[openwrt/openwrt] openssl: conditionally disable engine section

LEDE Commits lede-commits at lists.infradead.org
Sat Jul 6 09:30:38 PDT 2024 

hauke pushed a commit to openwrt/openwrt.git, branch openwrt-23.05:
https://git.openwrt.org/318db3bde4615b09738851059e8b1a42a9d768b8

commit 318db3bde4615b09738851059e8b1a42a9d768b8
Author: Sean Khan <datapronix at protonmail.com>
AuthorDate: Sat Jun 8 21:02:30 2024 -0400

    openssl: conditionally disable engine section
    
    Currently, the build option to enable/disable engine support isn't
    reflected in the final '/etc/ssl/openssl.cnf' config. It assumes `engines`
    is always enabled, producing an error whenever running any
    commands in openssl util or programs that explicitly use settings
    from '/etc/ssl/openssl.cnf'.
    
    ```
    ➤ openssl version
    FATAL: Startup failure (dev note: apps_startup()) for openssl
    307D1EA97F000000:error:12800067:lib(37):dlfcn_load:reason(103):crypto/dso/dso_dlfcn.c:118:filename(libengines.so):
    Error loading shared library libengines.so: No such file or directory
    307D1EA97F000000:error:12800067:lib(37):DSO_load:reason(103):crypto/dso/dso_lib.c:152:
    307D1EA97F000000:error:0700006E:lib(14):module_load_dso:reason(110):crypto/conf/conf_mod.c:321:module=engines, path=engines
    307D1EA97F000000:error:07000071:lib(14):module_run:reason(113):crypto/conf/conf_mod.c:266:module=engines
    ```
    
    Build should check for the `CONFIG_OPENSSL_ENGINE` option, and comment out `engines`
    if not explicitly enabled.
    
    Example:
    ```
    [openssl_init]
    providers = provider_sect
    ```
    
    After this change, openssl util works correctly.
    
    ```
    ➤ openssl version
    OpenSSL 3.0.14 4 Jun 2024 (Library: OpenSSL 3.0.14 4 Jun 2024)
    ```
    
    Signed-off-by: Sean Khan <datapronix at protonmail.com>
    Link: https://github.com/openwrt/openwrt/pull/15661
    Signed-off-by: Robert Marko <robimarko at gmail.com>
    (cherry picked from commit 31ec4515c3c14704d669156d87e2af5eeb5420e4)
    Link: https://github.com/openwrt/openwrt/pull/15873
    Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
---
 package/libs/openssl/Makefile | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index b134839bb6..82784dddde 100644
--- a/package/libs/openssl/Makefile
+++ b/package/libs/openssl/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openssl
 PKG_VERSION:=3.0.14
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_BUILD_FLAGS:=no-mips16 gc-sections no-lto
 
 PKG_BUILD_PARALLEL:=1
@@ -416,6 +416,8 @@ define Package/libopenssl-conf/install
 	$(INSTALL_BIN) ./files/openssl.init $(1)/etc/init.d/openssl
 	$(SED) 's!%ENGINES_DIR%!/usr/lib/$(ENGINES_DIR)!' $(1)/etc/init.d/openssl
 	touch $(1)/etc/config/openssl
+	$(if $(CONFIG_OPENSSL_ENGINE),,
+		$(SED) 's!engines = engines_sect!#&!' $(1)/etc/ssl/openssl.cnf)
 	$(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO),
 		$(CP) ./files/devcrypto.cnf $(1)/etc/ssl/modules.cnf.d/
 		echo -e "config engine 'devcrypto'\n\toption enabled '1'\n\toption builtin '1'" >> $(1)/etc/config/openssl)

More information about the lede-commits mailing list