openssl: add configuration options, disable ssl3

Adds the following configuration options:
* using optimized assembler code (was always on before)
* use of x86 SSE2 instructions
* dyanic engine support
* include error messages
* Camellia, Gost, Idea, MDC2, Seed & Whirlpool algorithms
* RFC3779, CMS protocols
* VIA padlock hardware acceleration engine

Installs openssl.cnf with the library as it is used by engines
independent of the openssl util.

Fixes DTLS option that was innefective before.

Disables insecure SSL3 protocol and SHA0.

Adds openwrt-specific targets to Configure script, including asm support
for i386, ppc and mips64.

Strips building dirs from CFLAGS shown in binary.

Skips the fuzz directory during build.

Removed include/crypto/devcrypto.h that was included here, to use the
cryptodev-linux package, now that it was been moved from the packages
feed to the main openwrt repository.

This decreses the size of the ipk binray on MIPS32 by about 3.3%:
old:
706.957 bin/packages/mips_24kc/base/libopenssl1.0.0_1.0.2q-2_mips_24kc.ipk
199.294 bin/packages/mips_24kc/base/openssl-util_1.0.2q-2_mips_24kc.ipk

new:
693.941 bin/packages/mips_24kc/base/libopenssl1.0.0_1.0.2q-2_mips_24kc.ipk
193.827 bin/packages/mips_24kc/base/openssl-util_1.0.2q-2_mips_24kc.ipk

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
This commit is contained in:
Eneas U de Queiroz 2018-10-22 11:32:56 -03:00 committed by Hauke Mehrtens
parent b044b52ab9
commit be3892284c
14 changed files with 379 additions and 479 deletions

