Re: [OpenWrt-Devel] [PATCH v2 5/6] openssl: remove some unneeded functionality and algorithms

Thu, 09 Jun 2016 14:42:15 -0700 

On this one, does SRP have to be included? I'm not using it, and
i know it's super uncommon, but it's like PSK, only easier to
use, and disabling it in even more places is just guaranteeing
that it's never going to be used. Totally understand tossing all
the others though.

Cheers,
Karl P


Dirk Feytons <dirk.feyt...@gmail.com> wrote:
> The patch needed for this commit has been sent upstream:
> https://github.com/openssl/openssl/pull/1155
> 
> Signed-off-by: Dirk Feytons <dirk.feyt...@gmail.com>
> ---
>  package/libs/openssl/Makefile                      |    7 +++---
>  .../openssl/patches/302-fix_no_cmac_build.patch    |   24 
> ++++++++++++++++++++
>  2 files changed, 28 insertions(+), 3 deletions(-)
>  create mode 100644 package/libs/openssl/patches/302-fix_no_cmac_build.patch
> 
> diff --git a/package/libs/openssl/Makefile
> b/package/libs/openssl/Makefile index 2fbb566..4782c42 100644
> --- a/package/libs/openssl/Makefile
> +++ b/package/libs/openssl/Makefile
> @@ -96,8 +96,9 @@ This package contains the OpenSSL command-line utility.
>  endef
>  
>  
> -OPENSSL_NO_CIPHERS:= no-idea no-md2 no-mdc2 no-rc5 no-sha0
> no-camellia no-krb5 -OPENSSL_OPTIONS:= shared no-err no-sse2
> no-ssl2 +OPENSSL_NO_CIPHERS:= no-idea no-md2 no-mdc2 no-rc5
> no-sha0 no-camellia no-krb5 no-srp \
> + no-whrlpool no-whirlpool no-bf no-ripemd no-seed no-cast no-cmac
> +OPENSSL_OPTIONS:= shared no-err no-sse2 no-ssl2 no-ssl2-method
> no-heartbeats
>  
>  ifdef CONFIG_OPENSSL_ENGINE_CRYPTO
>    OPENSSL_OPTIONS += -DHAVE_CRYPTODEV
> @@ -117,7 +118,7 @@ ifndef CONFIG_OPENSSL_WITH_EC2M
>  endif
>  
>  ifndef CONFIG_OPENSSL_WITH_SSL3
> -  OPENSSL_OPTIONS += no-ssl3
> +  OPENSSL_OPTIONS += no-ssl3 no-ssl3-method
>  endif
>  
>  ifndef CONFIG_OPENSSL_HARDWARE_SUPPORT
> diff --git
> a/package/libs/openssl/patches/302-fix_no_cmac_build.patch
> b/package/libs/openssl/patches/302-fix_no_cmac_build.patch new
> file mode 100644 index 0000000..1b94f24
> --- /dev/null
> +++ b/package/libs/openssl/patches/302-fix_no_cmac_build.patch
> @@ -0,0 +1,24 @@
> +--- a/crypto/asn1/ameth_lib.c
> ++++ b/crypto/asn1/ameth_lib.c
> +@@ -93,7 +93,9 @@ static const EVP_PKEY_ASN1_METHOD *stand
> +     &eckey_asn1_meth,
> + #endif
> +     &hmac_asn1_meth,
> ++#ifndef OPENSSL_NO_CMAC
> +     &cmac_asn1_meth,
> ++#endif
> + #ifndef OPENSSL_NO_DH
> +     &dhx_asn1_meth
> + #endif
> +--- a/crypto/evp/pmeth_lib.c
> ++++ b/crypto/evp/pmeth_lib.c
> +@@ -91,7 +91,9 @@ static const EVP_PKEY_METHOD *standard_m
> +     &ec_pkey_meth,
> + #endif
> +     &hmac_pkey_meth,
> ++#ifndef OPENSSL_NO_CMAC
> +     &cmac_pkey_meth,
> ++#endif
> + #ifndef OPENSSL_NO_DH
> +     &dhx_pkey_meth
> + #endif
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Reply via email to