openssl: always build with GOST engine support

[openwrt/staging/chunkeey.git] / package / libs / openssl / patches / 150-openssl.cnf-add-engines-conf.patch

diff --git a/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch b/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch
index 81d41963c68f873d9bbb7e497d590de6a3c96d58..c90fce2442724f1913da7051707c6a0d58548bb4 100644 (file)
--- a/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch
+++ b/package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch
@@ -1,6 +1,6 @@
 --- a/apps/openssl.cnf
 +++ b/apps/openssl.cnf
-@@ -22,6 +22,82 @@ oid_section         = new_oids
+@@ -22,6 +22,99 @@ oid_section         = new_oids
  # (Alternatively, use a configuration file that has only
  # X.509v3 extensions in its main [= default] section.)
  
@@ -14,6 +14,7 @@
 +#devcrypto=devcrypto
 +#afalg=afalg
 +#padlock=padlock
++##gost=gost
 +
 +[afalg]
 +# Leave this alone and configure algorithms with CIPERS/DIGESTS below
@@ -79,6 +80,22 @@
 +
 +[padlock]
 +default_algorithms = ALL
++
++[gost]
++default_algorithms = ALL
++# CRYPT_PARAMS: OID of default GOST 28147-89 parameters It allows the
++# user to choose between different parameter sets of symmetric cipher
++# algorithm. RFC 4357 specifies several parameters for the
++# GOST 28147-89 algorithm, but OpenSSL doesn't provide user interface
++# to choose one when encrypting. So use engine configuration parameter
++# instead.
++# Value of this parameter can be either short name, defined in OpenSSL
++# obj_dat.h header file or numeric representation of OID, defined in
++# RFC 4357.  Defaults to id-tc26-gost-28147-param-Z
++#CRYPT_PARAMS = id-tc26-gost-28147-param-Z
++
++# PBE_PARAMS: Shortname of default digest alg for PBE
++#PBE_PARAMS =
 +
  [ new_oids ]