View File

@ -1,72 +1,216 @@
if PACKAGE_libopenssl
config OPENSSL_WITH_EC
comment "Build Options"
config OPENSSL_OPTIMIZE_SPEED
bool
prompt "Enable optimization for speed instead of size"
select OPENSSL_WITH_ASM
help
Enabling this option increases code size (around 20%) and
performance. The increase in performance and size depends on the
target CPU. EC and AES seem to benefit the most, with EC speed
increased by 20%-50% (mipsel & x86).
AES-GCM is supposed to be 3x faster on x86. YMMV.
config OPENSSL_WITH_ASM
bool
default y
prompt "Enable elliptic curve support"
prompt "Compile with optimized assembly code"
depends on !arc
help
Disabling this option will reduce code size and performance.
The increase in performance and size depends on the target
CPU and on the algorithms being optimized. As of 1.1.0i*:
config OPENSSL_WITH_EC2M
bool
depends on OPENSSL_WITH_EC
prompt "Enable ec2m support"
Platform Pkg Inc. Algorithms where assembly is used - ~% Speed Increase
aarch64 174K BN, aes, sha1, sha256, sha512, nist256, poly1305
arm 152K BN, aes, sha1, sha256, sha512, nist256, poly1305
i386 183K BN+147%, aes+300%, rc4+55%, sha1+160%, sha256+114%, sha512+270%, nist256+282%, poly1305+292%
mipsel 1.5K BN+97%, aes+4%, sha1+94%, sha256+60%
mips64 3.7K BN, aes, sha1, sha256, sha512, poly1305
powerpc 20K BN, aes, sha1, sha256, sha512, poly1305
x86_64 228K BN+220%, aes+173%, rc4+38%, sha1+40%, sha256+64%, sha512+31%, nist256+354%, poly1305+228%
config OPENSSL_WITH_SSL3
* Only most common algorithms shown. Your mileage may vary.
BN (bignum) performance was measured using RSA sign/verify.
config OPENSSL_WITH_SSE2
bool
default n
prompt "Enable sslv3 support"
default y if !TARGET_x86_legacy && !TARGET_x86_geode
prompt "Enable use of x86 SSE2 instructions"
depends on OPENSSL_WITH_ASM && i386
help
Use of SSE2 instructions greatly increase performance (up to
3x faster) with a minimum (~0.2%, or 23KB) increase in package
size, but it will bring no benefit if your hardware does not
support them, such as Geode GX and LX. In this case you may
save 23KB by saying yes here. AMD Geode NX, and Intel
Pentium 4 and above support SSE2.
config OPENSSL_WITH_DEPRECATED
bool
default y
prompt "Include deprecated APIs"
prompt "Include deprecated APIs (See help for a list of packages that need this)"
help
Squid currently requires this.
config OPENSSL_NO_DEPRECATED
bool
default !OPENSSL_WITH_DEPRECATED
config OPENSSL_WITH_ERROR_MESSAGES
bool
prompt "Include error messages"
help
This option aids debugging, but increases package size and
memory usage.
comment "Protocol Support"
config OPENSSL_WITH_DTLS
bool
default n
prompt "Enable DTLS support"
config OPENSSL_WITH_COMPRESSION
bool
default n
prompt "Enable compression support"
help
Datagram Transport Layer Security (DTLS) provides TLS-like security
for datagram-based (UDP, DCCP, CAPWAP, SCTP & SRTP) applications.
config OPENSSL_WITH_NPN
bool
default y
prompt "Enable NPN support"
config OPENSSL_WITH_PSK
bool
default y
prompt "Enable PSK support"
help
NPN is a TLS extension, obsoleted and replaced with ALPN,
used to negotiate SPDY, and HTTP/2.
config OPENSSL_WITH_SRP
bool
default y
prompt "Enable SRP support"
help
The Secure Remote Password protocol (SRP) is an augmented
password-authenticated key agreement (PAKE) protocol, specifically
designed to work around existing patents.
config OPENSSL_WITH_CMS
bool
default y
prompt "Enable CMS (RFC 5652) support"
help
Cryptographic Message Syntax (CMS) is used to digitally sign,
digest, authenticate, or encrypt arbitrary message content.
comment "Algorithm Selection"
config OPENSSL_WITH_EC
bool
default y
prompt "Enable elliptic curve support"
help
Elliptic-curve cryptography (ECC) is an approach to public-key
cryptography based on the algebraic structure of elliptic curves
over finite fields. ECC requires smaller keys compared to non-ECC
cryptography to provide equivalent security.
config OPENSSL_WITH_EC2M
bool
depends on OPENSSL_WITH_EC
prompt "Enable ec2m support"
help
This option enables the more efficient, yet less common, binary
field elliptic curves.
config OPENSSL_WITH_PSK
bool
default y
prompt "Enable PSK support"
help
Build support for Pre-Shared Key based cipher suites.
comment "Less commonly used build options"
config OPENSSL_WITH_CAMELLIA
bool
prompt "Enable Camellia cipher support"
help
Camellia is a bock cipher with security levels and processing
abilities comparable to AES.
config OPENSSL_WITH_IDEA
bool
prompt "Enable IDEA cipher support"
help
IDEA is a block cipher with 128-bit keys.
config OPENSSL_WITH_SEED
bool
prompt "Enable SEED cipher support"
help
SEED is a block cipher with 128-bit keys broadly used in
South Korea, but seldom found elsewhere.
config OPENSSL_WITH_MDC2
bool
prompt "Enable MDC2 digest support"
config OPENSSL_WITH_WHIRLPOOL
bool
prompt "Enable Whirlpool digest support"
config OPENSSL_WITH_COMPRESSION
bool
prompt "Enable compression support"
help
TLS compression is not recommended, as it is deemed insecure.
The CRIME attack exploits this weakness.
Even with this option turned on, it is disabled by default, and the
application must explicitly turn it on.
config OPENSSL_WITH_RFC3779
bool
prompt "Enable RFC3779 support (BGP)"
help
RFC 3779 defines two X.509 v3 certificate extensions. The first
binds a list of IP address blocks, or prefixes, to the subject of a
certificate. The second binds a list of autonomous system
identifiers to the subject of a certificate. These extensions may be
used to convey the authorization of the subject to use the IP
addresses and autonomous system identifiers contained in the
extensions.
comment "Engine/Hardware Support"
config OPENSSL_ENGINE
bool "Enable engine support"
help
This enables alternative cryptography implementations,
most commonly for interfacing with external crypto devices,
or supporting new/alternative ciphers and digests.
config OPENSSL_ENGINE_CRYPTO
bool
select OPENSSL_ENGINE
select PACKAGE_kmod-cryptodev
prompt "Acceleration support through /dev/crypto"
help
This enables use of hardware acceleration through OpenBSD
Cryptodev API (/dev/crypto) interface.
You must install kmod-cryptodev (under Kernel modules, Cryptographic
API modules) for /dev/crypto to show up and use hardware
acceleration; otherwise it falls back to software.
config OPENSSL_ENGINE_DIGEST
bool
depends on OPENSSL_ENGINE_CRYPTO
prompt "Digests acceleration support"
prompt "/dev/crypto digest (md5/sha1) acceleration support"
config OPENSSL_HARDWARE_SUPPORT
config OPENSSL_WITH_GOST
bool
default n
prompt "Enable hardware support"
config OPENSSL_OPTIMIZE_SPEED
bool
default n
prompt "Enable optimization for speed instead of size"
prompt "Prepare library for GOST engine"
depends on OPENSSL_ENGINE
help
This option prepares the library to accept engine support
for Russian GOST crypto algorithms.
endif
config OPENSSL_ENGINE_CRYPTO
bool
select OPENSSL_HARDWARE_SUPPORT
prompt "Crypto acceleration support" if PACKAGE_libopenssl

