summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorShachar Menashe <shachar@vdoo.com>2020-12-19 16:04:30 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2021-01-12 17:44:16 +0000
commitf471317c688d8421c14b5e7daf6b6932f72c6c50 (patch)
tree5fe5e20c30a0bf6ee481a0092b4eb048fbfcbd74
parent6a4d10d367753bf981dc897319adfbea94734813 (diff)
downloadpoky-f471317c688d8421c14b5e7daf6b6932f72c6c50.tar.gz
openssl: drop support for deprecated algorithms
1. Drop support for many deprecated algorithms by default 2. Allow dropping support for TLS 1.0/1.1 via PACKAGECONFIG (From OE-Core rev: 304417a97db89d9ea4a41aa7c92b5a052896d63b) Signed-off-by: Shachar Menashe <shachar@vdoo.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-connectivity/openssl/openssl_1.1.1i.bb8
1 files changed, 7 insertions, 1 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1i.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1i.bb
index c63ba3c8e7..a82fd512ac 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1i.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1i.bb
@@ -33,6 +33,8 @@ PACKAGECONFIG_class-native = ""
33PACKAGECONFIG_class-nativesdk = "" 33PACKAGECONFIG_class-nativesdk = ""
34 34
35PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module" 35PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module"
36PACKAGECONFIG[no-tls1] = "no-tls1"
37PACKAGECONFIG[no-tls1_1] = "no-tls1_1"
36 38
37B = "${WORKDIR}/build" 39B = "${WORKDIR}/build"
38do_configure[cleandirs] = "${B}" 40do_configure[cleandirs] = "${B}"
@@ -52,6 +54,10 @@ EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom"
52CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" 54CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
53CFLAGS_append_class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" 55CFLAGS_append_class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
54 56
57# Disable deprecated crypto algorithms
58# Retained for compatibilty - des (curl), dh (python-ssl), dsa (rpm)
59DEPRECATED_CRYPTO_FLAGS = " no-ssl no-idea no-psk no-rc2 no-rc4 no-rc5 no-md2 no-md4 no-srp no-camellia no-bf no-mdc2 no-scrypt no-seed no-siphash no-sm2 no-sm3 no-sm4 no-whirlpool"
60
55do_configure () { 61do_configure () {
56 os=${HOST_OS} 62 os=${HOST_OS}
57 case $os in 63 case $os in
@@ -125,7 +131,7 @@ do_configure () {
125 # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the 131 # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the
126 # environment variables set by bitbake. Adjust the environment variables instead. 132 # environment variables set by bitbake. Adjust the environment variables instead.
127 HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \ 133 HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \
128 perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target 134 perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} ${DEPRECATED_CRYPTO_FLAGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target
129 perl ${B}/configdata.pm --dump 135 perl ${B}/configdata.pm --dump
130} 136}
131 137