PKG_NAME:=openssl
PKG_VERSION:=3.0.8
-PKG_RELEASE:=6
+PKG_RELEASE:=7
PKG_BUILD_FLAGS:=no-mips16 gc-sections
PKG_BUILD_PARALLEL:=1
CONFIG_OPENSSL_WITH_WHIRLPOOL
include $(INCLUDE_DIR)/package.mk
-include $(INCLUDE_DIR)/openssl-engine.mk
+include $(INCLUDE_DIR)/openssl-module.mk
ifneq ($(CONFIG_CCACHE),)
HOSTCC=$(HOSTCC_NOCACHE)
define Package/libopenssl-conf/conffiles
/etc/ssl/openssl.cnf
-$(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO),/etc/ssl/engines.cnf.d/devcrypto.cnf)
-$(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK),/etc/ssl/engines.cnf.d/padlock.cnf)
+$(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO),/etc/ssl/modules.cnf.d/devcrypto.cnf)
+$(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK),/etc/ssl/modules.cnf.d/padlock.cnf)
endef
define Package/libopenssl-conf/description
endef
endif
+$(eval $(call Package/openssl/add-provider,legacy))
+define Package/libopenssl-legacy
+ $(call Package/openssl/Default)
+ $(call Package/openssl/module/Default)
+ TITLE:=OpenSSL legacy provider
+endef
+
+define Package/libopenssl-legacy/description
+The OpenSSL legacy provider supplies OpenSSL implementations of algorithms that
+have been deemed legacy. Such algorithms have commonly fallen out of use, have
+been deemed insecure by the cryptography community, or something similar. See
+https://www.openssl.org/docs/man3.0/man7/OSSL_PROVIDER-legacy.html
+endef
+
$(eval $(call Package/openssl/add-engine,afalg))
define Package/libopenssl-afalg
$(call Package/openssl/Default)
define Package/libopenssl-afalg/description
This package adds an engine that enables hardware acceleration
through the AF_ALG kernel interface.
-See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module
+See https://www.openssl.org/docs/man3.0/man5/config.html#Engine-Configuration
and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
The engine_id is "afalg"
endef
define Package/libopenssl-devcrypto/description
This package adds an engine that enables hardware acceleration
through the /dev/crypto kernel interface.
-See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module
+See https://www.openssl.org/docs/man3.0/man5/config.html#Engine-Configuration
and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
The engine_id is "devcrypto"
endef
define Package/libopenssl-padlock/description
This package adds an engine that enables VIA Padlock hardware acceleration.
-See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module
+See https://www.openssl.org/docs/man3.0/man5/config.html#Engine-Configuration
and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators
The engine_id is "padlock"
endef
endef
define Package/libopenssl-conf/install
- $(INSTALL_DIR) $(1)/etc/ssl/engines.cnf.d $(1)/etc/config $(1)/etc/init.d
+ $(INSTALL_DIR) $(1)/etc/ssl/modules.cnf.d $(1)/etc/config $(1)/etc/init.d
$(CP) $(PKG_INSTALL_DIR)/etc/ssl/openssl.cnf $(1)/etc/ssl/
$(INSTALL_BIN) ./files/openssl.init $(1)/etc/init.d/openssl
$(SED) 's!%ENGINES_DIR%!/usr/lib/$(ENGINES_DIR)!' $(1)/etc/init.d/openssl
touch $(1)/etc/config/openssl
$(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO),
- $(CP) ./files/devcrypto.cnf $(1)/etc/ssl/engines.cnf.d/
+ $(CP) ./files/devcrypto.cnf $(1)/etc/ssl/modules.cnf.d/
echo -e "config engine 'devcrypto'\n\toption enabled '1'" >> $(1)/etc/config/openssl)
$(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK),
- $(CP) ./files/padlock.cnf $(1)/etc/ssl/engines.cnf.d/
+ $(CP) ./files/padlock.cnf $(1)/etc/ssl/modules.cnf.d/
echo -e "\nconfig engine 'padlock'\n\toption enabled '1'" >> $(1)/etc/config/openssl)
endef
$(eval $(call BuildPackage,libopenssl-conf))
$(eval $(call BuildPackage,libopenssl-afalg))
$(eval $(call BuildPackage,libopenssl-devcrypto))
+$(eval $(call BuildPackage,libopenssl-legacy))
$(eval $(call BuildPackage,libopenssl-padlock))
$(eval $(call BuildPackage,openssl-util))