diff options
author | Shachar Menashe <shachar@vdoo.com> | 2020-12-19 16:04:30 +0000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-01-12 17:44:16 +0000 |
commit | f471317c688d8421c14b5e7daf6b6932f72c6c50 (patch) | |
tree | 5fe5e20c30a0bf6ee481a0092b4eb048fbfcbd74 | |
parent | 6a4d10d367753bf981dc897319adfbea94734813 (diff) | |
download | poky-f471317c688d8421c14b5e7daf6b6932f72c6c50.tar.gz |
openssl: drop support for deprecated algorithms
1. Drop support for many deprecated algorithms by default
2. Allow dropping support for TLS 1.0/1.1 via PACKAGECONFIG
(From OE-Core rev: 304417a97db89d9ea4a41aa7c92b5a052896d63b)
Signed-off-by: Shachar Menashe <shachar@vdoo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl_1.1.1i.bb | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1i.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1i.bb index c63ba3c8e7..a82fd512ac 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.1.1i.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1i.bb | |||
@@ -33,6 +33,8 @@ PACKAGECONFIG_class-native = "" | |||
33 | PACKAGECONFIG_class-nativesdk = "" | 33 | PACKAGECONFIG_class-nativesdk = "" |
34 | 34 | ||
35 | PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module" | 35 | PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module" |
36 | PACKAGECONFIG[no-tls1] = "no-tls1" | ||
37 | PACKAGECONFIG[no-tls1_1] = "no-tls1_1" | ||
36 | 38 | ||
37 | B = "${WORKDIR}/build" | 39 | B = "${WORKDIR}/build" |
38 | do_configure[cleandirs] = "${B}" | 40 | do_configure[cleandirs] = "${B}" |
@@ -52,6 +54,10 @@ EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom" | |||
52 | CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" | 54 | CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" |
53 | CFLAGS_append_class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" | 55 | CFLAGS_append_class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" |
54 | 56 | ||
57 | # Disable deprecated crypto algorithms | ||
58 | # Retained for compatibilty - des (curl), dh (python-ssl), dsa (rpm) | ||
59 | DEPRECATED_CRYPTO_FLAGS = " no-ssl no-idea no-psk no-rc2 no-rc4 no-rc5 no-md2 no-md4 no-srp no-camellia no-bf no-mdc2 no-scrypt no-seed no-siphash no-sm2 no-sm3 no-sm4 no-whirlpool" | ||
60 | |||
55 | do_configure () { | 61 | do_configure () { |
56 | os=${HOST_OS} | 62 | os=${HOST_OS} |
57 | case $os in | 63 | case $os in |
@@ -125,7 +131,7 @@ do_configure () { | |||
125 | # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the | 131 | # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the |
126 | # environment variables set by bitbake. Adjust the environment variables instead. | 132 | # environment variables set by bitbake. Adjust the environment variables instead. |
127 | HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \ | 133 | HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \ |
128 | perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target | 134 | perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} ${DEPRECATED_CRYPTO_FLAGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target |
129 | perl ${B}/configdata.pm --dump | 135 | perl ${B}/configdata.pm --dump |
130 | } | 136 | } |
131 | 137 | ||