openssl: configure engines with uci
authorEneas U de Queiroz <cotequeiroz@gmail.com>
Mon, 21 Feb 2022 00:09:30 +0000 (21:09 -0300)
committerPetr Štetiar <ynezz@true.cz>
Tue, 22 Feb 2022 15:37:23 +0000 (16:37 +0100)
commit0134f845dab95e0e7f885f4e227d9a41aedf909d
treea7486ce3e7805990b2eb930902ec8ad4a68ba2c3
parent30b0351039850d01c382b745a1f40b81b4be2a93
openssl: configure engines with uci

This uses uci to configure engines, by generating a list of enabled
engines in /var/etc/ssl/engines.cnf from engines configured in
/etc/config/openssl:

    config engine 'devcrypto'
            option enabled '1'

Currently the only options implemented are 'enabled', which defaults to
true and enables the named engine, and the 'force' option, that enables
the engine even if the init script thinks the engine does not exist.

The existence test is to check for either a configuration file
/etc/ssl/engines.cnf.d/%ENGINE%.cnf, or a shared object file
/usr/lib/engines-1.1/%ENGINE%.so.

The engine list is generated by an init script which is set to run after
'log' because it informs the engines being enabled or skipped.  It
should run before any service using OpenSSL as the crypto library,
otherwise the service will not use any engine.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
package/libs/openssl/Makefile
package/libs/openssl/engine.mk
package/libs/openssl/files/engines.cnf [deleted file]
package/libs/openssl/files/openssl.init [new file with mode: 0755]
package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch