[OpenWrt-Devel] [PATCH v2 5/6] openssl: remove some unneeded functionality and algorithms
Karl Palsson
karlp at tweak.net.au
Thu Jun 9 17:39:52 EDT 2016
On this one, does SRP have to be included? I'm not using it, and
i know it's super uncommon, but it's like PSK, only easier to
use, and disabling it in even more places is just guaranteeing
that it's never going to be used. Totally understand tossing all
the others though.
Cheers,
Karl P
Dirk Feytons <dirk.feytons at gmail.com> wrote:
> The patch needed for this commit has been sent upstream:
> https://github.com/openssl/openssl/pull/1155
>
> Signed-off-by: Dirk Feytons <dirk.feytons at gmail.com>
> ---
> package/libs/openssl/Makefile | 7 +++---
> .../openssl/patches/302-fix_no_cmac_build.patch | 24 ++++++++++++++++++++
> 2 files changed, 28 insertions(+), 3 deletions(-)
> create mode 100644 package/libs/openssl/patches/302-fix_no_cmac_build.patch
>
> diff --git a/package/libs/openssl/Makefile
> b/package/libs/openssl/Makefile index 2fbb566..4782c42 100644
> --- a/package/libs/openssl/Makefile
> +++ b/package/libs/openssl/Makefile
> @@ -96,8 +96,9 @@ This package contains the OpenSSL command-line utility.
> endef
>
>
> -OPENSSL_NO_CIPHERS:= no-idea no-md2 no-mdc2 no-rc5 no-sha0
> no-camellia no-krb5 -OPENSSL_OPTIONS:= shared no-err no-sse2
> no-ssl2 +OPENSSL_NO_CIPHERS:= no-idea no-md2 no-mdc2 no-rc5
> no-sha0 no-camellia no-krb5 no-srp \
> + no-whrlpool no-whirlpool no-bf no-ripemd no-seed no-cast no-cmac
> +OPENSSL_OPTIONS:= shared no-err no-sse2 no-ssl2 no-ssl2-method
> no-heartbeats
>
> ifdef CONFIG_OPENSSL_ENGINE_CRYPTO
> OPENSSL_OPTIONS += -DHAVE_CRYPTODEV
> @@ -117,7 +118,7 @@ ifndef CONFIG_OPENSSL_WITH_EC2M
> endif
>
> ifndef CONFIG_OPENSSL_WITH_SSL3
> - OPENSSL_OPTIONS += no-ssl3
> + OPENSSL_OPTIONS += no-ssl3 no-ssl3-method
> endif
>
> ifndef CONFIG_OPENSSL_HARDWARE_SUPPORT
> diff --git
> a/package/libs/openssl/patches/302-fix_no_cmac_build.patch
> b/package/libs/openssl/patches/302-fix_no_cmac_build.patch new
> file mode 100644 index 0000000..1b94f24
> --- /dev/null
> +++ b/package/libs/openssl/patches/302-fix_no_cmac_build.patch
> @@ -0,0 +1,24 @@
> +--- a/crypto/asn1/ameth_lib.c
> ++++ b/crypto/asn1/ameth_lib.c
> +@@ -93,7 +93,9 @@ static const EVP_PKEY_ASN1_METHOD *stand
> + &eckey_asn1_meth,
> + #endif
> + &hmac_asn1_meth,
> ++#ifndef OPENSSL_NO_CMAC
> + &cmac_asn1_meth,
> ++#endif
> + #ifndef OPENSSL_NO_DH
> + &dhx_asn1_meth
> + #endif
> +--- a/crypto/evp/pmeth_lib.c
> ++++ b/crypto/evp/pmeth_lib.c
> +@@ -91,7 +91,9 @@ static const EVP_PKEY_METHOD *standard_m
> + &ec_pkey_meth,
> + #endif
> + &hmac_pkey_meth,
> ++#ifndef OPENSSL_NO_CMAC
> + &cmac_pkey_meth,
> ++#endif
> + #ifndef OPENSSL_NO_DH
> + &dhx_pkey_meth
> + #endif
-------------- next part --------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list