[Buildroot] [PATCH 1/1] package/libopenssl: add option to disable unwanted features

GAUTRON, Erwan erwan.gautron at bertin.fr
Mon May 11 06:25:32 UTC 2020

Hello Thomas,
Thanks for your comments
I will implement them and submit a new patch



De : Thomas Petazzoni <thomas.petazzoni at bootlin.com>

Envoyé : samedi 9 mai 2020 21:24

À : GAUTRON, Erwan <erwan.gautron at bertin.fr>

Cc : buildroot at buildroot.org <buildroot at buildroot.org>; Matt Weber <matthew.weber at rockwellcollins.com>

Objet : Re: [Buildroot] [PATCH 1/1] package/libopenssl: add option to disable unwanted features


Hello Erwan,

On Wed,  6 May 2020 07:59:19 +0200

Erwan GAUTRON <erwan.gautron at bertin.fr> wrote:

> Openssl implements lot of algorithms that are not required in

> some emdedded devices and cyphers known as weak.

> Secure embedded systems shall disable unused algorithms (and weak algo)

> in order to be certified.

> This patch allows to select algorithms and mecanims to disable

> such as md5


> Signed-off-by: Erwan GAUTRON <erwan.gautron at bertin.fr>

Thanks for your patch!


> +     bool "openssl no cipher CHACHA"

> +     help

> +       Remove CHACHA cipher in libopenssl.

I think it is quite odd to have inverted boolean options, i.e that

disable a feature when the option is enabled. Could we turn them

around, so that they use positive logic ? Of course, that means adding

a "default y" to keep backward compatibility, unless we decide that all

those ciphers are really dangerous (many of them are!) and disable them

by default.


> +     bool "openssl no compression"

> +     help

> +       Remove compression in libopenssl.

> +


> +     bool "zlib no compression"

> +     help

> +       Remove zlib in libopenssl.

Do these options allow to drop the zlib dependency of libopenssl ? If

so, we should do this and make the zlib dependency optional.




Thomas Petazzoni, CTO, Bootlin

Embedded Linux and Kernel engineering


More information about the buildroot mailing list