package/libopenssl: add option to enable some features
Openssl implements lot of algorithms that are not required in some emdedded devices and cyphers known as weak. Secure embedded systems shall disable unused algorithms (and weak algo) in order to be certified. This patch allows to select weak algorithms and mecanims to enable such as md5. To ensure backward compatibility, all items are selected by default. Signed-off-by: Erwan GAUTRON <erwan.gautron@bertin.fr> [yann.morin.1998@free.fr: - drop help texts that just repeat the prompts - fix check-package ] Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit is contained in:
GAUTRON, Erwan
Yann E. MORIN
parent
4eadbfeb94
commit
a83d41867c
@ -40,4 +40,103 @@ config BR2_PACKAGE_LIBOPENSSL_ENGINES
|
||||
help
|
||||
Install additional encryption engine libraries.
|
||||
|
||||
config BR2_PACKAGE_LIBOPENSSL_ENABLE_CHACHA
|
||||
bool "enable CHACHA"
|
||||
default y
|
||||
|
||||
config BR2_PACKAGE_LIBOPENSSL_ENABLE_RC5
|
||||
bool "enable RC5"
|
||||
default y
|
||||
|
||||
config BR2_PACKAGE_LIBOPENSSL_ENABLE_RC2
|
||||
bool "enable RC2"
|
||||
default y
|
||||
|
||||
config BR2_PACKAGE_LIBOPENSSL_ENABLE_RC4
|
||||
bool "enable RC4"
|
||||
default y
|
||||
|
||||
config BR2_PACKAGE_LIBOPENSSL_ENABLE_MD2
|
||||
bool "enable MD2"
|
||||
default y
|
||||
|
||||
config BR2_PACKAGE_LIBOPENSSL_ENABLE_MD4
|
||||
bool "enable MD4"
|
||||
default y
|
||||
|
||||
config BR2_PACKAGE_LIBOPENSSL_ENABLE_MD5
|
||||
bool "enable MD5"
|
||||
default y
|
||||
|
||||
config BR2_PACKAGE_LIBOPENSSL_ENABLE_MDC2
|
||||
bool "enable MDC2"
|
||||
default y
|
||||
|
||||
config BR2_PACKAGE_LIBOPENSSL_ENABLE_BLAKE2
|
||||
bool "enable BLAKE2"
|
||||
default y
|
||||
|
||||
config BR2_PACKAGE_LIBOPENSSL_ENABLE_IDEA
|
||||
bool "enable IDEA"
|
||||
default y
|
||||
|
||||
config BR2_PACKAGE_LIBOPENSSL_ENABLE_SEED
|
||||
bool "enable SEED"
|
||||
default y
|
||||
|
||||
config BR2_PACKAGE_LIBOPENSSL_ENABLE_DES
|
||||
bool "enable DES"
|
||||
default y
|
||||
|
||||
config BR2_PACKAGE_LIBOPENSSL_ENABLE_RMD160
|
||||
bool "enable RMD160"
|
||||
default y
|
||||
|
||||
config BR2_PACKAGE_LIBOPENSSL_ENABLE_WHIRLPOOL
|
||||
bool "enable WHIRLPOOL"
|
||||
default y
|
||||
|
||||
config BR2_PACKAGE_LIBOPENSSL_ENABLE_BLOWFISH
|
||||
bool "enable BLOWFISH"
|
||||
default y
|
||||
|
||||
config BR2_PACKAGE_LIBOPENSSL_ENABLE_SSL
|
||||
bool "enable SSL"
|
||||
default y
|
||||
|
||||
config BR2_PACKAGE_LIBOPENSSL_ENABLE_SSL2
|
||||
bool "enable SSL2"
|
||||
default y
|
||||
|
||||
config BR2_PACKAGE_LIBOPENSSL_ENABLE_SSL3
|
||||
bool "enable SSL3"
|
||||
default y
|
||||
|
||||
config BR2_PACKAGE_LIBOPENSSL_ENABLE_WEAK_SSL
|
||||
bool "enable WEAK_SSL"
|
||||
default y
|
||||
|
||||
config BR2_PACKAGE_LIBOPENSSL_ENABLE_PSK
|
||||
bool "enable mode PSK"
|
||||
default y
|
||||
|
||||
config BR2_PACKAGE_LIBOPENSSL_ENABLE_CAST
|
||||
bool "enable mode CAST"
|
||||
default y
|
||||
|
||||
config BR2_PACKAGE_LIBOPENSSL_UNSECURE
|
||||
bool "enable unit test, debug, backtrace"
|
||||
default y
|
||||
help
|
||||
Enable unit-test crypto-mdebug-backtrace
|
||||
crypto-mdebug autoerrinit mode.
|
||||
|
||||
config BR2_PACKAGE_LIBOPENSSL_DYNAMIC_ENGINE
|
||||
bool "enable dynamic engine"
|
||||
default y
|
||||
|
||||
config BR2_PACKAGE_LIBOPENSSL_ENABLE_COMP
|
||||
bool "enable compression"
|
||||
default y
|
||||
|
||||
endif # BR2_PACKAGE_LIBOPENSSL
|
||||
|
||||
@ -84,6 +84,30 @@ define LIBOPENSSL_CONFIGURE_CMDS
|
||||
no-tests \
|
||||
no-fuzz-libfuzzer \
|
||||
no-fuzz-afl \
|
||||
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_CHACHA),,no-chacha) \
|
||||
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_RC5),,no-rc5) \
|
||||
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_RC2),,no-rc2) \
|
||||
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_RC4),,no-rc4) \
|
||||
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_MD2),,no-md2) \
|
||||
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_MD4),,no-md4) \
|
||||
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_MD5),,no-md5) \
|
||||
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_MDC2),,no-mdc2) \
|
||||
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_BLAKE2),,no-blake2) \
|
||||
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_IDEA),,no-idea) \
|
||||
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_SEED),,no-seed) \
|
||||
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_DES),,no-des) \
|
||||
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_RMD160),,no-rmd160) \
|
||||
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_WHIRLPOOL),,no-whirlpool) \
|
||||
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_BLOWFISH),,no-bf) \
|
||||
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_SSL),,no-ssl) \
|
||||
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_SSL2),,no-ssl2) \
|
||||
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_SSL3),,no-ssl3) \
|
||||
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_WEAK_SSL),,no-weak-ssl-ciphers) \
|
||||
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_PSK),,no-psk) \
|
||||
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_CAST),,no-cast) \
|
||||
$(if $(BR2_PACKAGE_LIBOPENSSL_UNSECURE),,no-unit-test no-crypto-mdebug-backtrace no-crypto-mdebug no-autoerrinit) \
|
||||
$(if $(BR2_PACKAGE_LIBOPENSSL_DYNAMIC_ENGINE),,no-dynamic-engine ) \
|
||||
$(if $(BR2_PACKAGE_LIBOPENSSL_ENABLE_COMP),,no-comp) \
|
||||
$(if $(BR2_STATIC_LIBS),zlib,zlib-dynamic) \
|
||||
$(if $(BR2_STATIC_LIBS),no-dso) \
|
||||
)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user