View File

@ -15,7 +15,7 @@ PKG_RELEASE:=2
PKG_USE_MIPS16:=0
PKG_BUILD_PARALLEL:=0
PKG_BUILD_DEPENDS:=cryptodev-linux
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:= \
@ -25,24 +25,35 @@ PKG_SOURCE_URL:= \
http://www.openssl.org/source/ \
http://www.openssl.org/source/old/$(PKG_BASE)/
PKG_HASH:=5744cfcbcec2b1b48629f7354203bc1e5e9b5466998bbccc5b5fcde3b18eb684
ENGINES_DIR=engines
PKG_LICENSE:=OpenSSL
PKG_LICENSE_FILES:=LICENSE
PKG_CPE_ID:=cpe:/a:openssl:openssl
PKG_CONFIG_DEPENDS:= \
CONFIG_OPENSSL_ENGINE \
CONFIG_OPENSSL_ENGINE_CRYPTO \
CONFIG_OPENSSL_ENGINE_DIGEST \
CONFIG_OPENSSL_NO_DEPRECATED \
CONFIG_OPENSSL_OPTIMIZE_SPEED \
CONFIG_OPENSSL_WITH_ASM \
CONFIG_OPENSSL_WITH_CAMELLIA \
CONFIG_OPENSSL_WITH_CMS \
CONFIG_OPENSSL_WITH_COMPRESSION \
CONFIG_OPENSSL_WITH_DTLS \
CONFIG_OPENSSL_WITH_EC \
CONFIG_OPENSSL_WITH_EC2M \
CONFIG_OPENSSL_WITH_SSL3 \
CONFIG_OPENSSL_HARDWARE_SUPPORT \
CONFIG_OPENSSL_NO_DEPRECATED \
CONFIG_OPENSSL_WITH_DTLS \
CONFIG_OPENSSL_WITH_COMPRESSION \
CONFIG_OPENSSL_WITH_ERROR_MESSAGES \
CONFIG_OPENSSL_WITH_GOST \
CONFIG_OPENSSL_WITH_IDEA \
CONFIG_OPENSSL_WITH_MDC2 \
CONFIG_OPENSSL_WITH_NPN \
CONFIG_OPENSSL_WITH_PSK \
CONFIG_OPENSSL_WITH_RFC3779 \
CONFIG_OPENSSL_WITH_SEED \
CONFIG_OPENSSL_WITH_SRP \
CONFIG_OPENSSL_OPTIMIZE_SPEED
CONFIG_OPENSSL_WITH_SSE2 \
CONFIG_OPENSSL_WITH_WHIRLPOOL
include $(INCLUDE_DIR)/package.mk
@ -54,6 +65,8 @@ endif
define Package/openssl/Default
TITLE:=Open source SSL toolkit
URL:=http://www.openssl.org/
SECTION:=libs
CATEGORY:=Libraries
endef
define Package/libopenssl/config
@ -62,16 +75,14 @@ endef
define Package/openssl/Default/description
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and Open Source toolkit implementing the Secure
Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well
as a full-strength general purpose cryptography library.
commercial-grade, full-featured, and Open Source toolkit implementing the
Transport Layer Security (TLS) protocol as well as a full-strength
general-purpose cryptography library.
endef
define Package/libopenssl
$(call Package/openssl/Default)
SECTION:=libs
SUBMENU:=SSL
CATEGORY:=Libraries
DEPENDS:=+OPENSSL_WITH_COMPRESSION:zlib
TITLE+= (libraries)
ABI_VERSION:=1.0.0
@ -100,19 +111,35 @@ $(call Package/openssl/Default/description)
This package contains the OpenSSL command-line utility.
endef
define Package/libopenssl-gost
$(call Package/openssl/Default)
SUBMENU:=SSL
TITLE:=Russian GOST algorithms engine
DEPENDS:=libopenssl +@OPENSSL_WITH_GOST
endef
OPENSSL_NO_CIPHERS:= no-idea no-md2 no-mdc2 no-rc5 no-sha0 no-camellia no-krb5 \
no-whrlpool no-whirlpool no-seed no-jpake
OPENSSL_OPTIONS:= shared no-err no-sse2 no-ssl2 no-ssl2-method no-heartbeats
define Package/libopenssl-gost/description
This package adds an engine that enables Russian GOST algorithms.
To use it, you need to configure the engine in /etc/ssl/openssl.cnf
See https://www.openssl.org/docs/man1.0.2/apps/config.html#ENGINE-CONFIGURATION-MODULE
The engine_id is "gost"
endef
ifdef CONFIG_OPENSSL_ENGINE_CRYPTO
OPENSSL_OPTIONS += -DHAVE_CRYPTODEV
ifdef CONFIG_OPENSSL_ENGINE_DIGEST
OPENSSL_OPTIONS += -DUSE_CRYPTODEV_DIGESTS
endif
else
OPENSSL_OPTIONS += no-engines
endif
define Package/libopenssl-padlock
$(call Package/openssl/Default)
SUBMENU:=SSL
TITLE:=VIA Padlock hardware acceleration engine
DEPENDS:=libopenssl @OPENSSL_ENGINE @TARGET_x86 +kmod-crypto-hw-padlock
endef
define Package/libopenssl-padlock/description
This package adds an engine that enables VIA Padlock hardware acceleration.
To use it, you need to configure it in /etc/ssl/openssl.cnf.
See https://www.openssl.org/docs/man1.0.2/apps/config.html#ENGINE-CONFIGURATION-MODULE
The engine_id is "padlock"
endef
OPENSSL_OPTIONS:= shared no-heartbeats no-sha0 no-ssl2-method no-ssl3-method
ifndef CONFIG_OPENSSL_WITH_EC
OPENSSL_OPTIONS += no-ec
@ -122,20 +149,70 @@ ifndef CONFIG_OPENSSL_WITH_EC2M
OPENSSL_OPTIONS += no-ec2m
endif
ifndef CONFIG_OPENSSL_WITH_SSL3
OPENSSL_OPTIONS += no-ssl3 no-ssl3-method
ifndef CONFIG_OPENSSL_WITH_ERROR_MESSAGES
OPENSSL_OPTIONS += no-err
endif
ifndef CONFIG_OPENSSL_HARDWARE_SUPPORT
OPENSSL_OPTIONS += no-hw
ifndef CONFIG_OPENSSL_WITH_CAMELLIA
OPENSSL_OPTIONS += no-camellia
