[From nobody Thu Jun 25 05:55:08 2020 Received: from sonic304-24.consmr.mail.gq1.yahoo.com ([98.137.68.205]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1hGMvM-0002jZ-D4 for openwrt-devel@lists.openwrt.org; Tue, 16 Apr 2019 12:10:53 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1555416641; bh=HdnSLaoUgXwQBihCZNRTMyoLyDtsjEO6wBHwDsP55Rc=; h=From:To:Cc:Subject:Date:From:Subject; b=JWvOwH/XaqWv2UAqtYIy/y8HQawSlqaxp/n97qlSW+gFdN7N/89iAmJqUQlKsEW1FAgXIzUTQopuGDwEyGJRJPAfBFRdl6EtwzKaJJlvk5I1w6MdHBPhP7TysevjCYxSXBkIYPrYNlHPWM3il+LRSuqNwOMuoGuJtXZWCumZ7Us1iSRQGZJGhVnQsuWVXNj8fS+3TlfcRX7SfPx8j6EJXXK6wTDcFD89IHO6vS6S5cWwGIhuiWUoiGyhdBoi5kLFoBtsqzhX5Ttib5ErN3xxiWDk+N4pmPc5CR8nWiXopHONUAItq99d7XUmAlGlpXZKHvLf+o9PdBOtDEPHRpgbQQ== X-YMail-OSG: V_fpcEUVM1lUGnzLeYXMdtqcWBLvGFLK4AAP_zR817Xv8cYMoCdLhs1uNJXK1p6 sk4jxzoJQcLGwy479gkQMmGhRWglkjE3rl0DvXCOF_skKpjYQ3HOz3BLBv20265DoOPhJVWD.y7B 2xGPd.2RiXqYttlbuJklIDYD_WRpbKYav.5ogyKkKECuBN83Zqhc9ALZvEXSzMGT9.yfCT8EYnkE BkcI_YIPpXJf0mdU7KVrFMxfwl18Rbj0Te.YEChmkOiDm0uPOoVL8FRsnIVGjue3poHcDSs6B32k vcQyJZyaR0h6JmUpOuuFRai1HSq0W5yWgV1sqAquwpJ_LZGyOaDS5QWS.pakIfX8LLljvFJcKFGY e5nLsjiS_nPge9HzTdtkBjxAss.HeOyuQiQmhX1vKk.kcQ5ijNyNEJ16Ap0CA8z.NLXjnY2BCsVw HFpFQoYmcBKt.cEmm.xmo4qHMTWh5C7t78R.5MNWcJmK_kB5OBqGyXw9WdWnz7pSHVCEpKcGSfNr aGXsZHm1dq04vjql1dz8be0UhIaiBdPxYMBorZ9B2W0suwryE5q6ls4Ky1vYAVmX3Z.AvRNLpgxp lUeEsKY9HfqQJlv0BVs09vMTV.xZE4fxQiaruBy_QlC1RRn4dN7FWSG5wNBA5auWVv7mhR6nDPLQ sAeg8rMBeVQB.BzIprMjVhsR2O6lHayAXoPuTM05_k7mx9wmyfW8ahbQFvOg94SCsV5O.TDsF0cf xd5JkHLWW91wh.IK_urj9tNCO5pudf79JSRf.zNDWmZYMEljpoGzsPced8GYRiYvuAtVcXEqBVVg vSLaajZqpYKpiy89fX8DZ_V6bbKT.i0f6QPkO37dS8m91dHcHesLHeHL8rh1gLmrYC8s1xg9pS9g Aw8p45efSmLvjnKxmqPe7FRmtaCbNACPRpDeiNgtiNcA0Nq6Wv8aP1gWnJCTyBB2SF0kjfJsQcXF VMArcTJCD7K7tA6nJSGFQNgDYZoq8G917fdCW4rFguz6keCraixVTk7vR2qZ0vQT0KSKyDQk3cH8 adVgDNpducl3x4eXHHGL5Cxq74libsDmFodwLOetz29C0Ad_2VQLqLjM- Received: from sonic.gate.mail.ne1.yahoo.com by sonic304.consmr.mail.gq1.yahoo.com with HTTP; Tue, 16 Apr 2019 12:10:41 +0000 Received: from 18.175.75.177.infopasa.com.br (EHLO gateway.troianet.com.br) ([177.75.175.18]) by smtp430.mail.gq1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID b91260e32590a0b63febfe4b43cf108e; Tue, 16 Apr 2019 12:10:38 +0000 (UTC) From: Eneas U de Queiroz <cote2004-github@yahoo.com> To: openwrt-devel@lists.openwrt.org Cc: Eneas U de Queiroz <cote2004-github@yahoo.com> Subject: [PATCH] openssl: change defaults: ENGINE:on, NPN:off, misc Date: Tue, 16 Apr 2019 09:10:20 -0300 Message-Id: <20190416121021.23356-1-cote2004-github@yahoo.com> X-Mailer: git-send-email 2.21.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190416_051052_463383_16FDF9D5 X-CRM114-Status: UNSURE ( 7.42 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [98.137.68.205 listed in list.dnswl.org] 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (cote2004-github[at]yahoo.com) -0.0 SPF_PASS SPF: sender matches SPF record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature Enable engine support by default. Right now, some packages require this, so it is always enabled by the bots. Many packages will compile differently when engine support is detected, needing engine symbols from the libraries. However, being off by default, a user compiling its own image will fail to run some popular packages from the official repo. Note that disabling engines did not work in 1.0.2, so this problem never showed up before. NPN support has been removed in major browsers & servers, and has become a small bloat, so it does not make sense to leave it on by default. Remove deprecated CONFIG_ENGINE_CRYPTO symbol that is no longer needed. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> diff --git a/package/libs/openssl/Config.in b/package/libs/openssl/Config.in index ecb9eea389..49f136e845 100644 --- a/package/libs/openssl/Config.in +++ b/package/libs/openssl/Config.in @@ -96,7 +96,6 @@ config OPENSSL_WITH_DTLS config OPENSSL_WITH_NPN bool - default y prompt "Enable NPN support" help NPN is a TLS extension, obsoleted and replaced with ALPN, @@ -246,10 +245,15 @@ comment "Engine/Hardware Support" config OPENSSL_ENGINE bool "Enable engine support" + default y help This enables alternative cryptography implementations, most commonly for interfacing with external crypto devices, or supporting new/alternative ciphers and digests. + If you compile the library with this option disabled, packages built + using an engine-enabled library (i.e. from the official repo) may + fail to run. Compile and install the packages with engine support + disabled, and you should be fine. Note that you need to enable KERNEL_AIO to be able to build the afalg engine package. @@ -271,12 +275,6 @@ config OPENSSL_ENGINE_BUILTIN_AFALG This enables use of hardware acceleration through the AF_ALG kernel interface. -config OPENSSL_ENGINE_CRYPTO - # This symbol is deprecated. Currently it is used by the openssh package. - # Once openwrt/packages#8272 is merged, this can be safely removed. - bool - default OPENSSL_ENGINE_BUILTIN_DEVCRYPTO || PACKAGE_libopenssl-devcrypto - config OPENSSL_ENGINE_BUILTIN_DEVCRYPTO bool prompt "Acceleration support through /dev/crypto" ]