine/engine
 endif
--- a/package/libs/openssl/Makefile
+++ b/package/libs/openssl/Makefile
@ -11,7 +11,7 @@ PKG_NAME:=openssl
 PKG_BASE:=1.1.1
 PKG_BUGFIX:=j
 PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_USE_MIPS16:=0
 ENGINES_DIR=engines-1.1
@ -52,7 +52,6 @@ PKG_CONFIG_DEPENDS:= \
 	CONFIG_OPENSSL_WITH_DTLS \
 	CONFIG_OPENSSL_WITH_EC2M \
 	CONFIG_OPENSSL_WITH_ERROR_MESSAGES \
 	CONFIG_OPENSSL_WITH_GOST \
 	CONFIG_OPENSSL_WITH_IDEA \
 	CONFIG_OPENSSL_WITH_MDC2 \
 	CONFIG_OPENSSL_WITH_NPN \
@ -289,10 +288,6 @@ else
  OPENSSL_OPTIONS += no-engine
 endif
 ifndef CONFIG_OPENSSL_WITH_GOST
  OPENSSL_OPTIONS += no-gost
 endif
 ifndef CONFIG_OPENSSL_WITH_DTLS
  OPENSSL_OPTIONS += no-dtls
 endif
--- a/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch
+++ b/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch
@ -1,6 +1,6 @@
 --- a/apps/openssl.cnf
 +++ b/apps/openssl.cnf
-@@ -22,6 +22,82 @@ oid_section		= new_oids
+@@ -22,6 +22,99 @@ oid_section		= new_oids
 # (Alternatively, use a configuration file that has only
 # X.509v3 extensions in its main [= default] section.)
@ -14,6 +14,7 @@
 +#devcrypto=devcrypto
 +#afalg=afalg
 +#padlock=padlock
 +##gost=gost
 +
 +[afalg]
 +# Leave this alone and configure algorithms with CIPERS/DIGESTS below
@ -79,6 +80,22 @@
 +
 +[padlock]
 +default_algorithms = ALL
 +
 +[gost]
 +default_algorithms = ALL
 +# CRYPT_PARAMS: OID of default GOST 28147-89 parameters It allows the
 +# user to choose between different parameter sets of symmetric cipher
 +# algorithm. RFC 4357 specifies several parameters for the
 +# GOST 28147-89 algorithm, but OpenSSL doesn't provide user interface
 +# to choose one when encrypting. So use engine configuration parameter
 +# instead.
 +# Value of this parameter can be either short name, defined in OpenSSL
 +# obj_dat.h header file or numeric representation of OID, defined in
 +# RFC 4357.  Defaults to id-tc26-gost-28147-param-Z
 +#CRYPT_PARAMS = id-tc26-gost-28147-param-Z
 +
 +# PBE_PARAMS: Shortname of default digest alg for PBE
 +#PBE_PARAMS =
 +
 [ new_oids ]