endif
ifndef CONFIG_OPENSSL_WITH_IDEA
OPENSSL_OPTIONS += no-idea
endif
ifndef CONFIG_OPENSSL_WITH_SEED
OPENSSL_OPTIONS += no-seed
endif
ifndef CONFIG_OPENSSL_WITH_MDC2
OPENSSL_OPTIONS += no-mdc2
endif
ifndef CONFIG_OPENSSL_WITH_WHIRLPOOL
OPENSSL_OPTIONS += no-whirlpool
endif
ifndef CONFIG_OPENSSL_WITH_CMS
OPENSSL_OPTIONS += no-cms
endif
ifdef CONFIG_OPENSSL_WITH_RFC3779
OPENSSL_OPTIONS += enable-rfc3779
endif
ifdef CONFIG_OPENSSL_NO_DEPRECATED
OPENSSL_OPTIONS += no-deprecated
endif
ifeq ($(CONFIG_OPENSSL_OPTIMIZE_SPEED),y)
TARGET_CFLAGS := $(filter-out -O%,$(TARGET_CFLAGS)) -O3
else
OPENSSL_OPTIONS += -DOPENSSL_SMALL_FOOTPRINT
endif
ifdef CONFIG_OPENSSL_ENGINE
ifdef CONFIG_OPENSSL_ENGINE_CRYPTO
OPENSSL_OPTIONS += -DHAVE_CRYPTODEV
ifdef CONFIG_OPENSSL_ENGINE_DIGEST
OPENSSL_OPTIONS += -DUSE_CRYPTODEV_DIGESTS
endif
endif
ifndef CONFIG_PACKAGE_libopenssl-padlock
OPENSSL_OPTIONS += no-hw-padlock
endif
else
OPENSSL_OPTIONS += no-engine
endif
ifndef CONFIG_OPENSSL_WITH_GOST
OPENSSL_OPTIONS += no-gost
endif
# Even with no-dtls and no-dtls1 options, the library keeps the DTLS code,
# but openssl util gets built without it
ifndef CONFIG_OPENSSL_WITH_DTLS
OPENSSL_OPTIONS += no-dtls
OPENSSL_OPTIONS += no-dtls no-dtls1
endif
ifdef CONFIG_OPENSSL_WITH_COMPRESSION
@ -156,27 +233,18 @@ ifndef CONFIG_OPENSSL_WITH_SRP
OPENSSL_OPTIONS += no-srp
endif
ifeq ($(CONFIG_OPENSSL_OPTIMIZE_SPEED),y)
TARGET_CFLAGS := $(filter-out -Os,$(TARGET_CFLAGS)) -O3
ifndef CONFIG_OPENSSL_WITH_ASM
OPENSSL_OPTIONS += no-asm
endif
ifeq ($(CONFIG_x86_64),y)
OPENSSL_TARGET:=linux-x86_64-openwrt
OPENSSL_MAKEFLAGS += LIBDIR=lib
else
OPENSSL_OPTIONS+=no-sse2
ifeq ($(CONFIG_mips)$(CONFIG_mipsel),y)
OPENSSL_TARGET:=linux-mips-openwrt
else ifeq ($(CONFIG_aarch64),y)
OPENSSL_TARGET:=linux-aarch64-openwrt
else ifeq ($(CONFIG_arm)$(CONFIG_armeb),y)
OPENSSL_TARGET:=linux-armv4-openwrt
else
OPENSSL_TARGET:=linux-generic-openwrt
OPENSSL_OPTIONS+=no-perlasm
ifdef CONFIG_i386
ifndef CONFIG_OPENSSL_WITH_SSE2
OPENSSL_OPTIONS += no-sse2
endif
endif
OPENSSL_TARGET:=linux-$(call qstrip,$(CONFIG_ARCH))-openwrt
STAMP_CONFIGURED := $(STAMP_CONFIGURED)_$(shell echo $(OPENSSL_OPTIONS) | mkhash md5)
define Build/Configure
@ -187,11 +255,10 @@ define Build/Configure
(cd $(PKG_BUILD_DIR); \
./Configure $(OPENSSL_TARGET) \
--prefix=/usr \
--libdir=lib \
--openssldir=/etc/ssl \
$(TARGET_CPPFLAGS) \
$(TARGET_LDFLAGS) -ldl \
$(if $(CONFIG_OPENSSL_OPTIMIZE_SPEED),,-DOPENSSL_SMALL_FOOTPRINT) \
$(OPENSSL_NO_CIPHERS) \
$(TARGET_LDFLAGS) \
$(OPENSSL_OPTIONS) \
)
+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
@ -202,7 +269,7 @@ define Build/Configure
depend
endef
TARGET_CFLAGS += $(FPIC) -I$(CURDIR)/include -ffunction-sections -fdata-sections
TARGET_CFLAGS += $(FPIC) -ffunction-sections -fdata-sections
TARGET_LDFLAGS += -Wl,--gc-sections
define Build/Compile
@ -251,20 +318,33 @@ define Build/InstallDev
endef
define Package/libopenssl/install
$(INSTALL_DIR) $(1)/etc/ssl/certs
$(INSTALL_DIR) $(1)/etc/ssl/private
chmod 0700 $(1)/etc/ssl/private
$(INSTALL_DIR) $(1)/usr/lib
$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libcrypto.so.* $(1)/usr/lib/
$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libssl.so.* $(1)/usr/lib/
$(if $(CONFIG_OPENSSL_ENGINE),$(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR))
endef
define Package/openssl-util/install
$(INSTALL_DIR) $(1)/etc/ssl
$(CP) $(PKG_INSTALL_DIR)/etc/ssl/openssl.cnf $(1)/etc/ssl/
$(INSTALL_DIR) $(1)/etc/ssl/certs
$(INSTALL_DIR) $(1)/etc/ssl/private
chmod 0700 $(1)/etc/ssl/private
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/openssl $(1)/usr/bin/
endef
define Package/libopenssl-padlock/install
$(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR)
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/*padlock.so $(1)/usr/lib/$(ENGINES_DIR)
endef
define Package/libopenssl-gost/install
$(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR)
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/libgost.so $(1)/usr/lib/$(ENGINES_DIR)
endef
$(eval $(call BuildPackage,libopenssl))
$(eval $(call BuildPackage,libopenssl-gost))
$(eval $(call BuildPackage,libopenssl-padlock))
$(eval $(call BuildPackage,openssl-util))

