From fb11f2fb0ef4f88f0be9c23bf8154cdb672b0698 Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Sat, 1 May 2021 14:24:23 -0300 Subject: [PATCH] afalg_engine: adapt to new openssl UCI config OpenSSL now uses UCI to enable and disable engines, and engine packages need to adapt. Signed-off-by: Eneas U de Queiroz --- libs/afalg_engine/Makefile | 20 +++++-------------- libs/afalg_engine/files/afalg.cnf | 32 +++++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+), 15 deletions(-) create mode 100644 libs/afalg_engine/files/afalg.cnf diff --git a/libs/afalg_engine/Makefile b/libs/afalg_engine/Makefile index c312c4a884..2dc5af7a16 100644 --- a/libs/afalg_engine/Makefile +++ b/libs/afalg_engine/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=afalg_engine PKG_VERSION:=1.2.0-beta.1 -PKG_RELEASE:=1 +PKG_RELEASE:=$(AUTORELEASE) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/cotequeiroz/afalg_engine/archive/v$(PKG_VERSION) @@ -25,18 +25,14 @@ PKG_CONFIG_DEPENDS:= \ include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/cmake.mk +include $(INCLUDE_DIR)/openssl-engine.mk -ENGINES_DIR:=engines-1.1 - +$(eval $(call Package/openssl/add-engine,afalg,libopenssl-afalg_sync)) define Package/libopenssl-afalg_sync - SECTION:=libs - CATEGORY:=Libraries - SUBMENU:=SSL - MDEPENDS:=libopenssl + $(call Package/openssl/engine/Default) TITLE:=AF_ALG engine using sync crypto API URL:=https://github.com/cotequeiroz/afalg_engine - DEPENDS:=libopenssl @OPENSSL_ENGINE @!OPENSSL_ENGINE_BUILTIN_AFALG \ - +libopenssl-conf +kmod-crypto-user + DEPENDS += @!OPENSSL_ENGINE_BUILTIN_AFALG +kmod-crypto-user CONFLICTS:=libopenssl-afalg $(if $(CONFIG_AFALG_FALLBACK),libopenssl-devcrypto) MENU:=1 endef @@ -62,10 +58,4 @@ CMAKE_OPTIONS += \ -DUPDATE_CTR_IV=$(if $(CONFIG_AFALG_UPDATE_CTR_IV),ON,OFF) \ -DUSE_ZERO_COPY=$(if $(CONFIG_AFALG_ZERO_COPY),ON,OFF) -define Package/libopenssl-afalg_sync/install - $(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR) - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/afalg.so \ - $(1)/usr/lib/$(ENGINES_DIR)/ -endef - $(eval $(call BuildPackage,libopenssl-afalg_sync)) diff --git a/libs/afalg_engine/files/afalg.cnf b/libs/afalg_engine/files/afalg.cnf new file mode 100644 index 0000000000..f17338b887 --- /dev/null +++ b/libs/afalg_engine/files/afalg.cnf @@ -0,0 +1,32 @@ +[afalg] +# Leave this alone and configure algorithms with CIPERS/DIGESTS below +default_algorithms = ALL + +# The following commands are only available if using the alternative +# (sync) AFALG engine +# Configuration commands: +# Run 'openssl engine -t -c -vv -pre DUMP_INFO devcrypto' to see a +# list of supported algorithms, along with their driver, whether they +# are hw accelerated or not, and the engine's configuration commands. + +# USE_SOFTDRIVERS: specifies whether to use software (not accelerated) +# drivers (0=use only accelerated drivers, 1=allow all drivers, 2=use +# if acceleration can't be determined) [default=2] +#USE_SOFTDRIVERS = 2 + +# CIPHERS: either ALL, NONE, NO_ECB (all except ECB-mode) or a +# comma-separated list of ciphers to enable [default=NO_ECB] +# Starting in 1.2.0, if you use a cipher list, each cipher may be +# followed by a colon (:) and the minimum request length to use +# AF_ALG drivers for that cipher; smaller requests are processed by +# softare; a negative value will use the default for that cipher +#CIPHERS=AES-128-CBC:1024, AES-256-CBC:768, DES-EDE3-CBC:0 + +# DIGESTS: either ALL, NONE, or a comma-separated list of digests to +# enable [default=NONE] +# It is strongly recommended not to enable digests; their performance +# is poor, and there are many cases in which they will not work, +# especially when calling fork with open crypto contexts. Openssh, +# for example, does this, and you may not be able to login. +#DIGESTS = NONE + -- 2.30.2