Re: [PATCH v3 1/3] openssl: config engines in /etc/ssl/engines.cnf.d

2022-02-19 Thread Petr Štetiar 
Eneas U de Queiroz  [2021-04-29 12:35:28]:

Hi,

> All patches were refreshed.

if you would like to proceed, then please do it one more time, doesn't apply
anymore.

Cheers,

Petr

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[PATCH v3 1/3] openssl: config engines in /etc/ssl/engines.cnf.d

2021-04-29 Thread Eneas U de Queiroz 
This changes the configuration of engines from the global openssl.cnf to
files in the /etc/ssl/engines.cnf.d directory.  The engines.cnf file has
the list of enabled engines, while each engine has its own configuration
file installed under /etc/ssl/engines.cnf.d.

All patches were refreshed.

Signed-off-by: Eneas U de Queiroz 
---

Changelog:

v1->v2: unchanged
v2->v3: unchanged

 package/libs/openssl/Makefile |  30 --
 package/libs/openssl/files/afalg.cnf  |  32 ++
 package/libs/openssl/files/devcrypto.cnf  |  31 ++
 package/libs/openssl/files/engines.cnf|   7 ++
 package/libs/openssl/files/padlock.cnf|   3 +
 .../patches/100-Configure-afalg-support.patch |   3 +-
 .../openssl/patches/110-openwrt_targets.patch |   3 +-
 .../120-strip-cflags-from-binary.patch|   3 +-
 .../patches/130-dont-build-tests-fuzz.patch   |   3 +-
 .../patches/140-allow-prefer-chacha20.patch   |   4 +-
 .../150-openssl.cnf-add-engines-conf.patch| 101 +++---
 ...o-save-ioctl-if-EVP_MD_.FLAG_ONESHOT.patch |   3 +-
 ..._devcrypto-add-configuration-options.patch |   5 +-
 ...ypto-add-command-to-dump-driver-info.patch |   3 +-
 ...o-make-the-dev-crypto-engine-dynamic.patch |   4 -
 ...default-to-not-use-digests-in-engine.patch |   1 -
 ...to-ignore-error-when-closing-session.patch |   1 -
 17 files changed, 114 insertions(+), 123 deletions(-)
 create mode 100644 package/libs/openssl/files/afalg.cnf
 create mode 100644 package/libs/openssl/files/devcrypto.cnf
 create mode 100644 package/libs/openssl/files/engines.cnf
 create mode 100644 package/libs/openssl/files/padlock.cnf

diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index 7ab4c6ccd0..69616f01e8 100644
--- a/package/libs/openssl/Makefile
+++ b/package/libs/openssl/Makefile
@@ -11,7 +11,7 @@ PKG_NAME:=openssl
 PKG_BASE:=1.1.1
 PKG_BUGFIX:=k
 PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_USE_MIPS16:=0
 ENGINES_DIR=engines-1.1
 
@@ -146,7 +146,7 @@ endef
 define Package/libopenssl-afalg/description
 This package adds an engine that enables hardware acceleration
 through the AF_ALG kernel interface.
-To use it, you need to configure the engine in /etc/ssl/openssl.cnf
+To use it, you need to enable the engine in /etc/ssl/engines.cnf.d/engines.cnf.
 See 
https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module
 and 
https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
 The engine_id is "afalg"
@@ -163,7 +163,8 @@ endef
 define Package/libopenssl-devcrypto/description
 This package adds an engine that enables hardware acceleration
 through the /dev/crypto kernel interface.
-To use it, you need to configure the engine in /etc/ssl/openssl.cnf
+To use it, you need to enable the engine in 
/etc/ssl/engines.cnf.d/engines.cnf.  You may
+configure the engine by editing /etc/ssl/engines.cnf.d/devcrypto.cnf.
 See 
https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module
 and 
https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
 The engine_id is "devcrypto"
@@ -179,7 +180,7 @@ endef
 
 define Package/libopenssl-padlock/description
 This package adds an engine that enables VIA Padlock hardware acceleration.
-To use it, you need to configure it in /etc/ssl/openssl.cnf.
+To use it, you need to enable the engine in /etc/ssl/engines.cnf.d/engines.cnf.
 See 
https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module
 and 
https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
 The engine_id is "padlock"
@@ -376,8 +377,9 @@ define Package/libopenssl/install
 endef
 
 define Package/libopenssl-conf/install
-   $(INSTALL_DIR) $(1)/etc/ssl
+   $(INSTALL_DIR) $(1)/etc/ssl/engines.cnf.d
$(CP) $(PKG_INSTALL_DIR)/etc/ssl/openssl.cnf $(1)/etc/ssl/
+   $(CP) ./files/engines.cnf $(1)/etc/ssl/engines.cnf.d/
 endef
 
 define Package/openssl-util/install
@@ -386,18 +388,24 @@ define Package/openssl-util/install
 endef
 
 define Package/libopenssl-afalg/install
-   $(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR)
-   $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/afalg.so 
$(1)/usr/lib/$(ENGINES_DIR)
+   $(INSTALL_DIR)  $(1)/etc/ssl/engines.cnf.d \
+   $(1)/usr/lib/$(ENGINES_DIR)
+   $(INSTALL_BIN)  $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/afalg.so 
$(1)/usr/lib/$(ENGINES_DIR)
+   $(INSTALL_DATA) ./files/afalg.cnf $(1)/etc/ssl/engines.cnf.d/
 endef
 
 define Package/libopenssl-devcrypto/install
-   $(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR)
-   $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/devcrypto.so 
$(1)/usr/lib/$(ENGINES_DIR)
+   $(INSTALL_DIR)  $(1)/etc/ssl/engines.cnf.d \
+   $(1)/usr/lib/$(ENGINES_DIR)
+   $(INSTALL_BIN)  $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/devcrypto.so 
$(1)/usr/lib/$(ENGINES_DIR)
+