From f471317c688d8421c14b5e7daf6b6932f72c6c50 Mon Sep 17 00:00:00 2001 From: Shachar Menashe Date: Sat, 19 Dec 2020 16:04:30 +0000 Subject: openssl: drop support for deprecated algorithms 1. Drop support for many deprecated algorithms by default 2. Allow dropping support for TLS 1.0/1.1 via PACKAGECONFIG (From OE-Core rev: 304417a97db89d9ea4a41aa7c92b5a052896d63b) Signed-off-by: Shachar Menashe Signed-off-by: Richard Purdie --- meta/recipes-connectivity/openssl/openssl_1.1.1i.bb | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1i.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1i.bb index c63ba3c8e7..a82fd512ac 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.1.1i.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1i.bb @@ -33,6 +33,8 @@ PACKAGECONFIG_class-native = "" PACKAGECONFIG_class-nativesdk = "" PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module" +PACKAGECONFIG[no-tls1] = "no-tls1" +PACKAGECONFIG[no-tls1_1] = "no-tls1_1" B = "${WORKDIR}/build" do_configure[cleandirs] = "${B}" @@ -52,6 +54,10 @@ EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom" CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" CFLAGS_append_class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" +# Disable deprecated crypto algorithms +# Retained for compatibilty - des (curl), dh (python-ssl), dsa (rpm) +DEPRECATED_CRYPTO_FLAGS = " no-ssl no-idea no-psk no-rc2 no-rc4 no-rc5 no-md2 no-md4 no-srp no-camellia no-bf no-mdc2 no-scrypt no-seed no-siphash no-sm2 no-sm3 no-sm4 no-whirlpool" + do_configure () { os=${HOST_OS} case $os in @@ -125,7 +131,7 @@ do_configure () { # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the # environment variables set by bitbake. Adjust the environment variables instead. HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \ - perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target + perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} ${DEPRECATED_CRYPTO_FLAGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target perl ${B}/configdata.pm --dump } -- cgit v1.2.3-54-g00ecf