package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch

   1 --- a/apps/openssl.cnf
   2 +++ b/apps/openssl.cnf
   3 @@ -22,6 +22,82 @@ oid_section          = new_oids
   4  # (Alternatively, use a configuration file that has only
   5  # X.509v3 extensions in its main [= default] section.)
   6
   7 +openssl_conf=openssl_conf
   8 +
   9 +[openssl_conf]
  10 +engines=engines
  11 +
  12 +[engines]
  13 +# To enable an engine, install the package, and uncomment it here:
  14 +#devcrypto=devcrypto
  15 +#afalg=afalg
  16 +#padlock=padlock
  17 +
  18 +[afalg]
  19 +# Leave this alone and configure algorithms with CIPERS/DIGESTS below
  20 +default_algorithms = ALL
  21 +
  22 +# The following commands are only available if using the alternative
  23 +# (sync) AFALG engine
  24 +# Configuration commands:
  25 +# Run 'openssl engine -t -c -vv -pre DUMP_INFO devcrypto' to see a
  26 +# list of supported algorithms, along with their driver, whether they
  27 +# are hw accelerated or not, and the engine's configuration commands.
  28 +
  29 +# USE_SOFTDRIVERS: specifies whether to use software (not accelerated)
  30 +# drivers (0=use only accelerated drivers, 1=allow all drivers, 2=use
  31 +# if acceleration can't be determined) [default=2]
  32 +#USE_SOFTDRIVERS = 2
  33 +
  34 +# CIPHERS: either ALL, NONE, NO_ECB (all except ECB-mode) or a
  35 +# comma-separated list of ciphers to enable [default=NO_ECB]
  36 +# Starting in 1.2.0, if you use a cipher list, each cipher may be
  37 +# followed by a colon (:) and the minimum request length to use
  38 +# AF_ALG drivers for that cipher; smaller requests are processed by
  39 +# softare; a negative value will use the default for that cipher
  40 +#CIPHERS=AES-128-CBC:1024, AES-256-CBC:768, DES-EDE3-CBC:0
  41 +
  42 +# DIGESTS: either ALL, NONE, or a comma-separated list of digests to
  43 +# enable [default=NONE]
  44 +# It is strongly recommended not to enable digests; their performance
  45 +# is poor, and there are many cases in which they will not work,
  46 +# especially when calling fork with open crypto contexts.  Openssh,
  47 +# for example, does this, and you may not be able to login.
  48 +#DIGESTS = NONE
  49 +
  50 +[devcrypto]
  51 +# Leave this alone and configure algorithms with CIPERS/DIGESTS below
  52 +default_algorithms = ALL
  53 +
  54 +# Configuration commands:
  55 +# Run 'openssl engine -t -c -vv -pre DUMP_INFO devcrypto' to see a
  56 +# list of supported algorithms, along with their driver, whether they
  57 +# are hw accelerated or not, and the engine's configuration commands.
  58 +
  59 +# USE_SOFTDRIVERS: specifies whether to use software (not accelerated)
  60 +# drivers (0=use only accelerated drivers, 1=allow all drivers, 2=use
  61 +# if acceleration can't be determined) [default=2]
  62 +#USE_SOFTDRIVERS = 2
  63 +
  64 +# CIPHERS: either ALL, NONE, or a comma-separated list of ciphers to
  65 +# enable [default=ALL]
  66 +# It is recommended to disable the ECB ciphers; in most cases, it will
  67 +# only be used for PRNG, in small blocks, where performance is poor,
  68 +# and there may be problems with apps forking with open crypto
  69 +# contexts, leading to failures.  The CBC ciphers work well:
  70 +#CIPHERS=DES-CBC, DES-EDE3-CBC, AES-128-CBC, AES-192-CBC, AES-256-CBC
  71 +
  72 +# DIGESTS: either ALL, NONE, or a comma-separated list of digests to
  73 +# enable [default=NONE]
  74 +# It is strongly recommended not to enable digests; their performance
  75 +# is poor, and there are many cases in which they will not work,
  76 +# especially when calling fork with open crypto contexts.  Openssh,
  77 +# for example, does this, and you may not be able to login.
  78 +#DIGESTS = NONE
  79 +
  80 +[padlock]
  81 +default_algorithms = ALL
  82 +
  83  [ new_oids ]
  84
  85  # We can add new OIDs in here for use by 'ca', 'req' and 'ts'.