View File

@ -1,292 +0,0 @@
/* This is a source compatible implementation with the original API of
* cryptodev by Angelos D. Keromytis, found at openbsd cryptodev.h.
* Placed under public domain */
#ifndef L_CRYPTODEV_H
#define L_CRYPTODEV_H
#include <linux/types.h>
#ifndef __KERNEL__
#define __user
#endif
/* API extensions for linux */
#define CRYPTO_HMAC_MAX_KEY_LEN 512
#define CRYPTO_CIPHER_MAX_KEY_LEN 64
/* All the supported algorithms
*/
enum cryptodev_crypto_op_t {
CRYPTO_DES_CBC = 1,
CRYPTO_3DES_CBC = 2,
CRYPTO_BLF_CBC = 3,
CRYPTO_CAST_CBC = 4,
CRYPTO_SKIPJACK_CBC = 5,
CRYPTO_MD5_HMAC = 6,
CRYPTO_SHA1_HMAC = 7,
CRYPTO_RIPEMD160_HMAC = 8,
CRYPTO_MD5_KPDK = 9,
CRYPTO_SHA1_KPDK = 10,
CRYPTO_RIJNDAEL128_CBC = 11,
CRYPTO_AES_CBC = CRYPTO_RIJNDAEL128_CBC,
CRYPTO_ARC4 = 12,
CRYPTO_MD5 = 13,
CRYPTO_SHA1 = 14,
CRYPTO_DEFLATE_COMP = 15,
CRYPTO_NULL = 16,
CRYPTO_LZS_COMP = 17,
CRYPTO_SHA2_256_HMAC = 18,
CRYPTO_SHA2_384_HMAC = 19,
CRYPTO_SHA2_512_HMAC = 20,
CRYPTO_AES_CTR = 21,
CRYPTO_AES_XTS = 22,
CRYPTO_AES_ECB = 23,
CRYPTO_AES_GCM = 50,
CRYPTO_CAMELLIA_CBC = 101,
CRYPTO_RIPEMD160,
CRYPTO_SHA2_224,
CRYPTO_SHA2_256,
CRYPTO_SHA2_384,
CRYPTO_SHA2_512,
CRYPTO_SHA2_224_HMAC,
CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */
};
#define CRYPTO_ALGORITHM_MAX (CRYPTO_ALGORITHM_ALL - 1)
/* Values for ciphers */
#define DES_BLOCK_LEN 8
#define DES3_BLOCK_LEN 8
#define RIJNDAEL128_BLOCK_LEN 16
#define AES_BLOCK_LEN RIJNDAEL128_BLOCK_LEN
#define CAMELLIA_BLOCK_LEN 16
#define BLOWFISH_BLOCK_LEN 8
#define SKIPJACK_BLOCK_LEN 8
#define CAST128_BLOCK_LEN 8
/* the maximum of the above */
#define EALG_MAX_BLOCK_LEN 16
/* Values for hashes/MAC */
#define AALG_MAX_RESULT_LEN 64
/* maximum length of verbose alg names (depends on CRYPTO_MAX_ALG_NAME) */
#define CRYPTODEV_MAX_ALG_NAME 64
#define HASH_MAX_LEN 64
/* input of CIOCGSESSION */
struct session_op {
/* Specify either cipher or mac
*/
__u32 cipher; /* cryptodev_crypto_op_t */
__u32 mac; /* cryptodev_crypto_op_t */
__u32 keylen;
__u8 __user *key;
__u32 mackeylen;
__u8 __user *mackey;
__u32 ses; /* session identifier */
};
struct session_info_op {
__u32 ses; /* session identifier */
/* verbose names for the requested ciphers */
struct alg_info {
char cra_name[CRYPTODEV_MAX_ALG_NAME];
char cra_driver_name[CRYPTODEV_MAX_ALG_NAME];
} cipher_info, hash_info;
__u16 alignmask; /* alignment constraints */
__u32 flags; /* SIOP_FLAGS_* */
};
/* If this flag is set then this algorithm uses
* a driver only available in kernel (software drivers,
* or drivers based on instruction sets do not set this flag).
*
* If multiple algorithms are involved (as in AEAD case), then
* if one of them is kernel-driver-only this flag will be set.
*/
#define SIOP_FLAG_KERNEL_DRIVER_ONLY 1
#define COP_ENCRYPT 0
#define COP_DECRYPT 1
/* input of CIOCCRYPT */
struct crypt_op {
__u32 ses; /* session identifier */
__u16 op; /* COP_ENCRYPT or COP_DECRYPT */
__u16 flags; /* see COP_FLAG_* */
__u32 len; /* length of source data */
__u8 __user *src; /* source data */
__u8 __user *dst; /* pointer to output data */
/* pointer to output data for hash/MAC operations */
__u8 __user *mac;
/* initialization vector for encryption operations */
__u8 __user *iv;
};
/* input of CIOCAUTHCRYPT */
struct crypt_auth_op {
__u32 ses; /* session identifier */
__u16 op; /* COP_ENCRYPT or COP_DECRYPT */
__u16 flags; /* see COP_FLAG_AEAD_* */
__u32 len; /* length of source data */
__u32 auth_len; /* length of auth data */
__u8 __user *auth_src; /* authenticated-only data */
/* The current implementation is more efficient if data are
* encrypted in-place (src==dst). */
__u8 __user *src; /* data to be encrypted and authenticated */
__u8 __user *dst; /* pointer to output data. Must have
* space for tag. For TLS this should be at least
* len + tag_size + block_size for padding */
__u8 __user *tag; /* where the tag will be copied to. TLS mode
* doesn't use that as tag is copied to dst.
* SRTP mode copies tag there. */
__u32 tag_len; /* the length of the tag. Use zero for digest size or max tag. */
/* initialization vector for encryption operations */
__u8 __user *iv;
__u32 iv_len;
};
/* In plain AEAD mode the following are required:
* flags : 0
