Initial commit
Some checks failed
Build Kernel / Build all affected Kernels (push) Has been cancelled
Build all core packages / Build all core packages for selected target (push) Has been cancelled
Build and Push prebuilt tools container / Build and Push all prebuilt containers (push) Has been cancelled
Build Toolchains / Build Toolchains for each target (push) Has been cancelled
Build host tools / Build host tools for linux and macos based systems (push) Has been cancelled
Coverity scan build / Coverity x86/64 build (push) Has been cancelled
Some checks failed
Build Kernel / Build all affected Kernels (push) Has been cancelled
Build all core packages / Build all core packages for selected target (push) Has been cancelled
Build and Push prebuilt tools container / Build and Push all prebuilt containers (push) Has been cancelled
Build Toolchains / Build Toolchains for each target (push) Has been cancelled
Build host tools / Build host tools for linux and macos based systems (push) Has been cancelled
Coverity scan build / Coverity x86/64 build (push) Has been cancelled
This commit is contained in:
domenico
3
package/libs/openssl/files/afalg.cnf
Normal file
3
package/libs/openssl/files/afalg.cnf
Normal file
@@ -0,0 +1,3 @@
|
||||
[afalg_sect]
|
||||
default_algorithms = ALL
|
||||
|
||||
34
package/libs/openssl/files/devcrypto.cnf
Normal file
34
package/libs/openssl/files/devcrypto.cnf
Normal file
@@ -0,0 +1,34 @@
|
||||
[devcrypto_sect]
|
||||
# Leave this alone and configure algorithms with CIPERS/DIGESTS below
|
||||
default_algorithms = ALL
|
||||
|
||||
# Configuration commands:
|
||||
# Run 'openssl engine -t -c -vv -pre DUMP_INFO devcrypto' to see a
|
||||
# list of supported algorithms, along with their driver, whether they
|
||||
# are hw accelerated or not, and the engine's configuration commands.
|
||||
|
||||
# USE_SOFTDRIVERS: specifies whether to use software (not accelerated)
|
||||
# drivers (0=use only accelerated drivers, 1=allow all drivers, 2=use
|
||||
# if acceleration can't be determined) [default=2]
|
||||
#USE_SOFTDRIVERS = 2
|
||||
|
||||
# CIPHERS: either ALL, NONE, or a comma-separated list of ciphers to
|
||||
# enable [default=ALL]
|
||||
# It is recommended to disable the ECB ciphers; in most cases, it will
|
||||
# only be used for PRNG, in small blocks, where performance is poor,
|
||||
# and there may be problems with apps forking with open crypto
|
||||
# contexts, leading to failures. The CBC ciphers work well.
|
||||
CIPHERS=DES-CBC, DES-EDE3-CBC, AES-128-CBC, AES-192-CBC, AES-256-CBC, \
|
||||
AES-128-CTR, AES-192-CTR, AES-256-CTR
|
||||
|
||||
# DIGESTS: either ALL, NONE, or a comma-separated list of digests to
|
||||
# enable [default=NONE]
|
||||
# It is strongly recommended not to enable digests; their performance
|
||||
# is poor, and there are many cases in which they will not work,
|
||||
# especially when calling fork with open crypto contexts. Openssh,
|
||||
# for example, does this, and you may not be able to login.
|
||||
# Sysupgrade will fail as well. If you're adventurous enough to change
|
||||
# this, you should change it back to NONE, and reboot before running
|
||||
# sysupgrade!
|
||||
DIGESTS = NONE
|
||||
|
||||
3
package/libs/openssl/files/legacy.cnf
Normal file
3
package/libs/openssl/files/legacy.cnf
Normal file
@@ -0,0 +1,3 @@
|
||||
[legacy_sect]
|
||||
activate = 1
|
||||
|
||||
72
package/libs/openssl/files/openssl.init
Executable file
72
package/libs/openssl/files/openssl.init
Executable file
@@ -0,0 +1,72 @@
|
||||
#!/bin/sh /etc/rc.common
|
||||
|
||||
START=13
|
||||
ENGINES_CNF=/var/etc/ssl/engines.cnf
|
||||
ENGINES_DIR=%ENGINES_DIR%
|
||||
MODULES_DIR=/usr/lib/ossl-modules
|
||||
PROVIDERS_CNF=/var/etc/ssl/providers.cnf
|
||||
|
||||
#1: cnf file
|
||||
write_cnf_header() {
|
||||
mkdir -p "$(dirname "$1")" && \
|
||||
echo "# This file is automatically generated from /etc/config/openssl." >"$1" || {
|
||||
echo "Error writing to $1."
|
||||
return 1
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
#1: module name
|
||||
#2: output cnf file
|
||||
#3: module.so
|
||||
enable_module() {
|
||||
local builtin enabled force
|
||||
|
||||
config_get_bool builtin "$1" builtin 0
|
||||
config_get_bool enabled "$1" enabled 1
|
||||
config_get_bool force "$1" force 0
|
||||
|
||||
if [ "$enabled" = 0 ]; then
|
||||
[ "$builtin" = 0 ] && return 1
|
||||
echo "Engine $1 is built into the libcrypto library and can't be disabled through UCI."
|
||||
echo "If the engine was not built-in, remove 'config builtin' from /etc/config/openssl."
|
||||
elif [ "$force" = 1 ]; then
|
||||
printf "[Forced] "
|
||||
elif ! grep -q "\\[ *$1_sect *]" /etc/ssl/modules.cnf.d/*; then
|
||||
echo "$1: Could not find section [$1] in config files."
|
||||
return 1
|
||||
elif [ "$builtin" = 1 ]; then
|
||||
printf "[Builtin] "
|
||||
elif [ ! -f "$3" ];then
|
||||
echo "Skipping $1: $3 not found."
|
||||
return 1
|
||||
fi
|
||||
echo "Enabling $1"
|
||||
echo "$1=$1_sect" >>"$2"
|
||||
}
|
||||
|
||||
config_engine() {
|
||||
enable_module "$1" "$ENGINES_CNF" \
|
||||
"${ENGINES_DIR}/${1}.so"
|
||||
}
|
||||
|
||||
config_provider() {
|
||||
enable_module "$1" "$PROVIDERS_CNF" \
|
||||
"${MODULES_DIR}/${1}.so"
|
||||
}
|
||||
|
||||
start() {
|
||||
local ret=0
|
||||
|
||||
config_load openssl
|
||||
|
||||
echo Generating engines.cnf
|
||||
write_cnf_header "${ENGINES_CNF}" && \
|
||||
config_foreach config_engine engine || ret=$?
|
||||
|
||||
echo Generating providers.cnf
|
||||
write_cnf_header "${PROVIDERS_CNF}" && \
|
||||
config_foreach config_provider provider || ret=$?
|
||||
|
||||
return $ret
|
||||
}
|
||||
3
package/libs/openssl/files/padlock.cnf
Normal file
3
package/libs/openssl/files/padlock.cnf
Normal file
@@ -0,0 +1,3 @@
|
||||
[padlock_sect]
|
||||
default_algorithms = ALL
|
||||
|
||||
Reference in New Issue
Block a user