openssl: bump to 3.0.8

[openwrt/openwrt.git] / package / libs / openssl / Config.in

diff --git a/package/libs/openssl/Config.in b/package/libs/openssl/Config.in
index 63493829ba4879f98c6db9232711ad6dd5649055..6a668fe4cd32c62ffe082be43385ebedcf574339 100644 (file)
--- a/package/libs/openssl/Config.in
+++ b/package/libs/openssl/Config.in
@@ -8,11 +8,9 @@ config OPENSSL_OPTIMIZE_SPEED
        prompt "Enable optimization for speed instead of size"
        select OPENSSL_WITH_ASM
        help
-               Enabling this option increases code size (around 20%) and
-               performance.  The increase in performance and size depends on the
-               target CPU. EC and AES seem to benefit the most, with EC speed
-               increased by 20%-50% (mipsel & x86).
-               AES-GCM is supposed to be 3x faster on x86. YMMV.
+               Enabling this option increases code size and performance.
+               The increase in performance and size depends on the
+               target CPU. EC and AES seem to benefit the most.
 
 config OPENSSL_WITH_ASM
        bool
@@ -22,19 +20,7 @@ config OPENSSL_WITH_ASM
        help
                Disabling this option will reduce code size and performance.
                The increase in performance and size depends on the target
-               CPU and on the algorithms being optimized.  As of 1.1.0i*:
-
-               Platform  Pkg Inc. Algorithms where assembly is used - ~% Speed Increase
-               aarch64   174K     BN, aes, sha1, sha256, sha512, nist256, poly1305
-               arm       152K     BN, aes, sha1, sha256, sha512, nist256, poly1305
-               i386      183K     BN+147%, aes+300%, rc4+55%, sha1+160%, sha256+114%, sha512+270%, nist256+282%, poly1305+292%
-               mipsel      1.5K   BN+97%, aes+4%, sha1+94%, sha256+60%
-               mips64      3.7K   BN, aes, sha1, sha256, sha512, poly1305
-               powerpc    20K     BN, aes, sha1, sha256, sha512, poly1305
-               x86_64    228K     BN+220%, aes+173%, rc4+38%, sha1+40%, sha256+64%, sha512+31%, nist256+354%, poly1305+228%
-
-               * Only most common algorithms shown. Your mileage may vary.
-                 BN (bignum) performance was measured using RSA sign/verify.
+               CPU and on the algorithms being optimized.
 
 config OPENSSL_WITH_SSE2
        bool
@@ -42,21 +28,17 @@ config OPENSSL_WITH_SSE2
        prompt "Enable use of x86 SSE2 instructions"
        depends on OPENSSL_WITH_ASM && i386
        help
-               Use of SSE2 instructions greatly increase performance (up to
-               3x faster) with a minimum (~0.2%, or 23KB) increase in package
-               size, but it will bring no benefit if your hardware does not
-               support them, such as Geode GX and LX.  In this case you may
-               save 23KB by saying yes here.  AMD Geode NX, and Intel
-               Pentium 4 and above support SSE2.
+               Use of SSE2 instructions greatly increase performance with a
+               minimum increase in package size, but it will bring no benefit
+               if your hardware does not support them, such as Geode GX and LX.
+               AMD Geode NX, and Intel Pentium 4 and above support SSE2.
 
 config OPENSSL_WITH_DEPRECATED
        bool
        default y
-       prompt "Include deprecated APIs (See help for a list of packages that need this)"
+       prompt "Include deprecated APIs"
        help
-               Since openssl 1.1.x is still new to openwrt, some packages
-               requiring this option do not list it as a requirement yet:
-                * freeswitch-stable, freeswitch, python, python3, squid.
+               This drops all deprecated API, including engine support.
 
 config OPENSSL_NO_DEPRECATED
        bool
@@ -76,7 +58,6 @@ config OPENSSL_WITH_TLS13
        bool
        default y
        prompt "Enable support for TLS 1.3"
-       select OPENSSL_WITH_EC
        help
                TLS 1.3 is the newest version of the TLS specification.
                It aims:
@@ -85,7 +66,6 @@ config OPENSSL_WITH_TLS13
                   protocol;
                 * to increase performance by reducing the number of round-trips
                   when performing a full handshake.
-               It increases package size by ~4KB.
 
 config OPENSSL_WITH_DTLS
        bool
@@ -120,19 +100,8 @@ config OPENSSL_WITH_CMS
 
 comment "Algorithm Selection"
 
-config OPENSSL_WITH_EC
-       bool
-       default y
-       prompt "Enable elliptic curve support"
-       help
-               Elliptic-curve cryptography (ECC) is an approach to public-key
-               cryptography based on the algebraic structure of elliptic curves
-               over finite fields. ECC requires smaller keys compared to non-ECC
-               cryptography to provide equivalent security.
-
 config OPENSSL_WITH_EC2M
        bool
-       depends on OPENSSL_WITH_EC
        prompt "Enable ec2m support"
        help
                This option enables the more efficient, yet less common, binary
@@ -245,6 +214,7 @@ comment "Engine/Hardware Support"
 
 config OPENSSL_ENGINE
        bool "Enable engine support"
+       select OPENSSL_WITH_DEPRECATED
        default y
        help
                This enables alternative cryptography implementations,
@@ -305,15 +275,4 @@ config OPENSSL_WITH_ASYNC
                initiate crypto operations asynchronously. In order to work
                this will require the presence of an async capable engine.
 
-config OPENSSL_WITH_GOST
-       bool
-       prompt "Prepare library for GOST engine"
-       depends on OPENSSL_ENGINE
-       help
-               This option prepares the library to accept engine support
-               for Russian GOST crypto algorithms.
-               The gost engine is not included in standard openwrt feeds.
-               To build such engine yourself, see:
-               https://github.com/gost-engine/engine
-
 endif