* iv : the initialization vector (12 bytes)
* auth_len: the length of the data to be authenticated
* auth_src: the data to be authenticated
* len : length of data to be encrypted
* src : the data to be encrypted
* dst : space to hold encrypted data. It must have
* at least a size of len + tag_size.
* tag_size: the size of the desired authentication tag or zero to use
* the maximum tag output.
*
* Note tag isn't being used because the Linux AEAD interface
* copies the tag just after data.
*/
/* In TLS mode (used for CBC ciphers that required padding)
* the following are required:
* flags : COP_FLAG_AEAD_TLS_TYPE
* iv : the initialization vector
* auth_len: the length of the data to be authenticated only
* len : length of data to be encrypted
* auth_src: the data to be authenticated
* src : the data to be encrypted
* dst : space to hold encrypted data (preferably in-place). It must have
* at least a size of len + tag_size + blocksize.
* tag_size: the size of the desired authentication tag or zero to use
* the default mac output.
*
* Note that the padding used is the minimum padding.
*/
/* In SRTP mode the following are required:
* flags : COP_FLAG_AEAD_SRTP_TYPE
* iv : the initialization vector
* auth_len: the length of the data to be authenticated. This must
* include the SRTP header + SRTP payload (data to be encrypted) + rest
*
* len : length of data to be encrypted
* auth_src: pointer the data to be authenticated. Should point at the same buffer as src.
* src : pointer to the data to be encrypted.
* dst : This is mandatory to be the same as src (in-place only).
* tag_size: the size of the desired authentication tag or zero to use
* the default mac output.
* tag : Pointer to an address where the authentication tag will be copied.
*/
/* struct crypt_op flags */
#define COP_FLAG_NONE (0 << 0) /* totally no flag */
#define COP_FLAG_UPDATE (1 << 0) /* multi-update hash mode */
#define COP_FLAG_FINAL (1 << 1) /* multi-update final hash mode */
#define COP_FLAG_WRITE_IV (1 << 2) /* update the IV during operation */
#define COP_FLAG_NO_ZC (1 << 3) /* do not zero-copy */
#define COP_FLAG_AEAD_TLS_TYPE (1 << 4) /* authenticate and encrypt using the
* TLS protocol rules */
#define COP_FLAG_AEAD_SRTP_TYPE (1 << 5) /* authenticate and encrypt using the
* SRTP protocol rules */
#define COP_FLAG_RESET (1 << 6) /* multi-update reset the state.
* should be used in combination
* with COP_FLAG_UPDATE */
/* Stuff for bignum arithmetic and public key
* cryptography - not supported yet by linux
* cryptodev.
*/
#define CRYPTO_ALG_FLAG_SUPPORTED 1
#define CRYPTO_ALG_FLAG_RNG_ENABLE 2
#define CRYPTO_ALG_FLAG_DSA_SHA 4
struct crparam {
__u8 *crp_p;
__u32 crp_nbits;
};
#define CRK_MAXPARAM 8
/* input of CIOCKEY */
struct crypt_kop {
__u32 crk_op; /* cryptodev_crk_op_t */
__u32 crk_status;
__u16 crk_iparams;
__u16 crk_oparams;
__u32 crk_pad1;
struct crparam crk_param[CRK_MAXPARAM];
};
enum cryptodev_crk_op_t {
CRK_MOD_EXP = 0,
CRK_MOD_EXP_CRT = 1,
CRK_DSA_SIGN = 2,
CRK_DSA_VERIFY = 3,
CRK_DH_COMPUTE_KEY = 4,
CRK_ALGORITHM_ALL
};
#define CRK_ALGORITHM_MAX (CRK_ALGORITHM_ALL-1)
/* features to be queried with CIOCASYMFEAT ioctl
*/
#define CRF_MOD_EXP (1 << CRK_MOD_EXP)
#define CRF_MOD_EXP_CRT (1 << CRK_MOD_EXP_CRT)
#define CRF_DSA_SIGN (1 << CRK_DSA_SIGN)
#define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY)
#define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY)
/* ioctl's. Compatible with old linux cryptodev.h
*/
#define CRIOGET _IOWR('c', 101, __u32)
#define CIOCGSESSION _IOWR('c', 102, struct session_op)
#define CIOCFSESSION _IOW('c', 103, __u32)
#define CIOCCRYPT _IOWR('c', 104, struct crypt_op)
#define CIOCKEY _IOWR('c', 105, struct crypt_kop)
#define CIOCASYMFEAT _IOR('c', 106, __u32)
#define CIOCGSESSINFO _IOWR('c', 107, struct session_info_op)
/* to indicate that CRIOGET is not required in linux
*/
#define CRIOGET_NOT_NEEDED 1
/* additional ioctls for AEAD */
#define CIOCAUTHCRYPT _IOWR('c', 109, struct crypt_auth_op)
/* additional ioctls for asynchronous operation.
* These are conditionally enabled since version 1.6.
*/
#define CIOCASYNCCRYPT _IOW('c', 110, struct crypt_op)
#define CIOCASYNCFETCH _IOR('c', 111, struct crypt_op)
#endif /* L_CRYPTODEV_H */

