bool
default y
prompt "Enable support for TLS 1.3"
- select OPENSSL_WITH_EC
help
TLS 1.3 is the newest version of the TLS specification.
It aims:
config OPENSSL_WITH_NPN
bool
- default y
prompt "Enable NPN support"
help
NPN is a TLS extension, obsoleted and replaced with ALPN,
comment "Algorithm Selection"
-config OPENSSL_WITH_EC
- bool
- default y
- prompt "Enable elliptic curve support"
- help
- Elliptic-curve cryptography (ECC) is an approach to public-key
- cryptography based on the algebraic structure of elliptic curves
- over finite fields. ECC requires smaller keys compared to non-ECC
- cryptography to provide equivalent security.
-
config OPENSSL_WITH_EC2M
bool
- depends on OPENSSL_WITH_EC
prompt "Enable ec2m support"
help
This option enables the more efficient, yet less common, binary
config OPENSSL_ENGINE
bool "Enable engine support"
+ default y
help
This enables alternative cryptography implementations,
most commonly for interfacing with external crypto devices,
or supporting new/alternative ciphers and digests.
+ If you compile the library with this option disabled, packages built
+ using an engine-enabled library (i.e. from the official repo) may
+ fail to run. Compile and install the packages with engine support
+ disabled, and you should be fine.
+ Note that you need to enable KERNEL_AIO to be able to build the
+ afalg engine package.
+
+config OPENSSL_ENGINE_BUILTIN
+ bool "Build chosen engines into libcrypto"
+ depends on OPENSSL_ENGINE
+ help
+ This builds all chosen engines into libcrypto.so, instead of building
+ them as dynamic engines in separate packages.
+ The benefit of building the engines into libcrypto is that they won't
+ require any configuration to be used by default.
-config OPENSSL_ENGINE_CRYPTO
+config OPENSSL_ENGINE_BUILTIN_AFALG
+ bool
+ prompt "Acceleration support through AF_ALG sockets engine"
+ depends on OPENSSL_ENGINE_BUILTIN && KERNEL_AIO
+ select PACKAGE_libopenssl-conf
+ help
+ This enables use of hardware acceleration through the
+ AF_ALG kernel interface.
+
+config OPENSSL_ENGINE_BUILTIN_DEVCRYPTO
bool
- select OPENSSL_ENGINE
- select PACKAGE_kmod-cryptodev
prompt "Acceleration support through /dev/crypto"
+ depends on OPENSSL_ENGINE_BUILTIN
+ select PACKAGE_libopenssl-conf
help
This enables use of hardware acceleration through OpenBSD
Cryptodev API (/dev/crypto) interface.
- You must install kmod-cryptodev (under Kernel modules, Cryptographic
- API modules) for /dev/crypto to show up and use hardware
- acceleration; otherwise it falls back to software.
+ Even though configuration is not strictly needed, it is worth seeing
+ https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
+ for information on how to configure the engine.
+
+config OPENSSL_ENGINE_BUILTIN_PADLOCK
+ bool
+ prompt "VIA Padlock Acceleration support engine"
+ depends on OPENSSL_ENGINE_BUILTIN && TARGET_x86
+ select PACKAGE_libopenssl-conf
+ help
+ This enables use of hardware acceleration through the
+ VIA Padlock module.
config OPENSSL_WITH_ASYNC
bool
https://github.com/gost-engine/engine
endif
-
projects / openwrt / openwrt.git / blobdiff