View File

@ -0,0 +1,44 @@
From 1ce02d8c7ce3e4a2c16b92968c8aea5a15746917 Mon Sep 17 00:00:00 2001
From: Eneas U de Queiroz <cote2004-github@yahoo.com>
Date: Wed, 26 Sep 2018 16:21:27 -0300
Subject: Add openwrt targets
Targets are named: linux-$(CONFIG_ARCH)-openwrt
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
--- a/Configure
+++ b/Configure
@@ -470,6 +470,32 @@ my %table=(
"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+# OpenWrt targets
+# from linux-aarch64
+"linux-aarch64-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# from linux-generic32
+"linux-arc-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# from linux-armv4
+"linux-arm-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# from linux-armv4
+"linux-armeb-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# from linux-elf
+"linux-i386-openwrt", "gcc:-DL_ENDIAN -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# from linux-mips32
+"linux-mips-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# from linux64-mips64
+"linux-mips64-openwrt", "gcc:-mabi=64 -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+# from linux64-mips64
+"linux-mips64el-openwrt", "gcc:-mabi=64 -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+# from linux-mips32
+"linux-mipsel-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# from linux-ppc
+"linux-powerpc-openwrt", "gcc:-DB_ENDIAN -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# from linux-x86_64
+"linux-x86_64-openwrt", "gcc:-m64 -DL_ENDIAN -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+# from linux-generic32
+"linux-generic32-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
# Android: linux-* but without pointers to headers and libs.
"android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

View File

@ -1,16 +0,0 @@
--- a/Configure
+++ b/Configure
@@ -470,6 +470,13 @@ my %table=(
"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+# OpenWrt targets
+"linux-armv4-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-aarch64-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-x86_64-openwrt", "gcc:-m64 -DL_ENDIAN -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-mips-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-generic-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
# Android: linux-* but without pointers to headers and libs.
"android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

View File

@ -5,7 +5,7 @@
BASEADDR=
-DIRS= crypto ssl engines apps test tools
+DIRS= crypto ssl apps
+DIRS= crypto ssl engines apps
ENGDIRS= ccgost
SHLIBDIRS= crypto ssl

View File

@ -1,81 +0,0 @@
--- a/Configure
+++ b/Configure
@@ -2144,6 +2144,11 @@ EOF
close(OUT);
}
+# ugly hack to disable engines
+if($target eq "mingwx") {
+ system("sed -e s/^LIB/XLIB/g -i engines/Makefile");
+}
+
print <<EOF;
Configured for $target.
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -2075,7 +2075,6 @@ PKCS7_ATTR_SIGN_it
UI_add_error_string 2633 EXIST::FUNCTION:
KRB5_CHECKSUM_free 2634 EXIST::FUNCTION:
OCSP_REQUEST_get_ext 2635 EXIST::FUNCTION:
-ENGINE_load_ubsec 2636 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
ENGINE_register_all_digests 2637 EXIST::FUNCTION:ENGINE
PKEY_USAGE_PERIOD_it 2638 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PKEY_USAGE_PERIOD_it 2638 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -2549,7 +2548,6 @@ OCSP_RESPONSE_new
AES_set_encrypt_key 3024 EXIST::FUNCTION:AES
OCSP_resp_count 3025 EXIST::FUNCTION:
KRB5_CHECKSUM_new 3026 EXIST::FUNCTION:
-ENGINE_load_cswift 3027 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
OCSP_onereq_get0_id 3028 EXIST::FUNCTION:
ENGINE_set_default_ciphers 3029 EXIST::FUNCTION:ENGINE
NOTICEREF_it 3030 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
@@ -2580,7 +2578,6 @@ ASN1_primitive_free
i2d_EXTENDED_KEY_USAGE 3052 EXIST::FUNCTION:
i2d_OCSP_SIGNATURE 3053 EXIST::FUNCTION:
asn1_enc_save 3054 EXIST::FUNCTION:
-ENGINE_load_nuron 3055 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
_ossl_old_des_pcbc_encrypt 3056 EXIST::FUNCTION:DES
PKCS12_MAC_DATA_it 3057 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PKCS12_MAC_DATA_it 3057 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -2604,7 +2601,6 @@ asn1_get_choice_selector
i2d_KRB5_CHECKSUM 3072 EXIST::FUNCTION:
ENGINE_set_table_flags 3073 EXIST::FUNCTION:ENGINE
AES_options 3074 EXIST::FUNCTION:AES
-ENGINE_load_chil 3075 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
OCSP_id_cmp 3076 EXIST::FUNCTION:
OCSP_BASICRESP_new 3077 EXIST::FUNCTION:
OCSP_REQUEST_get_ext_by_NID 3078 EXIST::FUNCTION:
@@ -2671,7 +2667,6 @@ OCSP_CRLID_it
OCSP_CRLID_it 3127 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
i2d_KRB5_AUTHENTBODY 3128 EXIST::FUNCTION:
OCSP_REQUEST_get_ext_count 3129 EXIST::FUNCTION:
-ENGINE_load_atalla 3130 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
X509_NAME_it 3131 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
X509_NAME_it 3131 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
USERNOTICE_it 3132 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
@@ -2766,8 +2761,6 @@ DES_read_2passwords
DES_read_password 3207 EXIST::FUNCTION:DES
UI_UTIL_read_pw 3208 EXIST::FUNCTION:
UI_UTIL_read_pw_string 3209 EXIST::FUNCTION:
-ENGINE_load_aep 3210 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
-ENGINE_load_sureware 3211 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
OPENSSL_add_all_algorithms_noconf 3212 EXIST:!VMS:FUNCTION:
OPENSSL_add_all_algo_noconf 3212 EXIST:VMS:FUNCTION:
OPENSSL_add_all_algorithms_conf 3213 EXIST:!VMS:FUNCTION:
@@ -2776,7 +2769,6 @@ OPENSSL_load_builtin_modules
AES_ofb128_encrypt 3215 EXIST::FUNCTION:AES
AES_ctr128_encrypt 3216 EXIST::FUNCTION:AES
AES_cfb128_encrypt 3217 EXIST::FUNCTION:AES
-ENGINE_load_4758cca 3218 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
_ossl_096_des_random_seed 3219 EXIST::FUNCTION:DES
EVP_aes_256_ofb 3220 EXIST::FUNCTION:AES
EVP_aes_192_ofb 3221 EXIST::FUNCTION:AES
@@ -3111,7 +3103,6 @@ EC_GFp_nist_method
STORE_meth_set_modify_fn 3530 NOEXIST::FUNCTION:
STORE_method_set_modify_function 3530 NOEXIST::FUNCTION:
STORE_parse_attrs_next 3531 NOEXIST::FUNCTION:
-ENGINE_load_padlock 3532 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
EC_GROUP_set_curve_name 3533 EXIST::FUNCTION:EC
X509_CERT_PAIR_it 3534 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
X509_CERT_PAIR_it 3534 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:

View File

@ -92,7 +92,7 @@
fi; \
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -85,11 +85,11 @@ testapps:
@@ -87,11 +87,11 @@ testapps:
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
subdirs:
@ -106,7 +106,7 @@
links:
@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
@@ -100,7 +100,7 @@ links:
@@ -102,7 +102,7 @@ links:
# lib: $(LIB): are splitted to avoid end-less loop
lib: $(LIB)
@touch lib
@ -115,7 +115,7 @@
$(AR) $(LIB) $(LIBOBJ)
test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
$(RANLIB) $(LIB) || echo Never mind.
@@ -111,7 +111,7 @@ shared: buildinf.h lib subdirs
@@ -113,7 +113,7 @@ shared: buildinf.h lib subdirs
fi
libs:
@ -124,7 +124,7 @@
install:
@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
@@ -120,7 +120,7 @@ install:
@@ -122,7 +122,7 @@ install:
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;

View File

@ -0,0 +1,21 @@
From f17f027c258338994a6167091a398c0cc1588acb Mon Sep 17 00:00:00 2001
From: Eneas U de Queiroz <cote2004-github@yahoo.com>
Date: Wed, 26 Sep 2018 18:04:58 -0300
Subject: Avoid exposing build directories
The CFLAGS contain the build directories, and are shown by calling
SSLeay_version(SSLEAY_CFLAGS), or running openssl version -a
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -57,7 +57,7 @@ top:
all: shared
buildinf.h: ../Makefile
- $(PERL) $(TOP)/util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)" >buildinf.h
+ $(PERL) $(TOP)/util/mkbuildinf.pl "$(filter-out -I% -iremap% -fmacro-prefix-map%,$(CC) $(CFLAGS))" "$(PLATFORM)" >buildinf.h
x86cpuid.s: x86cpuid.pl perlasm/x86asm.pl
$(PERL) x86cpuid.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@